CINXE.COM

<!DOCTYPE html><html lang="en-us"><head><meta charSet="utf-8"/><title>Careers | Elastic</title><link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png"/><link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png"/><link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png"/><link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png"/><link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png"/><link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png"/><link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png"/><link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png"/><link rel="apple-touch-icon" sizes="192x192" href="/apple-icon-192x192.png"/><link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32"/><link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/><link rel="icon" href="/favicon.ico" type="image/x-icon"/><link rel="apple-touch-icon-precomposed" sizes="64x64" href="/favicon_64x64_16bit.png"/><link rel="apple-touch-icon-precomposed" sizes="32x32" href="/favicon_32x32.png"/><link rel="apple-touch-icon-precomposed" sizes="16x16" href="/favicon_16x16.png"/><meta name="application-name" content="Elastic"/><link rel="icon" type="image/png" href="/android-chrome-192x192.png" sizes="192x192"/><link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96"/><link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16"/><link rel="icon" type="image/png" href="/favicon-48x48.png" sizes="48x48"/><link rel="manifest" href="/manifest.json" crossorigin="use-credentials"/><meta name="msapplication-TileColor" content="#ffffff"/><meta name="localized" content="true"/><meta name="msapplication-TileImage" content="/mstile-144x144.png"/><meta name="description" content="We're hiring talented people from all over the world. Work in your ideal work environment with flexible working hours. Explore our open career opportunities...."/><meta property="og:title" content="Careers | Elastic"/><meta property="og:description" content="We're hiring talented people from all over the world. Work in your ideal work environment with flexible working hours. Explore our open career opportunities...."/><meta property="og:image" content="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt1b9907bf07f7be84/632976ba0fc50838c8ba6d15/hero-elastic-career-608x500-2x.png"/><meta name="twitter:widgets:csp" content="on"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@elastic"/><meta name="twitter:image" content="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt1b9907bf07f7be84/632976ba0fc50838c8ba6d15/hero-elastic-career-608x500-2x.png"/><meta name="twitter:title" content="Careers | Elastic"/><meta name="twitter:description" content="We're hiring talented people from all over the world. Work in your ideal work environment with flexible working hours. Explore our open career opportunities...."/><script type="application/ld+json">{"@context":"http://schema.org","type":"WebPage","headline":"Careers Overview - Refresh 2022","url":"/careers"}</script><meta name="baidu-site-verification" content="ksp2qKCW7Y"/><meta name="naver-site-verification" content="936882c1853b701b3cef3721758d80535413dbfd"/><meta name="yandex-verification" content="d8a47e95d0972434"/><meta name="viewport" content="width=device-width, initial-scale=1"/><meta name="theme-color" content="#00a9e5"/><meta name="robots" content="index,follow"/><link rel="canonical" href="https://www.elastic.co/careers"/><meta name="optimizely-fullstack-flags"/><link rel="dns-prefetch" href="https://cdn.optimizely.com"/><link rel="dns-prefetch" href="https://www.googletagmanager.com"/><link rel="dns-prefetch" href="https://clearbit.com"/><link rel="dns-prefetch" href="https://quora.com"/><link rel="preconnect" href="https://sjrtp2.marketo.com"/><link rel="preconnect" href="https://www.google.com"/><link rel="preconnect" href="https://www.facebook.com"/><link rel="preconnect" href="https://www.google-analytics.com"/><script type="application/javascript">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-58RLH5');</script><script type="application/javascript">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({"gtm.start": new Date().getTime(),event:"gtm.js"});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!="dataLayer"?"&l="+l:"";j.async=true;j.src= "https://www.googletagmanager.com/gtm.js?id="+i+dl;f.parentNode.insertBefore(j,f); })(window,document,"script","dataLayer","GTM-KNJMG2M");</script><link rel="preconnect" href="https://logx.optimizely.com"/><link rel="preconnect" href="https://search.elastic.co"/><link rel="preload" as="script" href="https://cdn.optimizely.com/js/18132920325.js"/><script type="text/javascript" src="https://cdn.optimizely.com/js/18132920325.js"></script><link href="https://fonts.googleapis.com/earlyaccess/notosansjapanese.css" rel="stylesheet preload"/><link href="https://info.elastic.co/js/forms2/css/forms2-theme-plain.css" rel="stylesheet preload"/><link href="https://info.elastic.co/js/forms2/css/forms2.css" rel="stylesheet preload"/><meta name="next-head-count" content="63"/><link rel="preload" href="/_next/static/css/848376ea2064b368.css" as="style"/><link rel="stylesheet" href="/_next/static/css/848376ea2064b368.css" data-n-g=""/><link rel="preload" href="/_next/static/css/cc96b92625c11a10.css" as="style"/><link rel="stylesheet" href="/_next/static/css/cc96b92625c11a10.css" data-n-p=""/><link rel="preload" href="/_next/static/css/00b4045520c1e71f.css" as="style"/><link rel="stylesheet" href="/_next/static/css/00b4045520c1e71f.css" data-n-p=""/><link rel="preload" href="/_next/static/css/45edebee533634bf.css" as="style"/><link rel="stylesheet" href="/_next/static/css/45edebee533634bf.css" data-n-p=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/_next/static/chunks/webpack-5148e588555dde77.js" defer=""></script><script src="/_next/static/chunks/framework-f8115f7fae64930e.js" defer=""></script><script src="/_next/static/chunks/main-e0c5d542deb1c114.js" defer=""></script><script src="/_next/static/chunks/pages/_app-083c16ca7356eced.js" defer=""></script><script src="/_next/static/chunks/94803-bededac2ac605716.js" defer=""></script><script src="/_next/static/chunks/78369-ec2165c0ca6d5d93.js" defer=""></script><script src="/_next/static/chunks/46066-934084ce72f338b5.js" defer=""></script><script src="/_next/static/chunks/12539-07e8e7ad1ecfc11a.js" defer=""></script><script src="/_next/static/chunks/63942-27b12f1e1aa13324.js" defer=""></script><script src="/_next/static/chunks/83815-e7369f199afe76a8.js" defer=""></script><script src="/_next/static/chunks/16271-72b27ce65f9bbac4.js" defer=""></script><script src="/_next/static/chunks/34827-27464bedac54c891.js" defer=""></script><script src="/_next/static/chunks/33562-651dc66677ed1457.js" defer=""></script><script src="/_next/static/chunks/98102-ccdb05f69597b878.js" defer=""></script><script src="/_next/static/chunks/66885-605d512f62ac3c81.js" defer=""></script><script src="/_next/static/chunks/77723-33e1b2a09288ac17.js" defer=""></script><script src="/_next/static/chunks/pages/default_detail-6fc749c508acaeaa.js" defer=""></script><script src="/_next/static/Vl2WrvhD4hELkCAgiQD_z/_buildManifest.js" defer=""></script><script src="/_next/static/Vl2WrvhD4hELkCAgiQD_z/_ssgManifest.js" defer=""></script><style id="__jsx-1189744782">.elastic-logo{align-items:center;display:flex;flex-shrink:0;width:100px;outline:none;}@media (min-width:767px){.elastic-logo{width:120px;}}.elastic-logo:focus-visible{outline:2px solid var(--button-primary-active-offset-color);border-radius:4px;}</style><style id="__jsx-3447688935">.icon g{fill:#000;transition:fill 0.2s ease 0s;}.icon.iconDark g{fill:#fff;}</style><style id="__jsx-1596590093">.button{text-shadow:none;box-shadow:none;}.button:hover{background:none;text-decoration:none;}.button:focus,.button:focus-visible{text-decoration:none;}.button.btn-small{height:40px;min-height:40px;}.button.btn-large{min-width:200px;min-height:60px;padding:8px 24px;}.button.icon{align-items:center;display:inline-flex;gap:8px;}.button.icon-left{flex-direction:row-reverse;}.btn-primary,.btn-secondary,.btn-secondary-inverted,input.btn-primary,a.btn-primary:not([href]):not([tabindex]){display:inline-flex;min-height:50px;height:auto;justify-content:center;align-items:center;min-width:140px;padding:8px 24px;text-align:center;text-decoration:none;box-shadow:none;border:2px solid;border-radius:4px;-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;}.btn-primary,a.btn-primary:not([href]):not([tabindex]){color:var(--button-primary-color);background-color:var(--button-primary-bg);border-color:var(--button-primary-border-color);}.btn-primary:hover,.btn-primary.hover,a.btn-primary:not([href]):not([tabindex]):hover,a.btn-primary:not([href]):not([tabindex]) .hover{color:var(--button-primary-hover-color);background-color:var(--button-primary-hover-bg);border-color:var(--button-primary-hover-border-color);}.btn-primary:focus,.btn-primary:focus-visible,a.btn-primary:not([href]):not([tabindex]):focus,a.btn-primary:not([href]):not([tabindex]):focus-visible{color:var(--button-primary-color);}.btn-primary:focus-visible,a.btn-primary:not([href]):not([tabindex]):focus-visible{color:var(--button-primary-active-color);outline:2px solid var(--button-primary-active-offset-color);outline-offset:2px;border-color:var(--button-primary-active-border-color);}.btn-secondary,a.btn-secondary:not([href]):not([tabindex]){color:var(--button-secondary-color);background-color:var(--button-secondary-bg);border-color:var(--button-secondary-border-color);}.btn-secondary:hover,.btn-secondary.hover,a.btn-secondary:not([href]):not([tabindex]):hover,a.btn-secondary:not([href]):not([tabindex]) .hover{color:var(--button-secondary-hover-color);background-color:var(--button-secondary-hover-bg);border-color:var(--button-secondary-hover-border-color);}.btn-secondary:focus,.btn-secondary:focus-visible,a.btn-secondary:not([href]):not([tabindex]):focus,a.btn-secondary:not([href]):not([tabindex]):focus-visible{color:var(--button-secondary-color);}.btn-secondary:focus-visible,a.btn-secondary:not([href]):not([tabindex]):focus-visible{color:var(--button-secondary-active-color);outline:2px solid var(--button-secondary-active-offset-color);outline-offset:2px;border-color:var(--button-secondary-active-border-color);}.btn-secondary-inverted{background:white !important;border-color:var(--button-primary-border-color);color:var(--button-primary-border-color);}.btn-secondary-inverted:hover{color:var(--button-primary-border-color) !important;}.btn-secondary-inverted:hover{color:var(--button-primary-border-color) !important;}.btn-description,.btn-tertiary,.cta-link,a.btn-tertiary:not([href]):not([tabindex]){cursor:pointer;display:inline-block;text-decoration:none;color:var(--button-tertiary-color);padding-right:27px;}.btn-description svg,.btn-tertiary svg,.cta-link svg,a.btn-tertiary:not([href]):not([tabindex]) svg{width:27px;margin-right:-27px;-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;top:50%;top:50%;left:8px;position:relative;height:inherit;}.btn-description svg path,.btn-tertiary svg path,.cta-link svg path,a.btn-tertiary:not([href]):not([tabindex]) svg path{stroke:var(--button-tertiary-color);}.btn-description:hover,.btn-tertiary:hover,.cta-link:hover,a.btn-tertiary:not([href]):not([tabindex]):hover{color:var(--button-tertiary-hover-color);}.btn-description:hover svg,.btn-tertiary:hover svg,.cta-link:hover svg,a.btn-tertiary:not([href]):not([tabindex]):hover svg{left:14px;}.btn-description:hover svg path,.btn-tertiary:hover svg path,.cta-link:hover svg path,a.btn-tertiary:not([href]):not([tabindex]):hover svg path{stroke:var(--button-tertiary-hover-color);}.btn-description:focus,.btn-description:focus-visible,.btn-tertiary:focus,.btn-tertiary:focus-visible,.cta-link:focus,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{color:var(--button-tertiary-color);}.btn-description:focus-visible,.btn-tertiary:focus-visible,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{text-decoration:none;color:var(--button-tertiary-hover-color);outline:2px solid var(--button-tertiary-active-offset-color);outline-offset:4px;border-radius:4px;padding-right:12px;}.btn-description:focus-visible svg,.btn-tertiary:focus-visible svg,.cta-link:focus-visible svg,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg{stroke:var(--button-tertiary-hover-color);}.btn-description:focus-visible svg path,.btn-tertiary:focus-visible svg path,.cta-link:focus-visible svg path,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg path{stroke:var(--button-tertiary-hover-color);}#header-alert .btn-tertiary svg path{stroke:var(--color-dark-ink);}.btn-text-link.no-underline{text-decoration:none;}.btn-text-link:hover{text-decoration:underline;}.btn-text-link.btn-small{font-size:14px;}.btn-text-link.lighter-ink{color:var(--color-lighter-ink);}@media only screen and (max-width:720px){.cta{align-items:center !important;}.btn-tertiary{margin-top:10px;}}.btn-tertiary{background:transparent !important;font-size:16px !important;font-weight:600 !important;line-height:24px !important;height:auto !important;width:auto !important;text-align:left !important;border:none !important;color:var(--button-tertiary-color);border-radius:0 !important;display:inline-block !important;vertical-align:middle !important;}.btn-tertiary .btn-copy{display:inline;line-height:24px !important;vertical-align:middle !important;}.btn-tertiary svg{display:inline-block !important;vertical-align:middle !important;margin-top:4px !important;line-height:24px !important;fill:none !important;top:auto !important;}#navigation_container .button.btn-tertiary{background:transparent !important;font-size:16px !important;font-weight:600 !important;line-height:24px !important;height:auto !important;width:auto !important;text-align:left !important;border:none !important;padding:12px 0 0 0 !important;margin:0 !important;color:#0B64DD !important;border-radius:0 !important;display:inline-block !important;vertical-align:middle !important;white-space:wrap;}#navigation_container .button.btn-tertiary .btn-copy{display:inline;line-height:24px !important;vertical-align:middle !important;}#navigation_container .button.btn-tertiary svg{display:inline-block !important;vertical-align:middle !important;margin-top:4px !important;height:24px !important;width:24px !important;line-height:24px !important;fill:none !important;}#navigation_container .button.btn-tertiary svg path{stroke:#0B64DD !important;}#navigation_container .button.btn-tertiary:hover{color:#094DAB !important;}#navigation_container .button.btn-tertiary:hover svg path{stroke:#094DAB !important;}#navigation_container .button.btn-secondary{background:transparent !important;}#navigation_container .button.btn-secondary:hover{color:white !important;}#navigation_container .button.btn-small{font-size:14px !important;font-weight:600;}@media only screen and (max-width:720px){#navigation_container .button.btn-secondary-inverted:hover{color:var(--button-primary-bg) !important;}}</style><style id="__jsx-1868079691">.render-newNav .newNav{display:block;}.render-newNav .oldNav{display:none;}.render-oldNav .newNav{display:none;}.render-oldNav .oldNav{display:block;}</style><style id="__jsx-1955866259">.title-wrapper h1,.title-wrapper h2,.title-wrapper h3,.title-wrapper h4,.title-wrapper h5,.title-wrapper h6,.title-wrapper .h1,.title-wrapper .h2,.title-wrapper .h3,.title-wrapper .h4,.title-wrapper .h5,.title-wrapper .h6{margin:0;box-sizing:border-box;display:block;position:relative;}.title-wrapper h1 a,.title-wrapper h2 a,.title-wrapper h3 a,.title-wrapper h4 a,.title-wrapper h5 a,.title-wrapper h6 a,.title-wrapper .h1 a,.title-wrapper .h2 a,.title-wrapper .h3 a,.title-wrapper .h4 a,.title-wrapper .h5 a,.title-wrapper .h6 a{font-weight:400;text-decoration:none;font-weight:unset;}.title-wrapper h1 a:hover,.title-wrapper h2 a:hover,.title-wrapper h3 a:hover,.title-wrapper h4 a:hover,.title-wrapper h5 a:hover,.title-wrapper h6 a:hover,.title-wrapper .h1 a:hover,.title-wrapper .h2 a:hover,.title-wrapper .h3 a:hover,.title-wrapper .h4 a:hover,.title-wrapper .h5 a:hover,.title-wrapper .h6 a:hover{text-decoration:none;}.blog h2,.press-detail .press-content h2{margin-top:64px;}.blog h3,.blog h4,.blog h5,.blog h6,.press-detail .press-content h3,.press-detail .press-content h4,.press-detail .press-content h5,.press-detail .press-content h6{margin-top:32px;}</style><style id="__jsx-3416596397">h1.topic-heading.jsx-3416596397,h2.topic-heading.jsx-3416596397{color:var(--topic-heading-color);}h1.topic-heading.authordesignation.jsx-3416596397,h2.topic-heading.authordesignation.jsx-3416596397{color:var(--topic-heading-color);}h1.topic-heading.teal.jsx-3416596397,h2.topic-heading.teal.jsx-3416596397{color:var(--color-light-teal);}h1.topic-heading.black.jsx-3416596397,h2.topic-heading.black.jsx-3416596397{color:var(--color-black);}</style><style id="__jsx-388436971">.cta-group .btn-tertiary{margin-bottom:8px;}.cta-group .d-flex.flex-column a{width:100% !important;}.cta-group .icon{max-height:16px;max-height:16px;}.cta-group .is-second-cta-inline{margin-left:16px !important;}</style><style id="__jsx-682499841">@media screen and (max-width:576px){card-deck-spotlight .content{text-align:center;order:2;}card-deck-spotlight .content .title{margin-top:32px;}card-deck-spotlight .content .cta-group{justify-content:center !important;}}</style><style id="__jsx-802606770">.illustration-icon-grid-container ul:not(.illustration-icon-grid-2x2) .logo{height:64px;margin-bottom:16px;}.illustration-icon-grid-item-content .arrow-down,.illustration-icon-grid-item-content .arrow-up{width:24px;margin-right:16px;}.illustration-icon-grid-item-content .statistics-title-container{display:flex;flex-direction:row;justify-content:center;}.illustration-icon-grid-item-content .statistics-title-container .arrow-down{display:flex;align-items:flex-end;}.illustration-icon-grid-item-content .statistics-title-container .arrow-down img{position:relative;bottom:20%;}.illustration-icon-grid-item-content .statistics-title-container .arrow-up{display:flex;align-items:flex-start;}.illustration-icon-grid-item-content .statistics-title-container .arrow-up img{position:relative;bottom:-25%;}.illustration-icon-grid-item-content .statistics-title-container-80px{display:flex;flex-direction:row;margin-bottom:16px;}.illustration-icon-grid-items .btn-tertiary{padding-top:16px;margin-bottom:8px;}.illustration-icon-grid-items .one-column{position:relative;display:flex;flex-direction:column;}.illustration-icon-grid-items .two-column{position:relative;display:grid;column-gap:32px;grid-template-columns:128px 1fr;}.illustration-icon-grid-items .grid-image-left .grid-image{text-align:left;}.illustration-icon-grid-items .grid-image-center .grid-image{text-align:center;}.illustration-icon-grid-items .paragraph-left .paragraph{text-align:left;}.illustration-icon-grid-items .paragraph-center .paragraph{text-align:center;}.illustration-icon-grid-items .title-heading-left .statistics-title,.illustration-icon-grid-items .title-heading-left .title-wrapper{text-align:left;}.illustration-icon-grid-items .title-heading-center .statistics-title,.illustration-icon-grid-items .title-heading-center .title-wrapper{text-align:center;}.illustration-icon-grid-items .topic-heading-left .topic-heading{text-align:left;}.illustration-icon-grid-items .topic-heading-center .topic-heading{text-align:center;}.illustration-icon-grid-items .illustration-icon-grid-item-top .icon-32{width:32px;height:32px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .icon-64{width:64px;height:64px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .image-xsmall{width:128px;height:128px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper{overflow:hidden;position:relative;margin-bottom:32px;border-radius:10px;border:1px solid var(--color-dark-gray);}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper .thumbnail{border-radius:10px;object-fit:cover;position:relative;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper .thumbnail-hover:hover img{transform:scale(1.1);transition:transform 250ms ease-in-out,-webkit-transform 250ms ease-in-out;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-default{min-height:129px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-128{max-width:128px;width:128px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-128 img{height:75px;}.illustration-icon-grid-items .illustration-icon-grid-item-footer{width:100%;}.illustration-icon-grid-items .illustration-icon-grid-item-footer .inline-flex-align-items-baseline{display:flex;flex-direction:row;flex-wrap:wrap;align-items:baseline;}.illustration-icon-grid-items .illustration-icon-grid-item-footer .inline-flex-align-items-baseline .text-link{margin-left:16px;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper{margin:0 32px 32px 0;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .icon-32,.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .icon-64{margin-right:16px;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .logo{height:auto;width:128px;}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{width:100%;}.illustration-icon32-clickable-list .illustration-icon-grid-item,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item{cursor:pointer;position:relative;-webkit-transform:translateY(0px);-moz-transform:translateY(0px);-ms-transform:translateY(0px);transform:translateY(0px);-moz-transition:all 0.4s;-webkit-transition:all 0.4s;-o-transition:all 0.4s;-ms-transition:all 0.4s;transition:all 0.4s;}.illustration-icon32-clickable-list .illustration-icon-grid-item:after,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item:after{opacity:0;filter:alpha(opacity=0);-moz-transition:all 0.4s;-webkit-transition:all 0.4s;-o-transition:all 0.4s;-ms-transition:all 0.4s;transition:all 0.4s;}.illustration-icon32-clickable-list .illustration-icon-grid-item:hover:after,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item:hover:after{opacity:1;filter:alpha(opacity=100);}.illustration-icon32-clickable-list .illustration-icon-grid-item-top,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top{display:flex;flex-wrap:nowrap;align-items:flex-start;}.illustration-icon32-clickable-list .illustration-icon-grid-item-top .icon-32,.illustration-icon32-clickable-list .illustration-icon-grid-item-top .icon-64,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top .icon-32,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top .icon-64{margin-right:16px;}.illustration-icon32-clickable-list li,.illustration-icon32-clickable-list-3-per-row li{padding:16px;border-radius:10px;}.illustration-icon32-clickable-list li:hover,.illustration-icon32-clickable-list-3-per-row li:hover{border-right:1px none var(--color-white);border-left:1px none var(--color-white);background-color:var(--color-white);box-shadow:0 10px 20px 0 rgba(152,162,179,0.15),0 2px 6px 0 rgba(152,162,179,0.25);}.illustration-icon64-grid-5x1-container .one-column{align-items:center;}.illustration-icon64-grid-5x1-container .illustration-icon-grid-item-content h5{font-size:1.125rem;line-height:1.375rem;font-weight:700;text-align:center;}@media screen and (max-width:991px){.two-column{flex-direction:column;align-items:flex-start;}.illustration-icon-grid-container .logo{height:64px;margin-bottom:16px;}.statistics-title-container .arrow-down img{bottom:13% !important;}.statistics-title-container .arrow-up img{bottom:-18% !important;}}@media screen and (max-width:576px){.illustration-icon-grid-items{display:flex;flex-direction:column;}.illustration-icon-grid-items .two-column{display:block;}}</style><style id="__jsx-2381115616">.card-deck-container.container-border,.illustration-icon-grid-container.container-border{border:1px solid var(--carddeck-container-border-color);}.card-deck-container .card-text-image .logo,.illustration-icon-grid-container .card-text-image .logo{height:64px;max-width:128px;margin:0px 16px 16px 0px;}.card-deck-container .card-text-image .logo-width-128px,.illustration-icon-grid-container .card-text-image .logo-width-128px{max-width:128px;margin:0px 16px 16px 0px;}.card-deck-container .card-paragraph ol,.card-deck-container .paragraph ol,.illustration-icon-grid-container .card-paragraph ol,.illustration-icon-grid-container .paragraph ol{padding-left:20px !important;}.card-deck-container .card-paragraph ol li,.card-deck-container .paragraph ol li,.illustration-icon-grid-container .card-paragraph ol li,.illustration-icon-grid-container .paragraph ol li{list-style-type:decimal;}.card-deck-container .card-paragraph ol li ol,.card-deck-container .paragraph ol li ol,.illustration-icon-grid-container .card-paragraph ol li ol,.illustration-icon-grid-container .paragraph ol li ol{margin:0px;}.card-deck-container .card-paragraph ol li ol li,.card-deck-container .paragraph ol li ol li,.illustration-icon-grid-container .card-paragraph ol li ol li,.illustration-icon-grid-container .paragraph ol li ol li{list-style-type:lower-alpha;}.card-outline-2-column .card.card-outline{background:var(--color-white);display:flex;flex-direction:row;}.illustration-icon-grid-items{display:grid;grid-auto-columns:1fr;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;grid-row-gap:16px;grid-column-gap:16px;margin-right:auto;margin-left:auto;}.illustration-icon-grid-items.illustration-icon-grid-4x1 .illustration-icon-grid-item,.illustration-icon-grid-items.illustration-icon32-split-grid-2x2 .illustration-icon-grid-item,.illustration-icon-grid-items .illustration-icon-grid-item-content{display:flex;flex-direction:column;position:relative;}.statistics-grid-2x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;width:78%;margin-left:auto;margin-right:auto;}.illustration-icon-grid-2x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon-grid-2x2 .two-column .illustration-icon-grid-item-content{display:flex;flex-direction:column;align-items:flex-start;justify-content:space-between;height:100%;}.illustration-icon-grid-3x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon-grid-4x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(4,1fr);grid-template-rows:auto;}.illustration-icon32-clickable-list{grid-template-columns:repeat(4,1fr);}.illustration-icon32-clickable-list-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-rows:auto;}.illustration-icon32-clickable-list .illustration-icon-grid-item,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item{display:flex;flex-direction:column;justify-content:space-between;align-items:stretch;position:relative;}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{display:grid;grid-template-columns:0.6fr 1fr;grid-template-rows:auto;grid-column-gap:64px;grid-row-gap:64px;align-items:start;justify-items:start !important;}.illustration-clickable-list-split-grid-2x2-container .title-text-one-column.container,.illustration-icon32-split-grid-2x2-container .title-text-one-column.container{padding:0 !important;}.illustration-clickable-list-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-column-gap:64px;grid-row-gap:64px;}.illustration-icon32-grid-2x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon32-grid-2x2-below-module-paragraph{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon32-grid-2x2-showcase{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:64px repeat(2,1fr) 64px;grid-template-rows:auto;}.illustration-icon32-grid-2x2-showcase li:nth-child(odd){grid-column-start:2;}.illustration-icon32-grid-3x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon64-grid-3x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon64-grid-5x1-container{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-rows:auto;}.illustration-icon64-grid-5x1-container .one-column .illustration-icon-grid-item-content,.illustration-icon64-grid-5x1-container .one-column .illustration-icon-grid-item-top{display:flex;margin-right:auto;margin-left:auto;flex-direction:column;justify-content:flex-start;}.illustration-icon64-grid-5x1-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon64-grid-5x1{grid-template-columns:repeat(5,1fr);}@media screen and (max-width:991px){.illustration-icon-grid-4x1{grid-template-columns:repeat(3,1fr);}.illustration-icon-grid-2x2 .two-column{display:flex;flex-direction:column;}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon32-clickable-list .illustration-icon-grid-item-top,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top{flex-direction:column;}.illustration-icon32-grid-3x2,.illustration-icon64-grid-5x1-container{grid-column-gap:32px;grid-row-gap:32px;}.illustration-icon32-grid-2x2-showcase{grid-row-gap:32px;grid-template-columns:1fr;}.illustration-icon32-grid-2x2-showcase li:nth-child(odd){grid-column-start:initial;}.illustration-icon64-grid-5x1-container{grid-template-columns:repeat(3,1fr);}}@media screen and (max-width:980px){.statistics-grid-2x1{width:100%;}}@media screen and (max-width:767px){.illustration-icon-grid-2x2,.illustration-icon-grid-3x1,.illustration-icon-grid-4x1,.illustration-clickable-list-split-grid-2x2-container .illustration-clickable-list-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-grid-2x2,.illustration-icon32-grid-3x2,.illustration-icon64-grid-5x1-container{grid-column-gap:32px;grid-row-gap:32px;}.statistics-grid-2x1{grid-template-columns:repeat(1,1fr);}.illustration-icon-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon-grid-2x2 .two-column .illustration-icon-grid-item-content{height:auto;}.illustration-icon-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.illustration-icon-grid-4x1{grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:1fr 1fr;grid-template-rows:repeat(3,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-template-columns:1fr;grid-template-rows:auto auto;}.illustration-clickable-list-split-grid-2x2-container .illustration-clickable-list-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-template-columns:1fr 1fr;grid-template-rows:repeat(1,auto);}.illustration-icon32-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon32-grid-3x2{grid-template-columns:1fr 1fr;grid-template-rows:repeat(3,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-row-gap:32px;}.illustration-icon64-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.illustration-icon64-grid-5x1-container{grid-template-columns:1fr 1fr 1fr;grid-template-rows:repeat(3,auto);}}@media screen and (max-width:575px){.card-grid-2x1{grid-template-columns:1fr;grid-template-rows:repeat(2,auto);}.card-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.card-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}}@media screen and (max-width:479px){.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:1fr;grid-template-rows:repeat(6,auto);}.illustration-icon-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon32-grid-3x2{grid-template-columns:1fr;grid-template-rows:repeat(6,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-row-gap:16px;}.illustration-clickable-list-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-template-columns:1fr;grid-template-rows:auto auto;}.illustration-icon64-grid-5x1-container{grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}}</style><style id="__jsx-1653982606">.image.jsx-1653982606 img.full-width.jsx-1653982606{width:100vw;}.image.jsx-1653982606 figure.jsx-1653982606 figcaption.jsx-1653982606{margin:8px 0 0;}.image.jsx-1653982606 figure.jsx-1653982606 figcaption.jsx-1653982606 p.jsx-1653982606{margin-bottom:0;}</style><style id="__jsx-1383953900">.title-text-one-column .icon-topic-heading .icon-32,.title-text-two-column .icon-topic-heading .icon-32{margin:0 16px 16px 0;max-height:32px;max-width:32px;}.title-text-one-column .title-text-desc,.title-text-two-column .title-text-desc{margin-bottom:8px;}.title-text-one-column p:last-child,.title-text-two-column p:last-child{margin-bottom:0;}.title-text-one-column .title-text-footer .inline-flex-align-items-baseline,.title-text-two-column .title-text-footer .inline-flex-align-items-baseline{display:flex;flex-direction:row;flex-wrap:wrap;align-items:baseline;}.title-text-one-column .title-text-footer .inline-flex-align-items-baseline .text-link,.title-text-two-column .title-text-footer .inline-flex-align-items-baseline .text-link{margin-left:16px;}.title-text-one-column .title-text-footer .justify-content-center a .btn-tertiary,.title-text-two-column .title-text-footer .justify-content-center a .btn-tertiary{display:flex;align-items:center;}@media screen and (max-width:767px){.icon-topic-heading.d-flex .topic-heading{padding-bottom:16px;}}</style><style id="__jsx-2286811301">.editorial-heading-section{column-gap:16px;border-bottom:1px solid var(--color-dark-gray);}@media screen and (max-width:576px){.editorial-heading .title-wrapper{text-align:center;}.editorial-heading .flex-row{flex-direction:column !important;}}</style><style id="__jsx-1083652995">.ghost-card.card{position:relative;width:100%;padding:0 0 32px 0;margin:0 0 32px 0;border:none;border-radius:0;border-bottom:1px solid var(--color-dark-gray);cursor:pointer;}.ghost-card.card .card-header{padding:0;background:none;border:none;}.ghost-card.card .card-header .vid-url{overflow:hidden;position:relative;border-radius:10px;border:1px solid var(--color-gray);height:0;padding-top:56.25%;}.ghost-card.card .card-header .vid-url img.img-fluid{transition:transform 250ms ease-in-out 0s,-webkit-transform 250ms ease-in-out 0s;width:100%;aspect-ratio:16/9;height:100%;object-fit:cover;position:absolute;top:0;z-index:0;}.ghost-card.card .card-header .vid-url .play-btn{background-color:rgba(0,0,0,0.3);width:32px;height:32px;border:2px solid white;border-radius:50%;display:flex;justify-content:center;position:absolute;right:10px;bottom:10px;z-index:1;}.ghost-card.card .card-header .vid-url .play-btn img{padding:8px 8px 8px 9px;object-fit:unset;}.ghost-card.card .card-body{padding:0;display:flex;flex-direction:column;flex:1;}.ghost-card.card .card-body .title-wrapper{padding-bottom:16px;}.ghost-card.card .card-body h4,.ghost-card.card .card-body h5{display:-webkit-box;-webkit-line-clamp:3;-webkit-box-orient:vertical;overflow:hidden;padding-bottom:0;}.ghost-card.card .card-body p{display:-webkit-box;-webkit-line-clamp:5;-webkit-box-orient:vertical;overflow:hidden;}.ghost-card.card .card-footer{padding:0;background:none;border:none;}.ghost-card.card .card-footer .footer-data{background:none;border:none;padding:0;margin-top:16px;}.ghost-card.card .card-footer .footer-data a{position:static;font-weight:normal;color:var(--color-ink);text-decoration:none;font-size:0.875rem;line-height:1.5rem;}.ghost-card.card .card-footer .footer-data p{margin-bottom:0;}.ghost-card.card .card-footer .footer-data .author-desc div{font-size:0.875rem;line-height:1.5rem;}.ghost-card.card .card-footer .footer-data .author-desc .author-name{margin:0 4px 0 0;z-index:2;position:relative;}.ghost-card.card .card-footer .footer-data .author-desc .author-name:not(:last-child):after{content:",";}.ghost-card.card .card-footer .footer-data .author-desc a{font-weight:600;}.ghost-card.card .card-footer .footer-data .author-desc a:hover{text-decoration:underline;}.ghost-card.card .card-footer .footer-data .author-desc .author-name-normal a{font-weight:400;}.ghost-card.card .card-meta{margin-top:16px;display:flex;flex-wrap:wrap;}.ghost-card.card .card-meta .card-meta-data{margin:8px 16px 0px 0px;display:flex;}.ghost-card.card .card-meta .card-meta-data img{margin-right:8px;width:16px;height:16px;position:relative;top:4px;}.ghost-card.card .card-meta .card-meta-data span{margin-right:5px;}.ghost-card.card .card-meta .card-meta-data span:not(:last-child):after{content:",";}.ghost-card.card .card-meta .card-meta-data a{font-weight:normal;font-size:0.875rem;line-height:1.5rem;color:var(--color-ink);text-decoration:none;}.ghost-card.card .author-desc div{font-size:0.875rem;line-height:1.5rem;}.ghost-card.card .author-desc .author-name{margin:0 4px 0 0;z-index:1;}.ghost-card.card .author-desc .author-name:not(:last-child):after{content:",";}.ghost-card.card .author-desc a{font-weight:600;}.ghost-card.card .author-desc a:hover{text-decoration:underline;}.ghost-card.card .author-desc .author-name-normal a{font-weight:400;}.ghost-card.card .info{padding-left:8px;z-index:999;position:absolute !important;display:block;width:39px;height:16px;right:10px;bottom:20px;background-position-x:center;}.ghost-card.card .info img{z-index:1;}.ghost-card.card .info .tooltips{z-index:999;top:-55px;right:30px;max-width:275px;transition:all 0.3s ease-out;max-height:100px;min-height:85px;height:max-content;}.ghost-card.card .info .tooltips:before{left:99%;top:70px;transform:rotate(-56deg);}.ghost-card.card:hover .card-header img.img-fluid{transform:scale(1.1);}.ghost-card.card:hover .card-body{text-decoration:none;}.ghost-card.card:hover .card-body h4,.ghost-card.card:hover .card-body h5{text-decoration:underline;}.ghost-card.card:hover .card-body p{opacity:0.8;text-decoration:none;}@media screen and (max-width:767px){.ghost-card.card{padding-bottom:16px;margin-bottom:16px;}.ghost-card.card .info .tooltips{max-width:200px;}.ghost-card.card .info .tooltips:before{left:97%;transform:rotate(-47deg);}}@media screen and (max-width:575px){.ghost-card.card .card-header .vid-url{height:auto;}}</style><style id="__jsx-579451128">.default-detail section.hasBackground:nth-last-child(2)+.layout,.default-detail section.bg-light-gray:nth-last-child(2)+.layout,.default-detail div.bg-light-gray:nth-last-child(2)+.layout,.default-detail section.bg-developer-blue:nth-last-child(2)+.layout,.default-detail div.bg-developer-blue:nth-last-child(2)+.layout,.default-detail section.bg-light-gray:nth-last-child(2)+.layout,.default-detail section.bg-developer-blue:nth-last-child(2)+.layout{height:0;}.default-detail .quote .flex-items-wrapper .img-fluid{max-height:64px;}.default-detail .social-card .card{overflow:visible;}.default-detail #dl_calculator embed{height:100vh !important;}.default-detail #dl_calculator .customizable_chart_header{width:100% !important;}.default-detail p.note{font-size:0.75rem;color:var(--color-ink);font-weight:normal;margin-bottom:8px;text-transform:none;}.default-detail .footer-cta .mkto-form-wrapper.inline.center{display:flex;justify-content:center;}.default-detail .title-text-one-column h3{margin:40px 0px 0px;}.default-detail .title-text-one-column h3:first-child{margin-top:20px;}.default-detail .icon-grid+.image,.default-detail .icon-grid+.features{margin-top:-50px;}.default-detail .pricing{margin-bottom:-40px;}.default-detail .image-text-grid .card-deck .card .title-text-cta.card-body{display:flex;flex-direction:column;}.default-detail .editorial-molecule:hover .title-link .title{text-decoration:underline;}@media screen and (max-width:991px) and (min-width:481px){.listing-sidebar .sidebar-wrapper .sidebar .tab-column{display:flex;flex-direction:column;}.right-column{padding-top:64px;}.editorial-molecule{border-bottom:1px solid var(--color-dark-gray);padding-bottom:64px;}}@media screen and (max-width:767px) and (min-width:481px){.editorial-molecule .molecule{display:flex;flex-direction:row;}.editorial-molecule .molecule .thumbnail{height:max-content !important;}.editorial-molecule .molecule .title-link{margin:0;}}@media screen and (max-width:480px){.editorial-molecule{border-bottom:1px solid var(--color-dark-gray);padding-bottom:48px;}.right-column{padding-top:48px;}}@media screen and (max-width:375px){.default-detail .common-container{max-width:255px;word-break:break-word;}}</style><style id="__jsx-2923087917">@charset "UTF-8";html,body{-webkit-font-smoothing:antialiased;position:relative;color:var(--body-color);}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{margin:0;box-sizing:border-box;display:block;position:relative;}h1 a,h2 a,h3 a,h4 a,h5 a,h6 a,.h1 a,.h2 a,.h3 a,.h4 a,.h5 a,.h6 a{font-weight:400;text-decoration:none;font-weight:unset;}h1 a:hover,h2 a:hover,h3 a:hover,h4 a:hover,h5 a:hover,h6 a:hover,.h1 a:hover,.h2 a:hover,.h3 a:hover,.h4 a:hover,.h5 a:hover,.h6 a:hover{text-decoration:none;font-weight:unset;}h1 a:hover:hover,h2 a:hover:hover,h3 a:hover:hover,h4 a:hover:hover,h5 a:hover:hover,h6 a:hover:hover,.h1 a:hover:hover,.h2 a:hover:hover,.h3 a:hover:hover,.h4 a:hover:hover,.h5 a:hover:hover,.h6 a:hover:hover{text-decoration:none;}p{margin:0 0 8px 0;}strong,b{font-weight:700;}i,em{font-style:italic;}sub{position:relative;top:0.5em;font-size:0.8em;}sup{position:relative;top:-0.5em;font-size:0.8em;}hr{border-color:var(--color-dark-gray);}hr.custom-2{border-width:2px;}small{line-height:26px;font-size:12px;font-weight:400;}ul,ul li{background:none;list-style-type:none;margin:0;padding:0;}ul ul,ul li ul{margin-top:4px;}ul.list-green,ul.list-black,ul.list_arrows,.service-list ul,.title-text ul,.main-content-wrapper ul,.video-detail ul,.webinar-archive ul,.course-tabs .course-tab-list .react-tabs__tab-panel ul,.course-tabs .course-accordion ul,.title-text-desc ul{list-style:none;margin-top:8px;margin-bottom:8px;}ul.list-green li,ul.list-black li,ul.list_arrows li,.service-list ul li,.title-text ul li,.main-content-wrapper ul li,.video-detail ul li,.webinar-archive ul li,.course-tabs .course-tab-list .react-tabs__tab-panel ul li,.course-tabs .course-accordion ul li,.title-text-desc ul li{list-style:none;font-weight:normal;padding-left:15px;margin:0 0 8px 15px;}ul.list-green li:before,ul.list-black li:before,ul.list_arrows li:before,.service-list ul li:before,.title-text ul li:before,.main-content-wrapper ul li:before,.video-detail ul li:before,.webinar-archive ul li:before,.course-tabs .course-tab-list .react-tabs__tab-panel ul li:before,.course-tabs .course-accordion ul li:before,.title-text-desc ul li:before{content:"•";color:var(--color-dark-teal);display:inline-block;margin-left:-20px;width:20px;}ul.list-green li p,ul.list-black li p,ul.list_arrows li p,.service-list ul li p,.title-text ul li p,.main-content-wrapper ul li p,.video-detail ul li p,.webinar-archive ul li p,.course-tabs .course-tab-list .react-tabs__tab-panel ul li p,.course-tabs .course-accordion ul li p,.title-text-desc ul li p{display:inline;}ul.list-icon-check{list-style:none;}ul.list-icon-check li{list-style:none;font-weight:normal;padding-left:24px;margin:0 0 10px 5px;position:relative;}ul.list-icon-check li:before{border:1px solid var(--color-elastic-teal);border-width:0 2px 2px 0;content:"";height:13px;left:0;position:absolute;top:4px;width:8px;-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);-webkit-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}ol{margin-top:8px;margin-bottom:8px;padding-left:32px;}ol li{margin-bottom:8px;}ol li ol{margin:16px 0;}ol.lower-alpha{list-style-type:lower-alpha;}ol.upper-roman{list-style-type:upper-roman;}.blog .container ul:not(.card-grid),.webinar-wrap ul{list-style:none;}.blog .container ul:not(.card-grid) li,.webinar-wrap ul li{list-style:none;font-weight:normal;padding-left:15px;margin:0 0 10px 20px;}.blog .container ul:not(.card-grid) li:before,.webinar-wrap ul li:before{content:"•";color:var(--color-dark-teal);display:inline-block;margin-left:-20px;width:20px;}.blog .container ul.no-bullets{list-style:none;}.blog .container ul.no-bullets li{list-style:none;font-weight:normal;padding:0;margin-left:0 !important;}.blog .container ul.no-bullets li:before{content:"";}.featured-list li{list-style-type:none;margin-top:80px;margin-bottom:80px;}.featured-list li p{margin-bottom:0;}.featured-list li:first-child{margin-top:60px;}.featured-list li img{margin-right:auto;margin-left:auto;}table,dl,dt,dd,tbody,tfoot,thead,tr,th,td{line-height:26px;word-break:keep-all;}.table-responsive{margin-top:32px;width:100%;}.table-responsive table,.table-responsive table td{border:1px solid var(--color-light-gray);}.table-responsive table th,.table-responsive table td th{text-align:center;font-weight:600;}.table-responsive table td,.table-responsive table td td{padding:10px;}.table-responsive th,.table-responsive td{padding:16px;}.table-center-text th,.table-left-text th{border-bottom:2px solid var(--color-dark-gray);background-color:var(--color-white) !important;font-weight:bold;font-size:14px;line-height:24px;}.table-center-text tr:nth-child(odd),.table-left-text tr:nth-child(odd){background-color:var(--color-light-gray);}.table-left-text tr td{text-align:left;}.table-center-text tr td{text-align:center;}.table-left-text-label-column th{border-bottom:2px solid var(--color-dark-gray);background-color:var(--color-white) !important;font-weight:bold;}.table-left-text-label-column tr:nth-child(odd){background-color:var(--color-light-gray);}.table-left-text-label-column tr th:nth-child(2),.table-left-text-label-column tr td:nth-child(2){border-left:2px solid var(--color-dark-gray) !important;}.table-left-text-label-column td:first-child{font-weight:bold;text-align:left;}.table-merged-cells{border:1px solid var(--color-dark-gray);text-align:center;}.table-merged-cells td{border:1px solid var(--color-dark-gray);background-color:var(--color-white) !important;}.table-merged-cells th{background-color:var(--color-light-gray) !important;border:1px solid var(--color-dark-gray);}blockquote{border-left:5px solid var(--color-elastic-teal);padding-left:20px;line-height:32px;font-size:20px;font-weight:400;}.clearfix:before,.clearfix:after{content:" ";display:table;}.clearfix:after{clear:both;}.common-container{width:100%;max-width:748px;margin-right:auto;margin-left:auto;}.full-width-features{padding-left:15px;padding-right:15px;width:100%;}.paragraph-caption,.paragraph-caption p{font-size:12px;font-style:normal;font-weight:400;line-height:130%;margin:16px 0 8px 0;text-decoration:none;}.nowrap{color:#fff;font-size:18px;white-space:nowrap;}.unscroll{position:fixed;width:100%;}code{display:inline;white-space:normal;}code pre{box-sizing:border-box;-moz-box-sizing:border-box;webkit-box-sizing:border-box;display:inline-block;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;width:100%;overflow-x:auto;-webkit-border-radius:0px;-moz-border-radius:0px;-ms-border-radius:0px;border-radius:0px;}pre{box-sizing:border-box;-moz-box-sizing:border-box;webkit-box-sizing:border-box;display:inline-block;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;width:100%;overflow-x:auto;}pre.prettyprint{background-color:#f0f0f0;font-size:15px;margin-bottom:15px;padding:10px;word-break:break-word !important;white-space:pre-wrap !important;border-top:0px none;border-right:0px none;border-bottom:0px none;border-left:3px solid #39BDB1;-webkit-border-radius:0px;-moz-border-radius:0px;-ms-border-radius:0px;border-radius:0px;}span[data-type=inlineCode]{display:inline;white-space:normal;font-size:87.5%;color:var(--color-dark-pink);word-break:break-word;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;}.literal{background:#f0f0f0;color:#555;display:inline;padding:0 5px;vertical-align:middle;width:auto;white-space:normal;}.grey-bg{background:#f7f7f7;}.white-bg{background-color:#fff;}.bdr-btm-e0e0e0{border-bottom:1px solid #ccc;}.bdr-btm-ccc{border-bottom:1px solid #ccc;}.intro-paragraph{line-height:29px;font-size:18px;}.intro-paragraph p{line-height:29px;font-size:18px;}.white-box{background-color:#fff;box-shadow:0px 10px 20px 0px rgba(152,162,179,0.15),0px 2px 6px 0px rgba(152,162,179,0.25);padding:20px;}.form-control:focus{-moz-box-shadow:none;-webkit-box-shadow:none;-o-box-shadow:none;-ms-box-shadow:none;box-shadow:none;}.note{margin-bottom:20px;color:#f00;font-weight:600;text-transform:uppercase;}.quotes{height:120px;opacity:0.5;filter:alpha(opacity=50);}.grey-border-box{-webkit-box-align:center;align-items:center;-webkit-box-pack:justify;justify-content:space-between;width:100%;max-width:825px;border:1px solid rgb(212,218,229);border-radius:10px;background:rgb(255,255,255);padding:16px;font-size:14px;line-height:24px;}.grey-border-box p{font-size:14px;line-height:24px;}.grey-border-box a{line-height:26px;font-size:16px;}.grey-border-box .white-block{display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;}.grey-border-box .white-block span{color:#0078a0;display:inline-block;line-height:60px;text-align:center;width:60px;height:60px;font-size:24px;font-weight:600;border-top:1px solid #0078a0;border-right:1px solid #0078a0;border-bottom:1px solid #0078a0;border-left:1px solid #0078a0;-webkit-border-radius:50%;-moz-border-radius:50%;-ms-border-radius:50%;border-radius:50%;}.skip-links{position:absolute;top:8px;left:8px;z-index:9999;}.skip-links .euiSkipLink{color:#fff;padding:8px 24px;font-size:0.875rem;font-weight:bold;line-height:1.5;min-height:40px;border:2px solid #0B64DD;border-radius:5px;text-decoration:none;position:relative;}.skip-links .euiSkipLink:hover{color:#005A9E;}.skip-links .euiSkipLink:focus{color:#fff;text-decoration:none;}@media screen and (min-width:992px){.statistics-title{color:var(--color-blurple);font-size:140px;line-height:130%;}.statistics-title-percent{color:var(--color-blurple);font-size:70px;line-height:200%;}.statistics-title-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:80px;line-height:80%;}.statistics-title-percent-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:50px;line-height:90%;}}@media screen and (max-width:991px){.statistics-title{color:var(--color-blurple);font-size:110px;line-height:105%;}.statistics-title-percent{color:var(--color-blurple);font-size:55px;line-height:150%;}.statistics-title-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:80px;line-height:80%;}.statistics-title-percent-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:50px;line-height:90%;}}@media screen and (max-width:767px){.grey-border-box{display:block;}.grey-border-box .col{display:block;float:none;width:100%;}.grey-border-box .white-block{border-bottom:1px solid #ccc;border-right:0 none;-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;-ms-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0;padding-bottom:55px;}.grey-border-box .product-icon{position:relative;top:50%;margin-bottom:-52px;right:0;bottom:0;left:50%;z-index:100;-webkit-transform:translate(-50%,-50%);-moz-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);}}img.greyscale{filter:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg'><filter ….2525 0 0 0.2525 0.2525 0.2525 0 0 0 0 0 1 0'/></filter></svg>#greyscale");filter:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg'><filter id='greyscale'><feColorMatrix type='matrix' values='0.3333 0.3333 0.3333 0 0 0.3333 0.3333 0.3333 0 0 0.3333 0.3333 0.3333 0 0 0 0 0 1 0'/></filter></svg>#greyscale");filter:grey;-webkit-filter:greyscale(100%);-webkit-backface-visibility:hidden;}.shadow-light{-moz-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-webkit-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-o-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-ms-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;}.shadow-dark{-moz-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-webkit-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-o-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-ms-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;}figure{margin:0;text-align:center;}figure i,.border-circle{background-position:center center;background-repeat:no-repeat;background-size:120% auto;display:block;height:170px;margin:0 auto;overflow:hidden;width:170px;border-top:6px solid #ccc;border-right:6px solid #ccc;border-bottom:6px solid #ccc;border-left:6px solid #ccc;-webkit-border-radius:340px;-moz-border-radius:340px;-ms-border-radius:340px;border-radius:340px;}figcaption{text-align:center;font-size:14px;line-height:24px;font-style:italic;}.circle-bg{background:#fff;-webkit-border-radius:104px;-moz-border-radius:104px;-ms-border-radius:104px;border-radius:104px;-moz-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-webkit-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-o-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-ms-box-shadow:0px 2px 5px rgba(0,0,0,0.2);box-shadow:0px 2px 5px rgba(0,0,0,0.2);width:104px;height:104px;position:relative;display:inline-block;z-index:1;}.circle-bg img{bottom:0;height:70%;left:0;margin:auto;position:absolute;right:0;top:0;width:70%;}.circle-bg:before{content:" ";vertical-align:middle;height:100%;}.circle-bg .graph-img-center{left:6px;}.image-32-icon{height:32px !important;margin:0 0 16px !important;width:32px !important;}.image-64-icon{height:64px !important;margin:0 auto 16px !important;width:64px !important;}.onlyFadeIn{-webkit-animation:onlyFadeIn 1s;animation:onlyFadeIn 1s;}@-webkit-keyframes onlyFadeIn{0%{opacity:0;}100%{opacity:1;}}@keyframes onlyFadeIn{0%{opacity:0;}100%{opacity:1;}}.img-overflow{max-width:100%;height:auto;}@media (min-width:992px){.img-overflow{max-width:unset;max-height:500px;}}.embed-container iframe,.video iframe{border:0;height:287px;width:100%;}.play-icon{bottom:0;display:block;height:50px;left:0;margin:auto;position:absolute;right:0;top:0;z-index:2;}.video-thumb{position:relative;display:inline-block;max-width:100%;border-radius:10px;overflow:hidden;}.video-thumb .play-btn{bottom:0;height:64px;left:0;margin:auto;position:absolute;right:0;top:0;width:64px;}@media screen and (max-width:600px){.video-thumb{max-width:295px;}}.video-content-wrapper h3{color:var(--color-dark-blue);}.video-content-wrapper h3 a{color:var(--color-dark-blue);}.right-arrow{background-image:url(/static-res/images/right-blue-arrow.png);background-repeat:no-repeat;background-position:right 4px;padding-right:25px !important;color:#00a9e5;font-size:16px;display:inline-block;}.right-arrow:hover{color:#00a9e5;}.right-arrow .upgrade-icon{background-image:url(/static-res/images/refresh-icon.svg);background-repeat:no-repeat;background-position:0px 0px;display:inline-block;height:17px;padding-left:28px;vertical-align:middle;}.right-arrow:before{content:" ";vertical-align:middle;height:100%;}.right-arrow .graph-img-center{left:6px;}.checkmark{height:63px;width:63px;}.position-relative{position:relative;}.position-absolute{position:absolute;}@media screen and (min-width:768px) and (max-width:991px){.container{max-width:100% !important;}}@media screen and (max-width:767px){.container{width:100%;max-width:unset;}.common-container{width:100%;}.no-gutters{margin-right:0;margin-left:0;}.no-gutters>[class*=col-]{padding-right:0;padding-left:0;}}@media screen and (max-width:480px){.table-responsive table,.table-responsive table td{border:1px solid #ccc;}.table-responsive table th,.table-responsive table td th{text-align:center;font-weight:600;font-size:13px;}.table-responsive table td,.table-responsive table td td{padding:5px;font-size:13px;line-height:18px;}.table-responsive table td p a{font-size:13px;line-height:18px;}}a{color:var(--link-color);-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;text-decoration:underline;font-weight:600;}a:hover,a:focus{color:var(--link-hover-color);text-decoration:underline;box-shadow:none !important;}a.whiteurl{color:var(--color-white);}a.stretched-link:before{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;pointer-events:auto;content:"";background:transparent !important;background-color:rgba(0,0,0,0);}.btn-tertiary,.cta-link,a.btn-tertiary:not([href]):not([tabindex]){cursor:pointer;display:inline-block;text-decoration:none;color:var(--button-tertiary-color);font-weight:600;}.btn-tertiary svg,.cta-link svg,a.btn-tertiary:not([href]):not([tabindex]) svg{-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;left:8px;position:relative;height:inherit;}.btn-tertiary svg path,.cta-link svg path,a.btn-tertiary:not([href]):not([tabindex]) svg path{stroke:var(--button-tertiary-color);}.btn-tertiary:hover,.cta-link:hover,a.btn-tertiary:not([href]):not([tabindex]):hover{text-decoration:none;color:var(--button-tertiary-hover-color);}.btn-tertiary:hover svg,.cta-link:hover svg,a.btn-tertiary:not([href]):not([tabindex]):hover svg{left:14px;}.btn-tertiary:hover svg path,.cta-link:hover svg path,a.btn-tertiary:not([href]):not([tabindex]):hover svg path{stroke:var(--button-tertiary-hover-color);}.btn-tertiary:focus-visible,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{text-decoration:none;color:var(--button-tertiary-hover-color);outline:2px solid var(--button-tertiary-active-offset-color);outline-offset:4px;border-radius:4px;padding-right:12px;}.btn-tertiary:focus-visible svg,.cta-link:focus-visible svg,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg{stroke:var(--button-tertiary-hover-color);}.btn-tertiary:focus-visible svg path,.cta-link:focus-visible svg path,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg path{stroke:var(--button-tertiary-hover-color);}.gdpr-text{margin-top:10px;}.gdpr-text p{font-size:12px;line-height:18px;opacity:1;}#marketo-fe-form{position:relative;}#marketo-fe-form .mktoForm{position:relative;width:100% !important;}#marketo-fe-form .mktoForm .mktoOffset{display:none;}#marketo-fe-form .mktoForm .mktoLabel,#marketo-fe-form .mktoForm legend{font-size:14px;font-weight:600;line-height:24px !important;text-align:left;width:auto !important;padding-top:0;margin-left:0;float:none;display:block;margin-bottom:4px;}#marketo-fe-form .mktoForm .mktoLabel[for=tempCheckBoxforForm]{margin-left:23px;width:calc(100% - 23px) !important;font-weight:normal;}#marketo-fe-form .mktoForm p,#marketo-fe-form .mktoForm #gdpr{opacity:1;margin-bottom:8px;}#marketo-fe-form .mktoForm .mktoFormCol{width:100%;min-height:unset;margin-bottom:0 !important;}#marketo-fe-form .mktoForm .mktoFieldWrap{margin-right:0px !important;width:100%;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=hidden]{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]{-webkit-appearance:none;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url],#marketo-fe-form .mktoForm .mktoFieldWrap select{width:100% !important;color:var(--color-ink);height:50px;line-height:40px !important;min-width:190px;padding:8px !important;font-size:14px;font-weight:400;border:1px solid var(--color-dark-gray);border-radius:0;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap select:focus{border-bottom:2px solid var(--color-elastic-blue);outline:none !important;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap select.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap select.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap select{background-color:#fff;position:relative;line-height:normal !important;padding:8px 32px 8px 8px !important;appearance:none;-webkit-appearance:none;-moz-appearance:none;-ms-appearance:none;background-image:url("/static-res/images/svg/icon-down-arrow-16-blue.svg");background-repeat:no-repeat;background-position:98% 50%;background-size:16px;}#marketo-fe-form .mktoForm .mktoFieldWrap textarea{border:1px solid var(--color-dark-gray);font-size:14px;height:6em;width:100% !important;padding:8px 16px;margin-bottom:32px;padding:8px 16px;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap textarea:focus{outline:none;border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap textarea.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#marketo-fe-form .mktoForm .mktoFieldWrap textarea.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]{height:auto !important;width:16px !important;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:after{background-color:var(--color-white);content:"";height:17px;left:-2px;position:absolute;top:-2px;width:17px;border-top:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);border-bottom:1px solid var(--color-dark-gray);border-left:1px solid var(--color-dark-gray);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:checked:after{background-color:var(--color-elastic-blue);border-color:var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:checked:before{content:"";height:12px;left:3px;position:absolute;top:-2px;width:7px;z-index:1;border-right:2px solid rgb(255,255,255);border-bottom:2px solid rgb(255,255,255);-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox][disabled]:after{border-color:#f8f9fb;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoRadioList{position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoRadioList label{margin-left:28px;margin-bottom:16px;line-height:14px;}#marketo-fe-form .mktoForm .mktoFieldWrap::-webkit-input-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap::-moz-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap:-ms-input-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap:-moz-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList{margin:16px 0px 10px 0px;width:100% !important;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList>label{font-size:14px;margin-bottom:8px;margin-left:32px;min-height:25px;margin-top:-2px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoHtmlText{width:100% !important;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoGutter.mktoHasWidth{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError{left:0;right:unset !important;bottom:unset !important;position:relative !important;z-index:0;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorMsg{background-image:none !important;background-color:transparent !important;border:none !important;max-width:unset !important;box-shadow:none !important;text-shadow:none !important;color:var(--color-dark-orange) !important;font-size:14px !important;line-height:24px !important;margin-top:4px !important;padding-left:0;clear:both;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorMsg .mktoErrorDetail{display:inline !important;}#marketo-fe-form .mktoForm .mktoOffset,#marketo-fe-form .mktoForm .mktoRequiredField .mktoAsterix{display:none;}#marketo-fe-form .mktoForm .mktoButtonRow{width:100%;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:unset !important;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton{background:var(--color-elastic-blue);color:var(--color-white);display:inline-block;font-size:16px;font-weight:600;font-family:"MierB","Inter",Arial,sans-serif;height:50px;line-height:30px;margin:0;min-width:150px;padding:0 16px !important;text-align:center;text-transform:none;width:100%;border-top:1px solid var(--color-elastic-blue);border-right:1px solid var(--color-elastic-blue);border-bottom:1px solid var(--color-elastic-blue);border-left:1px solid var(--color-elastic-blue);-webkit-border-radius:4px !important;-moz-border-radius:4px !important;-ms-border-radius:4px !important;border-radius:4px !important;-moz-transition:all 200ms ease-in;-webkit-transition:all 200ms ease-in;-o-transition:all 200ms ease-in;-ms-transition:all 200ms ease-in;transition:all 200ms ease-in;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:hover{background:var(--color-dark-blue);border-color:var(--color-dark-blue);outline:none !important;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:active,#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:focus,#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:active:focus{border-color:var(--color-light-blue);outline:none !important;}.error-message{color:var(--color-dark-orange);font-size:14px;}#fallback-form{position:relative;}#fallback-form .fallback-form-title{font-weight:600;padding-bottom:10px;}#fallback-form .debug{border:1px solid red;color:red;position:absolute;top:-20px;display:none;}#fallback-form .input-wrapper p{font-size:12px;line-height:18px;}#fallback-form form.fallback{position:relative;text-align:left;max-width:100%;}#fallback-form form.fallback .input-wrapper input{width:100%;outline:none;}#fallback-form form.fallback .input-wrapper input[type=text],#fallback-form form.fallback .input-wrapper input[type=email],#fallback-form form.fallback .input-wrapper input[type=number],#fallback-form form.fallback .input-wrapper input[type=tel],#fallback-form form.fallback .input-wrapper input[type=url],#fallback-form form.fallback .input-wrapper select{width:100% !important;color:var(--color-ink);height:50px;max-height:50px;line-height:40px !important;min-width:190px;padding-left:8px !important;padding-right:8px !important;font-size:14px;font-weight:400;border-radius:0;border:1px solid var(--color-dark-gray);}#fallback-form form.fallback .input-wrapper input[type=text]:focus,#fallback-form form.fallback .input-wrapper input[type=email]:focus,#fallback-form form.fallback .input-wrapper input[type=number]:focus,#fallback-form form.fallback .input-wrapper input[type=tel]:focus,#fallback-form form.fallback .input-wrapper input[type=url]:focus,#fallback-form form.fallback .input-wrapper select:focus{border-bottom:2px solid var(--color-elastic-blue);outline:none !important;}#fallback-form form.fallback .input-wrapper input[type=text].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=email].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=number].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=tel].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=url].mktoInvalid,#fallback-form form.fallback .input-wrapper select.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#fallback-form form.fallback .input-wrapper input[type=text].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=email].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=number].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=tel].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=url].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper select.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper textarea{border:1px solid var(--color-dark-gray);height:4.5em;width:100% !important;margin-bottom:32px;}#fallback-form form.fallback .input-wrapper textarea:focus{outline:none;border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper textarea.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#fallback-form form.fallback .input-wrapper textarea.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper input[type=checkbox]{height:auto !important;position:relative;width:16px !important;}#fallback-form form.fallback .input-wrapper input[type=checkbox]:after{background-color:var(--color-white);content:"";height:16px;left:0;position:absolute;top:0;width:16px;border-top:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);border-bottom:1px solid var(--color-dark-gray);border-left:1px solid var(--color-dark-gray);}#fallback-form form.fallback .input-wrapper input[type=checkbox]:checked:after{background-color:var(--color-elastic-blue);border-color:var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper input[type=checkbox]:checked:before{content:"";height:12px;left:5px;position:absolute;top:0px;width:7px;z-index:1;border-right:2px solid rgb(255,255,255);border-bottom:2px solid rgb(255,255,255);-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}#fallback-form form.fallback .input-wrapper::-webkit-input-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper::-moz-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper:-ms-input-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper:-moz-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback label{font-size:14px;font-weight:600;line-height:24px !important;text-align:left;width:100% !important;margin-bottom:0;margin-top:24px;}#fallback-form form.fallback .asterix{font-weight:700;color:var(--color-dark-orange);}#fallback-form form.fallback .submit-form{cursor:pointer;min-width:140px;width:max-content;padding-right:16px;padding-left:16px;-webkit-transition:all 200ms ease-in;transition:all 200ms ease-in;background-color:var(--color-elastic-blue);color:var(--color-white);height:50px;font-weight:700;text-align:center;letter-spacing:0.025em;margin:0;border:1px solid var(--color-elastic-blue);border-radius:4px;cursor:pointer;}#fallback-form form.fallback .submit-form:hover{background:var(--color-dark-blue);border-color:var(--color-dark-blue);}#fallback-form form.fallback .submit-form:active{border-color:var(--color-light-blue);}#fallback-form form.fallback .submit-form:focus{box-shadow:none;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap,.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap{margin-bottom:24px;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=url],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]{height:40px !important;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap select,.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap select{height:auto !important;}.mkto-form-wrapper.inline #marketo-fe-form{position:relative;width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm{width:100% !important;padding:0px;position:relative;display:inline-flex;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoOffset,.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoAsterix{display:none;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol{margin-bottom:0 !important;float:none;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap{width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoHtmlText{display:none !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoHtmlText p{margin:0 !important;line-height:0 !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{min-width:289px;width:100% !important;max-width:350px !important;margin-top:4px;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError{position:absolute !important;padding-bottom:unset;bottom:-52px !important;width:max-content;z-index:99 !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:block;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap .mktoErrorArrow{background:rgba(255,255,255,0.9);border:1px solid var(--color-dark-orange) !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorMsg{border:1px solid var(--color-dark-orange) !important;color:var(--color-dark-orange) !important;padding:8px !important;background:rgba(255,255,255,0.9) !important;border-radius:0 !important;width:auto !important;margin-top:7px !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow{margin-top:4px;margin-left:16px;width:max-content !important;align-self:flex-end;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:0px !important;}.mkto-form-wrapper.inline .success-message{max-width:455px;width:100%;margin:0 auto;}.mkto-form-wrapper.inline.fallback{width:100%;max-width:455px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{display:inline-flex;align-items:end;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{min-width:307px;width:100% !important;max-width:350px !important;margin-top:4px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{margin-top:4px;margin-left:16px;}.mkto-form-wrapper.inline.center #marketo-fe-form{margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline.center #marketo-fe-form .mktoForm{justify-content:center;}.mkto-form-wrapper.inline.center.fallback{max-width:455px !important;margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline.center.fallback #fallback-form{text-align:center;}.mkto-form-wrapper.inline.center .error-message{margin-top:16px;}@media screen and (max-width:1200px){.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{min-width:270px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{width:100%;margin:0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{min-width:270px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{width:100%;}}@media screen and (max-width:991px){.react-tabs .react-tabs__tab{font-size:14px;}.mkto-form-wrapper.inline{margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm{position:relative;display:block;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap{width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{width:100% !important;max-width:unset !important;min-width:unset;margin-top:0;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError{width:auto;position:relative !important;top:8px;bottom:unset !important;padding-bottom:0;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorMsg{padding:0 !important;width:auto !important;border:none !important;background:transparent !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:none !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow{margin-top:16px;margin-left:0;width:100% !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:0px !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton{width:100% !important;}.mkto-form-wrapper.inline.fallback{max-width:455px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{display:block;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{width:100% !important;max-width:unset !important;min-width:unset;margin-top:0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{margin:16px 0 0 0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper .submit-form{width:100% !important;}}.success-message{background:var(--color-white);color:var(--color-dark-teal) !important;border:1px solid var(--color-dark-teal) !important;padding:8px;text-align:center;}.success-message a{color:var(--color-dark-teal) !important;}.filter-wrapper{padding:32px 0px;}.filter-wrapper .header{display:flex;justify-content:space-between;border-bottom:1px solid var(--color-dark-gray);}.filter-wrapper .filter-row{width:100%;display:grid;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:1fr 1fr 1fr 1fr;align-items:baseline;}.filter-wrapper .filter-row .filter-column{width:100%;}.filter-wrapper .filter-row .filter-label{font-size:14px;font-weight:600;margin-bottom:5px;}@media screen and (max-width:991px){.filter-wrapper .container{padding:0 15px;}}@media screen and (max-width:768px){.filter-wrapper .header{padding-bottom:8px;}.filter-wrapper .container{padding:0 15px;}.filter-wrapper .filter-row{grid-template-columns:1fr 1fr;grid-template-rows:auto auto;}}@media screen and (max-width:575px){.filter-wrapper .header{display:flex;flex-direction:column;}.filter-wrapper .filter-row{grid-template-columns:1fr;}.filter-wrapper .filter-row .filter-column{margin:0 auto;width:300px;}}.card-small-padding{padding:8px;}.card-medium-padding{padding:16px;}.card-large-padding{padding:32px;}.card-xlarge-padding{padding:40px;}.card-xxlarge-padding{padding:48px;}.card-grid{display:-ms-grid;display:grid;grid-auto-columns:1fr;grid-template-columns:repeat(2,1fr);grid-template-rows:auto auto;grid-row-gap:32px;grid-column-gap:32px;}.card-grid-1x1{margin-right:auto;margin-left:auto;gap:32px;}@media (min-width:992px){.card-grid-1x1{gap:64px;}}.card-grid-1x1,.card-grid-1x1-sidebar{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-template-areas:".";grid-template-columns:1fr;grid-template-rows:auto;}.card-grid-1x1.col-sm-8,.card-grid-1x1-sidebar.col-sm-8{padding:0px;}.card-grid-1x1 .card-footer div:first-child,.card-grid-1x1-sidebar .card-footer div:first-child{margin-right:24px;}.card-grid-2x1{display:grid;margin-right:auto;margin-left:auto;justify-content:stretch;grid-auto-columns:1fr;grid-template-areas:".";grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.card-grid-2x1 .card-footer.align-self-left div:first-child{margin-right:24px;}.card-grid-3x1{display:grid;margin-right:auto;margin-left:auto;padding-left:0px;justify-content:stretch;grid-template-areas:".";grid-template-columns:repeat(3,1fr);grid-auto-columns:1fr;grid-template-rows:auto;}.card-grid-3x1 .card-footer.align-self-left div:first-child{margin-right:24px;}.card-grid-4x1{display:grid;margin-right:auto;margin-left:auto;justify-content:stretch;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:repeat(4,1fr);grid-template-rows:auto;}@media screen and (max-width:991px){.card-grid-3x1{grid-auto-flow:row;grid-template-areas:".";grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}.card-grid-4x1{grid-row-gap:32px;grid-template-columns:1fr 1fr;grid-template-rows:auto auto;}}@media screen and (max-width:768px){.card-grid-3x1,.card-grid-4x1{grid-template-columns:1fr 1fr;}}@media screen and (max-width:575px){.card-grid-2x1{grid-template-columns:1fr;grid-template-rows:repeat(2,auto);}.card-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.card-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}}.react-tabs .react-tabs__tab{cursor:pointer;margin-bottom:-2px;padding:0px 16px;margin-left:0;margin-right:0;}.react-tabs .react-tabs__tab h2{color:var(--color-black);font-size:16px;line-height:24px;padding-bottom:16px;font-weight:400;}.react-tabs .react-tabs__tab:focus{outline:0px none;}.react-tabs .react-tabs__tab:hover{border-bottom:2px solid var(--color-ink);}.react-tabs .react-tabs__tab--selected{color:var(--color-elastic-blue);cursor:text;display:block;margin-bottom:-2px;border-bottom:4px solid var(--carousel-tab-hover-border-color);}.react-tabs .react-tabs__tab--selected h2{color:var(--color-elastic-blue);}.react-tabs .react-tabs__tab--selected:hover{border-color:var(--color-elastic-blue);}.react-tabs .react-tabs__tab-panel{display:none;}.react-tabs .react-tabs__tab-panel--selected{display:block;}.instruction-module .react-tabs ul{border-bottom:0;}.instruction-module .react-tabs .top-tabs .react-tabs__tab{color:rgb(52,55,65);font-weight:400;height:40px;line-height:40px;margin:0px;padding:0px;text-align:center;text-transform:unset;width:200px;border-width:1px;border-style:solid;border-color:rgb(0,120,160);display:flex;justify-content:center;align-items:center;}.instruction-module .react-tabs .top-tabs .react-tabs__tab h2{padding-bottom:2px;}.instruction-module .react-tabs .top-tabs .react-tabs__tab--selected{background-color:var(--color-elastic-blue);}.instruction-module .react-tabs .top-tabs .react-tabs__tab--selected h2{color:#FFFFFF !important;}.instruction-module .react-tabs .vertical-tabs .react-tabs__tab h2{font-size:18px;line-height:22px;font-family:Inter,arial,sans-serif;}@media screen and (min-width:768px){.react-tabs .vertical-tabs .react-tabs__tab-list{border-bottom:0;border-left:1px solid var(--color-dark-gray);}.react-tabs .vertical-tabs .react-tabs__tab{margin-bottom:0;border-left:2px solid transparent;padding:8px 16px;}.react-tabs .vertical-tabs .react-tabs__tab h2{padding:5px 0;}.react-tabs .vertical-tabs .react-tabs__tab:hover{border-bottom:0;border-left:2px solid var(--color-ink);}.react-tabs .vertical-tabs .react-tabs__tab--selected{border-bottom:0;border-left:2px solid var(--color-elastic-blue);}.react-tabs .vertical-tabs .react-tabs__tab--selected:hover{border-left:2px solid var(--color-elastic-blue);}}@media screen and (max-width:767px){.code-carousel .react-tabs .react-tabs__tab-list{display:flex;flex-wrap:wrap;flex-direction:unset;margin-bottom:10px;}.code-carousel .react-tabs .react-tabs__tab{border-bottom:2px solid transparent;}.code-carousel .react-tabs .react-tabs__tab:hover{border-bottom:2px solid var(--color-ink);}.code-carousel .react-tabs .react-tabs__tab--selected{border-bottom:2px solid var(--carousel-tab-border-color);}.code-carousel .react-tabs .react-tabs__tab--selected:hover{border-bottom:4px solid var(--carousel-tab-hover-border-color);}}.carousel .carousel-one-column .react-tabs__tab,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab{color:var(--carousel-tab-color);cursor:pointer;margin-left:0;margin-right:0;position:relative;font-size:16px;line-height:22px;font-weight:700;font-style:normal;}.carousel .carousel-one-column .react-tabs__tab:focus,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab:focus{outline:0px none;}.carousel .carousel-one-column .react-tabs__tab h2,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab h2{color:var(--carousel-tab-color);font-size:16px;line-height:24px;font-weight:400;padding:0px;}.carousel .carousel-one-column .react-tabs__tab--selected,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected{cursor:text;display:block;cursor:text;}.carousel .carousel-one-column .carousel-asset .card-deck-container-block.container,.carousel .carousel-one-column .carousel-asset .illustration-icon-grid-container-block.container,.carousel .carousel-two-column__tab-labels-left .carousel-asset .card-deck-container-block.container,.carousel .carousel-two-column__tab-labels-left .carousel-asset .illustration-icon-grid-container-block.container{padding:0px;}.carousel .carousel-asset-code .carousel-asset-code-block{background-image:url(https://assets.website-files.com/5d35f5b2989a23dd99c4cb9a/5dd5be9fcd567c46f05e5544_image-dots-browser-16-colored.svg);background-repeat:no-repeat;background-position:32px 32px;background-color:var(--color-light-gray);height:500px;overflow-y:scroll;padding:40px 32px 32px;position:relative;-moz-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-webkit-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-o-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-ms-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);}.carousel .carousel-asset-code .carousel-asset-code-block .react-tabs__tab-panel{height:484px;overflow:auto;width:100%;}.carousel .carousel-asset-code .prettyprint{background-color:var(--color-light-gray);border:0px none !important;left:0;margin:20px auto 0;padding:16px;position:absolute;right:0;width:675px;}.carousel .carousel-asset-code .prettyprint ol li{background:none;}.carousel .carousel-asset-code .prettyprint .linenums{color:#999;display:contents;}.carousel .carousel-asset-code .prettyprint code{display:inline-block;left:0;overflow:hidden;position:relative;vertical-align:top;white-space:pre-wrap;width:90%;word-break:break-word;}.carousel .carousel-description{width:auto;max-width:854px;text-align:center;padding:0px 16px;margin-right:auto;margin-left:auto;}.carousel .icon-text-card-deck .container{padding-left:0px !important;padding-right:0px !important;}.carousel .icon-text-card.card .card-body{text-align:left;}.carousel .icon-text-card.card .card-body h3{font-size:24px;line-height:28px;}.carousel .icon-text-card.card .card-footer{text-align:left;}.carousel .icon-text-card.card .card-footer .card-footer{margin-top:16px !important;}@media screen and (max-width:991px) and (min-width:768px){.carousel .card.icon-text-card{width:100%;}}@media screen and (max-width:768px){.carousel .carousel .description{width:100%;margin:32px auto 8px auto;}}@media screen and (max-width:575px){.carousel .react-tabs__tab h2{font-size:14px !important;line-height:24px !important;}.carousel .icon-text-card-deck{margin:auto;}}.training .rail>div{position:relative;}.euiComboBox .euiFormControlLayoutIcons{position:absolute !important;}.euiComboBox .euiFormControlLayoutCustomIcon--clickable{border:0;background-color:transparent;padding:0;}.euiComboBox .euiFormControlLayoutClearButton{display:flex;justify-content:center;align-items:center;border:1px solid #98A2B3;}.css-1yifmy7-euiBadge-hollow{display:flex;align-items:center;}.euiBadge__iconButton.css-iqdgtj-euiBadge__iconButton-right{border:0;background:transparent;padding:0;}.euiComboBoxOptionsList__rowWrap{border-radius:6px;}.euiComboBoxOptionsList__rowWrap .euiFilterSelectItem{border:0;background:#fff;border-bottom:1px solid #EEF2F7;font-size:14px;font-weight:400;display:flex;align-items:center;}.euiComboBoxOptionsList__rowWrap .euiFilterSelectItem-isFocused{background-color:rgba(0,119,204,0.1);}@media (max-width:767px){.horizontal-scroll-table{width:100vw;overflow-x:auto;}}.comparison-table{max-width:830px;margin:0 auto;}.comparison-table thead{border-bottom:4px solid #000;}.comparison-table th{text-transform:uppercase;font-weight:700;letter-spacing:0.1em;padding:1rem 1.5rem;text-align:center;}.comparison-table td{padding:1rem 1.5rem;}.comparison-table td:not(:first-child){text-align:center;}.comparison-table tbody{font-size:0.875rem;}.comparison-table tbody tr{border-bottom:1px solid #ccc;}.comparison-table tfoot td{width:100%;color:#ccc;}.pricing-card.bg-dark-teal,.list.bg-dark-teal{--bullet-color:var(--color-dark-teal);}.pricing-card.bg-yellow,.list.bg-yellow{--bullet-color:var(--color-yellow);}.pricing-card.bg-elastic-teal,.list.bg-elastic-teal{--bullet-color:var(--color-elastic-teal);}.pricing-card.bg-pink,.list.bg-pink{--bullet-color:var(--color-pink);}.pricing-card.bg-blurple,.list.bg-blurple{--bullet-color:var(--color-blurple);}.list.dark-teal{--bullet-color:var(--color-dark-teal);}.list.yellow{--bullet-color:var(--color-yellow);}.list.elastic-teal{--bullet-color:var(--color-elastic-teal);}.list.pink{--bullet-color:var(--color-pink);}.list.blurple{--bullet-color:var(--color-blurple);}.serverless-pricing-table{width:100%;border-spacing:32px 0;table-layout:fixed;height:1px;}.serverless-pricing-table h4{letter-spacing:-0.04em;line-height:1.1;}.serverless-pricing-table tr{height:100%;}@media (min-width:767px){.serverless-pricing-table tr{border-bottom:1px solid var(--color-dark-gray);}}.serverless-pricing-table tr:last-child{border:none;}@media (max-width:767px){.serverless-pricing-table tr:not(:first-of-type){display:none;visibility:hidden;}}.serverless-pricing-table th{padding:0 0.5rem;}.serverless-pricing-table th:first-child{padding:0 1rem 1.5rem;}.serverless-pricing-table th:last-child{padding-right:0;}.serverless-pricing-table td,.serverless-pricing-table th{padding:0 0.5rem;vertical-align:top;height:100%;}.serverless-pricing-table td:first-child,.serverless-pricing-table th:first-child{padding:1.5rem 1rem 0 1.5rem;}@media (max-width:767px){.serverless-pricing-table td:first-child,.serverless-pricing-table th:first-child{border-bottom:none;padding:0;margin:0;}}.serverless-pricing-table td:last-child,.serverless-pricing-table th:last-child{padding-right:0;}@media (max-width:767px){.serverless-pricing-table td,.serverless-pricing-table th{display:block;height:initial;padding:0;margin:0 0 1.5rem;border-bottom:1px solid var(--color-dark-gray);}}.serverless-pricing-table td.feature-label,.serverless-pricing-table th.feature-label{font-family:'MierB','Inter',Arial,sans-serif;font-size:1.25rem;font-weight:700;letter-spacing:-0.02em;padding:1.5rem 1rem 1.5rem 1.5rem;}.serverless-pricing-table td.feature-label span:last-child,.serverless-pricing-table th.feature-label span:last-child{margin-top:6px;display:block;font-weight:normal;}.serverless-pricing-table td.feature,.serverless-pricing-table th.feature{vertical-align:middle;text-align:center;}.serverless-pricing-table td.feature .card-content,.serverless-pricing-table th.feature .card-content{padding:24px 0;height:100%;display:flex;flex-direction:column;justify-content:center;}.serverless-pricing-table td.feature .card-content *,.serverless-pricing-table th.feature .card-content *{vertical-align:middle;}.serverless-pricing-table .card-content{border-left:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);background:#fff;padding:0 0.5rem;}.serverless-pricing-table .card-content__container{padding:0 0.5rem 1.5rem;display:flex;flex-flow:column nowrap;align-items:center;justify-content:space-between;}.serverless-pricing-table .card-content__container p{margin:0;}.serverless-pricing-table .card-content__container .button{width:max-content;margin:0 auto;align-self:end;}.serverless-pricing-table .card-content__content{flex:1;display:grid;}.serverless-pricing-table .card-content.header{display:flex;flex-flow:column nowrap;justify-content:space-between;}.serverless-pricing-table .button-unstyled{padding:8px 24px;min-height:50px;display:inline-block;border:2px solid transparent;width:max-content;margin:0 auto;align-self:end;}.serverless-pricing-table .header{padding:0;}.serverless-pricing-table .card-content__header,.serverless-pricing-table .card-content__includes{padding:0 0.5rem;}.serverless-pricing-table .card-content__includes{padding:2rem 0.5rem;border-top:1px solid var(--color-dark-gray);}.serverless-pricing-table .border-bottom{border-bottom:1px solid var(--color-dark-gray);border-bottom-left-radius:16px;border-bottom-right-radius:16px;}.serverless-pricing-table .borderless-bottom{border-bottom:none;}.serverless-pricing-table .pricing-card{border-top-left-radius:16px;border-top-right-radius:16px;height:100%;padding-top:16px;}.serverless-pricing-table .pricing-card .card-label{padding:0.875rem 0;}.serverless-pricing-table .pricing-card .header{height:100%;border-top-left-radius:16px;border-top-right-radius:16px;border-top:1px solid var(--color-dark-gray);}.serverless-pricing-table .topic-heading{color:var(--color-light-ink);font-size:1rem;font-weight:700;line-height:22px;letter-spacing:0.1em;text-transform:uppercase;}.serverless-pricing-table .price{font-family:'MierB','Inter',Arial,sans-serif;font-size:1.75rem;font-weight:700;letter-spacing:-0.04em;margin-top:8px;}.serverless-pricing-table .list{max-width:250px;width:max-content;margin:0 auto;text-align:left;text-indent:-1.5rem;}.serverless-pricing-table .list li{font-weight:normal;margin-bottom:0.75rem;}.serverless-pricing-table .list li:before{content:"✓";position:relative;top:-2px;left:0;display:inline-block;background-color:var(--bullet-color,black);border-radius:50%;border-style:none;height:16px;width:16px;font-size:0.75rem;line-height:normal;color:#fff;padding-top:0;padding-left:3px;margin-right:0.5rem;text-indent:0;}.mobile-container{border-top:1px solid var(--color-dark-gray);margin:2rem 0 0;padding:1rem 0 0;}@media (min-width:767px){.mobile-container{display:none;visibility:hidden;}}.mobile-container__item{margin:1rem 0;}.mobile-container .topic-heading{padding-bottom:0.25rem;}.mobile-container__price-heading{font-weight:normal;}.mobile-container__price{font-weight:700;}.card-content--stretch .card-content__includes{min-height:373px;}.feature .pricing{margin:0 0 1rem;}.optional-eyebrow{display:block;font-size:1rem;text-transform:uppercase;color:var(--color-dark-teal);letter-spacing:0.1rem;}.pill>.topic-heading{font-size:0.875rem;}#LbltempCheckBoxforForm{padding-left:20px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList{margin:0;}#LbltempCheckbox1{padding-left:20px;}#tempCheckbox1{margin-top:5px;}</style></head><body><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-58RLH5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><div id="__next" data-reactroot=""><div class="progress-container"><div class="progress-bar" id="myBar"></div></div><div class="skip-links"><style data-emotion="css bivm3i-euiSkipLink-euiScreenReaderOnly">.css-bivm3i-euiSkipLink-euiScreenReaderOnly{-webkit-transition:none!important;transition:none!important;}.css-bivm3i-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-bivm3i-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><style data-emotion="css 1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly">.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly{color:#FFF;background-color:#07C;outline-color:#000;-webkit-transition:none!important;transition:none!important;}@media screen and (prefers-reduced-motion: no-preference){.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly{-webkit-transition:-webkit-transform 250ms ease-in-out,background-color 250ms ease-in-out;transition:transform 250ms ease-in-out,background-color 250ms ease-in-out;}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled){-webkit-transform:translateY(-1px);-moz-transform:translateY(-1px);-ms-transform:translateY(-1px);transform:translateY(-1px);}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:active:not(:disabled){-webkit-transform:translateY(1px);-moz-transform:translateY(1px);-ms-transform:translateY(1px);transform:translateY(1px);}}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><style data-emotion="css 1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly">.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly{display:inline-block;-webkit-appearance:none;-moz-appearance:none;-ms-appearance:none;appearance:none;cursor:pointer;white-space:nowrap;max-inline-size:100%;vertical-align:middle;font-weight:500;padding:0 12px;block-size:32px;line-height:32px;font-size:1.0000rem;line-height:1.4286rem;min-inline-size:112px;border-radius:4px;color:#FFF;background-color:#07C;outline-color:#000;-webkit-transition:none!important;transition:none!important;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled),.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-text-decoration:underline;text-decoration:underline;}@media screen and (prefers-reduced-motion: no-preference){.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly{-webkit-transition:-webkit-transform 250ms ease-in-out,background-color 250ms ease-in-out;transition:transform 250ms ease-in-out,background-color 250ms ease-in-out;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled){-webkit-transform:translateY(-1px);-moz-transform:translateY(-1px);-ms-transform:translateY(-1px);transform:translateY(-1px);}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:active:not(:disabled){-webkit-transform:translateY(1px);-moz-transform:translateY(1px);-ms-transform:translateY(1px);transform:translateY(1px);}}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><a href="#main-content" rel="noreferrer" class="euiSkipLink css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly"><style data-emotion="css 1km4ln8-euiButtonDisplayContent">.css-1km4ln8-euiButtonDisplayContent{block-size:100%;inline-size:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;vertical-align:middle;gap:8px;}</style><span class="css-1km4ln8-euiButtonDisplayContent"><span class="eui-textTruncate">Skip to main content</span></span></a></div><header class="jsx-1868079691 primary header-wrapper render-oldNav"><div data-component-theme="color" class="oldNav Index_navigation__kp9_7 Index_navigation--dark__1MEdm" id="navigation_container"><div class="Index_navigation_container__AMYLs"><div data-component-theme="color" class="Index_navigation_header__KYvRr"><a class="brand" href="/"><span class="jsx-1189744782 elastic-logo"><span class="jsx-1189744782 sr-only">Elastic</span><svg width="117" height="40" viewBox="0 0 117 40" fill="none" xmlns="http://www.w3.org/2000/svg" class="jsx-1189744782"><g class="jsx-1189744782"><path d="M40.1527 20.9588C40.1527 17.5986 38.0653 14.6457 34.9257 13.5087C35.0615 12.7959 35.1294 12.0831 35.1294 11.3534C35.1294 5.09121 30.0382 -1.52588e-05 23.793 -1.52588e-05C20.1273 -1.52588e-05 16.7331 1.74797 14.5948 4.70088C13.5426 3.88628 12.2529 3.44505 10.9122 3.44505C7.58591 3.44505 4.88757 6.14339 4.88757 9.46965C4.88757 10.1994 5.02333 10.9122 5.26092 11.574C2.13831 12.6941 0 15.6979 0 19.0411C0 22.4183 2.10437 25.3712 5.24395 26.5083C5.10819 27.2041 5.0403 27.9338 5.0403 28.6635C5.0403 34.9088 10.1146 39.983 16.3598 39.983C20.0255 39.983 23.4196 38.2181 25.5409 35.2651C26.5931 36.0967 27.8829 36.5549 29.2236 36.5549C32.5498 36.5549 35.2482 33.8566 35.2482 30.5303C35.2482 29.8006 35.1124 29.0878 34.8748 28.4259C37.9974 27.3059 40.1527 24.3021 40.1527 20.9588Z" fill="white" class="jsx-1189744782"></path><path d="M15.7824 17.2253L24.5732 21.2304L33.432 13.4578C33.5677 12.8129 33.6186 12.185 33.6186 11.5061C33.6186 6.04156 29.1723 1.59523 23.7077 1.59523C20.4324 1.59523 17.3946 3.20745 15.5448 5.9058L14.0684 13.5596L15.7824 17.2253Z" fill="#FED10A" class="jsx-1189744782"></path><path d="M6.68665 26.5253C6.55088 27.1702 6.49997 27.832 6.49997 28.5108C6.49997 33.9924 10.9633 38.4387 16.4448 38.4387C19.7371 38.4387 22.8088 36.8095 24.6587 34.0942L26.1181 26.4744L24.1665 22.7408L15.3417 18.7187L6.68665 26.5253Z" fill="#24BBB1" class="jsx-1189744782"></path><path d="M6.63518 11.3195L12.6598 12.745L13.9835 5.90583C13.1689 5.27791 12.1507 4.93849 11.0985 4.93849C8.48499 4.93849 6.34668 7.05983 6.34668 9.69029C6.34668 10.2503 6.4485 10.8104 6.63518 11.3195Z" fill="#EF5098" class="jsx-1189744782"></path><path d="M6.10983 12.762C3.42846 13.6444 1.54471 16.224 1.54471 19.0581C1.54471 21.8243 3.25875 24.2851 5.82133 25.2694L14.2728 17.6326L12.7284 14.3233L6.10983 12.762Z" fill="#1BA9F5" class="jsx-1189744782"></path><path d="M26.186 34.0942C27.0176 34.7221 28.0189 35.0785 29.0541 35.0785C31.6676 35.0785 33.8059 32.9571 33.8059 30.3267C33.8059 29.7497 33.7041 29.1896 33.5174 28.6805L27.5098 27.2719L26.186 34.0942Z" fill="#93C83E" class="jsx-1189744782"></path><path d="M27.4075 25.6937L34.0261 27.238C36.7245 26.3555 38.5912 23.776 38.5912 20.9249C38.5912 18.1757 36.8772 15.6979 34.3146 14.7306L25.6595 22.3165L27.4075 25.6937Z" fill="#0B64DD" class="jsx-1189744782"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M60.3483 29.8175V9.96179H62.4187V29.8175H60.3483ZM56.1393 28.0865L56.937 28.0017L56.9879 29.6309C54.8835 29.9194 53.0846 30.0721 51.5912 30.0721C49.6056 30.0721 48.197 29.4951 47.3655 28.3411C46.5339 27.1871 46.1266 25.3882 46.1266 22.9614C46.1266 18.1077 48.0613 15.6809 51.9136 15.6809C53.7804 15.6809 55.172 16.207 56.0884 17.2422C57.0048 18.2775 57.463 19.9236 57.463 22.1468L57.3443 23.7251H48.214C48.214 25.2524 48.4855 26.3895 49.0456 27.1192C49.6056 27.8489 50.556 28.2223 51.9306 28.2223C53.3222 28.2562 54.7138 28.2053 56.1393 28.0865ZM55.3926 22.0959C55.3926 20.3988 55.1211 19.1939 54.578 18.4981C54.035 17.8023 53.1525 17.4459 51.9306 17.4459C50.7087 17.4459 49.7753 17.8192 49.1644 18.549C48.5534 19.2787 48.231 20.4667 48.214 22.0959H55.3926ZM75.5031 26.9665V20.1612C75.5031 18.6338 75.1468 17.4968 74.417 16.784C73.7042 16.0543 72.5672 15.6979 71.0059 15.6979H65.6941V17.5307H71.1417C71.8375 17.5307 72.3975 17.7344 72.8048 18.1417C73.2121 18.549 73.4157 19.2278 73.4157 20.1612V21.3491L69.0712 21.7564C67.6117 21.8922 66.5426 22.2995 65.8638 22.9274C65.1849 23.5553 64.8455 24.5566 64.8455 25.8973C64.8455 27.255 65.1849 28.2902 65.8468 29.0029C66.5087 29.7327 67.476 30.0891 68.7488 30.0891C70.4119 30.0891 72.0581 29.7836 73.7212 29.0539C74.3557 29.6588 75.3493 29.648 76.5572 29.6349H76.5574H76.5576H76.5579C76.7391 29.6329 76.925 29.6309 77.1154 29.6309L77.2172 27.798C77.2172 27.798 75.5031 27.6623 75.5031 26.9665ZM69.0882 28.3411C67.6796 28.3411 66.9838 27.4925 66.9838 25.7955C66.9838 25.0318 67.1535 24.4378 67.5269 24.0305C67.9002 23.6232 68.4942 23.3856 69.3258 23.3178L73.4157 22.9274V27.4925L72.7878 27.7132C71.5829 28.1374 70.344 28.3411 69.0882 28.3411ZM83.5982 17.5477C81.5956 17.5477 80.5774 18.2435 80.5774 19.6521C80.5774 20.297 80.815 20.7552 81.2732 21.0267C81.7314 21.2983 82.7836 21.5698 84.4297 21.8583C86.0759 22.1468 87.2299 22.5371 87.9088 23.0632C88.5876 23.5724 88.927 24.5397 88.927 25.9652C88.927 27.3908 88.4688 28.426 87.5524 29.0878C86.6359 29.7497 85.3122 30.0891 83.5473 30.0891C82.4102 30.0891 78.5918 29.6648 78.5918 29.6648L78.7106 27.8659C79.0533 27.8978 79.3815 27.9289 79.6954 27.9586C81.3864 28.1186 82.6624 28.2393 83.5642 28.2393C84.6334 28.2393 85.448 28.0696 86.008 27.7302C86.5681 27.3908 86.8566 26.8138 86.8566 26.0161C86.8566 25.2185 86.619 24.6754 86.1438 24.3869C85.6686 24.0984 84.6164 23.8269 82.9872 23.5724C81.358 23.3178 80.204 22.9444 79.5252 22.4353C78.8463 21.9432 78.5069 21.0098 78.5069 19.6691C78.5069 18.3284 78.9821 17.3271 79.9325 16.6822C80.8828 16.0374 82.0708 15.7149 83.4794 15.7149C84.5994 15.7149 88.5027 16.0034 88.5027 16.0034V17.8193C87.8189 17.7797 87.1764 17.7364 86.5804 17.6962C85.3867 17.6157 84.3792 17.5477 83.5982 17.5477ZM94.5436 17.7853H98.939V15.9694H94.5436V11.7437H92.4901V15.9864H90.5215V17.7853H92.4901V25.0657C92.4901 27.0344 92.7617 28.375 93.3217 29.0708C93.8817 29.7666 94.866 30.123 96.3085 30.123C96.9534 30.123 97.8868 30.0212 99.1257 29.8176L98.9899 28.1035L96.5291 28.2732C95.6636 28.2732 95.1206 28.0187 94.883 27.5265C94.6624 27.0344 94.5436 25.9822 94.5436 24.4039V17.7853ZM101.824 12.8469V10.454H103.895V12.8638L101.824 12.8469ZM101.824 29.8176V15.9864H103.895V29.8176H101.824ZM115.995 16.0373C114.535 15.8167 113.5 15.6979 112.889 15.6979C110.819 15.6979 109.342 16.241 108.443 17.2931C107.56 18.3453 107.119 20.1951 107.119 22.8256C107.119 25.4561 107.543 27.3228 108.358 28.4259C109.172 29.529 110.666 30.0891 112.821 30.0891C113.67 30.0891 114.959 29.9533 116.674 29.6987L116.589 27.9847L113.33 28.2393C111.667 28.2393 110.581 27.8489 110.055 27.0513C109.529 26.2537 109.274 24.8451 109.274 22.8256C109.274 20.8061 109.563 19.4145 110.123 18.6678C110.683 17.9211 111.752 17.5477 113.313 17.5477C114.009 17.5477 115.095 17.6326 116.572 17.8023L116.657 16.1222L115.995 16.0373Z" fill="#fff" class="jsx-1189744782 elastic-logo__wordmark"></path></g></svg></span></a><div class=" Actions_actions__9PoiP Actions_actions--dark__jZmDJ "><div class="Actions_action__THZjm"><button type="button" aria-label="Press down to open menu." aria-expanded="false"><span><svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><g clip-path="url(#a)"><path d="M10 18.75c-1.57 0-3.125-3.89-3.125-8.75 0-4.86 1.556-8.75 3.125-8.75V0C7.428 0 5.625 4.506 5.625 10S7.428 20 10 20v-1.25ZM10 18.75c1.57 0 3.125-3.89 3.125-8.75 0-4.86-1.556-8.75-3.125-8.75V0c2.572 0 4.375 4.506 4.375 10S12.572 20 10 20v-1.25Z"></path><path d="M3.125 7.5h13.75V6.25H3.125V7.5ZM3.125 13.75h13.75V12.5H3.125v1.25Z"></path><path fill-rule="evenodd" d="M20 10c0 5.523-4.477 10-10 10S0 15.523 0 10 4.477 0 10 0s10 4.477 10 10ZM1.25 10a8.75 8.75 0 1 0 17.5 0 8.75 8.75 0 0 0-17.5 0Z" clip-rule="evenodd"></path></g><defs><clipPath id="a"><path d="M0 0h20v20H0z"></path></clipPath></defs></svg></span><span class="Actions_ButtonText__L0fen">EN</span></button><div class="Dropdown_Dropdown__pUJPf undefined Dropdown_Dropdown--modalOnMobile__olFVq"><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><ul><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Deutsch</a></li><li class="Actions_DropdownItem__z0FcS Actions_DropdownItemActive__0GjNS"><a class="Actions_DropdownLink__evluL">English</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Español</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Français</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">日本語</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">한국어</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">简体中文</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Português</a></li></ul></div></div></div></div><div class="Actions_action__THZjm"><button type="button"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none" class="jsx-3447688935 icon iconDark"><g fill-rule="evenodd" stroke-width=".417" clip-path="url(#a)" clip-rule="evenodd" class="jsx-3447688935"><path d="M8.332 1.99a6.346 6.346 0 1 0 0 12.693 6.346 6.346 0 0 0 0-12.693Zm-7.5 6.346a7.5 7.5 0 1 1 15 0 7.5 7.5 0 0 1-15 0Z" class="jsx-3447688935"></path><path d="m14.124 13.336 5.041 5.041-.792.792-5.041-5.04.792-.793Z" class="jsx-3447688935"></path></g><defs class="jsx-3447688935"><clipPath id="a" class="jsx-3447688935"><path d="M0 0h20v20H0z" class="jsx-3447688935"></path></clipPath></defs></svg><span class="Actions_ButtonText__L0fen Actions_ButtonTextHidden__r8BOX">Search</span></button></div><div class="Actions_action__THZjm"><a href="https://cloud.elastic.co"><svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><g clip-path="url(#a)"><path fill-rule="evenodd" d="M6.252 5.416a3.75 3.75 0 1 1 7.5 0 3.75 3.75 0 0 1-7.5 0ZM10.002 0a5.417 5.417 0 0 0-3.336 9.685 8.215 8.215 0 0 0-3.384 2.245C1.602 13.782.625 16.5.625 20h1.667c0-3.196.888-5.478 2.225-6.951 1.331-1.469 3.18-2.215 5.275-2.215 2.094 0 3.943.746 5.275 2.215 1.336 1.473 2.225 3.755 2.225 6.951h1.666c0-3.501-.977-6.219-2.657-8.071A8.204 8.204 0 0 0 13.2 9.79 5.417 5.417 0 0 0 10.002 0Z" clip-rule="evenodd"></path><path d="M1.668 20.003h16.667v-1.667H1.668v1.667Z"></path></g><defs><clipPath id="a"><path d="M0 0h20v20H0z"></path></clipPath></defs></svg><span class="Actions_ButtonText__L0fen Actions_ButtonTextHidden__r8BOX">Login</span></a></div><button type="button" aria-expanded="false" class=" Control_navigation-control__dMg2m Control_navigation-control--dark__ru4Uq "><span class="Control_navigation-control_text__wyRQe">Toggle Navigation</span><span class="Control_navigation-control_icon__2h1YW"><span></span><span></span><span></span></span></button></div><div style="top:72px" class="Buttons_navigationButtons__QJmSA"><a class="button btn-primary btn-small" href="https://cloud.elastic.co/registration"><span class="jsx-1596590093 btn-copy">Start free trial</span></a><a class="button btn-secondary btn-small" href="/contact"><span class="jsx-1596590093 btn-copy">Contact Sales</span></a></div><div style="top:72px" class="Index_navigation_flyout__73xqL"><div class="Index_navigation_flyout_content___3G_7"><nav class="Items_navigation-items__lSmFz" aria-label="Primary navigation"><div class="Items_dropdownWrapper__hJFj3" style="width:100%;height:200px"></div><div><button class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" aria-label="Platform, press down to open menu." aria-expanded="false">Platform<svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf undefined "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd Card_ghost-card__kC3tT "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/platform"><h2 class="h5">The Search AI Company</h2></a><a class="Card_custom-link__semnr" href="/platform"><div class="Card_card-image__34JYo"><div class=" Card_thumbnail-wrapper__8kCr1 "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltb72b02d269f3201a/6643847599f5a8667dc35ac7/nav-platform.png" class="Card_img-fluid__EqrlH" alt="Search, Security, Observability"/></div></div></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a></div><div class="Card_card-body__81rqO"><div><p>Build tailored experiences with Elastic.</p></div><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/platform" tabindex="-1"><span class="jsx-1596590093 btn-copy">Elastic Search AI Platform overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><div><p><strong>Scale your business with Elastic Partners</strong></p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="https://partners.elastic.co/findapartner/" tabindex="-1">Find a partner<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/partners/become-a-partner" tabindex="-1">Become a partner<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/partners" tabindex="-1"><span class="jsx-1596590093 btn-copy">Partner overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/62aa0980c949fd5059e8aebc/logo-stack-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">ELK Stack</h2></div><div class="Card_card-body__81rqO"><div><p>Search and analytics, data ingestion, and visualization – all at your fingertips.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/kibana" tabindex="-1">Kibana<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch" tabindex="-1">Elasticsearch<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/integrations" tabindex="-1">Integrations<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/elastic-stack" tabindex="-1"><span class="jsx-1596590093 btn-copy">ELK Stack overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><div><p><strong>By developers, for developers</strong></p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/vector-database" tabindex="-1">Try the world's most used vector database<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/blog/search-ai-lake-elastic-cloud-serverless" tabindex="-1">Scale with the low-latency Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Join our community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div><div class="Items_Section__vJ9lm"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/5d07f086877575d0584760a3/logo-cloud-24-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Elastic Cloud</h2></div><div class="Card_card-body__81rqO"><div><p>Unlock the power of real-time insights with Elastic on your preferred cloud provider.</p></div><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/cloud" tabindex="-1"><span class="jsx-1596590093 btn-copy">Elastic Cloud overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless" tabindex="-1">Elastic Cloud Serverless<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/pricing/serverless-search" tabindex="-1">Elastic Cloud Serverless pricing<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless/search-ai-lake" tabindex="-1">Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" aria-label="Solutions, press down to open menu." aria-expanded="false">Solutions<svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf undefined "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd Card_ghost-card__kC3tT "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/generative-ai"><h2 class="h5">Generative AI</h2></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a></div><div class="Card_card-body__81rqO"><div><p>Prototype and integrate with LLMs faster using search AI.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless/search-ai-lake" tabindex="-1">Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/ai-assistant" tabindex="-1">Elastic AI Assistant<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/rag" tabindex="-1">Retrieval Augmented Generation<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="/blog/category/generative-ai" tabindex="-1">Generative AI blogs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs/tutorials" tabindex="-1">Search Labs tutorials<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Elastic Community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/generative-ai" tabindex="-1"><span class="jsx-1596590093 btn-copy">Generative AI overview </span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div><div class="Items_Section__vJ9lm Items_grid-column__BSkh1"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/enterprise-search"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/5d082d34616162aa5a85707d/logo-enterprise-search-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/enterprise-search"><h2 class="h5">Search</h2></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a></div><div class="Card_card-body__81rqO"><div><p>Discover a world of AI possibilities — built with the power of search.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/vector-database" tabindex="-1">Vector database<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/relevance" tabindex="-1">Relevance<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/search-applications" tabindex="-1">Search applications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/ecommerce" tabindex="-1">Ecommerce<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/site-search" tabindex="-1">Website search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/workplace-search" tabindex="-1">Workplace search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/customer-support" tabindex="-1">Customer support<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs" tabindex="-1">Search Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/enterprise-search" tabindex="-1"><span class="jsx-1596590093 btn-copy">Search overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/security"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/5e20f1a8132ead1155e8d0a4/logo-security-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/security"><h2 class="h5">Security</h2></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a></div><div class="Card_card-body__81rqO"><div><p>Protect, investigate, and respond to cyber threats with AI-driven security analytics.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/security/siem" tabindex="-1">SIEM<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/security/ai" tabindex="-1">AI for the SOC<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/security/cyber-threat-research" tabindex="-1">Threat Research<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/security-labs" tabindex="-1">Security Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/security" tabindex="-1"><span class="jsx-1596590093 btn-copy">Security overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/observability"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/5e20f19a2aa8e40a75136318/logo-observability-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/observability"><h2 class="h5">Observability</h2></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a></div><div class="Card_card-body__81rqO"><div><p>Unify app and infrastructure visibility to proactively resolve issues.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/observability/log-monitoring" tabindex="-1">Log monitoring and analytics<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/opentelemetry" tabindex="-1">OpenTelemetry<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/application-performance-monitoring" tabindex="-1">Application performance monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/infrastructure-monitoring" tabindex="-1">Infrastructure monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/synthetic-monitoring" tabindex="-1">Synthetic monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/real-user-monitoring" tabindex="-1">Real user monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/universal-profiling" tabindex="-1">Universal Profiling<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/aiops" tabindex="-1">AIOps<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/observability-labs" tabindex="-1">Observability Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/observability" tabindex="-1"><span class="jsx-1596590093 btn-copy">Observability overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" aria-label="Customers, press down to open menu." aria-expanded="false">Customers<svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf undefined "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/customers"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltacc5e178e52f430e/647ccc7b6be35fb5eabd2100/icon-checkmark-decorative-border.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/customers"><h2 class="h5">By solution</h2></a><a class="Card_custom-link__semnr" href="/customers"></a><a class="Card_custom-link__semnr" href="/customers"></a></div><div class="Card_card-body__81rqO"><div><p>See how customers search, solve, and succeed — all on one Search AI Platform.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=enterprise-search&industry=All" tabindex="-1">Search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=security-analytics&industry=All" tabindex="-1">Security<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=elastic-observability&industry=All" tabindex="-1">Observability<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/customers" tabindex="-1"><span class="jsx-1596590093 btn-copy">All customer stories</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/industries"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt9f634b6f74878698/647ccc625637890f19859454/icon-briefcase.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/industries"><h2 class="h5">Industries</h2></a><a class="Card_custom-link__semnr" href="/industries"></a><a class="Card_custom-link__semnr" href="/industries"></a></div><div class="Card_card-body__81rqO"><div><p>Exceed customer expectations and go to market faster.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/industries/public-sector" tabindex="-1">Public sector<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/financial-services" tabindex="-1">Financial services<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/telecommunications" tabindex="-1">Telecommunications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/retail-ecommerce" tabindex="-1">Retail<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/manufacturing" tabindex="-1">Manufacturing<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/industries" tabindex="-1"><span class="jsx-1596590093 btn-copy">Industries overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd undefined "><div class="Card_card-header__dLhyK"><h2 class="Card_topic-heading___KyPp">Customer spotlight</h2></div><div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt652fec920f2b1a14/650c1d87aa86c13fa1cc288c/logo-nav-dropdown-48x48-cisco.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Cisco saves 5,000 support engineer hours per month</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/cisco" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte788c0f923f209a3/668c49f5534bb913eb26e9e8/logo-dropdown-48x48-sitecore.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Sitecore automates 96 percent of security workflows with Elastic</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/sitecore-security" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt90a52ed02808cbc1/650c1dadb25642d90add1e4e/logo-nav-dropdown-48x48-comcast.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Comcast transforms customer experiences with Elastic Observability</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/comcast" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" aria-label="Resources, press down to open menu." aria-expanded="false">Resources<svg class="icons_icon__n3nWe icons_iconDark__JoCgc" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf undefined "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_grid-column__BSkh1"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Research</h2></div><div class="Card_card-body__81rqO"><div><p>Stay at the forefront of innovation with technical tips from the experts.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs" tabindex="-1">Search Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/security-labs" tabindex="-1">Security Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/observability-labs" tabindex="-1">Observability Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Build</h2></div><div class="Card_card-body__81rqO"><div><p>Code with other developers to create a better Elastic, together.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://discuss.elastic.co" tabindex="-1">Forum<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/downloads" tabindex="-1">Downloads<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/guide" tabindex="-1">Documentation<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Learn</h2></div><div class="Card_card-body__81rqO"><div><p>Unleash the possibilities of your data and grow your skill set.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/getting-started" tabindex="-1">Getting started<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/learn" tabindex="-1">Elastic resources<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/consulting" tabindex="-1">Consulting services<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/training" tabindex="-1">Trainings & certifications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Connect</h2></div><div class="Card_card-body__81rqO"><div><p>Keep informed about the latest tech and news from Elastic.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/blog" tabindex="-1">Blog<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/events" tabindex="-1">Events<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><div><p>Have questions?</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/contact?storm=global-header-en" tabindex="-1">Contact sales<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/support" tabindex="-1">Get support<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div></div></div></div></div><a class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" href="/pricing">Pricing</a><a class="Items_navigation-items_item__7YSef navigation-item Items_navigation-items_item--dark__OCLyq" href="https://www.elastic.co/docs">Docs</a></nav></div></div></div></div></div><div class="newNav Navigation_navigation__fV7hy Navigation_navigation--dark__FP3sy" data-theme="dark"><div class="Masthead_masthead__BdzP7" data-theme="dark"><div data-component="Container" class="Container_container__MtYF0 Container_container--gutter-sm__7pTAU Container_container--width-lg___3B8A"><div class="Masthead_masthead__content__9ozlx"><div class="Marquee_marquee__GjfGB"><p class="Marquee_marquee__tag__6fqKH"><svg data-component="Icon" class="Icon_icon__dSH3_" width="10" height="10" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none"><path fill="#DD0A73" d="M10 5a5 5 0 0 0-5 5 5 5 0 0 0-5-5 5 5 0 0 0 5-5 5 5 0 0 0 5 5"></path></svg>New</p><a href="https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide">Read more</a></div><div class="Masthead_masthead__links__FIs_o"><a href="https://www.elastic.co/about">About us</a><a href="https://www.elastic.co/partners">Partners</a><a href="https://www.elastic.co/support">Support</a>|<a href="https://cloud.elastic.co/login"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" data-slot="icon" height="16" width="16"><path stroke-linecap="round" stroke-linejoin="round" d="M15.75 6a3.75 3.75 0 1 1-7.5 0 3.75 3.75 0 0 1 7.5 0ZM4.501 20.118a7.5 7.5 0 0 1 14.998 0A17.933 17.933 0 0 1 12 21.75c-2.676 0-5.216-.584-7.499-1.632Z"></path></svg>Login</a></div></div></div></div><div data-component="Container" class="Container_container__MtYF0 Container_container--gutter-sm__7pTAU Container_container--width-lg___3B8A Navigation_navigation__container__tRrDy"><a class="Logo_logo__dlgEX" href="https://www.elastic.co/"><svg width="117" height="40" viewBox="0 0 117 40" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_3472_2853)"><path d="M40.1527 20.9588C40.1527 17.5986 38.0653 14.6457 34.9257 13.5087C35.0615 12.7959 35.1294 12.0832 35.1294 11.3534C35.1294 5.09122 30.0382 0 23.7929 0C20.1273 0 16.7331 1.74799 14.5948 4.70089C13.5426 3.8863 12.2529 3.44506 10.9122 3.44506C7.58591 3.44506 4.88757 6.14341 4.88757 9.46967C4.88757 10.1994 5.02333 10.9122 5.26092 11.574C2.13831 12.6941 0 15.6979 0 19.0412C0 22.4183 2.10437 25.3712 5.24395 26.5083C5.10819 27.2041 5.0403 27.9338 5.0403 28.6636C5.0403 34.9088 10.1145 39.983 16.3598 39.983C20.0255 39.983 23.4196 38.2181 25.5409 35.2652C26.5931 36.0967 27.8829 36.5549 29.2236 36.5549C32.5498 36.5549 35.2482 33.8566 35.2482 30.5303C35.2482 29.8006 35.1124 29.0878 34.8748 28.426C37.9974 27.3059 40.1527 24.3021 40.1527 20.9588Z"></path><path d="M15.7826 17.2248L24.5735 21.2299L33.4322 13.4573C33.568 12.8124 33.6189 12.1845 33.6189 11.5056C33.6189 6.04106 29.1725 1.59473 23.708 1.59473C20.4326 1.59473 17.3949 3.20695 15.5451 5.90529L14.0686 13.5591L15.7826 17.2248Z"></path><path d="M6.68643 26.5253C6.55067 27.1702 6.49976 27.832 6.49976 28.5109C6.49976 33.9924 10.9631 38.4387 16.4446 38.4387C19.7369 38.4387 22.8086 36.8095 24.6584 34.0942L26.1179 26.4744L24.1663 22.7408L15.3415 18.7188L6.68643 26.5253Z"></path><path d="M6.63518 11.3195L12.6598 12.745L13.9835 5.90581C13.1689 5.27789 12.1507 4.93848 11.0985 4.93848C8.48499 4.93848 6.34668 7.05982 6.34668 9.69028C6.34668 10.2503 6.4485 10.8103 6.63518 11.3195Z"></path><path d="M6.11005 12.7617C3.42867 13.6442 1.54492 16.2237 1.54492 19.0579C1.54492 21.8241 3.25896 24.2848 5.82155 25.2691L14.273 17.6323L12.7286 14.323L6.11005 12.7617Z"></path><path d="M26.186 34.0937C27.0176 34.7216 28.0189 35.078 29.0541 35.078C31.6676 35.078 33.8059 32.9567 33.8059 30.3262C33.8059 29.7492 33.7041 29.1892 33.5174 28.6801L27.5098 27.2715L26.186 34.0937Z"></path><path d="M27.4074 25.6936L34.026 27.2379C36.7243 26.3554 38.5911 23.7759 38.5911 20.9248C38.5911 18.1755 36.8771 15.6978 34.3145 14.7305L25.6594 22.3164L27.4074 25.6936Z"></path><path d="M56.1395 28.0863L56.9371 28.0014L56.988 29.6306C54.8836 29.9191 53.0847 30.0718 51.5913 30.0718C49.6057 30.0718 48.1971 29.4948 47.3656 28.3408C46.534 27.1868 46.1267 25.3879 46.1267 22.9611C46.1267 18.1075 48.0614 15.6807 51.9137 15.6807C53.7805 15.6807 55.1721 16.2068 56.0885 17.242C57.005 18.2772 57.4632 19.9233 57.4632 22.1465L57.3444 23.7248H48.2141C48.2141 25.2521 48.4856 26.3892 49.0457 27.1189C49.6057 27.8487 50.5561 28.222 51.9307 28.222C53.3223 28.256 54.7139 28.2051 56.1395 28.0863ZM55.3927 22.0956C55.3927 20.3985 55.1212 19.1936 54.5781 18.4978C54.0351 17.802 53.1526 17.4456 51.9307 17.4456C50.7088 17.4456 49.7754 17.819 49.1645 18.5487C48.5535 19.2785 48.2311 20.4664 48.2141 22.0956H55.3927Z"></path><path d="M60.3481 29.8177V9.96191H62.4186V29.8177H60.3481Z"></path><path d="M75.5031 20.1615V26.9668C75.5031 27.6626 77.2171 27.7984 77.2171 27.7984L77.1153 29.6312C75.6558 29.6312 74.4509 29.75 73.7212 29.0542C72.058 29.7839 70.4119 30.0894 68.7487 30.0894C67.4759 30.0894 66.5086 29.733 65.8467 29.0033C65.1849 28.2905 64.8455 27.2553 64.8455 25.8977C64.8455 24.557 65.1849 23.5557 65.8637 22.9278C66.5425 22.2999 67.6117 21.8926 69.0712 21.7568L73.4157 21.3495V20.1615C73.4157 19.2282 73.212 18.5493 72.8047 18.142C72.3974 17.7347 71.8374 17.5311 71.1416 17.5311H65.694V15.6982H71.0058C72.5671 15.6982 73.7042 16.0546 74.417 16.7844C75.1467 17.4971 75.5031 18.6342 75.5031 20.1615ZM66.9838 25.7958C66.9838 27.4929 67.6796 28.3414 69.0881 28.3414C70.344 28.3414 71.5828 28.1378 72.7878 27.7135L73.4157 27.4929V22.9278L69.3257 23.3181C68.4942 23.386 67.9002 23.6236 67.5268 24.0309C67.1535 24.4382 66.9838 25.0321 66.9838 25.7958Z"></path><path d="M83.5981 17.5477C81.5955 17.5477 80.5773 18.2435 80.5773 19.6521C80.5773 20.2969 80.8149 20.7552 81.2731 21.0267C81.7313 21.2982 82.7835 21.5697 84.4297 21.8582C86.0758 22.1467 87.2298 22.5371 87.9087 23.0632C88.5875 23.5723 88.9269 24.5396 88.9269 25.9652C88.9269 27.3907 88.4687 28.4259 87.5523 29.0878C86.6359 29.7496 85.3121 30.089 83.5472 30.089C82.4101 30.089 78.5917 29.6648 78.5917 29.6648L78.7105 27.8659C80.8997 28.0695 82.495 28.2392 83.5641 28.2392C84.6333 28.2392 85.4479 28.0695 86.0079 27.7301C86.568 27.3907 86.8565 26.8137 86.8565 26.0161C86.8565 25.2184 86.6189 24.6754 86.1437 24.3869C85.6685 24.0984 84.6163 23.8269 82.9871 23.5723C81.3579 23.3177 80.2039 22.9444 79.5251 22.4353C78.8463 21.9431 78.5068 21.0097 78.5068 19.669C78.5068 18.3283 78.982 17.3271 79.9324 16.6822C80.8827 16.0373 82.0707 15.7148 83.4793 15.7148C84.5994 15.7148 88.5026 16.0033 88.5026 16.0033V17.8192C86.4492 17.7004 84.7691 17.5477 83.5981 17.5477Z"></path><path d="M98.9392 17.7857H94.5438V24.4043C94.5438 25.9826 94.6626 27.0348 94.8832 27.5269C95.1208 28.0191 95.6639 28.2736 96.5294 28.2736L98.9901 28.1039L99.1259 29.818C97.887 30.0216 96.9536 30.1234 96.3087 30.1234C94.8662 30.1234 93.8819 29.767 93.3219 29.0712C92.7619 28.3754 92.4903 27.0348 92.4903 25.0662V17.7857H90.5217V15.9868H92.4903V11.7441H94.5438V15.9699H98.9392V17.7857Z"></path><path d="M101.824 12.847V10.4541H103.895V12.8639L101.824 12.847ZM101.824 29.8177V15.9866H103.895V29.8177H101.824Z"></path><path d="M112.889 15.6982C113.5 15.6982 114.535 15.817 115.995 16.0377L116.656 16.1225L116.572 17.8026C115.095 17.6329 114.009 17.5481 113.313 17.5481C111.752 17.5481 110.683 17.9214 110.123 18.6681C109.563 19.4148 109.274 20.8064 109.274 22.8259C109.274 24.8455 109.529 26.254 110.055 27.0517C110.581 27.8493 111.667 28.2396 113.33 28.2396L116.589 27.9851L116.673 29.6991C114.959 29.9537 113.67 30.0894 112.821 30.0894C110.666 30.0894 109.172 29.5294 108.358 28.4263C107.543 27.3232 107.119 25.4564 107.119 22.8259C107.119 20.1955 107.56 18.3457 108.443 17.2935C109.342 16.2413 110.819 15.6982 112.889 15.6982Z"></path></g><defs><clipPath id="clip0_3472_2853"><rect width="116.674" height="40" fill="white"></rect></clipPath></defs></svg></a><nav aria-label="Main" data-orientation="horizontal" dir="ltr" class="NavDropdown_navDropdown__agBDs"><div class="NavDropdown_navDropdown__overlay__p8ZvY"></div><div style="position:relative"><ul data-orientation="horizontal" class="NavDropdown_navDropdown__list__qy1xV" dir="ltr"><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Products</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Solutions</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Why Elastic?</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Resources</button></li><a class="NavDropdown_navDropdown__trigger__Jj_Al" href="https://www.elastic.co/pricing">Pricing</a><a class="NavDropdown_navDropdown__trigger__Jj_Al" href="https://www.elastic.co/docs">Docs</a></ul></div></nav><div class="Navigation_navigation__actions__TEAR7"><div class="SearchInput_searchInput__ynnEJ"><div class="SearchInput_searchInput__glow__irOA9"></div><button class="SearchInput_searchInput__button__aVQ2G" type="button"><svg data-component="Icon" class="SearchInput_searchInput__icon__gWuuf Icon_icon__dSH3_" width="22" height="21" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none"><path fill="currentColor" fill-rule="evenodd" d="M1.934 8.933a5.75 5.75 0 0 1 8.628 7.567l2.969 2.97a.75.75 0 0 1-1.06 1.06L9.5 17.56a5.75 5.75 0 0 1-7.567-8.627M6 8.75a4.25 4.25 0 1 0 0 8.5 4.25 4.25 0 0 0 0-8.5" clip-rule="evenodd"></path><path fill="currentColor" d="M18 4a4 4 0 0 0-4 4 4 4 0 0 0-4-4 4 4 0 0 0 4-4 4 4 0 0 0 4 4M22 10a3 3 0 0 0-3 3 3 3 0 0 0-3-3 3 3 0 0 0 3-3 3 3 0 0 0 3 3"></path></svg><span>Search</span></button></div><button data-component="Button" class="Button_button__iy3n8 Button_button--primary__Y48gQ Button_button--md__S_OuH" type="button"><span>Start free trial</span></button><button data-component="Button" class="Button_button__iy3n8 Button_button--secondary__BjlK0 Button_button--md__S_OuH" type="button"><span>Contact sales</span></button></div></div></div><div class="newNav Navigation_navigation__placeholder__Bm_GK"></div></header><main id="main-content" role="main"><div class="jsx-579451128 default-detail"><link rel="stylesheet" href="/static-res/styles/css/vendors/prettify.css" class="jsx-579451128"/><script type="text/javascript" src="/static-res/js/prettify.js" class="jsx-579451128"></script><section aria-labelledby="build-a-career-you-love" data-component-theme="color" class="jsx-3636536621 Hero_hero__iEZMX position-relative Hero_twoColumn___DJDO hero"><div class="bg-developer-blue"></div><div class="bg-developer-blue"><div class="Hero_heroContent__S5fut justify-content-between"><div class="container"><div class="layout layout-05"></div><div class="row"><div class="col-12 col-sm-8 offset-sm-2 col-lg-5 offset-lg-0 d-flex"><div class="Hero_content__VSxmz align-self-center"><div class="jsx-1955866259 title-wrapper"><h1 tag="H1" id="build-a-career-you-love" class="jsx-1955866259 h2">Build a career you love</h1></div><div class="Hero_description__nrqhU paragraph-large"><p>Free and open isn’t just how we build our products, it’s how we build our culture. We value creativity and mobility, so you can grow how (and where) you want to… and be happier at work. </p><p>Explore our open roles and start your Elastic career journey. </p></div><div class="Hero_ctaList__efelZ mt-5"><div class="Hero_cta__zIL_f"><a class="button btn-primary btn-large" href="https://jobs.elastic.co/"><span class="jsx-1596590093 btn-copy">View open roles</span></a></div></div></div></div><div class="col-12 col-sm-10 offset-sm-1 col-lg-6 offset-lg-1"><div class="Hero_asset__rLCmZ"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt1b9907bf07f7be84/632976ba0fc50838c8ba6d15/hero-elastic-career-608x500-2x.png" class="" alt="Elastic employees enjoy flexibility for remote work with distributed teams"/></div></div></div><div class="layout layout-05"></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="awards-and-recognition" data-component-theme="" class="jsx-3636536621 LogoBar_logoBar__TzgVS container module-gb"><div class="LogoBar_logoContainer___mh56 col-sm-12"><div class="title text-center col-md-8 offset-md-2"><h2 class="topic-heading p-0" id="awards-and-recognition">Awards and recognition</h2></div><div class="LogoBar_logoBar12Column__T1N2t row logos my-6"><div class="logo col-6 col-md-max-width"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt8b5c4ed83ae271b4/66d9b9ecbbafa74fa65d204d/logoparade-builtin-best-places-to-work-2024.png" class="img-fluid" alt="Built In - 2024 Best Places to Work"/></div><div class="logo col-6 col-md-max-width"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt9f9b751ff6dd2900/66d9b9dd94318c155d3b5219/logoparade-fairygodboss-best-company-technology-2023.png" class="img-fluid" alt="Fairygodboss - Best Company 2023"/></div><div class="logo col-6 col-md-max-width"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt2c233f45faeed590/66d9b9cc2504002608f53ffc/logoparade-best-company-outlook-2024.png" class="img-fluid" alt="Comparably - Best Company Outlook 2024"/></div><div class="logo col-6 col-md-max-width"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt649664c2a8b7043d/66d9b9bd3206d0197ac49845/logoparade-best-company-career-growth-2024.png" class="img-fluid" alt="Comparably - Best Company Career Growth 2024"/></div><div class="logo col-6 col-md-max-width"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt8ccadb26693820f8/66d9b9af64f9c8515aa74472/logoparade-best-company-leadership-2024.png" class="img-fluid" alt="Comparably - Best Company Leadership 2024"/></div></div><div class="cta-group align-items-center justify-content-center text-center d-flex flex-column"><div><a class="button btn-tertiary" href="/careers/best-place-to-work"><span class="jsx-1596590093 btn-copy">View all our awards</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="meaningful-benefits" data-component-theme="" class="jsx-3636536621 TextImageVideo_textImageVideo__UWP8e module-gb"><div class="TextImageVideo_contentRow__4wUqk" data-component-theme=""><div class="container"><div class="row d-flex justify-content-between"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="meaningful-benefits" class="jsx-1955866259 title h4">Meaningful benefits</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>Navigate life’s most important moments with benefits designed to give you what you need to focus on what matters most (because we know there’s more to life than work). </p></div><div class="layout layout-03"></div><div style="border-radius:" data-component-theme="" class="jsx-2381115616 illustration-icon-grid-container"><div class="jsx-2381115616 "><ul class="illustration-icon-grid-items illustration-icon32-grid-2x2-below-module-paragraph"><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1145e7fdd552d215/5e3c315e3f60d62ef4edbbf7/icon-hand-health-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="toast-to-your-health" class="jsx-1955866259 H5">Toast to your health</h5></div></div><div><div class="paragraph paragraph-medium"><p>Fully paid health coverage for you and your family, in many locations.</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e699ee5ac924246/5e3c312e0ee5056ab4d86e1a/icon-game-plan-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="craft-your-calendar" class="jsx-1955866259 H5">Craft your calendar</h5></div></div><div><div class="paragraph paragraph-medium"><p>Flexible location and schedule for most roles.</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcbd745c560ed692d/5e3c3182e029072f7b62a1de/icon-lounge-umbrella-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="create-space-for-you" class="jsx-1955866259 H5">Create space for you</h5></div></div><div><div class="paragraph paragraph-medium"><p>Distributed by design workforce, plus generous number of vacation days each year.</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8bbde9582b18fe75/5e3c31c528bcbb6ab5fa3c29/icon-baby-carriage-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="embrace-parenthood" class="jsx-1955866259 H5">Embrace parenthood</h5></div></div><div><div class="paragraph paragraph-medium"><p>Minimum of 16 weeks of parental leave, plus generous family formation benefits.</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt454bfe285f70074c/5e3c31a68a407162a896a068/icon-hand-and-heart-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="give-back-your-time" class="jsx-1955866259 H5">Give back your time</h5></div></div><div><div class="paragraph paragraph-medium"><p>40 hours each year to use toward volunteering with organizations and causes you’re passionate about.</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt030109bfe4380798/5e3c31001ff22e62a7ce6e5d/icon-amplify-money-32-color.svg" class="icon-32" alt=""/></div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h5 tag="H5" id="amplify-your-impact" class="jsx-1955866259 H5">Amplify your impact</h5></div></div><div><div class="paragraph paragraph-medium"><p>Double your charitable giving — we match donations and service up to $2,000 USD (or local currency equivalent).</p></div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div></div></li></ul></div></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blta0ba8a401eac1a74/6329779cd7d1a75f6967d766/elastic-career-main-feature-608x500_2x.png" alt="Smiling mother with work flexibility cooks with her child in kitchen" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="the-source-of-a-successful-career" data-component-theme="" class="jsx-3636536621 TextImageVideo_textImageVideo__UWP8e module-gb hasBackground"><div class="TextImageVideo_contentRow__4wUqk py-9 bg-light-gray" data-component-theme="light"><div class="container"><div class="row d-flex justify-content-between reverseLayout"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="the-source-of-a-successful-career" class="jsx-1955866259 title h4">The source of a successful career</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>All companies have values, at Elastic, we live them. Enter our Source Code: the set of ideas that make Elastic what it is, and it’s also what empowers you to be you, at work and beyond.</p></div><div class="cta-group justify-content-start text-start d-flex flex-column"><div><a class="button btn-tertiary" href="/about/our-source-code"><span class="jsx-1596590093 btn-copy">Elastic’s Source Code</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte5b2c60d1e637473/632978e913b09f72eb737d61/elastic-career-main-feature-02_1440x840.png" alt="Smiling man works on computer and speaks on phone for his fully remote job" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div></section><div class="layout layout-07"></div><div style="border-radius:" data-component-theme="" class="jsx-2381115616 illustration-icon-grid-container"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h2 id="join-a-culture-where-you-can-be-you" class="jsx-1955866259 h3">Join a culture where you can be you</h2></div><div class="title-text-desc paragraph-large"><p>Bring your whole self to work. Create space for your life. Work where you work best. </p></div></div></div></div><div class="jsx-2381115616 container"><div class="layout layout-05"></div><ul class="illustration-icon-grid-items illustration-icon-grid-3x1"><li class="jsx-802606770 illustration-icon-grid-item one-column"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7435b6acb50ffe8f/63297c25556fbc660c8cb273/illustration-career-diversity-128px.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="diversity-drives-us" class="jsx-1955866259 h5">Diversity drives us</h3></div></div><div><div class="paragraph paragraph-medium"><p>Companies diverse in age, gender identity, race, sexual orientation, physical or mental ability, language, location, ethnicity, and perspective are better companies. Period. At Elastic, everyone is not just welcomed, but celebrated.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/careers/diversity-and-inclusion"><span class="jsx-1596590093 btn-copy">Read more about DE&I</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt63fac02ab5f20923/63297c25d7d1a75f6967d77a/illustration-career-values-128px.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="explore-our-values" class="jsx-1955866259 h5">Explore our values</h3></div></div><div><div class="paragraph paragraph-medium"><p>At Elastic, we believe that autonomy and flexibility equal growth. Our values reflect that. Explore our Source Code to see what Elastic stands for, and how we incorporate our guiding principles into everything we do.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/careers/our-values"><span class="jsx-1596590093 btn-copy">Company values</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6be6fb247a670742/63297c259f1d04649d659eee/illustration-career-career-128px.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="craft-your-career" class="jsx-1955866259 h5">Craft your career</h3></div></div><div><div class="paragraph paragraph-medium"><p>Life’s too short to not love what you do and where you work. See all Elastic has to offer, explore our open opportunities and learn more about our teams. We think your next dream job might be a click away.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="https://jobs.elastic.co/"><span class="jsx-1596590093 btn-copy">Apply for open roles</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li></ul></div></div><div class="layout layout-07"></div><section class="collection-content-gallery container"><div class="jsx-2286811301 editorial-heading"><div class="jsx-2286811301 editorial-heading-section pb-2 d-flex flex-row align-items-center justify-content-between"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="craft-your-career-path" class="jsx-1955866259 h4">Craft your career path</h2></div><a class="button btn-tertiary" href="https://jobs.elastic.co/"><span class="jsx-1596590093 btn-copy">Your path starts here</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div><div class="row mt-8"><div class="col-sm-6 col-md-4 d-flex"><div class="jsx-1083652995 ghost-card card"><div class="jsx-1083652995 card-header"><div class="vid-url"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt0d5167248fde2292/66ba971f316653117049c8c7/Blog_Banner_Header_Dark_Color_720x420.jpg" class="img-fluid" alt=""/></div></div><div class="jsx-1083652995 card-body mt-6 paragraph-medium"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="sunayana-vatassery-came-back-to-elastic-to-work-in-generative-ai" class="jsx-1955866259 h6">Sunayana Vatassery came back to Elastic to work in generative AI</h3></div><div class="card-body-details">Sunayana pivoted from sales to product marketing and returned to Elastic to work on generative AI. Here’s why returning to Elastic felt like coming home. </div></div><div class="jsx-1083652995 card-footer"><a class="button stretched-link mt-6 btn-text-link" href="/blog/culture-back-to-elastic-work-in-ai"><span class="jsx-1596590093 btn-copy"></span></a></div></div></div><div class="col-sm-6 col-md-4 d-flex"><div class="jsx-1083652995 ghost-card card"><div class="jsx-1083652995 card-header"><div class="vid-url"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltc5da5dd44edaf7ed/62c720f2e1e8cc357ddc09f8/4.26-onboarding-at-elastic-1680x980.png" class="img-fluid" alt=""/></div></div><div class="jsx-1083652995 card-body mt-6 paragraph-medium"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="onboarding-at-elastic-what-to-expect" class="jsx-1955866259 h6">Onboarding at Elastic: What to expect</h3></div><div class="card-body-details">As a distributed company, we’re experts in remote onboarding. Learn how we onboard new hires at Elastic, and dive into X-School, our new hire orientation experience. </div></div><div class="jsx-1083652995 card-footer"><a class="button stretched-link mt-6 btn-text-link" href="/blog/onboarding-at-elastic"><span class="jsx-1596590093 btn-copy"></span></a></div></div></div><div class="col-sm-6 col-md-4 d-flex"><div class="jsx-1083652995 ghost-card card"><div class="jsx-1083652995 card-header"><div class="vid-url"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltf50819ae6fd3995c/6674593b7ef09e00d3f41996/152274_-_LinkedIn_Live_-_Eng_Career_pathing_Option2_V1.png" class="img-fluid" alt=""/></div></div><div class="jsx-1083652995 card-body mt-6 paragraph-medium"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="3-female-engineers-share-how-they-advanced-their-careers-at-elastic" class="jsx-1955866259 h6">3 female engineers share how they advanced their careers at Elastic</h3></div><div class="card-body-details">Advancement and continued learning are top of mind for employees. We asked three Elastician engineers who have advanced their careers at Elastic® for their top tips. Read them here.</div></div><div class="jsx-1083652995 card-footer"><a class="button stretched-link mt-6 btn-text-link" href="/blog/culture-female-engineers-advance-careers"><span class="jsx-1596590093 btn-copy"></span></a></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="elastics-culture-makes-it-possible" data-component-theme="" class="jsx-3636536621 TextImageVideo_textImageVideo__UWP8e module-gb hasBackground"><div class="TextImageVideo_contentRow__4wUqk py-9 bg-light-gray" data-component-theme="light"><div class="container"><div class="row d-flex justify-content-between"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="elastics-culture-makes-it-possible" class="jsx-1955866259 title h4">Elastic’s culture makes it possible</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>"As long as I get my work done, I have a lot of control over my schedule, that’s huge for me. The working from home aspect makes it possible for me to be a career person and a mom at the same time. If it wasn’t for that flexibility I would have to choose."</p><p>-Cami Lewis, Global Security Lead - Community</p></div><div class="cta-group justify-content-start text-start d-flex flex-column"><div><a class="button btn-tertiary" href="/blog/culture-someone-like-me-cami-lewis-on-being-a-work-at-home-mom"><span class="jsx-1596590093 btn-copy">Read the blog</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt456d2d577ee213d1/63297d28cf5c146ec738734a/elastic-career-feature-source-code-1440x840.png" alt="Flexible working hours help Elastic employees create work life balance" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div></section><div class="layout layout-07"></div><div class="layout layout-07"></div><section aria-labelledby="join-the-team" data-component-theme="" id="footer-cta" class="jsx-3636536621 FooterCTA_footerCta__ET7NV"><div class="FooterCTA_footerCtaWrapper__LpSzU py-9 container-border-radius-top bg-dark-ink" data-component-theme="dark"><div class="FooterCTA_patterns__99VOw"><div class="FooterCTA_imageTopLeft__Qqb23"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt4e21713edfb8ae51/64b0ffa6bd5d8a2cc9723322/footer-cta-pattern-left.svg" alt=""/></div><div class="FooterCTA_imageTopRight__bZiO1"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blta9d833677e4f8f38/64b0ffaff122ca5c02e6c7f6/footer-cta-pattern-right.svg" alt=""/></div></div><div class="container"><div class="row"><div class="FooterCTA_titleTextSection__3NglX col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="join-the-team" class="jsx-1955866259 ">Join the team</h3></div><div class="paragraph-medium"><p>What are you waiting for? Apply now and unlock a new world of career possibilities.</p></div><div class="FooterCTA_ctaGroup___3dhk"><a class="button btn-secondary" href="https://jobs.elastic.co/"><span class="jsx-1596590093 btn-copy">View open roles</span></a></div></div></div></div></div></section></div></main><div id="elastic-footer"></div><footer class="Footer_footer__Q5T55" aria-label="footer"><div class="Footer_footerWrapper__yhyD_ bg-dark-ink" data-component-theme="dark"><div class="container"><div class="row Footer_footerTop__2eyMt"><div class="Footer_footerNav__LFrAZ"><div><div><div class="Footer_logo__EaWBg"><a href="/"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8467a95eaa27e4a/6638d7da0d02e4e98155aaa3/logo-tagline_secondary_all_white-177.svg" alt="Elastic home"/></a></div></div><div><div class="Footer_followUs__Y4Nvp"><div><h2 class="topic-heading">Follow us</h2></div><ul class="Footer_socialIconList__eaA5a"><li class="LinkedIn"><a id="footer_linkedin" href="https://www.linkedin.com/company/elastic-co"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte7cfb1a091901ce1/5eb00c925751b2150e57a9d6/footer-icon-linkedin.svg" alt="Elastic's LinkedIn page"/></a></li><li class="YouTube"><a id="footer_youtube" href="https://www.youtube.com/user/elasticsearch"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt7c28b18be98b1af8/5eb00ca908d37e6d82ef7655/footer-icon-youtube.svg" alt="Elastic's YouTube page"/></a></li><li class="Facebook"><a id="footer_facebook" href="https://www.facebook.com/elastic.co"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt75566c5278ad68da/5eb00c59d238e314f259fbea/footer-icon-facebook.svg" alt="Elastic's Facebook page"/></a></li><li class="Twitter"><a id="footer_twitter" href="https://www.twitter.com/elastic"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt341fed86979a9fbb/5eb00c76b8a6356e4ddc1180/footer-icon-twitter.svg" alt="Elastic's Twitter page"/></a></li><li class="GitHub"><a id="" href="https://github.com/elastic"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt6ef5841a45696d80/64ca2a6fc530871313bc3822/icon-footer-github.svg" alt="Elastic's GitHub page"/></a></li></ul></div></div></div><div class="Footer_rightSide__zawr1"><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">About us</h2><div class="Footer_innerNav__tQcnP"><a href="/about/">About Elastic</a><a href="/about/leadership">Leadership</a><a href="/careers/diversity-and-inclusion">DE&I</a><a href="/blog">Blog</a><a href="/about/press">Newsroom</a></div></li><li><h2 class="topic-heading">Join us</h2><div class="Footer_innerNav__tQcnP"><a href="/careers">Careers</a><a href="https://jobs.elastic.co/#/">Career portal</a><a href="/careers/how-we-hire">How we hire</a></div></li></ul><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">Partners</h2><div class="Footer_innerNav__tQcnP"><a href="https://partners.elastic.co/findapartner/">Find a partner</a><a href="https://login.elastic.co/login/partner">Partner login</a><a href="https://partners.elastic.co/English/register_email.aspx">Request access</a><a href="/partners/become-a-partner">Become a partner</a></div></li><li><h2 class="topic-heading">Trust & Security</h2><div class="Footer_innerNav__tQcnP"><a href="/trust">Trust center</a><a href="https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html">EthicsPoint portal</a><a href="/trust/business-integrity#international-trade-compliance—eccn-information">ECCN report</a><a href="mailto:ethics@elastic.co">Ethics email</a></div></li></ul><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">Investor relations</h2><div class="Footer_innerNav__tQcnP"><a href="https://ir.elastic.co/home/default.aspx">Investor resources</a><a href="https://ir.elastic.co/governance/corporate-governance/default.aspx">Governance</a><a href="https://ir.elastic.co/financials/quarterly-results/default.aspx">Financials</a><a href="https://ir.elastic.co/stock/stock-quote/default.aspx">Stock</a></div></li><li><h2 class="topic-heading">Excellence Awards</h2><div class="Footer_innerNav__tQcnP"><a href="/blog/2022-elastic-excellence-awards-winners">Previous winners</a><a href="/elasticon">ElasticON Tour</a><a href="/events/sponsor">Become a sponsor</a><a href="/events/">All events</a></div></li></ul><div class="Footer_mobileNav__Dvl0g"><div><div data-accordion-component="Accordion" class="accordion"><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11690" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11690" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">About us</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11690" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/about/">About Elastic</a><a href="/about/leadership">Leadership</a><a href="/careers/diversity-and-inclusion">DE&I</a><a href="/blog">Blog</a><a href="/about/press">Newsroom</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11691" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11691" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Join us</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11691" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/careers">Careers</a><a href="https://jobs.elastic.co/#/">Career portal</a><a href="/careers/how-we-hire">How we hire</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11692" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11692" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Partners</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11692" hidden=""><div class="Footer_innerNav__tQcnP"><a href="https://partners.elastic.co/findapartner/">Find a partner</a><a href="https://login.elastic.co/login/partner">Partner login</a><a href="https://partners.elastic.co/English/register_email.aspx">Request access</a><a href="/partners/become-a-partner">Become a partner</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11693" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11693" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Trust & Security</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11693" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/trust">Trust center</a><a href="https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html">EthicsPoint portal</a><a href="/trust/business-integrity#international-trade-compliance—eccn-information">ECCN report</a><a href="mailto:ethics@elastic.co">Ethics email</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11694" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11694" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Investor relations</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11694" hidden=""><div class="Footer_innerNav__tQcnP"><a href="https://ir.elastic.co/home/default.aspx">Investor resources</a><a href="https://ir.elastic.co/governance/corporate-governance/default.aspx">Governance</a><a href="https://ir.elastic.co/financials/quarterly-results/default.aspx">Financials</a><a href="https://ir.elastic.co/stock/stock-quote/default.aspx">Stock</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-11695" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-11695" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Excellence Awards</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-11695" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/blog/2022-elastic-excellence-awards-winners">Previous winners</a><a href="/elasticon">ElasticON Tour</a><a href="/events/sponsor">Become a sponsor</a><a href="/events/">All events</a></div></div></div></div></div></div></div></div></div><div class="row Footer_footerBottom__iA_rq"><div class="Footer_footnoteContainer__y0YTd"><div class="Footer_legalLinkContainer__0vR8C"><div class="text-start"><ul class="Footer_legalLinks__5LXti"><li class="Trademarks"><a href="/legal/trademarks">Trademarks</a></li><li class="Terms of Use"><a href="/legal/terms-of-use">Terms of Use</a></li><li class="Privacy"><a href="/legal/privacy-statement">Privacy</a></li><li class="Sitemap"><a href="/sitemap">Sitemap</a></li></ul><div class="Footer_copyrightDate__1vxFm"><p>© <span class="copyright-year"></span>. Elasticsearch B.V. All Rights Reserved</p></div></div></div><div class="Footer_footnote__z5kru"><p>Elastic, Elasticsearch and other related marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries.</p><p>Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the <a href="https://www.apache.org/">Apache Software Foundation</a> in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners.</p></div></div></div></div></div></footer></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"entry":{"uid":"blt4800a9b94b013684","_version":34,"locale":"en-us","ACL":{},"anchor_bar":[],"content_gallery":{"title_l10n":"","cta":{"cta_title_l10n":"","url":""}},"created_at":"2022-08-08T23:25:44.227Z","created_by":"blt36e890d06c5ec32c","cta_text_ribbon":{"highlights":[],"dark_mode":""},"display_in_exploration_center":false,"footer_cta_reference":[{"uid":"blt8751e3f59c29a574","_version":6,"locale":"en-us","ACL":{},"created_at":"2022-09-13T18:20:44.990Z","created_by":"blt36e890d06c5ec32c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"View open roles","url":"https://jobs.elastic.co/","_metadata":{"uid":"cs8d585e54362b9df1"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eWhat are you waiting for? Apply now and unlock a new world of career possibilities.\u003c/p\u003e","tags":[],"title":"Careers Overview - Join the team","title_l10n":"Join the team","updated_at":"2025-03-17T10:49:05.684Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T10:49:08.540Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"hero":[{"_version":9,"locale":"en-us","uid":"blt82a87c2fa525c1b8","ACL":{},"asset_border_radius":null,"callout":[],"content_blocks":[],"created_at":"2021-09-10T08:49:50.073Z","created_by":"blt3e52848e0cb3c394","cta":[{"type":null,"cta_title_l10n":"View open roles","_metadata":{"uid":"cs3f501340e7193bd2"},"url":"https://jobs.elastic.co/","cta_icon":{"file":null,"position":null},"cta_footnote_l10n":""}],"dark_mode":"","download_cta":{"cta_title_l10n":"","url":""},"form_special_label_l10n":"","hero_banner_pattern":[],"icon":null,"image":{"_version":2,"is_dir":false,"uid":"blt1b9907bf07f7be84","ACL":{},"content_type":"image/png","created_at":"2022-09-13T17:43:28.350Z","created_by":"blt36e890d06c5ec32c","description":"","file_size":"1081605","filename":"hero-elastic-career-608x500-2x.png","parent_uid":null,"tags":[],"title":"hero-elastic-career-608x500-2x.png","updated_at":"2022-09-20T08:15:54.542Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:16:10.931Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1b9907bf07f7be84/632976ba0fc50838c8ba6d15/hero-elastic-career-608x500-2x.png"},"image_alt_text_l10n":"Elastic employees enjoy flexibility for remote work with distributed teams","logo":null,"logos_below_cta":{"logos":[],"topic_heading_l10n":""},"overflow":false,"paragraph_l10n":"\u003cp\u003eFree and open isn’t just how we build our products, it’s how we build our culture. We value creativity and mobility, so you can grow how (and where) you want to… and be happier at work.\n\u003c/p\u003e\u003cp\u003eExplore our open roles and start your Elastic career journey.\n\u003c/p\u003e","product_name":"","shadow":false,"spacing_bottom":"layout-05","spacing_top":"layout-05","styles":{"container_background":null,"enable_display_font_size":false,"modules_background":"bg-developer-blue","pattern_type":null,"show_divider":false},"subtitle_l10n":"","tags":[],"title":"Careers Overview","title_l10n":"Build a career you love","topic_heading_l10n":"","two_column_layout":true,"updated_at":"2024-06-17T14:26:42.004Z","updated_by":"blt3e52848e0cb3c394","vidyard":{"video_id":"","uuid":"","video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-17T14:26:48.263Z","user":"blt3e52848e0cb3c394"}}],"layout_spacing":null,"main_header":[],"modular_blocks":[{"generic_body":{"title_l10n":"Logo bar","_metadata":{"uid":"cs41598b87b0ce95c9"},"reference":[{"_content_type_uid":"logo_bar","uid":"blt6c4a3404cebbb4d8","_version":10,"locale":"en-us","ACL":{},"created_at":"2022-09-13T17:54:40.546Z","created_by":"blt36e890d06c5ec32c","cta_group":[{"alignment":"center","width":"block","list":[{"type":"tertiary","title_l10n":"View all our awards","_metadata":{"uid":"cs5d1d1a07ffa1d518"},"url":"/careers/best-place-to-work","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs457921615e5a5c46"},"footnote_l10n":""}],"logo_bar":[{"logo":{"uid":"blt8b5c4ed83ae271b4","_version":2,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-09-05T13:56:25.951Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"23103","filename":"logoparade-builtin-best-places-to-work-2024.png","parent_uid":null,"tags":[],"title":"logoparade-builtin-best-places-to-work-2024.png","updated_at":"2024-09-05T14:02:20.762Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T14:02:26.055Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8b5c4ed83ae271b4/66d9b9ecbbafa74fa65d204d/logoparade-builtin-best-places-to-work-2024.png"},"_metadata":{"uid":"csb4c8e0ebff907ecb"},"display_title_l10n":"","title_l10n":"Built In - 2024 Best Places to Work","url":""},{"logo":{"uid":"blt9f9b751ff6dd2900","_version":2,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-09-05T13:56:36.198Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"38820","filename":"logoparade-fairygodboss-best-company-technology-2023.png","parent_uid":null,"tags":[],"title":"logoparade-fairygodboss-best-company-technology-2023.png","updated_at":"2024-09-05T14:02:05.447Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T14:02:10.573Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f9b751ff6dd2900/66d9b9dd94318c155d3b5219/logoparade-fairygodboss-best-company-technology-2023.png"},"_metadata":{"uid":"cs20d5749e7a13f314"},"display_title_l10n":"","title_l10n":"Fairygodboss - Best Company 2023","url":""},{"logo":{"uid":"blt2c233f45faeed590","_version":2,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-09-05T13:56:43.819Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"46267","filename":"logoparade-best-company-outlook-2024.png","parent_uid":null,"tags":[],"title":"logoparade-best-company-outlook-2024.png","updated_at":"2024-09-05T14:01:48.147Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T14:01:52.825Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2c233f45faeed590/66d9b9cc2504002608f53ffc/logoparade-best-company-outlook-2024.png"},"_metadata":{"uid":"csdeb0b81bcd3aa718"},"display_title_l10n":"","title_l10n":"Comparably - Best Company Outlook 2024","url":""},{"logo":{"uid":"blt649664c2a8b7043d","_version":2,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-09-05T13:56:52.405Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"48993","filename":"logoparade-best-company-career-growth-2024.png","parent_uid":null,"tags":[],"title":"logoparade-best-company-career-growth-2024.png","updated_at":"2024-09-05T14:01:33.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T14:01:38.854Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt649664c2a8b7043d/66d9b9bd3206d0197ac49845/logoparade-best-company-career-growth-2024.png"},"_metadata":{"uid":"csbf7be17a5447eaa8"},"display_title_l10n":"","title_l10n":"Comparably - Best Company Career Growth 2024","url":""},{"logo":{"uid":"blt8ccadb26693820f8","_version":2,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-09-05T13:57:04.066Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"45993","filename":"logoparade-best-company-leadership-2024.png","parent_uid":null,"tags":[],"title":"logoparade-best-company-leadership-2024.png","updated_at":"2024-09-05T14:01:19.248Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T14:01:23.683Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8ccadb26693820f8/66d9b9af64f9c8515aa74472/logoparade-best-company-leadership-2024.png"},"_metadata":{"uid":"cs24d4bc8178edea4e"},"display_title_l10n":"","title_l10n":"Comparably - Best Company Leadership 2024","url":""}],"paragraph_l10n":"","style":{"type":null,"cta_group_location":"below logos"},"tags":[],"title":"Careers Overview","title_l10n":"","topic_heading_l10n":"Awards and recognition","updated_at":"2024-09-05T13:57:06.054Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-09-05T13:57:09.804Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"dark_mode":""}},{"generic_body":{"title_l10n":"Meaningful benefits","_metadata":{"uid":"cs71bcaa6bf5d4384a"},"reference":[{"_content_type_uid":"text_image_video","uid":"blt557c3ec389fb5500","_version":8,"locale":"en-us","ACL":{},"created_at":"2022-08-11T19:08:56.244Z","created_by":"blt36e890d06c5ec32c","do_not_alternate":false,"enable_overflow":false,"module":[{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"cs80f1ae2ede17fb70"},"topic_heading_l10n":"","title_l10n":"Meaningful benefits","paragraph_l10n":"\u003cp\u003eNavigate life’s most important moments with benefits designed to give you what you need to focus on what matters most (because we know there’s more to life than work).\n\u003c/p\u003e","paragraph_list":{"group":[],"paragraph_l10n":""},"cta":{"alignment":"left align","width":"block","list":[]},"reference":[{"_content_type_uid":"image_reference","_version":4,"locale":"en-us","uid":"blt8796873b8068114f","ACL":{},"alt_text_l10n":"Smiling mother with work flexibility cooks with her child in kitchen","caption_l10n":"","created_at":"2022-09-13T18:00:38.575Z","created_by":"blt36e890d06c5ec32c","image":{"uid":"blta0ba8a401eac1a74","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-09-20T08:19:40.241Z","updated_at":"2022-09-20T08:19:40.241Z","content_type":"image/png","file_size":"1785250","filename":"elastic-career-main-feature-608x500_2x.png","title":"elastic-career-main-feature-608x500_2x.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:19:50.714Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta0ba8a401eac1a74/6329779cd7d1a75f6967d766/elastic-career-main-feature-608x500_2x.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"elastic-career-main-feature-01-1440x840.png","updated_at":"2022-09-20T08:19:41.316Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:19:50.818Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[{"_content_type_uid":"card","uid":"blt8f327691f3b0ee3d","_version":18,"locale":"en-us","ACL":{},"below_card_modular_blocks":[],"card_deck_style":{"type":"illustration icon32 text grid 2x2 below module paragraph","border_radius":"","component_container_border_radius":"","component_container_padding":null,"padding":null,"per_row":null,"shadow":null,"shadow_hover":null,"image_alignment":null,"paragraph_alignment":null,"text_alignment":null,"title_heading_alignment":null,"topic_heading_alignment":null,"size_title_heading":"H5","border":null,"component_container_show_border":false,"container_background_color":null},"card_modular_blocks":[{"card":{"title_l10n":"Toast to your health","_metadata":{"uid":"cs10bf36acac48f36c"},"modular_blocks":[{"image":{"type":"icon-32","file":{"uid":"blt1145e7fdd552d215","ACL":{},"_version":1,"content_type":"image/svg+xml","created_at":"2020-02-06T15:31:42.849Z","created_by":"blt8288fbcbd8c9dce4","file_size":"2110","filename":"icon-hand-health-32-color.svg","is_dir":false,"tags":[],"title":"icon-hand-health-32-color.svg","updated_at":"2022-02-08T21:21:58.751Z","updated_by":"blt8288fbcbd8c9dce4","parent_uid":"bltdfcb54fd4cf9da87","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-11T16:48:14.106Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1145e7fdd552d215/5e3c315e3f60d62ef4edbbf7/icon-hand-health-32-color.svg"},"_metadata":{"uid":"cs1f5d5d301b5bed09"},"alt_text_l10n":""}},{"title":{"title_l10n":"Toast to your health","_metadata":{"uid":"csf4263ef099043531"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eFully paid health coverage for you and your family, in many locations.\u003c/p\u003e","_metadata":{"uid":"cs8766158e123bb07a"}}}],"style":{"border":null,"badge_l10n":""}}},{"card":{"title_l10n":"Craft your calendar","_metadata":{"uid":"csf523875622e27d38"},"modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"blt3e699ee5ac924246","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-06T15:30:54.892Z","created_by":"blt8288fbcbd8c9dce4","description":"","file_size":"1762","filename":"icon-game-plan-32-color.svg","tags":[],"title":"icon-game-plan-32-color.svg","updated_at":"2021-12-03T18:26:02.827Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-03T18:36:07.861Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e699ee5ac924246/5e3c312e0ee5056ab4d86e1a/icon-game-plan-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e699ee5ac924246/icon-game-plan-32-color.svg"},"_metadata":{"uid":"csd2ae51cdbf9eacfd"},"alt_text_l10n":""}},{"title":{"title_l10n":"Craft your calendar","_metadata":{"uid":"cs1f7463e23623579c"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eFlexible location and schedule for most roles.\u003c/p\u003e","_metadata":{"uid":"cs99c67e5633f8087c"}}}],"style":{"border":null,"badge_l10n":""}}},{"card":{"title_l10n":"Create space for you","_metadata":{"uid":"cs01003e98407bd897"},"modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"bltcbd745c560ed692d","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-06T15:32:18.718Z","created_by":"blt8288fbcbd8c9dce4","description":"","file_size":"1886","filename":"icon-lounge-umbrella-32-color.svg","tags":[],"title":"icon-lounge-umbrella-32-color.svg","updated_at":"2021-12-06T23:44:52.575Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-06T23:48:13.261Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcbd745c560ed692d/5e3c3182e029072f7b62a1de/icon-lounge-umbrella-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcbd745c560ed692d/icon-lounge-umbrella-32-color.svg"},"_metadata":{"uid":"csfd895e7d7c65f5e7"},"alt_text_l10n":""}},{"title":{"title_l10n":"Create space for you","_metadata":{"uid":"cs687efe2362df24cc"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDistributed by design workforce, plus generous number of vacation days each year.\u003c/p\u003e","_metadata":{"uid":"cs4fcdf8dbe5d0315e"}}}],"style":{"border":null,"badge_l10n":""}}},{"card":{"title_l10n":"Embrace parenthood","_metadata":{"uid":"cs2df505b7cff04666"},"modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"blt8bbde9582b18fe75","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-06T15:33:25.604Z","created_by":"blt8288fbcbd8c9dce4","description":"","file_size":"2247","filename":"icon-baby-carriage-32-color.svg","tags":[],"title":"icon-baby-carriage-32-color.svg","updated_at":"2021-11-30T22:49:04.355Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-11-30T22:51:20.254Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8bbde9582b18fe75/5e3c31c528bcbb6ab5fa3c29/icon-baby-carriage-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8bbde9582b18fe75/icon-baby-carriage-32-color.svg"},"_metadata":{"uid":"cs350dd49efd0c776f"},"alt_text_l10n":""}},{"title":{"title_l10n":"Embrace parenthood","_metadata":{"uid":"cs19b4c6ce054cc152"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eMinimum of 16 weeks of parental leave, plus generous family formation benefits.\u003c/p\u003e","_metadata":{"uid":"csd26c28884673f072"}}}],"style":{"border":null,"badge_l10n":""}}},{"card":{"title_l10n":"Give back your time","_metadata":{"uid":"cseaaf147763ec6b0f"},"modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"blt454bfe285f70074c","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-06T15:32:54.236Z","created_by":"blt8288fbcbd8c9dce4","description":"","file_size":"2881","filename":"icon-hand-and-heart-32-color.svg","tags":[],"title":"icon-hand-and-heart-32-color.svg","updated_at":"2021-12-03T18:31:09.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-03T18:36:35.947Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt454bfe285f70074c/5e3c31a68a407162a896a068/icon-hand-and-heart-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt454bfe285f70074c/icon-hand-and-heart-32-color.svg"},"_metadata":{"uid":"cs4c76b0c7170ab7e9"},"alt_text_l10n":""}},{"title":{"title_l10n":"Give back your time","_metadata":{"uid":"cs17a837923d4deca4"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003e40 hours each year to use toward volunteering with organizations and causes you’re passionate about.\u003c/p\u003e","_metadata":{"uid":"cs7baeac7783ff32a0"}}}],"style":{"border":null,"badge_l10n":""}}},{"card":{"title_l10n":"Amplify your impact","_metadata":{"uid":"cs65b145ab9adf5626"},"modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"blt030109bfe4380798","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-06T15:30:08.906Z","created_by":"blt8288fbcbd8c9dce4","description":"","file_size":"2917","filename":"icon-amplify-money-32-color.svg","tags":[],"title":"icon-amplify-money-32-color.svg","updated_at":"2021-11-30T22:04:07.625Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-01T00:00:41.113Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt030109bfe4380798/5e3c31001ff22e62a7ce6e5d/icon-amplify-money-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt030109bfe4380798/icon-amplify-money-32-color.svg"},"_metadata":{"uid":"cs654ae67601c0e081"},"alt_text_l10n":""}},{"title":{"title_l10n":"Amplify your impact","_metadata":{"uid":"csa71ac5c74632c538"},"title_unit_l10n":"","url":"","size_title":null,"display_arrow":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDouble your charitable giving \u0026mdash; we match donations and service up to $2,000 USD (or local currency equivalent).\u003c/p\u003e","_metadata":{"uid":"cs861a3f6af3790aeb"}}}],"style":{"border":null,"badge_l10n":""}}}],"created_at":"2022-08-11T19:46:50.874Z","created_by":"blt36e890d06c5ec32c","spotlight_modular_blocks":[],"tags":[],"title":"Careers Overview - Meaningful benefits","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"layout":null,"left_align_text":false,"title_heading_size":null,"two_column_layout":false}},"updated_at":"2024-10-11T18:15:55.232Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-10-11T18:15:59.278Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"below_component_reference":[],"pattern":null,"border_radius":""}],"reverse_layout":false,"styles":{"background_color":null,"background_color_even_rows":false},"tags":[],"title":"Careers Overview - Meaningful benefits","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2025-02-20T12:10:44.876Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-02-20T12:10:49.649Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"dark_mode":""}},{"generic_body":{"title_l10n":"The source of a successful career","_metadata":{"uid":"cs580f46c8a7f15d47"},"reference":[{"_content_type_uid":"text_image_video","_version":8,"locale":"en-us","uid":"blt196adcf2a0afee02","ACL":{},"component_theme":{"color":null,"container_border_radius":null,"container_color":null,"container_style":null,"divider_bottom":null,"divider_top":null,"module_color":null,"spacer_bottom":null,"spacer_top":null,"theme_type":null},"component_theme_reference":[],"created_at":"2022-09-13T18:08:33.898Z","created_by":"blt36e890d06c5ec32c","dark_mode":"light-mode-grey","dark_mode_even_rows":true,"do_not_alternate":false,"enable_overflow":false,"enable_scroll_interactions":false,"module":[{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"csd94a7330f40f7d6b"},"topic_heading_l10n":"","title_l10n":"The source of a successful career","paragraph_l10n":"\u003cp\u003eAll companies have values, at Elastic, we live them. Enter our Source Code: the set of ideas that make Elastic what it is, and it’s also what empowers you to be you, at work and beyond.\u003c/p\u003e","paragraph_list":{"group":[],"paragraph_l10n":""},"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"csf71ba07bf2dbe689"},"icon_direction":null,"title_l10n":"Elastic’s Source Code","url":"/about/our-source-code"}]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"blteba84d4cb406adf1","ACL":{},"alt_text_l10n":"Smiling man works on computer and speaks on phone for his fully remote job","caption_l10n":"","created_at":"2022-09-20T08:25:24.793Z","created_by":"blt3e52848e0cb3c394","image":{"uid":"blte5b2c60d1e637473","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-09-20T08:25:13.105Z","updated_at":"2022-09-20T08:25:13.105Z","content_type":"image/png","file_size":"2013853","filename":"elastic-career-main-feature-02_1440x840.png","title":"elastic-career-main-feature-02_1440x840.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:25:33.797Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte5b2c60d1e637473/632978e913b09f72eb737d61/elastic-career-main-feature-02_1440x840.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"elastic-career-main-feature-02_1440x840.png","updated_at":"2022-09-20T08:25:24.793Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:25:33.863Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":"","pattern":null,"component_theme":{"color":null,"theme_type":null,"module_color":null,"container_color":null,"container_border_radius":null,"container_style":null,"divider_top":null,"divider_bottom":null,"spacer_top":null,"spacer_bottom":null},"border_radius":""}],"reverse_layout":true,"styles":{"background_color":"bg-light-gray","background_color_even_rows":true},"tags":[],"title":"Careers Overview - The source of a successful career","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2024-06-27T08:57:33.509Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-27T08:57:38.815Z","user":"blt3e52848e0cb3c394"}}],"dark_mode":"light-mode-grey"}},{"card":{"title_l10n":"Join a culture where you can be you","_metadata":{"uid":"cs90c04666c68a5640"},"card_reference":[{"_version":5,"locale":"en-us","uid":"blt839519af5dda19bf","ACL":{},"below_card_modular_blocks":[],"card_deck_style":{"type":"illustration text grid 3x1","background_color":"","border_color":"","border_direction":null,"border_radius":"","component_container_background_color":"","component_container_border_radius":"","component_container_padding":null,"padding":null,"per_row":null,"shadow":null,"shadow_hover":null,"image_alignment":null,"paragraph_alignment":null,"text_alignment":null,"title_heading_alignment":null,"topic_heading_alignment":null,"image_border_color":"","image_border_style":"","image_border_width":"","image_filter":"","size_title_heading":null},"card_modular_blocks":[{"card":{"title_l10n":"Diversity drives us","_metadata":{"uid":"cs45b4d1f5593ff99f"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":1,"is_dir":false,"uid":"blt7435b6acb50ffe8f","ACL":{},"content_type":"image/svg+xml","created_at":"2022-09-20T08:39:01.544Z","created_by":"blt3e52848e0cb3c394","file_size":"342253","filename":"illustration-career-diversity-128px.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-career-diversity-128px.svg","updated_at":"2022-09-20T08:39:01.544Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:39:11.697Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7435b6acb50ffe8f/63297c25556fbc660c8cb273/illustration-career-diversity-128px.svg"},"_metadata":{"uid":"cs26df6f390a6f3cf1"},"alt_text_l10n":""}},{"title":{"title_l10n":"Diversity drives us","_metadata":{"uid":"csc359e483b529d0dd"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eCompanies diverse in age, gender identity, race, sexual orientation, physical or mental ability, language, location, ethnicity, and perspective are better companies. Period. At Elastic, everyone is not just welcomed, but celebrated.\u003c/p\u003e","_metadata":{"uid":"csbb2985ba3aadb7fb"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs7640385320e89b47"},"icon_direction":null,"title_l10n":"Read more about DE\u0026I","url":"/careers/diversity-and-inclusion"}],"_metadata":{"uid":"cs515e606e3a5f56de"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Explore our values","_metadata":{"uid":"csf98c72075b8a248c"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":1,"is_dir":false,"uid":"blt63fac02ab5f20923","ACL":{},"content_type":"image/svg+xml","created_at":"2022-09-20T08:39:01.348Z","created_by":"blt3e52848e0cb3c394","file_size":"170828","filename":"illustration-career-values-128px.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-career-values-128px.svg","updated_at":"2022-09-20T08:39:01.348Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:39:11.792Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt63fac02ab5f20923/63297c25d7d1a75f6967d77a/illustration-career-values-128px.svg"},"_metadata":{"uid":"cs46383400ada07dc8"},"alt_text_l10n":""}},{"title":{"title_l10n":"Explore our values","_metadata":{"uid":"cs50ad263d9b5881e3"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eAt Elastic, we believe that autonomy and flexibility equal growth. Our values reflect that. Explore our Source Code to see what Elastic stands for, and how we incorporate our guiding principles into everything we do.\u003c/p\u003e","_metadata":{"uid":"cs05185da8e3e2afea"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs53cf528355193b66"},"icon_direction":null,"title_l10n":"Company values","url":"/careers/our-values"}],"_metadata":{"uid":"cs12462d7edfb78173"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Craft your career","_metadata":{"uid":"cs465c42ee887bbfb9"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":1,"is_dir":false,"uid":"blt6be6fb247a670742","ACL":{},"content_type":"image/svg+xml","created_at":"2022-09-20T08:39:01.148Z","created_by":"blt3e52848e0cb3c394","file_size":"63118","filename":"illustration-career-career-128px.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-career-career-128px.svg","updated_at":"2022-09-20T08:39:01.148Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:39:11.883Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6be6fb247a670742/63297c259f1d04649d659eee/illustration-career-career-128px.svg"},"_metadata":{"uid":"csa7d3b8c3b2ec9e0f"},"alt_text_l10n":""}},{"title":{"title_l10n":"Craft your career","_metadata":{"uid":"cs160732f9c04ab290"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eLife’s too short to not love what you do and where you work. See all Elastic has to offer, explore our open opportunities and learn more about our teams. We think your next dream job might be a click away.\u003c/p\u003e","_metadata":{"uid":"csa780fcb75da7b1d5"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"csd8a5b653642f074b"},"icon_direction":null,"title_l10n":"Apply for open roles","url":"https://jobs.elastic.co/"}],"_metadata":{"uid":"cs502f73b14888f118"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}}],"created_at":"2022-09-13T18:16:04.402Z","created_by":"blt36e890d06c5ec32c","spotlight_modular_blocks":[],"tags":[],"title":"Careers Overview - Join a culture where you can be you","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"Join a culture where you can be you","paragraph_l10n":"\u003cp\u003eBring your whole self to work. Create space for your life. Work where you work best.\n\u003c/p\u003e","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":null,"two_column_layout":false}},"updated_at":"2022-12-05T17:38:02.709Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-12-05T17:38:06.884Z","user":"blt3044324473ef223b70bc674c"}}],"background_color_for_component_container":"","background_color_for_cards":""}},{"collection_gallery":{"title_l10n":"Craft your career path","_metadata":{"uid":"csfc937cd4b2d06dfd"},"reference":[{"_content_type_uid":"content_gallery","uid":"blt656cf92d4f1aeaa1","title":"Careers Overview - Craft your career path","editorial_heading":{"title_l10n":"Craft your career path","cta":{"title_l10n":"Your path starts here","url":"https://jobs.elastic.co/","icon_file":null}},"manual_curation":[{"_content_type_uid":"blog_v2","uid":"blt591eb6686c8a402a","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Sunayana pivoted from sales to product marketing and returned to Elastic to work on generative AI. Here’s why returning to Elastic felt like coming home. ","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2024-08-12T23:14:35.259Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs25158bed58fb30dd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAfter a 16-year career and her best-ever year in sales, Sunayana Vatassery pivoted to a role in product marketing. She wasn’t working for Elastic® at the time, but she’d return to the company once a product marketing role opened up in a move that she describes as \"coming home.\"\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSunayana is now senior product marketing manager, but when she joined Elastic the first time it was as a sales director working on the Revenue team. She was with the company for two years before deciding to leave.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“In 2020, I got a great opportunity to take yet another organization to the level of acquisition and/or IPO. I remember thinking back then, I wanted one more run with a smaller private company before growing my career at a public one,” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSunayana returned in March 2024 with a new role to a company that feels like home, but has upleveled, she says. And while the number of Elasticians grew during the four years she was gone, the culture remained the same.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“The people make it so fabulous. So many folks I worked with previously are still here but they’ve moved around, expanded their roles, and done even cooler things. Everyone was supportive and wonderful [when I returned].\"\u003cbr /\u003e\u003cbr /\u003e”One thing that really brought me back was the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/our-values\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSource Code\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. As YOU, are is huge,\" she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShe originally applied for the senior product marketing manager role in machine learning but during the interview process, Sunayana was surprised — and impressed — that her now manager restructured the role to a go-to-market (GTM) role to capitalize on her extensive sales and sales leadership experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Elastic showed me that [As YOU, are ethos] through the interview process. They really molded the role to me,” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSunayana now works as a senior product marketing manager in GTM Search working closely with the newly minted Search Specialist team.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“There is a lot of emphasis on GenAI and vector databases in the market overall,” she says. “Our Product Marketing team is tasked with distilling how Elastic plays into these categories. We simplify complex information for all, whether it’s pitch decks, capturing internal and external customers stories, or educating the field on key Elastic differentiators that help elevate our voice in the market. We work closely with the Field Enablement team to ensure the field is trained on the ways Elastic enables our customers to build the best GenAI experiences.\"\u003cbr /\u003e\u003cbr /\u003eA great example of this is when she spoke about the importance of Elastic enabling generative AI experiences for all customers at this year’s sales kickoff meeting two months after rejoining.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“With generative AI, no one knows where to start, what models to use, or how to build the right GenAI strategy. There continues to be a fear around how it will impact private data,” Sunayana says of the general AI market. “At Elastic, search and generative AI are one in the same. What better way to tackle the uncertainties of generative AI than with a secure and proven technology [like Elasticsearch]?”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSunayana loves how focused the company has become and how much the Elastic solutions are prime for the market we’re in, she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“We have the right technology for companies to build the best GenAI experiences for their customers — my job is to help put together the most impactful customer stories in a way that people can relate to and reps can tell easily,” she says. “I want the world to know Elasticsearch is the most widely used vector database and the best search technology to help power generative AI experiences for any company.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“But transitioning into a new career wasn’t easy,” says Sunayana.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn sales, you are the CEO of your own territory and although you do work with other resources within the company, you have a defined goal: owning your own quota and path, she says. In product marketing, the goal is a moving target and the role is all about collaboration with product management, sales, leadership, and customer success. But it was a change she learned to love and respect.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor others looking to switch roles, make sure you’re always learning, Sunayana says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Be curious, ask questions, and learn as much as you can,” she says. “Never think you know everything — be an open vessel of learning. Find the articles that make what you need to know interesting and take that extra step to fully understand your new field. Think about how else you can apply this technology that will be beneficial for the masses.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnd the same advice applies to new Elasticians.\u003cbr /\u003e\u003cbr /\u003e“Get your hands on the product,” Sunayana says. “The more you can learn about the product the better. You don’t need to go deep, but you do need to know how customers use the product, why they love us, and what pain points our products address. This will make you better in your new role.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eJoin a company that celebrates you as YOU, are. \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-back-to-elastic-work-in-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eBrowse open roles\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 8pt;\"\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csad5354fd03216c41"}}}],"publish_date":"2024-08-13","seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"},{"uid":"bltb45e90791ca95e3b","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt0d5167248fde2292","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-08-12T23:13:35.116Z","created_by":"blte369ea3bcd6ac892","file_size":"112692","filename":"Blog_Banner_Header_Dark_Color_720x420.jpg","parent_uid":null,"tags":[],"title":"Blog Banner Header_Dark Color_720x420.jpg","updated_at":"2024-08-12T23:13:35.116Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-08-13T14:00:00.365Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0d5167248fde2292/66ba971f316653117049c8c7/Blog_Banner_Header_Dark_Color_720x420.jpg"},"title":"Sunayana Vatassery came back to Elastic to work in generative AI","title_l10n":"Sunayana Vatassery came back to Elastic to work in generative AI","updated_at":"2024-10-10T19:01:45.763Z","updated_by":"bltd9765be97bbed20c","url":"/blog/culture-back-to-elastic-work-in-ai","publish_details":{"time":"2024-10-10T19:01:50.625Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"blog_v2","uid":"bltdc0e0e2660894605","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"As a distributed company, we’re experts in remote onboarding. Learn how we onboard new hires at Elastic, and dive into X-School, our new hire orientation experience. ","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2022-07-07T18:10:07.348Z","created_by":"blt084c51ee83c3308f","custom_content_gallery":{"title_l10n":"","cta":{"cta_title_l10n":"","url":""},"content":[]},"date_localized":null,"do_not_display":false,"markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs768e7449d45787ee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is a fully distributed organization by design, so when you start \u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/careers/?baymax=web\u0026elektra=culture-onboarding-at-elastic?ilks\"\u003e\u003cspan style='font-size: 12pt;'\u003eworking with us\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, you’re in good and experienced hands. Your first few weeks will be filled with reaching out to and meeting with people (both on your immediate teams and with others).\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eShelby Khan, Brand Strategy Director at Elastic, who started her role in January 2022, says, “To meet people, you put time on their calendars,” Shelby says. “It’s the equivalent of walking through the office.”\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eBecause Elastic is distributed, people are used to it. “Everyone was nice and kind when I reached out,” she says.\u003cbr /\u003e\u003cbr /\u003eElastic’s formal, virtual onboarding experience is \u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003edesigned to give every new hire a warm welcome and a solid foundation from day one.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Virtual onboarding is just as effective as in person, Jess Bargeloh, Learning and Organizational Development Sr. Specialist at Elastic, says. “There’s some evidence behind that.”\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eCentral to our onboarding experience is X-School—a comprehensive program designed to equip you with the tools and knowledge needed to thrive at Elastic. Conducted in two different time zones to accommodate our global workforce, X-School provides a platform for new hires to connect with Elasticians worldwide.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e“Being inclusive to all time zones is something we're really proud of,” Jess says.\u003cbr /\u003e\u003cbr /\u003eX-School is one of the first chances a new hire has to connect with Elasticians around the globe.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“There are a lot of breakout groups,” Jess says. “Elasticians have a chance to be with people in other countries.”\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eThrough engaging sessions and interactive activities, participants not only gain valuable insights into Elastic's culture but also build lasting relationships with their peers. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eEvery aspect of X-School is designed to foster personal and professional growth. X-School teaches you how to be successful at Elastic, Jess says.\u003cbr /\u003e\u003cbr /\u003eThe program is three days of classroom virtual experience with the aforementioned breakout sessions and group work. The fourth day is reserved for a panel with senior leadership. But, before their X-School cohort kicks off, new hires are asked to complete some pre-work before attending their first session, like learning courses or self-study.\u003cbr /\u003e\u003cbr /\u003e“Once they get to the virtual sessions they can have a dialogue about what they learned instead of hearing for the first time,” Jess says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eIncluded in X-School programming is information on Elastic’s products, solutions, history, and Source Code.\u003cbr /\u003e\u003cbr /\u003eWe also go over different behavior like DEI, growth mindset, and how we treat each other, Jess says. And X-School covers best practices for collaboration and prioritization, something Elasticians didn’t expect but appreciated.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“X-School is a mixture of understanding company culture in a remote environment and getting familiar with the company,” Khan says.\u003cbr /\u003e\u003cbr /\u003eAs an added bonus, learners also get a jump start with classes from the Elastic Beehive, our Elastician Success model. The Beehive represents what we look for when we bring in new talent, where we focus when developing our existing talent, and the standards we set ourselves so we know how well we’re performing.\u003cbr /\u003e\u003cbr /\u003eTo cap off the week is an AMA with Elastic senior leadership, which has always been a fan favorite, Jess says. X-School runs every 4-6 weeks, depending on the number of new hires.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eIlya Nikokoshev, Senior Software Engineer at Elastic and recent X-School participant, says he had a great X-School experience.\u0026nbsp;\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“This is easily the best onboarding program that I have experienced and I will be sure to mention it as one of the things that make Elastic a great place to be,” he says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eTo get the most of our X-School, Jess recommends:\u003cbr /\u003e\u003cbr /\u003ePrepare: Fully immerse yourself in the X-School experience by completing your pre-work and actively participating in virtual sessions. This dedicated time is invaluable for laying a strong foundation in your role at Elastic.\u003cbr /\u003e\u003cbr /\u003eConnect: Embrace the chance to connect with other Elasticians worldwide during X-School. These relationships are not only valuable professionally, but can also provide support as you acclimate to your role and life at Elastic.\u003cbr /\u003e\u003cbr /\u003eBe open: While starting a new job may present challenges, it's also an exciting opportunity for personal and professional growth. Approach this journey with enthusiasm and openness to new experiences—it's a chance to learn, grow, and have fun along the way.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eYou’re one job application way from your X-School journey. Learn more about \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/careers/?baymax=web\u0026elektra=culture-onboarding-at-elastic?ilks\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ecareers at Elastic\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e and search open roles.\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eThis blog was originally published on 07/07/22.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa09ff3c49a84b6d9"}}}],"publish_date":"2024-05-07","seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":"","meta":{"topic":{"meta_content_reference":[]},"category":{"meta_content_reference":[]},"format":{"meta_content_reference":[]},"lens":{"meta_content_reference":[]}}},"subtitle_l10n":"","table_of_contents":{"display_table_of_contents":false,"blog_series":[]},"tags":[],"tags_blog_type":[],"tags_culture":[{"uid":"blta3d57ee01bc3c718","_content_type_uid":"tags_culture"},{"uid":"blt941960cc2498f467","_content_type_uid":"tags_culture"},{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltc5da5dd44edaf7ed","created_by":"blt084c51ee83c3308f","updated_by":"blt084c51ee83c3308f","created_at":"2022-07-07T18:07:46.587Z","updated_at":"2022-07-07T18:07:46.587Z","content_type":"image/png","file_size":"115109","filename":"4.26-onboarding-at-elastic-1680x980.png","title":"4.26-onboarding-at-elastic-1680x980.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-11T16:02:42.067Z","user":"blt2e0950f439c6192e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc5da5dd44edaf7ed/62c720f2e1e8cc357ddc09f8/4.26-onboarding-at-elastic-1680x980.png"},"title":"Onboarding at Elastic: What to Expect","title_l10n":"Onboarding at Elastic: What to expect","updated_at":"2024-05-07T21:04:01.417Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/onboarding-at-elastic","publish_details":{"time":"2024-05-07T21:04:44.865Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"blog_v2","uid":"bltdec83d3a2dbb54ff","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Advancement and continued learning are top of mind for employees. We asked three Elastician engineers who have advanced their careers at Elastic® for their top tips. Read them here.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2024-06-20T16:34:17.367Z","created_by":"blte369ea3bcd6ac892","custom_content_gallery":{"title_l10n":"","cta":{"cta_title_l10n":"","url":""},"content":[]},"date_localized":null,"do_not_display":false,"markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJob seekers aren't just looking for a new opportunity, they are looking for growth throughout their career. \u003c/span\u003e\u003ca href=\"https://www.betterworks.com/state-of-enablement-report-2023-digital/\"\u003e\u003cspan style='font-size: 12pt;'\u003eA report cited\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that only 48% of employees feel they have a path for advancement at their current employer and 46% say they don’t feel their employer supports their career aspirations.\u003cbr /\u003e\u003cbr /\u003eIn fact, Hired recently reported that 76% of people looking for a new role list dissatisfaction with career progression opportunities as a contributing factor.\u003cbr /\u003e\u003cbr /\u003eSo it’s safe to say that advancement and continued learning are top of mind for employees.\u003cbr /\u003e\u003cbr /\u003eIn a \u003c/span\u003e\u003ca href=\"https://www.linkedin.com/posts/elastic-co_careerpathing-activity-7156333496418848769-SLoG?utm_source=share\u0026utm_medium=member_desktop\"\u003e\u003cspan style='font-size: 12pt;'\u003eLinkedIn Live panel\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we spoke with three Elastician engineers who have advanced their careers at Elastic® for their top tips.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eExpress interest\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, make your career goals or aspirations known to your manager. Have a conversation about those goals, how to achieve them, what a realistic timeline is, and who may be able to help you along the way.\u003cbr /\u003e\u003cbr /\u003eJen Huang, Senior Software Engineering Manager, successfully transitioned from an individual contributor engineering role to a leadership position. She continually expressed interest in leadership opportunities and made sure her manager was aware of the leadership tasks she was already doing. She also asked for feedback on her strengths and weaknesses, so she could work to address them.\u003cbr /\u003e\u003cbr /\u003e“Think about how your strengths can be applied to the new role and what you should work on to improve your chance of success,” she says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eNajwa Harif, Product Manager, moved from a support engineering role to her current product role, and took a similar approach.\u003cbr /\u003e\u003cbr /\u003e“I openly expressed my career goals in conversations with my manager. We designed my career development goals considering that,” she says. \u003cbr /\u003e\u003cbr /\u003eShe was able to start doing some product management work on internal projects and connect with product managers to build relevant skills.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eBe curious\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYuliia Naumenko, Tech Lead, Principal Software Engineer II, moved from an individual contributor role to a team leader. To advance, she worked with her then-manager to identify what to develop and work on, she says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“Don't be afraid of the change,” she says. “if you have already started thinking about it then you need to move forward.”\u003cbr /\u003e\u003cbr /\u003eSimilarly, Najwa advises to be curious by getting involved in side projects, taking online courses, or listening to podcasts to learn as much as you can.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eConnect with others\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSeeking out people who are in the role\u0026nbsp; — either within your company or externally —\u0026nbsp; is a great way to better understand the day-to-day tasks and how to succeed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTry to connect with someone close to the new role that you want and ask for their definition of success, Jen says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNajwa agrees. “Talk with people to find out what the day-to-day looks like, and try to find mentors and attend meetups,” she says. “The company's [Elastic] peer-to-peer program helped me connect with product managers in various teams to learn the mindset.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eSet large and small goals\u003c/h2\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth Jen and Najwa advise listing out big goals and then setting smaller ones that ladder up.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I list out the big goals I have, then list out what needs to be done to achieve them. I like to use the 80/20 (Pareto principle) to prioritize the tasks that have a higher impact — 80% of the outcomes come from 20% of causes,” Najwa says.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Try to come up with a few metrics to assess progress and review them regularly,” Jen adds.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYuliia recommends keeping an eye out for ways to achieve your goals.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Constantly look for the opportunities which will get you closer to your goal, no matter how big or small,” she says. “Be patient, and don't give up when the time doesn't seem to be right.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we support our Elasticians as they figure out \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-casey-zumwalt-career-transition\"\u003e\u003cspan style='font-size: 12pt;'\u003etheir career paths\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e through mentorship, fostering internal mobility, and encouraging exploration.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eReady to advance your career? \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-female-engineers-advance-careers\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBrowse open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 8pt;'\u003e\u003cem\u003e\u003cstrong\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs88b847a25df4935b"}}],"_metadata":{"uid":"csde5c3554bd5623d2"}}}],"publish_date":"2024-06-21","seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":"","meta":{"topic":{"meta_content_reference":[]},"category":{"meta_content_reference":[]},"format":{"meta_content_reference":[]},"lens":{"meta_content_reference":[]}}},"subtitle_l10n":"","table_of_contents":{"display_table_of_contents":false,"blog_series":[]},"tags":[],"tags_blog_type":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltf50819ae6fd3995c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-06-20T16:30:51.674Z","created_by":"blte369ea3bcd6ac892","file_size":"63222","filename":"152274_-_LinkedIn_Live_-_Eng_Career_pathing_Option2_V1.png","parent_uid":null,"tags":[],"title":"152274 - LinkedIn Live - Eng Career pathing Option2_V1.png","updated_at":"2024-06-20T16:30:51.674Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-06-21T14:00:01.923Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf50819ae6fd3995c/6674593b7ef09e00d3f41996/152274_-_LinkedIn_Live_-_Eng_Career_pathing_Option2_V1.png"},"title":"3 female engineers share how they advanced their careers at Elastic","title_l10n":"3 female engineers share how they advanced their careers at Elastic","updated_at":"2024-06-20T16:34:17.367Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-female-engineers-advance-careers","publish_details":{"time":"2024-06-21T14:00:01.692Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags":[],"locale":"en-us","created_by":"blt36e890d06c5ec32c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-08-15T22:06:16.416Z","updated_at":"2024-10-11T00:00:43.639Z","ACL":{},"_version":29,"dynamic_curation":{"content_types":["blog","blog_v2"],"tags_use_case":[],"api_type":null},"style":{"type":"ghost cards","display_number":"","curation_list_display_order":"Dynamic then fill with manual curation"},"publish_details":{"time":"2024-10-11T18:13:32.600Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}},{"generic_body":{"title_l10n":"Elastic’s culture makes it possible","_metadata":{"uid":"cs7d649b9b6e902fb4"},"reference":[{"_content_type_uid":"text_image_video","_version":7,"locale":"en-us","uid":"blt202a6a78b7f1e966","ACL":{},"component_theme":{"color":null,"container_border_radius":null,"container_color":null,"container_style":null,"divider_bottom":null,"divider_top":null,"module_color":null,"spacer_bottom":null,"spacer_top":null,"theme_type":null},"component_theme_reference":[],"created_at":"2022-09-13T18:22:32.962Z","created_by":"blt36e890d06c5ec32c","dark_mode":"light-mode-grey","dark_mode_even_rows":true,"do_not_alternate":false,"enable_overflow":false,"enable_scroll_interactions":false,"module":[{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"csf49344fe214cdc7a"},"topic_heading_l10n":"","title_l10n":"Elastic’s culture makes it possible","paragraph_l10n":"\u003cp\u003e\"As long as I get my work done, I have a lot of control over my schedule, that’s huge for me. The working from home aspect makes it possible for me to be a career person and a mom at the same time. If it wasn’t for that flexibility I would have to choose.\"\u003c/p\u003e\u003cp\u003e-Cami Lewis, Global Security Lead - Community\u003c/p\u003e","paragraph_list":{"group":[],"paragraph_l10n":""},"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs12f25c098db751e1"},"icon_direction":null,"title_l10n":"Read the blog","url":"/blog/culture-someone-like-me-cami-lewis-on-being-a-work-at-home-mom"}]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"bltdc360d68730ceac1","ACL":{},"alt_text_l10n":"Flexible working hours help Elastic employees create work life balance","caption_l10n":"","created_at":"2022-09-20T08:43:29.648Z","created_by":"blt3e52848e0cb3c394","image":{"uid":"blt456d2d577ee213d1","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-09-20T08:43:20.369Z","updated_at":"2022-09-20T08:43:20.369Z","content_type":"image/png","file_size":"537091","filename":"elastic-career-feature-source-code-1440x840.png","title":"elastic-career-feature-source-code-1440x840.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:43:42.221Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt456d2d577ee213d1/63297d28cf5c146ec738734a/elastic-career-feature-source-code-1440x840.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"elastic-career-feature-source-code-1440x840.png","updated_at":"2022-09-20T08:43:29.648Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-20T08:43:42.304Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":"","pattern":null,"component_theme":{"color":null,"theme_type":null,"module_color":null,"container_color":null,"container_border_radius":null,"container_style":null,"divider_top":null,"divider_bottom":null,"spacer_top":null,"spacer_bottom":null},"border_radius":""}],"reverse_layout":false,"styles":{"background_color":"bg-light-gray","background_color_even_rows":true},"tags":[],"title":"Careers Overview - Elastic’s culture makes it possible","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2024-06-27T08:57:47.399Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-27T08:57:51.805Z","user":"blt3e52848e0cb3c394"}}],"dark_mode":"light-mode-grey"}},{"collection_gallery":{"title_l10n":"Instagram: Life at Elastic","_metadata":{"uid":"csac8865bc48880353"},"reference":[{"_content_type_uid":"content_gallery","_version":12,"locale":"en-us","uid":"bltf7193f2de4dfcec3","ACL":{},"created_at":"2022-08-22T18:32:35.380Z","created_by":"blt36e890d06c5ec32c","dynamic_curation":{"content_types":[],"tags_blog_type":[],"tags_use_case":[],"api_type":"instagram: lifeatelastic"},"editorial_heading":{"title_l10n":"Life at Elastic","cta":{"title_l10n":"See more on Instagram","url":"https://www.instagram.com/lifeatelastic/?hl=en","icon_file":{"_version":1,"is_dir":false,"uid":"bltf31fe455b1b1b595","ACL":{},"content_type":"image/svg+xml","created_at":"2022-03-15T20:12:34.855Z","created_by":"blt3044324473ef223b70bc674c","file_size":"1169","filename":"icon-open-new-16-blue.svg","parent_uid":null,"tags":[],"title":"icon-open-new-16-blue.svg","updated_at":"2022-03-15T20:12:34.855Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-15T20:12:45.037Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf31fe455b1b1b595/6230f332429f83163fd985be/icon-open-new-16-blue.svg"}}},"manual_curation":[],"style":{"type":"slider - image-286","display_number":"8"},"tags":[],"title":"Careers Overview - Life at Elastic","updated_at":"2022-10-06T19:50:45.349Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-10-10T17:24:50.397Z","user":"blt36e890d06c5ec32c"}}]}}],"module_header":null,"seo":{"seo_title_l10n":"Careers | Elastic","seo_description_l10n":"We're hiring talented people from all over the world. Work in your ideal work environment with flexible working hours. Explore our open career opportunities.","seo_image":null,"canonical_tag":"","noindex":false,"nofollow":false},"social_media":{"topic_heading_l10n":"","display_social_media_module":false},"structured_data":{"data_l10n":""},"tags":[],"tags_content_type":[],"tags_elastic_stack":[],"tags_industry":[],"tags_language":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":null,"title":"Careers Overview - Refresh 2022","updated_at":"2022-12-15T09:32:09.816Z","updated_by":"blt3e52848e0cb3c394","url":"/careers","whats_new_reference":[],"publish_details":{"time":"2024-10-11T18:13:32.246Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},"locale":"","videos":[[{"uid":"bltbf1a84ce72d54061","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:32:54.367Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Adobe","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's Steve Kearns and Adobe's Varsha Chandan and Jordan Moore to explore how the latest platform innovations and AI integration can streamline development and issue diagnosis.\u003c/p\u003e\n\u003ch4\u003eHighlights\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eUncovering how the latest platform innovations simplify building and scaling Elastic solutions\u003c/li\u003e\n \u003cli\u003eLeveraging AI and Elasticsearch to reduce time and costs associated with developer tools\u003c/li\u003e\n \u003cli\u003eDiagnosing issues more efficiently using AI and Elasticsearch\u003c/li\u003e\n \u003cli\u003eThe role of AI in enhancing developer productivity\u003c/li\u003e\n \u003cli\u003eFuture milestones for evolving development tools with AI\u003c/li\u003e\n \u003cli\u003eHow Elastic’s platform innovations support your organization's scaling needs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\n\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blta88061c105b8011d","blt6d541ad58e5164d9","blt3c68347d16e32c8b"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Adobe","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Adobe","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:40:08.694Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/adobe","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"xJCsxzyiRjnD33NJsuBGaP","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.072Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9a24bc96fa3864a5","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:23:57.343Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | BART","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's James Spiteri and BART's Rob McQueen to discover how AI-driven security analytics can enhance alert triaging, data integration, and threat investigations.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights on using AI-driven security analytics to simplify alert triaging, data integration, and investigations\u003c/li\u003e\u003cli\u003eHow Elastic Security has bolstered cybersecurity measures at BART\u003c/li\u003e\u003cli\u003eSecuring AI implementations at BART\u003c/li\u003e\u003cli\u003eDemo of generative AI features on the Elastic Search AI Platform\u003c/li\u003e\u003cli\u003eHow security analysts can detect and remediate threats faster with AI\u003c/li\u003e\u003cli\u003eThe importance of integrating AI in cybersecurity tools to improve efficiency\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt47281ee31f9b7aa9","blt65bafb0f35c33cef"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | BART","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | BART","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:38:26.091Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/bay-area-rapid-transit","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"2p8Abt3A9p3edb5hST6Njg","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.103Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt73fac6c08b06a899","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:37:57.724Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Manny Daniele, Senior Account Technology Strategist at Microsoft, and Hiral Shah, Director of Product Management at Docusign, to explore the value delivered through the partnership between Elastic and Microsoft.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights into how the Elastic-Microsoft partnership benefits Docusign\u003c/li\u003e\u003cli\u003eEnhancing digital workflows at Docusign with advanced technology integration\u003c/li\u003e\u003cli\u003eStrengthening Docusign’s solutions through innovative collaboration\u003c/li\u003e\u003cli\u003eThe importance of strategic alliances in driving technological advancements for Docusign\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt62a7f7a74a6a5a51","bltbcda328c05f06aec"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-06T19:09:33.365Z","updated_by":"blt36e890d06c5ec32c","url":"/events/elasticon/archive/docusign-microsoft","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"HS4TmfMAo7H5psBBkM5ztc","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-06T19:09:37.175Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],857],"imgAltContent":[[{"_version":1,"locale":"en-us","uid":"bltffa924ac55d9696b","ACL":{},"alt_text_l10n":"Google Cloud","created_at":"2022-09-26T22:03:17.978Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Google Cloud","updated_at":"2022-09-26T22:03:17.978Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.258Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt3b58313da82f767d","ACL":{},"alt_text_l10n":"Alibaba Cloud","created_at":"2022-09-26T22:02:31.046Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Alibaba Cloud","updated_at":"2022-09-26T22:03:01.894Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.247Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt75d785f1e5852fe1","ACL":{},"alt_text_l10n":"Tencent Cloud","created_at":"2022-09-26T22:02:54.706Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Tencent Cloud","updated_at":"2022-09-26T22:02:54.706Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.236Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt828d5ebb9468b886","ACL":{},"alt_text_l10n":"Amazon Web Services (AWS)","created_at":"2022-09-26T22:02:47.627Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Amazon Web Services (AWS)","updated_at":"2022-09-26T22:02:47.627Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.225Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt09fba657c7a83bc5","ACL":{},"alt_text_l10n":"Microsoft Azure","created_at":"2022-09-26T22:02:15.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Microsoft Azure","updated_at":"2022-09-26T22:02:15.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.214Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4c95fef51f752b47","ACL":{},"alt_text_l10n":"Elastic Enterprise Search","created_at":"2022-07-14T22:29:34.849Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Enterprise Search","updated_at":"2022-07-14T22:29:34.849Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-14T22:29:39.368Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta2ea276c30401c0c","ACL":{},"alt_text_l10n":"Kibana","created_at":"2022-07-14T22:26:18.479Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Kibana","updated_at":"2022-07-14T22:26:18.479Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-14T22:26:22.908Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2ecbc48c40dda5d6","ACL":{},"alt_text_l10n":"Application Performance Monitoring (APM)","created_at":"2022-07-13T19:59:06.363Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Application Performance Monitoring (APM)","updated_at":"2022-07-13T19:59:06.363Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-13T19:59:17.766Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt12a7b7945c143771","ACL":{},"alt_text_l10n":"Tom Kaplan","created_at":"2022-06-30T22:50:23.776Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Tom Kaplan","updated_at":"2022-06-30T22:50:23.776Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-30T22:50:26.858Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6e3875f2cb65b010","ACL":{},"alt_text_l10n":"Elastic Observability","created_at":"2022-06-23T22:18:01.526Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Observability","updated_at":"2022-06-23T22:18:01.526Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:18:06.080Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt806c6156aefec893","ACL":{},"alt_text_l10n":"Elastic Cloud","created_at":"2022-06-23T22:17:46.694Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Cloud","updated_at":"2022-06-23T22:17:46.694Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:17:51.494Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltea2a3342595c2256","ACL":{},"alt_text_l10n":"Flavio Knob","created_at":"2022-06-23T22:00:36.284Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Flavio Knob","updated_at":"2022-06-23T22:00:36.284Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:00:43.176Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdec86286dc507b12","ACL":{},"alt_text_l10n":"Shay Banon","created_at":"2022-06-23T21:58:54.908Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Shay Banon","updated_at":"2022-06-23T21:58:54.908Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T21:59:02.660Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt802af40f16c86cee","ACL":{},"alt_text_l10n":"Zurich Insurance Group","created_at":"2022-05-12T21:58:07.477Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zurich Insurance Group","updated_at":"2022-05-12T21:58:07.477Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.478Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt402e8602dc31c98d","ACL":{},"alt_text_l10n":"Zero Latency","created_at":"2022-05-12T21:58:07.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zero Latency","updated_at":"2022-05-12T21:58:07.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.056Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6eef21f967aadca5","ACL":{},"alt_text_l10n":"Zendesk","created_at":"2022-05-12T21:58:07.117Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zendesk","updated_at":"2022-05-12T21:58:07.117Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.262Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta9e0832242418c91","ACL":{},"alt_text_l10n":"Zalando","created_at":"2022-05-12T21:58:06.905Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zalando","updated_at":"2022-05-12T21:58:06.905Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.728Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt92ffc7d5a0af27ba","ACL":{},"alt_text_l10n":"Yokogawa","created_at":"2022-05-12T21:58:06.721Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yokogawa","updated_at":"2022-05-12T21:58:06.721Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.114Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt50dee827c9ddca6c","ACL":{},"alt_text_l10n":"Yodle","created_at":"2022-05-12T21:58:06.549Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yodle","updated_at":"2022-05-12T21:58:06.549Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.200Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdc0636418b1728e2","ACL":{},"alt_text_l10n":"Yatego","created_at":"2022-05-12T21:58:06.337Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yatego","updated_at":"2022-05-12T21:58:06.337Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.068Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5141742ca3495e1c","ACL":{},"alt_text_l10n":"Yale University","created_at":"2022-05-12T21:58:06.152Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yale University","updated_at":"2022-05-12T21:58:06.152Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.210Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt323409da7387c039","ACL":{},"alt_text_l10n":"XPO Logistics","created_at":"2022-05-12T21:58:05.961Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: XPO Logistics","updated_at":"2022-05-12T21:58:05.961Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.608Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbe0e7fa7c33dd6b0","ACL":{},"alt_text_l10n":"Xoom","created_at":"2022-05-12T21:58:05.779Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Xoom","updated_at":"2022-05-12T21:58:05.779Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.642Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6cc45a194dc90b06","ACL":{},"alt_text_l10n":"Xing","created_at":"2022-05-12T21:58:05.594Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Xing","updated_at":"2022-05-12T21:58:05.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.243Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt069c2ae8a045d1d9","ACL":{},"alt_text_l10n":"WuerthPhoenix","created_at":"2022-05-12T21:58:05.416Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: WuerthPhoenix","updated_at":"2022-05-12T21:58:05.416Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.050Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7df5c993ca47e99f","ACL":{},"alt_text_l10n":"Workday","created_at":"2022-05-12T21:58:05.218Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Workday","updated_at":"2022-05-12T21:58:05.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.441Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt36b939810c148804","ACL":{},"alt_text_l10n":"Wirecard","created_at":"2022-05-12T21:58:05.048Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wirecard","updated_at":"2022-05-12T21:58:05.048Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.672Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt84bce2c969eb32c8","ACL":{},"alt_text_l10n":"Will County Sheriff's Office","created_at":"2022-05-12T21:58:04.866Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Will County Sheriff's Office","updated_at":"2022-05-12T21:58:04.866Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.939Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt203415bcc35d284f","ACL":{},"alt_text_l10n":"Wikimedia","created_at":"2022-05-12T21:58:04.681Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wikimedia","updated_at":"2022-05-12T21:58:04.681Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.381Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf37fef07b73c3850","ACL":{},"alt_text_l10n":"Wemakeprice","created_at":"2022-05-12T21:58:04.491Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wemakeprice","updated_at":"2022-05-12T21:58:04.491Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.092Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb548a39f7e8d1177","ACL":{},"alt_text_l10n":"Wellcome Collection","created_at":"2022-05-12T21:58:04.307Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wellcome Collection","updated_at":"2022-05-12T21:58:04.307Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.570Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt73707e9fbe08c997","ACL":{},"alt_text_l10n":"Weimob","created_at":"2022-05-12T21:58:04.132Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Weimob","updated_at":"2022-05-12T21:58:04.132Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.341Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3289a157b9290c23","ACL":{},"alt_text_l10n":"Warner Brothers","created_at":"2022-05-12T21:58:03.957Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Warner Brothers","updated_at":"2022-05-12T21:58:03.957Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.617Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25be0810c6784170","ACL":{},"alt_text_l10n":"Walgreens","created_at":"2022-05-12T21:58:03.791Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Walgreens","updated_at":"2022-05-12T21:58:03.791Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.454Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt821f24cb81673931","ACL":{},"alt_text_l10n":"Voxpopme","created_at":"2022-05-12T21:58:03.612Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Voxpopme","updated_at":"2022-05-12T21:58:03.612Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf8e3add699994943","ACL":{},"alt_text_l10n":"Volvo","created_at":"2022-05-12T21:58:03.433Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Volvo","updated_at":"2022-05-12T21:58:03.433Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.838Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8b25ae0c5b27150d","ACL":{},"alt_text_l10n":"VITAS","created_at":"2022-05-12T21:58:03.246Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: VITAS","updated_at":"2022-05-12T21:58:03.246Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.015Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt041a600f9a4123bd","ACL":{},"alt_text_l10n":"Vimeo","created_at":"2022-05-12T21:58:03.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Vimeo","updated_at":"2022-05-12T21:58:03.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.008Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcfd649f747a6e232","ACL":{},"alt_text_l10n":"Verizon Business","created_at":"2022-05-12T21:58:02.898Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Verizon Business","updated_at":"2022-05-12T21:58:02.898Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.979Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14e12ede074158c9","ACL":{},"alt_text_l10n":"VELTRA","created_at":"2022-05-12T21:58:02.710Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: VELTRA","updated_at":"2022-05-12T21:58:02.710Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.192Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7ea26ad5fc793765","ACL":{},"alt_text_l10n":"Vandis","created_at":"2022-05-12T21:58:02.535Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Vandis","updated_at":"2022-05-12T21:58:02.535Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.465Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2203ed64e9786c6c","ACL":{},"alt_text_l10n":"USGS","created_at":"2022-05-12T21:58:02.367Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: USGS","updated_at":"2022-05-12T21:58:02.367Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.426Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltccc935fe8a1f29ba","ACL":{},"alt_text_l10n":"USAA","created_at":"2022-05-12T21:58:02.019Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: USAA","updated_at":"2022-05-12T21:58:02.019Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.959Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5de4351d329c977","ACL":{},"alt_text_l10n":"U.S. Census Bureau","created_at":"2022-05-12T21:58:01.828Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: U.S. Census Bureau","updated_at":"2022-05-12T21:58:01.828Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.700Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70b7be1d1e8ccb44","ACL":{},"alt_text_l10n":"University of Washington","created_at":"2022-05-12T21:58:01.647Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: University of Washington","updated_at":"2022-05-12T21:58:01.647Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.303Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2010c4f7bec1f9ad","ACL":{},"alt_text_l10n":"University of Oxford","created_at":"2022-05-12T21:58:01.474Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: University of Oxford","updated_at":"2022-05-12T21:58:01.474Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.364Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9bdf058039e5089b","ACL":{},"alt_text_l10n":"UCLA","created_at":"2022-05-12T21:58:01.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: UCLA","updated_at":"2022-05-12T21:58:01.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.607Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46f1e819a511f5d1","ACL":{},"alt_text_l10n":"Uber","created_at":"2022-05-12T21:58:01.109Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Uber","updated_at":"2022-05-12T21:58:01.109Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.137Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04691d5f3c58841e","ACL":{},"alt_text_l10n":"Twilio","created_at":"2022-05-12T21:58:00.926Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Twilio","updated_at":"2022-05-12T21:58:00.926Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.018Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blted80a9d45fb0acfd","ACL":{},"alt_text_l10n":"TV2","created_at":"2022-05-12T21:58:00.757Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TV2","updated_at":"2022-05-12T21:58:00.757Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.032Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8c9425f16c9672","ACL":{},"alt_text_l10n":"Travelport","created_at":"2022-05-12T21:58:00.576Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Travelport","updated_at":"2022-05-12T21:58:00.576Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt003b6fde98d77510","ACL":{},"alt_text_l10n":"Transit Wireless","created_at":"2022-05-12T21:58:00.405Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Transit Wireless","updated_at":"2022-05-12T21:58:00.405Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:52.981Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2f85af70aca589e9","ACL":{},"alt_text_l10n":"Tinder","created_at":"2022-05-12T21:58:00.229Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tinder","updated_at":"2022-05-12T21:58:00.229Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.580Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt75dd759b88e10d4f","ACL":{},"alt_text_l10n":"Ticketmaster","created_at":"2022-05-12T21:58:00.042Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ticketmaster","updated_at":"2022-05-12T21:58:00.042Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.378Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta48036c82747cd11","ACL":{},"alt_text_l10n":"Thought Machine","created_at":"2022-05-12T21:57:59.850Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Thought Machine","updated_at":"2022-05-12T21:57:59.850Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.667Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf0d546ca9881f6b","ACL":{},"alt_text_l10n":"Thomson Reuters","created_at":"2022-05-12T21:57:59.666Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Thomson Reuters","updated_at":"2022-05-12T21:57:59.666Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.754Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2f7c0e2579506913","ACL":{},"alt_text_l10n":"TheLadders","created_at":"2022-05-12T21:57:59.482Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TheLadders","updated_at":"2022-05-12T21:57:59.482Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.571Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9144d7bae77f3980","ACL":{},"alt_text_l10n":"The Warehouse Group","created_at":"2022-05-12T21:57:59.291Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Warehouse Group","updated_at":"2022-05-12T21:57:59.291Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.107Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf24dd4413895a40b","ACL":{},"alt_text_l10n":"The New York TImes","created_at":"2022-05-12T21:57:59.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The New York TImes","updated_at":"2022-05-12T21:57:59.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.076Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8429054e58ba5b24","ACL":{},"alt_text_l10n":"The Home Depot","created_at":"2022-05-12T21:57:58.927Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Home Depot","updated_at":"2022-05-12T21:57:58.927Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.524Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4d9b0dc0b5f353fe","ACL":{},"alt_text_l10n":"The Guardian","created_at":"2022-05-12T21:57:58.746Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Guardian","updated_at":"2022-05-12T21:57:58.746Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.181Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt834b83b884bd1cc3","ACL":{},"alt_text_l10n":"Texas A\u0026M - College of Engineering","created_at":"2022-05-12T21:57:58.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Texas A\u0026M - College of Engineering","updated_at":"2022-05-12T21:57:58.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.517Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8894252579fd84","ACL":{},"alt_text_l10n":"Terradue","created_at":"2022-05-12T21:57:58.388Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Terradue","updated_at":"2022-05-12T21:57:58.388Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.620Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d90e6427c85ef91","ACL":{},"alt_text_l10n":"Tencent Cloud Meeting","created_at":"2022-05-12T21:57:58.202Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tencent Cloud Meeting","updated_at":"2022-05-12T21:57:58.202Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.065Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaeee5f2a21417391","ACL":{},"alt_text_l10n":"Telefónica","created_at":"2022-05-12T21:57:58.017Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Telefónica","updated_at":"2022-05-12T21:57:58.017Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.747Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25c843667d1ed774","ACL":{},"alt_text_l10n":"TechCrunch","created_at":"2022-05-12T21:57:57.825Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TechCrunch","updated_at":"2022-05-12T21:57:57.825Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.463Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9b529fc1222a4f36","ACL":{},"alt_text_l10n":"Tanium","created_at":"2022-05-12T21:57:57.658Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tanium","updated_at":"2022-05-12T21:57:57.658Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.594Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6305a55e7e7805bd","ACL":{},"alt_text_l10n":"Tango","created_at":"2022-05-12T21:57:57.474Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tango","updated_at":"2022-05-12T21:57:57.474Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.552Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt825c87c4454c6156","ACL":{},"alt_text_l10n":"T-Mobile","created_at":"2022-05-12T21:57:57.290Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: T-Mobile","updated_at":"2022-05-12T21:57:57.290Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.504Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltca9187c8910c9b75","ACL":{},"alt_text_l10n":"Symantec","created_at":"2022-05-12T21:57:57.109Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Symantec","updated_at":"2022-05-12T21:57:57.109Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.933Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1328cc5ce7eb909b","ACL":{},"alt_text_l10n":"Swiss Life","created_at":"2022-05-12T21:57:56.925Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Swiss Life","updated_at":"2022-05-12T21:57:56.925Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.137Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2a813038618cda91","ACL":{},"alt_text_l10n":"SWIFT","created_at":"2022-05-12T21:57:56.742Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SWIFT","updated_at":"2022-05-12T21:57:56.742Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.459Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1d7a2be5c14c39d2","ACL":{},"alt_text_l10n":"SurveyMonkey","created_at":"2022-05-12T21:57:56.566Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SurveyMonkey","updated_at":"2022-05-12T21:57:56.566Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.324Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdc3097f3b5d94d31","ACL":{},"alt_text_l10n":"Sunhotels","created_at":"2022-05-12T21:57:56.390Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sunhotels","updated_at":"2022-05-12T21:57:56.390Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.857Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltead29dd9cb2c5198","ACL":{},"alt_text_l10n":"Stormfish","created_at":"2022-05-12T21:57:56.200Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Stormfish","updated_at":"2022-05-12T21:57:56.200Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt80fa85da43cd7f60","ACL":{},"alt_text_l10n":"St. Mary's University","created_at":"2022-05-12T21:57:56.027Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: St. Mary's University","updated_at":"2022-05-12T21:57:56.027Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.485Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt847355fe381f7d05","ACL":{},"alt_text_l10n":"Sprint","created_at":"2022-05-12T21:57:55.841Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sprint","updated_at":"2022-05-12T21:57:55.841Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.530Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd67becbdb7ec9752","ACL":{},"alt_text_l10n":"Spring","created_at":"2022-05-12T21:57:55.663Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Spring","updated_at":"2022-05-12T21:57:55.663Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.012Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte6bcf470301e8002","ACL":{},"alt_text_l10n":"Sovren","created_at":"2022-05-12T21:57:55.478Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sovren","updated_at":"2022-05-12T21:57:55.478Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.960Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5ecfdd579f982fb0","ACL":{},"alt_text_l10n":"Southern Glazer's Wine \u0026 Spirits","created_at":"2022-05-12T21:57:55.292Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Southern Glazer's Wine \u0026 Spirits","updated_at":"2022-05-12T21:57:55.292Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.474Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b10befcb9bdb126","ACL":{},"alt_text_l10n":"SoundCloud","created_at":"2022-05-12T21:57:55.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SoundCloud","updated_at":"2022-05-12T21:57:55.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8baf1d9627f2de05","ACL":{},"alt_text_l10n":"Softbank Payment Service","created_at":"2022-05-12T21:57:54.920Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Softbank Payment Service","updated_at":"2022-05-12T21:57:54.920Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.037Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7cdcf30b6d665e85","ACL":{},"alt_text_l10n":"Softbank Corp.","created_at":"2022-05-12T21:57:54.730Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Softbank Corp.","updated_at":"2022-05-12T21:57:54.730Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.429Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25e04f53c93351fb","ACL":{},"alt_text_l10n":"Snaptrip","created_at":"2022-05-12T21:57:54.537Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Snaptrip","updated_at":"2022-05-12T21:57:54.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.474Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4da985a0ca92072e","ACL":{},"alt_text_l10n":"SMD-AM","created_at":"2022-05-12T21:57:54.359Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SMD-AM","updated_at":"2022-05-12T21:57:54.359Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.191Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3cbfcef99ac81d47","ACL":{},"alt_text_l10n":"Smarter City Solutions","created_at":"2022-05-12T21:57:54.179Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Smarter City Solutions","updated_at":"2022-05-12T21:57:54.179Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt330fa677d395c5ea","ACL":{},"alt_text_l10n":"Slack","created_at":"2022-05-12T21:57:54.008Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Slack","updated_at":"2022-05-12T21:57:54.008Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85b53964d1493804","ACL":{},"alt_text_l10n":"Sky","created_at":"2022-05-12T21:57:53.820Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sky","updated_at":"2022-05-12T21:57:53.820Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.968Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt792089b53ea0fda5","ACL":{},"alt_text_l10n":"Sitecore","created_at":"2022-05-12T21:57:53.650Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sitecore","updated_at":"2022-05-12T21:57:53.650Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.408Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta1154eb7fbf7a01e","ACL":{},"alt_text_l10n":"Shopify","created_at":"2022-05-12T21:57:53.473Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Shopify","updated_at":"2022-05-12T21:57:53.473Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6b707f858a7d0f22","ACL":{},"alt_text_l10n":"Shopback","created_at":"2022-05-12T21:57:53.294Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Shopback","updated_at":"2022-05-12T21:57:53.294Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.236Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9069c20f7952e8e0","ACL":{},"alt_text_l10n":"SEEK","created_at":"2022-05-12T21:57:53.122Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SEEK","updated_at":"2022-05-12T21:57:53.122Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.092Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0a642541e26e5754","ACL":{},"alt_text_l10n":"Science Warehouse","created_at":"2022-05-12T21:57:52.945Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Science Warehouse","updated_at":"2022-05-12T21:57:52.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.078Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta8f6f46f2f41f207","ACL":{},"alt_text_l10n":"SAP Concur","created_at":"2022-05-12T21:57:52.769Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SAP Concur","updated_at":"2022-05-12T21:57:52.769Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.721Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt611c1ca06db3dc55","ACL":{},"alt_text_l10n":"Salesforce","created_at":"2022-05-12T21:57:52.588Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Salesforce","updated_at":"2022-05-12T21:57:52.588Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.515Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd8146b2d7dae5e77","ACL":{},"alt_text_l10n":"Safehouse","created_at":"2022-05-12T21:57:52.412Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Safehouse","updated_at":"2022-05-12T21:57:52.412Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.047Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte7dc3c618676f8ff","ACL":{},"alt_text_l10n":"RSN","created_at":"2022-05-12T21:57:52.073Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RSN","updated_at":"2022-05-12T21:57:52.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.970Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt862651b8bcbe5d28","ACL":{},"alt_text_l10n":"Royal Bank of Canada","created_at":"2022-05-12T21:57:51.901Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Royal Bank of Canada","updated_at":"2022-05-12T21:57:51.901Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.981Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt580fc883510ef9b8","ACL":{},"alt_text_l10n":"RockNSM","created_at":"2022-05-12T21:57:51.733Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RockNSM","updated_at":"2022-05-12T21:57:51.733Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.421Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf0f913e34900622","ACL":{},"alt_text_l10n":"Roanoke College","created_at":"2022-05-12T21:57:51.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Roanoke College","updated_at":"2022-05-12T21:57:51.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.517Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2bb106357877cd1f","ACL":{},"alt_text_l10n":"Rightmove","created_at":"2022-05-12T21:57:51.384Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Rightmove","updated_at":"2022-05-12T21:57:51.384Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.479Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcb4b07e8c157bb46","ACL":{},"alt_text_l10n":"Renault","created_at":"2022-05-12T21:57:51.202Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Renault","updated_at":"2022-05-12T21:57:51.202Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.945Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt57db4d6f8b0bd4d2","ACL":{},"alt_text_l10n":"RedOwl Analytics","created_at":"2022-05-12T21:57:51.024Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RedOwl Analytics","updated_at":"2022-05-12T21:57:51.024Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.412Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt22a59d21263ab48e","ACL":{},"alt_text_l10n":"Recruit","created_at":"2022-05-12T21:57:50.840Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Recruit","updated_at":"2022-05-12T21:57:50.840Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.434Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb67d20daef2bd6cf","ACL":{},"alt_text_l10n":"Rabobank","created_at":"2022-05-12T21:57:50.658Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Rabobank","updated_at":"2022-05-12T21:57:50.658Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.576Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3ce9488bcc7d69d8","ACL":{},"alt_text_l10n":"Quorum","created_at":"2022-05-12T21:57:50.475Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Quorum","updated_at":"2022-05-12T21:57:50.475Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.030Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt201cf8fc99ccc108","ACL":{},"alt_text_l10n":"Quizlet","created_at":"2022-05-12T21:57:50.292Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Quizlet","updated_at":"2022-05-12T21:57:50.292Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.372Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt05c374fa27ed03f2","ACL":{},"alt_text_l10n":"QTnet","created_at":"2022-05-12T21:57:50.108Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: QTnet","updated_at":"2022-05-12T21:57:50.108Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfcf7f1893b604a3c","ACL":{},"alt_text_l10n":"PSCU","created_at":"2022-05-12T21:57:49.943Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PSCU","updated_at":"2022-05-12T21:57:49.943Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.855Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf81259efba44d4e3","ACL":{},"alt_text_l10n":"PSA","created_at":"2022-05-12T21:57:49.773Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PSA","updated_at":"2022-05-12T21:57:49.773Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.819Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdcecac78674dc8ab","ACL":{},"alt_text_l10n":"Procter \u0026 Gamble","created_at":"2022-05-12T21:57:49.600Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Procter \u0026 Gamble","updated_at":"2022-05-12T21:57:49.600Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.869Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc9770a10c8eb80d3","ACL":{},"alt_text_l10n":"Postbank Systems","created_at":"2022-05-12T21:57:49.423Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Postbank Systems","updated_at":"2022-05-12T21:57:49.423Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.919Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6ee38ddf72b99fd5","ACL":{},"alt_text_l10n":"POSCO","created_at":"2022-05-12T21:57:49.242Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: POSCO","updated_at":"2022-05-12T21:57:49.242Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.256Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc07f288d971d6a3","ACL":{},"alt_text_l10n":"Polyconseil","created_at":"2022-05-12T21:57:49.065Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Polyconseil","updated_at":"2022-05-12T21:57:49.065Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.607Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaca3afd83df0dfc0","ACL":{},"alt_text_l10n":"Pfizer","created_at":"2022-05-12T21:57:48.882Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Pfizer","updated_at":"2022-05-12T21:57:48.882Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.741Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8e6bf57acd69142a","ACL":{},"alt_text_l10n":"Perched","created_at":"2022-05-12T21:57:48.711Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Perched","updated_at":"2022-05-12T21:57:48.711Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.078Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7ea0a788aea89f4f","ACL":{},"alt_text_l10n":"Perceivant","created_at":"2022-05-12T21:57:48.545Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Perceivant","updated_at":"2022-05-12T21:57:48.545Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.458Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b3b7f5e67bc9c5c","ACL":{},"alt_text_l10n":"Penske Media","created_at":"2022-05-12T21:57:48.373Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Penske Media","updated_at":"2022-05-12T21:57:48.373Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.254Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt64ce098751f354e3","ACL":{},"alt_text_l10n":"PedidosYa","created_at":"2022-05-12T21:57:48.192Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PedidosYa","updated_at":"2022-05-12T21:57:48.192Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.584Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0ae045b430090a68","ACL":{},"alt_text_l10n":"Paylocity","created_at":"2022-05-12T21:57:48.010Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Paylocity","updated_at":"2022-05-12T21:57:48.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.095Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt072fb0b05b3f5c88","ACL":{},"alt_text_l10n":"Oui.SNCF","created_at":"2022-05-12T21:57:47.822Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Oui.SNCF","updated_at":"2022-05-12T21:57:47.822Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.060Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt908e97f524a30cdf","ACL":{},"alt_text_l10n":"OTTO Motors","created_at":"2022-05-12T21:57:47.645Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OTTO Motors","updated_at":"2022-05-12T21:57:47.645Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.100Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e8fb5f9325f7d39","ACL":{},"alt_text_l10n":"OTTO","created_at":"2022-05-12T21:57:47.458Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OTTO","updated_at":"2022-05-12T21:57:47.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.452Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7028ca66c7171d26","ACL":{},"alt_text_l10n":"Orange","created_at":"2022-05-12T21:57:47.274Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Orange","updated_at":"2022-05-12T21:57:47.274Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.286Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt943a44fd55656c43","ACL":{},"alt_text_l10n":"Optum","created_at":"2022-05-12T21:57:47.092Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Optum","updated_at":"2022-05-12T21:57:47.092Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.559Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70df0dd6d4bd5b34","ACL":{},"alt_text_l10n":"Opsys","created_at":"2022-05-12T21:57:46.909Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Opsys","updated_at":"2022-05-12T21:57:46.909Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.311Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta63a0bcbab92e09e","ACL":{},"alt_text_l10n":"OLX","created_at":"2022-05-12T21:57:46.721Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OLX","updated_at":"2022-05-12T21:57:46.721Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.702Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3ff81397984cb94d","ACL":{},"alt_text_l10n":"Oak Ridge National Laboratory","created_at":"2022-05-12T21:57:46.532Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Oak Ridge National Laboratory","updated_at":"2022-05-12T21:57:46.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.048Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4664222954f06060","ACL":{},"alt_text_l10n":"NYU Libraries","created_at":"2022-05-12T21:57:46.338Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NYU Libraries","updated_at":"2022-05-12T21:57:46.338Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.110Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0bcaaf2444d7c3f8","ACL":{},"alt_text_l10n":"Nvidia","created_at":"2022-05-12T21:57:46.164Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nvidia","updated_at":"2022-05-12T21:57:46.164Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf36c3eb65d37ab5","ACL":{},"alt_text_l10n":"NSHC","created_at":"2022-05-12T21:57:45.981Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NSHC","updated_at":"2022-05-12T21:57:45.981Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.530Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltab39a95c4172e622","ACL":{},"alt_text_l10n":"NS1","created_at":"2022-05-12T21:57:45.794Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NS1","updated_at":"2022-05-12T21:57:45.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.735Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8c31a221acd52c5a","ACL":{},"alt_text_l10n":"NS Solutions Corporation","created_at":"2022-05-12T21:57:45.608Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NS Solutions Corporation","updated_at":"2022-05-12T21:57:45.608Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.056Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6709b8541d0815c5","ACL":{},"alt_text_l10n":"Nikkei","created_at":"2022-05-12T21:57:45.419Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nikkei","updated_at":"2022-05-12T21:57:45.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.621Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6f4074f98dbae885","ACL":{},"alt_text_l10n":"Night Shift Development","created_at":"2022-05-12T21:57:45.243Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Night Shift Development","updated_at":"2022-05-12T21:57:45.243Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.268Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9dcff8c1b1377e8f","ACL":{},"alt_text_l10n":"Networked Insights","created_at":"2022-05-12T21:57:45.065Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Networked Insights","updated_at":"2022-05-12T21:57:45.065Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.614Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6bf7aa642cb8e9a","ACL":{},"alt_text_l10n":"Netshoes","created_at":"2022-05-12T21:57:44.892Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Netshoes","updated_at":"2022-05-12T21:57:44.892Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.584Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd76633804a42c942","ACL":{},"alt_text_l10n":"Netflix","created_at":"2022-05-12T21:57:44.711Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Netflix","updated_at":"2022-05-12T21:57:44.711Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.027Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltca8f8783e97bea1f","ACL":{},"alt_text_l10n":"NetApp","created_at":"2022-05-12T21:57:44.532Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NetApp","updated_at":"2022-05-12T21:57:44.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.925Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt17fc47c5abbe4c1c","ACL":{},"alt_text_l10n":"NEHGS","created_at":"2022-05-12T21:57:44.350Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NEHGS","updated_at":"2022-05-12T21:57:44.350Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.230Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3e54ba54127d24bd","ACL":{},"alt_text_l10n":"NCIS Cyber Directorate","created_at":"2022-05-12T21:57:44.164Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NCIS Cyber Directorate","updated_at":"2022-05-12T21:57:44.164Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4bbc68ebaf30099a","ACL":{},"alt_text_l10n":"Naver","created_at":"2022-05-12T21:57:43.999Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Naver","updated_at":"2022-05-12T21:57:43.999Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.163Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf7afe5d3cdaa6862","ACL":{},"alt_text_l10n":"Nature Conservancy","created_at":"2022-05-12T21:57:43.807Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nature Conservancy","updated_at":"2022-05-12T21:57:43.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.811Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8e437a5b95b79df9","ACL":{},"alt_text_l10n":"Nativo","created_at":"2022-05-12T21:57:43.619Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nativo","updated_at":"2022-05-12T21:57:43.619Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.072Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc40c312e4aca253b","ACL":{},"alt_text_l10n":"NASA JPL","created_at":"2022-05-12T21:57:43.435Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NASA JPL","updated_at":"2022-05-12T21:57:43.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.685Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt358748740d7f2c04","ACL":{},"alt_text_l10n":"Mozilla","created_at":"2022-05-12T21:57:43.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mozilla","updated_at":"2022-05-12T21:57:43.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.636Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt31e1ed6c97e40da4","ACL":{},"alt_text_l10n":"MM Karton","created_at":"2022-05-12T21:57:43.063Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MM Karton","updated_at":"2022-05-12T21:57:43.063Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.598Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt73e9101810d88831","ACL":{},"alt_text_l10n":"Mindcurv","created_at":"2022-05-12T21:57:42.880Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mindcurv","updated_at":"2022-05-12T21:57:42.880Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.352Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltede68c6a1588ba41","ACL":{},"alt_text_l10n":"Miles \u0026 More","created_at":"2022-05-12T21:57:42.695Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Miles \u0026 More","updated_at":"2022-05-12T21:57:42.695Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9e2ce1c18cb74ecd","ACL":{},"alt_text_l10n":"Microsoft","created_at":"2022-05-12T21:57:42.521Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Microsoft","updated_at":"2022-05-12T21:57:42.521Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte084cb4a80073efd","ACL":{},"alt_text_l10n":"MetaWater","created_at":"2022-05-12T21:57:42.337Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MetaWater","updated_at":"2022-05-12T21:57:42.337Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.910Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdbde9d57a2f32119","ACL":{},"alt_text_l10n":"Merck","created_at":"2022-05-12T21:57:42.144Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Merck","updated_at":"2022-05-12T21:57:42.144Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.061Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt817ff69c8eabf6bd","ACL":{},"alt_text_l10n":"MercadoLibre","created_at":"2022-05-12T21:57:41.964Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MercadoLibre","updated_at":"2022-05-12T21:57:41.964Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.491Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0836ceb141cc4194","ACL":{},"alt_text_l10n":"Megazone","created_at":"2022-05-12T21:57:41.767Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Megazone","updated_at":"2022-05-12T21:57:41.767Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.069Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0d829f7f8e82e424","ACL":{},"alt_text_l10n":"McQueen Solutions","created_at":"2022-05-12T21:57:41.596Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: McQueen Solutions","updated_at":"2022-05-12T21:57:41.596Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.120Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt20421599022f8375","ACL":{},"alt_text_l10n":"Mayo Clinic","created_at":"2022-05-12T21:57:41.418Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mayo Clinic","updated_at":"2022-05-12T21:57:41.418Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.392Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt43dd0149d9e9e8cd","ACL":{},"alt_text_l10n":"Maryland Innovation and Security Institute","created_at":"2022-05-12T21:57:41.233Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Maryland Innovation and Security Institute","updated_at":"2022-05-12T21:57:41.233Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.091Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcf91fc612ef4515c","ACL":{},"alt_text_l10n":"Martin's Point Health Care","created_at":"2022-05-12T21:57:41.056Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Martin's Point Health Care","updated_at":"2022-05-12T21:57:41.056Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.973Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte42b299c5ef7c0d4","ACL":{},"alt_text_l10n":"MAPP","created_at":"2022-05-12T21:57:40.871Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MAPP","updated_at":"2022-05-12T21:57:40.871Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.928Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf745937643d7f8b","ACL":{},"alt_text_l10n":"Mapbox","created_at":"2022-05-12T21:57:40.684Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mapbox","updated_at":"2022-05-12T21:57:40.684Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.901Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltddc2f5ef86908dde","ACL":{},"alt_text_l10n":"Machine Zone","created_at":"2022-05-12T21:57:40.506Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Machine Zone","updated_at":"2022-05-12T21:57:40.506Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.879Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt937b6ee4d5531347","ACL":{},"alt_text_l10n":"Lyft","created_at":"2022-05-12T21:57:40.156Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lyft","updated_at":"2022-05-12T21:57:40.156Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.140Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14588035404bcd09","ACL":{},"alt_text_l10n":"LiveChat","created_at":"2022-05-12T21:57:39.966Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: LiveChat","updated_at":"2022-05-12T21:57:39.966Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70261775a4428c78","ACL":{},"alt_text_l10n":"Linklaters","created_at":"2022-05-12T21:57:39.778Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Linklaters","updated_at":"2022-05-12T21:57:39.778Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.280Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14331a9b21f8fa8b","ACL":{},"alt_text_l10n":"LINE","created_at":"2022-05-12T21:57:39.604Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: LINE","updated_at":"2022-05-12T21:57:39.604Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.165Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt619a625bd0ac77cf","ACL":{},"alt_text_l10n":"Lexer","created_at":"2022-05-12T21:57:39.426Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lexer","updated_at":"2022-05-12T21:57:39.426Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.534Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt71b9283f80a8a0d4","ACL":{},"alt_text_l10n":"Lenovo","created_at":"2022-05-12T21:57:39.244Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lenovo","updated_at":"2022-05-12T21:57:39.244Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.323Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc05b1bec86155ae5","ACL":{},"alt_text_l10n":"Kyruus","created_at":"2022-05-12T21:57:39.061Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kyruus","updated_at":"2022-05-12T21:57:39.061Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.657Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt13159e22be69f396","ACL":{},"alt_text_l10n":"Kroger","created_at":"2022-05-12T21:57:38.891Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kroger","updated_at":"2022-05-12T21:57:38.891Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.128Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f8585834b922051","ACL":{},"alt_text_l10n":"KPN","created_at":"2022-05-12T21:57:38.702Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: KPN","updated_at":"2022-05-12T21:57:38.702Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.497Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dc9b2d8d5ad4db7","ACL":{},"alt_text_l10n":"KeyBank","created_at":"2022-05-12T21:57:38.523Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: KeyBank","updated_at":"2022-05-12T21:57:38.523Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.538Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8280878e34b0ff93","ACL":{},"alt_text_l10n":"Kaidee","created_at":"2022-05-12T21:57:38.352Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kaidee","updated_at":"2022-05-12T21:57:38.352Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.511Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1391191d97d992d9","ACL":{},"alt_text_l10n":"Kadokawa CONNECTED","created_at":"2022-05-12T21:57:38.177Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kadokawa CONNECTED","updated_at":"2022-05-12T21:57:38.177Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.146Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9fd830e07c9cc6fb","ACL":{},"alt_text_l10n":"Just Eat","created_at":"2022-05-12T21:57:37.992Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Just Eat","updated_at":"2022-05-12T21:57:37.992Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.637Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb8a4fdac0ae40a61","ACL":{},"alt_text_l10n":"JPL","created_at":"2022-05-12T21:57:37.813Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: JPL","updated_at":"2022-05-12T21:57:37.813Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.600Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb0964f9f16c25eb5","ACL":{},"alt_text_l10n":"John Deere","created_at":"2022-05-12T21:57:37.639Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: John Deere","updated_at":"2022-05-12T21:57:37.639Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.550Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6f6f3d4eb227c066","ACL":{},"alt_text_l10n":"Jobrapido","created_at":"2022-05-12T21:57:37.456Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Jobrapido","updated_at":"2022-05-12T21:57:37.456Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.275Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte60c478b182f1e28","ACL":{},"alt_text_l10n":"Jaguar","created_at":"2022-05-12T21:57:37.279Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Jaguar","updated_at":"2022-05-12T21:57:37.279Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.951Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd2ef43ebefe90c5e","ACL":{},"alt_text_l10n":"ITV","created_at":"2022-05-12T21:57:37.101Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ITV","updated_at":"2022-05-12T21:57:37.101Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c7be770d8ac5cdd","ACL":{},"alt_text_l10n":"International University","created_at":"2022-05-12T21:57:36.929Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: International University","updated_at":"2022-05-12T21:57:36.929Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.510Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt236abef8892fda2c","ACL":{},"alt_text_l10n":"Intercontinental Hotel Group","created_at":"2022-05-12T21:57:36.751Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Intercontinental Hotel Group","updated_at":"2022-05-12T21:57:36.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.445Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1f4671bf6cb5fe6f","ACL":{},"alt_text_l10n":"Instructables","created_at":"2022-05-12T21:57:36.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Instructables","updated_at":"2022-05-12T21:57:36.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.335Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7eed649ba201444d","ACL":{},"alt_text_l10n":"Ingram Micro","created_at":"2022-05-12T21:57:36.394Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ingram Micro","updated_at":"2022-05-12T21:57:36.394Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.471Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2a69653c47f14806","ACL":{},"alt_text_l10n":"ING Spain","created_at":"2022-05-12T21:57:36.205Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ING Spain","updated_at":"2022-05-12T21:57:36.205Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.447Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt735dbf124107fc63","ACL":{},"alt_text_l10n":"InfoTrack","created_at":"2022-05-12T21:57:36.021Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: InfoTrack","updated_at":"2022-05-12T21:57:36.021Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.329Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc03d0bc199e594fc","ACL":{},"alt_text_l10n":"Influence Health","created_at":"2022-05-12T21:57:35.839Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Influence Health","updated_at":"2022-05-12T21:57:35.839Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.650Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt42dbb5d3325bf8e6","ACL":{},"alt_text_l10n":"IEEE Globalspec","created_at":"2022-05-12T21:57:35.664Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IEEE Globalspec","updated_at":"2022-05-12T21:57:35.664Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.065Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5fe54212c803d01b","ACL":{},"alt_text_l10n":"IBM","created_at":"2022-05-12T21:57:35.485Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IBM","updated_at":"2022-05-12T21:57:35.485Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.506Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt004e9806914497f1","ACL":{},"alt_text_l10n":"IACT Corporation","created_at":"2022-05-12T21:57:35.300Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IACT Corporation","updated_at":"2022-05-12T21:57:35.300Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:52.992Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1ce9add6379481b4","ACL":{},"alt_text_l10n":"i3 Systems, Inc.","created_at":"2022-05-12T21:57:35.104Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: i3 Systems, Inc.","updated_at":"2022-05-12T21:57:35.104Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.299Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4c773c89346597c4","ACL":{},"alt_text_l10n":"Hoshino Resorts","created_at":"2022-05-12T21:57:34.928Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hoshino Resorts","updated_at":"2022-05-12T21:57:34.928Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.172Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt89acbe4ef0c352dc","ACL":{},"alt_text_l10n":"HolidayCheck","created_at":"2022-05-12T21:57:34.757Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HolidayCheck","updated_at":"2022-05-12T21:57:34.757Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.987Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte994377bd1a2b0ab","ACL":{},"alt_text_l10n":"Hitachi Solutions, Ltd.","created_at":"2022-05-12T21:57:34.576Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hitachi Solutions, Ltd.","updated_at":"2022-05-12T21:57:34.576Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.994Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt736af6f2540ccf24","ACL":{},"alt_text_l10n":"Hill AFB","created_at":"2022-05-12T21:57:34.383Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hill AFB","updated_at":"2022-05-12T21:57:34.383Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.335Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46881cdd850dfb82","ACL":{},"alt_text_l10n":"HELK","created_at":"2022-05-12T21:57:34.192Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HELK","updated_at":"2022-05-12T21:57:34.192Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.120Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5bf86d044dacd94c","ACL":{},"alt_text_l10n":"Harel Insurance","created_at":"2022-05-12T21:57:34.015Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Harel Insurance","updated_at":"2022-05-12T21:57:34.015Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.431Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf8ae2ebe361b971e","ACL":{},"alt_text_l10n":"HappyFresh","created_at":"2022-05-12T21:57:33.832Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HappyFresh","updated_at":"2022-05-12T21:57:33.832Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.825Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2827c97eb54874db","ACL":{},"alt_text_l10n":"H-E-B","created_at":"2022-05-12T21:57:33.650Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: H-E-B","updated_at":"2022-05-12T21:57:33.650Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.482Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16962bead1ff5c2f","ACL":{},"alt_text_l10n":"GuideStar","created_at":"2022-05-12T21:57:33.462Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GuideStar","updated_at":"2022-05-12T21:57:33.462Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.216Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3637ab36d3cf00bd","ACL":{},"alt_text_l10n":"Grubhub","created_at":"2022-05-12T21:57:33.285Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Grubhub","updated_at":"2022-05-12T21:57:33.285Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.663Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2174aaedb55466c3","ACL":{},"alt_text_l10n":"Groupon","created_at":"2022-05-12T21:57:33.105Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Groupon","updated_at":"2022-05-12T21:57:33.105Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.400Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt643e844c65ad43d6","ACL":{},"alt_text_l10n":"Green Man Gaming","created_at":"2022-05-12T21:57:32.921Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Green Man Gaming","updated_at":"2022-05-12T21:57:32.921Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.570Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt162646657593d87d","ACL":{},"alt_text_l10n":"Grab","created_at":"2022-05-12T21:57:32.733Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Grab","updated_at":"2022-05-12T21:57:32.733Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.195Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf02966382eca42b1","ACL":{},"alt_text_l10n":"Goldman Sachs","created_at":"2022-05-12T21:57:32.542Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Goldman Sachs","updated_at":"2022-05-12T21:57:32.542Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.059Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte4e89304a7574f1e","ACL":{},"alt_text_l10n":"GoDaddy","created_at":"2022-05-12T21:57:32.353Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GoDaddy","updated_at":"2022-05-12T21:57:32.353Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3620a9aafb8449c6","ACL":{},"alt_text_l10n":"Glomex","created_at":"2022-05-12T21:57:32.179Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Glomex","updated_at":"2022-05-12T21:57:32.179Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.654Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb08f8eea0cc7c703","ACL":{},"alt_text_l10n":"Globo.com","created_at":"2022-05-12T21:57:32.009Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Globo.com","updated_at":"2022-05-12T21:57:32.009Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.544Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt89d994d63cf310fc","ACL":{},"alt_text_l10n":"GitHub","created_at":"2022-05-12T21:57:31.841Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GitHub","updated_at":"2022-05-12T21:57:31.841Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7441d533eec880d6","ACL":{},"alt_text_l10n":"General Mills","created_at":"2022-05-12T21:57:31.651Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: General Mills","updated_at":"2022-05-12T21:57:31.651Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.358Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf288a36717eaaef8","ACL":{},"alt_text_l10n":"GDIT","created_at":"2022-05-12T21:57:31.463Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GDIT","updated_at":"2022-05-12T21:57:31.463Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.084Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteee3e8992031a364","ACL":{},"alt_text_l10n":"Future Architect","created_at":"2022-05-12T21:57:31.270Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Future Architect","updated_at":"2022-05-12T21:57:31.270Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.050Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2d7d2bd434299759","ACL":{},"alt_text_l10n":"Furuno","created_at":"2022-05-12T21:57:31.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Furuno","updated_at":"2022-05-12T21:57:31.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.520Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35a9a1a7c28fdd8d","ACL":{},"alt_text_l10n":"Fujitsu","created_at":"2022-05-12T21:57:30.890Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fujitsu","updated_at":"2022-05-12T21:57:30.890Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.645Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1aa6cbe99dcac236","ACL":{},"alt_text_l10n":"Forcura","created_at":"2022-05-12T21:57:30.703Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Forcura","updated_at":"2022-05-12T21:57:30.703Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.238Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt781b08c2db99e45f","ACL":{},"alt_text_l10n":"Fitbit","created_at":"2022-05-12T21:57:30.516Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fitbit","updated_at":"2022-05-12T21:57:30.516Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.396Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dbf4c42724f2ea0","ACL":{},"alt_text_l10n":"FireEye","created_at":"2022-05-12T21:57:30.340Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: FireEye","updated_at":"2022-05-12T21:57:30.340Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.528Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd769a34479b15e33","ACL":{},"alt_text_l10n":"FICO","created_at":"2022-05-12T21:57:30.160Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: FICO","updated_at":"2022-05-12T21:57:30.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.034Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8a38ad997b77bbc2","ACL":{},"alt_text_l10n":"Fermilab","created_at":"2022-05-12T21:57:29.984Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fermilab","updated_at":"2022-05-12T21:57:29.984Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc76231546962bffb","ACL":{},"alt_text_l10n":"Feedzai","created_at":"2022-05-12T21:57:29.811Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Feedzai","updated_at":"2022-05-12T21:57:29.811Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.896Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt690eeda44c18819d","ACL":{},"alt_text_l10n":"Fastenal","created_at":"2022-05-12T21:57:29.633Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fastenal","updated_at":"2022-05-12T21:57:29.633Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.229Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2b7bf262bf551aec","ACL":{},"alt_text_l10n":"Fandango","created_at":"2022-05-12T21:57:29.452Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fandango","updated_at":"2022-05-12T21:57:29.452Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.469Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc929f4008f714e59","ACL":{},"alt_text_l10n":"Fairfax Media","created_at":"2022-05-12T21:57:29.092Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fairfax Media","updated_at":"2022-05-12T21:57:29.092Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.912Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e7fd96603032488","ACL":{},"alt_text_l10n":"Facebook","created_at":"2022-05-12T21:57:28.890Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Facebook","updated_at":"2022-05-12T21:57:28.890Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.446Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd0d93313722dd2e1","ACL":{},"alt_text_l10n":"EZFarm","created_at":"2022-05-12T21:57:28.708Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EZFarm","updated_at":"2022-05-12T21:57:28.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.986Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltecdc5cc97bf234bc","ACL":{},"alt_text_l10n":"Eventbrite","created_at":"2022-05-12T21:57:28.522Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Eventbrite","updated_at":"2022-05-12T21:57:28.522Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.023Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt56b906ebb6f676cb","ACL":{},"alt_text_l10n":"eStruxture Data","created_at":"2022-05-12T21:57:28.349Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eStruxture Data","updated_at":"2022-05-12T21:57:28.349Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.403Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt657193c765ffef39","ACL":{},"alt_text_l10n":"ESRI","created_at":"2022-05-12T21:57:28.158Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ESRI","updated_at":"2022-05-12T21:57:28.158Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.602Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdb9a794bae332d96","ACL":{},"alt_text_l10n":"Erste Group","created_at":"2022-05-12T21:57:27.979Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Erste Group","updated_at":"2022-05-12T21:57:27.979Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.054Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt49a78b721edd1534","ACL":{},"alt_text_l10n":"EO Media Group","created_at":"2022-05-12T21:57:27.793Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EO Media Group","updated_at":"2022-05-12T21:57:27.793Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.153Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt77a0596e546d62e8","ACL":{},"alt_text_l10n":"Entel","created_at":"2022-05-12T21:57:27.618Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Entel","updated_at":"2022-05-12T21:57:27.618Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.390Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta6070c11de65133d","ACL":{},"alt_text_l10n":"Engadget","created_at":"2022-05-12T21:57:27.428Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Engadget","updated_at":"2022-05-12T21:57:27.428Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.691Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt311889e3633908f5","ACL":{},"alt_text_l10n":"EnergyIQ","created_at":"2022-05-12T21:57:27.242Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EnergyIQ","updated_at":"2022-05-12T21:57:27.242Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.589Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9aad212543bb93b8","ACL":{},"alt_text_l10n":"Energisa","created_at":"2022-05-12T21:57:27.064Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Energisa","updated_at":"2022-05-12T21:57:27.064Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.581Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt78fdbcfeb35ca451","ACL":{},"alt_text_l10n":"Emirates NBD","created_at":"2022-05-12T21:57:26.883Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Emirates NBD","updated_at":"2022-05-12T21:57:26.883Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.402Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc3603d7c93395084","ACL":{},"alt_text_l10n":"Emerson","created_at":"2022-05-12T21:57:26.707Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Emerson","updated_at":"2022-05-12T21:57:26.707Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.678Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5e1a095dd42f4098","ACL":{},"alt_text_l10n":"Ellie Mae","created_at":"2022-05-12T21:57:26.531Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ellie Mae","updated_at":"2022-05-12T21:57:26.531Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.465Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc53d4bcfc5b07995","ACL":{},"alt_text_l10n":"Eleven Paths (Telefonica)","created_at":"2022-05-12T21:57:26.359Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Eleven Paths (Telefonica)","updated_at":"2022-05-12T21:57:26.359Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.692Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0abc351d0de4b19c","ACL":{},"alt_text_l10n":"eDreams","created_at":"2022-05-12T21:57:26.182Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eDreams","updated_at":"2022-05-12T21:57:26.182Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.086Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b0869c1257af6f","ACL":{},"alt_text_l10n":"ECS","created_at":"2022-05-12T21:57:26.002Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ECS","updated_at":"2022-05-12T21:57:26.002Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8511898223432dbb","ACL":{},"alt_text_l10n":"ECI","created_at":"2022-05-12T21:57:25.826Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ECI","updated_at":"2022-05-12T21:57:25.826Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.948Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf0f3f31d0d252c86","ACL":{},"alt_text_l10n":"eBay Korea","created_at":"2022-05-12T21:57:25.640Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eBay Korea","updated_at":"2022-05-12T21:57:25.640Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.067Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta32be99cd1d4c367","ACL":{},"alt_text_l10n":"eBay","created_at":"2022-05-12T21:57:25.460Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eBay","updated_at":"2022-05-12T21:57:25.460Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.661Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcbb2d798784eba3d","ACL":{},"alt_text_l10n":"E*Trade","created_at":"2022-05-12T21:57:25.277Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: E*Trade","updated_at":"2022-05-12T21:57:25.277Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.951Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt71288564a765a1cd","ACL":{},"alt_text_l10n":"DVLA","created_at":"2022-05-12T21:57:25.100Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DVLA","updated_at":"2022-05-12T21:57:25.100Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.317Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c67ffa73de8934b","ACL":{},"alt_text_l10n":"DramaFever","created_at":"2022-05-12T21:57:24.925Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DramaFever","updated_at":"2022-05-12T21:57:24.925Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.501Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt708bd1d551d6b5fa","ACL":{},"alt_text_l10n":"Docker","created_at":"2022-05-12T21:57:24.742Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Docker","updated_at":"2022-05-12T21:57:24.742Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.292Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6e40de2e7d79f3d1","ACL":{},"alt_text_l10n":"Direa","created_at":"2022-05-12T21:57:24.559Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Direa","updated_at":"2022-05-12T21:57:24.559Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.249Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta5d3c8b15d9cc43e","ACL":{},"alt_text_l10n":"DigitalOcean","created_at":"2022-05-12T21:57:24.386Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DigitalOcean","updated_at":"2022-05-12T21:57:24.386Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.684Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c63efdfda661ff3","ACL":{},"alt_text_l10n":"Devsisters","created_at":"2022-05-12T21:57:24.187Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Devsisters","updated_at":"2022-05-12T21:57:24.187Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.491Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2e89075a711e951a","ACL":{},"alt_text_l10n":"Devon Energy","created_at":"2022-05-12T21:57:24.012Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Devon Energy","updated_at":"2022-05-12T21:57:24.012Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.561Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt555807c9e4f92ae9","ACL":{},"alt_text_l10n":"Deutsche Telekom","created_at":"2022-05-12T21:57:23.832Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Deutsche Telekom","updated_at":"2022-05-12T21:57:23.832Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.380Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1478f1de8a987884","ACL":{},"alt_text_l10n":"DerbySoft","created_at":"2022-05-12T21:57:23.641Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DerbySoft","updated_at":"2022-05-12T21:57:23.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7b357913affc0bed","ACL":{},"alt_text_l10n":"Dell","created_at":"2022-05-12T21:57:23.447Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Dell","updated_at":"2022-05-12T21:57:23.447Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.416Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc2d2aadf8e1e6b14","ACL":{},"alt_text_l10n":"Delhivery","created_at":"2022-05-12T21:57:23.257Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Delhivery","updated_at":"2022-05-12T21:57:23.257Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.664Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9e137cb171447e0f","ACL":{},"alt_text_l10n":"Deezer","created_at":"2022-05-12T21:57:23.073Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Deezer","updated_at":"2022-05-12T21:57:23.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.620Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb769ee6a691fbb71","ACL":{},"alt_text_l10n":"DC Thomson","created_at":"2022-05-12T21:57:22.894Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DC Thomson","updated_at":"2022-05-12T21:57:22.894Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.591Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7c1101be396cf896","ACL":{},"alt_text_l10n":"Cybozu, Inc.","created_at":"2022-05-12T21:57:22.708Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cybozu, Inc.","updated_at":"2022-05-12T21:57:22.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.423Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc74a3827872a4c74","ACL":{},"alt_text_l10n":"Cyber Security Innovations","created_at":"2022-05-12T21:57:22.531Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cyber Security Innovations","updated_at":"2022-05-12T21:57:22.531Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.713Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8bb6b5af5b7b8ab4","ACL":{},"alt_text_l10n":"Ctrip","created_at":"2022-05-12T21:57:22.336Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ctrip","updated_at":"2022-05-12T21:57:22.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.049Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt855d52164e1ca9e5","ACL":{},"alt_text_l10n":"Ctcue","created_at":"2022-05-12T21:57:22.155Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ctcue","updated_at":"2022-05-12T21:57:22.155Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.955Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt653cdbbf95e42227","ACL":{},"alt_text_l10n":"CSX","created_at":"2022-05-12T21:57:21.976Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CSX","updated_at":"2022-05-12T21:57:21.976Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.593Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf6120d8cf05815aa","ACL":{},"alt_text_l10n":"CSG","created_at":"2022-05-12T21:57:21.793Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CSG","updated_at":"2022-05-12T21:57:21.793Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.786Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3833e1f60ec9cd27","ACL":{},"alt_text_l10n":"Crimson Macaw","created_at":"2022-05-12T21:57:21.613Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Crimson Macaw","updated_at":"2022-05-12T21:57:21.613Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.690Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb0f71917411c7165","ACL":{},"alt_text_l10n":"Credit Suisse","created_at":"2022-05-12T21:57:21.439Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Credit Suisse","updated_at":"2022-05-12T21:57:21.439Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.557Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt763ca652cfdf4199","ACL":{},"alt_text_l10n":"CreatorIQ","created_at":"2022-05-12T21:57:21.249Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CreatorIQ","updated_at":"2022-05-12T21:57:21.249Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14270cff94d0b91e","ACL":{},"alt_text_l10n":"Creationline, Inc.","created_at":"2022-05-12T21:57:21.072Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Creationline, Inc.","updated_at":"2022-05-12T21:57:21.072Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.155Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt38a79e3bbce1f126","ACL":{},"alt_text_l10n":"Cox Communications","created_at":"2022-05-12T21:57:20.875Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cox Communications","updated_at":"2022-05-12T21:57:20.875Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.011Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfe9e34bbd7d78d8b","ACL":{},"alt_text_l10n":"COS (Center for Open Science)","created_at":"2022-05-12T21:57:20.676Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: COS (Center for Open Science)","updated_at":"2022-05-12T21:57:20.676Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.862Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt67635abc692a4f85","ACL":{},"alt_text_l10n":"Concur","created_at":"2022-05-12T21:57:20.476Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Concur","updated_at":"2022-05-12T21:57:20.476Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.220Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7d294d29cb60c6d9","ACL":{},"alt_text_l10n":"Compare Group","created_at":"2022-05-12T21:57:20.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Compare Group","updated_at":"2022-05-12T21:57:20.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85db1d2488eba1ba","ACL":{},"alt_text_l10n":"Collector Bank","created_at":"2022-05-12T21:57:20.118Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Collector Bank","updated_at":"2022-05-12T21:57:20.118Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.974Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6647ff4f98fcda00","ACL":{},"alt_text_l10n":"Cogenta","created_at":"2022-05-12T21:57:19.940Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cogenta","updated_at":"2022-05-12T21:57:19.940Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.611Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteb40080095a4594e","ACL":{},"alt_text_l10n":"City of Wilson","created_at":"2022-05-12T21:57:19.764Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: City of Wilson","updated_at":"2022-05-12T21:57:19.764Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.014Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd1a19a3c02b08c5d","ACL":{},"alt_text_l10n":"City of Portland","created_at":"2022-05-12T21:57:19.575Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: City of Portland","updated_at":"2022-05-12T21:57:19.575Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.992Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fd0299de109ba7a","ACL":{},"alt_text_l10n":"Citigroup","created_at":"2022-05-12T21:57:19.384Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citigroup","updated_at":"2022-05-12T21:57:19.384Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.351Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd6ae3e1628e85d5d","ACL":{},"alt_text_l10n":"Citi","created_at":"2022-05-12T21:57:19.194Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citi","updated_at":"2022-05-12T21:57:19.194Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.019Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt612c38ebc6aaeac5","ACL":{},"alt_text_l10n":"Citadel Group","created_at":"2022-05-12T21:57:19.018Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citadel Group","updated_at":"2022-05-12T21:57:19.018Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.524Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd21340b32a621fa2","ACL":{},"alt_text_l10n":"Cisco Talos","created_at":"2022-05-12T21:57:18.825Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cisco Talos","updated_at":"2022-05-12T21:57:18.825Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.998Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt74ba0723cf3acde8","ACL":{},"alt_text_l10n":"Cisco","created_at":"2022-05-12T21:57:18.647Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cisco","updated_at":"2022-05-12T21:57:18.647Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.370Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b781258dfabe57b","ACL":{},"alt_text_l10n":"Cigna","created_at":"2022-05-12T21:57:18.463Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cigna","updated_at":"2022-05-12T21:57:18.463Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.272Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ba98de9d8529e9","ACL":{},"alt_text_l10n":"CESICAT","created_at":"2022-05-12T21:57:18.289Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CESICAT","updated_at":"2022-05-12T21:57:18.289Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.100Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt93f0545de609d110","ACL":{},"alt_text_l10n":"Cerner","created_at":"2022-05-12T21:57:18.101Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cerner","updated_at":"2022-05-12T21:57:18.101Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt946a82b512625e87","ACL":{},"alt_text_l10n":"CERN","created_at":"2022-05-12T21:57:17.916Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CERN","updated_at":"2022-05-12T21:57:17.916Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.572Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt74881ced4bba1ecc","ACL":{},"alt_text_l10n":"CERDEC/ARL","created_at":"2022-05-12T21:57:17.746Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CERDEC/ARL","updated_at":"2022-05-12T21:57:17.746Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.364Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1d7430456e9b649d","ACL":{},"alt_text_l10n":"CenturyLink","created_at":"2022-05-12T21:57:17.565Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CenturyLink","updated_at":"2022-05-12T21:57:17.565Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.313Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf531210bbf79c6b1","ACL":{},"alt_text_l10n":"CDL","created_at":"2022-05-12T21:57:17.376Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CDL","updated_at":"2022-05-12T21:57:17.376Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.774Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5d0a4c86b8d4954b","ACL":{},"alt_text_l10n":"CCTV","created_at":"2022-05-12T21:57:17.193Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CCTV","updated_at":"2022-05-12T21:57:17.193Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.440Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt155c6a13a1192d47","ACL":{},"alt_text_l10n":"CBC","created_at":"2022-05-12T21:57:17.006Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CBC","updated_at":"2022-05-12T21:57:17.006Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.201Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcdfb889ec34061e0","ACL":{},"alt_text_l10n":"Car2Go","created_at":"2022-05-12T21:57:16.813Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Car2Go","updated_at":"2022-05-12T21:57:16.813Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.967Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc09b7e8e2c46e8d","ACL":{},"alt_text_l10n":"Capgemini","created_at":"2022-05-12T21:57:16.610Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Capgemini","updated_at":"2022-05-12T21:57:16.610Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.614Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f4378332e14f4ff","ACL":{},"alt_text_l10n":"Calgary Catholic School District","created_at":"2022-05-12T21:57:16.429Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Calgary Catholic School District","updated_at":"2022-05-12T21:57:16.429Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.483Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4af3ad2ac3c3183","ACL":{},"alt_text_l10n":"BulbAmerica","created_at":"2022-05-12T21:57:16.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BulbAmerica","updated_at":"2022-05-12T21:57:16.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.673Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt485687ae13b195d4","ACL":{},"alt_text_l10n":"Builtón","created_at":"2022-05-12T21:57:16.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Builtón","updated_at":"2022-05-12T21:57:16.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.145Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4377f94ab453f551","ACL":{},"alt_text_l10n":"Brolly","created_at":"2022-05-12T21:57:15.893Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Brolly","updated_at":"2022-05-12T21:57:15.893Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.082Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt37b9a3c07ffd3720","ACL":{},"alt_text_l10n":"Broaderbiz","created_at":"2022-05-12T21:57:15.699Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Broaderbiz","updated_at":"2022-05-12T21:57:15.699Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.681Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt709029231c67f216","ACL":{},"alt_text_l10n":"BPCE","created_at":"2022-05-12T21:57:15.516Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BPCE","updated_at":"2022-05-12T21:57:15.516Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.298Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte7e9d2f9abbc46b7","ACL":{},"alt_text_l10n":"Box","created_at":"2022-05-12T21:57:15.332Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Box","updated_at":"2022-05-12T21:57:15.332Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.979Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafb6f5a7c73517cb","ACL":{},"alt_text_l10n":"BNP Paribas","created_at":"2022-05-12T21:57:15.153Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BNP Paribas","updated_at":"2022-05-12T21:57:15.153Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.537Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb540438bbf4d409f","ACL":{},"alt_text_l10n":"BMW","created_at":"2022-05-12T21:57:14.980Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BMW","updated_at":"2022-05-12T21:57:14.980Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.563Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte35818ea37d72c17","ACL":{},"alt_text_l10n":"Blizzard","created_at":"2022-05-12T21:57:14.794Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Blizzard","updated_at":"2022-05-12T21:57:14.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.919Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc85fdfe39b77a46b","ACL":{},"alt_text_l10n":"Blackboard","created_at":"2022-05-12T21:57:14.591Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Blackboard","updated_at":"2022-05-12T21:57:14.591Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85654053179804f2","ACL":{},"alt_text_l10n":"Bell Canada","created_at":"2022-05-12T21:57:14.402Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bell Canada","updated_at":"2022-05-12T21:57:14.402Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.962Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04c206a2d77e2285","ACL":{},"alt_text_l10n":"BBC","created_at":"2022-05-12T21:57:14.217Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BBC","updated_at":"2022-05-12T21:57:14.217Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.030Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46b48334c1d6c20d","ACL":{},"alt_text_l10n":"Bayer AG","created_at":"2022-05-12T21:57:13.999Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bayer AG","updated_at":"2022-05-12T21:57:13.999Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.128Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt636f03b12f2bb3b3","ACL":{},"alt_text_l10n":"Bankwest","created_at":"2022-05-12T21:57:13.810Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bankwest","updated_at":"2022-05-12T21:57:13.810Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.561Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b3ccf9eb3002a02","ACL":{},"alt_text_l10n":"BAI Communications","created_at":"2022-05-12T21:57:13.632Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BAI Communications","updated_at":"2022-05-12T21:57:13.632Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.261Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltff7d14eebe21b05e","ACL":{},"alt_text_l10n":"BAI Canada","created_at":"2022-05-12T21:57:13.447Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BAI Canada","updated_at":"2022-05-12T21:57:13.447Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.876Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c13e25327497cbb","ACL":{},"alt_text_l10n":"Azusa Pacific University","created_at":"2022-05-12T21:57:13.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Azusa Pacific University","updated_at":"2022-05-12T21:57:13.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.111Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt15d10999daa2ed8b","ACL":{},"alt_text_l10n":"AXA","created_at":"2022-05-12T21:57:13.054Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: AXA","updated_at":"2022-05-12T21:57:13.054Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.209Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt55ab8e95f71a5f34","ACL":{},"alt_text_l10n":"AutoScout24","created_at":"2022-05-12T21:57:12.863Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: AutoScout24","updated_at":"2022-05-12T21:57:12.863Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.393Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta8dbc4948d248385","ACL":{},"alt_text_l10n":"Autopilot","created_at":"2022-05-12T21:57:12.685Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Autopilot","updated_at":"2022-05-12T21:57:12.685Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.715Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt386af3ac08b15991","ACL":{},"alt_text_l10n":"Audi","created_at":"2022-05-12T21:57:12.500Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Audi","updated_at":"2022-05-12T21:57:12.500Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:18.999Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltde3c1eebe9ad8d75","ACL":{},"alt_text_l10n":"Auchan","created_at":"2022-05-12T21:57:12.323Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Auchan","updated_at":"2022-05-12T21:57:12.323Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.888Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt61a9adf7a1aab195","ACL":{},"alt_text_l10n":"Asian Food Network","created_at":"2022-05-12T21:57:12.147Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Asian Food Network","updated_at":"2022-05-12T21:57:12.147Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.543Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt931f215db4b59ccb","ACL":{},"alt_text_l10n":"Asana","created_at":"2022-05-12T21:57:11.963Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Asana","updated_at":"2022-05-12T21:57:11.963Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.132Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5d64e6e409dc810c","ACL":{},"alt_text_l10n":"Argos","created_at":"2022-05-12T21:57:11.771Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Argos","updated_at":"2022-05-12T21:57:11.771Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.455Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfcb527a0f1c9c706","ACL":{},"alt_text_l10n":"Amadeus","created_at":"2022-05-12T21:57:11.589Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Amadeus","updated_at":"2022-05-12T21:57:11.589Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.846Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7395586303b839e1","ACL":{},"alt_text_l10n":"Albert Heijn","created_at":"2022-05-12T21:57:11.400Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Albert Heijn","updated_at":"2022-05-12T21:57:11.400Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.347Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt436c743cba2a1055","ACL":{},"alt_text_l10n":"Airbus","created_at":"2022-05-12T21:57:11.210Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Airbus","updated_at":"2022-05-12T21:57:11.210Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.074Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8eb07a7b73362111","ACL":{},"alt_text_l10n":"Aginic","created_at":"2022-05-12T21:57:11.024Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Aginic","updated_at":"2022-05-12T21:57:11.024Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.085Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9ae02cf3417e4758","ACL":{},"alt_text_l10n":"Adobe","created_at":"2022-05-12T21:57:10.804Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Adobe","updated_at":"2022-05-12T21:57:10.804Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.587Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf7320970545338ed","ACL":{},"alt_text_l10n":"Acuris","created_at":"2022-05-12T21:57:10.605Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Acuris","updated_at":"2022-05-12T21:57:10.605Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.793Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt53f2913cbc90ba00","ACL":{},"alt_text_l10n":"Activision","created_at":"2022-05-12T21:57:10.393Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Activision","updated_at":"2022-05-12T21:57:10.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.220Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltff00d74491dc28fe","ACL":{},"alt_text_l10n":"Achmea","created_at":"2022-05-12T21:57:10.206Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Achmea","updated_at":"2022-05-12T21:57:10.206Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.869Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8b6181c39233bbf8","ACL":{},"alt_text_l10n":"11 Street","created_at":"2022-05-12T21:57:09.968Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: 11 Street","updated_at":"2022-05-12T21:57:09.968Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.028Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt403fcb9d8bef2f46","ACL":{},"alt_text_l10n":"Accenture","created_at":"2022-05-02T23:19:23.213Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Accenture","updated_at":"2022-05-12T21:47:24.400Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.797Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt8ea9cb7b1a5037c3","ACL":{},"alt_text_l10n":"Walmart Technology","created_at":"2022-05-02T23:19:22.836Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Walmart Technology","updated_at":"2022-05-12T21:47:01.930Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.809Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt7cd2eb6ff7674511","ACL":{},"alt_text_l10n":"Barclays","created_at":"2022-05-02T23:19:23.027Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Barclays","updated_at":"2022-05-12T21:46:58.490Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.820Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltcbcd7d1617610b47","ACL":{},"alt_text_l10n":"U.S. Department of Defense","created_at":"2022-05-02T23:19:23.405Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: U.S. Department of Defense","updated_at":"2022-05-12T21:46:44.810Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.833Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltd336b041dee3d8a9","ACL":{},"alt_text_l10n":"Air Force Mission Defense Teams","created_at":"2022-05-02T23:19:23.595Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Air Force Mission Defense Teams","updated_at":"2022-05-12T21:46:15.144Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.844Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt998fd1d1b1b796c4","ACL":{},"alt_text_l10n":"Ricoh","created_at":"2022-05-02T23:19:22.641Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Ricoh","updated_at":"2022-05-12T21:45:49.498Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.861Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt382da83ade79fb34","ACL":{},"alt_text_l10n":"U.S. Air Force","created_at":"2022-05-02T23:19:22.451Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: U.S. Air Force","updated_at":"2022-05-12T21:45:46.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.875Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltaf56ebc9f2d1fe5f","ACL":{},"alt_text_l10n":"Volkswagon","created_at":"2022-05-02T23:19:22.245Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Volkswagon","updated_at":"2022-05-12T21:45:42.535Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.887Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltc8f2519ccfc962b7","ACL":{},"alt_text_l10n":"Indiana University","created_at":"2022-05-02T23:19:23.788Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Indiana University","updated_at":"2022-05-12T21:45:24.150Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.901Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"blt39c3aa1b28dd2d91","ACL":{},"alt_text_l10n":"Application Performance Monitoring charts and graphs","created_at":"2022-03-18T21:02:28.349Z","created_by":"blt36e890d06c5ec32c","file":"blt8f7cd5151ef586ed","tags":[],"title":"Application Performance Monitoring charts and graphs","updated_at":"2022-04-01T19:07:18.369Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-04-01T19:07:31.659Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb1647f200956d5b9","ACL":{},"alt_text_l10n":"Elastic","created_at":"2022-03-22T18:19:39.827Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Elastic logo","updated_at":"2022-03-22T18:19:39.827Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-22T18:20:04.165Z","user":"blt36e890d06c5ec32c"}}]],"blogEntries":[[{"uid":"blta3be4cdd6afa6af0","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blta14bb0509c1528d3"],"body_l10n":"\u003cp\u003eToday we are pleased to announce the release of \u003cspan class=\"strong emphasis\"\u003e\u003cstrong\u003eElasticsearch 5.5.0\u003c/strong\u003e\u003c/span\u003e, based on \u003cspan class=\"strong emphasis\"\u003e\u003cstrong\u003eLucene 6.6.0\u003c/strong\u003e\u003c/span\u003e. This is the latest stable release, and is already available for deployment on \u003ca href=\"/cloud\" target=\"_top\"\u003eElastic Cloud\u003c/a\u003e, our Elasticsearch-as-a-service platform. This release includes a security fix for users of Elasticsearch X-Pack Security.\u003c/p\u003e\n\u003cp\u003eLatest stable release in 5.x:\u003c/p\u003e\n \u003cul class=\"list-green\"\u003e\n \u003cli\u003e\u003ca href=\"/downloads/elasticsearch\" target=\"_top\"\u003eDownload Elasticsearch 5.5.0\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/guide/en/elasticsearch/reference/5.5/release-notes-5.5.0.html\" target=\"_top\"\u003eElasticsearch 5.5.0 release notes\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/guide/en/elasticsearch/reference/5.5/breaking-changes-5.5.html\" target=\"_top\"\u003eElasticsearch 5.5 breaking changes\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/guide/en/x-pack/current/xpack-change-list.html\" target=\"_top\"\u003eX-Pack 5.5.0 release notes\u003c/a\u003e\u003c/li\u003e\n \u003c/ul\u003e\n\u003cp\u003eYou can read about all the changes in the release notes linked above, but there are a few changes which are worth highlighting:\u003c/p\u003e\n\u003cdiv class=\"section\"\u003e\n \u003cdiv class=\"titlepage\"\u003e\n \u003cdiv\u003e\n \u003cdiv\u003e\n \u003ch2 class=\"title\"\u003e\u003ca id=\"_sensitive_information_leak_esa_2017_10\"\u003e\u003c/a\u003eSensitive Information Leak (ESA-2017-10)\u003c/h2\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003cp\u003eElasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.\u003c/p\u003e\n \u003cp\u003eAll users of X-Pack security should upgrade to version 5.5.0. This update will prevent the _nodes API from returning sensitive settings. If you cannot upgrade, any sensitive settings can be hidden by using the X-Pack \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/security-troubleshooting.html#_literal_settings_literal\" target=\"_top\"\u003ehide_settings configuration option\u003c/a\u003e.\u003c/p\u003e\n \u003cp\u003e\u003cspan class=\"strong emphasis\"\u003e\u003cstrong\u003eCVE-ID:\u003c/strong\u003e\u003c/span\u003e CVE-2017-8442\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv class=\"section\"\u003e\n \u003cdiv class=\"titlepage\"\u003e\n \u003ch2 class=\"title\"\u003e\u003c/h2\u003e\n \u003ch2\u003eWindows MSI Installer release\u003c/h2\u003eWith this release of the Elastic stack, we're proud to announce the first release of the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/windows.html\"\u003eWindows MSI Installer for Elasticsearch\u003c/a\u003e. The installer provides a graphical user interface with a step-by-step wizard to guide users through the process of getting started with Elasticsearch on Windows:\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82f0227e69882940/67c982a1045f58a85ec01543/msi_installer_configuration.png\" alt=\"Elasticsearch Node Configuration using the Windows Installer\" /\u003e\u003c/p\u003e\n \u003cp\u003eIn addition, it supports \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/windows.html#msi-command-line-options\"\u003emany command line options\u003c/a\u003e for flexible, silent installations. Please \u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003edownload the Windows Installer for Elasticsearch 5.5.0\u003c/a\u003e and try it out, and look out for a blog post coming soon with more details.\u003c/p\u003e\n \u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003ch2 class=\"title\"\u003e\u003ca id=\"_icu_collation_keyword_fields\"\u003e\u003c/a\u003eICU Collation Keyword Fields\u003c/h2\u003e\n \u003c/div\u003e\n \u003cp\u003eCollations are used for sorting documents in a language-specific word order. The icu_collation_keyword field type allows you to convert a string (e.g. a surname) into bytes which represent the sort order for that string in a particular language. These bytes are indexed as a single token, just like the keyword field, and stored in doc values for fast sorting. Multiple collation fields can exist for the same string. For instance, the following will allow sorting in English order and in German “phonebook” order:\u003c/p\u003e\n \u003cdiv class=\"pre_wrapper\"\u003e\u003cpre class=\"programlisting\"\u003ePUT my_index\u003cbr /\u003e{\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"user\": {\u003cbr /\u003e \"properties\": {\u003cbr /\u003e \"name\": {\u003cbr /\u003e \"type\": \"text\",\u003cbr /\u003e \"fields\": {\u003cbr /\u003e \"de_phonebook\": {\u003cbr /\u003e \"type\": \"icu_collation_keyword\",\u003cbr /\u003e \"index\": false,\u003cbr /\u003e \"language\": \"de\",\u003cbr /\u003e \"country\": \"DE\",\u003cbr /\u003e \"variant\": \"@collation=phonebook\"\u003cbr /\u003e },\u003cbr /\u003e \"en\": {\u003cbr /\u003e \"type\": \"icu_collation_keyword\",\u003cbr /\u003e \"index\": false,\u003cbr /\u003e \"language\": \"en\",\u003cbr /\u003e \"country\": \"US\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n \u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv class=\"section\"\u003e\n \u003cdiv class=\"titlepage\"\u003e\n \u003cdiv\u003e\n \u003cdiv\u003e\n \u003ch2 class=\"title\"\u003e\u003ca id=\"_other_changes\"\u003e\u003c/a\u003eOther Changes\u003c/h2\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n \u003cdiv\u003e\n \u003cul type=\"disc\"\u003e\n \u003cli\u003eA new ip_range field types (similar to date and numeric range fields) enables the indexing of IPv6 ranges, and allows these ranges to be queried with a range.\u003c/li\u003e\n \u003cli\u003eThe index.mapping.single_type setting will help you to prepare for the \u003ca href=\"https://www.elastic.co/blog/index-type-parent-child-join-now-future-in-elasticsearch\" target=\"_top\"\u003eone-type-per-index\u003c/a\u003e change coming in 6.0.\u003c/li\u003e\n \u003cli\u003eTerms aggregations which are sorted on a sub-aggregation will use less memory than before.\u003c/li\u003e\n \u003cli\u003eThe circuit breaker used by aggregations was allocating memory before accounting for the requested memory, which could result in an OOM exception.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/div\u003e\n \u003cp\u003ePlease \u003ca href=\"/downloads/elasticsearch\" target=\"_top\"\u003edownload Elasticsearch 5.5.0\u003c/a\u003e, try it out, and let us know what you think on Twitter (\u003ca href=\"https://twitter.com/elastic\" target=\"_top\"\u003e@elastic\u003c/a\u003e) or in our \u003ca href=\"https://discuss.elastic.co/c/elasticsearch\" target=\"_top\"\u003eforum\u003c/a\u003e. You can report any problems on the \u003ca href=\"https://github.com/elastic/elasticsearch/issues\" target=\"_top\"\u003eGitHub issues page\u003c/a\u003e.\u003c/p\u003e\n\u003c/div\u003e","category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:26:59.612Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt30c5a99357a6b177","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:09:49.974Z","updated_at":"2018-10-11T05:09:49.974Z","content_type":"image/jpeg","file_size":"93929","filename":"elasticsearch-blog-banner.jpg","title":"elasticsearch-blog-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:11:51.718Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt30c5a99357a6b177/5bbedb1d69d3fcaf5dbc0610/elasticsearch-blog-banner.jpg"},"markdown_l10n":"","publish_date":"2017-07-06T17:06:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch 5.5.0 released","seo_description_l10n":"Today we are pleased to announce the release of Elasticsearch 5.5.0, based on Lucene 6.5.1. This is the latest stable release, and is already available for deployment on Elastic Cloud, our Elasticsearch-as-a-service platform. This release includes a security fix for users of Elasticsearch X-Pack Security.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltb28316c9f63647c9","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:09:47.572Z","updated_at":"2018-10-11T05:09:47.572Z","content_type":"image/jpeg","file_size":"44060","filename":"elasticsearch-blog-thumb.jpg","title":"elasticsearch-blog-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:11:51.718Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb28316c9f63647c9/5bbedb1b560fdc4d0c8e6946/elasticsearch-blog-thumb.jpg"},"title":"Elasticsearch 5.5.0 released","title_l10n":"Elasticsearch 5.5.0 released","updated_at":"2025-03-10T12:39:35.255Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elasticsearch-5-5-0-released","publish_details":{"time":"2025-03-10T12:39:38.924Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9691b2ebd7a2765d","_version":15,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltc623bbbd9c0cfca4"],"body_l10n":"\u003cp\u003e\u003c/p\u003e\n\u003ch1\u003eKibana UI Update for July 15-19\u003c/h1\u003e\n\u003ch2\u003e\u003cspan\u003e\u003c/span\u003e\u003c/h2\u003e\n\u003ch2\u003eHiring\u003c/h2\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/01f01f5c1\"\u003e\u003cspan\u003eKibana Applications Security Engineer\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/24ddf24d1\"\u003e\u003cspan\u003eKibana - Senior JavaScript Engineer\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/a12f57d31\"\u003e\u003cspan\u003eKibana - Platform JavaScript Engineer (Node.js)\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/distributed-amer-or-western-europe/director-sr-director-product-management-kibana/1571633#/\"\u003e\u003cspan\u003eDirector / Sr Director Product Management - Kibana\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/7f51db4a1\"\u003e\u003cspan\u003eKibana - Visualisations Engineer\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 dir=\"ltr\"\u003eSecurity\u003c/h2\u003e\n\u003ch3 dir=\"ltr\"\u003eNew Platform\u003c/h3\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe final changes to move \u003ca href=\"https://github.com/elastic/kibana/pull/39446\"\u003eauthentication to the new platform\u003c/a\u003e have been made, and will most likely have merged to master before you read this update.\u003c/p\u003e\n\u003ch3 dir=\"ltr\"\u003eAllow feature privileges which are excluded from base privileges\u003c/h3\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eTo enable ML and Reporting to \u003ca href=\"https://github.com/elastic/kibana/issues/37709#issuecomment-504145906\"\u003etransition to Kibana Privileges\u003c/a\u003e, we’re adding the ability for \u003ca href=\"https://github.com/elastic/kibana/pull/41300\"\u003efeature privileges to be excluded from the base privileges\u003c/a\u003e. This will allow users to grant access to ML and Reporting using the “custom” feature privileges during the 7.x timeframe.\u003c/p\u003e\n\u003ch2 dir=\"ltr\"\u003ePlatform\u003c/h2\u003e\n\u003ch3 dir=\"ltr\"\u003eNew Platform\u0026nbsp;\u003c/h3\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe \u003ca href=\"https://github.com/elastic/kibana/pull/39767\"\u003eroute handler interface RFC\u003c/a\u003e is pending final feedback from application teams. Mikhail has begin implementation, but we’re still accepting any final concerns before proceeding. All blocking issues for the security plugin’s migration have been solved.\u003c/p\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe are in the process of \u003ca href=\"https://github.com/elastic/kibana/pull/41468\"\u003eadopting New platform Elasticsearch API to the legacy format\u003c/a\u003e to simplify further migration to the elasticesearch-js client. It shouldn't affect you unless you already use New Platform callAsCurrentUser / callAsInternalUser.\u003c/p\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/39891\"\u003eMigrating the Saved Object Client (SOC) to the new platform\u003c/a\u003e has turned out to be a bit more involved than we originally anticipated, but no critical roadblocks. We expect to begin review next week.\u003c/p\u003e\n\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe’ve been iterating on the \u003ca href=\"https://github.com/elastic/kibana/pull/41251\"\u003eContextService\u003c/a\u003e this week to make consuming it much more ergonomic. This should be reviewed and merged next week which will unblock the last stages of the ApplicationService and HttpService.\u003c/p\u003e\n\u003ch2\u003eStack Services\u003c/h2\u003e\n\u003ch3\u003eAlerting Service\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003emerged\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eChange action config / params schema from joi to @kbn/config-schema \u003ca href=\"https://github.com/elastic/kibana/pull/40694\"\u003e#40694\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eCreates structured result of running an action \u003ca href=\"https://github.com/elastic/kibana/pull/41160\"\u003e#41160\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eRenders email action message text as html from markdown \u003ca href=\"https://github.com/elastic/kibana/pull/41187\"\u003e#41187\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cspan\u003ein progress\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eAdd security support for alerts and actions\u0026nbsp; \u003ca href=\"https://github.com/elastic/kibana/pull/41389\"\u003e#41389\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eAdd an index action as built-in action\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eTask manager error handling enhancements \u003ca href=\"https://github.com/elastic/kibana/pull/39829\"\u003e#39829\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTelemetry\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eMove UI telemetry into a library\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eUpdate mappings\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eDiscuss 6 months plan\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLocalization\u0026nbsp;\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eAutomate label extraction and email sending to translators\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003e[merged] Use .i18nrc.json as the source of truth and enhance tooling\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eTesting German and French locales\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eDiscuss 6 months plan\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOperations\u003c/h2\u003e\n\u003cp\u003e\u003cspan\u003eWe finished the essential test suites for the static filesystem and will start the refactoring phase and fine tuning next. The old member-access rule from tslint was also enabled on typescript-eslint as the support for it was finally added.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003ePrs:\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eEnable @typescript-eslint/explicit-member-accessibility rule \u003ca href=\"https://github.com/elastic/kibana/pull/41422\"\u003e#41422\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eApp Architecture\u003c/h2\u003e\n\u003ch3\u003eEmbeddables \u0026amp; Actions\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eNow that \u003ca href=\"https://github.com/elastic/kibana/pull/39126\"\u003ethe final PR\u003c/a\u003e has merged with the initial embeddables API, we have been working toward \u003ca href=\"https://github.com/elastic/kibana/pull/41272\"\u003eprepping the API and dashboard embeddable container\u003c/a\u003e for migration to the new platform.\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eWe merged a fix for \u003ca href=\"https://github.com/elastic/kibana/pull/40855\"\u003ea long-standing bug\u003c/a\u003e affecting visualizations that were using the \"other\" bucket functionality for terms aggregations.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003eWe opened a PR to add a \u003ca href=\"https://github.com/elastic/kibana/pull/41246\"\u003e@kbn/utility-types package\u003c/a\u003e for us to use in TypeScript across Kibana.\u003c/span\u003e\u003c/p\u003e\n\u003ch2\u003eKibana App (Visualizations, Sharing, Discover, Reporting)\u003c/h2\u003e\n\u003ch3\u003eNew visual editor Lens\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eThis week we thought about the basic structure of Lens and decided to add the concept of “layers”. This makes it possible to combine data tables of different queries (and even index patterns) in a single chart. The resulting PR touches a lot of places and is not merged yet, but will make charts possible as shown in the screenshot below.\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt75fc16ea1f691a7a/5d3621d5241468159d6fb2c0/image6.png\" data-sys-asset-uid=\"blt75fc16ea1f691a7a\" alt=\"image6.png\" /\u003e\n\u003cp\u003e\u003cspan\u003eBesides that we worked on showing Lens visualizations on dashboards by implementing the embeddable API and continued to improve performance.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003ch3\u003eElastic Charts\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eVersion 8.0.2 is out with some breaking changes and new features:\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eYou can now override the computed color of all the series of a specific type (all the lines for example) or of a series component using the fill/stroke attribute of the style. See \u003ca href=\"https://github.com/elastic/elastic-charts/pull/258\"\u003e#258\u003c/a\u003e for more details.\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0f904d5852050e64/5d36221e7414f11598138c00/image5.png\" data-sys-asset-uid=\"blt0f904d5852050e64\" alt=\"image5.png\" style=\"float: left;margin: 0px;text-align: left;\" /\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb45ea071296b15e/5d36222fe0aa25161afed894/image2.png\" data-sys-asset-uid=\"bltdb45ea071296b15e\" alt=\"image2.png\" /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003eThis also means that we introduced a breaking change: the previous Theme includes also the fill/stroke attributes for the series styles: with this change, specifying a fill or stroke at theme level means to override and use the same color on every series that belongs to that overridden attribute.\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan\u003eWe are also in the process to clean and restyle the legend. The first pass was to remove the redundancy of icons on the legend removing the eyeOpen/eyeClosed icons showing them only when necessary. We have now a bit more space for the series title.\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9a548df23fb2ee42/5d3622739778bb113bf137fc/image3.png\" data-sys-asset-uid=\"blt9a548df23fb2ee42\" alt=\"image3.png\"/\u003e\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan\u003eWe also fixed the last two issues missing before replacing the Discover chart with elastic-charts, covering some edge cases when displaying a single bar.\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDiscover\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003ePR for deangularizing kbnTableHeader is ready for review \u003ca href=\"https://github.com/elastic/kibana/pull/41259\"\u003e#41259\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003eBefore deangularizing kbnTableRow kbnDocViews has to be finished, so this is the next step.\u003c/span\u003e\u003c/p\u003e\n\u003ch2\u003eCanvas\u003c/h2\u003e\n\u003ch3\u003eEmbeddables in Canvas\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eWe have decided to tackle the embeddables in Canvas en masse, and by enabling this exciting new feature, Canvas adoption, relevance, and flexibility will increase.\u0026nbsp; From existing users to prospective customers, Canvas will allow everyone to quickly create and brand personalized content faster and easier with an extra dose of fantabulousness.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003eCanvas is currently in fast-follow mode behind the Kibana App Architecture team to enable existing shared visualizations like Maps in Canvas using the new embeddable architecture\u0026nbsp; for the 7.4 release.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt27a9d1d4fc9fdc02/5d3622889778bb113bf13802/image8.png\" data-sys-asset-uid=\"blt27a9d1d4fc9fdc02\" alt=\"image8.png\" /\u003e\u003c/p\u003e\n\u003ch2\u003eDesign\u003c/h2\u003e\n\u003ch3\u003eGraph\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eSurprise. We’re doing some exploration on what the graph visualizations could look like. We don’t anticipate jumping too deeply into this project during 7.4, but it’s on our radar and will get some more attention over the next few minors.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3a49754366bb39ac/5d362298e0aa25161afed89a/image9.png\" data-sys-asset-uid=\"blt3a49754366bb39ac\" alt=\"image9.png\" /\u003e\u003c/p\u003e\n\n\u003ch3\u003eMenu systems in the top nav exploration\u003c/h3\u003e\n\u003cp\u003e\u003cspan\u003eOne recurring pattern we’ve seen in the design team is that the apps are trying to put together various OS style “bar navs” to deal with their controls. We’re considering creating an actual nested menu system to deal with it. This would give folks a little more reliable way to deal with these sorts of situations and make our app to app experience a little more uniform.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7adf249c7f302b80/5d3622b40bbb1819f4df9086/image4.png\" data-sys-asset-uid=\"blt7adf249c7f302b80\" alt=\"image4.png\" /\u003e\u003c/p\u003e\n\u003ch3\u003eCharting lib removed from EUI (breaking change)\u003c/h3\u003e\n\u003cp\u003eWe merged \u003ca href=\"https://github.com/elastic/eui/pull/2108\"\u003ea PR in EUI to remove the charting library\u003c/a\u003e. Since this is a breaking change, we also went through and end of lifed a bunch of Sass mixins and the K6 themes.\u003c/p\u003e","category":[],"created_at":"2019-07-22T18:45:57.251Z","created_by":"blta9b9246b12e194b5","disclaimer":[],"full_bleed_image":{"uid":"bltaca1d2dd5b24785e","created_by":"bltc87e8bcd2aefc255","updated_by":"bltc87e8bcd2aefc255","created_at":"2019-04-30T22:22:10.007Z","updated_at":"2019-04-30T22:22:10.007Z","content_type":"image/png","file_size":"97644","filename":"kibana_training_thumbnail.png","title":"kibana_training_thumbnail.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T11:00:00.000Z","user":"bltc87e8bcd2aefc255"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaca1d2dd5b24785e/5cc8ca924c5fe8936416626f/kibana_training_thumbnail.png"},"markdown_l10n":"","publish_date":"2019-07-22T17:23:36.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"Good progress on features and enhancements: Alerting, Maps, Elastic charts, Lens, Canvas, embeddables, and EUI.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt10b0272b11c24025","created_by":"blta9b9246b12e194b5","updated_by":"blta9b9246b12e194b5","created_at":"2019-07-22T20:10:10.482Z","updated_at":"2019-07-22T20:10:10.482Z","content_type":"image/jpeg","file_size":"100125","filename":"Screen_Shot_2019-07-22_at_3.08.00_PM.jpg","title":"Screen_Shot_2019-07-22_at_3.08.00_PM.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-07-22T21:31:14.627Z","user":"blta9b9246b12e194b5"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt10b0272b11c24025/5d361822c780b1161fc589b3/Screen_Shot_2019-07-22_at_3.08.00_PM.jpg"},"title":"Keeping up with Kibana: This week in Kibana for July 19th, 2019","title_l10n":"Keeping up with Kibana: This week in Kibana for July 19th, 2019","updated_at":"2025-03-10T12:36:34.054Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/keeping-up-with-kibana-2019-07-19","publish_details":{"time":"2025-03-10T12:36:38.139Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta3ff2ebac8b6a24a","_version":19,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt85b0e579ed18da50"],"body_l10n":"\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eKibana UI Update\u003c/strong\u003e\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eHiring\u003c/strong\u003e\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/24ddf24d1\"\u003e\u003cstrong\u003eKibana - Senior JavaScript Engineer\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/a12f57d31\"\u003e\u003cstrong\u003eKibana - Platform JavaScript Engineer (Node.js)\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\u003ca href=\"https://grnh.se/7f51db4a1\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/a\u003e\n \u003cli\u003e\u003ca href=\"https://grnh.se/7f51db4a1\"\u003e\u003cstrong\u003eKibana - Visualisations Engineer\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cstrong\u003eThis week's highlight:\u0026nbsp;new Lens visualization is coming!\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003eLens has been merged! You can now see Lens visualization type in Visualize app on master and 7.x. We are continuing to work on bug fixes and small improvements in preparation for Beta, but would love for you to try it out and send us your feedback!\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd5883a47968ebcb/5d8a92aba3629438cf51ec8f/lens_preview.gif\" data-sys-asset-uid=\"bltcd5883a47968ebcb\" alt=\"lens_preview.gif\" /\u003e\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/h3\u003e\n\u003ch4\u003e\u003cstrong\u003eSpace specific default routes\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eThe \u003ca href=\"https://github.com/elastic/kibana/pull/45382\"\u003eprerequisite PR\u003c/a\u003e which migrates portions of the Spaces plugin to the new platform merged last week. This makes the \u003ca href=\"https://github.com/elastic/kibana/pull/44678\"\u003eactual implementation\u003c/a\u003e much easier, which we’ll be focusing on this week.\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eSAML redirect and hash based routing\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eThe changes have been made to no longer rely upon RelayState for this feature, and the configurable URL length limits have been implemented. The \u003ca href=\"https://github.com/elastic/kibana/pull/44513\"\u003ePR\u003c/a\u003e is ready for the next round of reviews this week.\u0026nbsp;\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003eThis week we completed nearly all of our blocker audits with plugin teams. We have a couple left to tie up this week and are primarily focused on execution now. So far, we have not identified any pressing new blockers that were previously unknown, which is good.\u003c/p\u003e\n\u003cp\u003eThis week we completed \u003ca href=\"https://github.com/elastic/kibana/pull/43610\"\u003emigrating the global banner UI\u003c/a\u003e to the New Platform. We also fixed a \u003ca href=\"https://github.com/elastic/kibana/pull/46167\"\u003ecouple\u003c/a\u003e \u003ca href=\"https://github.com/elastic/kibana/pull/45918\"\u003ebugs\u003c/a\u003e in the New Platform. This week, work is expected to complete on migrating the SavedObjectClient on the server and the \u003ca href=\"https://github.com/elastic/kibana/pull/44922\"\u003elicensing plugin on the client\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eFor the New Platform migration, 7 PRs were merged by plugin teams this week, 6 by the App Arch team and 1 by the Security team.\u003c/p\u003e\n\u003ch3\u003eGeo-Maps App\u003c/h3\u003e\n\u003cp\u003eMaps now cancels out-dated Elasticsearch requests when users change search criteria, remove a layer, or leave the map before existing requests resolve.\u003c/p\u003e\n\u003cp\u003eMigrated tooltips from Mapbox tooltips to EuiPopover. This is useful for embedded maps. Mapbox tooltips are constrained to the bounds of the panel while EuiPopovers are only constrained to the bounds of the screen, allowing tooltips to expand outside of small embedded panels.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1dd4884c701c5fba/5d8a93608a24c40d20cca0ab/map_tooltips.png\" data-sys-asset-uid=\"blt1dd4884c701c5fba\" alt=\"map_tooltips.png\" /\u003e\u003c/p\u003e\n\u003ch3\u003eGeo-Elastic Maps Service\u003c/h3\u003e\n\u003cp\u003eWe continue to curate and test subdivision boundaries of Eastern European countries. Currently in review are subdivisions for Serbia and Montenegro.\u0026nbsp;\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eApp Architecture\u003c/strong\u003e\u003c/h3\u003e\n\u003ch4\u003eNew Platform Migration\u003c/h4\u003e\n\u003cp\u003eWe made \u003ca href=\"https://github.com/elastic/kibana/pull/45532\"\u003eprogress\u003c/a\u003e on \u003ca href=\"https://github.com/elastic/kibana/pull/45498\"\u003emoving\u003c/a\u003e filter, time filter, and query services to the new platform. agg_config and agg_configs were \u003ca href=\"https://github.com/elastic/kibana/pull/45877\"\u003emoved\u003c/a\u003e to agg_types in preparation for the final move to data plugin.\u0026nbsp; We also worked on refactoring \u003ca href=\"https://github.com/elastic/kibana/pull/45874\"\u003evisualization\u003c/a\u003e \u003ca href=\"https://github.com/elastic/kibana/pull/45869\"\u003etypes\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eKibana App (Visualizations, Sharing, Discover, Reporting)\u003c/strong\u003e\u003c/h3\u003e\n\u003ch4\u003e\u003cstrong\u003eLens\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eWe merged Lens into master and 7.x!\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eElastic Charts\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eIt’s now safe to call a React re-render on \u003ca href=\"https://github.com/elastic/elastic-charts/issues/376\"\u003eonBrushEnd events\u003c/a\u003e. We added the possibility to hide duplicate axes created by the user based on ticks labels, position and axis title.\u003c/p\u003e\n\u003cp\u003eOn version 13.0.0 we also introduced a small \u003cstrong\u003ebreaking change\u003c/strong\u003e, on the Theme type, introducing the visibility property on the tickLineStyle them property (see \u003ca href=\"https://github.com/elastic/elastic-charts/pull/374\"\u003e#374\u003c/a\u003e for details).\u003c/p\u003e\n\u003cp\u003eWe keep working on the \u003ca href=\"https://github.com/elastic/elastic-charts/pull/281\"\u003erefactoring\u003c/a\u003e of the library removing MobX state manager in favour of Redux (to align with other existing products and apps and to clean and improve the current data processing flow).\u003c/p\u003e\n\u003cp\u003eWe made progress on the pie chart implementation. Now the slice labelling is in good shape, we are working on adding more test coverage.We will finally integrate this work when the \u003ca href=\"https://github.com/elastic/elastic-charts/pull/281\"\u003erefactoring and the new chart type API\u003c/a\u003e is merged.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt498dd88600e965a3/5d8a93aab67b660d1bee2108/chart_preview.png\" data-sys-asset-uid=\"blt498dd88600e965a3\" alt=\"chart_preview.png\" /\u003e\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eGraph\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eLast week de-angularization of the search bar \u003ca href=\"https://github.com/elastic/kibana/pull/45351\"\u003e#45351\u003c/a\u003e including KQL support \u003ca href=\"https://github.com/elastic/kibana/pull/45364\"\u003e#45364\u003c/a\u003e was merged along with minor cleanups and restructurings \u003ca href=\"https://github.com/elastic/kibana/pull/45770\"\u003e#45770\u003c/a\u003e \u003ca href=\"https://github.com/elastic/kibana/pull/45782\"\u003e#45782\u003c/a\u003e. Graph now also has a readme that explains the setup and most commonly used commands.\u003c/p\u003e\n\u003cp\u003eDe-angularization of the field manager \u003ca href=\"https://github.com/elastic/kibana/pull/45384\"\u003e#45384\u003c/a\u003e and a new welcome screen when no workspace is configured \u003ca href=\"https://github.com/elastic/kibana/pull/45547\"\u003e#45547\u003c/a\u003e are currently in progress - thanks a lot for the input from the design team!.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta2d5e472b826d7ba/5d8a93d32d73960d2a506ecf/graph_getting_started.png\" data-sys-asset-uid=\"blta2d5e472b826d7ba\" alt=\"graph_getting_started.png\" /\u003e\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eDiscover\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eDe-angularization of the doc view was merged \u003ca href=\"https://github.com/elastic/kibana/pull/44660\"\u003e#44660\u003c/a\u003e. With the merge of \u003ca href=\"https://github.com/elastic/kibana/pull/44212\"\u003e#44212\u003c/a\u003e sorting by time field when indices mix the format \u003cstrong\u003edate\u003c/strong\u003e and \u003cstrong\u003edate_nanos \u003c/strong\u003eworks correctly. Currently in the works: De-angularizing the left side panel. And there’s a\u0026nbsp; brand new slack channel: #kibana-discover\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eCanvas\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003eThe Canvas team is still heads down working on adding localization to the entire Canvas app.\u0026nbsp;\u0026nbsp;\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eDesign\u003c/strong\u003e\u003c/h3\u003e\n\u003ch4\u003e\u003cstrong\u003eAccessibility\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eAccessibility is always a focus for us and we have created a video around building and testing for accessibility with EUI.\u0026nbsp;\u003ca href=\"https://www.youtube.com/watch?v=iDXoEe8NkrE\u0026feature=youtu.be\"\u003eAvailable here.\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eEUI Data Grid\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eEuiDataGrid can now detect schema types and auto-applies formatting rules based on that. It can also be given styles on a per-cell basis.\u003c/p\u003e\n\u003cp\u003eThere is also progress around selecting and viewing a cell’s content.\u0026nbsp; The format of the popover will match the schema of the content for the cell, allowing for longer content and better readability.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1ac9697f5192bce5/5d8a945d27cc7a38ca73743c/data_grid.png\" data-sys-asset-uid=\"blt1ac9697f5192bce5\" alt=\"data_grid.png\" /\u003e\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eMaps + Compressed Forms\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eThe Maps application received the newly merged compressed forms to make for a clear and super slick UI.\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eDashboard workflow\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eWe’re exploring ways to tighten up the workflow between the Dashboard and the growing number of applications that provide content for dashboards (Visualize, Lens, Maps, etc).\u003c/p\u003e\n\u003ch4\u003e\u003cstrong\u003eColor Stops component\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eThe Color Stops component received some more attention recently and is becoming more and more polished.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3d9abe2e7d5f2e72/5d8a947ff0e07b2dd96a5100/color_stops_component.png\" data-sys-asset-uid=\"blt3d9abe2e7d5f2e72\" alt=\"color_stops_component.png\" /\u003e\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eStack Services\u003c/strong\u003e\u003c/h3\u003e\n\u003ch4\u003e\u003cstrong\u003eAlerting\u003c/strong\u003e\u003c/h4\u003e\n\u003cp\u003eWe built a performance improvement into Task Manager parallelizing the way in which Task Manager claims ownership of tasks.\u0026nbsp; He ran a performance assessment of this improvement, measuring a marked improvement in task performance, but not quite as good as we need for alerting.\u0026nbsp; He is now working on an alternative approach based off of Mike's past work on the subject.\u0026nbsp; Mike merged throttling support for alerts: \u003ca href=\"https://github.com/elastic/kibana/pull/41919\"\u003e#41919\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eHe also added an API to update API key (change ownership): \u003ca href=\"https://github.com/elastic/kibana/pull/45925\"\u003e#45925\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe \"alertId\" and \"alertInstanceId\" properties are now accessible in templated alert action params in\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/pull/45803\"\u003e#45803\u003c/a\u003e.\u0026nbsp; New tests testing access across spaces have been put in place: \u003ca href=\"https://github.com/elastic/kibana/pull/45892\"\u003e#45892\u003c/a\u003e.\u0026nbsp;A new discuss issue for alert muting is created: \u003ca href=\"https://github.com/elastic/kibana/issues/46034\"\u003e#46034\u003c/a\u003e.\u0026nbsp; Patrick continued work on the event log in\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/issues/45083\"\u003e#45083\u003c/a\u003e\u0026nbsp;and\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/pull/45081\"\u003e#45081\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eThat's all for this week.\u003cbr /\u003e- Kibana team\u003c/p\u003e","category":[],"created_at":"2019-09-24T21:55:54.169Z","created_by":"blte688eb02cfbb5524","disclaimer":[],"full_bleed_image":{"uid":"blt0ba64554b53df4df","ACL":{},"_version":1,"content_type":"image/png","created_at":"2019-10-18T22:04:10.512Z","created_by":"bltf6ab93733e4e3a73","file_size":"27476","filename":"kibana-weekly-blog-banner.png","is_dir":false,"parent_uid":null,"tags":[],"title":"kibana-weekly-blog-banner.png","updated_at":"2019-10-18T22:04:10.512Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-18T22:04:17.945Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ba64554b53df4df/5daa36dadf78486c826db921/kibana-weekly-blog-banner.png"},"markdown_l10n":"","publish_date":"2019-09-25T17:30:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Lens visualization is now available; we are continuing to migrate to the new platform; Graph getting started experience improvements and more!","seo_description_l10n":"Keeping up with Kibana: This week in Kibana for September 23th, 2019\nThe Kibana team has merged Lens visualization; we are continuing to migrate to the new platform; Graph getting started experience improvements and more!","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blta6ce6c7fc47ff2cb","ACL":{},"_version":1,"content_type":"image/png","created_at":"2019-10-18T22:04:10.428Z","created_by":"bltf6ab93733e4e3a73","file_size":"22849","filename":"kibana-weekly-blog-thumb.png","is_dir":false,"parent_uid":null,"tags":[],"title":"kibana-weekly-blog-thumb.png","updated_at":"2019-10-18T22:04:10.428Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-18T22:04:32.538Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta6ce6c7fc47ff2cb/5daa36da2dc72966da7451aa/kibana-weekly-blog-thumb.png"},"title":"Keeping up with Kibana: This week in Kibana for September 23rd, 2019","title_l10n":"Keeping up with Kibana: This week in Kibana for September 23rd, 2019","updated_at":"2025-03-10T12:35:17.420Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/keeping-up-with-kibana-2019-09-23","publish_details":{"time":"2025-03-10T12:35:21.374Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3e9a03c6f511ba22","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"","author":[],"body_l10n":"\u003cp\u003eLogstash has been missing a way to receive data through HTTP requests, but not anymore!\u003c/p\u003e\u003cp\u003eThe \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html\"\u003elogstash-input-http\u003c/a\u003e\u0026nbsp;plugin is now available for everyone! Also, starting with \u003ca href=\"https://www.elastic.co/blog/logstash-1-5-2-released\"\u003eLogstash 1.5.2\u003c/a\u003e, it is included as one of the default plugins that are distributed with the official release.\u003c/p\u003e\u003ch2\u003eSo what exactly does the logstash-input-http plugin do?\u003c/h2\u003e\u003cp\u003eWhen you configure this plugin in the input section, it will launch a HTTP server and create events from requests sent to this endpoint. This means you can send notification data to Logstash using webhooks, thereby integrating your existing applications with Logstash’s rich plugin ecosystem!\u003c/p\u003e\u003ch2\u003eHow do I use this plugin?\u003c/h2\u003e\u003cp\u003eBy default it will bind the webserver to all hosts (\"0.0.0.0\") and open the TCP port 8080 but it's possible configure these settings:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003einput {\u003cbr /\u003e http {\u003cbr /\u003e host =\u0026gt; \"127.0.0.1\" # default: 0.0.0.0\u003cbr /\u003e port =\u0026gt; 31311 # default: 8080\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThat's all you need!\u003c/p\u003e\u003ch3\u003eWhat about security?\u003c/h3\u003e\u003cp\u003eYou can configure basic authentication by setting a username and password. All requests done to Logstash will then have to set the right credentials or receive a 401 response. Only correctly authenticated requests will produce an event inside of Logstash. For SSL, it is necessary to specify the path to a \u003ca href=\"https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html\"\u003eJava Keystore\u003c/a\u003e that contains the certificate that clients use to validate the server. Here's an example:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003einput {\u003cbr /\u003e port =\u0026gt; 3332\u003cbr /\u003e user =\u0026gt; myuser\u003cbr /\u003e password =\u0026gt; \"$tr0ngP4ssWD!\"\u003cbr /\u003e ssl =\u0026gt; on\u003cbr /\u003e keystore =\u0026gt; \"/tmp/mykeystore.jks\"\u003cbr /\u003e keystore_password =\u0026gt; \"keystore_pass\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch2\u003eOK, now show me this plugin in action!\u003c/h2\u003e\u003cp\u003eStep 1 - starting Logstash with http input:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ebin/logstash -e \"input { http { } } output { stdout { codec =\u0026gt; rubydebug} }\"\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eStep 2 - That's it!\u003c/p\u003e\u003cp\u003eTo test it, let's issue two requests:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e% curl -XPUT 'http://127.0.0.1:8080/twitter/tweet/1' -d 'hello' \u003cbr /\u003e% curl -H \"content-type: application/json\" -XPUT 'http://127.0.0.1:8080/twitter/tweet/1' -d '{\u003cbr /\u003e \"user\" : \"kimchy\",\u003cbr /\u003e \"post_date\" : \"2009-11-15T14:12:12\",\u003cbr /\u003e \"message\" : \"trying out Elasticsearch\"\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eResult in Logstash:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e \"message\" =\u0026gt; \"hello\",\u003cbr /\u003e \"@version\" =\u0026gt; \"1\",\u003cbr /\u003e \"@timestamp\" =\u0026gt; \"2015-05-29T14:49:00.392Z\",\u003cbr /\u003e \"headers\" =\u0026gt; {\u003cbr /\u003e \"content_type\" =\u0026gt; \"application/x-www-form-urlencoded\",\u003cbr /\u003e \"request_method\" =\u0026gt; \"PUT\",\u003cbr /\u003e \"request_path\" =\u0026gt; \"/twitter/tweet/1\",\u003cbr /\u003e \"request_uri\" =\u0026gt; \"/twitter/tweet/1\",\u003cbr /\u003e \"http_version\" =\u0026gt; \"HTTP/1.1\",\u003cbr /\u003e \"http_user_agent\" =\u0026gt; \"curl/7.37.1\",\u003cbr /\u003e \"http_host\" =\u0026gt; \"127.0.0.1:8080\",\u003cbr /\u003e \"http_accept\" =\u0026gt; \"*/*\",\u003cbr /\u003e \"content_length\" =\u0026gt; \"5\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e{\u003cbr /\u003e \"user\" =\u0026gt; \"kimchy\",\u003cbr /\u003e \"post_date\" =\u0026gt; \"2009-11-15T14:12:12\",\u003cbr /\u003e \"message\" =\u0026gt; \"trying out Elasticsearch\",\u003cbr /\u003e \"@version\" =\u0026gt; \"1\",\u003cbr /\u003e \"@timestamp\" =\u0026gt; \"2015-05-29T14:49:04.105Z\",\u003cbr /\u003e \"headers\" =\u0026gt; {\u003cbr /\u003e \"content_type\" =\u0026gt; \"application/json\",\u003cbr /\u003e \"request_method\" =\u0026gt; \"PUT\",\u003cbr /\u003e \"request_path\" =\u0026gt; \"/twitter/tweet/1\",\u003cbr /\u003e \"request_uri\" =\u0026gt; \"/twitter/tweet/1\",\u003cbr /\u003e \"http_version\" =\u0026gt; \"HTTP/1.1\",\u003cbr /\u003e \"http_user_agent\" =\u0026gt; \"curl/7.37.1\",\u003cbr /\u003e \"http_host\" =\u0026gt; \"127.0.0.1:8080\",\u003cbr /\u003e \"http_accept\" =\u0026gt; \"*/*\",\u003cbr /\u003e \"content_length\" =\u0026gt; \"110\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eYou can see that in the second request, since the content-type was application/json, the body was deserialized and expanded to the event root (notice the fields \"user\", \"post_date\" and \"message\").\u003c/p\u003e\u003ch2\u003eShow me more concrete examples of how to use it!\u003c/h2\u003e\u003cp\u003eBecause, real world examples make everything clearer!\u003c/p\u003e\u003ch3\u003eElastic\u0026nbsp;Watcher Integration\u003c/h3\u003e\u003cp\u003eIn this section, we’ll show you how to integrate \u003ca href=\"https://www.elastic.co/what-is/elasticsearch-alerting\"\u003eElastic\u0026nbsp;Watcher\u003c/a\u003e -- the new Elasticsearch plugin for alerting and notification -- with Logstash. \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/logstash-integration.html#_using_logstash_for_watch_actions\"\u003eSending\u003c/a\u003e notifications to Logstash via this input provides you a powerful toolset to further transform notifications and use Logstash’s rich collection of \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/output-plugins.html\"\u003eoutputs\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eImagine that you have indices with Apache logs, and now we want to get a periodic update of how many requests are resulting in a 404 (Not Found) response.\u003c/p\u003e\u003cp\u003eThe required steps for this are:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/watcher/current/installing-watcher.html\"\u003eInstalling\u003c/a\u003e Watcher\u003c/li\u003e\u003cli\u003eCreating a new notification on Watcher that every minute reports the number of events that have a 404 response status\u003c/li\u003e\u003cli\u003eStart Logstash with the HTTP input\u003c/li\u003e\u003cli\u003eSend data to Elasticsearch and watch updates on Logstash\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eHere we go!\u003c/p\u003e\u003ch4\u003e1. Installing Watcher\u003c/h4\u003e\u003cpre class=\"prettyprint\"\u003ecd elasticsearch-1.5.2\u003cbr /\u003ebin/plugin -i elasticsearch/watcher/latest\u003cbr /\u003ebin/plugin -i elasticsearch/license/latest\u003cbr /\u003ebin/elasticsearch # restart the server\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003e2. Creating a watch\u003c/h4\u003e\u003cp\u003eThe Watcher plugin for elasticsearch provides an API to create and manipulate scheduled tasks, or \"watches\". A \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/introduction.html#_watcher_concepts\"\u003eWatch\u003c/a\u003e will query the data in the elasticsearch cluster according to its schedule, look for certain scenarios (like the presence of an error event) and execute actions. Examples of \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/customizing-actions.html\"\u003eactions\u003c/a\u003e are sending an email, writing a document to an index, calling an outside HTTP endpoint, and more..\u003c/p\u003e\u003cp\u003eFor this test, I created a simple watch that:\u003c/p\u003e\u003cul\u003e\u003cli\u003eevery minute\u003c/li\u003e\u003cli\u003ecounts number of HTTP requests that resulted in a 404\u003c/li\u003e\u003cli\u003eposts result to http://localhost:8080\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis is the resulting JSON document I need to send to Watcher:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e \"trigger\" : {\u003cbr /\u003e \"schedule\" : { \"cron\" : \"0 0/1 * * * ?\" }\u003cbr /\u003e },\u003cbr /\u003e \"input\" : {\u003cbr /\u003e \"search\" : {\u003cbr /\u003e \"request\" : {\u003cbr /\u003e \"indices\" : [\u003cbr /\u003e \"logstash*\"\u003cbr /\u003e ],\u003cbr /\u003e \"body\" : {\u003cbr /\u003e \"query\" : {\u003cbr /\u003e \"term\": { \"response\": 404 }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"actions\" : {\u003cbr /\u003e \"my_webhook\" : {\u003cbr /\u003e \"webhook\" : {\u003cbr /\u003e \"auth\" : {\u003cbr /\u003e \"basic\" : {\u003cbr /\u003e \"username\" : \"guest\",\u003cbr /\u003e \"password\" : \"guest\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"method\" : \"POST\",\u003cbr /\u003e \"host\" : \"127.0.0.1\",\u003cbr /\u003e \"port\" : 8080,\u003cbr /\u003e \"path\": \"/{{ctx.watch_id}}\",\u003cbr /\u003e \"body\" : \"{{ctx.payload.hits.total}}\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eTo install this watch you need to create it in Elasticsearch by executing a PUT request:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ecurl -XPUT 'http://localhost:9200/_watcher/watch/my-watch' -d @create_webhook.json\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003e3. Logstash setup\u003c/h4\u003e\u003cpre class=\"prettyprint\"\u003ewget http://download.elastic.co/logstash/logstash/logstash-1.5.2.tar.gz\u003cbr /\u003etar -zxf logstash-1.5.2.tar.gz\u003cbr /\u003ecd logstash-1.5.2\u003cbr /\u003ebin/logstash -e \"input { http { } } output { stdout { codec =\u0026gt; rubydebug} }\"\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003e4. Results\u003c/h4\u003e\u003cp\u003eAfter launching an ingestion process in another terminal, Logstash starts receiving 1 notification per minute in the form of a HTTP POST:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e% bin/logstash -e \"input { http { } } output { stdout { codec =\u0026gt; rubydebug} }\" \u003cbr /\u003eLogstash startup completed\u003cbr /\u003e{\u003cbr /\u003e \"message\" =\u0026gt; \"330\",\u003cbr /\u003e \"@version\" =\u0026gt; \"1\",\u003cbr /\u003e \"@timestamp\" =\u0026gt; \"2015-06-02T12:53:00.037Z\",\u003cbr /\u003e \"headers\" =\u0026gt; {\u003cbr /\u003e \"content_type\" =\u0026gt; \"application/x-www-form-urlencoded\",\u003cbr /\u003e \"request_method\" =\u0026gt; \"POST\",\u003cbr /\u003e \"request_path\" =\u0026gt; \"/my-watch\",\u003cbr /\u003e \"request_uri\" =\u0026gt; \"/my-watch?\",\u003cbr /\u003e \"http_version\" =\u0026gt; \"HTTP/1.1\",\u003cbr /\u003e \"http_authorization\" =\u0026gt; \"Basic Z3Vlc3Q6Z3Vlc3Q=\",\u003cbr /\u003e \"http_accept_charset\" =\u0026gt; \"UTF-8\",\u003cbr /\u003e \"http_cache_control\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_pragma\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_user_agent\" =\u0026gt; \"Java/1.8.0_20\",\u003cbr /\u003e \"http_host\" =\u0026gt; \"127.0.0.1:8080\",\u003cbr /\u003e \"http_accept\" =\u0026gt; \"text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\",\u003cbr /\u003e \"http_connection\" =\u0026gt; \"keep-alive\",\u003cbr /\u003e \"content_length\" =\u0026gt; \"12\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e{\u003cbr /\u003e \"message\" =\u0026gt; \"3103\",\u003cbr /\u003e \"@version\" =\u0026gt; \"1\",\u003cbr /\u003e \"@timestamp\" =\u0026gt; \"2015-06-02T12:54:00.030Z\",\u003cbr /\u003e \"headers\" =\u0026gt; {\u003cbr /\u003e \"content_type\" =\u0026gt; \"application/x-www-form-urlencoded\",\u003cbr /\u003e \"request_method\" =\u0026gt; \"POST\",\u003cbr /\u003e \"request_path\" =\u0026gt; \"/my-watch\",\u003cbr /\u003e \"request_uri\" =\u0026gt; \"/my-watch?\",\u003cbr /\u003e \"http_version\" =\u0026gt; \"HTTP/1.1\",\u003cbr /\u003e \"http_authorization\" =\u0026gt; \"Basic Z3Vlc3Q6Z3Vlc3Q=\",\u003cbr /\u003e \"http_accept_charset\" =\u0026gt; \"UTF-8\",\u003cbr /\u003e \"http_cache_control\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_pragma\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_user_agent\" =\u0026gt; \"Java/1.8.0_20\",\u003cbr /\u003e \"http_host\" =\u0026gt; \"127.0.0.1:8080\",\u003cbr /\u003e \"http_accept\" =\u0026gt; \"text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\",\u003cbr /\u003e \"http_connection\" =\u0026gt; \"keep-alive\",\u003cbr /\u003e \"content_length\" =\u0026gt; \"13\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e{\u003cbr /\u003e \"message\" =\u0026gt; \"6071\",\u003cbr /\u003e \"@version\" =\u0026gt; \"1\",\u003cbr /\u003e \"@timestamp\" =\u0026gt; \"2015-06-02T12:55:00.031Z\",\u003cbr /\u003e \"headers\" =\u0026gt; {\u003cbr /\u003e \"content_type\" =\u0026gt; \"application/x-www-form-urlencoded\",\u003cbr /\u003e \"request_method\" =\u0026gt; \"POST\",\u003cbr /\u003e \"request_path\" =\u0026gt; \"/my-watch\",\u003cbr /\u003e \"request_uri\" =\u0026gt; \"/my-watch?\",\u003cbr /\u003e \"http_version\" =\u0026gt; \"HTTP/1.1\",\u003cbr /\u003e \"http_authorization\" =\u0026gt; \"Basic Z3Vlc3Q6Z3Vlc3Q=\",\u003cbr /\u003e \"http_accept_charset\" =\u0026gt; \"UTF-8\",\u003cbr /\u003e \"http_cache_control\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_pragma\" =\u0026gt; \"no-cache\",\u003cbr /\u003e \"http_user_agent\" =\u0026gt; \"Java/1.8.0_20\",\u003cbr /\u003e \"http_host\" =\u0026gt; \"127.0.0.1:8080\",\u003cbr /\u003e \"http_accept\" =\u0026gt; \"text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\",\u003cbr /\u003e \"http_connection\" =\u0026gt; \"keep-alive\",\u003cbr /\u003e \"content_length\" =\u0026gt; \"13\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eA more complex example\u003c/h3\u003e\u003cp\u003eNow that we know how to trigger notification events from Watcher, we can leverage the plugin ecosystem in Logstash to escalate notifications depending in a certain criteria. This following config will:\u003c/p\u003e\u003cul\u003e\u003cli\u003econtinuously update the number of 404 requests in \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-outputs-statsd.html\"\u003estatsd\u003c/a\u003e\u003c/li\u003e\u003cli\u003eif the count reaches 10000 then send a message to \u003ca href=\"https://www.elastic.co/guide/en/watcher/2.4/configuring-hipchat.html\"\u003eHipChat\u003c/a\u003e, or\u003c/li\u003e\u003cli\u003eif reaches 40000, notify \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-outputs-pagerduty.html\"\u003ePagerDuty\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003einput {\u003cbr /\u003e http { }\u003cbr /\u003e}\u003cbr /\u003efilter {\u003cbr /\u003e if [headers][request_path] == \"/my-watch\" {\u003cbr /\u003e mutate { convert =\u0026gt; [\"message\", \"integer\" ] }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003eoutput {\u003cbr /\u003e if [headers][request_path] == \"/my-watch\" {\u003cbr /\u003e if [message] \u0026gt; 40000 { # way too many, notify pagerduty\u003cbr /\u003e pagerduty {\u003cbr /\u003e description =\u0026gt; \"%{host} - Apache: Very high number of 404\"\u003cbr /\u003e details =\u0026gt; {\u003cbr /\u003e \"timestamp\" =\u0026gt; \"%{@timestamp}\"\u003cbr /\u003e \"message\" =\u0026gt; \"%{message}\"\u003cbr /\u003e }\u003cbr /\u003e service_key =\u0026gt; \"apikeyforlogstashservice\"\u003cbr /\u003e incident_key =\u0026gt; \"logstash/apacheservice\"\u003cbr /\u003e }\u003cbr /\u003e } else if [message] \u0026gt; 10000 { # unusual amount, notify devs in hipchat\u003cbr /\u003e hipchat {\u003cbr /\u003e from =\u0026gt; \"logstash\"\u003cbr /\u003e room_id =\u0026gt; \"dev\"\u003cbr /\u003e token =\u0026gt; \"[api key]\"\u003cbr /\u003e format =\u0026gt; \"Very high number of 404 requests: %{message}\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e # always update count of 404 in statsd\u003cbr /\u003e statsd { gauge =\u0026gt; [ \"http.status.404\", \"%{message}\" ] }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThat's it! Next is an example using GitHub instead of Watcher as the source of notifications.\u003c/p\u003e\u003ch3\u003eReceiving updates from GitHub\u003c/h3\u003e\u003cp\u003eGitHub allows you to receive commit \u003ca href=\"https://help.github.com/articles/receiving-email-notifications-for-pushes-to-a-repository/\"\u003enotifications\u003c/a\u003e, so let's receive those in Logstash through the HTTP input plugin. The steps I needed to accomplish this were:\u003c/p\u003e\u003col\u003e\u003cli\u003eCreating a VM with Logstash and launching an instance with the HTTP input plugin\u003c/li\u003e\u003cli\u003eSetting up the \u003ca href=\"https://help.github.com/articles/receiving-email-notifications-for-pushes-to-a-repository/\"\u003eGitHub webhook\u003c/a\u003e on a repository that will post notifications to the VM\u003c/li\u003e\u003cli\u003eDoing a commit on the repository to see the flow in action!\u003c/li\u003e\u003c/ol\u003e\u003ch4\u003e1. Logstash setup\u003c/h4\u003e\u003cp\u003eI created a VM on Amazon with TCP port 9200 open:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0050381633805b61/67c97b253661f25efecca582/introducing-the-logstash-http-input-plugin-vm-amazon.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003eThen setup and start logstash:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ewget http://download.elastic.co/logstash/logstash/logstash-1.5.2.tar.gz\u003cbr /\u003etar -zxf logstash-1.5.2.tar.gz\u003cbr /\u003ecd logstash-1.5.2\u003cbr /\u003ebin/logstash -e \"input { http { port =\u0026gt; 9200 } } output { stdout { codec =\u0026gt; rubydebug} }\"\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWhy a VM? I needed Logstash to be accessible from the internet, and exposing a port on my home network router was complicated..\u003c/p\u003e\u003ch4\u003e2. Github webhook setup\u003c/h4\u003e\u003cp\u003eI created a GitHub repo under my account called \u003ca href=\"https://github.com/jsvd/test-repo\"\u003etest-repo\u003c/a\u003e. There I set up a webhook and pointed it at the VM:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ebe72cf822118aa/67c97b61959e4ed286e4d954/introducing-the-logstash-http-input-plugin-webhook.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003ch4\u003e3. Generating events\u003c/h4\u003e\u003cp\u003eLet's generate 1 commit so GitHub will notify Logstash:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003egit clone https://github.com/jsvd/test-repo\u003cbr /\u003ecd test-repo\u003cbr /\u003eecho 1 \u0026gt;\u0026gt; a\u003cbr /\u003egit commit -a -m \"new commit\"\u003cbr /\u003egit push\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003e4. Result\u003c/h4\u003e\u003cp\u003eOn the VM, Logstash received (output shortened for readability, \u003ca href=\"https://gist.github.com/jsvd/bef30e62b0b9bd599615\"\u003efull output here\u003c/a\u003e):\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e$ bin/logstash -e \"input { http { port =\u0026gt; 9200 } } output { stdout { codec =\u0026gt; rubydebug} }\"\u003cbr /\u003e{\u003cbr /\u003e \"ref\" =\u0026gt; \"refs/heads/master\",\u003cbr /\u003e \"before\" =\u0026gt; \"22dc008b4a9a612ff3fc55b02fabd551a582e271\",\u003cbr /\u003e \"after\" =\u0026gt; \"9046cd06b307dec789248a72c9f36630decc037a\",\u003cbr /\u003e \"created\" =\u0026gt; false,\u003cbr /\u003e \"deleted\" =\u0026gt; false,\u003cbr /\u003e \"forced\" =\u0026gt; false,\u003cbr /\u003e \"base_ref\" =\u0026gt; nil,\u003cbr /\u003e \"compare\" =\u0026gt; \"https://github.com/jsvd/test-repo/compare/22dc008b4a9a...9046cd06b307\",\u003cbr /\u003e \"commits\" =\u0026gt; [\u003cbr /\u003e [0] {\u003cbr /\u003e \"id\" =\u0026gt; \"9046cd06b307dec789248a72c9f36630decc037a\",\u003cbr /\u003e \"distinct\" =\u0026gt; true,\u003cbr /\u003e \"message\" =\u0026gt; \"new commit\",\u003cbr /\u003e \"timestamp\" =\u0026gt; \"2015-06-02T14:58:14+01:00\",\u003cbr /\u003e \"url\" =\u0026gt; \"https://github.com/jsvd/test-repo/commit/9046cd06b307dec789248a72c9f36630decc037a\",\u003cbr /\u003e \"author\" =\u0026gt; {\u003cbr /\u003e \"name\" =\u0026gt; \"Joao Duarte\",\u003cbr /\u003e \"email\" =\u0026gt; \"XXXXXXXXXXXX\",\u003cbr /\u003e \"username\" =\u0026gt; \"jsvd\"\u003cbr /\u003e },\u003cbr /\u003e \"committer\" =\u0026gt; {\u003cbr /\u003e \"name\" =\u0026gt; \"Joao Duarte\",\u003cbr /\u003e \"email\" =\u0026gt; \"XXXXXXXXXXXX\",\u003cbr /\u003e \"username\" =\u0026gt; \"jsvd\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ],\u003cbr /\u003e \"head_commit\" =\u0026gt; {\u003cbr /\u003e \"id\" =\u0026gt; \"9046cd06b307dec789248a72c9f36630decc037a\",\u003cbr /\u003e \"distinct\" =\u0026gt; true,\u003cbr /\u003e \"message\" =\u0026gt; \"new commit\",\u003cbr /\u003e \"timestamp\" =\u0026gt; \"2015-06-02T14:58:14+01:00\",\u003cbr /\u003e \"url\" =\u0026gt; \"https://github.com/jsvd/test-repo/commit/9046cd06b307dec789248a72c9f36630decc037a\",\u003cbr /\u003e \"author\" =\u0026gt; {\u003cbr /\u003e \"name\" =\u0026gt; \"Joao Duarte\",\u003cbr /\u003e \"email\" =\u0026gt; \"XXXXXXXXXXXX\",\u003cbr /\u003e \"username\" =\u0026gt; \"jsvd\"\u003cbr /\u003e },\u003cbr /\u003e \"committer\" =\u0026gt; {\u003cbr /\u003e \"name\" =\u0026gt; \"Joao Duarte\",\u003cbr /\u003e \"email\" =\u0026gt; \"XXXXXXXXXXXX\",\u003cbr /\u003e \"username\" =\u0026gt; \"jsvd\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eThis input plugin opens up an incredible amount of possible scenarios since a lot of applications use webhooks and know how to export data using HTTP requests.\u003c/p\u003e\u003cp\u003eI'm already thinking of a ton of ideas where I can leverage this plugin, how are you going to use it?\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:12:48.786Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","publish_date":"2015-07-09T13:38:51.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Introducing the Logstash HTTP input plugin","title_l10n":"Introducing the Logstash HTTP input plugin","updated_at":"2025-03-10T12:33:32.016Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/introducing-logstash-input-http-plugin","publish_details":{"time":"2025-03-10T12:33:35.378Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc420a7ae65dd972e","_version":29,"locale":"en-us","ACL":{},"abstract_l10n":"Provide your SOC team with a unified, pre-built SIEM detection rule experience.","author":["blt038f616a5d7994a3","blt1ed10b221239128a","bltc1a27bf09861513f"],"body_l10n":"\u003cp\u003eWith the release of \u003ca href=\"https://www.elastic.co/blog/elastic-security-7-6-0-released\" target=\"_self\"\u003eElastic Security 7.6\u003c/a\u003e, we've announced our creation of\u0026nbsp;a modern detection engine that provides SOC teams with a unified SIEM rule experience through\u0026nbsp;Elastic SIEM detections.\u0026nbsp;The\u0026nbsp;detection engine draws from a purpose-built set of Elasticsearch analytics engines\u0026nbsp;and runs on a new distributed execution platform in Kibana.\u0026nbsp;In this post, we provide a brief overview of the flow of detections in Elastic SIEM and discuss the new UI and backend features that help these detections work seamlessly for our users.\u003c/p\u003e\n\u003cp\u003eBefore we jump into detections, a quick note: if you are ready to try the SIEM app, check out our \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-1-getting-started\" target=\"_self\"\u003eSIEM for small businesses and at home\u0026nbsp;blog series\u003c/a\u003e. The series\u0026nbsp;covers getting set up on the cloud with our free \u003ca href=\"https://www.elastic.co/products/elasticsearch/service\" target=\"_self\"\u003etrial of Elasticsearch Service\u003c/a\u003e, using Beats to securely collect and stream data from your systems to the SIEM, and more. (It’s far easier than you would think!) We also offer a \u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/install-siem.html\" target=\"_self\"\u003egetting started guide\u0026nbsp;for hybrid deployments\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUI workflow for signal management\u003c/h2\u003e\n\u003cp\u003eThe bread and butter of Elastic SIEM detections\u0026nbsp;are signals, which are Elasticsearch documents created when a signal detection rule's conditions are satisfied. In the simplest case, one signal document is created for each event matching the query defined in the rule. The signal document contains a copy of the fields from the matching document, and is kept in a separate signals index. The original events are not modified when a signal is created.\u003c/p\u003e\n\u003cp\u003eSignals are surfaced in the SIEM app. When a practitioner first sees a new signal, it is in an open state. After analysis and determining the next steps, the practitioner changes it to a closed state. All of these changes can be managed in the Detections view in the SIEM app.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt828482255973f9c4/5e669becc39d9b5d36c3d124/siem_detections_histogram_sorted_risk_score.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eThe signal\u0026nbsp;count histogram shows open signals and enables quick comparisons across key attributes:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eScore, severity, type, name, or MITRE ATT\u0026amp;CK™ tactic name\u0026nbsp;\u003c/li\u003e\n \u003cli\u003eSource or destination IP address\u003c/li\u003e\n \u003cli\u003eEvent action or \u003ca href=\"https://www.elastic.co/guide/en/ecs/1.4/ecs-allowed-values-event-category.html\" target=\"_self\"\u003ecategory\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eHost or user name\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltebdcb7c7316b8bb7/5e669d474e03445d41facf35/siem_detections_signal_histogram.gif\" /\u003e\u003c/p\u003e\n\u003cp\u003eInvestigating signals in the Timeline is the next step:\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4e14d9a0b0452596/5e669de00b333d44908d0e40/siem_detections_signals_timeline_view_in_timeline_with_id.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eIf you did not specify a timeline template when\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/rules-ui-create.html#create-rule-ui\" target=\"_self\"\u003ecreating a rule\u003c/a\u003e, the Timeline is populated with a signal document. If you did specify a timeline template, the Timeline will be populated with what the user saved, speeding up investigations for certain types of rules.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ddf4e3f1426a1a2/5e669dad6d9a795c6ecf10d4/siem_detections_signals_timeline_view_in_timeline_with_template.png\" /\u003e\u003c/p\u003e\n\u003cp\u003ePractitioners can view alerts from external alerting systems, such as\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-endpoint-security\" target=\"_self\"\u003eElastic Endpoint Security\u003c/a\u003e, Suricata, or Zeek, in the dedicated `External alerts` tab. Many organizations also implement rules generating signals for high-value external alerts so that they can benefit from the enhanced investigative workflow for signals.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt761ddf4865c94d43/5e669f706a12c038f19ec035/siem_detections_external_alerts_tab.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eOnce a signal or set of signals has been investigated to the analyst’s satisfaction, they can close the signals individually or in bulk. Signals can also be reopened, if necessary. We’re working on ways to automate the closing of signals in future releases.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltda92d9e0aceff2b7/5e669fc018b328555145dd83/siem_detections_signals_close_signal_hover.png\" /\u003e\u003c/p\u003e\n\u003ch2\u003eUI workflow for creation of rules\u003c/h2\u003e\n\u003cp\u003eFor signals to start showing up, detections need rules to run! Creating a rule for\u0026nbsp;SIEM detections is simple and straightforward. It comes down to three basic steps:\u003c/p\u003e\n\u003cp\u003e1) Generate the query to be used each time the rule runs. This query can be Lucene syntax, \u003ca href=\"https://www.elastic.co/guide/en/kibana/7.6/kuery-query.html\" target=\"_self\"\u003eKQL\u003c/a\u003e, a saved search, or the query can be imported from a saved timeline (with many more options for rule queries currently under development for future release):\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1a892690f4dc394/5e66a04363a80b5c6fc5a1bf/siem_detections_create_rule_custom_query.png\" /\u003e\u003c/p\u003e\n\u003cp\u003e2) Add some information describing the rule (title, description, etc.):\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt950d4ac86c74a8c6/5e66a09b6d9a795c6ecf10da/siem_detections_create_about_rule.png\" /\u003e\u003c/p\u003e\n\u003cp\u003e3) Schedule the interval the rule should run at and any\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/rules-ui-create.html#create-rule-ui\" target=\"_self\"\u003eadditional look-back time\u003c/a\u003e\u0026nbsp;for sanity checks. We generally recommend some amount of look-back time to allow for delays that may occur in a given user's ingestion pipeline. We also recommend some look-back time as the rules are not guaranteed to run exactly at their scheduled interval and therefore might be delayed between runs. An overloaded task manager worker queue or insufficient \u003ca href=\"https://www.elastic.co/blog/advanced-tuning-finding-and-fixing-slow-elasticsearch-queries\" target=\"_self\"\u003ecomputing resources\u003c/a\u003e\u0026nbsp;can cause these delays.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7175ab0a1e156ec1/5e66a0cc329c6c3829894d56/siem_detections_create_rule_schedule.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eThese three things are the basic components that make up a detections rule. We also provide settings to classify this rule according to MITRE ATT\u0026amp;CK tactics and techniques, as well as\u0026nbsp;links to additional references.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltadabd5e1e1fac099/5e66a11f63a80b5c6fc5a1c5/siem_detections_create_advanced_settings_blank_timeline.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eUsers can also perform actions on existing rules individually or in bulk, such as duplicate (for customizations), deactivate, export, and delete rules. We also have a guide for more information on\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/rules-ui-create.html\" target=\"_self\"\u003egeneral rule management\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd9fc55f1c8850ce7/5e66a1540b333d44908d0e52/siem_detections_rules_deactivate_selected.png\" /\u003e\u003c/p\u003e\n\u003ch2\u003ePrebuilt rules\u003c/h2\u003e\n\u003cp\u003eRules can be difficult to develop and are time intensive to test. Because of this, detections started with 92 prebuilt rules developed by the Intelligence \u0026amp; Analytics team at Elastic Security\u0026nbsp;and\u0026nbsp;have\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/securing-our-own-endpoints-with-elastic-security\" target=\"_self\"\u003ebeen used extensively at Elastic in a production environment\u003c/a\u003e. New\u0026nbsp;rules that respond to the latest critical threats are\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/playing-defense-against-gamaredon-group\" target=\"_self\"\u003econtinuously being developed\u003c/a\u003e. Getting them loaded and ready to run is as easy as a click of a button! You can read more about using and tuning the pre-built rules\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/prebuilt-rules.html\" target=\"_self\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte20be84367f8f502/5e66a17e18b328555145dd8b/siem_detections_signal_rules_load_prebuilt_rules_screen.png\" /\u003e\u003c/p\u003e\n\u003ch2\u003eDetections implementation details\u003c/h2\u003e\n\u003cp\u003eShortly after\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/alerting-in-the-elastic-stack\" target=\"_self\"\u003eAlerting in the Elastic Stack\u003c/a\u003e\u0026nbsp;made its way into Kibana to provide support for alerts as first-class entities, Elastic SIEM utilized alerting for the foundation of detections. Behind the UI, detections uses an\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/siem/guide/7.6/rule-api-overview.html\" target=\"_self\"\u003eAPI\u003c/a\u003e\u0026nbsp;layered on top of the\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/alerting/README.md\" target=\"_self\"\u003eAlerting API\u003c/a\u003e. The SIEM detections API brings convenience, workflows (such as opening and closing signals), the domain specifics of security (such as MITRE ATT\u0026amp;CK identification), and\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/kibana/7.6/kuery-query.html\" target=\"_self\"\u003eKQL Support\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfc2a6219ce8d8cd5/5e66a1a418b328555145dd91/siem_detections_rules_define_rule_saved_query.png\" /\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eRules run behind the scenes by creating an API Key\u0026nbsp;and then utilizing that API Key to make requests on behalf of the user using\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.6/search-request-body.html#request-body-search-search-after\" target=\"_self\"\u003esearch after\u003c/a\u003e\u0026nbsp;to find matching events and\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.6/docs-bulk.html\" target=\"_self\"\u003ebulk create\u003c/a\u003e\u0026nbsp;to copy the information from the event into a signal document in the signal index. A signal is made up of the rule details and the details of the original event document matched by the rule.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfc78b7cafe4517d9/5e66a1bf0b6249392652ce1d/siem_detections_api_key_screen.png\" /\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eIf more than 100 matching documents are found in a single rule execution, only the last 100 matches —\u0026nbsp;by descending `@timestamp` sort order —\u0026nbsp;are copied to the signals index. The signals index is automatically created per Kibana space the first time you visit the signal detection rules page. The index name format is `.siem-signals-\u003cspace name\u003e`. For the default space or, if spaces are not enabled, the signals index name will be `.siem-signals-default`. Each signals index created for each space has an index\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/index/signals_policy.json\" target=\"_self\"\u003elifecycle management\u003c/a\u003e\u0026nbsp;setting of 50 GB or 30 days before it rolls over.\u0026nbsp; Signals'\u0026nbsp;indices\u0026nbsp;are retained indefinitely.\u003c/space\u003e\n\u003c/p\u003e\n\u003cp\u003eThe mapping of the SIEM signals index is a combination of\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/index/ecs_mapping.json\" target=\"_self\"\u003eElastic Common Schema (ECS)\u003c/a\u003e\u0026nbsp;and a custom mapping of our definition of what a\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/index/signals_mapping.json\" target=\"_self\"\u003esignal is\u003c/a\u003e. When a matching document is detected from the rule query, it will copy the fields over from the source indices\u0026nbsp;and the resulting signal fields will be searchable if the fields in the source document are compliant with\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/introducing-the-elastic-common-schema\" target=\"_self\"\u003eECS\u003c/a\u003e. If the fields from the source indices\u0026nbsp;are not part of ECS, they will still be stored in the signal’s `_source` and viewable within Timeline and other parts of the application. However, they will not be searchable.\u003c/p\u003e\n\u003ch2\u003eScalability\u003c/h2\u003e\n\u003cp\u003eThe detections UI is built atop the newly developed\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/alerting/README.md\" target=\"_self\"\u003eKibana Alerting framework\u003c/a\u003e\u0026nbsp;and the Kibana task manager. These two provide horizontal and vertical scaling capabilities, allowing flexibility that best suits whatever hardware is available at the time. Kibana\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/plugins/task_manager/server/README.md\" target=\"_self\"\u003etask manager workers\u003c/a\u003e\u0026nbsp;can be increased in number to take advantage of vertical scaling, or can be replicated across separate Kibana instances and scaled horizontally.\u003c/p\u003e\n\u003cp\u003eWhen multiple Kibana instances are running, the task managers will coordinate across the wire to balance the tasks across the instances. By updating the number of max_workers inside of the kibana.yml file from it’s default of 10, you can vertically scale up or down to appropriately allocate resources more efficiently per Kibana node.\u003c/p\u003e\n\u003ch2\u003eSignal deduplication\u003c/h2\u003e\n\u003cp\u003eWhen a rule is running, it generates signals based on the events that it finds that match the rule’s query. Sometimes duplicate signals can be created either by overlapping queries in separate rules or by a rule running twice in a row and catching the same signal due to a long additional look-back time. To prevent a duplicate signal from appearing in the signals table, we identify signals based on the index the source event is from, the source event’s document id, the source event’s version number, and the running rule’s id. By hashing on\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/blob/v7.6.0/x-pack/legacy/plugins/siem/server/lib/detection_engine/signals/utils.ts#L11-L19\" target=\"_self\"\u003ethese properties\u003c/a\u003e, we ensure only unique signals are added to the signals index.\u003c/p\u003e\n\u003ch2\u003eErrors\u003c/h2\u003e\n\u003cp\u003eSometimes errors will appear due to a syntax error in a rule’s query or some other issue during a rule’s execution period. We bubble these up in the errors tab on the rule details page. We plan to expand the visibility of rule execution information and general rule monitoring in the future.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltffc432e29392e581/5e66a1de0b6249392652ce23/siem_detections_error_string.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eAnd here we can see the failure history, which displays the last five errors that occurred during rule execution:\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt92ce96e19860407b/5e66a1f6c39d9b5d36c3d13e/siem_detections_failure_history_tab.png\" /\u003e\u003c/p\u003e\n\u003ch2\u003eSIEM detections of tomorrow\u003c/h2\u003e\n\u003cp\u003eThe most exciting part of working on and releasing this Elastic SIEM detections beta is the early and continuous community feedback on the\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/c/siem\" target=\"_self\"\u003eElastic SIEM discussion forum\u003c/a\u003e\u0026nbsp;and our\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/issues?utf8=%E2%9C%93\u0026q=is%3Aopen+is%3Aissue+label%3ATeam%3ASIEM+detection\" target=\"_self\"\u003eopen feature tracking list\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eWe have big plans for making\u0026nbsp;detections even more powerful. Expanding rule queries to include aggregations, machine learning jobs, and EQL are just a few of them. If you think of something that is a great \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003esecurity use case\u003c/a\u003e or want to ask a question or two about what is happening, please join us!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-03-09T19:31:15.474Z","created_by":"bltfc54a1df6ec15d9e","disclaimer":["blta06a046e82d04210"],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"bltdbdbc176deb1b2e1","ACL":{},"content_type":"image/jpeg","created_at":"2020-01-24T21:38:05.636Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"182706","filename":"blog-banner-gears-steel.jpg","parent_uid":null,"tags":[],"title":"blog-banner-gears-steel.jpg","updated_at":"2020-11-25T18:39:33.932Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T18:39:36.297Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdbdbc176deb1b2e1/5fbea4e53cdbef7187cea40c/blog-banner-gears-steel.jpg"},"markdown_l10n":"","publish_date":"2020-03-11T15:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic SIEM detection engine with pre-built rules and analytics.","seo_description_l10n":"The Elastic SIEM detection Engine with pre-built rules and analytics provides SOC teams with a unified SIEM rule experience that draws from a purpose-built set of Elasticsearch analytics engines, and runs on a new distributed execution platform in Kibana.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltc84da5736cde2608","ACL":{},"content_type":"image/jpeg","created_at":"2020-01-24T21:38:05.708Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"130591","filename":"blog-thumb-gears-steel.jpg","parent_uid":null,"tags":[],"title":"blog-thumb-gears-steel.jpg","updated_at":"2020-11-25T18:39:15.354Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T18:39:27.266Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc84da5736cde2608/5fbea4d33cdbef7187cea40a/blog-thumb-gears-steel.jpg"},"title":"Elastic SIEM detections","title_l10n":"Elastic SIEM detections","updated_at":"2025-03-10T12:31:22.842Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-siem-detections","publish_details":{"time":"2025-03-10T12:31:26.503Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5db56c6fc846de6b","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt6122634fb71c4152"],"body_l10n":"\u003ch2\u003eStrap on your goggles...\u003c/h2\u003e\n\u003cp\u003eIn the movie \u003ca href=\"http://www.imdb.com/title/tt0093773/\" target=\"_blank\"\u003ePredator\u003c/a\u003e, the alien has a sophisticated thermal imaging system that allows him to single out his human prey by observing the heat differences between their bodies and the environment in which they are hiding.\u003c/p\u003e\n\u003cp\u003eThe new \u003ca href=\"/guide/en/elasticsearch/reference/current/search-aggregations-bucket-significantterms-aggregation.html\" target=\"_self\"\u003esignificant terms aggregation\u003c/a\u003e behaves like the Predator's vision, identifying interesting things that stand out from the background (not by observing heat differentials but by observing term frequency differentials). Terms of interest in a result set stand out clearly like the heat signal of a monosyllabic Austrian bodybuilder sweating behind a fern.\u003c/p\u003e\n\u003ch2\u003eRevealing the uncommonly common\u003c/h2\u003e\n\u003cp\u003eThe trick behind the significant terms aggregation is in spotting terms that are significantly more common in a result set than they are in the general background of data from which they are drawn. These are what you might call uncommonly common terms and examples of the real insights these can give include:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eThe words \"coil spring\" are revealed as a significant cause of the reported failures on a particular car model \u003cem\u003e(the most popular word in the car's fault reports is \"the\" but that is hardly significant)\u003c/em\u003e\u003c/li\u003e\n \u003cli\u003ePeople who liked the movie \"Talladega Nights\" also liked the movie \"Blades of Glory\" \u003cem\u003e(their most commonly-liked movie is \"Shawshank redemption\" but that is irrelevant as this is generally popular)\u003c/em\u003e\u003c/li\u003e\n \u003cli\u003eCredit cards reporting losses are shown to share a historical payment to an obscure website \u003cem\u003e(the most common payee in their transactions is typically not significant - big merchants such as iTunes are equally popular with non-compromised credit cards)\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn the following sections we present worked examples of just some of the useful applications of this new feature:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"#geo\" title=\"Geographic anomalies\" target=\"_self\"\u003eDetecting geographic anomalies\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#fault\" title=\"Root cause analysis in fault reports\" target=\"_self\"\u003eRoot cause analysis in fault reports\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#classifier\" title=\"Training classifiers\" target=\"_self\"\u003eTraining classifiers\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#miscat\" title=\"Revealing badly categorised content\" target=\"_self\"\u003eRevealing badly categorised content\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#credit\" title=\"Common point of compromise analysis\" target=\"_self\"\u003eDetecting credit card fraud\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#recommend\" title=\"movie recommendations\" target=\"_self\"\u003eMaking product recommendations\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch3\u003e\u003ca id=\"geo\" href=\"#geo\" target=\"_self\"\u003e\u003c/a\u003eUse case: Geographic anomalies\u003c/h3\u003e\n\u003cp\u003eThis XKCD cartoon neatly summarises the issue with the typical forms of mapping analysis:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt18f33e2627493ce3/67c97a622c963b0bd61bdb1d/heatmap.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eThe significant terms aggregation can help overcome this problem.\u003c/p\u003e\n\u003cp\u003eLet's first take all of the UK crime data for last year and break the reports down into geographic areas using the \u003ca href=\"/guide/en/elasticsearch/reference/current/search-aggregations-bucket-geohashgrid-aggregation.html\" target=\"_self\"\u003egeohash_grid aggregation\u003c/a\u003e and with a simple \u003ca href=\"/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html\" target=\"_self\"\u003eterms aggregation\u003c/a\u003e like this:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/ukcrimes/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"map\" : {\u003cbr /\u003e \"geohash_grid\" : { \u003cbr /\u003e \"field\":\"location\",\u003cbr /\u003e \"precision\":5,\u003cbr /\u003e },\u003cbr /\u003e \"aggregations\":{\u003cbr /\u003e \"most_popular_crime_type\":{\"terms\":{ \"field\" : \"crime_type\", \"size\" : 1}}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eWe end up with an XKCD-style map effectively showing us a population distribution and the less-than useful insight that anti-social behaviour is the most popular crime type \u003cem\u003eeverywhere\u003c/em\u003e:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d8f43e9adc538716645/download?uid=blt849973d79f2b1af5?uid=blt849973d79f2b1af5\" width=\"300\" height=\"223\" style=\"width: 300;height: 223;\" /\u003e\u003c/p\u003e\n\u003cp\u003eHowever, if we use the significant_terms aggregation we can get a more interesting insight into the data and reveal the unusual occurrences of crime in each location:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/ukcrimes/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"map\" : {\u003cbr /\u003e \"geohash_grid\" : { \u003cbr /\u003e \"field\":\"location\",\u003cbr /\u003e \"precision\":5,\u003cbr /\u003e },\u003cbr /\u003e \"aggregations\":{\u003cbr /\u003e \"weirdCrimes\":{\"significant_terms\":{\"field\" : \"crime_type\", \"size\":1}}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eIf we show only the top scoring areas, we move away from focusing purely on the most populated areas and the most common crime and begin to find the anomalies in our data:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d8fd8edd48f769389db/download?uid=blt18d47854cf55f7dd?uid=blt18d47854cf55f7dd\" width=\"300\" height=\"208\" style=\"width: 300;height: 208;\" /\u003e\u003c/p\u003e\n\u003cp\u003eHere, we see a relatively remote area with a disproportionately large number of Possession of Weapon crimes. If we zoom in, we can see from the sky why this is the case - this is the location of Stansted airport where passengers are routinely searched as they transit through the airport. Other spots around the country have their own curiosities - the fields where drug-related crimes peak as part of annual music festivals, the year-round bicycle thefts from university towns like Cambridge, and the prisons where it would seem a crime conducted against a fellow criminal is not really a crime so is registered with the type Other.\u003c/p\u003e\n\u003ch3\u003e\u003ca id=\"fault\" href=\"#fault\" target=\"_self\"\u003e\u003c/a\u003eUse case: Root cause analysis\u003c/h3\u003e\n\u003cp\u003eThe \u003ca href=\"http://www.nhtsa.gov/\" target=\"_self\"\u003eNational Highway Traffic Safety Association\u003c/a\u003e maintains a database of car fault reports and, like many systems for fault reports, there is a product ID and a free-text description with each report. Using the significant_terms aggregation you can identify the common reasons for product failures by examining the free-text descriptions of each product.\u003c/p\u003e\n\u003ch4\u003eExample query\u003c/h4\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/nhtsa/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"car_model\":{\u003cbr /\u003e \"terms\":{\"field\" : \"car_model\", \"size\" : 20},\u003cbr /\u003e \"aggregations\":{\u003cbr /\u003e \"reasons_for_failure\" : {\u003cbr /\u003e \"significant_terms\":{\"field\" : \"fault_description\", \"size\" : 20} \u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003ch4\u003eExample results\u003c/h4\u003e\u003cpre class=\"prettyprint noescape\"\u003e\"aggregations\": {\u003cbr /\u003e \"car_model\": {\u003cbr /\u003e \"buckets\": [\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"Taurus\",\u003cbr /\u003e \"doc_count\": 3967,\u003cbr /\u003e \"reasons_for_failure\": {\u003cbr /\u003e \"doc_count\": 3967,\u003cbr /\u003e \"buckets\": [\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"coil\",\u003cbr /\u003e \"doc_count\": 250,\u003cbr /\u003e \"score\": 0.544,\u003cbr /\u003e \"bg_count\": 1115\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"mounts\",\u003cbr /\u003e \"doc_count\": 178,\u003cbr /\u003e \"score\": 0.3969,\u003cbr /\u003e \"bg_count\": 777\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"spring\",\u003cbr /\u003e \"doc_count\": 261,\u003cbr /\u003e \"score\": 0.3668,\u003cbr /\u003e \"bg_count\": 1706\u003cbr /\u003e },\u003cbr /\u003e ...\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eTo make these keywords a more readable explanation of failures, a useful technique is to display the keywords in context (a technique commonly known by the acronym KWIC). This involves taking the keywords from the results shown above and constructing a terms query with highlighting. Here is an example javascript function to do just this:\u003c/p\u003e\n\u003ch4\u003eFetching \"keywords in context\" examples\u003c/h4\u003e\u003cpre class=\"prettyprint noescape\"\u003efunction getKWIC(car_model,buckets){ \u003cbr /\u003e var shouldClauses=[];\u003cbr /\u003e for(var i=0;i \u0026lt; buckets.length; i++)\u003cbr /\u003e {\u003cbr /\u003e //Get at least the top 5 significant keywords\u003cbr /\u003e if((shouldClauses.length \u0026gt; 5) || (buckets[i].score \u0026lt; 2)) {\u003cbr /\u003e shouldClauses.push( {\"term\" : { \"fault_description\" : { \u003cbr /\u003e \"value\" : buckets[i].key, \u003cbr /\u003e \"boost\" : buckets[i].score \u003cbr /\u003e } }});\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e var kwicQuery={\u003cbr /\u003e \"query\" :\u003cbr /\u003e {\u003cbr /\u003e \"bool\" : {\u003cbr /\u003e \"should\":shouldClauses,\u003cbr /\u003e \"must\":[{\"terms\":{\"car_model\":[car_model]}}]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\":30,\u003cbr /\u003e \"highlight\": {\u003cbr /\u003e \"pre_tags\" : [\"\u0026lt;span style=\"background-color: #f7f7a7;\"\u0026gt;\"],\u003cbr /\u003e \"post_tags\" : [\"\u0026lt;/span\u0026gt;\"], \u003cbr /\u003e \"fields\": {\"fault_description\":{\"matched_fields\": [\"fault_description\"] }}\u003cbr /\u003e } \u003cbr /\u003e };\u003cbr /\u003e dataForServer=JSON.stringify(kwicQuery);\u003cbr /\u003e var kwResultHtml=\"\";\u003cbr /\u003e $.ajax({\u003cbr /\u003e type: \"POST\",\u003cbr /\u003e url: '/nhtsa/_search',\u003cbr /\u003e dataType: 'json',\u003cbr /\u003e async: false,\u003cbr /\u003e data: dataForServer,\u003cbr /\u003e success: function (data) {\u003cbr /\u003e var hits=data.hits.hits;\u003cbr /\u003e for (h in hits){\u003cbr /\u003e //format results as html table rows \u003cbr /\u003e var snippets=hits[h].highlight.fault_description;\u003cbr /\u003e kwResultHtml+=\"\u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\";\u003cbr /\u003e for(snippet in snippets){\u003cbr /\u003e kwResultHtml+=\"\u0026lt;span\u0026gt;\"+snippets[snippet]+\"...\u0026lt;/span\u0026gt;\";\u003cbr /\u003e }\u003cbr /\u003e kwResultHtml+=\"\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt;\";\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e });\u003cbr /\u003e return kwResultHtml; \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe results of our root-cause analysis might then appear as follows:\u003c/p\u003e\n\u003cp\u003e. AS A RESULT OF THE SITUATION, I INCURRED EXPENSE TO REPLACE THE \u003cstrong\u003eCOIL SPRINGS\u003c/strong\u003e, STRUTS AND UPPER \u003cstrong\u003eMOUNTS\u003c/strong\u003e; PLUS...AS I WAS BACKING UP THE FRONT DRIVERS SIDE \u003cstrong\u003eCOIL SPRING\u003c/strong\u003e BROKE, PUNCTURING THE TIRE. IT IS THE SAME... 2001 FORD TAURUS (48302 ODOMETER) REAR \u003cstrong\u003eCOIL SPRING\u003c/strong\u003e BROKE REPLACED \u003cstrong\u003eSPRINGS\u003c/strong\u003e WITH REAR STRUTS. *NM... WAS BROKE. FORD HAS HAD A HISTORY OF \u003cstrong\u003eCOIL SPRING\u003c/strong\u003e FAILURES AND SHOULD ISSUE A RECALL ON ALL \u003cstrong\u003eSPRINGS\u003c/strong\u003e. *TR...WHILE GETTING A SCHEDULED OIL CHANGE, THE DEALER NOTICED MY \u003cstrong\u003eCOIL SPRING\u003c/strong\u003e ON THE REAR PASSENGER SIDE... TRECALL CAMPAIGN 04V332000 CONCERNING \u003cstrong\u003eCOIL SPRINGS\u003c/strong\u003e. THE \u003cstrong\u003eCOIL SPRING\u003c/strong\u003e BROKE IN THREE PLACES. IT BLEW...\u003c/p\u003e\n\u003chr /\u003e\n\u003ch3\u003e\u003ca id=\"classifier\" href=\"#classifier\" target=\"_self\"\u003e\u003c/a\u003eUse case: Training a classifier\u003c/h3\u003e\n\u003cp\u003eMany systems classify documents by assigning tag or category fields. Classifying documents can be a tedious manual process and so in this example we will train a classifier to automatically spot keywords in new documents that suggest a suitable category.\u003c/p\u003e\n\u003cp\u003eBy using The Movie Database (TMDB) data we can search for movies that contain the term vampire in their description:\u003c/p\u003e\n\u003ch4\u003eExample query\u003c/h4\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/tmdb/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\" : {\u003cbr /\u003e \"match\" : {\"overview\":\"vampire\" }\u003cbr /\u003e },\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"keywords\" : {\"significant_terms\" : {\"field\" : \"overview\"}}\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003ch4\u003eExample results\u003c/h4\u003e\u003cpre class=\"prettyprint noescape\"\u003e \"aggregations\": {\u003cbr /\u003e \"keywords\": {\u003cbr /\u003e \"doc_count\": 437,\u003cbr /\u003e \"buckets\": [\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"vampire\",\u003cbr /\u003e \"doc_count\": 437,\u003cbr /\u003e \"score\": 3790.9405,\u003cbr /\u003e \"bg_count\": 437\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"helsing\",\u003cbr /\u003e \"doc_count\": 17,\u003cbr /\u003e \"score\": 113.9480,\u003cbr /\u003e \"bg_count\": 22\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"dracula\",\u003cbr /\u003e \"doc_count\": 33,\u003cbr /\u003e \"score\": 98.3565,\u003cbr /\u003e \"bg_count\": 96\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"harker\",\u003cbr /\u003e \"doc_count\": 7,\u003cbr /\u003e \"score\": 42.5023,\u003cbr /\u003e \"bg_count\": 10\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"undead\",\u003cbr /\u003e \"doc_count\": 15,\u003cbr /\u003e \"score\": 31.9717,\u003cbr /\u003e \"bg_count\": 61\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"buffy\",\u003cbr /\u003e \"doc_count\": 4,\u003cbr /\u003e \"score\": 23.130071721937412,\u003cbr /\u003e \"bg_count\": 6\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"bloodsucking\",\u003cbr /\u003e \"doc_count\": 4,\u003cbr /\u003e \"score\": 19.8244,\u003cbr /\u003e \"bg_count\": 7\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"fangs\",\u003cbr /\u003e \"doc_count\": 5,\u003cbr /\u003e \"score\": 19.7094,\u003cbr /\u003e \"bg_count\": 11\u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThese keywords could then be cherry-picked and added to a new terms query that is registered using the Percolate API to help identify new movies that should potentially be tagged as vampire movies. Note that much of the guesswork in selecting useful keywords is avoided.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch3\u003e\u003ca id=\"miscat\" href=\"#miscat\" target=\"_self\"\u003e\u003c/a\u003eUse case: Finding mis-categorized content using the Like this but not this pattern\u003c/h3\u003e\n\u003cp\u003eFor systems that have a lot of pre-categorized content it can be useful to identify where the database maintainers have failed to categorize existing content properly. In this example we will start by looking at Reuters news articles tagged with the topic \"acquisitions\" and use significant_terms aggregation to learn some relevant keywords e.g.:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/reuters/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\" : {\u003cbr /\u003e \"match\" : {\"topics\":\"acq\" }\u003cbr /\u003e },\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"keywords\":{\"significant_terms\" : {\"field\" : \"body\", \"size\" : 20}},\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe keywords that are revealed as relevant to the \"acquisition\" news category are as follows:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"aggregations\": {\u003cbr /\u003e \"keywords\": {\u003cbr /\u003e \"doc_count\": 2340,\u003cbr /\u003e \"buckets\": [\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"acquisition\",\u003cbr /\u003e \"doc_count\": 469,\u003cbr /\u003e \"score\": 0.973,\u003cbr /\u003e \"bg_count\": 704\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"acquire\",\u003cbr /\u003e \"doc_count\": 395,\u003cbr /\u003e \"score\": 0.927,\u003cbr /\u003e \"bg_count\": 535\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"shares\",\u003cbr /\u003e \"doc_count\": 842,\u003cbr /\u003e \"score\": 0.820,\u003cbr /\u003e \"bg_count\": 2258\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"stake\",\u003cbr /\u003e \"doc_count\": 363,\u003cbr /\u003e \"score\": 0.780,\u003cbr /\u003e \"bg_count\": 529\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"inc\",\u003cbr /\u003e \"doc_count\": 1220,\u003cbr /\u003e \"score\": 0.752,\u003cbr /\u003e \"bg_count\": 4390\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"merger\",\u003cbr /\u003e \"doc_count\": 298,\u003cbr /\u003e \"score\": 0.674,\u003cbr /\u003e \"bg_count\": 416\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key\": \"acquired\",\u003cbr /\u003e \"doc_count\": 327,\u003cbr /\u003e \"score\": 0.643,\u003cbr /\u003e \"bg_count\": 513\u003cbr /\u003e },\u003cbr /\u003e ...\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe next step is to construct a like this but not this query by:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eadding the significant category keywords to a should terms query and\u003c/li\u003e\n \u003cli\u003eadding the original category field criteria to a mustNot clause\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eas follows:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/reuters/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\" : {\u003cbr /\u003e \"bool\": {\u003cbr /\u003e \"mustNot\":[ {\"match\" : {\"topics\" : \"acq\" } }],\u003cbr /\u003e \"should\":[\u003cbr /\u003e { \"terms\":{\"body\":[\"acquisition\", \"acquire\",\"shares\",\"stake\",\"inc\",\"merger\"...]}}\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe results of this query are a relevance-ranked list of news articles that should have been tagged as articles about acquisitions but have somehow slipped through the net. Below is an example match which failed to record the \"acq\" topic tag:\u003c/p\u003e\n\u003cp\u003eSalomon Brothers \u003cstrong\u003eInc\u003c/strong\u003e said it has \u003cstrong\u003eacquired\u003c/strong\u003e 21,978 convertible subordinated debentures of Harcourt... Brace Jovanovich Inc, which it says could be converted into 21,978,000 common \u003cstrong\u003eshares\u003c/strong\u003e. In a filing... them into stock. Salomon said it would have a 35.8 pct \u003cstrong\u003estake\u003c/strong\u003e in Harcourt, based on 39.4 mln \u003cstrong\u003eshares\u003c/strong\u003e.... Harcourt has said that Salomon and Mutual Shares Corp, a New York investment firm, hold a combined... some or all of their current \u003cstrong\u003estake\u003c/strong\u003e in the market or in negotiated deals,\u003c/p\u003e\n\u003chr /\u003e\n\u003ch3\u003e\u003ca id=\"credit\" href=\"#credit\" target=\"_self\"\u003e\u003c/a\u003eUse case: detecting credit card fraud\u003c/h3\u003e\n\u003cp\u003eWhen a bank's customers phone the bank and complain that they have noticed unusual transactions on their account, the bank undertakes a common point of compromise analysis. The unusual transactions that were spotted might be payment for a hotel in a country the customer has not visited but this payment is the \u003cem\u003esymptom\u003c/em\u003e of the root problem and not the \u003cem\u003ecause\u003c/em\u003e. Somewhere in a customer's credit card history of payments a merchant has deliberately stolen their details (perhaps a card-skimmer installed in a petrol station) or accidentally lost their details (perhaps a website had its database hacked). Either way, this merchant represents a common point of compromise where potentially many card details were obtained and sold on the black market. For the bank, the objective is to identify the problem merchant (or merchants) and identify their customers who may be about to experience fraudulent payments.\u003c/p\u003e\n\u003cp\u003eThe starting query would be to take a selection of compromised cards and look at all of their transactions in the last few months and summarise who they've been paying:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003ecurl -XGET \"http://localhost:9200/transactions/_search\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"terms\": {\"payer\" : [59492167, 203701197, 365610456,....]}\u003cbr /\u003e },\u003cbr /\u003e \"aggregations\" : {\u003cbr /\u003e \"payees\":{ \u003cbr /\u003e \"significant_terms\":{\"field\":\"payee\"},\u003cbr /\u003e \"aggregations\":{ \"payers\":{\"terms\":{\"field\":\"payer\"}}}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe set of payers in the query represent our unhappy customers and so the set of transactions that it matches will include a mix of happy payments but crucially the unhappy payments that led to their predicament. By using the significant_terms aggregation on the payee field, we can focus in on the merchants that appear in this fishy set of transactions disproportionately more than they would in a random sampling of predominantly happy customers. This helps tune out the popular merchants that are likely to be common with any random sample of customers and focus in on the likely points of compromise. For the selected fishy merchants, we have a child aggregation of payers so we can see just how many of our unhappy customers traded with this merchant and can visualize this as a social network diagram.\u003c/p\u003e\n\u003cp\u003eIf we only use the simpler terms aggregation we tend to focus on the popular merchants in our set and the culprit is not clear as it is hidden among the commonly common payees:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d900342dfd738265e83/download?uid=blt638dd473d7ac21f4?uid=blt638dd473d7ac21f4\" width=\"300\" height=\"222\" style=\"width: 300;height: 222;\" /\u003e\u003c/p\u003e\n\u003cp\u003eHowever when we use the significant_terms aggregation our focus shifts to the uncommonly common connector and the extra stats in the results mean we can report on what percentage of that merchant's transactions lie in this fishy set of transactions:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d900342dfd738265e90/download?uid=blt7f823a24787177db?uid=blt7f823a24787177db\" width=\"300\" height=\"247\" style=\"width: 300;height: 247;\" /\u003e\u003c/p\u003e\n\u003cp\u003eNow the culprit is much clearer. The fishiest merchant here has 13 of his total of 72 transactions in the problem set, making him our strongest suggestion. The merchant with 3 out of his 19 transactions present in this set may appear simply because the bad merchant's customers are also likely to shop at this neighbouring store. Overlaying geographic and temporal information helps these sorts of investigations and is easy to do by adding extra child aggregations into our queries.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch3\u003e\u003ca id=\"recommend\" href=\"#recommend\" target=\"_self\"\u003e\u003c/a\u003eUse case: product recommendation\u003c/h3\u003e\n\u003cp\u003eProduct recommendations are often driven by a \"people who liked this also like..\" type analysis of purchase data. The most powerful recommendation engines use complex algorithms and examine many features of the data but here we will use the significant_terms aggregation to provide reasonable results quickly using a simple set of data. In this example, we will use the publicly available \"MovieLens\" data. The first task is to index the user ratings data so that there is a single JSON document for each user listing all of the movie IDs they have liked (ratings of 4 stars or over):\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"user\": 6785,\u003cbr /\u003e \"movie\": [12, 3245, 4657, 7567, 55276, 56367...] \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eNow for any given movie we can query for all the people who liked that movie and summarise what other movies they like:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"query\": { \"terms\": { \"movie\": [46970]} },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"significantMovies\": { \"significant_terms\": { \"field\": \"movie\" }},\u003cbr /\u003e \"popularMovies\": { \"terms\": { \"field\": \"movie\" }}\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe above query first selects all fans of the movie with the ID 46970 (Talladega Nights) and then summarises their favourite movies using the terms aggregation to identify the most popular movies and the \u0026lt;code\u0026gt;significant_terms aggregation to find the more insightful \"uncommonly common\" movies.\u003c/p\u003e\n\u003cp\u003eThe results are as follows:\u003c/p\u003e\n\u003ctable class=\"legal-table\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003cth colspan=\"2\"\u003e\n \u003cp\u003e\u003cbr /\u003eTop 3 movies liked by users who like \"Talladega Nights: The Ballad of Ricky Bobby\"\u003cbr /\u003e\u003c/p\u003e\n \u003c/th\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003cth\u003e\n \u003cp\u003e\u003cbr /\u003esignificant_terms\u003cbr /\u003e\u003c/p\u003e\n \u003c/th\u003e\n \u003cth\u003e\n \u003cp\u003e\u003cbr /\u003e(Popular) terms\u003cbr /\u003e\u003c/p\u003e\n \u003c/th\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003eBlades of Glory\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003eMatrix, The\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003eAnchorman: The Legend of Ron Burgundy\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003eShawshank Redemption, The\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003eSemi-Pro\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cbr /\u003ePulp Fiction\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eThe terms aggregation looks to focus on movies that are universally popular (and arguably irrelevant) while the \u0026lt;code\u0026gt;significant_terms aggregation has focused in on movies that are particularly more popular with the fans of \"Talladega Nights\". The top 3 suggestions shown here all feature the star of Talladega Nights, Will Ferrell.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003eConclusion\u003c/h2\u003e\n\u003cp\u003eThis post illustrates a sample of what can be done with significant_terms. I am excited to see what new insights people will gain from exploring their data using this new perspective. Let us know how you are using it and help us improve the analytic capabilities. Happy hunting!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:19:32.394Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","publish_date":"2014-04-15T17:00:45.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"The new significant terms aggregation identifies interesting things that stand out from the background (not by observing heat differentials but by observing term frequency differentials).","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":null,"title":"Significant Terms Aggregation","title_l10n":"Significant Terms Aggregation","updated_at":"2025-03-10T12:29:06.387Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/significant-terms-aggregation","publish_details":{"time":"2025-03-10T12:29:14.670Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte3d29c6692d02d82","_version":25,"locale":"en-us","ACL":{},"abstract_l10n":"The Elastic Advent Calendar 2020 is now complete. Here's a recap of the final few days, as well as a summary from all 25 days.","author":["blt5b8d46bc024f3a05"],"body_l10n":"\u003cp\u003eWow, it's finally here! After 25 fantastic articles we've reached the end of the 2020 Elastic Advent series.\u003c/p\u003e\u003cp\u003eWe've covered\u0026nbsp;ECS, Synthetics, Monitoring Tekton tasks and pipelines, OpenTelemetry, log correlation with APM, Index patterns and tradeoffs for observability, Rank features, New data types, Phonetic search, Korean language search,\u0026nbsp;Elasticsearch Rust Client, Searchable snapshots, ESM, Workplace Search, App Search, Data import/export, Data visualisation, Kibana Lens, Kibana Maps, Free trainings, Preparing your certification, Preparing interviews,\u0026nbsp;and so much more. In the topics we've spoken in Chinese, English, French, German, Korean, Russian and Spanish.\u003c/p\u003e\u003cp\u003eWe hope you have enjoyed the posts, topics and information shared in them from our engineers. Here's a recap of the final few days, as well as a summary from all 25 days.\u003c/p\u003e\u003ch2\u003eThe 25 days of Elastic\u003c/h2\u003e\u003cp\u003e\u003cstrong\u003eDec 1 [english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/254953\"\u003e\u003cstrong\u003eSynthetics: proactive problem detection\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;(Elasticsearch and Python - tools for a data scientist), by Ahil PonArul\u003c/strong\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eElastic is excited to introduce synthetic monitoring to our Uptime solution. This allows for more advanced uptime checks beyond basic pings. Combined with our new User Experience UI it also enables proactive problem detection.\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eThis is a step by step example of how to set Synthetics up, as well as integrate it with APM.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 2 [german] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-2nd-2020-de-aufgemerkt-zugehort-bessere-suchresultate-mit-phonetischer-suche/257045\"\u003e\u003cstrong\u003eAufgemerkt \u0026amp; zugehört! Bessere Suchresultate mit phonetischer Suche\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Alexander Reelsen\u0026nbsp;\u003c/strong\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003ePhonetische Suche ist eine Möglichkeit, nach ähnlichen klingenden Termen zu suchen, indem ein phonetischer Hash im invertierten Index gespeichert wird. In diesem Artikel schauen wir uns einige unterschiedliche phonetische Algorithmen in Elasticsearch an und wie diese die eigene Suche verbessern können.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 3 [english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-3rd-2020-en-cross-version-elasticsearch-data-migration-with-esm/256516\"\u003e\u003cstrong\u003eCross version Elasticsearch data migration with ESM\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Medcl Zeng\u003c/strong\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eI heard that you are using Elasticsearch, that's great as, you know for search, it is the best choice, and it is evolving very fast. There are so many new and nice features coming up or already that i guess you can't wait to upgrade to the latest version, right?\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eThis blog post will explain how ESM could help to do your data migration.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 4 [english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-4th-2020-en-validate-elastic-common-schema-ecs-fields-using-security-detection-rules/254805\"\u003e\u003cstrong\u003eValidate Elastic Common Schema (ECS) fields using Security Detection Rules\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Eric Beahan\u0026nbsp;\u003c/strong\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eThe Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis.\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eElastic provides hundreds of\u0026nbsp;\u003ca href=\"https://www.elastic.co/integrations\"\u003eintegrations\u003c/a\u003e\u0026nbsp;that are ECS-compliant out-of-the-box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process. However, we can use the Elastic Security Detection Engine to help quickly identify ECS non-compliance in our events.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 5 [français/english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-5th-2020-fr-recherchez-tous-vos-documents-nimporte-ou-avec-workplace-search/254739\"\u003e\u003cstrong\u003eRecherchez tous vos documents, n'importe où, avec Workplace Search\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;|\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-5th-2020-en-searching-anything-anywhere-with-workplace-search/254740\"\u003e\u003cstrong\u003eSearching anything, anywhere with Workplace Search\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by David Pilato\u003c/strong\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eYou already know that\u0026nbsp;\u003ca href=\"https://www.elastic.co/workplace-search\"\u003eWorkplace Search\u003c/a\u003e\u0026nbsp;comes with\u0026nbsp;\u003ca href=\"https://www.elastic.co/workplace-search/content-sources\"\u003ea lot of connectors\u003c/a\u003e\u0026nbsp;which help you connect your enterprise document data sources and have a federated way to search across all that information. But what if a specific data source is not supported yet?\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eThis post will cover how you can create a custom data source to send your own data. We'll also cover an example of how this was used in the community\u0026nbsp;\u003ca href=\"https://fscrawler.readthedocs.io/\"\u003eFSCrawler project\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 6 [spanish/english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-6th-es-cargando-datos-de-osm-en-elasticsearch/255082\"\u003e\u003cstrong\u003eCargando datos de OSM en Elasticsearch\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;|\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-6th-2020-en-uploading-data-from-osm-into-elasticsearch/255059\"\u003e\u003cstrong\u003eUploading data from OSM into Elasticsearch\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Jorge Sanz\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eOne of the most common issues for Elastic stack users that deal with geospatial data is how to upload geospatial data users is how to ingest data in Elasticsearch. You can check\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/kibana/7.10/import-geospatial-data.html\"\u003eKibana 7.10 docs\u003c/a\u003e\u0026nbsp;to learn about different ways to achieve this. Some time ago we wrote a\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/how-to-ingest-geospatial-data-into-elasticsearch-with-gdal\"\u003eblog post\u003c/a\u003e\u0026nbsp;that introduces ogr2ogr, a tool from the GDAL library that helps on ingesting data from dozens of formats into Elasticsearch.\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eIn this Advent Calendar post, we develop an example of this workflow using Docker to leverage the last version of the GDAL tool and OpenStreetMap as a popular source of Open Data Points of Interests.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 7 [français/english] —\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/dec-7th-2020-fr-utilisez-rally-comme-outil-dimport-export-de-donnees/256863\"\u003e\u003cstrong\u003eUtilisez Rally comme outil d'import/export de données\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;|\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257820\"\u003e\u003cstrong\u003eUsing Rally as a data import/export tool\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Laurent Huet\u003c/strong\u003e\u003cspan style=\"background-color: initial;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eThis post will show you how you can use\u0026nbsp;\u003ca href=\"https://github.com/elastic/rally\"\u003eRally\u003c/a\u003e\u0026nbsp;to export data from one cluster to another.\u0026nbsp;The idea is to extract the whole data from one or more indices in a (big) flat file and reuse it later to easily import in another cluster.\u003c/p\u003e\u003cp rel=\"padding-left: 15pt;\" style=\"padding-left: 15pt;\"\u003eRally helps you do\u0026nbsp;that very easily.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 8 [russian/english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/256527\"\u003eRank features для поиска в e-commerce\u003c/a\u003e\u0026nbsp;|\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/256525\"\u003eRank features for e-commerce search\u003c/a\u003e, by Mayya Sharipova\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eModern e-commerce search is expected to be fast, relevant and provide an opportunity for promoting certain results. This article demonstrates how\u0026nbsp;\u003cspan style=\"font-family: monospace;\"\u003erank_feature\u003c/span\u003e\u0026nbsp;and\u0026nbsp;\u003cspan style=\"font-family: monospace;\"\u003erank_features\u003c/span\u003e\u0026nbsp;types of elasticsearch can help in this goal. We will use an example of a commercial search engine for a shoes shop.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 9 [english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/257377\"\u003eDon't let your Christmas tree Rust in a corner\u003c/a\u003e, by Sylvain Wallez\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eChristmas trees are part of what makes this time of the year so unique and brings sparkles in the eyes of children and adults alike. But what do you do with the tree once the party’s over? The best is to make sure it’s recycled and used as compost or firewood. Now how do you find where to dispose of your tree so that it will be correctly taken care of?\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eI live in Toulouse in the south of France, and the local authorities have not only set up a lot of collection places, but also published\u0026nbsp;\u003ca href=\"https://data.toulouse-metropole.fr/explore/dataset/collecte-des-sapins-de-noel/information/\"\u003etheir location as open data\u003c/a\u003e. It’s even listed on\u0026nbsp;\u003ca href=\"https://www.europeandataportal.eu/data/datasets/5dfc48ccdee7e752c18c3ede\"\u003eEuropean\u003c/a\u003e\u0026nbsp;open data. There’s a treasure trove of information there!\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eLet’s use this information to build a nice map in Kibana, and use the Rust client for Elasticsearch for that? Why Rust? Because it’s a great language that is growing in popularity, and this is an opportunity to experiment!\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 10 [spanish/english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/dec-10th-2020-es-las-12-mejores-caracteristicas-de-mapas-desde-ga/256368\"\u003eLas 12 mejores características de Mapas desde GA\u003c/a\u003e\u0026nbsp;|\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/dec-10th-2020-es-las-12-mejores-caracteristicas-de-mapas-desde-ga/256368\"\u003eTop 12 new features in Maps since GA\u003c/a\u003e, by Nathan Reese\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eMaps was released as generally available (GA) in Kibana 7.3. Reaching production-ready is not the final destination, but just another stop on a long journey. Each Kibana point release includes so many incredible features that it’s hard to keep up with them all. So, as 2020 comes to an end, let's look back and revisit some of the most impactful features since going to GA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 11 [english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/dec-11th-2020-en-this-holiday-season-learn-new-elastic-skills/257072\"\u003eThis holiday season, learn new Elastic skills\u003c/a\u003e, by Pablo Musa\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eElastic has a lot of different products across multiple solutions. We make it as easy as possible for our users to benefit from our solutions, but it is still hard to master so many topics. To address that, Elastic invests a lot in creating the best possible content. And even though we create them in many formats, such as docs, blogs, webinars, ElasticON presentations, and training, it can still be daunting to learn so many different concepts. In this blog we will help you make the most of your holiday season by learning new skills.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 12 [spanish/english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/257971\"\u003eTu infraestructura en un mapa\u003c/a\u003e\u0026nbsp;|\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/257864\"\u003eMapping your infrastructure\u003c/a\u003e, by Thomas Neirynck\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eThis post shows how you can use the Elastic Stack to map IoT, Security or Observability data. The data that is collected in these use-cases often do not explicitly contain a latitude or longitude. It is still possible to map this data in Kibana by using a “Term Join”.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 13 [english]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/257827\"\u003eMaking it personal: Tailoring content with signed search keys in App Search\u003c/a\u003e, by Orhan Toy\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eSigned search keys in Elastic App Search give you more control of a user's search experience. You can tailor the experience to show results you know are more relevant to the specific user while also letting you control what data the user can see and search over.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 14 [chinese]\u003c/strong\u003e\u0026nbsp;—\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/t/dec-14th-2020-cn-elastic/257010\"\u003e如何成为一名 Elastic 认证工程师\u003c/a\u003e, by Xiaoguo Liu\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e对 Elastic 认证的类别，培训及认证流程做了详细的介绍。针对中国地区的工程师如何应对 Elastic 认证做了详细的描述。\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 15 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258087\"\u003e\u003cstrong\u003ePreparing for an Elasticsearch Interview\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Aravind Putrevu\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eElasticsearch is the most popularly used data store for building a Search Engine, Centralized Logging, Observability, or Threat Hunting use cases.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eThat also means Elasticsearch is omnipresent in many organizations.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eIn this post, we'll see what are some important topics that you need to prepare for an Elasticsearch interview.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 16 [french/english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258847\"\u003e\u003cstrong\u003eMonitorer les tâches et pipelines Tekton avec Elastic Observability\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e | \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257567\"\u003e\u003cstrong\u003eMonitoring Tekton Tasks and Pipelines with Elastic Observability\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Maxime Gréau\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eDo you know that Elastic performed 21 releases in 2020?\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eEach time a release is promoted, this is 500+ artifacts published to multiple public places (bucket, Docker registries, Maven Central, Rubygems, and so on) and available on Cloud at the same time. This complex process became a non-event thanks to our Unified Release workflow based on \u003cstrong\u003eTekton Tasks and Pipelines\u003c/strong\u003e and monitored with \u003ca href=\"https://www.elastic.co/observability\"\u003eElastic Observability\u003c/a\u003e.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eThis blog post shows how to run your first Tekton Task, and then how to install and use the Elastic Observability Solution to monitor many Tasks and Pipelines deployed within a cluster.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 17 [korean] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258379\"\u003e\u003cstrong\u003e한글 형태소 분석기 파헤치기\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Jongmin Kim\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eElasticsearch 에서는 Elastic 에서 공식으로 제공하는 한글 형태소 분석기인 nori 를 사용할 수 있습니다. 한글은 띄어쓰기가 없는 복합어가 대다수이기 때문에 의도하지 않은 대로 분석이 되는 경우가 많아 nori 를 사용하기 위해서는 목적에 맞는 사용자 사전을 등록해야 할 때가 많습니다.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 18 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257788\"\u003e\u003cstrong\u003eSet up searchable snapshots in ECK\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Idan Moyal\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eSearchable snapshots, recently released as BETA in Elasticsearch 7.10, let you reduce your operating costs by using snapshots for resiliency rather than maintaining replica shards within a cluster.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eIn this blog we’ll demonstrate how to create a hot-cold topology using Elastic Cloud on Kubernetes (ECK). For the cold tier we will mount a snapshot using the new searchable snapshots API. The demonstration is carried out on Google Kubernetes Engine (GKE) and can easily be adjusted to other Kubernetes environments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 19 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257279\"\u003e\u003cstrong\u003eOpenTelemetry in Go Applications using Elastic APM\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Ricardo Ferreira\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eDistributed tracing technologies allow developers to virtually glue together disparate services to build a cohesive transaction that can be observed by folks in the operations team. This is super important because the distributed nature of modern cloud-native applications makes it hard for teams responsible for maintaining these applications up-and-running to rapidly perform RCA (Root Cause Analysis) of issues when they happen.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eThough tracing technologies are not necessarily new only in recent years it gained enough traction to become one of the three main pillars of an observability strategy—notably logs, metrics, and distributed tracing.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eTo speed up developer adoption, multiple standards such as \u003ca href=\"https://opentracing.io/\"\u003eOpenTracing\u003c/a\u003e and \u003ca href=\"https://opencensus.io/\"\u003eOpenCensus\u003c/a\u003e have been created throughout the years. However, it didn't make any sense to have multiple standards since this creates more harm than good. For this reason the standard \u003ca href=\"https://opentelemetry.io/\"\u003eOpenTelemetry\u003c/a\u003e was created out of the existing ones to be an observability framework for cloud-native software.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eIn this post, I will walk you through how to instrument applications written in \u003ca href=\"https://golang.org/\"\u003eGo\u003c/a\u003e to emit traces compatible with the OpenTelemetry specification, as well as how to send these traces to \u003ca href=\"https://www.elastic.co/apm\"\u003eElastic APM\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 20 [russian/english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258244\"\u003e\u003cstrong\u003eРазведочный анализ данных с Kibana\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e | \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258243\"\u003e\u003cstrong\u003eExploratory data visualization with Kibana\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Raya Fratkina\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003ePractitioners in the field of data visualizations often talk about 2 types of visualizations: exploratory vs explanatory. To quote Google definitions (the most authoritative source, of course), \"Exploratory data visualizations (EDVs) are the type of visualizations you assemble when you do not have a clue about what information lies within your data.”\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cspan style=\"background-color: initial;\"\u003eElastic stack is a great tool for such exploration since because of the flexible ways you can combine search, filtering, and aggregations to understand your data. In addition, you don't need to go through a costly process of defining a schema before you can start exploring.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 21 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258560\"\u003e\u003cstrong\u003eWhen neither logging nor code tracing is enough: Log Correlation with APM\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Emanuil Tolev\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eApplication Performance Monitoring and logging both provide critical insight into your ecosystem. When paired together for context, they can provide vital clues on how to resolve problems with your applications. This post assumes you’re familiar with what an \u003ca href=\"https://www.elastic.co/apm\"\u003eAPM (also known as “code tracing”) system\u003c/a\u003e does, what \u003ca href=\"https://www.elastic.co/log-monitoring\"\u003elog monitoring\u003c/a\u003e is, and the benefits of both. Elastic offers free solutions for both as part of \u003ca href=\"https://www.elastic.co/observability\"\u003eElastic Observability\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 22 [german] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/258155\"\u003e\u003cstrong\u003eIndex-Patterns und ihre Tradeoffs für Logs, Metriken und Traces\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Philipp Krenn\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eIndex patterns in the Elastic Stack for time-series data have been evolving. From single indices to daily ones, over rollovers, to the latest development, data streams. This post looks into each approach’s tradeoffs and how to use them with Beats, Elasticsearch, and Kibana.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 23 [spanish/english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257209\"\u003e\u003cstrong\u003eNuevas incorporaciones a la familia de tipos keyword: constant_keyword y wildcard\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;| \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/257213\"\u003e\u003cstrong\u003eNew additions to the keyword family: constant_keyword and wildcard\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Imma Valls\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eWe’ve recently introduced two additional keyword types, \u003cspan style=\"font-family: monospace;\"\u003ewildcard\u003c/span\u003e and \u003cspan style=\"font-family: monospace;\"\u003econstant_keyword\u003c/span\u003e. In this post, we’ll try to briefly introduce them.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 24 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/255099\"\u003e\u003cstrong\u003eNew Kind on the Block, Kibana Lens!\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Rashmi Kulkarni\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eMillions of people already use Kibana for a wide range of purposes, but it was still a challenge for the average business user to quickly learn. Visualizations often require quite a bit of experimentation and several iterations to get the results “just right”. Visualizations in Kibana paired with the speed of Elasticsearch is up to the challenge, but it still requires advance planning or you’ll end up having to redo it a few times.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eThe new kid on the block, Kibana Lens, was designed to change this and we’re here to learn how to take advantage of this capability. So let’s get started! We are excited to announce that with the 7.10 release, Kibana Lens has officially become generally available. Lens is the easiest and most intuitive way to visualize data in Elasticsearch with a simple drag-and-drop interface that lets anyone instantly begin exploring data for insights, regardless of their previous Kibana experience.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDec 25 [english] — \u003c/strong\u003e\u003ca href=\"https://discuss.elastic.co/t/256691\"\u003e\u003cstrong\u003eSanta’s Little Helper - Workplace Search\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e, by Sean Story\u003c/strong\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eYou might have picked up on this from movies: Santa’s operation is pretty high tech.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eIt’s a big job, coordinating a massive workforce of Elves to ensure the timely delivery of billions of presents each year. This year, Santa is particularly excited to make use of Elastic’s Workplace Search for its first Christmas.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003eYou see, Santa and his team are working with a lot of data:\u003c/p\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003eChildren all over the world are sending him letters and emails to let him know what their wish lists are.\u003c/li\u003e\u003cli\u003eHe’s got R\u0026amp;D designing and perfecting thousands of new toys each year.\u003c/li\u003e\u003cli\u003eThe assembly line teams require precise numbers to ensure that the right quantity of each toy gets produced.\u003c/li\u003e\u003cli\u003eHis fulfillment team has a mad scramble at the end to ensure that every single child gets the specific toy they wanted.\u003c/li\u003e\u003cli\u003eThe support desk has to field enormous request volumes on these new toys,\u003cul\u003e\u003cli\u003eFrom parents before the holiday (“Does this toy come with batteries included?”)\u003c/li\u003e\u003cli\u003eFrom children afterwards (“Are there any cheat codes?”).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cp style=\"margin-left: 20px;\"\u003eIn years previous, this meant Santa had to hold a lot in his head - remembering how to log in to each of these separate data stores, how to search in them, and how to find the right subject-matter-experts for any given problem. But not this year!\u003c/p\u003e\u003ch2\u003eThank you!\u003c/h2\u003e\u003cp\u003eAll the of the topics will be kept on the\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/c/elastic-community-ecosystem/advent-calendar/61\"\u003eElastic Discuss Forums\u003c/a\u003e\u0026nbsp;so you can refer back to them at any time. And, as these are Discuss topics, you can also continue the conversation with the authors and other community members.\u003c/p\u003e\u003cp\u003eThanks for following this year's series, we hope it’s provided some useful inspiration for your use of the Elastic Stack. If you’d like us to repeat this, if you have ideas for next year or any other feedback, please let us know via\u0026nbsp;\u003ca href=\"https://twitter.com/elastic\"\u003eTwitter (@elastic)\u003c/a\u003e\u0026nbsp;or feel free to create a topic in our\u0026nbsp;\u003ca href=\"https://discuss.elastic.co/c/meta\"\u003eMeta category\u003c/a\u003e\u0026nbsp;with your comments.\u003c/p\u003e\u003cp\u003eWe look forward to building upon it for 2021!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-12-09T16:34:43.339Z","created_by":"blte00f8f424214b2b071d3000b","disclaimer":[],"full_bleed_image":{"_version":4,"is_dir":false,"uid":"blt50965306ac555f89","ACL":{},"content_type":"image/png","created_at":"2020-11-30T17:49:30.902Z","created_by":"blte00f8f424214b2b071d3000b","description":"","file_size":"64112","filename":"blog-banner-advent-calendar-2020.png","parent_uid":"blta4175f15024ba632","tags":[],"title":"blog-banner-advent-calendar-2020.png","updated_at":"2020-12-02T15:23:27.057Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-02T15:23:33.503Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt50965306ac555f89/5fc7b16ffd99385ff600a8bd/blog-banner-advent-calendar-2020.png"},"markdown_l10n":"","publish_date":"2020-12-25T10:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"The Elastic Advent Calendar 2020 is now complete. Here's a recap of the final few days, as well as a summary from all 25 days.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Community","label_l10n":"Community","keyword":"community","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt9c74c5bb18c95a80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-07-14T13:45:14.579Z","updated_at":"2020-07-14T13:45:14.579Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-07-14T13:45:14.579Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-13T15:01:07.164Z","user":"bltc87e8bcd2aefc255"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte1906c436045dbef","ACL":{},"created_at":"2020-06-17T03:31:19.243Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"app-search","label_l10n":"App search","tags":[],"title":"App search","updated_at":"2020-07-06T22:20:20.511Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.547Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":3,"is_dir":false,"uid":"blt84f07c69fc4bd896","ACL":{},"content_type":"image/png","created_at":"2020-11-30T18:12:03.681Z","created_by":"blte00f8f424214b2b071d3000b","description":"","file_size":"103335","filename":"blog-thumb-advent-calendar-2020.png","parent_uid":"blta4175f15024ba632","tags":[],"title":"blog-thumb-advent-calendar-2020.png","updated_at":"2020-12-02T15:22:53.210Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-02T15:22:45.943Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt84f07c69fc4bd896/5fc7b14dffb61e50a0fb1c1d/blog-thumb-advent-calendar-2020.png"},"title":"Elastic Advent Calendar, 2020: the full recap!","title_l10n":"Elastic Advent Calendar, 2020: the full recap!","updated_at":"2025-03-10T12:22:24.999Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-advent-calendar-2020-week-four","publish_details":{"time":"2025-03-10T12:22:28.883Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltda9158c9e34505d7","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltd275645e7a4890a4","blt096468343d241e0c"],"body_l10n":"\u003cp\u003eHard on the heels of our \u003ca href=\"https://www.elastic.co/blog/master-time-with-kibanas-new-time-series-visual-builder\"\u003efirst time series video tutorial\u003c/a\u003e, Chris Cowan is back with another video show off how powerful and versatile this new UI is. If you'd like to follow along, go ahead and download \u003ca href=\"https://www.elastic.co/downloads/beats/metricbeat\"\u003eMetricbeat\u003c/a\u003e to start ingesting metrics from your systems or services. You'll also want to make sure you have the latest version of \u003ca href=\"https://www.elastic.co/downloads/kibana\"\u003eKibana\u003c/a\u003e installed.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/59513a0a4b6c69cd2af4f1e5/download?uid=bltdf18bc128e3f72ff\" data-sys-asset-uid=\"bltdf18bc128e3f72ff\" alt=\"tsvb2-metric.png\" style=\"background-color: initial;\"/\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn this video, you will learn to do the following:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eQuickly change visualization types with the same data\u003c/li\u003e\u003cli dir=\"ltr\"\u003eUse the overall functions to aggregate over the total time interval in single metric\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTake advantage of the data formatter easily switch between data types\u003c/li\u003e\u003cli dir=\"ltr\"\u003eConditionally style a metric visualization based on the most recent value of your time series data\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eReady to dive in? Check out the video tutorial below.\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg style=\"width: 100%;margin: auto;display: block;\" class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/4vZEBRZ33apj1j1hqXKJCP.jpg\" data-uuid=\"4vZEBRZ33apj1j1hqXKJCP\" data-v=\"4\" data-type=\"inline\" width=\"100%\"/\u003e\u003c/div\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBe on the lookout for our next tutorial with the new time series visual builder!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-18T15:27:05.738Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt6829556ec152d66d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-15T06:36:24.325Z","updated_at":"2018-10-15T06:36:24.325Z","content_type":"image/png","file_size":"148873","filename":"tsvb2-banner.png","title":"tsvb2-banner.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:48:53.720Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6829556ec152d66d/5bc43568128146a006bd7ffe/tsvb2-banner.png"},"markdown_l10n":"","publish_date":"2017-06-26T18:56:08.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Kibana's New Time Series Visual Builder - Part 2","seo_description_l10n":"The second blog post in a series focused on utilizing Kibana's new visual builder for time series data","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt268bac530bbc816c","ACL":{},"_version":2,"content_type":"image/jpeg","created_at":"2018-10-15T06:36:40.789Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"86887","filename":"tsvb2-metric.jpg","is_dir":false,"parent_uid":null,"tags":[],"title":"tsvb2-metric.jpg","updated_at":"2019-12-20T17:19:55.363Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-12-20T17:20:02.725Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt268bac530bbc816c/5dfd02bbba09063e77b60236/tsvb2-metric.jpg"},"title":"Kibana's New Time Series Visual Builder - Part 2","title_l10n":"Kibana's New Time Series Visual Builder - Part 2","updated_at":"2025-03-10T12:20:58.408Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/kibanas-new-time-series-visual-builder-part-2","publish_details":{"time":"2025-03-10T12:21:03.950Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt893f37408794188a","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt8ba74c7c0a468fe7"],"body_l10n":"\u003cp\u003eEarlier this week, an \u003ca href=\"https://issues.apache.org/jira/browse/LOG4J2-1863\"\u003eadvisory\u003c/a\u003e was released detailing an object deserialization security flaw in the way Apache Log4j version 2 processes input data (\u003ca href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645\"\u003eCVE-2017-5645\u003c/a\u003e). This flaw would give a remote attacker the ability to execute code of their choosing within the JVM process listening for Log4j events.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eIn a default Logstash install, the \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html\"\u003eLog4j plugin\u003c/a\u003e is installed but not enabled. If you aren't explicitly using this plugin in your configuration, you are not affected by this issue.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWhen used in the Logstash pipeline, the Logstash log4j input plugin accepts Log4j version 1 data from remote applications. Often, any client is able to connect to Logstash because the connection offers no authentication. Given the very purpose of Logstash is to be an endpoint for receiving log data for an organization, it may not be practical to firewall the system as a form of protection. It is our expectation that Logstash will be easily reachable in most environments, and will accept whatever data is passed into it.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe currently known exploits for Java object deserialization do not work against default Logstash deployments, but the vulnerability is still present even without a known exploit. We recognize that this doesn’t necessarily mean a Logstash isn’t vulnerable to this flaw, it simply means we’re not aware of a weaponized exploit.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe Elastic Security Team does not believe the log4j input can be made 100% invulnerable \u0026nbsp;given the way it receives log data from arbitrary sources. By its very nature, object deserialization is difficult to secure and may be impossible to secure when parsing remote untrusted data. The general consensus in the security community is that if you must do object deserialization, it should only be done between systems that have a high level of trust. We do not have this level of trust with expected Logstash clients.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eRemediation\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe have patched the version of Log4j shipped in Logstash against this particular attack using a variant of the patch from the updated version of Apache Log4j. Updates for Logstash will be included in a future release. This will improve the security of the Log4j input, but we continue to have reservations about its security given the prior paragraph.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eExisting Logstash v5.x and v2.4 users can upgrade the log4j input to receive this fix today by doing the following:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre\u003ebin/logstash-plugin update logstash-input-log4j\u003cbr /\u003e\u003c/pre\u003e\u003cpre\u003e% bin/logstash-plugin update logstash-input-log4j\u003cbr /\u003eUpdating logstash-input-log4j\u003cbr /\u003eUpdated logstash-input-log4j 3.0.3 to 3.0.5\u003cbr /\u003e\u003c/pre\u003e\u003ch3 dir=\"ltr\"\u003eDeprecation Notice\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBased on the reasons stated above, we are \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html#_deprecation_notice\"\u003edeprecating\u003c/a\u003e the Log4j input. Our recommendation is for current Log4j input users to stop using log4j’s SocketAppender in their applications. For safe transport of log4j logs, users should configure log4j to write logs to disk and use \u003ca href=\"https://www.elastic.co/beats/filebeat\"\u003eFilebeat\u003c/a\u003e to forward to log information to Logstash. Setting up Filebeat to ship your local logs\u0026nbsp;is easy and we've provided migration steps\u0026nbsp;in \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html\"\u003ethese\u0026nbsp;docs\u003c/a\u003e. This solution removes object deserialization from being used in an insecure manner. Additionally we have marked the Log4j plugin as deprecated and are going to remove Log4j support in Logstash 6.0.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eElastic would like to thank Marcio Almeida de Macedo of Red Team at Telstra for alerting us of this issue.\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:42:22.529Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt72cb93c2ccbd7da1","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:16.462Z","updated_at":"2018-10-11T05:10:16.462Z","content_type":"image/jpeg","file_size":"71338","filename":"blog-logstash-banner.jpg","title":"blog-logstash-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-05T13:08:20.494Z","user":"blt7e7f06f6a2518594"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt72cb93c2ccbd7da1/5bbedb3852d7ede27f815278/blog-logstash-banner.jpg"},"markdown_l10n":"","publish_date":"2017-04-20T15:29:09.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":null,"title":"The future of Log4j input in Logstash","title_l10n":"The future of Log4j input in Logstash","updated_at":"2025-03-10T12:19:39.829Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/log4j-input-logstash","publish_details":{"time":"2025-03-10T12:19:43.872Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt02181a30a463cdfd","_version":16,"locale":"en-us","ACL":{},"abstract_l10n":"In this blog, learn how you can use Elastic machine learning to create your own ProblemChild framework to detect living-off-the-land (LOtL) activity in Windows process event data.","author":["bltc909a862477f6ea3","blt591d741e6afdef2f","blta95689a58b2be971"],"body_l10n":"\u003cp\u003eWhen it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn this blog, we will talk about how you can use \u003ca href=\"https://www.elastic.co/what-is/elasticsearch-machine-learning\"\u003eElastic machine learning\u003c/a\u003e to create your own ProblemChild framework to detect LOtL activity in Windows process event data (we will be referring to Windows process events as just “events” throughout this blog). We will talk in detail about the following:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eExtracting features from event metadata\u003c/li\u003e\u003cli aria-level=\"1\"\u003eTraining a supervised model to classify events as malicious vs. benign\u003c/li\u003e\u003cli aria-level=\"1\"\u003eUsing the trained model to enrich event data at ingest time\u003c/li\u003e\u003cli aria-level=\"1\"\u003ePicking out the most unusual events for analysts to triage\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf you would like to follow along with this blog, we recommend starting a \u003ca href=\"https://cloud.elastic.co/registration\"\u003efree 14-day Elastic trial\u003c/a\u003e. All the supporting materials for this blog are also available in the \u003ca href=\"https://github.com/elastic/examples/tree/master/Machine%20Learning/ProblemChild\"\u003eexamples repository\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003eBackground\u003c/h2\u003e\u003cp\u003eLiving-off-the-land binaries (LOLBins) are Microsoft-signed binaries that come pre-installed on the operating system. These binaries can sometimes have unexpected features outside of their core functionality, which attackers can leverage. For example, the task scheduler in Windows, which allows an admin to create, delete, run, and schedule tasks on a local computer. However, attackers may leverage the binary to bypass User Account Control (UAC) and escalate privileges. The use of these binaries complicates the discovery of the attack, since adversary behavior is mixed with traditional benign operating system activity.\u003c/p\u003e\u003cp\u003eThings get a little interesting when viewed from a parent-child lens, since unusual child processes spawned by a parent process can indicate malicious activity. For example, \u003cem\u003e\u003cstrong\u003eword.exe\u003c/strong\u003e\u003c/em\u003e spawning powershell.exe could indicate a Spearphishing Attachment. Current solutions to detect LOtL attacks using parent-child relationships include writing rules and heuristics. While these solutions work well, they can sometimes be either too rigid or too lax and do not generalize well. There is also a significant amount of manual effort that goes into writing them.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWith ProblemChild, the goal remains the same: we hope to provide better generalization with the added advantage of ranking and prioritizing events for further investigation using machine learning.\u003c/p\u003e\u003ch2\u003eThe ProblemChild framework\u003c/h2\u003e\u003cp\u003eProblemChild uses data frame analytics available in the Elastic Stack to build a supervised model to classify events as malicious or benign using features extracted from event metadata. It then uses anomaly detection to pick out “high priority” events for further analysis from those detected as malicious by the supervised model.\u003c/p\u003e\u003ch3\u003eData\u003c/h3\u003e\u003cp\u003eFor the supervised model, we gathered Windows process event metadata from a variety of sources like the \u003ca href=\"https://github.com/splunk/attack_data\"\u003eSplunk Attack data\u003c/a\u003e, \u003ca href=\"https://github.com/splunk/botsv1\"\u003eSplunk botsv1\u003c/a\u003e, \u003ca href=\"https://github.com/redcanaryco/atomic-red-team\"\u003eRed Canary Atomic Red Team\u003c/a\u003e, and several internal databases. An example of a raw sample used in training is as follows:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \u003cbr /\u003e \"timestamp_utc\": \"2019-06-14 15:31:17Z\", \u003cbr /\u003e \"pid\": 372, \u003cbr /\u003e \"integrity_level\": \"system\", \u003cbr /\u003e \"elevation_type\": \"default\", \u003cbr /\u003e \"signature_status\": \"trusted\", \u003cbr /\u003e \"serial_event_id\": 1007, \u003cbr /\u003e \"elevated\": true, \u003cbr /\u003e \"signature_signer\": \"Microsoft Windows Publisher\", \u003cbr /\u003e \"event_subtype_full\": \"already_running\", \u003cbr /\u003e \"command_line\": \"C:\\\\Windows\\\\System32\\\\svchost.exe -k LocalSystemNetworkRestricted -p\", \u003cbr /\u003e \"parent_process_name\": \"services.exe\", \u003cbr /\u003e \"ppid\": 620, \u003cbr /\u003e \"sha256\": \"7fd065bac18c5278777ae44908101cdfed72d26fa741367f0ad4d02020787ab6\", \u003cbr /\u003e \"user_name\": \"SYSTEM\", \u003cbr /\u003e \"process_path\": \"C:\\\\Windows\\\\System32\\\\svchost.exe\", \u003cbr /\u003e \"user_sid\": \"S-1-5-18\", \u003cbr /\u003e \"timestamp\": 132049998770000000, \u003cbr /\u003e \"process_name\": \"svchost.exe\", \u003cbr /\u003e \"original_file_name\": \"svchost.exe\", \u003cbr /\u003e \"parent_process_path\": \"C:\\\\Windows\\\\System32\\\\services.exe\", \u003cbr /\u003e \"unique_pid\": 1007, \u003cbr /\u003e \"md5\": \"8a0a29438052faed8a2532da50455756\", \u003cbr /\u003e \"sha1\": \"a1385ce20ad79f55df235effd9780c31442aa234\", \u003cbr /\u003e \"unique_ppid\": 1006, \u003cbr /\u003e \"event_type_full\": \"process_event\", \u003cbr /\u003e \"opcode\": 3, \u003cbr /\u003e \"user_domain\": \"NT AUTHORITY\" \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eSample raw document containing Windows process event metadata\u003c/figcaption\u003e\u003ch3\u003eFeature engineering\u003c/h3\u003e\u003cp\u003eSince we wanted to focus on identifying LOtL activity using parent-child context, we started by extracting features that capture information about the process itself, its parent, and surrounding contextual information (e.g., elevation level, system user, etc.) from the raw event metadata (shown above) as follows:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eProcess name\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eParent process name\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eCommandline arguments\u003c/li\u003e\u003cli aria-level=\"1\"\u003eProcess path\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eParent process path\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eEvent subtype\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eWhether event is elevated\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eElevation type\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eIntegrity level\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eNormalized process path\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eWhether process is signed\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eWhether signer is trusted\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eWhether user is running as system\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eFilename mismatch\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eWhether process name ends with exe\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll of the feature engineering was done using processors already available in the Elastic Stack or using custom scripts written in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/modules-scripting-painless.html\"\u003ePainless\u003c/a\u003e, which were then used in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/script-processor.html\"\u003escript processors\u003c/a\u003e. A high-level breakdown of the featurization process is as follows:\u003c/p\u003e\u003cp\u003eSince the model supports Windows process events for the Elastic Endpoint Security integration, Elastic Endgame, and Winlogbeat, we first use a script processor to standardize\u0026nbsp;the field names across the different agents. We did this so the model always has the same set of input fields, regardless of the agent type.\u003c/p\u003e\u003cp\u003eWe then used script processors to build features that were derived from the common set of fields.\u003c/p\u003e\u003cp\u003eExample: The following script processor sets the feature feature_ends_with_exe to true if the process name associated with the event ends with \".exe\" and false otherwise.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \u003cbr /\u003e \"script\": { \u003cbr /\u003e \"lang\": \"painless\", \u003cbr /\u003e \"source\": \"\"\" \u003cbr /\u003e if(ctx.feature_process_name.contains(\".exe\")) { \u003cbr /\u003e ctx.feature_ends_with_exe = true \u003cbr /\u003e } \u003cbr /\u003e else { \u003cbr /\u003e ctx.feature_ends_with_exe = false \u003cbr /\u003e } \u003cbr /\u003e \"\"\" \u003cbr /\u003e } \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eExample of using script processors for feature extraction\u003c/figcaption\u003e\u003cp\u003eWe noticed that minor variations like change in case, usernames, certain special characters (mainly \", /, \\), and appearance of random numbers/hexadecimal values in fields like commandline arguments and process paths were affecting the performance of our models, and needed to be normalized and/or obfuscated. We also found that replacing certain Windows directories with appropriate tokens, for example replacing\u0026nbsp;windows/system32 and windows/syswow64 with the token win_system_dir, further improved model performance. These normalizations and obfuscations were done using\u0026nbsp;the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/lowercase-processor.html\"\u003elowercase\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/gsub-processor.html\"\u003egsub\u003c/a\u003e processors available in the Elastic Stack.\u003c/p\u003e\u003cp\u003eExample: The following processor replaces text matched by the pattern defined in the pattern field with the string 'process_id' in the feature_command_line field.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \u003cbr /\u003e \"gsub\": { \u003cbr /\u003e \"field\": \"feature_command_line\", \u003cbr /\u003e \"pattern\": \"[0-9a-f]{4,}-[0-9a-f]{4,}-[0-9a-f]{4,}-[0-9a-f-]{4,}\", \u003cbr /\u003e \"replacement\": \"process_id\" \u003cbr /\u003e } \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eExample of using pre-built Elastic Stack processors for normalization of features\u003c/figcaption\u003e\u003cp\u003eFinally, we used a series of script processors to extract n-gram features from process and parent process names and paths and commandline arguments. After experimenting with different n-gram lengths, we concluded that bigrams were the most optimum fit and provided the best trade-off between dimensionality of the feature set and model performance.\u003c/p\u003e\u003cp\u003eExample: The following processor generates bigrams for the field feature_process_name.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \u003cbr /\u003e \"script\": { \u003cbr /\u003e \"id\": \"ngram-extractor\", \u003cbr /\u003e \"params\": { \u003cbr /\u003e \"ngram_count\": 2, \u003cbr /\u003e \"field\": \"feature_process_name\", \u003cbr /\u003e \"max_length\": 100 \u003cbr /\u003e } \u003cbr /\u003e } \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eScript processor for extracting n-grams\u003c/figcaption\u003e\u003cp\u003eAll the processors mentioned so far were a part of an ingest pipeline used to featurize raw events from the source index and re-index them. Please refer to the \u003ca href=\"https://github.com/elastic/examples/tree/master/Machine%20Learning/ProblemChild\"\u003eexamples repository\u003c/a\u003e for detailed instructions on featurization and the relevant configurations, scripts, etc. An example of features created by the ingest pipeline is as follows:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \u003cbr /\u003e \"feature_command_line_2-gram_feature10\" : \"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature53\" : \".e\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature54\" : \"ex\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature55\" : \"xe\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature56\" : \"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature49\" : \"ka\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature48\" : \"\"\"\\k\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature47\" : \"\"\"r\\\"\"\", \u003cbr /\u003e \"feature_command_line\" : \"kaps.exe -u\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature46\" : \"er\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature45\" : \"le\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature44\" : \"ll\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature43\" : \"il\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature42\" : \"ki\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature41\" : \"\"\"\\k\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature40\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"feature_running_as_system\" : false, \u003cbr /\u003e \"feature_process_signer_trusted\" : true, \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature46\" : \"er\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature47\" : \"\"\"r\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature48\" : \"\"\"\\k\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature49\" : \"ka\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature42\" : \"ki\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature43\" : \"il\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature44\" : \"ll\", \u003cbr /\u003e \"feature_process_parent_executable\" : \"\"\"c:\\win_system_dir\\drivers\\rivetnetworks\\killer\\kaps.exe\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature45\" : \"le\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature50\" : \"ap\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature51\" : \"ps\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature52\" : \"s.\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature56\" : \"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature55\" : \"xe\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature54\" : \"ex\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature53\" : \".e\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature52\" : \"s.\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature51\" : \"ps\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature50\" : \"ap\", \u003cbr /\u003e \"feature_process_name\" : \"kaps.exe\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature29\" : \"iv\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature28\" : \"ri\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature27\" : \"\"\"\\r\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature26\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature25\" : \"rs\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature24\" : \"er\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature23\" : \"ve\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature22\" : \"iv\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature21\" : \"ri\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature20\" : \"dr\", \u003cbr /\u003e \"feature_process_name_2-gram_feature4\" : \".e\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature4\" : \".e\", \u003cbr /\u003e \"feature_process_name_2-gram_feature5\" : \"ex\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature3\" : \"s.\", \u003cbr /\u003e \"feature_process_name_2-gram_feature6\" : \"xe\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature2\" : \"ps\", \u003cbr /\u003e \"feature_process_name_2-gram_feature7\" : \"\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature1\" : \"ap\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature7\" : \"\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature6\" : \"xe\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature5\" : \"ex\", \u003cbr /\u003e \"feature_ends_with_exe\" : true, \u003cbr /\u003e \"feature_process_executable_2-gram_feature39\" : \"ks\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature38\" : \"rk\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature37\" : \"or\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature36\" : \"wo\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature35\" : \"tw\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature34\" : \"et\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature33\" : \"ne\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature32\" : \"tn\", \u003cbr /\u003e \"feature_process_name_2-gram_feature0\" : \"ka\", \u003cbr /\u003e \"feature_process_parent_name_2-gram_feature0\" : \"ka\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature31\" : \"et\", \u003cbr /\u003e \"feature_process_name_2-gram_feature1\" : \"ap\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature30\" : \"ve\", \u003cbr /\u003e \"feature_process_name_2-gram_feature2\" : \"ps\", \u003cbr /\u003e \"feature_process_name_2-gram_feature3\" : \"s.\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature17\" : \"32\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature18\" : \"\"\"2\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature19\" : \"\"\"\\d\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature3\" : \"wi\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature13\" : \"st\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature2\" : \"\"\"\\w\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature14\" : \"te\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature5\" : \"nd\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature15\" : \"em\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature4\" : \"in\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature16\" : \"m3\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature7\" : \"ow\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature6\" : \"do\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature10\" : \"\"\"\\s\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature9\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature11\" : \"sy\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature8\" : \"ws\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature12\" : \"ys\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature1\" : \"\"\":\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature0\" : \"c:\", \u003cbr /\u003e \"feature_process_signed\" : true, \u003cbr /\u003e \"feature_elevation_type\" : \"limited\", \u003cbr /\u003e \"feature_integrity_level\" : \"medium\", \u003cbr /\u003e \"feature_elevated\" : false, \u003cbr /\u003e \"feature_process_executable_2-gram_feature19\" : \"\"\"\\d\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature18\" : \"\"\"2\\\"\"\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature17\" : \"32\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature16\" : \"m3\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature15\" : \"em\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature14\" : \"te\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature13\" : \"st\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature12\" : \"ys\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature11\" : \"sy\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature10\" : \"\"\"\\s\"\"\", \u003cbr /\u003e \"feature_process_executable\" : \"\"\"c:\\win_system_dir\\drivers\\rivetnetworks\\killer\\kaps.exe\"\"\", \u003cbr /\u003e \"feature_filename_mismatch\" : false, \u003cbr /\u003e \"feature_process_executable_2-gram_feature8\" : \"ws\", \u003cbr /\u003e \"feature_command_line_2-gram_feature4\" : \".e\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature7\" : \"ow\", \u003cbr /\u003e \"feature_command_line_2-gram_feature3\" : \"s.\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature6\" : \"do\", \u003cbr /\u003e \"feature_command_line_2-gram_feature6\" : \"xe\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature5\" : \"nd\", \u003cbr /\u003e \"feature_command_line_2-gram_feature5\" : \"ex\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature39\" : \"ks\", \u003cbr /\u003e \"feature_command_line_2-gram_feature0\" : \"ka\", \u003cbr /\u003e \"feature_command_line_2-gram_feature2\" : \"ps\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature9\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"feature_command_line_2-gram_feature1\" : \"ap\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature35\" : \"tw\", \u003cbr /\u003e \"feature_normalized_ppath\" : \"win_system_dir\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature36\" : \"wo\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature37\" : \"or\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature38\" : \"rk\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature31\" : \"et\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature32\" : \"tn\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature33\" : \"ne\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature34\" : \"et\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature40\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature41\" : \"\"\"\\k\"\"\", \u003cbr /\u003e \"feature_event_action\" : \"creation_event\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature0\" : \"c:\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature4\" : \"in\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature3\" : \"wi\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature2\" : \"\"\"\\w\"\"\", \u003cbr /\u003e \"feature_process_parent_name\" : \"kaps.exe\", \u003cbr /\u003e \"feature_process_executable_2-gram_feature1\" : \"\"\":\\\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature28\" : \"ri\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature29\" : \"iv\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature24\" : \"er\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature25\" : \"rs\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature26\" : \"\"\"s\\\"\"\", \u003cbr /\u003e \"label\" : 0, \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature27\" : \"\"\"\\r\"\"\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature20\" : \"dr\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature21\" : \"ri\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature22\" : \"iv\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature23\" : \"ve\", \u003cbr /\u003e \"feature_process_parent_executable_2-gram_feature30\" : \"ve\", \u003cbr /\u003e \"feature_command_line_2-gram_feature8\" : \" -\", \u003cbr /\u003e \"feature_command_line_2-gram_feature7\" : \"e \", \u003cbr /\u003e \"feature_command_line_2-gram_feature9\" : \"-u\" \u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eExample of features created by the featurization ingest pipeline\u003c/figcaption\u003e\u003cp\u003eThe nice thing about data frame analytics is that it automatically encodes boolean and categorical features (even features like n-grams), thus eliminating the need for you to manually convert these features into numerical values for the model. It also examines the features and automatically selects the most important features for classification.\u003c/p\u003e\u003ch3\u003eTraining the supervised model\u003c/h3\u003e\u003cp\u003eThe next step was to train a classification model based on the features extracted above. We used the data frame analytics UI to create the classification job. A snippet of what the process looks like in the UI is shown below:\u003c/p\u003e\u003cdiv id=\"video\" class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/JsS5MVj5VfBkvttTYjs8vS.jpg\" data-uuid=\"JsS5MVj5VfBkvttTYjs8vS\" data-v=\"4\" data-type=\"inline\" style=\"width: 100%;display: block;\" width=\"100%\"/\u003e\u003c/div\u003e\u003cbr /\u003e\u003cp\u003eAn overview of the process shown in the video is as follows:\u003c/p\u003eChoose the source index pattern for your jobChoose the job type as “Classification”Choose the dependent variable as the field containing the ground truth labelSet the training percentage: we recommend that you take an iterative approach to training. Start with a smaller training percentage, evaluate the performance and decide if you need to train on more data. A training percentage of ~55 worked for us. We didn’t see any gains in performance beyond this percentage for our datasetKeep only the fields required for training and exclude the rest by unchecking the boxes next to the fields. We only retained the following fields:\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltedbd4d01d04ceb62/60997d163705f74a9ffbd72d/1-training-features-blog-problemchild.png\" data-sys-asset-uid=\"bltedbd4d01d04ceb62\" width=\"374\" height=\"247\" style=\"display: block;margin: auto;width: 374;height: 247;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eList of features to include in training (* indicates all features matching the pattern)\u003c/figcaption\u003eSet the number of feature importance values you would like to see once the model has trained: We chose 20Set a prediction field name of your choice: We chose y_predSet an appropriate job name and description under job ID and description respectivelySet a destination index and click “Continue”, followed by “Create”\u003ch3\u003eEvaluating the trained model\u003c/h3\u003e\u003cp\u003eOnce the model has trained, you can navigate to the data frame analytics results UI to analyze the performance of the model on the test set. The UI displays the confusion matrix, a key metric in evaluating the overall model performance. Additionally, you can also view a data table of the results, which shows how the model performed on individual data points in the dataset. You can toggle between the training and testing results by using the Training/Testing filters to the top right in the UI.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt72dec584e23e18c9/60997d3e01ff5a556925c83e/2-confusion-matrix-blog-problemchild.png\" data-sys-asset-uid=\"blt72dec584e23e18c9\" alt=\"2-confusion-matrix-blog-problemchild.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eConfusion matrix for our testing dataset\u003c/figcaption\u003e\u003cfigcaption\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt37ad98090151cb78/60997d8c43430a55689b20fb/3-individual-results-blog-problemchild.png\" data-sys-asset-uid=\"blt37ad98090151cb78\" alt=\"3-individual-results-blog-problemchild.png\"/\u003e\u003cbr /\u003eData table of individual results\u003c/figcaption\u003e\u003cp\u003eWe focused mainly on the confusion matrix for model evaluation. The confusion matrix displays the percentage of data points that were classified as true positives\u003cstrong\u003e \u003c/strong\u003e(malicious events that the model identified as malicious and that were actually malicious) and true negatives (benign events that the model identified as benign and that were actually benign). The matrix also displays the percentage of events that the model misclassified as malicious (false positives) and vice versa (false negatives).\u003c/p\u003e\u003cp\u003eAs seen in the figure above, our model had a 98% true positive rate on the testing data, which is pretty good, considering malicious process events are generally tricky to identify. The false positive rate was low, which is also a good sign. This means that the model will not generate a large number of alerts if deployed to production in our environment.\u003c/p\u003e\u003cp\u003eOne thing to note here is that the performance of your model could look very different from ours based on the training data. You might need to tune your model, increase the training percentage, add more training data or features, etc.\u003c/p\u003e\u003ch3\u003eEnriching incoming events on ingest\u003c/h3\u003e\u003cp\u003eOnce you have a model you like, you can use it to enrich incoming events with a prediction of whether or not the event is likely to be malicious, along with a probability score of how confident the model is in its prediction.\u003c/p\u003e\u003cp\u003eThis can be done by configuring an ingest pipeline for the new events with an \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/inference-processor.html\"\u003einference processor\u003c/a\u003e. However, for the trained model to make predictions, the incoming events need to be featurized using the same set of processors as discussed in the Feature Engineering section of this blog. Hence the ingest pipeline for these new events consists of all the processors mentioned previously, with the inference processor added after all the feature generating processors. A snippet of an enriched document looks as follows:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc54c85ecb5df5c3f/60997da043430a55689b20ff/4-enriched-document-blog-problemchild.png\" data-sys-asset-uid=\"bltc54c85ecb5df5c3f\" width=\"428\" height=\"464\" style=\"display: block;margin: auto;width: 428;height: 464;\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cfigcaption\u003eAn example of an enriched document\u003c/figcaption\u003e\u003cp\u003eThe complete ingest pipeline configuration and additional configuration details can be found in the \u003ca href=\"https://github.com/elastic/examples/blob/master/Machine%20Learning/ProblemChild/problemchild_inference.json\"\u003eexamples repository\u003c/a\u003e. You might also note that the document shown above does not have any of the features created by the featurization processors. This is because the ingest pipeline here contains a \u003ca href=\"https://github.com/elastic/examples/blob/master/Machine%20Learning/ProblemChild/problemchild_inference.json#L262-L271\"\u003escript processor\u003c/a\u003e that removes all the features created for inference, as well as any other superfluous features, once inference is done. Of course, you can choose to keep the features in by excluding this script processor from the ingest pipeline.\u003c/p\u003e\u003cp\u003eAn additional feature that you can configure to complement the supervised model is a blocklist. The blocklist can be used to catch known offenders in your environment that the trained model might miss based on certain keywords present in the commandline arguments. This is configured as a \u003ca href=\"https://github.com/elastic/examples/blob/master/Machine%20Learning/ProblemChild/blocklist.json\"\u003escript\u003c/a\u003e invoked by a \u003ca href=\"https://github.com/elastic/examples/blob/master/Machine%20Learning/ProblemChild/problemchild_inference.json#L250-L261\"\u003escript processor\u003c/a\u003e after the inference processor in the ingest pipeline. A starter list of keywords is provided in the \u003ca href=\"https://github.com/elastic/examples/blob/master/Machine%20Learning/ProblemChild/blocklist_keywords.txt\"\u003eexamples repository\u003c/a\u003e. You can also add to the list, but make sure to update the blocklist script processor in your ingest pipeline if you do.\u003c/p\u003e\u003cp\u003eAs mentioned at the beginning of this blog, the ProblemChild framework is currently built only for Windows process events. There are other operating systems (macOS, Linux) as well as different types of events (network, registry) for each OS. It would be ideal to make the ingest pipeline execute conditionally only when the incoming document contains the desired fields. For this, we used a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/pipeline-processor.html\"\u003epipeline processor\u003c/a\u003e and checked for specific fields in the document before deciding whether or not to direct it to the ingest pipeline. A sample of such a processor is as follows:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _ingest/pipeline/problemchild_pipeline \u003cbr /\u003e{ \u003cbr /\u003e \"description\": \"A pipeline of pipelines for ProblemChild detection\", \u003cbr /\u003e \"processors\": [ \u003cbr /\u003e { \u003cbr /\u003e \"pipeline\": { \u003cbr /\u003e \"if\": \"ctx.containsKey('event') \u0026amp;\u0026amp; ctx['event'].containsKey('kind') \u0026amp;\u0026amp; ctx['event'].containsKey('category') \u0026amp;\u0026amp; ctx['event']['kind'] == 'event' \u0026amp;\u0026amp; ctx['event']['category'].contains('process') \u0026amp;\u0026amp; ctx.containsKey('host') \u0026amp;\u0026amp; ctx['host'].containsKey('os') \u0026amp;\u0026amp; (ctx['host']['os'].containsKey('family') || ctx['host']['os'].containsKey('type') || ctx['host']['os'].containsKey('platform')) \u0026amp;\u0026amp; (ctx['host']['os']['type'] == 'windows' || ctx['host']['os']['type'] == 'Windows' || ctx['host']['os']['family'] == 'windows' || ctx['host']['os']['family'] == 'Windows' || ctx['host']['os']['platform'] == 'windows' || ctx['host']['os']['platform'] == 'Windows') \u003cbr /\u003e \"name\": \"problemchild_inference\" \u003cbr /\u003e } \u003cbr /\u003e } \u003cbr /\u003e ] \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cfigcaption\u003eA conditional pipeline of pipelines to detect only on Windows process events\u003c/figcaption\u003e\u003cp\u003eFor a production use case, you might want to consider some error handling for the above pipeline as well.\u003c/p\u003e\u003ch3\u003eAnomaly detection for second-order analytics\u003c/h3\u003e\u003cp\u003eWith ProblemChild, our goal was to not only classify malicious events, but go a step further and identify the creme de la creme of the malicious events. In environments working with a large amount of data, even a small false positive rate can result in a large number of alerts. Picking out the rarest events for analysts can help them prioritize events and catalyze the triage process.\u003c/p\u003e\u003cp\u003eThe Elastic Stack has an anomaly detection module, which we leveraged to build an additional layer of analytics on top of our supervised model results. We made use of the rare detector to create anomaly detection jobs to identify rare processes spawned by a particular parent process/user/host, as well as the high_count detector to identify groups of suspicious processes spawned by a particular parent process/user/host. The \u003ca href=\"https://github.com/elastic/examples/tree/master/Machine%20Learning/ProblemChild/job_configs\"\u003econfigurations\u003c/a\u003e and \u003ca href=\"https://github.com/elastic/examples/tree/master/Machine%20Learning/ProblemChild/datafeeds\"\u003edatafeeds\u003c/a\u003e required to set up these jobs can be found in the examples repository as well.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe Anomaly Explorer is a good place to view anomalies detected by your anomaly detection jobs. You can see an overall visualization of anomalies across a given time period, as well as an individual breakdown of the anomalies with the associated anomaly score and relevant context in the form of \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-influencers.html\"\u003einfluencers\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt57eda0230cd38e80/60997dfa7ee89a47ff539fbe/5-swimlane-view-blog-problemchild.png\" data-sys-asset-uid=\"blt57eda0230cd38e80\" alt=\"5-swimlane-view-blog-problemchild.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eSwimlane view of overall anomalies\u003c/figcaption\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02d67d720bb2d9fb/60997e20ce885c5a4f282048/6-drill-down-blog-problemchild.png\" data-sys-asset-uid=\"blt02d67d720bb2d9fb\" alt=\"6-drill-down-blog-problemchild.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eIndividual drill-down of anomalies\u003c/figcaption\u003e\u003cp\u003eYou can also go a step further and convert these unsupervised machine learning jobs into rules to generate actual detections. We will talk more about this in a future blog post.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eIn this blog post, we trained a classification model to identify malicious Windows process events and used anomaly detection to further uncover rare events. We will also be releasing our models and configurations for ProblemChild in the \u003ca href=\"https://github.com/elastic/detection-rules/releases/\"\u003edetection-rules\u003c/a\u003e repository. Watch that space for future updates to ProblemChild. Also, stay tuned for a future blog post to find out how to use these in \u003ca href=\"https://www.elastic.co/siem\"\u003ethe Elastic SIEM app\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn the meantime, experience the latest version of \u003ca href=\"https://www.elastic.co/elasticsearch/service\"\u003eElasticsearch Service\u003c/a\u003e on Elastic Cloud and follow along with this blog to build the ProblemChild framework from scratch on your Windows process event data. Also be sure to take advantage of our \u003ca href=\"https://www.elastic.co/training/elastic-security-quick-start\"\u003eQuick Start training\u003c/a\u003e to set yourself up for success. Happy experimenting!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-05-10T18:16:21.583Z","created_by":"bltc87e8bcd2aefc255","disclaimer":[],"full_bleed_image":{"uid":"blt4444e17c9e0df2d2","ACL":{},"_version":1,"content_type":"image/jpeg","created_at":"2020-12-29T20:04:45.763Z","created_by":"bltf6ab93733e4e3a73","file_size":"127027","filename":"blog-banner-yellow-network-security.jpg","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-29T20:04:40.359Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-banner-yellow-network-security.jpg","updated_at":"2020-12-29T20:04:45.763Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4444e17c9e0df2d2/5feb8bdda7955d1a6a89196b/blog-banner-yellow-network-security.jpg"},"markdown_l10n":"","publish_date":"2021-05-18T18:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack","seo_description_l10n":"In this blog post, we train a classification model to identify malicious Windows process events and used anomaly detection to further uncover rare events. We are also releasing our models and configurations for ProblemChild in the detection-rules repository.","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltec42e5a5aed1ee3f","ACL":{},"_version":1,"content_type":"image/jpeg","created_at":"2020-12-29T20:04:25.909Z","created_by":"bltf6ab93733e4e3a73","file_size":"188409","filename":"blog-thumb-yellow-network-security.jpg","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-29T20:04:40.348Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-thumb-yellow-network-security.jpg","updated_at":"2020-12-29T20:04:25.909Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec42e5a5aed1ee3f/5feb8bc91166ce7d2ed1aaba/blog-thumb-yellow-network-security.jpg"},"title":"ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack","title_l10n":"ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack","updated_at":"2025-03-10T12:18:20.662Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/problemchild-detecting-living-off-the-land-attacks","publish_details":{"time":"2025-03-10T12:18:24.865Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2e20e38579b749da","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"In this series of blogs we will provide an overview of our architecture, what data we send to our clusters, how and why we use Cross Cluster Search with the Security and Machine Learning (ML) applications, and how we tune, manage and notify.","author":["blt06048a64b0c2b959"],"body_l10n":"\u003cp\u003eThe Elastic Infosec Detections and Analytics team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic systems. Within Elastic we call ourselves Customer Zero and \u003ca href=\"https://www.elastic.co/blog/elastic-on-elastic-how-infosec-deploys-infrastructure-and-stays-up-to-date-with-eck\"\u003ewe strive to always use the newest versions\u003c/a\u003e of our products.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn this series of blog posts we will provide an overview of our architecture, what data we send to our clusters, how and why we use Cross Cluster Search with the Security and Machine Learning (ML) applications, and how we tune, manage and notify analysts for those alerts.\u003c/p\u003e\u003cp\u003eIn the \u003ca href=\"https://www.elastic.co/blog/elastic-on-elastic-deep-dive-into-our-siem-architecture\"\u003eprevious blog post\u003c/a\u003e we provided an overview of our internal Elastic infrastructure that we use in Infosec and how we use Cross Cluster Search to connect multiple clusters into a single interface for Security Analysts. In this blog post we will go into more detail about the specific types of data we collect.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eTypes of data searchable in our SIEM\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt75786479af524e1d/6132317ecc95cf70fa047d1c/blog-elastic-siem-1.png\" data-sys-asset-uid=\"blt75786479af524e1d\" alt=\"blog-elastic-siem-1.png\"/\u003e\u003c/p\u003e\u003cstrong\u003e\u003c/strong\u003e\u003ch2\u003e\u003cstrong\u003eAuditbeat Cluster\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eWe use \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/auditbeat-overview.html\"\u003eAuditbeat\u003c/a\u003e to monitor activity on all of our Linux servers and containers. We use the \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/auditbeat-module-auditd.html\"\u003eauditd\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/auditbeat-module-system.html\"\u003eSystem Module\u003c/a\u003e to collect process execution, logins, network connections, system information, and the \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/auditbeat-module-file_integrity.html\"\u003eFile Integrity Module\u003c/a\u003e for monitoring of critical files. We use several \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/filtering-and-enhancing-data.html\"\u003eprocessors\u003c/a\u003e in the auditbeat config to filter and enhance the data as we as it's collected.\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eWe use \u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/drop-event.html\"\u003edrop_event\u003c/a\u003e processors to filter out known good events from being logged. This lets us keep our costs down when centrally logging events from cloud systems. The drop_event process lets you write complex filters to remove your noisiest events before they ever logged.\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/add-process-metadata.html\"\u003eadd_process_metadata\u003c/a\u003e is used to add the parent process information to process events. Many of the Security app detections use parent-child process relationships to identify strange behavior so having this processor is critical.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/add-cloud-metadata.html\"\u003eadd_cloud_metadata\u003c/a\u003e adds the cloud information to each event making it easier to identify which cloud provider, region, and account a system belongs to.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/add-docker-metadata.html\"\u003eadd_docker_metadata\u003c/a\u003e to add container ID, name, and labels to the event.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/auditbeat/7.13/include-fields.html\"\u003einclude_fields\u003c/a\u003e lets you add custom fields to a config. We use it to add custom ‘config.version’ and ‘team’ fields to the events so we can easily identify the owner of the system and any systems using an older version of the auditbeat config.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eFilebeat Cluster\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eOur \u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/index.html\"\u003eFilebeat\u003c/a\u003e cluster is where we use Filebeat to collect logs from the many third party systems we use at Elastic. Some of the third party services have built in Filebeat modules that make it very easy to to configure and collect the events in ECS formatting. The following built in Filebeat modules are being used:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-okta.html\"\u003eOkta Module\u003c/a\u003e collects events from the Okta API and it is used for many of our detections and investigations. We use Okta for Single Sign On to many applications in Elastic so having these logs is critical to identifying who accessed what.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-o365.html\"\u003eOffice 365 Module\u003c/a\u003e is useful for security to monitor access to documents, and Azure AD authentication.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-nginx.html\"\u003eNginx module\u003c/a\u003e collects access logs from the proxies in front of our critical web services. This can be very useful for tracking access or alerting on strange activity and web attacks.\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-google_workspace.html\"\u003eGoogle Workspace\u003c/a\u003e module collects events from Gmail, Google Drive, and other Google services\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-gcp.html\"\u003eGoogle Cloud Module\u003c/a\u003e to build alerts and investigate activity in GCP\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-aws.html\"\u003eAWS Module\u003c/a\u003e to build alerts and investigate activity in AWS\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-azure.html\"\u003eAzure Module\u003c/a\u003e to build alerts and investigate activity in Azure\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSometimes a built-in Filebeat module doesn’t exist so the SecEng team will have to build custom scripts and configurations for Filebeat to collect the information we need. The following logs are being collected in this way:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eQualys - a script retrieves the results from our Qualys scans from the service and then converts the results from XML to json where it is then ingested by Filebeat. In addition to visualizing and alerting for Vulnerability Management, the Qualys data can be used to enrich other events. For example, if we see an alert for an exploit, and according to Qualys the host is vulnerable to that exploit we can elevate the priority of the investigation.\u003c/li\u003e\u003cli aria-level=\"1\"\u003eGithub - The Github events API is used to collect events about activity in all Elastic Owned repositories.\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eHackerOne - Submitted reports from our bug bounty program.\u003c/li\u003e\u003cli aria-level=\"1\"\u003eShodan - The Shodan API is used to gather information for our Threat Intel team tracking exposure of Elastic clusters.\u003c/li\u003e\u003cli aria-level=\"1\"\u003eRecordedFuture - Threat Intel feeds ingested for enriching events.\u003c/li\u003e\u003cli aria-level=\"1\"\u003eJamf - Inventory information about our Fleet of Mac systems. This makes it easier to find the registered owner of the system.\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eLastPass - Activity from our corporate LastPass subscription.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eMonitoring Cluster\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eA \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.13/monitor-elasticsearch-cluster.html\"\u003eMonitoring Cluster\u003c/a\u003e cluster is used to collect monitoring information from all of the other clusters. This information is used to audit activity on the other clusters and our Endgame SMPs as well as to monitor the performance on those clusters. Metricbeat, Filebeat, and Auditbeat logs from all of the other clusters are stored on this cluster.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eEndgame Cluster\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eWe use Endgame to \u003ca href=\"https://www.elastic.co/blog/securing-our-own-endpoints-with-elastic-security\"\u003esecure all of the workstations\u003c/a\u003e used by Elasticians around the globe. In addition to being amazing at preventing attacks, Endgame can easily be configured to stream events to an Elastic cluster where we can use the machine learning and detection engine capabilities as well. Streaming the events to our SIEM lets us see the entire picture of activity on Elastic systems with the workstation events in the same dashboards and visualizations as the Okta SSO, Google Workspace, and other events.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eFleet Cluster\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eOur fleet cluster is where we manage the Elastic Agent and its new integrations such as Endpoint Security and OSquery. With Fleet you can deploy Elastic Agent to systems to collect observability data and have the ability to deploy and remove \u003ca href=\"https://www.elastic.co/guide/en/fleet/current/fleet-overview.html#configuring-integrations\"\u003eintegrations\u003c/a\u003e to the Elastic Agents to collect additional data as needed.\u003c/p\u003e\u003cp\u003eBecause we are using Endgame for endpoint protection on our workstations we are not yet using the Endpoint Security fleet integration at scale. As the Endpoint Security integration reaches feature parity with Endgame we will be migrating our systems off of Endgame and onto Endpoint Security. We cannot deploy Endgame and Endpoint Security to the same systems at the same time because they are not compatible with each other. All of the other Elastic Agent integrations can be used with Endgame.\u003c/p\u003eThe primary Fleet integration we use at this time is the \u003ca href=\"https://www.elastic.co/about/press/elastic-announces-osquery-management-integration-for-unified-data-analysis-to-address-cyber-threats\"\u003eOSQuery Manager\u003c/a\u003e integration. The OSQuery Manager lets us schedule and run live OSQuery queries to actively gather information from our fleet of systems. \u003ca href=\"https://osquery.io/\"\u003eOSQuery\u003c/a\u003e is an open source project that enables analysts to directly query their systems to gather information such as running processes, installed applications, disk encryption status, named pipes, installed Chrome extensions, and over 250 other types of queries. For a more in depth dive on how we use OSquery Manager at Elastic we presented this Webcast with the SANS institute: \u003cspan style=\"font-size: 11pt;font-family: Arial;color: #000000;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003ca href=\"https://www.sans.org/webcasts/operationalize-osquery-at-scale-with-elastic/\"\u003ehttps://www.sans.org/webcasts/operationalize-osque...\u003c/a\u003e\u003c/span\u003e\u003ch2\u003e\u003cstrong\u003eMalware Sandbox\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThis cluster is another Fleet server but this one is used only for deploying Elastic Agent to analyst VMs to instrument them as a \u003ca href=\"https://www.elastic.co/blog/how-to-build-a-malware-analysis-sandbox-with-elastic-security\"\u003eMalware Analysis Sandbox\u003c/a\u003e. Rather than having each analyst maintain their own cluster for this the SecEng team created a single managed cluster that all of us can use to manage log collection from our Sandbox VMs. The ability to manage Fleet and to add and remove agents and policies dynamically requires Super User privileges on the cluster so this activity needs to be a separate cluster from the production clusters. With CCS All of the analysts can see the logs from this cluster which means we can have one Analyst detonate and analyze the malware on their sandbox but everyone has access to the events that were created. These events can then be added to a case and we can use the indicators of compromise from the sandbox to quickly search through our live data for any evidence of compromise.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eCustomer Zero continued\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eIn this post we walked through the types of searchable data in a single Elastic SIEM interface and how we use that data for Security Detection, Incident Response, Threat Hunting, Threat Intelligence, Compliance Auditing, and Vulnerability Management.\u003c/p\u003e\u003cp\u003eBe sure to check back for our Third part of this series which will show you how we configure the Security app and Detection Rules to work with Cross Cluster Search.\u0026nbsp;\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-09-02T20:05:08.380Z","created_by":"blt1e57c6588ae1816e","disclaimer":[],"full_bleed_image":{"uid":"blt1264ab51dcf8cbce","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-27T22:46:09.488Z","updated_at":"2020-07-27T22:46:09.488Z","content_type":"image/png","file_size":"14352","filename":"blog-banner-security-pattern-color.png","title":"blog-banner-security-pattern-color.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-27T22:46:19.680Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1264ab51dcf8cbce/5f1f5931804fa40c94d9c6c5/blog-banner-security-pattern-color.png"},"markdown_l10n":"","publish_date":"2021-09-07T13:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic on Elastic Series: Data collected to the Infosec SIEM","seo_description_l10n":"In this series of blogs we will provide an overview of our architecture, what data we send to our clusters, how and why we use Cross Cluster Search with the Security and Machine Learning (ML) applications, and how we tune, manage and notify.","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt7275b59d6d8d38ce","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-07T21:42:22.214Z","updated_at":"2020-07-07T21:42:22.214Z","content_type":"image/png","file_size":"12109","filename":"blog-thumb-security-pattern-color.png","title":"blog-thumb-security-pattern-color.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-27T22:18:32.010Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7275b59d6d8d38ce/5f04ec3eab218d2b0111496e/blog-thumb-security-pattern-color.png"},"title":"Elastic on Elastic Series: Data collected to the Infosec SIEM","title_l10n":"Elastic on Elastic Series: Data collected to the Infosec SIEM","updated_at":"2025-03-10T12:17:12.398Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-on-elastic-data-collected-to-the-infosec-siem","publish_details":{"time":"2025-03-10T12:17:15.838Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt914a89de909d1093","_version":19,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blte305d0d8f427e122"],"body_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003c/span\u003eElasticsearch is a very versatile platform that supports a variety of use cases and provides great flexibility around data organisation and replication strategies. This flexibility can, however, sometimes make it hard to determine up-front how to best organize your data into indices and shards, especially if you are new to the Elastic Stack. While suboptimal choices will not necessarily cause problems when first starting out, they have the potential to cause performance problems as data volumes grow over time. The more data the cluster holds, the more difficult it also becomes to correct the problem, as reindexing of large amounts of data can sometimes be required.\u003c/p\u003e\u003cp\u003eWhen we come across users that are experiencing performance problems, it is not uncommon that this can be traced back to issues around how data is indexed and number of shards in the cluster. This is especially true for use-cases involving multi-tenancy and/or use of time-based indices. When discussing this with users, either in person at events or meetings or via our \u003ca href=\"https://discuss.elastic.co\" target=\"_self\"\u003eforum\u003c/a\u003e, some of the most common questions are “How many shards should I have?” and “How large should my shards be?”\u003c/p\u003e\u003cp\u003eThis blog post aims to help you answer these questions and provide practical guidelines for use cases that involve the use of time-based indices (e.g., logging or security analytics) in a single place.\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eWhat is a shard?\u003c/h2\u003e\u003cp\u003eBefore we start, we need to establish some facts and terminology that we will need in later sections.\u003c/p\u003e\u003cp\u003eData in Elasticsearch is organized into \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/_add_an_index.html\" target=\"_self\"\u003eindices\u003c/a\u003e. Each index is made up of one or more shards. Each shard is an instance of a Lucene index, which you can think of as a self-contained search engine that indexes and handles queries for a subset of the data in an Elasticsearch cluster.\u003c/p\u003e\u003cp\u003eAs data is written to a shard, it is periodically published into new immutable Lucene segments on disk, and it is at this time it becomes available for querying. This is referred to as a refresh. How this works is described in greater detail in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/inside-a-shard.html\" target=\"_self\"\u003eElasticsearch: the Definitive Guide\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAs the number of segments grow, these are periodically consolidated into larger segments. This process is referred to as \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/index-modules-merge.html\" target=\"_self\"\u003emerging\u003c/a\u003e. As all segments are immutable, this means that the disk space used will typically fluctuate during indexing, as new, merged segments need to be created before the ones they replace can be deleted. Merging can be quite resource intensive, especially with respect to disk I/O.\u003c/p\u003e\u003cp\u003eThe shard is the unit at which Elasticsearch distributes data around the cluster. The speed at which Elasticsearch can move shards around when rebalancing data, e.g. following a failure, will depend on the size and number of shards as well as network and disk performance.\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/training/elasticsearch-engineer\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBecome an Elasticsearch Engineer\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(67, 67, 67);font-size: 12pt;\"\u003e\u003cem\u003e: Learn to build your own custom search application using Elasticsearch on the back end.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-weight: 700;\"\u003e\u003cem\u003eTIP:\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-weight: 700;\"\u003e\u003cem\u003e\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(49, 133, 155);\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003eAvoid having very large shards as this can negatively affect the cluster's ability to recover from failure. There is no fixed limit on how large shards can be, but a shard size of 50GB is often quoted as a limit that has been seen to work for a variety of use-cases.\u003c/em\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ch2 dir=\"ltr\"\u003eIndex by retention period\u003c/h2\u003e\u003cp\u003eAs segments are immutable, \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/update-doc.html\" target=\"_self\"\u003eupdating a document\u003c/a\u003e requires Elasticsearch to first find the existing document, then mark it as deleted and add the updated version. \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/delete-doc.html\" target=\"_self\"\u003eDeleting a document\u003c/a\u003e also requires the document to be found and marked as deleted. For this reason, deleted documents will continue to tie up disk space and some system resources until they are merged out, which can consume a lot of system resources.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(67, 67, 67);font-size: 12pt;\"\u003e\u003cem\u003eRelated: \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/lucenes-handling-of-deleted-documents\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eLucene's handling of deleted documents\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eElasticsearch allows complete indices to be deleted very efficiently directly from the file system, without explicitly having to delete all records individually. This is by far the most efficient way to delete data from Elasticsearch.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eTry to use \u003c/em\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/time-based.html\" target=\"_self\"\u003e\u003cem\u003etime-based indices\u003c/em\u003e\u003c/a\u003e\u003cem\u003e for managing data retention whenever possible. Group data into indices based on the retention period. Time-based indices also make it easy to vary the number of primary shards and replicas over time, as this can be changed for the next index to be generated. This simplifies adapting to changing data volumes and requirements.\u003c/em\u003e\u003c/p\u003e\u003chr/\u003e\u003ch2 dir=\"ltr\"\u003eAre indices and shards not free?\u003c/h2\u003e\u003cp\u003eFor each Elasticsearch index, information about mappings and state is stored in the cluster state. This is kept in memory for fast access. Having a large number of indices and shards in a cluster can therefore result in a large cluster state, especially if mappings are large. This can become slow to update as all updates need to be done through a single thread in order to guarantee consistency before the changes are distributed across the cluster.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eIn order to reduce the number of indices and avoid large and sprawling mappings, consider storing data with similar structure in the same index rather than splitting into separate indices based on where the data comes from. It is important to find a good balance between the number of indices and shards, and the mapping size for each individual index. Because the \u003c/em\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/finite-scale.html#finite-scale\" target=\"_blank\"\u003e\u003cem\u003ecluster state\u003c/em\u003e\u003c/a\u003e\u003cem\u003e is loaded into the heap on every node (including the masters), and the amount of heap is directly proportional to the number of indices, fields per index and shards, it is important to also monitor the heap usage on master nodes and make sure they are sized appropriately. \u0026nbsp;\u003c/em\u003e\u003c/p\u003e\u003chr/\u003e\u003cp\u003eEach shard has data that need to be kept in memory and use heap space. This includes data structures holding information at the shard level, but also at the segment level in order to define where data reside on disk. The size of these data structures is not fixed and will vary depending on the use-case.\u003c/p\u003e\u003cp\u003eOne important characteristic of the segment related overhead is however that it is not strictly proportional to the size of the segment. This means that larger segments have less overhead per data volume compared to smaller segments. The difference can be substantial.\u003c/p\u003e\u003cp\u003eIn order to be able to store as much data as possible per node, it becomes important to manage heap usage and reduce the amount of overhead as much as possible. The more heap space a node has, the more data and shards it can handle.\u003c/p\u003e\u003cp\u003eIndices and shards are therefore not free from a cluster perspective, as there is some level of resource overhead for each index and shard.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eSmall shards result in small segments, which increases overhead. Aim to keep the average shard size between at least a few GB and a few tens of GB. For use-cases with time-based data, it is common to see shards between 20GB and 40GB in size.\u003c/em\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eAs the overhead per shard depends on the segment count and size, forcing smaller segments to merge into larger ones through a \u003c/em\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/indices-forcemerge.html\" target=\"_self\"\u003e\u003cem\u003eforcemerge\u003c/em\u003e\u003c/a\u003e\u003cem\u003e operation can reduce overhead and improve query performance. This should ideally be done once no more data is written to the index. Be aware that this is an expensive operation that should ideally be performed during off-peak hours.\u003c/em\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eThe number of shards you can hold on a node will be proportional to the amount of heap you have available, but there is no fixed limit enforced by Elasticsearch. A good rule-of-thumb is to ensure you keep the number of shards per node below 20 per GB heap it has configured. A node with a 30GB heap should therefore have a maximum of 600\u0026nbsp;shards, but the further below this limit you can keep it the better. This will generally help the cluster stay in good health. \u003c/em\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003cem\u003e\u003cstrong\u003e(Editor’s note: As of 8.3, we have drastically reduced the heap usage per shard, thus updating the rule of thumb in this blog. Please follow \u003c/strong\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/size-your-shards.html#field-count-recommendation\" target=\"_self\"\u003e\u003cem\u003e\u003cstrong\u003edocumentation\u003c/strong\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003cstrong\u003e for 8.3+ versions of Elasticsearch.)\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/em\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);\"\u003e\u003cem\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003chr/\u003e\u003ch2 dir=\"ltr\"\u003eHow does shard size affect performance?\u003c/h2\u003e\u003cp\u003eIn Elasticsearch, each query is executed in a single thread per shard. Multiple shards can however be processed in parallel, as can multiple queries and aggregations against the same shard.\u003c/p\u003e\u003cp\u003eThis means that the minimum query latency, when no caching is involved, will depend on the data, the type of query, as well as the size of the shard. Querying lots of small shards will make the processing per shard faster, but as many more tasks need to be queued up and processed in sequence, it is not necessarily going to be faster than querying a smaller number of larger shards. Having lots of small shards can also reduce the query throughput if there are multiple concurrent queries.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eThe best way to determine the maximum shard size from a query performance perspective is to \u003c/em\u003e\u003ca href=\"https://www.elastic.co/elasticon/conf/2016/sf/quantitative-cluster-sizing\" target=\"_self\"\u003e\u003cem\u003ebenchmark using realistic data and queries\u003c/em\u003e\u003c/a\u003e\u003cem\u003e. Always benchmark with a query and indexing load representative of what the node would need to handle in production, as optimizing for a single query might give misleading results.\u003c/em\u003e\u003c/p\u003e\u003chr/\u003e\u003ch2 dir=\"ltr\"\u003eHow do I manage shard size?\u003c/h2\u003e\u003cp\u003eWhen using time-based indices, each index has traditionally been associated with a fixed time period. Daily indices are very common, and often used for holding data with short retention period or large daily volumes. These allow retention period to be managed with good granularity and makes it easy to adjust for changing volumes on a daily basis. Data with a longer retention period, especially if the daily volumes do not warrant the use of daily indices, often use weekly or monthly indices in order to keep the shard size up. This reduces the number of indices and shards that need to be stored in the cluster over time.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003eTIP: If using time-based indices covering a fixed period, adjust the period each index covers based on the retention period and expected data volumes in order to reach the target shard size.\u003c/em\u003e\u003c/p\u003e\u003chr/\u003e\u003cp\u003eTime-based indices with a fixed time interval works well when data volumes are reasonably predictable and change slowly. If the indexing rate can vary quickly, it is very difficult to maintain a uniform target shard size.\u003c/p\u003e\u003cp\u003eIn order to be able to better handle this type of scenarios, the \u003ca href=\"https://www.elastic.co/blog/managing-time-based-indices-efficiently\" target=\"_self\"\u003eRollover and Shrink APIs\u003c/a\u003e were introduced. These add a lot of flexibility to how indices and shards are managed, specifically for time-based indices.\u003c/p\u003e\u003cp\u003eThe \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/indices-rollover-index.html\" target=\"_self\"\u003erollover index API\u003c/a\u003e makes it possible to specify the number of documents an index should contain and/or the maximum period documents should be written to it. Once one of these criteria has been exceeded, Elasticsearch can trigger a new index to be created for writing without downtime. Instead of having each index cover a specific time-period, it is now possible to switch to a new index at a specific size, which makes it possible to more easily achieve an even shard size for all indices.\u003c/p\u003e\u003cp\u003eIn cases where data might be updated, there is no longer a distinct link between the timestamp of the event and the index it resides in when using this API, which may make updates significantly less efficient as each update may need to be preceded by a search.\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eIf you have time-based, immutable data where volumes can vary significantly over time, consider using the rollover index API to achieve an optimal target shard size by dynamically varying the time-period each index covers. This gives great flexibility and can help avoid having too large or too small shards when volumes are unpredictable.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\u003chr/\u003e\u003cp\u003eThe \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.5/indices-shrink-index.html\" target=\"_self\"\u003eshrink index API\u003c/a\u003e allows you to shrink an existing index into a new index with fewer primary shards. If an even spread of shards across nodes is desired during indexing, but this will result in too small shards, this API can be used to reduce the number of primary shards once the index is no longer indexed into. This will result in larger shards, better suited for longer term storage of data.\u003cbr /\u003e\u003c/p\u003e\u003chr/\u003e\u003cp style=\"margin-left: 20px;\"\u003e\u003cem\u003e\u003cstrong\u003eTIP: \u003c/strong\u003e\u003c/em\u003e\u003cem\u003eIf you need to have each index cover a specific time period but still want to be able to spread indexing out across a large number of nodes, consider using the shrink API to reduce the number of primary shards once the index is no longer indexed into. This API can also be used to reduce the number of shards in case you have initially configured too many shards.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\u003chr/\u003e\u003ch2 dir=\"ltr\"\u003eConclusions\u003c/h2\u003e\u003cp\u003eThis blog post has provided tips and practical guidelines around how to best manage data in Elasticsearch. If you are interested in learning more, \"Elasticsearch: the definitive guide\" contains a section about \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/2.x/scale.html\" target=\"_self\"\u003edesigning for scale\u003c/a\u003e, which is well worth reading even though it is a bit old.\u003c/p\u003e\u003cp\u003eA lot of the decisions around how to best distribute your data across indices and shards will however depend on the use-case specifics, and it can sometimes be hard to determine how to best apply the advice available. For more in-depth and personal advice you can engage with us \u003ca href=\"https://www.elastic.co/subscriptions\" target=\"_self\"\u003ecommercially through a subscription\u003c/a\u003e and let our Support and Consulting teams help accelerate your project. If you are happy to discuss your use-case in the open, you can also get help from \u003ca href=\"https://www.elastic.co/community\" target=\"_self\"\u003eour community\u003c/a\u003e and through our public \u003ca href=\"https://discuss.elastic.co\" target=\"_self\"\u003eforum\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003ca href=\"https://www.elastic.co/webinars/manage-elasticsearch-clusters-at-scale-with-ece\" target=\"_self\"\u003eLearn how to manage Elasticsearch at scale.\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003cem\u003eThis post was originally published on September 18, 2017. It was updated on December 16, 2022.\u003c/em\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:29:21.156Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltc81257aac79bef06"],"full_bleed_image":{"title":"elasticsearch-sharding-fullbleed.jpg","uid":"blt3f6104a62d496acf","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:39:23.517Z","updated_at":"2019-01-05T09:39:23.517Z","content_type":"image/jpeg","file_size":"154326","filename":"elasticsearch-sharding-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:27:44.371Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f6104a62d496acf/5c307b4bc599e1696624125c/elasticsearch-sharding-fullbleed.jpg"},"markdown_l10n":"","publish_date":"2022-12-16T15:46:16.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"elasticsearch-sharding-thumbnail.jpg","uid":"blta55fe6273ba821f9","created_by":"sys_blt57a423112de8a853","updated_by":"blt3e52848e0cb3c394","created_at":"2019-01-05T09:39:18.994Z","updated_at":"2019-05-03T16:52:27.589Z","content_type":"image/jpeg","file_size":"62749","filename":"elasticsearch-sharding-thumbnail.jpg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-03T16:52:44.630Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta55fe6273ba821f9/5c307b46a253ae3e67bc86df/elasticsearch-sharding-thumbnail.jpg"},"title":"How many shards should I have in my Elasticsearch cluster?","title_l10n":"How many shards should I have in my Elasticsearch cluster?","updated_at":"2025-03-10T12:16:06.559Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster","publish_details":{"time":"2025-03-10T12:16:12.880Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte3b7793de7eb5bf0","_version":43,"locale":"en-us","ACL":{},"abstract_l10n":"Today, we are excited to announce the introduction of Elastic Endpoint Security.","author":["blt4990cfe37610ed0f"],"body_l10n":"\u003cp\u003eToday we are excited to announce the introduction of \u003ca href=\"/endpoint-security\"\u003eElastic Endpoint Security\u003c/a\u003e, based on Elastic’s acquisition of Endgame, a pioneer and \u003ca href=\"https://www.endgame.com/mitre-attck-coverage\"\u003eindustry-recognized leader\u003c/a\u003e in endpoint threat prevention, detection, and response based on the MITRE ATT\u0026amp;CK™ matrix. Elastic is combining \u003ca href=\"/siem\"\u003eSIEM\u003c/a\u003e and endpoint security into a single solution to enable organizations to automatically and flexibly respond to threats in real time, whether in the cloud, on-premises, or in hybrid environments. Also announced today, Elastic is eliminating per-endpoint pricing.\u003c/p\u003e\u003cp\u003e“Two key trends in endpoint security —\u0026nbsp;the importance of a strong analytics back-end and the rise of the MITRE ATT\u0026amp;CK framework as a lingua franca —\u0026nbsp;help make the case for greater emphasis on threat hunting and incident response use cases,” said Fernando Montenegro, Principal Analyst at 451 Research. “Elastic’s acquisition of Endgame fits well within these trends, and the combination of SIEM and endpoint security should enable organizations to pursue efficiencies around those use cases.”\u003c/p\u003e\u003cp\u003eEndgame has been validated by numerous independent testing organizations, including NSS Labs, SE Labs, MITRE, and others as having both the strongest preventions and detections available. This was recently illustrated by its performance in \u003ca href=\"https://www.av-comparatives.org/tests/business-security-test-august-september-2019-factsheet/\"\u003ethe AV Comparatives Independent Anti-Virus Test\u003c/a\u003e, where Endgame demonstrated exceptional protection against real-world threats, preventing 99.7% of malware with no cloud connectivity required.\u003c/p\u003e\u003cp\u003eAdditionally, Elastic Endpoint Security brings one of the \u003ca href=\"https://www.endgame.com/blog/technical-blog/heres-how-we-do-numbers\"\u003estrongest sources of endpoint security data\u003c/a\u003e, raw endpoint event data, and alerts to the Elastic Stack, joining the existing logging, security, APM, and infrastructure event collection. With the average threat dwell time exceeding 100 days, shipping, scaling, and storing data efficiently in Elasticsearch makes searching through all of this disparate security-related data practical, easy, and fast. Accordingly, endpoint security is a natural fit for the Elastic Stack to provide prevention against threats and the fastest detection and response to stop attacks at the earliest stages possible.\u003c/p\u003e\u003cp\u003e“Users deserve more from the tools they deploy. That’s why we are providing immediate value today through the simplicity of a single stack to search, store, analyze, and\u0026nbsp;secure\u0026nbsp;your data,” said Shay Banon, founder and chief executive officer of Elastic. “This is an exciting step toward realizing our vision for applying search to multiple use cases, as we are now able to offer users the best threat hunting solution with the best endpoint protection.”\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc6d5cb9a33c0de89/5d9fe365b517f10ef0a935d0/screenshot-elastic-siem-endpoint-security-data-elasticsearch-2-optimized.jpg\" data-sys-asset-uid=\"bltc6d5cb9a33c0de89\" alt=\"screenshot-elastic-siem-endpoint-security-data-elasticsearch-2-optimized.jpg\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eOur journey into SIEM and endpoint security\u003c/h2\u003e\u003cp\u003eTools working in isolation can’t safeguard an organization, and the data that those tools collect isn’t actionable without a centralized management console. Security teams are faced with siloed data, slow query times, and compromised analysis that lacks relevance and context. Organizations already know they need to work in real time; they need to ingest and store all types of data in a way that is unbounded; and they need to produce relevant results and automatically operationalize them into existing and new security workflows.\u003c/p\u003e\u003cp\u003eNearly two years ago, we embarked on a mission to help organizations evolve their security efforts. While the Elastic Stack has been adopted and is used as a security solution for use cases like threat hunting, fraud detection, and security monitoring, we wanted to make it even easier for users to deploy our products for security. We first worked in collaboration with our community to develop the Elastic Common Schema (ECS) to provide an easy way to normalize data from disparate sources from network and host data. Then we launched \u003ca href=\"/siem\"\u003eElastic SIEM\u003c/a\u003e, the world’s first free and open SIEM... but we didn’t stop there.\u003c/p\u003e\u003cp\u003eNow, when you deploy a data collection agent for Elastic SIEM, you can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss.\u003c/p\u003e\u003cp\u003e“Stopping attacks as early as possible is the goal. That requires the best preventions and the highest fidelity detections on the endpoint. The combination of Endgame’s leading endpoint protection technology with Elastic SIEM creates an interactive workspace for SecOps and threat hunting teams to stop attacks and protect their organizations,” said Nate Fick, formerly CEO of Endgame and now general manager of Elastic Security.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1f87637fb7870298/5d9fe27bf8ca980f8717f6f8/screenshot-resolver-trickbot-enrichments-showing-defender-shutdown-endgame-2-optimized.png\" data-sys-asset-uid=\"blt1f87637fb7870298\" alt=\"screenshot-resolver-trickbot-enrichments-showing-defender-shutdown-endgame-2-optimized.png\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eThe end of endpoint pricing\u003c/h2\u003e\u003cp\u003eIn addition to combining the world’s first free and open SIEM with the best endpoint protection technology, Elastic is eliminating per-endpoint pricing.\u003c/p\u003e\u003cp\u003e“Why should users need to count the number of devices they need to protect? Or choose how many days of threat intelligence data they can afford to retain?” added Banon. “We want organizations to have the best protection, use it everywhere, and not be penalized with per-endpoint pricing.”\u003c/p\u003e\u003cp\u003eElastic customers pay for resource capacity for any solution they use\u0026nbsp;—\u0026nbsp;Elastic Logs, APM, SIEM, App Search, Site Search, Enterprise Search, and now Endpoint Security —\u0026nbsp;with a consistent and transparent pricing framework. This ensures organizations can capture maximum value from their data. With Elastic Endpoint Security, customers get full protection for as many endpoints as they need, and full data collection and shipping without having to compromise.\u003c/p\u003e\u003ch2\u003eSecurity leaders comment on Elastic Endpoint Security\u003c/h2\u003e\u003cp\u003e\u003cstrong\u003eTexas A\u0026amp;M University, Andrew Stokes, Assistant Director and Information Security Officer\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e“We value speed of response and the ability to learn from and analyze our historical data. Elastic Endpoint Security has dramatically dropped our mean time to remediate from seven days to 30 minutes over legacy antivirus, and the Elastic Stack has provided an unparalleled way to store, analyze, and react to data well beyond any competitor in the market. Combining Elastic Endpoint Security and the Elastic Stack into a single, intelligence-led platform will further simplify and automate our security operations.”\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOptiv, Anthony Diaz, Divisional Vice President, Emerging Services\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\"Elastic is bringing together the integration of a next-generation SIEM, robust visualization engine and a best-in-class endpoint product all backed by the world's leading search technology. This combination provides a foundation for enterprises to combat the growing complexity of cyber threats. Elastic's vision for bringing together these components in an open ecosystem is a revolutionary, yet practical idea that helps organizations of all sizes maximize all of their data to manage their cyber security needs.\"\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eInfotrack, Sebastian Mill, Chief Technology Officer, Global Development\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e“At InfoTrack, we’ve come to realize just how valuable endpoint data can be for gaining visibility into our operations and making sure our infrastructure remains secure. Toward these goals, our innovation team has already been scoping Auditbeat into our environments, but introducing Elastic Endpoint Security takes it to a whole new level. We are intrigued by the ability to stop threats with Elastic Endpoint Security while pairing security event data with some Elastic machine learning-powered anomaly detection. It will be a killer setup.\"\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSANS Institute, John Pescatore, Director, Emerging Security Trends\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e“When SANS surveyed SOC managers about the tools they wish new SOC hires were skilled in the Elastic (ELK) Stack was one of the top ones mentioned. The components of the ELK stack are used both by SOC analysts and application developers. Having strong EDR capability integrated into the endpoint side of the standard packages deployed by DevOps and CI/CD pipelines can be a real game changer in visibility, detection and prevention of cyber attacks.”\u003c/p\u003e\u003ch2\u003eResources\u003c/h2\u003e\u003cp\u003eIf you want to see Elastic Endpoint Security in action and hear more about our developments, please join us at one of our \u003ca href=\"/elasticon/\"\u003eElastic{ON} Tour\u003c/a\u003e stops in the US, EMEA, or Asia Pacific.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security/endpoint-security\" target=\"_self\"\u003eElastic Endpoint Security solutions page\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.endgame.com/resource/product-info/pdf/endgame-endpoint-protection-platform\"\u003eElastic Endpoint documentation\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/siem\"\u003eElastic SIEM solutions page\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/guide/en/siem/guide/current/index.html\"\u003eElastic SIEM documentation\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://discuss.elastic.co/c/siem\"\u003eElastic SIEM community forum\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/webinars/introducing-elastic-siem\"\u003eElastic SIEM webinar recording\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-10-11T15:53:54.978Z","created_by":"bltfefb9f3ab4fd6abcade87a28","disclaimer":["blt20299652b018eb23"],"full_bleed_image":{"uid":"blt20c12adf8ada039c","created_by":"bltfefb9f3ab4fd6abcade87a28","updated_by":"bltfefb9f3ab4fd6abcade87a28","created_at":"2019-10-11T15:53:24.790Z","updated_at":"2019-10-11T15:53:24.790Z","content_type":"image/png","file_size":"71723","filename":"endgame-blog-post.png","title":"endgame-blog-post.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-15T12:31:55.041Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt20c12adf8ada039c/5da0a574daf87c13de87f23f/endgame-blog-post.png"},"markdown_l10n":"","publish_date":"2019-10-15T13:30:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":["endpoint","endgame"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blte41b0699a34eac99","ACL":{},"created_at":"2023-11-06T20:38:53.624Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"edr","label_l10n":"EDR","tags":[],"title":"EDR","updated_at":"2023-11-06T20:38:53.624Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:26.559Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"bltac352930d0bd6c7f","ACL":{},"created_at":"2023-11-06T21:36:27.692Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"xdr","label_l10n":"XDR","tags":[],"title":"XDR","updated_at":"2023-11-06T21:36:27.692Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.167Z","user":"blt4b2e1169881270a8"}},{"title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6ba71b4a02e74776","created_by":"bltfefb9f3ab4fd6abcade87a28","updated_by":"bltfefb9f3ab4fd6abcade87a28","created_at":"2019-10-11T15:53:19.573Z","updated_at":"2019-10-11T15:53:19.573Z","content_type":"image/png","file_size":"49569","filename":"endgame-blog-thumbnail.png","title":"endgame-blog-thumbnail.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-15T12:31:55.041Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ba71b4a02e74776/5da0a56ff8ca980f8717fcb6/endgame-blog-thumbnail.png"},"title":"Introducing Elastic Endpoint Security","title_l10n":"Introducing Elastic Endpoint Security","updated_at":"2025-03-10T12:14:50.692Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/introducing-elastic-endpoint-security","publish_details":{"time":"2025-03-10T12:14:53.940Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt34fc51955689b63a","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltd8c9152eb9be7946"],"body_l10n":"\u003cp\u003eKibana provides powerful ways to search and visualize data stored in Elasticsearch. For the purpose of visualizations, Kibana looks for fields defined in Elasticsearch mappings and presents them as options to the user building a chart. But what happens if you forget to define an important value as a separate field in your schema? Or what if you want to combine two fields and treat them as one? This is where Kibana scripted fields come into play.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eScripted fields have actually been around since the early days of Kibana 4. At the time they were introduced, the only way to define them relied on \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-scripting-expression.html\" target=\"_self\"\u003eLucene Expressions\u003c/a\u003e,\u0026nbsp;a scripting language in Elasticsearch which deals exclusively with numeric values. As a result, the power of scripted fields was limited to a subset of use cases. In 5.0, Elasticsearch introduced \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-scripting-painless.html\" target=\"_self\"\u003ePainless\u003c/a\u003e, a safe and powerful scripting language that allows operating on a variety of data types, and as a result, scripted fields in Kibana 5.0 are that much more powerful.\u003c/p\u003e\u003cp\u003eIn the rest of this blog, we'll walk you through how to create scripted fields for common use cases. We'll do so by relying on a dataset from \u003ca href=\"https://www.elastic.co/guide/en/kibana/5.0/tutorial-load-dataset.html\" target=\"_self\"\u003eKibana Getting Started tutorial\u003c/a\u003e\u0026nbsp;and use an instance of Elasticsearch and Kibana running in \u003ca href=\"https://cloud.elastic.co/\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e, which you can spin up for free.\u003c/p\u003e\u003cp\u003eThe following video walks you through how to spin up a personal Elasticsearch and Kibana\u0026nbsp;instance in Elastic Cloud and load a sample\u0026nbsp;dataset\u0026nbsp;into it.\u0026nbsp;\u003cbr /\u003e\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/6gWkzXXhT69tUa7uRtvJ96.jpg\" data-uuid=\"6gWkzXXhT69tUa7uRtvJ96\" data-v=\"4\" data-type=\"inline\" width=\"677\"/\u003e\u003c/div\u003e\u003ch2\u003eHow scripted fields work\u003c/h2\u003e\u003cp\u003eElasticsearch allows you to specify scripted fields on every request. Kibana improves on this by allowing you to define a scripted field once in the Management section, so it can be used in multiple places in the UI going forward. Note that while Kibana stores scripted fields alongside its other configuration in the .kibana index, this configuration is Kibana-specific, and Kibana scripted fields are not exposed to API users of Elasticsearch.\u003c/p\u003e\u003cp\u003eWhen you go to define a scripted field in Kibana, you'll be given a choice of scripting language, allowing you to pick from all the languages installed on the Elasticsearch nodes that have dynamic scripting enabled. By default that is \"expression\" and \"painless\" in 5.0 and just \"expression\" in 2.x. You can install other scripting languages and enable dynamic scripting for them, but it is not recommended because they cannot be sufficiently \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-security.html\" target=\"_self\"\u003esandboxed\u003c/a\u003e\u0026nbsp;and have been deprecated.\u003c/p\u003e\u003cp\u003eScripted fields operate on one Elasticsearch document at a time, but can reference multiple fields in that document. As a result, it is appropriate to use scripted fields to combine or transform fields within a single document, but not perform calculations based on on multiple documents (e.g. time-series math). Both Painless and Lucene expressions operate on fields stored in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/doc-values.html\" target=\"_self\"\u003edoc_values\u003c/a\u003e.\u0026nbsp;So for string data, you will need to have the string to be stored in data type keyword. Scripted fields based on Painless also cannot operate directly on _source.\u003c/p\u003e\u003cp\u003eOnce scripted fields are defined in \"Management\", user can interact with them the same way as with other fields in the rest of Kibana. Scripted fields automatically show up in the Discover field list and are available in Visualize for the purposes of creating visualizations. Kibana simply passes scripted field definitions to Elasticsearch at query time for evaluation. The resulting dataset is combined with other results coming back from Elasticsearch and presented to the user in a table or a chart.\u003c/p\u003e\u003cp\u003eThere are a couple of known limitations when working with scripted fields at the time of writing this blog. You can apply most Elasticsearch aggregations available in Kibana visual builder to scripted fields, with the most notable exception of the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-significantterms-aggregation.html\" target=\"_self\"\u003esignificant terms aggregation\u003c/a\u003e. You can also filter on scripted fields via the filter bar in Discover, Visualize, and Dashboard, although you have to take care to write proper scripts that return well-defined values, as we show below. It is also important to refer to the \"Best Practices\" section below to ensure you do not destabilize your environment, when using scripted fields.\u003c/p\u003e\u003cp\u003eThe following video shows\u0026nbsp;how to use Kibana to create scripted fields.\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/SKHYsZcKZHq9u7GTNGWPaL.jpg\" data-uuid=\"SKHYsZcKZHq9u7GTNGWPaL\" data-v=\"4\" data-type=\"inline\" width=\"677\"/\u003e\u003c/div\u003e\u003ch2\u003eScripted field examples\u003c/h2\u003e\u003cp\u003eThis section presents a few examples of Lucene expressions and Painless scripted fields in Kibana in common scenarios. As mentioned above, these examples were developed on top of a dataset from \u003ca href=\"https://www.elastic.co/guide/en/kibana/5.0/tutorial-load-dataset.html\" target=\"_self\"\u003eKibana Getting Started tutorial\u003c/a\u003e\u0026nbsp;and assume you are using Elasticsearch and Kibana 5.1.1, as there are a couple of known issues related to filtering and sorting on certain types of scripted fields in earlier versions.\u003c/p\u003e\u003cp\u003eFor the most part, scripted fields should work out of the box, as Lucene expressions and Painless are enabled by default in Elasticsearch 5.0. The only exception are scripts that require regex-based parsing of fields, which will require you to set the following setting in elasticsearch.yml to turn on regex matching for Painless: script.painless.regex.enabled: true\u003c/p\u003e\u003ch3\u003ePerform a calculation on a single field\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Calculate kilobytes from bytes\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e:\u0026nbsp;expressions\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e:\u0026nbsp;number\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003e doc['bytes'].value / 1024\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNote: Keep in mind that Kibana scripted fields work on a single document at a time only, so there is no way to do time-series math in a scripted field.\u003cbr /\u003e\u003c/p\u003e\u003ch3\u003eDate math resulting in number\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e:\u0026nbsp;Parse date into hour-of-day\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: expressions\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e:\u0026nbsp;number\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eLucene expressions provide a whole host of \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-scripting-expression.html#_date_field_api\" target=\"_self\"\u003edate manipulation functions\u003c/a\u003e\u0026nbsp;out-of-the-box. However, since Lucene expressions only return numerical values, we'll have to use Painless to return a string-based day-of-week (below).\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e doc['@timestamp'].date.hourOfDay\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNote: Script above will return 1-24\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003edoc['@timestamp'].date.dayOfWeek\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNote: Script above will return 1-7\u003c/p\u003e\u003ch3\u003eCombine two string values\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e:\u0026nbsp;Combine source and destination or first and last name\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e:\u0026nbsp;painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e:\u0026nbsp;string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003e doc['geo.dest.keyword'].value + ':' + doc['geo.src.keyword'].value\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNote: Because scripted fields need to operate on fields in doc_values, we are using .keyword versions of strings above.\u003c/p\u003e\u003ch3\u003eIntroducing logic\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Return label \"big download\" for any document with bytes over 10000\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e: string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003e if (doc['bytes'].value \u0026gt; 10000) { \u003cbr /\u003e return \"big download\";\u003cbr /\u003e}\u003cbr /\u003ereturn \"\";\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: When introducing logic, ensure that every execution path has a well-defined return statement and a well-defined return value (not null). For instance, above scripted field will fail with a compile error when used in Kibana filters\u0026nbsp;without the return\u0026nbsp;statement at the end or if the statement returns null. Also keep in mind that breaking up logic into functions is not supported within Kibana scripted fields.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eReturn substring\u003cbr /\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Return the part after the last slash in the URL\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e: string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003e def path = doc['url.keyword'].value;\u003cbr /\u003eif (path != null) {\u003cbr /\u003e int lastSlashIndex = path.lastIndexOf('/');\u003cbr /\u003e if (lastSlashIndex \u0026gt; 0) {\u003cbr /\u003e return path.substring(lastSlashIndex+1);\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003ereturn \"\";\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: Whenever possible, avoid using regex expressions to extract substrings, as indexOf() operations are less resource-intensive and less error-prone.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eMatch a string using regex, and take action on a match\u003cbr /\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Return a string \"error\" if a substring \"error\" is found in field \"referer\", otherwise return a string \"no error\".\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e: string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003eif (doc['referer.keyword'].value =~ /error/) { \u003cbr /\u003ereturn \"error\"\u003cbr /\u003e} else {\u003cbr /\u003ereturn \"no error\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: Simplified regex syntax is useful for conditionals based on a regex match.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eMatch a string and return that match\u003cbr /\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Return domain, the string after the last dot in the \"host\" field.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e: string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003edef m = /^.*\\.([a-z]+)$/.matcher(doc['host.keyword'].value);\u003cbr /\u003eif ( m.matches() ) {\u003cbr /\u003e return m.group(1)\u003cbr /\u003e} else {\u003cbr /\u003e return \"no match\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: Defining an object via the regex matcher() functions allows you to extract groups of characters that matched the regex and return them.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eMatch a number and return that match\u003cbr /\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003eExample: Return the first octet of the IP address (stored as a string) and treat it as a number.\u003c/li\u003e\u003cli\u003eLanguage: painless\u003c/li\u003e\u003cli\u003eReturn type: number\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003e def m = /^([0-9]+)\\..*$/.matcher(doc['clientip.keyword'].value);\u003cbr /\u003eif ( m.matches() ) {\u003cbr /\u003e return Integer.parseInt(m.group(1))\u003cbr /\u003e} else {\u003cbr /\u003e return 0\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: It is important to return the right data type in a script. Regex match returns a string, even if a number is matched, so you should explicitly convert it to an integer on return.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eDate math resulting in strings\u003cbr /\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExample\u003c/strong\u003e: Parse date into day-of-week into string\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLanguage\u003c/strong\u003e: painless\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReturn type\u003c/strong\u003e: string\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003eLocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('Z')).getDayOfWeek().getDisplayName(TextStyle.FULL, Locale.getDefault())\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eNote: Since Painless supports all of Java's native types, it provides access to native functions around those types, such as \u003ca href=\"https://docs.oracle.com/javase/8/docs/api/java/time/LocalDateTime.html#getDayOfWeek--\" target=\"_self\"\u003eLocalDateTime()\u003c/a\u003e, useful in performing more advanced date math.\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eBest practices\u003cbr /\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eAs you see, the Painless scripted language provides powerful ways of extracting useful information out of arbitrary fields stored in Elasticsearch via Kibana scripted fields. However, with great power comes great responsibility.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eBelow we outline a few best practices around using Kibana scripted fields.\u003c/p\u003e\u003cul\u003e\u003cli\u003eAlways use a development environment to experiment with scripted fields. Because scripted fields are immediately active after you save them in the Management section of Kibana (e.g. they appear in the Discover screen for that index pattern for all users), you should not develop scripted fields directly in production. We recommend that you try your syntax first in a development environment, evaluate the impact of scripted fields on realistic data sets and data volumes in staging, and only then promote them to production.\u0026nbsp;\u003c/li\u003e\u003cli\u003eOnce you gain confidence that the scripted field provides value to your users, consider modifying your ingest to extract the field at index time for new data. This will save Elasticsearch processing at query time and will result in faster response times for Kibana users. You can also use the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.0/docs-reindex.html\" target=\"_self\"\u003e_reindex\u003c/a\u003e API in Elasticsearch to re-index existing data.\u003c/li\u003e\u003c/ul\u003e\u003ca href=\"https://www.elastic.co/webinars/hidden-gems-in-kibana\" target=\"_self\"\u003e\u003cspan\u003eDiscover how to get the most out of you data using Kibana like a pro.\u003c/span\u003e\u003c/a\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:38:19.704Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"bltbf74335e81fdbea7","ACL":{},"_version":1,"content_type":"image/png","created_at":"2021-01-13T23:55:05.856Z","created_by":"bltde77f2161b811714","file_size":"39216","filename":"blog-banner-generic-elastic.png","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-14T14:09:24.839Z","user":"blt36e890d06c5ec32c"},"tags":[],"title":"blog-banner-generic-elastic.png","updated_at":"2021-01-13T23:55:05.856Z","updated_by":"bltde77f2161b811714","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf74335e81fdbea7/5fff8859e4028c63a64d9be2/blog-banner-generic-elastic.png"},"markdown_l10n":"","publish_date":"2016-12-13T17:45:34.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt226f04bb0dd0936b","ACL":{},"created_at":"2023-11-06T20:46:35.144Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"personalization","label_l10n":"Personalization","tags":[],"title":"Personalization","updated_at":"2023-11-06T20:46:35.144Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:12.713Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Using Painless in Kibana scripted fields","title_l10n":"Using Painless in Kibana scripted fields","updated_at":"2025-03-10T12:13:28.735Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/using-painless-kibana-scripted-fields","publish_details":{"time":"2025-03-10T12:13:33.998Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt64b3445f5e84599f","_version":24,"locale":"en-us","ACL":{},"abstract_l10n":"Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify how access tokens work in Windows environments.","author":["bltc2baef8dab82b56d"],"body_l10n":"\u003cp\u003eThis blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering.\u0026nbsp;\u003c/p\u003e\u003cp\u003eHere in Part 1, we'll cover key concepts in Windows Security.\u0026nbsp;The desired outcome is to help defenders understand how access tokens work in Windows environments.\u0026nbsp;In Part 2 of the\u0026nbsp;series, we’ll build on the concepts outlined in Part 1\u0026nbsp;and cover\u0026nbsp;how attackers abuse legitimate Windows \u003ca href=\"https://attack.mitre.org/techniques/T1134/\"\u003efunctionality\u003c/a\u003e to move laterally and compromise entire Active Directory domains in depth.\u003c/p\u003e\u003cp\u003eAs a note of caution, this blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) and Security Support Providers (e.g., CredSSP, Negotiate, etc.). As a consequence, there may be instances where behavior unique to these protocols/packages differs with the behavior described below (i.e., Kerberos constrained delegation). Additionally, this blog owes a huge debt of gratitude to \u003cem\u003eProgramming Windows Security\u003c/em\u003e by Keith Brown which is a fantastic resource for learning more about fundamental Windows security concepts.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eLogon sessions and access tokens\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe key concept to grasp in order to understand authentication in Windows environments is the relationship between \u003cstrong\u003elogon sessions\u003c/strong\u003e and \u003cstrong\u003eaccess tokens\u003c/strong\u003e. A logon session is used to represent the \u003cem\u003epresence\u003c/em\u003e of a user on a machine and begins when a user is successfully authenticated and ends when the user logs off.\u003c/p\u003e\u003cp\u003eFor example, when a user physically logs on to a Windows workstation (i.e., interactively), they supply a username and password, which is then checked by the \u003ca href=\"https://docs.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication\"\u003eLocal Security Authority\u003c/a\u003e (LSA). If the account is a local account (i.e., only valid on that specific computer) the LSA will check the credentials against its own security database. In the case of a Windows Active Directory domain environment, the authentication attempt is referred to the closest domain controller (DC) which will process the request and authenticate the user.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc5d931ae03cda6fb/5f3c5f2b6bbc05271064339a/1-windows-logon-session-access-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"bltc5d931ae03cda6fb\" alt=\"1-windows-logon-session-access-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 1 - Windows logon process for an interactive user\u003c/figcaption\u003e\u003cp\u003eOnce the user has been successfully authenticated, the LSA will create a new \u003cstrong\u003elogon session\u003c/strong\u003e and produce an \u003cstrong\u003eaccess token\u003c/strong\u003e, as shown above.\u003csup\u003e1\u003c/sup\u003e\u0026nbsp;A logon session can have multiple access tokens associated with it, but an access token can only ever be linked to one logon session (which is typically the successful logon attempt that generated it).\u003csup\u003e2\u003c/sup\u003e\u0026nbsp;Windows has legitimate functionality which can be used to change the logon session (and hence cached credentials) that your current token is associated with. This will be covered in more detail in part 2.\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003eEvery new logon session is identifiable via a 64 bit locally unique identifier (LUID), referred to as the logon ID, and every access token must contain an Authentication Id (or AuthId) parameter that identifies the origin/linked logon session via this LUID. This is highlighted in the diagram below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5e0d9d711f5c3946/5f3c5f38752d292b6ca4e530/2-authid-parameter-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"blt5e0d9d711f5c3946\" alt=\"2-authid-parameter-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 2 - Every access token is linked to a sole logon session, which is identifiable via the AuthID parameter. The AuthID field contains a 64 bit LUID, or logon ID, which identifies the \u003cstrong\u003eorigin\u003c/strong\u003e logon session.\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe main function of an access token is to act as a “volatile repository for security settings associated with the logon session” which can be adjusted and modified on the fly.\u003csup\u003e2\u003c/sup\u003e\u0026nbsp;In this sense, access tokens act as a \u003cstrong\u003eproxy\u003c/strong\u003e or \u003cstrong\u003estand-in\u003c/strong\u003e for the logon session and so when making security decisions, Windows developers never interact with the logon session itself (which is “hidden” away in lsass), but with an access token which \u003cstrong\u003erepresents\u003c/strong\u003e it (and hence predominantly via the Windows access token API).\u0026nbsp;\u003c/p\u003e\u003cp\u003eTherefore, a developer can copy existing tokens (\u003ca href=\"https://docs.microsoft.com/en-gb/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex?redirectedfrom=MSDN\"\u003eDuplicateTokenEx\u003c/a\u003e), modify the security settings for a given token (\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation\"\u003eGet\u003c/a\u003e/\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-settokeninformation\"\u003eSetTokenInformation\u003c/a\u003e) etc.\u0026nbsp;to their heart's content, but these tokens are still just abstractions representing the security settings from the\u003cem\u003e originating\u003c/em\u003e logon session.\u003c/p\u003e\u003cp\u003eMost importantly, the access token represents the \u003cstrong\u003esecurity context\u003c/strong\u003e of the user. The security context can be defined as the privileges and permissions that a user has on a specific workstation (and across the network). An access token caches a number of \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens\"\u003eattributes\u003c/a\u003e which determine its security context, such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe security identifier (SID) for the user\u003c/li\u003e\u003cli\u003eGroup memberships\u003c/li\u003e\u003cli\u003ePrivileges held\u003c/li\u003e\u003cli\u003eA logon ID which \u003cem\u003ereferences\u003c/em\u003e the\u003cstrong\u003e origin\u003c/strong\u003e logon session\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor example, the screenshot below shows the cached security attributes for an access token using James Forshaw’s \u003ca href=\"https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools\"\u003eTokenViewer\u003c/a\u003e:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcbe78d08b45c817d/5f3c5f43327a6201d7ebc9cf/3-cached-security-attributes-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"bltcbe78d08b45c817d\" alt=\"3-cached-security-attributes-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 3 -\u0026nbsp;TokenViewer revealing the cached security attributes stored in an access token\u003c/figcaption\u003e\u003cp\u003e\u003cspan\u003eAs discussed previously, the Authentication ID parameter, which is the key link between an access token and the logon session that it represents, contains a 64 bit LUID (logon ID) which identifies the origin logon session that this access token is associated with. Note also\u0026nbsp;that it is possible to infer a number of other conclusions about the state of this token, e.g., it is a primary token, it is not elevated (medium integrity),\u0026nbsp;\u003cspan\u003eand the user is an administrator (\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-token_elevation_type\"\u003eElevation Type\u003c/a\u003e = limited means the token is a ‘filtered’ admin token and hence UAC is enabled)\u003c/span\u003e.\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWhenever a thread \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/interaction-between-threads-and-securable-objects\"\u003eattempts to access a securable object\u003c/a\u003e managed by the Windows kernel, such as a process, thread, handle, semaphore, token, etc., Windows will perform an \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-accesscheck\"\u003eaccess check\u003c/a\u003e. To perform this check, Windows needs three pieces of information\u003csup\u003e2\u003c/sup\u003e:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eWho\u003c/strong\u003e is requesting access?\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eWhat\u003c/strong\u003e are their intentions with the object?\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eWho\u003c/strong\u003e can access the object?\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHence, Windows will first check the token associated with the calling thread and look at the authorization attributes cached in it (e.g., user sid, group memberships, privileges etc.). Secondly, Windows will look at the desired \u003ca href=\"https://docs.microsoft.com/en-gb/windows/win32/secauthz/access-rights-and-access-masks\"\u003eaccess\u003c/a\u003e requested by the thread. In the Windows security model you \u003cstrong\u003emust\u003c/strong\u003e state your intentions upfront; for performance reasons an access check only occurs \u003cem\u003eonce\u003c/em\u003e and no further checks are performed on any additional handle operations (unless a user attempts to perform an action that the handle did not have rights to, e.g., write to a read-only handle).\u0026nbsp;Thirdly, Windows will retrieve the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptors\"\u003esecurity descriptor\u003c/a\u003e for the target object. The security descriptor contains a discretionary access control list (\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists\"\u003eDACL\u003c/a\u003e) which specifies what users/groups have access to the object and the \u003cem\u003etype \u003c/em\u003eof access granted.\u0026nbsp;\u003c/p\u003e\u003cp\u003eBased on these three sources of information, Windows can give a boolean answer to whether a principal has access to a given object. This is why every process \u003cstrong\u003emust\u003c/strong\u003e have a primary token; it is the user that is “charged” for any objects that process attempts to access.\u003csup\u003e2\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eAs a note, some \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants\"\u003eprivileges\u003c/a\u003e can be thought of as simply enabling a user to bypass/skip the access check in the kernel for a given object. For example, if a token has the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess\"\u003eSeDebugPrivilege\u003c/a\u003e privilege enabled, the Windows kernel will skip the DACL checks for any process and thread objects (hence why it is so powerful).\u003csup\u003e3\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eFollowing successful authentication from an interactive logon, Windows will execute the user’s shell (normally explorer.exe) on behalf of the newly logged-on user. The operating system performs this action by using the newly minted access token to spawn explorer.exe as that user via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessasusera\"\u003eCreateProcessAsUserA\u003c/a\u003e. This function takes a handle to a token and spawns a new process as the user specified in the token (i.e., in a \u003cem\u003edifferent\u003c/em\u003e security context).\u003c/p\u003e\u003cp\u003eTypically, every process created by the user is a child of the shell process (i.e., explorer.exe)\u003csup\u003e4\u003c/sup\u003e\u0026nbsp;and every new process will (by default) run in the \u003cstrong\u003esame\u003c/strong\u003e security context as its parent; hence the child process will inherit its parent’s access token upon creation.\u003csup\u003e5\u003c/sup\u003e\u0026nbsp;Therefore, \u003cem\u003eall\u003c/em\u003e processes will inherit their \u003cem\u003eown\u003c/em\u003e local copy of an access token.\u003c/p\u003e\u003cp\u003eAs stated previously, access tokens act as a local “volatile repository” for the security settings associated with the logon session. As each process has its \u003cem\u003eown\u003c/em\u003e local copy of an access token, a process can modify the volatile security settings stored in its copy without affecting other processes.\u003csup\u003e2\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eFor example, a browser such as Chrome may want to create a \u003cem\u003erestricted\u003c/em\u003e version of its access token in order to effectively \u003ca href=\"https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md\"\u003esandbox\u003c/a\u003e the application in the event an attacker is able to exploit the browser and obtain arbitrary code execution on the compromised machine. As a consequence of the sandbox, any actions performed by the attacker will be restricted and help prevent further damage. As previously discussed, \u003cem\u003eall\u003c/em\u003e access checks in Windows make decisions based on the attributes stored in the calling thread’s token, and so by ‘hardening’ the token a developer can restrict its access.\u003c/p\u003e\u003cp\u003eThe key point is that Chrome can modify its local copy of the token \u003cem\u003ewithout\u003c/em\u003e affecting other applications. This can be achieved via APIs such as \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-adjusttokengroups\"\u003eAdjustTokenGroups\u003c/a\u003e/\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-adjusttokenprivileges\"\u003eAdjustTokenPrivileges\u003c/a\u003e, which can be used to \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/enabling-and-disabling-privileges-in-c--\"\u003edisable\u003c/a\u003e dangerous groups and privileges, respectively. Alternatively, a new restricted copy of a specified access token can be created with \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-createrestrictedtoken\"\u003eCreateRestrictedToken\u003c/a\u003e.\u0026nbsp;As an example, the relevant functionality in the chromium source code can be \u003ca href=\"https://github.com/chromium/chromium/blob/4e88a3c4fa53bf4d3622d07fd13f3812d835e40f/sandbox/win/src/restricted_token.cc#L65\"\u003efound here\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis is so important because, as discussed above, access tokens are the \u003cstrong\u003ecore\u003c/strong\u003e component of the Windows security model and so by being able to change the information cached in them, a developer can limit \u003cstrong\u003ewhat\u003c/strong\u003e securable objects a token can touch and hence restrict its access across a system.\u003c/p\u003e\u003cp\u003eThe diagram below summarizes the logon process and an example\u0026nbsp;access check for an interactive user, \u003cstrong\u003eASTRO\\cosmo\u003c/strong\u003e:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7b021068d99d5ea2/5f3c5f8760261e2e581f214f/4-logon-process-access-control-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"blt7b021068d99d5ea2\" alt=\"4-logon-process-access-control-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 4 -\u0026nbsp;An overview of the Windows logon process and access checks for an interactive logon\u003c/figcaption\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eNetwork authentication\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eHaving covered local authentication and access control, what happens under the hood when a user needs to access some resource located across the network? For example, a user could attempt to view the available shares on another host by running the following command:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blteb93047fd50346e0/5f3c5f93327a6201d7ebc9d3/5-attempt-available-shares-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"blteb93047fd50346e0\" alt=\"5-attempt-available-shares-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 5 -\u0026nbsp;Attempt to view available shares on the remote domain controller, \\\\MISTAKENOT-DC-1\u003c/figcaption\u003e\u003cp\u003eThe user’s logon session is \u003cstrong\u003eunique\u003c/strong\u003e to their workstation (as is their access token and privileges) and they cannot simply send their access token over the wire. The token would be meaningless as it \u003cem\u003edoes not\u003c/em\u003e correspond to a valid logon session on the remote host. Furthermore, this authentication mechanism would be an obvious target for replay attacks.\u003csup\u003e2\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eIn this case, the user needs to \u003cstrong\u003ere-authenticate\u003c/strong\u003e and establish a \u003cstrong\u003enew\u003c/strong\u003e logon session on the remote machine (assuming the user has access). For an interactive logon (and actually all other logon types like service, batch, etc.,\u0026nbsp;\u003cem\u003eexcept\u003c/em\u003e network\u003csup\u003e6\u003c/sup\u003e) Windows will \u003cem\u003e\u003cstrong\u003eautomatically\u003c/strong\u003e\u003c/em\u003e cache the credentials as part of the Windows single sign-on (SSO) mechanism.\u003csup\u003e7\u003c/sup\u003e\u0026nbsp;This is the intended design of the Windows SSO mechanism and prevents the user from having to constantly re-enter their password when accessing network resources.\u003c/p\u003e\u003cp\u003eAs a consequence, access tokens which link back to these types of logon sessions \u003cem\u003ecan\u003c/em\u003e authenticate to remote hosts and Windows will \u003cstrong\u003eautomatically\u003c/strong\u003e authenticate on the users behalf whenever a network resource is accessed by a thread or process.\u003csup\u003e8\u003c/sup\u003e\u0026nbsp;Note that Windows will \u003cstrong\u003ealways\u003c/strong\u003e use the credentials cached in the logon session that the access token is linked to when authenticating remotely\u0026nbsp;(e.g., Windows will find the token’s linked logon session, via the AuthId, and use the credentials cached for that logon session, as shown below).\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt985c90d304c8a2e9/5f3d9001004c131277a52a66/access-token-linked-session-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"blt985c90d304c8a2e9\" alt=\"access-token-linked-session-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cspan\u003e\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 6 - Relationship between an access token, its linked logon session, and the credentials cached for that logon session\u003c/figcaption\u003e\u003cp\u003eTherefore, in order to establish a new logon session, the SMB server will need to authenticate the client over the network. In Windows domains, network authentication is typically performed via \u003ca href=\"https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview\"\u003eKerberos\u003c/a\u003e or the legacy challenge-response protocol \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm\"\u003eNTLM\u003c/a\u003e. Irrespective of the network authentication protocol used, on receiving an authentication request the target host will forward the credential information to the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/key-distribution-center\"\u003eDC\u003c/a\u003e and, following successful authentication, establish a new \u003cem\u003enetwork\u003c/em\u003e login session for the user (i.e.,\u0026nbsp;\u003cstrong\u003ethis login\u003c/strong\u003e “\u003cstrong\u003erepresents a remote client”\u003c/strong\u003e).\u003csup\u003e2\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eNetwork logins \u003cstrong\u003edo not\u003c/strong\u003e cache credentials and therefore you cannot use this token to authenticate to another remote host.\u003csup\u003e9\u003c/sup\u003e\u0026nbsp;This is commonly referred to as the ‘double hop’ problem. Note that due to the inherent \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm\"\u003edesign\u003c/a\u003e of the NTLM challenge response protocol (e.g., the client encrypts a challenge with the user’s NTLM hash) it fundamentally does not support credential delegation.\u003c/p\u003e\u003cp\u003eMost importantly from the server’s perspective, following the successful authentication of the remote user, it is presented with a newly minted\u003cem\u003e \u003c/em\u003e\u003cstrong\u003eaccess token\u003c/strong\u003e which represents the network logon of the remote client. The diagram below illustrates this process:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc34cb1078b03baab/5f3c5fa0752d292b6ca4e534/6-network-logon-blog-windows-tokens-for-defenders.png\" data-sys-asset-uid=\"bltc34cb1078b03baab\" alt=\"6-network-logon-blog-windows-tokens-for-defenders.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 7 - The network authentication process when a user attempts to access a remote resource, such as an SMB file share\u003c/figcaption\u003e\u003cp\u003eThis neatly leads to the second key concept for Windows access tokens: \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/com/impersonation\"\u003e\u003cstrong\u003eimpersonation\u003c/strong\u003e\u003c/a\u003e. As previously mentioned, access tokens encode a wealth of information about the security context of the user and enable a handy way for developers to make “localized” changes to this context \u003cem\u003ewithout\u003c/em\u003e affecting other processes.\u003csup\u003e2\u003c/sup\u003e\u0026nbsp;However, in \u003cstrong\u003emulti-threaded\u003c/strong\u003e applications, problems and difficult-to-debug race conditions may arise if different threads start enabling/disabling different privileges or modifying default token DACLs.\u003csup\u003e2 10\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eAs a result, Windows has a feature called impersonation. By default \u003cem\u003eall\u003c/em\u003e threads will inherit the same security context as their process’s primary token. However, impersonation allows a thread to switch to a \u003cem\u003edifferent\u003c/em\u003e security context.\u0026nbsp;Specifically, it enables threads to have their own local copy of a token; known as an impersonation token.\u0026nbsp;This is the best way to remember the distinction between primary and impersonation tokens, in that impersonation tokens are always applied to threads, whereas primary tokens are associated with processes. In this way, the SMB server can handle each incoming client request in a separate thread and impersonate the access token representing the remote client.\u003c/p\u003e\u003cp\u003eAlso note that switching security context has two implications. The first is that\u0026nbsp;\u003cstrong\u003elocally\u003c/strong\u003e the thread is now impersonating a different access token, and hence any \u003cstrong\u003elocal\u003c/strong\u003e access checks will be performed using this new token. Secondly, as this impersonated token may be linked to a \u003cstrong\u003edifferent \u003c/strong\u003elogon session (and therefore potentially have \u003cem\u003edifferent\u003c/em\u003e cached credentials (if a non-network login)) the thread’s security context \u003cstrong\u003eremotely\u003c/strong\u003e is also \u003cem\u003edifferent\u003c/em\u003e. Furthermore, as we shall see in the next blog post in this series, do not always assume that the cached credentials stored in lsass \u003cstrong\u003ematch\u003c/strong\u003e the user specified in the token.\u003c/p\u003e\u003cp\u003eIn summary, from the perspective of a listening server process (say an SMB file server), the following steps must occur following a connection request from a remote client:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe user is authenticated and a new logon session is created (\u003cstrong\u003eNETWORK_ONLY\u003c/strong\u003e)\u003c/li\u003e\u003cli\u003eThe server process is presented with a handle to an impersonation token which links back to the remote client’s new\u003cstrong\u003e network logon session\u003c/strong\u003e\u003c/li\u003e\u003cli\u003eThe server can use this token to impersonate the client to perform work on their behalf\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis approach has the added benefit of making use of the existing Windows’ access control model, as all actions performed while impersonating are under the security context of the user’s identity (hence any local access check decisions will use the information cached in the impersonated user’s token). Therefore, if that user does not already have access to a specific file on a share, they will be denied access.\u003c/p\u003e\u003cp\u003eFor most of Windows’ key IPC mechanisms (e.g., named pipes, RPC, COM) this process is handled automatically. The server needs only to call the appropriate API in order to obtain a handle to the remote clients’ security context (i.e., access token) and start impersonating the client via functions such as\u003csup\u003e2\u003c/sup\u003e:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser\"\u003eImpersonateLoggedOnUser\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/combaseapi/nf-combaseapi-coimpersonateclient\"\u003eCoImpersonateClient\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcimpersonateclient\"\u003eRpcImpersonateClient\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient\"\u003eImpersonateNamedPipeClient\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://docs.microsoft.com/en-gb/windows/win32/api/ddeml/nf-ddeml-ddeimpersonateclient\"\u003eDdeImpersonateClient\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003e\u003cstrong\u003eConclusion\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eHopefully this has been an informative overview of some key concepts in Windows Security. Stay tuned for Part 2 of this blog series, where we’ll build on the concepts outlined above and cover in more depth how attackers abuse legitimate Windows \u003ca href=\"https://attack.mitre.org/techniques/T1134/\"\u003efunctionality\u003c/a\u003e to move laterally and compromise entire Active Directory domains, and how you can detect and respond to access token manipulation within your environment.\u003c/p\u003e\u003cp\u003eReady for holistic data protection with \u003ca href=\"https://www.elastic.co/security\"\u003eElastic Security\u003c/a\u003e? Try it free today, or experience our latest version on \u003ca href=\"https://www.elastic.co/elasticsearch/service\"\u003eElasticsearch Service\u003c/a\u003e on Elastic Cloud.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eReferences\u003c/h2\u003e\u003col\u003e\u003cli\u003e\u003cspan\u003eWith \u003ca href=\"https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works\"\u003eUAC\u003c/a\u003e enabled, Windows actually creates two tokens for an administrative user: a filtered user token and a ‘linked’ administrative token. Therefore, this is a slightly simplified description. For more info see: \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-1.html\"\u003ehttps://www.tiraniddo.dev/2017/05/reading-your-way...\u003c/a\u003e\u003c/span\u003e / \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-2.html\"\u003ehttps://www.tiraniddo.dev/2017/05/reading-your-way...\u003c/a\u003e / \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-3.html\"\u003ehttps://www.tiraniddo.dev/2017/05/reading-your-way...\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cem\u003eProgramming Windows Security\u003c/em\u003e, Keith Brown\u003c/span\u003e\u003ca href=\"https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-3.html\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eThis can be verified by looking at PsOpenProcess/Thread in IDA and looking for a call to SePrivilegeCheck.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eThere are many exceptions where this obviously isn’t the case, such as when OS services will execute an app on behalf of the user;\u0026nbsp;e.g., metro apps/calc in Windows 10, process creation services such as Sec Logon, Task Scheduler, WMI, etc.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eThis is true even if the thread is currently impersonating a different security context (as we will cover in the next blog post in this series). See James Forshaw’s presentation on Process Failure Modes for more info: / \u003ca href=\"https://drive.google.com/file/d/0B5sMkPVXQnfPaVB6T2N3Mk5UX28/view\"\u003ehttps://drive.google.com/file/d/0B5sMkPVXQnfPaVB6T2N3Mk5UX28/view\u003c/a\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eA full list of the available logon types can be found here under dwLogonType: \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera\"\u003ehttps://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003ca href=\"https://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/\"\u003ehttps://clymb3r.wordpress.com/2013/11/03/powershel...\u003c/a\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eIt is worth noting that this design, along with insecure legacy protocols such as NTLM, have had a long history of security issues, such as NTLM relaying, and are often still difficult to fully mitigate in complex enterprise environments.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eFor example, if during a penetration test you run mimikatz on an SMB file share for a large enterprise you will see a huge number of network logins corresponding to remote clients browsing the share with no cached credentials.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003cspan\u003eN.B The default DACL for a token specifies the default DACL that is applied to any securable object that a thread/process running with that token creates at runtime.\u003c/span\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-08-18T23:12:31.228Z","created_by":"bltc87e8bcd2aefc255","disclaimer":[],"full_bleed_image":{"uid":"blt2bc2ee0d053197c6","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-01T23:00:35.030Z","updated_at":"2020-07-01T23:00:35.030Z","content_type":"image/png","file_size":"79461","filename":"blog-banner-security-laptop.png","title":"blog-banner-security-laptop.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T15:16:43.194Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2bc2ee0d053197c6/5efd15937a4c912976093ae3/blog-banner-security-laptop.png"},"markdown_l10n":"","publish_date":"2020-08-20T18:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Introduction to Windows tokens for security practitioners","seo_description_l10n":"Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify how access tokens work in @Windows environments.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltb35dc0df9e2855a5","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-01T23:00:22.154Z","updated_at":"2020-07-01T23:00:22.154Z","content_type":"image/png","file_size":"73829","filename":"blog-thumb-security-laptop.png","title":"blog-thumb-security-laptop.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T15:16:43.194Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb35dc0df9e2855a5/5efd1586e22ca44fde3b8201/blog-thumb-security-laptop.png"},"title":"Introduction to Windows tokens for security practitioners","title_l10n":"Introduction to Windows tokens for security practitioners","updated_at":"2025-03-10T12:10:07.513Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/introduction-to-windows-tokens-for-security-practitioners","publish_details":{"time":"2025-03-10T12:10:11.122Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta36a5e1b52930f7c","_version":23,"locale":"en-us","ACL":{},"abstract_l10n":"Elasticsearch 7.10.0 is here! Featuring searchable snapshots which is the beginning journey to searchable S3, stored field compression to save up to 10% on index size, Event Query Language for security use cases, and more.","author":["blt59e7f7049d793705"],"body_l10n":"\u003cp\u003eWe're pleased to announce the release of Elasticsearch 7.10.0, based on Apache Lucene 8.7.0. Version 7.10 is the latest stable release of Elasticsearch and is now available for deployment via \u003ca href=\"/elasticsearch/service\" target=\"_self\"\u003eElasticsearch Service\u003c/a\u003e on \u003ca href=\"/cloud\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e or via \u003ca href=\"/downloads/elasticsearch\" target=\"_self\"\u003edownload\u003c/a\u003e for use in your own environment(s).\u003c/p\u003e\u003cp\u003eIf you're ready to roll up your sleeves and get started, we have the links you need:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/cloud/\" target=\"_self\"\u003eStart Elasticsearch on Elastic Cloud\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/downloads/elasticsearch\" target=\"_self\"\u003eDownload Elasticsearch\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/release-notes-7.10.0.html\" target=\"_self\"\u003eElasticsearch 7.10.0 release notes\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/breaking-changes-7.0.html\" target=\"_self\"\u003eElasticsearch 7.10.0 breaking changes\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWith today's release, our \u003ca href=\"/enterprise-search\" target=\"_self\"\u003eElastic Enterprise Search\u003c/a\u003e, \u003ca href=\"/observability\" target=\"_self\"\u003eElastic Observability\u003c/a\u003e, and \u003ca href=\"/security\" target=\"_self\"\u003eElastic Security\u003c/a\u003e solutions also received significant updates. To learn more about these updates\u0026nbsp;you might consider giving our main\u003ca href=\"/blog/whats-new-elastic-7-10-0-searchable-snapshots-lens-user-experience-monitoring\" target=\"_self\"\u003e Elastic 7.10 release\u003c/a\u003e blog a read.\u003c/p\u003e\u003ch2\u003eStore more and spend less with searchable snapshots\u003c/h2\u003e\u003cp\u003eData is growing at an exponential rate across many organizations. This is especially true for time series data like logs, metrics, traces, and security events used to observe and protect your systems. In time-series data, the most recent data ingested into Elasticsearch is what's valuable. This data drives alerting, machine learning detection, devops workflows, and monitoring security events. But keeping all of this data on high-performance instances can become very expensive if not economically feasible.\u003c/p\u003e\u003cp\u003eTo address this, we began looking at the lifecycle of data. Using features like \u003ca href=\"/blog/elastic-stack-6-6-0-released\" target=\"_self\"\u003eindex lifecycle management\u003c/a\u003e helped move data from high-performance, high-cost \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/data-tiers.html\" target=\"_self\"\u003e\"hot\" nodes to lower cost \"warm\" nodes\u003c/a\u003e with less performant disks. But what if your organization asked you to keep years of data? Could you answer the question of how many unique visitors visited your site year over year on Cyber Monday? Or how many systems a user accessed over a 5 year period for a security forensic investigation? To keep this much data on warm nodes still requires a significant financial investment. This has prompted many organizations to store some data as\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-take-snapshot.html\" target=\"_self\"\u003esnapshots\u003c/a\u003e. This isn't a perfect solution, as you still need to take the time to restore the data from a snapshot whenever you need to search.\u003c/p\u003e\u003cp\u003eIntroducing... \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/searchable-snapshots.html\" target=\"_self\"\u003esearchable snapshots\u003c/a\u003e, a new beta feature which allows you to directly search your snapshots without a restore, on low cost object stores such as AWS S3, Microsoft Azure Storage, or Google Cloud Storage without a significant impact to search performance. Balance the cost, performance and capabilities to meet your storage and search needs.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/ZsDF2rsBhcof1LcdsmZBth.jpg\" data-uuid=\"ZsDF2rsBhcof1LcdsmZBth\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"1\" style=\"width: 677;margin-top: auto;margin-right: auto;margin-bottom: auto;margin-left: auto;display: block;\" width=\"677\"/\u003e\u003c/p\u003e\u003cp\u003eSearchable snapshots power a new data tier called the\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/data-tiers.html#cold-tier\" target=\"_self\"\u003ecold tier\u003c/a\u003e. The cold tier, also in beta, is designed to dramatically reduce storage costs for your read-only data by reducing your cluster storage by up to 50% without a significant impact to performance. It maintains the same level of reliability and redundancy as your hot and warm tiers, with full support for the automatic recovery you have come to expect from Elasticsearch. Are you craving more information? Check out this \u003ca href=\"/blog/introducing-elasticsearch-searchable-snapshots\" target=\"_self\"\u003esearchable snapshots introduction\u003c/a\u003e blog for more information.\u003c/p\u003e\u003ch2\u003eBolstering Elasticsearch's security chops with EQL\u003c/h2\u003e\u003cp\u003eIn 7.9, we \u003ca href=\"/blog/whats-new-elasticsearch-7-9-0\" target=\"_self\"\u003eannounced\u003c/a\u003e Event Query Language (EQL), a new experimental query language. \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.x/eql-search-api.html\" target=\"_self\"\u003eEQL\u003c/a\u003e\u0026nbsp;has been used for years within Endgame to help you get a holistic view of a system for threat investigation, identification, and prevention. These same unique capabilities used within the security space have now been brought to Elasticsearch, and in 7.10, EQL in Elasticsearch is now in beta for use cases such as observability and other time-series data.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7b3c6e098bd9c247/5fa9b95342256d5ffdf419bd/eql-final.gif\" data-sys-asset-uid=\"blt7b3c6e098bd9c247\" alt=\"eql-final.gif\"/\u003e\u003c/p\u003e\u003cp\u003eA great way to understand EQL is to consider a home security analogy. Entering the house through any doorway to the home is not considered suspicious even if it's late at night. However, a person entering the house from the front door and from the back door at the same time raises questions because it would be impossible to be in two places at once. It may also be suspicious if someone enters the house after failing to use 90 different keys to open the front door in under a minute \u0026lt;wink\u0026gt;.\u003c/p\u003e\u003cp\u003eEQL is designed to easily take an event (front door opening) and correlate other events or sequence of events (entering through the back door or window, forced entry, etc), to draw conclusions on the state of the system. These events can be correlated over a span of time to find new insights such as 90 previously failed attempts before gaining entry to the home. You can read an introduction to EQL\u0026nbsp;\u003ca href=\"/blog/introducing-event-query-language\" target=\"_self\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003eElasticsearch 7.10 will be smaller, in a big way\u003c/h2\u003e\u003cp\u003eOur initial benchmarks have reported space reductions of up to 10% using a new stored field compression! This is big news, especially for organizations paying for storing and maintaining petabytes of data. Indices created by our \u003ca href=\"/observability\" target=\"_self\"\u003eElastic Observability\u003c/a\u003e and \u003ca href=\"/security\" target=\"_self\"\u003eElastic Security\u003c/a\u003e solutions will see the greatest savings due to the repetitive nature of the data they typically hold. To learn more about stored field compression and how you can save up to 10% on index size, be on the look out for stored field compression blog overview being released shortly.\u003c/p\u003e\u003ch2\u003eElasticsearch performance improvements\u003c/h2\u003e\u003cp\u003eElastic has been on a mission to continually improve search aggregation performance and memory efficiencies. In \u003ca href=\"/blog/elasticsearch-7-8-0-released\" target=\"_self\"\u003e7.8\u003c/a\u003e, we reduced aggregation memory consumption by maintaining serialized results, and in \u003ca href=\"/blog/whats-new-elasticsearch-7-9-0\" target=\"_self\"\u003e7.9\u003c/a\u003e we increased the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/search-settings.html#search-settings-max-buckets\" target=\"_self\"\u003esearch.max_buckets\u003c/a\u003e limit to 65,535. The Elasticsearch team has continued this work in 7.10, specifically targeting the coordinator node and the request-level circuit breaker to improve performance and memory tracking of \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/search-aggregations-metrics-cardinality-aggregation.html\" target=\"_self\"\u003ecardinality\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/search-aggregations-bucket.html\" target=\"_self\"\u003ebucket aggregation\u003c/a\u003e. \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/search-aggregations-bucket-datehistogram-aggregation.html\" target=\"_self\"\u003eDate histogram aggregation\u003c/a\u003e performance has also been improved by 50% by precomputing date ranges.\u003c/p\u003e\u003ch2\u003eElasticsearch functional and usability enhancements\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt94e1cb58b5fbb532/5fa9b9ef42256d5ffdf419c9/quote-heraclitus-no-person-ever-steps-in-the-same-river-twice.png\" data-sys-asset-uid=\"blt94e1cb58b5fbb532\" alt=\"quote-heraclitus-no-person-ever-steps-in-the-same-river-twice.png\"/\u003e\u003c/p\u003e\u003ch3\u003ePoint in time reader\u003c/h3\u003e\u003cp\u003eNo person ever steps in the same river twice, since it's not the same river and it's not the same person... unless you have \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/point-in-time-api.html\" target=\"_self\"\u003epoint in time reader\u003c/a\u003e. When querying an index in Elasticsearch, you are essentially searching for data at a given point of time. If your query returns the top 10% results, how do you query the other 90%? With an index that is constantly changing as in most observability and security use cases, sending another query will return a different result because the index or data has already changed. Point in time reader gives you the ability to repeatedly query an index at the state it was at at a given point in time. The point in time reader already serves the EQL query language, and we expect to use it for many other use cases in the future.\u003cbr /\u003e\u003c/p\u003e\u003ch3\u003eCase insensitivity\u003c/h3\u003e\u003cp\u003eIn 7.10 we have added a\u0026nbsp;case insensitivity\u0026nbsp;parameter to term, prefix and wildcard queries. This change makes it much easier to search for e.g. ‘china’ or ‘China’. Security and observability use cases frequently require case insensitive search, and the introduction of the case insensitive parameter to the query will alleviate the need to use regular expressions to indicate a criteria that includes all possible capitalization permutations.\u003c/p\u003e\u003ch3\u003eUnsigned 64 bits integer\u003c/h3\u003e\u003cp\u003eThe time for \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/number.html#number\" target=\"_self\"\u003e64 bit integers\u003c/a\u003e is now! Elasticsearch now supports unsigned 64 bit integers. This new numeric type supports very large positive integers from 0 to 264-1. This is particularly useful for system-generated data, such as counters from routers or Windows registry events. Note that aggregations will still work on the nearest double. This is great news if you work with finance, security and network performance data.\u003c/p\u003e\u003ch3\u003eVersion data type\u003c/h3\u003e\u003cp\u003eHow can you search across software versions where the numeric value is semantic? \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/version.html\" target=\"_self\"\u003eVersion datatype\u003c/a\u003e is a specialization of the keyword field to handle software version values and to support specialized precedence rules for them based on semantic versioning. For example, major, minor, and patch versions are sorted numerically (\"2.1.0\" \u0026lt; \"2.4.1\" \u0026lt; \"2.11.2\"), and pre-release versions are sorted before releases (\"1.0.0-alpha \u0026lt; \"1.0.0\").\u003c/p\u003e\u003ch3\u003eNew aggregations\u003c/h3\u003e\u003cp\u003eIn addition to the aggregations we added in \u003ca href=\"/blog/elasticsearch-7-8-0-released\" target=\"_self\"\u003e7.8\u003c/a\u003e, we are introducing two new aggregations! Histograms: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-metrics-max-aggregation.html#search-aggregations-metrics-max-aggregation-histogram-fields\" target=\"_self\"\u003emin/max aggregations on histogram fields\u003c/a\u003e, and hard bounds for histogram aggregations. The histogram datatype is useful for handling high volume numeric data, which is frequently aggregated where it is produced, allowing for a more space-efficient Elasticsearch index. For example, Elastic APM could roll up histogram data or sum it up in one structure to reduce the amount of data being sent from the APM agent into Elasticsearch. Being able to aggregate on the histogram enables supports new scenarios.\u003c/p\u003e\u003cp\u003eThe 2nd aggregation is \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-metrics-rate-aggregation.html\" target=\"_self\"\u003erate metrics aggregation\u003c/a\u003e, which is used inside a date_histogram and calculates the rate of occurrences of a specified field within a bucket of a date_histogram aggregation. Previously, it was harder to calculate the rate, but since rate is a basic piece of information when analyzing time series data, we thought it would be valuable to make it easier. This is one of many such adaptations we are making to verify that it is easy and intuitive to use the Elasticsearch generic search and analytics engine on time series data.\u003c/p\u003e\u003ch3\u003eNew ingest node pipeline UI\u003c/h3\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1155c42dc8e2f74/5fa9ba656f82405d9a4aaa81/ingest_node_pipelines_demo.gif\" data-sys-asset-uid=\"bltc1155c42dc8e2f74\" alt=\"ingest_node_pipelines_demo.gif\"/\u003e\u003c/p\u003e\u003cp\u003eIt is easier to debug your ingest flow with the new ingest node pipeline UI. Added visual cues and pipeline tests allow you to easily step through the execution flow. Viewing error messages from the output can help you identify what actions are needed to ensure your documents will work properly with your ingest processors.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eMachine Learning\u003c/h2\u003e\u003ch3\u003eAUC ROC metric for evaluating your classification machine learning models\u003c/h3\u003e\u003cp\u003eWe have added area under the curve of receiver operating characteristic (AUC ROC) as an evaluation metric for classification analysis. This is a common evaluation metric to know how well your models perform.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch3\u003eCustom feature processor in data frame analytics\u003c/h3\u003e\u003cp\u003eNew field in data frame analytics allows you to supply your own feature transformations and processors that are applied before training, which are applied automatically at inference time. This allows you to do a last step feature transformation for any data row before giving it to analytics.\u003c/p\u003e\u003ch2\u003eThat's All Folks…\u003c/h2\u003e\u003cp\u003e7.10 is a huge release for Elasticsearch and we couldn't cover all of it within this blog. Be sure to check out more by reading the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/release-highlights.html\" target=\"_self\"\u003erelease highlights\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eReady to get your hands dirty? Spin up a 14-day free trial of \u003ca href=\"/cloud/\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e or \u003ca href=\"/downloads/elasticsearch\" target=\"_self\"\u003edownload Elasticsearch\u003c/a\u003e today. Try it out, and be sure to let us know what you think on Twitter (\u003ca href=\"https://twitter.com/elastic\" target=\"_self\"\u003e@elastic\u003c/a\u003e) or in \u003ca href=\"https://discuss.elastic.co/c/elasticsearch\" target=\"_self\"\u003eour forum\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-11-05T23:51:41.746Z","created_by":"blt34e7f499d15c5bd0","disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt524d5ee0222d5354","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:36.948Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"54225","filename":"blog-banner-release-elasticsearch.png","parent_uid":null,"tags":[],"title":"blog-banner-release-elasticsearch.png","updated_at":"2021-01-26T17:45:10.329Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-02-03T15:47:40.504Z","user":"bltde77f2161b811714"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt524d5ee0222d5354/601055260cb0aa0ffcdd590e/blog-banner-release-elasticsearch.png"},"markdown_l10n":"","publish_date":"2020-11-11T17:04:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch 7.10.0 released","seo_description_l10n":"Elasticsearch 7.10.0 is here! Featuring searchable snapshots which is the beginning journey to searchable S3, stored field compression to save up to 10% on index size, Event Query Language for security use cases, and more.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4f7e02463a803fc1","ACL":{},"created_at":"2023-11-06T20:35:19.646Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-native","label_l10n":"Cloud native","tags":[],"title":"Cloud native","updated_at":"2023-11-06T20:35:19.646Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:35:54.838Z","user":"blt06083bb707628f5c"}},{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"blt8c2b608c10eb1fd8","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:42.964Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"51730","filename":"blog-thumb-release-elasticsearch.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-elasticsearch.png","updated_at":"2022-02-11T21:03:50.956Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.895Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c2b608c10eb1fd8/601055106215cf0f9a18d799/blog-thumb-release-elasticsearch.png"},"title":"Elasticsearch 7.10.0 released","title_l10n":"Elasticsearch 7.10.0 released","updated_at":"2025-03-10T12:06:56.183Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/whats-new-elasticsearch-7-10-0-searchable-snapshots-store-more-for-less","publish_details":{"time":"2025-03-10T12:07:00.829Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltde557cd7dddc2b40","_version":24,"locale":"en-us","ACL":{},"abstract_l10n":"This blog teaches security practitioners how attackers abuse legitimate Windows functionalities to move laterally and compromise Active Directory domains.","author":["bltc2baef8dab82b56d"],"body_l10n":"\u003cp\u003eIn our previous blog post on \u003ca href=\"https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners\"\u003eWindows access tokens for security practitioners\u003c/a\u003e, we covered:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eThe relationship between logon sessions and access tokens\u003c/li\u003e\u003cli aria-level=\"1\"\u003eHow network authentication works in Windows environments\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHaving covered some of the key concepts in Windows security, we will now build on this knowledge and start to look at how attackers can abuse legitimate Windows functionality to move laterally and compromise Active Directory domains.\u003c/p\u003e\u003cp\u003eThis blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) where possible. As a consequence, there may be instances where behaviour unique to these protocols differs with the behavior described below. It also assumes some basic understanding of the Kerberos authentication protocol\u003csup\u003e1\u003c/sup\u003e.\u003c/p\u003e\u003cp\u003eAdditionally, the material covered in this blog series was used for a BlackHat 2020 presentation, “Detecting Access Token Manipulation”. The presentation can be found \u003ca href=\"https://www.youtube.com/watch?v=RMVyYvt0bLY\"\u003ehere\u003c/a\u003e and the slides \u003ca href=\"https://i.blackhat.com/USA-20/Thursday/us-20-Burgess-Detecting-Access-Token-Manipulation.pdf\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eAccess Token Manipulation (ATT\u0026amp;CK technique: T1134)\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eHaving explained the basic principles of how logon sessions and access tokens work in \u003ca href=\"https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners\"\u003eour previous blog post\u003c/a\u003e, both locally and for distributed applications, this section will explain how attackers can abuse access tokens and target the fundamental trust relationships in Windows domains to compromise entire networks. The aim of this section is to describe access token manipulation \u003ca href=\"https://attack.mitre.org/techniques/T1134/\"\u003etechniques\u003c/a\u003e used by attackers within the \u003cem\u003econtext\u003c/em\u003e of a simulated compromise.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAs a note, there is already an extensive body of excellent research on access token manipulation (which will be linked to liberally throughout this post). This blog attempts to build on this body of knowledge via considering access token manipulation from a different approach, namely through the relationship between access tokens, logon sessions and cached credentials. In the author's opinion, any description of token manipulation without considering these relationships represents only the tip of the iceberg. As a consequence, this blog’s definition of access token manipulation is perhaps much broader than commonly understood.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eInitial compromise\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eIn the event that an attacker obtains a foothold in a network via spear phishing, they will typically end up with a shell running in the \u003cem\u003esecurity context\u003c/em\u003e of the compromised user. This could be achieved via spawning a new process or injecting directly into memory (depending on the payload), but the end result is the same: the attacker’s code is running in a process which has an access token belonging to the compromised user.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis means that any \u003cstrong\u003elocal access checks \u003c/strong\u003ewill use the compromised user’s access token and any \u003cstrong\u003eremote authentication attempts\u003c/strong\u003e will use the compromised user’s cached credentials\u003csup\u003e2\u003c/sup\u003e. Hence, the attacker can, both locally and across the network, perform \u003cem\u003eall\u003c/em\u003e the actions that the compromised user can. For example, if any internal web applications use Windows SSO, an attacker will be able to access them as if they were the user.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eToken Manipulation: The ‘Art of the possible’\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eTypically, an attacker will want to move from the compromised endpoint to another host \u003cem\u003eas quickly as possible\u003c/em\u003e\u003csup\u003e3\u003c/sup\u003e. When considering \u003cstrong\u003elateral movement\u003c/strong\u003e from a token manipulation perspective, the attacker effectively has three options\u003csup\u003e4\u003c/sup\u003e, each of which is constrained by the fundamental relationship between access tokens, logon sessions, and cached credentials, as illustrated below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdcd5a4e605d40114/6075bee21898af75a401bc49/1-access-tokens-logon-sessions-blog-access-token-manipulation.png\" data-sys-asset-uid=\"bltdcd5a4e605d40114\" alt=\"1-access-tokens-logon-sessions-blog-access-token-manipulation.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 1 - The relationship between access tokens, logon sessions and cached credentials\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIf an attacker wants to move laterally via Windows SSO then all of these three links must be in place (e.g., they have a handle to a token which is linked to a logon session backed by their target credentials). Otherwise, an attacker’s freedom of movement relies on either \u003cstrong\u003ecreating\u003c/strong\u003e new links (e.g., new logon sessions) or \u003cstrong\u003emodifying\u003c/strong\u003e existing ones (e.g., changing cached credentials or the logon session that their access token points to). These constraints are discussed in more detail in the three options below:\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e1. Steal the token of an already logged-on privileged user (non-network logon)\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIf another privileged user is already logged on to the compromised host, an attacker can escalate their privileges and obtain a handle to an access token representing this user. Irrespective of whether the attacker impersonates the stolen token or starts a new process, if that token is linked to a \u003cem\u003enon-network\u003c/em\u003e logon session, it will have cached credentials, and hence the attacker can auth off the box to another host\u003csup\u003e5\u003c/sup\u003e. Hence, this technique allows an attacker to use another user’s credentials to access remote hosts across the network (via Windows SSO), and therefore pivot without needing to dump credentials\u003csup\u003e6\u003c/sup\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAs a note, token manipulation attacks generally relate to two distinct objectives: moving laterally (which this blog is concerned with) and local privilege escalation\u003csup\u003e7\u003c/sup\u003e. Token theft \u003cem\u003etends\u003c/em\u003e to be associated with the latter (e.g., stealing/impersonating a token for the purpose of bypassing \u003cstrong\u003elocal access checks,\u003c/strong\u003e rather than for the purpose of using the cached credentials for remote authentication) and so this blog will not discuss it in any further detail, but the following resources are useful further reading:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b\"\u003ehttps://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b\u003c/a\u003e\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/\"\u003ehttps://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/\u003c/a\u003e\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003ca href=\"https://labs.f-secure.com/assets/BlogFiles/mwri-security-implications-of-windows-access-tokens-2008-04-14.pdf\"\u003ehttps://labs.f-secure.com/assets/BlogFiles/mwri-security-implications-of-windows-access-tokens-2008-04-14.pdf\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003e2. Create a new logon session with stolen credentials and impersonate the returned token or spawn a new process with it\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn this case, there is no privileged user already logged on (and hence no corresponding \u003cstrong\u003euseful\u003c/strong\u003e access token/logon session), but the attacker still needs to find a way to \u003cem\u003echange their security context\u003c/em\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eHence, the attacker must find credentials elsewhere and use these stolen credentials to create a \u003cstrong\u003enew\u003c/strong\u003e logon session as the compromised user. \u003ca href=\"https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners\"\u003eAs Windows will automatically cache credentials for certain logon types\u003c/a\u003e, the attacker can now obtain a newly minted access token which is backed up by the stolen credentials. Once the attacker has a handle to a token representing the compromised user, they can authenticate off the box making use of the standard Windows SSO process.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTypically, plain text credentials are found by attackers via either \u003ca href=\"https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1\"\u003eKerberoasting\u003c/a\u003e or searching for unsecured plain text credentials across all accessible resources, such as network shares, Sharepoint, internal wikis, enterprise GitHub, Zendesk, etc.\u003csup\u003e8\u003c/sup\u003e\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e3. Change the cached credentials associated with their current access token to stolen credentials (e.g., legitimately via an API or “illegitimately” by \u003c/strong\u003e\u003cem\u003e\u003cstrong\u003edirectly modifying\u003c/strong\u003e\u003c/em\u003e\u003cstrong\u003e lsass memory)\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn this scenario, rather than create a new logon session, the attacker modifies the cached credentials associated with their current access token (and hence logon session). As we shall see, many Windows \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/rpc/security-support-providers-ssps-\"\u003eSecurity Support Providers\u003c/a\u003e (SSPs) provide native ways to do this (and which \u003cstrong\u003edo not\u003c/strong\u003e\u003cem\u003e \u003c/em\u003erequire elevated privileges).\u0026nbsp;\u003c/p\u003e\u003cp\u003eAlternatively, attackers can go the “direct” route and \u003cstrong\u003emanually\u003c/strong\u003e modify cached credentials stored in lsass. This requires elevated privileges in order to obtain a write handle (e.g., \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights\"\u003ePROCESS_VM_WRITE\u003c/a\u003e) to lsass via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess\"\u003eOpenProcess\u003c/a\u003e. This is typical of pass-the-hash type attacks as we shall cover later on.\u003c/p\u003e\u003ch2\u003eAccess Token Manipulation\u0026nbsp;attacks\u003c/h2\u003e\u003cp\u003eThis blog post will look at four common techniques\u0026nbsp;used by attackers (all of which can be classified as variations of option 3 above):\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eThe NETONLY flag\u003c/li\u003e\u003cli aria-level=\"1\"\u003ePass-The-Ticket\u003c/li\u003e\u003cli aria-level=\"1\"\u003ePass-The-Hash\u003c/li\u003e\u003cli aria-level=\"1\"\u003eOverpass-The-Hash\u003c/li\u003e\u003c/ul\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e1. The NETONLY flag\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe Windows API provides the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonuserw\"\u003eLogonUser\u003c/a\u003e function to create a new logon session for a given user (or principal)\u003csup\u003e9\u003c/sup\u003e:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL LogonUserW(\u003cbr /\u003e LPCWSTR lpszUsername,\u003cbr /\u003e LPCWSTR lpszDomain,\u003cbr /\u003e LPCWSTR lpszPassword,\u003cbr /\u003e DWORD dwLogonType,\u003cbr /\u003e DWORD dwLogonProvider,\u003cbr /\u003e PHANDLE phToken\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe key parameter to take note of here is the \u003cstrong\u003edwLogonType\u003c/strong\u003e, which specifies the \u003cem\u003etype\u003c/em\u003e of logon to perform. For example, in the case of a user physically logging into their workstation, it will be set to \u003cstrong\u003eLOGON32_LOGON_INTERACTIVE\u003c/strong\u003e. The logon type specified will determine the \u003cem\u003etype\u003c/em\u003e and \u003cem\u003eprivileges\u003c/em\u003e of the token returned.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, in the case of an interactive logon, LogonUserW will return a primary access token, and, if UAC is \u003cem\u003eenabled\u003c/em\u003e, this token will be a filtered token (meaning it will be medium integrity and \u003ca href=\"https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works\"\u003eunelevated\u003c/a\u003e). This has one exception: if the user is a local administrator account (e.g., a *-500 \u003ca href=\"https://support.microsoft.com/en-gb/help/243330/well-known-security-identifiers-in-windows-operating-systems\"\u003eSID\u003c/a\u003e) Windows will automatically return an elevated token\u003csup\u003e10\u003c/sup\u003e.\u003c/p\u003e\u003cp\u003eIn the case of a network logon (\u003cstrong\u003eLOGON32_LOGON_NETWORK\u003c/strong\u003e), an \u003cem\u003eimpersonation\u003c/em\u003e token is returned (as typically this would be used by a server to perform work on the remote clients behalf). Furthermore, if the user is in the local administrators group, the token is elevated and has \u003cem\u003eall\u003c/em\u003e privileges enabled\u003csup\u003e11\u003c/sup\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThese permutations of LogonUser\u0026nbsp;are captured in the table below:\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003edwLogonType\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eToken returned\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCache credentials?\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eIs returned token elevated? (if admin)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eInteractive (\u003cstrong\u003eLOGON32_LOGON_INTERACTIVE\u003c/strong\u003e)\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePrimary\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eYes\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNo (UAC applies)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eInteractive (Local admin account, e.g., rid-500)\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePrimary\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eYes\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eYes\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eNetwork (\u003cstrong\u003eLOGON32_LOGON_NETWORK\u003c/strong\u003e)\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eImpersonation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNo\u003csup\u003e12\u003c/sup\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eYes (+ \u003cem\u003eall\u003c/em\u003e privileges enabled)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eNetwork (Local admin account, e.g., rid-500\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eImpersonation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNo\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDepends on remote UAC settings\u003csup\u003e13\u003c/sup\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cfigcaption\u003eTable 1 - The permutations of LogonUser for the corresponding dwLogonType\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe key point is that LogonUser returns a handle to a \u003cstrong\u003enewly minted token\u003c/strong\u003e, which can now be used for impersonation.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIf the token returned is a \u003cstrong\u003eprimary\u003c/strong\u003e token it must first be converted in to an impersonation token via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex\"\u003eDuplicateTokenEx\u003c/a\u003e by passing a \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-token_type\"\u003eTokenType\u003c/a\u003e of TokenImpersonate\u003csup\u003e14\u003c/sup\u003e:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL DuplicateTokenEx(\u003cbr /\u003e HANDLE hExistingToken,\u003cbr /\u003e DWORD dwDesiredAccess,\u003cbr /\u003e LPSECURITY_ATTRIBUTES lpTokenAttributes,\u003cbr /\u003e SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\u003cbr /\u003e TOKEN_TYPE TokenType,\u003cbr /\u003e PHANDLE phNewToken\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003eThe \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-setthreadtoken\"\u003eSetThreadToken\u003c/a\u003e function can then be used to assign the returned impersonation token to the current thread:\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL SetThreadToken(\u003cbr /\u003e PHANDLE Thread,\u003cbr /\u003e HANDLE Token\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAlternatively, the Windows API provides the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser\"\u003eImpersonateLoggedOnUser\u003c/a\u003e function, which will allow the calling thread to impersonate the \u003cem\u003esecurity context\u003c/em\u003e of the user represented by the token passed:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL ImpersonateLoggedOnUser(\u003cbr /\u003e HANDLE hToken\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eImpersonateLoggedOnUser has the added benefit that it will automatically check the type of the token passed and convert it to an impersonation token (via \u003ca href=\"https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntduplicatetoken\"\u003eNtDuplicateToken\u003c/a\u003e) if a primary token was passed (as this token type\u003cem\u003e \u003c/em\u003ecannot\u003cem\u003e \u003c/em\u003ebe used by a thread to impersonate)\u003csup\u003e15\u003c/sup\u003e.\u003c/p\u003e\u003cp\u003eNote that from a defense evasion perspective, both these impersonation APIs are lightweight wrappers over the undocumented syscall \u003ca href=\"http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Thread/NtSetInformationThread.html\"\u003eNtSetInformationThread\u003c/a\u003e (e.g., called with a \u003ca href=\"https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm\"\u003eThreadInformationClass\u003c/a\u003e of \u003ca href=\"http://undocumented.ntinternals.net/index.html?page=UserMode/Undocumented%20Functions/NT%20Objects/Thread/THREAD_INFORMATION_CLASS.html\"\u003eThreadImpersonationToken\u003c/a\u003e). Therefore, they are a good target for attackers to use direct syscalls to bypass user-mode hooks via techniques such as \u003ca href=\"https://github.com/jthuraisamy/SysWhispers\"\u003ehttps://github.com/jthuraisamy/SysWhispers\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFurthermore, it is important to stress that Windows has strict rules around impersonation. These are listed below and taken from the MSDN page for \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser\"\u003eImpersonateLoggedOnUser\u003c/a\u003e:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eAll impersonate functions, including ImpersonateLoggedOnUser allow the requested impersonation if one of the following is true:\u003cbr /\u003e - The requested impersonation level of the token is less than SecurityImpersonation, such as SecurityIdentification or SecurityAnonymous\u003cbr /\u003e - The caller has the SeImpersonatePrivilege privilege.\u003cbr /\u003e - A process (or another process in the caller’s logon session) created the token using explicit credentials through LogonUser or LsaLogonUser function.\u003cbr /\u003eThe authenticated identity is the same as the caller\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAdditionally, the impersonated token’s integrity level must also be less or equal to the calling process’s integrity level or else the impersonation call will also fail\u003csup\u003e16\u003c/sup\u003e. Therefore, assuming an \u003cstrong\u003eunelevated\u003c/strong\u003e attacker logs on an admin user \u003cem\u003einteractively\u003c/em\u003e via stolen credentials, and UAC is enabled, they will receive an unelevated (e.g., filtered) token back and hence will have no issues impersonating the returned user and moving laterally, etc.\u003cbr /\u003e\u003c/p\u003e\u003ch4\u003e“The curious /NETONLY flag”\u003csup\u003e17\u003c/sup\u003e\u003c/h4\u003e\u003cp\u003eAn attacker may find however that attempting to log on a user with stolen credentials \u003cstrong\u003efails.\u003c/strong\u003e This may be due to a multitude of reasons, such as the credentials are valid, but the account does not have permissions to log onto that specific workstation / they’re only valid in a different domain, etc.\u003cstrong\u003e \u003c/strong\u003eFurthermore,\u003cstrong\u003e \u003c/strong\u003ethe attacker may also want to avoid logging in a highly privileged account entirely, as this may appear highly anomalous in certain contexts (e.g., a domain admin logging on to a low privileged business user’s host should be incredibly suspicious).\u003csup\u003e18\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eIn this scenario the \u003cstrong\u003eLOGON32_LOGON_NEW_CREDENTIALS\u003c/strong\u003e flag comes to the attacker’s rescue. If an attacker calls the LogonUserW function with this flag and passes a valid set of credentials (say found from sniffing around on file shares), Windows will enable the caller to duplicate their current token but make it point to a \u003cstrong\u003enew\u003c/strong\u003e logon session, referred to as a New Credentials logon session, which caches the stolen credentials. As a result, the user still has the same security context \u003cem\u003elocally \u003c/em\u003e(e.g., they still have a copy of the \u003cstrong\u003esame\u003c/strong\u003e access token; it just points to a \u003cstrong\u003enew\u003c/strong\u003e logon session),\u0026nbsp;however, any attempts to authenticate remotely will supply the new credentials passed in the call to LogonUserW\u003csup\u003e19\u003c/sup\u003e. This is illustrated in the diagram below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt48a9085f9cadcc41/6075bf781898af75a401bc4d/2-logon-new-credentials-blog-access-token-manipulation.gif\" data-sys-asset-uid=\"blt48a9085f9cadcc41\" alt=\"2-logon-new-credentials-blog-access-token-manipulation.gif\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 2 - How the LOGON32_LOGON_NEW_CREDENTIALS flag works under the hood\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eHence, the \u003cstrong\u003eLOGON32_LOGON_NEW_CREDENTIALS\u003c/strong\u003e flag provides a native mechanism to make your current access token point to a \u003cem\u003edifferent\u003c/em\u003e logon session and hence \u003cem\u003edifferent \u003c/em\u003ecredentials.\u003csup\u003e20\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eNote, that calling LogonUserW with the LOGON32_LOGON_NEW_CREDENTIALS flag \u003cstrong\u003edoes not\u003c/strong\u003e validate the credentials when the call is made (they can be complete junk), but are only validated by a Domain Controller at the time of any remote authentication requests.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAs a further example, a quick review of the \u003ca href=\"https://github.com/cobbr/Covenant/blob/5b90f203c2e42c0f0e5607653c71f6fc452adaab/Covenant/Data/Tasks/SharpSploit.Credentials.yaml#L13-L48\"\u003ecode\u003c/a\u003e for the ‘MakeToken’ task from the open source .NET C2 framework Covenant reveals exactly the same approach: it takes a username/password combination and creates a new logon session/token with them via passing the \u003cstrong\u003eLOGON32_LOGON_NEW_CREDENTIALS\u003c/strong\u003e flag before proceeding to impersonate the returned token.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFurthermore, you can replicate the exact same behaviour with \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw\"\u003eCreateProcessWithLogonW\u003c/a\u003e by passing a dwLogonFlags of \u003cstrong\u003eLOGON_NETCREDENTIALS_ONLY\u003c/strong\u003e.\u003csup\u003e21\u003c/sup\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL CreateProcessWithLogonW( \u003cbr /\u003e LPCWSTR lpUsername,\u003cbr /\u003e LPCWSTR lpDomain,\u003cbr /\u003e LPCWSTR lpPassword,\u003cbr /\u003e DWORD dwLogonFlags,\u003cbr /\u003e LPCWSTR lpApplicationName,\u003cbr /\u003e LPWSTR lpCommandLine,\u003cbr /\u003e DWORD dwCreationFlags,\u003cbr /\u003e LPVOID lpEnvironment,\u003cbr /\u003e LPCWSTR lpCurrentDirectory,\u003cbr /\u003e LPSTARTUPINFOW lpStartupInfo,\u003cbr /\u003e LPPROCESS_INFORMATION lpProcessInformation\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe key difference is that this involves spawning a new process with the returned token, as opposed to the intra process impersonation discussed previously. In fact, the built in Windows utility, runas, is a simple wrapper around CreateProcessWithLogonW and the \u003cstrong\u003e/NETONLY\u003c/strong\u003e flag provides a native way to spawn a new process with different network-only credentials, as demonstrated below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc8ce4c6cedfdd854/6075c0c249eb2079fbffc7b4/3-using-the-runas-blog-access-token-manipulation.png\" data-sys-asset-uid=\"bltc8ce4c6cedfdd854\" alt=\"3-using-the-runas-blog-access-token-manipulation.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 3 - Example of using the runas /NETONLY flag to spawn a new process as the user astro\\cosmo but with \u003cem\u003edifferent\u003c/em\u003e cached credentials.\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIn exactly the same way as previously described, the new command prompt appears locally to be running as the same user (i.e., the attributes cached in the token are the same for any \u003cstrong\u003elocal\u003c/strong\u003e access checks; hence whoami returns ‘astro\\cosmo’), but any remote authentication attempts will be performed using the stolen credentials for the ‘ASTRO\\Administrator’ user.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThese logon sessions can be viewed using SysInternals’ \u003ca href=\"https://docs.microsoft.com/en-us/sysinternals/downloads/logonsessions\"\u003eLogonSessions\u003c/a\u003e tool. Logon sessions that were created with the NewCredentials flag can be determined by the Logon type field as shown below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf1ed1a3700d155ad/6075c154f684ae78caa308cc/4-logon-session-blog-access-token-manipulation.png\" data-sys-asset-uid=\"bltf1ed1a3700d155ad\" alt=\"4-logon-session-blog-access-token-manipulation.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 4 - Example of a NewCredentials logon session which is typically generated by the NETONLY flag\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eFurthermore, anomalous NewCredentials logon sessions (e.g., produced via the NETONLY gadget) leave artifacts in the Windows event logs. These can be identified via the event id 4642 and a LogonType of 9. An example is shown in the image below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte4598ff799d5c1a9/6075c1bdd0dd26715b4a7bb8/5-windows-event-log-blog-access-token-manipulation.png\" data-sys-asset-uid=\"blte4598ff799d5c1a9\" alt=\"5-windows-event-log-blog-access-token-manipulation.png\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 5 - Example of a Windows Event Log for Event ID 4624 which is typically generated by the NETONLY flag\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eNote that the original user is shown by the SubjectUserName field and the specified network only credentials (e.g., the credentials passed) are displayed in the TargetOutboundUser/DomainName fields.\u003csup\u003e22\u003c/sup\u003e\u003c/p\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003ch4\u003e\u003cstrong\u003eAuto-elevation\u003c/strong\u003e\u003c/h4\u003e\u003cp\u003eOne further quirk from a local privilege escalation perspective is that for rid-500 accounts, \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw\"\u003eCreateProcessWithLogonW\u003c/a\u003e will automatically elevate the returned token for interactive logons (e.g. it will ignore UAC). Therefore, \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw\"\u003eCreateProcessWithLogonW\u003c/a\u003e can be passed a local/domain admin account in order to execute an \u003cstrong\u003eelevated process from a medium/unelevated context\u003c/strong\u003e.\u003c/p\u003e\u003cp\u003eThis behavior can be verified using runas. For example, when runas is used to spawn a process using a local admin account (e.g., runas /user:\"Administrator\" cmd.exe), the resulting process will be elevated (e.g., high integrity). However, when a non rid-500 account is used (but which is still in the local administrators group) the resulting process will be unelevated (e.g., it will be a filtered token / medium integrity).\u003c/p\u003e\u003cp\u003eNotice that this behaviour is consistent with the permutations listed for LogonUserW in Table 1. Therefore, an unelevated attacker could also log on a (non rid-500) admin user as a network logon and receive an elevated token with all privileges enabled.\u003c/p\u003e\u003cp\u003eHowever, as per the impersonation rules previously outlined, the attacker should not actually be able to \u003cem\u003edo anything\u003c/em\u003e with this token as any attempts to impersonate the elevated token should fail, as it has a higher integrity level than the caller. Nevertheless, it is actually possible to duplicate the elevated token, lower the integrity level of the copied token to medium (NB ‘isElevated’ is still true)\u003csup\u003e23\u003c/sup\u003e, and start impersonating the elevated token from an unelevated/medium integrity context\u003csup\u003e24\u003c/sup\u003e. Hence, from an impersonation token perspective, you can bypass the default Windows behaviour of only elevating certain accounts and impersonate an elevated token irrespective of whether the account is a rid-500 account or not.\u003c/p\u003e\u003ch4\u003e\u003cstrong\u003eProcess creation\u003c/strong\u003e\u003c/h4\u003e\u003cp\u003eNote, that by default, when you create a child process it inherits your primary token \u003cem\u003eeven\u003c/em\u003e if you are currently impersonating another security context\u003csup\u003e25\u003c/sup\u003e. For example, if you are impersonating a SYSTEM token and you call \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa\"\u003eCreateProcess\u003c/a\u003e(), it will \u003cstrong\u003estill\u003c/strong\u003e inherit a copy of the primary process token (rather than inheriting the SYSTEM security context of the thread).\u003csup\u003e26\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eTherefore, if an attacker wishes to spawn a new process in a \u003cem\u003edifferent security context,\u003c/em\u003e\u0026nbsp;they must either:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eUse CreateProcessWithLogonW with explicit credentials (as previously discussed)\u0026nbsp;\u003c/li\u003e\u003cli aria-level=\"1\"\u003eCall either \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw\"\u003eCreateProcessWithTokenW\u003c/a\u003e or \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessasuserw\"\u003eCreateProcessAsUserW\u003c/a\u003e and pass a handle to a token (e.g., with the token returned from LogonUser or more commonly via a stolen token)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBoth of these functions can be passed a handle to a token which represents the security context of the new process.\u003csup\u003e27\u003c/sup\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eBOOL CreateProcessWithTokenW(\u003cbr /\u003e HANDLE hToken,\u003cbr /\u003e DWORD dwLogonFlags,\u003cbr /\u003e LPCWSTR lpApplicationName,\u003cbr /\u003e LPWSTR lpCommandLine,\u003cbr /\u003e DWORD dwCreationFlags,\u003cbr /\u003e LPVOID lpEnvironment,\u003cbr /\u003e LPCWSTR lpCurrentDirectory,\u003cbr /\u003e LPSTARTUPINFOW lpStartupInfo,\u003cbr /\u003e LPPROCESS_INFORMATION lpProcessInformation\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cpre class=\"prettyprint\"\u003eBOOL CreateProcessAsUserW(\u003cbr /\u003e HANDLE hToken,\u003cbr /\u003e LPCWSTR lpApplicationName,\u003cbr /\u003e LPWSTR lpCommandLine,\u003cbr /\u003e LPSECURITY_ATTRIBUTES lpProcessAttributes,\u003cbr /\u003e LPSECURITY_ATTRIBUTES lpThreadAttributes,\u003cbr /\u003e BOOL bInheritHandles,\u003cbr /\u003e DWORD dwCreationFlags,\u003cbr /\u003e LPVOID lpEnvironment,\u003cbr /\u003e LPCWSTR lpCurrentDirectory,\u003cbr /\u003e LPSTARTUPINFOW lpStartupInfo,\u003cbr /\u003e LPPROCESS_INFORMATION lpProcessInformation\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eFor example, CreateProcessAsUserW is typically used by the operating system itself to spawn the user’s shell following a successful logon (it is also used by the Secondary Logon service when a user calls creatProcessWithLogonW). In this sense, it allows a user to “inject a process into the logon session of their choice”\u003csup\u003e28\u003c/sup\u003e. As a note, both of these APIs are wrappers around \u003ca href=\"https://doxygen.reactos.org/d9/dd7/dll_2win32_2kernel32_2client_2proc_8c.html#a13a0f94b43874ed5a678909bc39cc1ab\"\u003eCreateProcessInternalW\u003c/a\u003e (located in KernelBase.dll).\u003c/p\u003e\u003cp\u003eThe key difference here is that the caller must have certain privileges to call these two APIs\u003csup\u003e29\u003c/sup\u003e. From an attackers perspective though the goal here is the same; obtain code execution in the security context of the target user for the purposes of moving laterally.\u003c/p\u003e\u003cp\u003eOne interesting quirk is that the PowerShell Empire framework was forced to take this process spawning approach (which is arguably much noisier from a detection perspective) due to limitations with how PowerShell handles impersonation and multi-threading, as the notes \u003ca href=\"https://github.com/PowerShellMafia/PowerSploit/blob/c7985c9bc31e92bb6243c177d7d1d7e68b6f1816/Exfiltration/Invoke-TokenManipulation.ps1#L10-L17\"\u003ehere\u003c/a\u003e explain in more detail.\u003c/p\u003e\u003cp\u003eIn any case, the workflow for using process spawning token manipulation techniques remains the same. Once the attacker has obtained a handle to the token (via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess\"\u003eOpenProcess\u003c/a\u003e/\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken\"\u003eOpenProcessToken\u003c/a\u003e if primary token, or \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread\"\u003eOpenThread\u003c/a\u003e/\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthreadtoken\"\u003eOpenThreadToken\u003c/a\u003e in the case of a thread impersonating) the attacker must call DuplicateTokenEx to create a local (primary) copy of the target token, and then supply this copy to either the CreateProcessWithTokenW or CreateProcessAsUserW functions.\u003c/p\u003e\u003cp\u003eNote that again in this case, attackers are only interested in privileged logon sessions which are \u003cstrong\u003enon network logins\u003c/strong\u003e, as network logins \u003cem\u003edo not\u003c/em\u003e cache credentials and so \u003cstrong\u003ecannot\u003c/strong\u003e\u003cem\u003e \u003c/em\u003eauthenticate to other hosts.\u003cbr /\u003e\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e2. Pass-The-Ticket\u003c/strong\u003e\u003c/h3\u003e\u003cbr /\u003eWindows provides a native method to perform a very similar technique to the NETONLY flag using \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/kerberos-ssp-ap\"\u003eKerberos\u003c/a\u003e\u003csup\u003e30\u003c/sup\u003e. This technique is even more powerful in the sense that it doesn’t require an attacker to create a new logon session, but rather arbitrarily change the cached Kerberos credentials (e.g., TGT) associated with their logon session (and hence current access token), as demonstrated below:\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt681818873a2effeb/6075c3b21898af75a401bc5b/6-pass-the-ticket-blog-access-token-manipulation.gif\" data-sys-asset-uid=\"blt681818873a2effeb\" alt=\"6-pass-the-ticket-blog-access-token-manipulation.gif\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 6 - How the Pass-the-ticket attack works under the hood. In this example, the user, ASTRO\\cosmo, applies the stolen TGT of the ASTRO\\Administrator user to their current logon session.\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIn order to start interacting with the Kerberos SSP and manage the Kerberos ticket cache, a process can call \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsacallauthenticationpackage\"\u003eLsaCallAuthenticationPackage\u003c/a\u003e (located in Sspicl.dll):\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eNTSTATUS LsaCallAuthenticationPackage( \u003cbr /\u003e HANDLE LsaHandle,\u003cbr /\u003e ULONG AuthenticationPackage,\u003cbr /\u003e PVOID ProtocolSubmitBuffer,\u003cbr /\u003e ULONG SubmitBufferLength,\u003cbr /\u003e PVOID *ProtocolReturnBuffer,\u003cbr /\u003e PULONG ReturnBufferLength,\u003cbr /\u003e PNTSTATUS ProtocolStatus\u003cbr /\u003e);\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNote that the user will need to have previously called \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaconnectuntrusted\"\u003eLsaConnectUntrusted\u003c/a\u003e in order to obtain a connection handle to the LSA server and \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsalookupauthenticationpackage\"\u003eLsaLookupAuthenticationPackage\u003c/a\u003e to find the id of the kerberos package (MICROSOFT_KERBEROS_NAME_A). Additionally, inspection of these functions in IDA (again they can be located in Sspicl.dll) will reveal that they are connecting to the Lsa via \u003cstrong\u003eRPC.\u003c/strong\u003e\u003csup\u003e31\u003c/sup\u003e.\u003c/p\u003e\u003cp\u003eThrough LsaCallAuthenticationPackage, a user can make a number of sensitive requests, although the exact requests available to the user depend on whether they are elevated or not. For example, an \u003cstrong\u003eunelevated\u003c/strong\u003e user can perform basic ticket management actions\u003csup\u003e32\u003c/sup\u003e, such as enumerating their current active tickets, purging the ticket cache, and \u003cstrong\u003eapplying arbitrary tickets to their current logon session\u003c/strong\u003e\u003csup\u003e33\u003c/sup\u003e. Hence, this effectively enables a user to change the credentials cached with their current logon session and therefore specify \u003cstrong\u003earbitrary \u003c/strong\u003e\u003cem\u003e\u003cstrong\u003enetwork only\u003c/strong\u003e\u003c/em\u003e\u003cstrong\u003e credentials\u003c/strong\u003e.\u003c/p\u003e\u003cp\u003eAdditionally, from an elevated context\u003csup\u003e34\u003c/sup\u003e an attacker can enumerate and dump tickets (e.g., credentials) belonging to other users, therefore providing similar functionality to mimikatz without\u003cem\u003e \u003c/em\u003eneeding to open a handle to lsass\u003csup\u003e35\u003c/sup\u003e.\u003c/p\u003e\u003cp\u003eA full list of the types of messages that can be sent to the Kerberos authentication package can be found \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-kerb_protocol_message_type\"\u003ehere\u003c/a\u003e. In order to change the current TGT associated with a given logon session, the \u003cstrong\u003eKerbSubmitTicketMessage\u003c/strong\u003e can be passed, which uses the following message struct:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eTypedef struct _KERB_SUBMIT_TKT_REQUEST {\u003cbr /\u003e KERB_PROTOCOL_MESSAGE_TYPE MessageType;\u003cbr /\u003e LUID LogonId;\u003cbr /\u003e ULONG Flags;\u003cbr /\u003e KERB_CRYPTO_KEY32 Key;\u003cbr /\u003e ULONG KerbCredSize;\u003cbr /\u003e ULONG KerbCredOffset;\u003cbr /\u003e} KERB_SUBMIT_TKT_REQUEST, *PKERB_SUBMIT_TKT_REQUEST\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eTherefore, for a KerbSubmitTicketMessage, the ProtocolSubmitBuffer parameter simply points to a block of memory consisting of a KERB_SUBMIT_TKT_REQUEST struct followed immediately by an \u003ca href=\"https://www.ietf.org/rfc/rfc4120.txt\"\u003eASN\u003c/a\u003e encoded Kerberos ticket (which is the ticket to be applied to the specified logon session). The relevant code in mimikatz for submitting KerbSubmitTicketMessage requests can be found \u003ca href=\"https://github.com/gentilkiwi/mimikatz/blob/fe4e98405589e96ed6de5e05ce3c872f8108c0a0/mimikatz/modules/kerberos/kuhl_m_kerberos.c#L100-L127\"\u003ehere\u003c/a\u003e and in Rubeus \u003ca href=\"https://github.com/GhostPack/Rubeus/blob/732303e2f182d25e81ae25b4351782b2d0f061d0/Rubeus/lib/LSA.cs#L779-L878\"\u003ehere\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFollowing the call to LsaCallAuthenticationPackage, the user’s TGT has now been updated to the stolen ticket. From this point forward, any attempts to access network resources by any process/thread which is linked to the user’s access token/interactive logon session will \u003cstrong\u003eautomatically\u003c/strong\u003e authenticate over Kerberos using the stolen TGT (e.g., by requesting different service tickets/TGS for resources across the domain).\u0026nbsp;\u003c/p\u003e\u003cp\u003eNote, that a user can only have \u003cstrong\u003eone \u003c/strong\u003eTGT associated with their current logon session. Hence, applying a new ticket will wipe the user’s previous ticket. What if an attacker would like to preserve their current TGT? In this case, once again the NETONLY flag comes to the rescue - an attacker can create a \u003ca href=\"https://github.com/GhostPack/Rubeus#asktgt\"\u003e“sacrificial” NETONLY process\u003c/a\u003e via CreateProcessWithLogonW with arbitrary/junk credentials. This will create a new dummy process and, most importantly, a new logon session (and hence access token) to which a stolen TGT can be applied (and hence preserve the user’s current ticket)\u003csup\u003e36\u003c/sup\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOne important conclusion to draw from this technique for defense practitioners, is that as \u003cem\u003eall\u003c/em\u003e the activity is performed via LsaCallAuthenticationPackage (and hence over RPC), it does not require any \u003cstrong\u003edirect\u003c/strong\u003e interaction with lsass (N.B. direct here refers to opening a handle to lsass via OpenProcess). Furthermore, for this specific use case (ptt), all the activity is via local RPC \u003cem\u003euntil\u003c/em\u003e an attacker attempts to authenticate to a remote host (which will generate new logons).\u0026nbsp;\u003c/p\u003e\u003cp\u003eAs a further example, the README for \u003ca href=\"https://github.com/GhostPack/Rubeus#example-credential-extraction\"\u003eRubeus\u003c/a\u003e includes the following statement:\u0026nbsp;\u003c/p\u003e\u003cp\u003e“Rubeus doesn't have any code to touch LSASS (and none is intended), so its functionality is limited to extracting Kerberos tickets through use of the LsaCallAuthenticationPackage() API”\u0026nbsp;\u003c/p\u003e\u003cp\u003eTherefore, any detection logic which is predicated on handle access to lsass (e.g. via a \u003ca href=\"https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nc-wdm-pob_pre_operation_callback\"\u003eObjectPreCallback\u003c/a\u003e kernel routine for a specified \u003cstrong\u003eprocess\u003c/strong\u003e or \u003cstrong\u003ethread\u003c/strong\u003e handle operation, or a user mode hook on OpenProcess/NtOpenProcess) could miss this activity. Hence, it is a potential blind spot for, say, defenders relying on Sysmon process access events to alert on suspicious process handle access.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e3. Pass-the-hash (PtH)\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe last two techniques this blog will cover are examples of an attacker changing the cached credentials associated with their current access token/logon session “illegitimately” by \u003cstrong\u003edirectly\u003c/strong\u003e \u003cstrong\u003emodifying\u003c/strong\u003e lsass memory. In the PtH scenario, the attacker’s access token is unchanged and points to the same logon session, however the associated cached credentials are directly overwritten to a stolen hash. From this point, any remote authentication attempts will use the stolen hash, as demonstrated below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt363d7ac13b31f2a2/6075c4ac2999957477a782ca/7-under-the-hood-blog-access-token-manipulation.gif\" data-sys-asset-uid=\"blt363d7ac13b31f2a2\" alt=\"7-under-the-hood-blog-access-token-manipulation.gif\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 7 - How the PtH attack works under the hood. In this example, the legitimate hash of the user, ASTRO\\cosmo, is overwritten in-memory with the NTLM hash belonging to the ASTRO\\Administrator user.\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIn this sense, both PtH and OPtH can be thought as \u003cem\u003efunctionally\u003c/em\u003e identical to the NETONLY technique previously discussed.\u003c/p\u003e\u003cp\u003eThe typical workflow of a PtH attack is:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eOpen a write handle to lsass (e.g. via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess\"\u003eOpenProcess\u003c/a\u003e/\u003ca href=\"http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/NtOpenProcess.html\"\u003eNtOpenProcess\u003c/a\u003e with a desired access of \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights\"\u003ePROCESS_VM_WRITE\u003c/a\u003e)\u003c/li\u003e\u003cli aria-level=\"1\"\u003eEnumerate the linked list of logon sessions\u003c/li\u003e\u003cli aria-level=\"1\"\u003eLocate the logon session of interest and identify the required authentication package (In the case of PtH/NTLM this is the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/msv1-0-authentication-package\"\u003eMSV1_0 authentication\u003c/a\u003e package)\u003c/li\u003e\u003cli aria-level=\"1\"\u003eUpdate the associated cached credentials\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote that these techniques often rely on parsing and modifying \u003cstrong\u003eundocumented\u003c/strong\u003e Windows structures. This is not something that will be covered in this blog, but more information on how this is performed can be found \u003ca href=\"https://www.slideshare.net/rootedcon/hernan-ochoa-wce-internals-rootedcon-2011\"\u003ehere\u003c/a\u003e and \u003ca href=\"https://blog.xpnsec.com/exploring-mimikatz-part-1/\"\u003ehere\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eHence, once the cached credentials are updated in memory, they will \u003cstrong\u003eautomatically\u003c/strong\u003e be used to authenticate remotely, as per the usual Windows SSO design, when any process/thread running as that token attempts to access a remote resource.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003eNote, that in this simple case, there have been \u003cstrong\u003eno\u003c/strong\u003e additional logon session / access tokens created. However, in a similar fashion to pass-the-ticket attacks, these tools will also frequently need to create new junk NETONLY processes/logon sessions in order to preserve existing credentials or to apply stolen credentials to.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAs a note, in order to obtain a write handle to lsass, malware will typically take two approaches:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003eAcquire SeDebugPrivilege\u003csup\u003e37\u003c/sup\u003e\u003c/li\u003e\u003cli aria-level=\"1\"\u003eSteal and impersonate a SYSTEM token\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe first approach was discussed in part one of this blog series, however the latter approach is a typical example of stealing/impersonating a token \u003cstrong\u003efor the purpose of bypassing local access checks\u003c/strong\u003e (e.g. \u003ca href=\"https://github.com/GhostPack/Rubeus/blob/4c9145752395d48a73faf326c4ae57d2c565be7f/Rubeus/lib/Helpers.cs#L55-L107\"\u003estealing a SYSTEM token\u003c/a\u003e with a specific privilege enabled e.g. SeTcbPrivilege). A SYSTEM token is commonly obtained via \u003ca href=\"https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b\"\u003estealing the primary token from winlogon\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003e4. Overpass-the-hash (OPtH)\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe Overpass-the-hash technique applies the same concept as pass-the-hash with one key difference: it converts a hash into a fully fledged TGT ticket.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen a user first logs on to a Windows workstation, as part of the Kerberos authentication process, the user’s password hash is used to encrypt a timestamp in order to validate the user’s identity to the Domain Controller / Key Distribution Center (KDC) and receive a TGT. Overpass-the-hash modifies these cached hashes\u003csup\u003e38\u003c/sup\u003e\u0026nbsp;in memory and then kicks off the normal Kerberos authentication protocol (AS-REQ/AS_REP etc.) in order to obtain \u003cstrong\u003ea fully fledged TGT\u003c/strong\u003e for a stolen hash.\u003csup\u003e39\u003c/sup\u003e\u003c/p\u003e\u003cp\u003eThis technique can be performed via mimikatz’ pth command (which is misleadingly labelled pth when it is actually performing overpass-the-hash under the hood):\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003emimikatz # sekurlsa::pth /user:Administrator /domain:ASTRO.testlab /ntlm: c0f969f35beb20e8f09ce86ef42ccd51\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThis essentially performs the same steps as PtH, except it targets the Kerberos SSP (and hence kerberos.dll).\u003csup\u003e40\u003c/sup\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f0ec627cce8ca30/6075c51c66e3a310e06c57c6/8-opth-attack-blog-access-token-manipulation.gif\" data-sys-asset-uid=\"blt3f0ec627cce8ca30\" alt=\"8-opth-attack-blog-access-token-manipulation.gif\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eFigure 8 - How the OPtH attack works under the hood. In this example, the legitimate hash of the user, ASTRO\\cosmo, is overwritten in-memory with the hash belonging to the ASTRO\\Administrator user, kicking off the normal Kerberos authentication process.\u003c/figcaption\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eAs this technique once again involves wiping the current TGT associated with the user’s logon session, an attacker can use a NETONLY process (with an associated dummy logon session) to preserve their current TGT, which is exactly how mimikatz \u003ca href=\"https://github.com/gentilkiwi/mimikatz/blob/72b83acb297f50758b0ce1de33f722e70f476250/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c#L947-L961\"\u003eperforms\u003c/a\u003e overpass-the-hash by default.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFirstly, it spawns a new process in a suspended state via CreateProcessWithLogonW with the LOGON_NETCREDENTIALS_ONLY flag. It then obtains a handle to the primary token of this suspended process and retrieves the authentication id for the \u003cem\u003enew\u003c/em\u003e dummy logon session via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation\"\u003eGetTokenInformation\u003c/a\u003e. This function is used to query information cached in the token via the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-token_information_class\"\u003eTOKEN_INFORMATION_CLASS\u003c/a\u003e enum, which in this case is \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_statistics\"\u003eTokenStatistics\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eHaving obtained the authentication id, mimikatz can now start enumerating the linked list of logon sessions within lsass, looking for the newly created logon session. Once it has found the target logon session (via the authentication id), it can then proceed to update the Kerberos credentials associated with it. Once the credentials are updated, the token (whose corresponding logon session is now linked to the stolen hash) can be converted to an impersonation token via DuplicateTokenEx and impersonated via SetThreadToken as we have seen previously.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOnce again at this stage, any attempts an attacker makes to access resources across the network will use the domain\\user and password hash combination provided as arguments to mimikatz for authentication. Therefore, all remote interactions will be performed with the access and privileges of the stolen credentials.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eConclusion\u003c/strong\u003e\u003c/h2\u003eThe purpose of this two-part blog series was to explain how fundamental concepts in Windows Security work under the hood and to show how attackers abuse these features in order to compromise Windows domains. This blog has demonstrated that irrespective of what tools or what authentication provider is abused, attackers act under a set of constraints that result in the same anomalous signals for access token manipulation (e.g., anomalous network only logins). These constraints are determined by the fundamental relationship between access tokens, logon sessions and cached credentials.\u003cp\u003e\u003c/p\u003e\u003cp\u003eReady for holistic data protection with \u003ca href=\"https://www.elastic.co/security\"\u003eElastic Security\u003c/a\u003e? Try it free today, or experience our latest version on \u003ca href=\"https://www.elastic.co/elasticsearch/service\"\u003eElasticsearch Service\u003c/a\u003e on Elastic Cloud.\u0026nbsp;And take advantage of our\u0026nbsp;\u003ca href=\"https://www.elastic.co/training/elastic-security-quick-start\"\u003eQuick Start training\u003c/a\u003e\u0026nbsp;to set yourself up for success.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eReferences\u003c/h2\u003e\u003cp\u003e1. \u0026nbsp;\u0026nbsp;For a recap of how Kerberos authentication works see Programming Windows Security, Keith Brown or \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61\"\u003ehttps://posts.specterops.io/kerberosity-killed-the...\u003c/a\u003e. Additionally, Rubeus, which is a toolkit for interacting with Kerberos, has an extremely informative \u003ca href=\"https://github.com/GhostPack/Rubeus#readme\"\u003ereadme\u003c/a\u003e, which is recommended for further reading.\u003c/p\u003e\u003cp\u003e2. Remember, Windows will automatically authenticate with the credentials cached in the logon session whenever a user attempts to access a network resource as per the Windows SSO mechanism. Cached credentials here can refer to any authentication provider (e.g. NTLM hashes or Kerberos tickets). NB this assumes the user is interactively logged in (non-network).\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e3. \u0026nbsp;This is typically to avoid losing a foothold due to incident response or host isolation.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e4. \u0026nbsp;This is obviously only applicable to attacker activity on a compromised host, as opposed to an attacker executing code from another source e.g. remotely via \u003ca href=\"https://github.com/SecureAuthCorp/impacket\"\u003eimpacket\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e5. \u0026nbsp;\u003ca href=\"https://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/\"\u003ehttps://clymb3r.wordpress.com/2013/11/03/powershel...\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e6. \u0026nbsp;See the ‘steal_token’ command from Cobalt Strike as an example of this technique: \u003ca href=\"https://www.cobaltstrike.com/help-beacon\"\u003ehttps://www.cobaltstrike.com/help-beacon\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e7. \u0026nbsp;\u003ca href=\"https://github.com/PowerShellMafia/PowerSploit/blob/c7985c9bc31e92bb6243c177d7d1d7e68b6f1816/Exfiltration/Invoke-TokenManipulation.ps1#L31-L44\"\u003eThis\u003c/a\u003e comment from the archived PowerSploit framework should also provide further clarification on this distinction between token theft for local privilege escalation vs lateral movement.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e8. \u0026nbsp;Alternatively, attackers can also go the password spraying route or attempt to use NTLM sniffing/replaying attacks via tools such as \u003ca href=\"https://github.com/SpiderLabs/Responder\"\u003eresponder\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e9. \u0026nbsp;Note that both LogonUserA/W are simple wrappers around \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthn/logonuserexexw\"\u003eLogonUserExExW\u003c/a\u003e in SspiCli.dll\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e10. \u0026nbsp;In exactly the same way, \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw\"\u003eCreateProcessWithLogonW\u003c/a\u003e can be passed a local admin account (rid-500) to execute an elevated process from a medium/unelevated context.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e11. \u0026nbsp;There are remote UAC registry \u003ca href=\"https://support.microsoft.com/en-gb/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows\"\u003eoptions\u003c/a\u003e which can modify this behaviour.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e12. \u0026nbsp;There is an additional logon type, LOGON32_LOGON_NETWORK_CLEARTEXT, which is essentially a network logon but with cached credentials. See Programming Windows Security, Keith Brown for more information.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e13. \u0026nbsp;See for more info:\u003cbr /\u003e\u003c/p\u003e\u003ca href=\"https://blueteamer.blogspot.com/2018/12/disabling-uac-remote-restrictions-to.html\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003ca href=\"https://blueteamer.blogspot.com/2018/12/disabling-uac-remote-restrictions-to.html\"\u003ehttps://blueteamer.blogspot.com/2018/12/disabling-...\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://support.microsoft.com/en-gb/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows\"\u003ehttps://support.microsoft.com/en-gb/help/951016/de...\u003c/a\u003e\u003cbr /\u003e\u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://labs.f-secure.com/blog/enumerating-remote-access-policies-through-gpo/\"\u003ehttps://labs.f-secure.com/blog/enumerating-remote-...\u003c/a\u003e\u003cp\u003e14. \u0026nbsp;NB there is also a \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken\"\u003eDuplicateToken\u003c/a\u003e function but this only returns an impersonation token.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e15. \u0026nbsp;This can be verified by examining the function in IDA. Alternatively, check \u003ca href=\"https://doxygen.reactos.org/d1/d72/dll_2win32_2advapi32_2sec_2misc_8c.html#aed5dfd166fea98c3ac188fbbc8f88190\"\u003ehere\u003c/a\u003e on ReactOS.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e16. \u0026nbsp;This summary is a slight simplification of impersonation security. For a more thorough overview see James Forshaw’s “Introduction to Logical Privilege Escalation on Windows” slides (p26): \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://conference.hitb.org/hitbsecconf2017ams/materials/D2T3%20-%20James%20Forshaw%20-%20Introduction%20to%20Logical%20Privilege%20Escalation%20on%20Windows.pdf\"\u003ehttps://conference.hitb.org/hitbsecconf2017ams/mat...\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e17. \u0026nbsp;This title is taken from an excellent blog by Raphael Mudge: \u003ca href=\"https://blog.cobaltstrike.com/2015/12/16/windows-access-tokens-and-alternate-credentials/\"\u003eWindows Access Tokens and Alternate Credentials\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e18. \u0026nbsp;This is typically the main reason why option 2 is not commonly used by attackers.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e19. \u0026nbsp;Hence, running ‘whoami’ will still show the same user (as the token is still the same), despite the duplicated token having different network credentials. This is a common source of confusion when using Cobalt Strike’s \u003ca href=\"https://www.cobaltstrike.com/help-beacon\"\u003emake_token\u003c/a\u003e command (which performs the same technique as described under the hood).\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e20. \u0026nbsp;The Windows RPC/COM APIs also enable a user to specify network-only credentials. For example, this can be achieved for RPC by calling \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-rpcbindingsetauthinfoexw\"\u003eRpcBindingSetAuthInfoExW\u003c/a\u003e and passing a SEC_WINNT_AUTH_IDENTITY structure via the AuthIdentity parameter. For more information see Programming Windows Security, Keith Brown and \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/wmisdk/setting-authentication-using-c-\"\u003ehttps://docs.microsoft.com/en-us/windows/win32/wmisdk/setting-authentication-using-c-\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e21. \u0026nbsp;While the two flags have different names, their meaning is the same; these credentials are only to be used on the network.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e22. \u0026nbsp;Note there are still \u003ca href=\"https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-CredentialInjection.ps1#L77-L82\"\u003eways\u003c/a\u003e around creating suspicious event logs for anomalous logon sessions.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e23. \u0026nbsp;This is a James Forshaw trick - see the following blog for more detail: \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-3.html\"\u003ehttps://www.tiraniddo.dev/2017/05/reading-your-way...\u003c/a\u003e. Additionally, \u003ca href=\"https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools\"\u003eTokenViewer\u003c/a\u003e is an excellent tool for experimenting with this type of technique.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e24. \u0026nbsp;With this resulting impersonation token it is possible to write a file to System32 etc.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e25. \u0026nbsp;There still may be legitimate reasons for impersonating prior to calling an API though, such as to obtain a privilege you don’t currently have before calling an API which requires it (although note some APIs do automatically enable privileges).\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e26. \u0026nbsp;There are a few ways around this. For example, you can spawn a process as the child of a SYSTEM process by obtaining a handle to a SYSTEM process via OpenProcess with the \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights\"\u003ePROCESS_CREATE_PROCESS\u003c/a\u003e access right. This HANDLE can then be passed to \u003ca href=\"https://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FProcess%2FNtCreateProcess.html\"\u003eNtCreateProcess\u003c/a\u003e as the ParentProcess parameter. This can also be achieved via the PROC_THREAD_ATTRIBUTE_PARENT_PROCESS parameter and CreateProcess: \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://gist.github.com/xpn/a057a26ec81e736518ee50848b9c2cd6\"\u003ehttps://gist.github.com/xpn/a057a26ec81e736518ee50...\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e27. \u0026nbsp;Bizarrely, CreateProcessWithTokenW takes a dwLogonFlags argument despite also requiring a handle to an existing token, which by definition, should already have a corresponding logon session. It seems likely that this is something to do with loading the user profile.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e28. \u0026nbsp;Programming Windows Security, Keith Brown\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e29. \u0026nbsp;Specifically, SE_IMPERSONATE_NAME for CreateProcessWithTokenW and SE_INCREASE_QUOTA_NAME (\u0026amp;) SE_ASSIGNPRIMARYTOKEN_NAME (if token is not assignable) for CreateProcessAsUserW\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e30. \u0026nbsp;A recap of Kerberos authentication can be found \u003ca href=\"https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61\"\u003ehere\u003c/a\u003e and see the following for more information on kerberos related attacks: \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It.pdf\"\u003ehttps://www.blackhat.com/docs/us-14/materials/us-1...\u003c/a\u003e, , \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://github.com/GhostPack/Rubeus#readme\"\u003ehttps://github.com/GhostPack/Rubeus#readme\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e31. \u0026nbsp;\u003ca href=\"https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html\"\u003ehttps://googleprojectzero.blogspot.com/2019/12/cal...\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e32. \u0026nbsp;E.g. the native Windows tool \u003ca href=\"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/klist\"\u003eklist\u003c/a\u003e offers similar functionality and is clearly a wrapper around LsaCallAuthenticationPackage.\u003c/p\u003e\u003cp\u003e33. \u0026nbsp;Note that an unelevated user can only apply tickets to their own logon session; elevated privileges are needed to apply a TGT to a different logon session.\u003c/p\u003e\u003cp\u003e34. \u0026nbsp;There are some caveats/subtleties to this statement which are better answered by the Rubeus \u003ca href=\"https://github.com/GhostPack/Rubeus#example-credential-extraction\"\u003ereadme\u003c/a\u003e. In short though, the caller needs to register an LSA connection via \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaregisterlogonprocess\"\u003eLsaRegisterLsaProcess\u003c/a\u003e which requires the SeTcbPrivilege privilege (i.e. the caller is part of the trusted computing base).\u003c/p\u003e\u003cp\u003e35. \u0026nbsp;As an observation, you can also talk to the msv1_0 authentication package via LsaCallAuthenticationPackage and send the following message types: \u003cspan\u003e\u003c/span\u003e\u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-msv1_0_protocol_message_type\"\u003ehttps://docs.microsoft.com/en-us/windows/win32/api...\u003c/a\u003e, although I have not investigated whether it is also possible to retrieve NTLM credentials through this interface.\u003c/p\u003e\u003cp\u003e36. \u0026nbsp;For more information see the Rubeus github repository \u003ca href=\"https://github.com/GhostPack/Rubeus\"\u003ereadme\u003c/a\u003e, which has a fantastic write up of lots of kerberos related functionality and opsec considerations.\u003c/p\u003e\u003cp\u003e37. \u0026nbsp;See \u003ca href=\"https://docs.microsoft.com/en-us/windows/win32/secauthz/enabling-and-disabling-privileges-in-c--\"\u003ehere\u003c/a\u003e for an example of enabling a privilege\u003c/p\u003e\u003cp\u003e38. \u0026nbsp;This can be verified by looking at PsOpenProcess/Thread in IDA and looking for a call to SePrivilegeCheck.\u003c/p\u003e\u003cp\u003e39. \u0026nbsp;Note, that acquiring SeDebugPrivilege tends to be very noisy from a detection logic perspective.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e40. \u0026nbsp;Note the hash/key can be rc4_hmac (e.g. NTLM), aes128_hmac, aes256_hmac etc.. see \u003ca href=\"https://www.slideshare.net/gentilkiwi/abusing-microsoft-kerberos-sorry-you-guys-dont-get-it/18\"\u003ehere\u003c/a\u003e for more.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e41. \u0026nbsp;See for more detail: \u003ca href=\"https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don%27t-Get-It.pdf\"\u003ehttps://www.blackhat.com/docs/us-14/materials/us-1...\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e42. \u0026nbsp;As a note, Rubeus’ \u003ca href=\"https://github.com/GhostPack/Rubeus#asktgt\"\u003easktgt\u003c/a\u003e functionality performs a variant of overpass-the-hash via building raw AS-REQ traffic for a given hash from an unelevated context and without needing to touch lsass.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-04-13T16:27:47.029Z","created_by":"bltc87e8bcd2aefc255","disclaimer":[],"full_bleed_image":{"uid":"blt2bc2ee0d053197c6","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-01T23:00:35.030Z","updated_at":"2020-07-01T23:00:35.030Z","content_type":"image/png","file_size":"79461","filename":"blog-banner-security-laptop.png","title":"blog-banner-security-laptop.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T15:16:43.194Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2bc2ee0d053197c6/5efd15937a4c912976093ae3/blog-banner-security-laptop.png"},"markdown_l10n":"","publish_date":"2021-04-20T18:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How attackers abuse Access Token Manipulation (ATT\u0026CK T1134)","seo_description_l10n":"This blog teaches security practitioners how attackers abuse legitimate Windows functionalities to move laterally and compromise Active Directory domains.","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltd11e6308b4dbe770","ACL":{},"created_at":"2023-11-06T21:32:01.057Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-research","label_l10n":"Security research","tags":[],"title":"Security research","updated_at":"2023-11-06T21:32:01.057Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.638Z","user":"blt4b2e1169881270a8"}},{"title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt94fd9c3bf14d1f7c","ACL":{},"created_at":"2023-11-06T21:35:54.155Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vulnerability-management","label_l10n":"Vulnerability Management (VM)","tags":[],"title":"Vulnerability Management (VM)","updated_at":"2023-11-06T21:35:54.155Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.168Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltb35dc0df9e2855a5","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-01T23:00:22.154Z","updated_at":"2020-07-01T23:00:22.154Z","content_type":"image/png","file_size":"73829","filename":"blog-thumb-security-laptop.png","title":"blog-thumb-security-laptop.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T15:16:43.194Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb35dc0df9e2855a5/5efd1586e22ca44fde3b8201/blog-thumb-security-laptop.png"},"title":"How attackers abuse Access Token Manipulation (ATT\u0026CK T1134)","title_l10n":"How attackers abuse Access Token Manipulation (ATT\u0026CK T1134)","updated_at":"2025-03-10T12:05:21.654Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/how-attackers-abuse-access-token-manipulation","publish_details":{"time":"2025-03-10T12:05:25.598Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt29a413bc0dbf6a52","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"At Elastic, we :heart: APIs. PSD2 regulation is forcing banks to share their precious data through APIs, so why not get ahead with Elastic?","author":["blt8bf5cf20b113d800"],"body_l10n":"\u003cp\u003eAt Elastic, we :heart: APIs because developers love to work with them to get things done. APIs also have the power to change (or disrupt) an industry quickly and decisively, as is the case with The Revised Payment Service Directive (PSD2). APIs make it possible to seemlessly switch from Web browsers to apps, to deploy content to any platform, and to find the best deals among thousands of suppliers. PSD2 sets out to standardize APIs between EU banks and abolish the existing lock-ins that still exist in the industry. Because while financial institutions are closer to the forefront of the innovation curve than almost any other industry, the point can be made that this has not resulted in wide-spread open access to the core banking ecosystems - namely accounts and transactions. PSD2 is a directive from the European Union that will make banks open up access to their, otherwise private, core banking functions in ways that we have not seen before. PSD2 legislation introduces a breadth of opportunity for retail banks, while also introducing new risk. The Elastic Stack plays a vital role in many of the world’s banks today, and that will especially be true for PSD2 architectures.\u003c/p\u003e\u003ch2\u003eA Primer on PSD2 Regulation\u003c/h2\u003e\u003cp\u003eIn a nutshell, PSD2 stipulates that:\u003c/p\u003e\u003col\u003e\u003cli\u003eBanks have to allow a secure way for customer to authorize a third party provider to (1) have direct access to account and transactions data, (2) make and authorize payments via APIs.\u003c/li\u003e\u003cli\u003eCustomers have to be able to trust the privacy and security of their information, hence multi-factor authentication (at least two factors) and granular authorization controls (“entitlements”) have to be in place.\u003c/li\u003e\u003cli\u003eMember states have until 2018 to create local legislation for PSD2, to come into force likely end of 2018 or early 2019, along with penalties for non-compliance.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eMuch in-depth content has been written about PSD2 since its inception. For a more thorough discussion of PSD2 we refer you to those resources. The rest of this blog will focus on the strategic choices that banks will need to make, and how PSD2 impacts banking architectures.\u003c/p\u003e\u003ch2\u003eStrategic Overview\u003c/h2\u003e\u003cp\u003eWe need to give you a couple of new acronyms to make sense of PSD2. Warning: they don't really roll off the tongue.\u003c/p\u003e\u003cdl\u003e\u003cdt\u003eASPSP\u003c/dt\u003e\u003cdd\u003eAccount Service Payment Service Providers, the core capability of retail banks.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003ePISP\u003c/dt\u003e\u003cdd\u003ePayment Initiation Service Provider, a party in between the customer and the bank, and initiates a transaction. Can be a non-bank entity, like the retailer.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003eAISP\u003c/dt\u003e\u003cdd\u003eAccount Information Service Provider, also known as “the cross-bank service” where customers can get a consolidated picture of their finances.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003eXS2A\u003c/dt\u003e\u003cdd\u003eAccess to Account. The legislative API calls that grant AISPs access to transaction data.\u003c/dd\u003e\u003c/dl\u003e\u003cp\u003eSome things in life are inevitable, while others are entirely optional. Retail banks in the EU have to align their strategy along a range of options that lead from a compliant utility-like bank on one end, to a one-stop shop for anything related to consumer finance on the other end. A bank may choose to simply conform to the PSD2 legislation and continue much like it did before. But there is value to be found in going beyond the compliance of integration and open up financial services on top of XS2A. Value such as using your bank’s platform to consume other banks’ APIs and give them the complete picture of their financial status. Or, implement APIs that go beyond XS2A, like for requesting loans, giving advice around savings, or finding businesses where your users can spend their money on new, shiny things.\u003c/p\u003e\u003cp\u003eFintech players are disrupting business in all areas: investing, paying, and saving. And they are creating new ones like cryptocurrencies. Users love fintech because they provide their services using qualities that users have come to expect from Google, Facebook, Amazon and the likes: everything online and 24/7, using data intelligently to minimize users actions and maximize value, and have a tremendous user experience through UIs and APIs.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cblockquote\u003eAlong the spectrum of strategic options, banks may decide to be a lean, utility-like provider of payments and account services. Or, at the other end of the spectrum, provide a world-class experience that users will use as the focal point of all their financial dealings.\u003c/blockquote\u003e\u003cp\u003eSo, banks that operate in the European Union can strategize on three axes:\u003c/p\u003e\u003col\u003e\u003cli\u003eAPI Consumption: Stick to the position in the payments infrastructure that they have today, or additionally consume APIs from other ASPSPs to become an AISP that people crowd around?\u003c/li\u003e\u003cli\u003eAPI Exposure: Expose just the necessary APIs (as required), or additionally expose many more value-adding services through them?\u003c/li\u003e\u003cli\u003eUser Experience: Do you want to invest in best web and mobile user experience that is available in the market?\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc903651b9cc1934b/5f970af4432f517518d3f821/blog-psd2-1.png\" width=\"703\" height=\"447\" alt=\"The retail banking world before and after PSD2\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 703;height: 447;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eInteractions with our clients indicate that most banks, if not all, opt to go beyond the requirements that PSD2 demands of them to become a single open ecosystem between merchants, banks and users.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9b347f0ce3dd373d/5f970af983a0a3620dd3a055/blog-psd2-2.png\" width=\"616\" height=\"468\" alt=\"A simplified communication schema of today's payment systems, and in a PSD2 world\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 616;height: 468;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eA simplified architecture of a PSD2-compliant retail banking ecosystem already shows the important role that APIs will play. A big change is that more APIs will have to be opened up to more external parties. Apart from the obvious security concerns, this also means that you will no longer control the usage of your own APIs, other parties will use them as well.\u003c/p\u003e\u003ch2\u003eHaving and sharing actionable data will be the Norm for AISPs\u003c/h2\u003e\u003cp\u003eAISPs (we’ll repeat: Account Information Service Providers) add value to customers by ‘knowing it all’. To become an AISP, a bank must have a complete picture of a user’s financial transactions and accounts. On top of that, an AISP should know what the user wants to achieve, what merchants the user likes, all with user consent (GDPR, anyone?). On top of that, AISPs should strive to have the best experiences (that includes user interfaces, alerts, brand image, trustworthiness) to get in a position of advising the user. Luckily, APIs also help out to get data from merchants and ASPSPs into the AISP.\u003c/p\u003e\u003cp\u003eReal-time query engines are able to react and predict to users, transactions, and the like. Having offline batch processing is a great way to extract intelligence out of data in some cases, but to get that intelligence online, a fast data store is needed with millisecond response times.\u003c/p\u003e\u003cp\u003eEuropean banks have been experimenting with personal finance features on their platforms for years. But they have always been based on the partial picture of the user’s finances, and were arguably not as functional a users have come to expect in recent years. With PSD2, we expect a surge of new personal finance tools that will be completely automated, intelligent and responsive. It requires real-time analytics and natural language processing (NLP) at scale, such as aggregations, fuzzy queries, multi-language, and predictions.\u003c/p\u003e\u003ch2\u003ePSD2 Architectures\u003c/h2\u003e\u003cp\u003eBanks already operate using internal APIs that connect modern, scalable front-end applications to core account and payment systems. Typically, the core banking systems are legacy systems that don’t scale effortlessly, so they offload part of their responsibilities to various modern data stores to save cycles on the core systems. PSD2-compliant architectures will have to make those APIs accessible to 3rd parties that are, at best, under the bank’s influence, not control. This means that the APIs will make or break access to bank’s most basic functions.\u003c/p\u003e\u003ch3\u003eA Shopping List for PSD2 Architectures\u003c/h3\u003e\u003cp\u003eA PSD2-compliant architecture requires at least these major components:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn API to the fast access layer with proper scaling, throttling, and security in place.\u003c/li\u003e\u003cli\u003eA fast access layer to offload the core banking applications and provide cheap, scalable data services to the API layer.\u003c/li\u003e\u003cli\u003eCore banking applications, often legacy systems that are already in place. ACID-compliance, a relational nature and its license models usually hinder scalability.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability\" target=\"_self\"\u003eAn observability platform\u003c/a\u003e for all of the above, and the focus of the rest of this blog.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe rest of this blog will focus on executing an API-first banking strategy, starting out with running PSD2-compliant APIs and moving ahead as an AISP to provide users the single, intelligent interface to all their personal finance needs. Part II will focus on a logging platform to monitor the PSD2 architecture.\u003c/p\u003e\u003ch2\u003eThe Elastic Stack\u003c/h2\u003e\u003cp\u003eThe Elastic Stack is a use-case agnostic data platform that is very well-suited for running high-traffic, API-driven environments like this one. It excels especially when the mere serving of key/value pairs is not enough. Elastic’s analytic functionalities for both structured as well as unstructured data are necessary for serving dashboards, advisories, transaction histories, integrating with 3rd party data stores and the likes. Elastic makes data come alive, it’s far beyond a bunch of documents waiting to be called by their ID. Often the Core Banking Apps are not suited for the scale that banks will be faced with due to technical and licensing issues. Elastic has scalability built-in from its first lines of code, and there are great benefits to its licensing model which is based on number of logical nodes, not the amount of queries, users or ingested data.\u003c/p\u003e\u003cp\u003eThe rest of this blog will focus on executing an API-first banking strategy, starting out with running PSD2-compliant APIs and moving ahead as an AISP to provide users the single, intelligent interface to all their personal finance needs. Part II will focus on a logging platform to monitor the PSD2 architecture.\u003c/p\u003e\u003ch2\u003eThe Elastic Stack for Smart Banking Data Platforms\u003c/h2\u003e\u003cp\u003eThe Elastic Stack is perfectly suited to run not just your classical search and logging use cases, but also for serving business data via APIs. In a nutshell, an PSD2-enabled bank that also will become an AISP will need the following high-level architecture. In pink, the minimum PSD2 components. In green, an incomplete list of differentiating value-adding services (once interbanking and intermerchant APIs are in place, the list of imaginable value-adding services becomes huge).\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdef8417de3a1eefa/5f970af8545bdb56ce4903bc/blog-psd2-3.png\" width=\"755\" height=\"499\" alt=\"The Elastic Stack for Smart Banking Data Platforms\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 755;height: 499;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe think that successfully running value-adding platforms successfully, banks will require excellence in these key areas:\u003c/p\u003e\u003col\u003e\u003cli\u003eSecurity and Privacy: This includes corporate and legislative requirements such as encryption, authorizations, audit logging, privacy, and data separation.\u003c/li\u003e\u003cli\u003eMonitoring and Alerting: The ability to know current and historical status of the service, and be informed of any serious deviations from what is considered normal. The ability to view the inner workings of a system is also called observability.\u003c/li\u003e\u003cli\u003eQuality of Service: The ability to throttle in case of overloads, to protect underlying systems from DoS attacks and to allow the enforcement of Fair Use policies.\u003c/li\u003e\u003cli\u003eEasy, far-reaching scalability: Scaling the platforms should be simple and painless.\u003c/li\u003e\u003cli\u003eReal-time answers: Answer calls fast to support the needs and expectations of users, throughout the user experience.\u003c/li\u003e\u003cli\u003eSelf-learning and self-service: Getting useful intelligence out of the data without having to foresee and manages what exactly is relevant (because who would know beforehand how security breaches or outages might unfold?) requires abilities to find anomalies, create advanced dashboards, and a raw data store. Consumers are expected to mix and match layouts of dashoards and apps to their needs, but they will only do so if the data and UX are very intuitive to work with.\u003c/li\u003e\u003c/ol\u003e\u003ch3\u003eElastic Architecture for Data Platforms\u003c/h3\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3c8065fff0095f2f/5f970af8878c0d548cdc1361/blog-psd2-4.png\" width=\"734\" height=\"471\" alt=\"The Elastic Stack for Smart Banking Data Platforms Architecture\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 734;height: 471;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe Elastic Stack is a complete suite of products for running API architectures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLogstash is a dynamic data collection pipeline with an extensible plugin ecosystem and strong Elasticsearch synergy. It can read from slower, write-optimized primary data stores such as RDBMSs. Ingestion can be batch-oriented or near real-time.\u003c/li\u003e\u003cli\u003eElasticsearch is a distributed, REST API enabled, JSON-based search and analytics engine designed for horizontal scalability, maximum reliability, and easy management.\u003c/li\u003e\u003cli\u003eKibana gives shape to your data and is the extensible user interface for configuring and managing all aspects of the Elastic Stack.\u003c/li\u003e\u003cli\u003eX-Pack is a single extension that integrates handy features — security, alerting, monitoring, reporting, graph exploration, and machine learning.\u003c/li\u003e\u003cli\u003eThe APIs sit on top of the Stack, as well as custom UIs like mobile apps or websites.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe Elastic Stack logical architecture for APIs combines all these products into an end to end platform with accompanying services, like Consulting and Expert Support. As you have probably read a bunch of times by now, Elastic :heart: APIs. That is why the Elastic Stack products natively supports REST API endpoints for easy integration into any architecture.\u003c/p\u003e\u003ch3\u003eServing PSD2 API Requests\u003c/h3\u003e\u003cp\u003eElasticsearch natively supports REST API endpoints, likely the same technology that will dominate the PSD2 landscape. Expect millisecond response times to queries, in an encrypted, authenticated and authorized ecosystem, including audit logging (GDPR anyone?).\u003c/p\u003e\u003cp\u003eOf course, banks already run private APIs similar to PSD2’s public ones to connect their customers to their data on mobile apps, web browsers, kiosks, or ATMs. Consolidating these private and public APIs is going to make banks more cost-efficient and agile (less code to manage).\u003c/p\u003e\u003ch3\u003eStepping Up Your Game as an AISP\u003c/h3\u003e\u003cp\u003eElastic’s most unique feature for AISPs is the ability to not just store and serve data safely and on immense scale, but to get meaningful, actionable insights from that data. We expect that users will be searching for the AISP that provides that best combination of data intelligence and user experience and handle most day-to-day finances with that AISP. Kibana shows off Elasticsearch’s aggregations and time-series features nicely. Custom UIs can utilize the same features and implement a completely custom presentation.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd49eddf9206e585b/5f970af4fe49b57a83a141c8/blog-psd2-5.png\" width=\"413\" height=\"464\" alt=\"A Kibana screenshot of real-time payments analytics\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 413;height: 464;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eScalability is important when you set out to store a breadth of customer-centric financial information. Elasticsearch’s code is setup to be scalable from its very beginnings, resulting in a system that can handle millions of concurrent reads and writes per second. It allows AISPs to provide services with 3rd party data just as easily as with internal data.\u003c/p\u003e\u003ch3\u003eImplementing a Customer Financial Advisory\u003c/h3\u003e\u003cp\u003eHaving a time-series of financial transactions of a customer enables an AISP to provide relevant and timely information to their users. Disregard, for a moment, that having an army of analysts look at all data in an AISP to turn it into meaningful information would be cost-prohibitive, i.e. very expensive. What could they possibly come up with? Customers might want to know when they slowly increase their spending in certain categories, like groceries. Or, they might be interested to hear about how their bank can help them redecorate their homes or buy a new car. If privacy regulation allows, an AISP could also aggregate and sell anonymized market insights to governments and commercial sectors. Facebook already acquired a European payments license.\u003c/p\u003e\u003cp\u003eGoing back to the army of analysts. Elastic is investing heavily in new ways to look at data that exists in the open source Stack. Two of them are particulary interesting to behavioral intelligence. X-Pack Machine Learning is a technology that does unsupervised anomaly detection on time-series data. It builds up a sense of “normal” by looking at historical data and by looking at peer data, and then weeds out false positives to give you only relevant, actionable insights. This is your army of analysts.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt70ed1e67a7adc4ef/5f970af8209f0756c89d3cd7/blog-psd2-6.gif\" width=\"770\" height=\"433\" alt=\"X-Pack Machine Learning GIF\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 770;height: 433;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eSome good reads on X-Pack Machine Learning are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/products/x-pack/machine-learning\"\u003ePage: Elastic X-Pack Machine Learning\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/videos/machine-learning-lab-3-detect-outliers-in-a-population\"\u003eVideo: Outlier Detection with Machine Learning\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eTraversing Relevant Connections\u003c/h3\u003e\u003cp\u003eX-Pack Graph is a technology that presents connections in data as a graph. It weeds out irrelevant, ‘boring’ connections by comparing subsets of data with their peers. For instance, because the total population has a certain percentage of their money spent on, say, cappuccinos, we might want to explore which subset of the population spends more than average on cappuccinos? This is trivial even with SQL-era aggregations. But now answer this: if I want to sell more cappuccinos, which other products or services should I relate my marketing to so that I reach new audience that would gladly buy more cappuccinos if given the opportunity? What is uncommonly common about people that drink uncommon amounts of cappuccinos that can help me propel my business to the right locations, the right products, using the right brand message? And how can I get these insights as self-service analytics? Graph will help to get meaningful relations from data using wisdom of the crowd algorithms.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f0a0dab9edbf71a/5f970af545fa7d72ddd1dbc6/blog-psd2-7.png\" width=\"705\" height=\"412\" alt=\"X-Pack Graph demo\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 705;height: 412;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eSome good reads on X-Pack Graph are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/products/x-pack/graph\"\u003ePage: Elastic X-Pack Graph\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/videos/deep-dive-new-graph-capabilities-elastic-stack-mark-harwood\"\u003eVideo: Graph Deep Dive with Mark Harwood\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/using-elastic-graph-and-kibana-to-analyze-panama-papers\"\u003eBlog: Using Elastic Graph + Kibana to Analyze Panama Papers\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e‘Orchestration as a Service’ with Cloud Enterprise\u003c/h3\u003e\u003cp\u003eElastic Cloud is our public SaaS service running on AWS. Using that technology and our expertise, we set out to bring the Elastic Cloud experience to any data center. And that’s what we did with Elastic Cloud Enterprise (ECE). As organizations adopt Elastic across use cases and departments, ECE keeps your focus on building value-adding services on top of your Elastic clusters.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3eb1e0be94bc6949/5f970af42425cd7a8af684a4/blog-psd2-8.gif\" width=\"889\" height=\"498\" alt=\"Elastic Cloud Enterprise demo\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);width: 889;height: 498;display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe would love to talk about ECE some more, but this blog is not meant as a comprehensive discussion of Elastic Cloud Enterprise. Luckily, those resources already exist. Some good reads on ECE are:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/cloud/enterprise\"\u003ePage: Elastic Cloud Enterprise\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/webinars/elastic-cloud-enterprise-launch-demo\"\u003eWebinar: Elastic Cloud Enterprise Demo\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eHuh? I thought Elastic was for Monitoring: Logs, Metrics and Traces!\u003c/h2\u003e\u003cp\u003eElastic has been synonymous with logging for years. Indeed, many global financial institutions ingest logs, metrics and traces of their IT infrastructure to an Elastic platform. That platform then provides dashboards, time-series analytics, anomaly detecting using X-Pack Machine Learning, real-time alerting, fraud detection, root-cause analysis and other services with that data. Part II of this series will focus on running Elastic for monitoring APIs.\u003c/p\u003e\u003cp\u003eIcons made by Freepik from flaticon.com\u003c/p\u003e\u003cdiv\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:22:51.061Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf7e0361d38ceea67"],"full_bleed_image":{"title":"psd2-architectures-elasticsearch-fullbleed.jpg","uid":"blte6583088ad57a933","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T10:09:29.607Z","updated_at":"2019-01-05T10:09:29.607Z","content_type":"image/jpeg","file_size":"165387","filename":"psd2-architectures-elasticsearch-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:59:56.128Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6583088ad57a933/5c30825929d13af10bc2ac92/psd2-architectures-elasticsearch-fullbleed.jpg"},"markdown_l10n":"","publish_date":"2017-09-14T17:13:50.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"psd2-architectures-elasticsearch-fullbleed.jpg","uid":"blte6583088ad57a933","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T10:09:29.607Z","updated_at":"2019-01-05T10:09:29.607Z","content_type":"image/jpeg","file_size":"165387","filename":"psd2-architectures-elasticsearch-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:59:56.128Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6583088ad57a933/5c30825929d13af10bc2ac92/psd2-architectures-elasticsearch-fullbleed.jpg"},"title":"PSD2: Modern Banking API Architectures with the Elastic Stack","title_l10n":"PSD2: Modern Banking API Architectures with the Elastic Stack","updated_at":"2025-03-10T12:01:46.891Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/psd2-architectures-with-the-elastic-stack","publish_details":{"time":"2025-03-10T12:01:54.027Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3ff2488406803b3c","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt613ce7bc42d2579c"],"body_l10n":"\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eWelcome to Keeping up with Kibana! This is a series of posts on new developments in the Kibana project and any related learning resources and events.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eWe had a Kibana all-hands meeting this week. Each team gave a presentation on the main projects they are working on. The all-hands meeting provides the team a good opportunity to understand what we’re doing across the team and to get aligned on the priorities, plans, and timelines. Going forward, we will have an all-hands every 5 weeks.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eTypeScript support\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eThe Platform team has begun to work on first-class\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/18780\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #1155cc;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eTypeScript \u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003esupport in Kibana. Supporting TypeScript is necessary for rolling out the new Kibana Platform roadmap and for supporting greenfield plugin development, such as the Infra app. There won’t \u0026nbsp;be an immediate impact on the team because ECMAScript will continue to compile as it always has. Once support of TypeScript is complete, the Platform team will communicate about the roll out and usage. \u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eLaying the foundation for a new platform\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eThe Platform team has completed a \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/9675\" style=\"text-decoration: none;\" rel=\"text-decoration:none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #1155cc;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003enew platform\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e rollout roadmap and is working on the foundation for rolling out the new platform.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eKibana localization\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eOur \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/17201\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #1155cc;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003elocalization\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e project is making progress. We’re finishing up the technical guide and starting to build the Angular wrapper.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eMaking progress in security\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eThe Security team is moving fast with \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/18178\" style=\"text-decoration: none;\" rel=\"text-decoration:none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #1155cc;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eRBAC\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e. We’re finalizing the internal design, writing tests, and beginning to document the changes. The team continues to make progress on the Spaces implementation and began Reactifying the Role management page.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eFocusing on accessibility\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.656;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eThe Design team is making big progress on the \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/11534\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #1155cc;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eAccessibility \u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eproject.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.656;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.656;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eTesting\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.656;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eWe’re almost ready for our 6.3 release! QA continues to test 6.3.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cul style=\"margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eMake schema async, and plugin discovery expose raw package jsons\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18926\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#18926\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eFunctional test runner changes through kbn-test package\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18568\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#18568\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eFix timing issue with esArchiver that causes it to fail when a snapshot is in progress\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18624\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#18624\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eSharing\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cul style=\"margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eClean up time range handling in embeddables \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/17718\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e17718\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eChange KuiContextMenu to EuiContextMenu \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/17621\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e17621\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eDisplay disabled control when index pattern no longer exists \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18931\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e18931\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eFix arrows used to modify control order \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18929\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e18929\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eVisualizations\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cul style=\"margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eAllow splitting series on multiple fields (\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/17855\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#17855\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e)\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: italic;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eAdd EditorOptionsGroup component (for Reactifying the existing editors) (\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18812\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#18812\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e,\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/18917\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#18917\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e)\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: italic;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eDon't deep clone vis in courier request handler (\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/19069\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#19069\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e)\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: italic;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eFix missing value display for number fields (\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/16644\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#16644\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e)\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\" style=\"list-style-type: disc;font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: italic;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre;margin-left: 11pt;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eReplace _term order in terms agg by _key (due to deprecation in ES) (\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/19032\" style=\"text-decoration: none;\"\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: underline;webkit-text-decoration-skip: none;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e#19032\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;font-family: Arial;color: #666666;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003e)\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 14pt;margin-bottom: 4pt;\"\u003e\u003cspan style=\"font-size: 13.999999999999998pt;font-family: Arial;color: #434343;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eManagement\u003c/strong\u003e\u003c/span\u003e\u003c/h4\u003e\u003ch4 dir=\"ltr\" style=\"line-height: 1.656;margin-top: 14pt;margin-bottom: 4pt;\" rel=\"line-height:1.656;margin-top:14pt;margin-bottom:4pt;\"\u003e\u003cspan style=\"font-weight: normal;\"\u003e\u003c/span\u003e\u003c/h4\u003e","category":[],"created_at":"2019-04-01T13:12:05.689Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"parent_uid":null,"uid":"blt711fba4b0341c251","created_by":"blt0a74c5872964bd5e889a6b79","updated_by":"blt0a74c5872964bd5e889a6b79","created_at":"2018-11-16T05:37:37.473Z","updated_at":"2018-11-16T05:37:37.473Z","content_type":"image/png","file_size":"95050","filename":"our-source-code-as-you-are.png","title":"our-source-code-as-you-are.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T19:59:05.130Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt711fba4b0341c251/5bee57a1153999e837012b00/our-source-code-as-you-are.png"},"markdown_l10n":"","publish_date":"2018-05-22T16:31:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"New developments in the Kibana project include: TypeScript support, new platform roadmap, Kibana localization progress, RBAC progress in security, accessibility project update, platform, sharing, visualization and management updates.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":3,"is_dir":false,"uid":"blt0ba59e988f7aec63","ACL":{},"content_type":"image/png","created_at":"2019-02-19T18:16:15.632Z","created_by":"blt5c97f327f30903e707c39c30","description":"","file_size":"48267","filename":"customer-bpce-image1.png","parent_uid":null,"tags":[],"title":"customer-bpce-image1.png","updated_at":"2023-01-11T13:35:45.245Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-11T13:35:52.984Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ba59e988f7aec63/63bebb310dc3963ccff8aa76/customer-bpce-image1.png"},"title":"Keeping up with Kibana: This week in Kibana for May 14, 2018","title_l10n":"Keeping up with Kibana: This week in Kibana for May 14, 2018","updated_at":"2025-03-10T11:55:06.636Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/keeping-up-with-kibana-2018-05-14","publish_details":{"time":"2025-03-10T11:55:10.703Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbbc0b11f65d7a6e8","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt85b0e579ed18da50"],"body_l10n":"\u003ch4\u003eWelcome to Keeping up with Kibana! This is a series of posts on new developments in the Kibana project and any related learning resources and events.\u003c/h4\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eOne-click sample data\u003c/h2\u003e\u003cp\u003eThe highlight of this week is the new Sample Data set on the home page. This new feature\u0026nbsp;allows for a one-click getting started experience users new to Kibana. Users can load a constructed Flight data set that includes a pre-packaged dashboard and\u0026nbsp;experiment with Kibana without having to go through the process of loading data themselves. Here is what it looks like after loading:\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f0968e7e0277ca2/5c30595925a401fc6fe4f515/Screen_Shot_2018-05-30_at_12.48.57_PM.png\" data-sys-asset-uid=\"blt3f0968e7e0277ca2\" alt=\"Screen Shot 2018-05-30 at 12.48.57 PM.png\" style=\"width: 979;height: 514;\" width=\"979\" height=\"514\"/\u003e\u003c/p\u003e\u003cp\u003eClicking the \"Launch\" button shows the pre-packaged dashboard:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdf94568915cdff18/5c3059563fdf8ce26f0c08e3/Screen_Shot_2018-05-30_at_12.49.58_PM.png\" data-sys-asset-uid=\"bltdf94568915cdff18\" alt=\"Screen Shot 2018-05-30 at 12.49.58 PM.png\" style=\"width: 975;height: 513;\" width=\"975\" height=\"513\"/\u003e\u003c/p\u003e\u003cp\u003eSee\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/pull/17807\"\u003e17807\u003c/a\u003e\u0026nbsp;for more details.\u003c/p\u003e\u003ch2\u003eCanvas technology preview\u003c/h2\u003e\u003cp\u003eCanvas is getting a facelift!\u003c/p\u003e\u003cp\u003eIn the oncoming weeks, we're converting all our UI components to EUI (Elastic's in-house UI framework). Most recently we merged a few changes to the workpad header as well as workpad \u0026amp; page settings for the next release!\u0026nbsp;Here's a sample of what's in store:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd58705ce446a50c4/5c305965ebb7714d660270c4/May28_canvas_facelift.png\" data-sys-asset-uid=\"bltd58705ce446a50c4\" alt=\"May28 canvas facelift.png\"/\u003e\u003c/p\u003e\u003cp\u003eWe are also working on new layout engine that will let you easily move, resize and rotate elements in Canvas. The version we have now is just ok, but we've been working on an all new version that is looking \u003cem\u003eamazing\u003c/em\u003e. The first iteration of it will be functionality identical to the current system, with the addition of keyboard commands, but our team has built all sorts of awesome stuff under the covers. Like these rad 3D transforms:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2004309c7b6ede6c/5c305963ca40458566ef6749/May28-canvas_layout_engine.gif\" data-sys-asset-uid=\"blt2004309c7b6ede6c\" alt=\"May28-canvas layout engine.gif\" style=\"width: 688;height: 335;\" width=\"688\" height=\"335\"/\u003e\u003c/p\u003e\u003cp\u003eCheck out more Canvas news \u003ca href=\"http://canvas.elastic.co/\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eOther enhancements and bug fixes\u003c/h2\u003e\u003ch4\u003eSecurity\u003c/h4\u003e\u003cp\u003eSpaces:\u0026nbsp; we are making progress on Reactifying the existing role management screen.\u003c/p\u003e\u003cp\u003eRBAC: We’re in the process of splitting out the platform specific PRs that enable RBAC. A\u0026nbsp;number of them have been merged, others are still in review, and a few more are soon to come.\u003c/p\u003e\u003cul\u003e\u003cli\u003eIntroduced the concept of SavedObjectRepository which will assist with implementing spaces and securing the SavedObjectsClient for RBAC \u003ca href=\"https://github.com/elastic/kibana/pull/19013\"\u003e#19013\u003c/a\u003e\u003c/li\u003e\u003cli\u003eImplemented consistent multi-type SavedObjectsClient.find which is currently used by saved objects management and will allow us to secure it for RBAC \u003ca href=\"https://github.com/elastic/kibana/pull/19231\"\u003e#19231\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDesign\u003c/h4\u003e\u003cp\u003eOn the EUI front, we are making good progress making EUI fully compatible with React 16.3. We have also added the much requested \u003ca href=\"https://github.com/elastic/eui/pull/872\"\u003eButton Groups / Toggles\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eWe also:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdated EuiSearchBar to React 16.3 lifecycle \u003ca href=\"https://github.com/elastic/eui/pull/863\"\u003e#863\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFixed EuiComboBox focus trap \u003ca href=\"https://github.com/elastic/eui/pull/866\"\u003e#866\u003c/a\u003e\u003c/li\u003e\u003cli\u003eAdded support for custom props for rows in EuiBasicTable and EuiInMemoryTable. \u003ca href=\"https://github.com/elastic/eui/pull/869\"\u003e#869\u003c/a\u003e\u003c/li\u003e\u003cli\u003eMade\u0026nbsp;\u003ca href=\"https://github.com/elastic/eui/pulls?utf8=%E2%9C%93\u0026q=is%3Apr+is%3Aclosed+merged%3A%3E%3D2018-05-19\"\u003e15 more small changes\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePlatform\u003c/h4\u003e\u003cul\u003e\u003cli\u003eOption to run Kibana from build for CI \u003ca href=\"https://github.com/elastic/kibana/pull/19125\"\u003e#19125\u003c/a\u003e\u003c/li\u003e\u003cli\u003eRemoved custom tslint overrides for kbn-system-loader \u003ca href=\"https://github.com/elastic/kibana/pull/19336\"\u003e#19336\u003c/a\u003e\u003c/li\u003e\u003cli\u003eRemoved custom tslint overrides for kbn-pm \u003ca href=\"https://github.com/elastic/kibana/pull/19335\"\u003e#19335\u003c/a\u003e\u003c/li\u003e\u003cli\u003eRemoved the tslint requirement to prefix interfaces with an `I` \u003ca href=\"https://github.com/elastic/kibana/pull/19402\"\u003e#19402\u003c/a\u003e\u003c/li\u003e\u003cli\u003eUpgraded eslint-plugin-no-unsanitized to support runtime `import`, which we’ll need for application bundles in the new platform \u003ca href=\"https://github.com/elastic/kibana/pull/19315\"\u003e#19315\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eOperations\u003c/h4\u003e\u003cp style=\"margin-left: 20px;\"\u003eAdded validation of the current node version \u003ca href=\"https://github.com/elastic/kibana/pull/19154\"\u003e#19154\u003c/a\u003e\u003c/p\u003e\u003ch4\u003eSharing enhancements and bug fixes\u003c/h4\u003e\u003cul\u003e\u003cli\u003eConverted Dashboard “Add Panel” to EUI PR 17374\u003c/li\u003e\u003cli\u003eFixed copy to clipboard IE bug PR 19281\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVisualizations bug fixes\u003c/h4\u003e\u003cul\u003e\u003cli\u003eAxis Labels Filter - better geometry assessment \u003ca href=\"https://github.com/elastic/kibana/pull/16130\"\u003e#16130\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFixed rendering markdown when updating open in new tab setting \u003ca href=\"https://github.com/elastic/kibana/pull/19356\"\u003e#19356\u003c/a\u003e\u003c/li\u003e\u003cli\u003eDon't show toast warning in filter agg \u003ca href=\"https://github.com/elastic/kibana/pull/19255\"\u003e#19255\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFixed flaky load discover search \u003ca href=\"https://github.com/elastic/kibana/pull/19265\"\u003e#19265\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eManagement\u003c/h4\u003e\u003cul\u003e\u003cli\u003eAccount for cluster level settings for Watcher UI \u003ca href=\"https://github.com/elastic/kibana/pull/19121\"\u003e#19121\u003c/a\u003e\u003c/li\u003e\u003cli\u003eSaved objects UI in React! \u003ca href=\"https://github.com/elastic/kibana/pull/17426\"\u003e#17426\u003c/a\u003e, \u003ca href=\"https://github.com/elastic/kibana/pull/19193\"\u003e#19193\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnsure index patterns leverage existing optimistic concurrency \u003ca href=\"https://github.com/elastic/kibana/pull/18937\"\u003e#18937\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eUntil next week,\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eKibana Team\u003c/strong\u003e\u003c/p\u003e","category":[],"created_at":"2019-04-01T13:12:00.114Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt29843bb98ba59a2a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:11.833Z","updated_at":"2018-10-11T05:37:11.833Z","content_type":"image/jpeg","file_size":"71803","filename":"blog-kibana-banner.jpg","title":"blog-kibana-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:49:05.384Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt29843bb98ba59a2a/5bbee187eb7e90a514e6e46b/blog-kibana-banner.jpg"},"markdown_l10n":"","publish_date":"2018-05-28T16:31:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"New One click sample data has been added to Kibana. Many updates made to Canvas. Also changes to security, design, visualizations, management and other applications within Kibana.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":3,"is_dir":false,"uid":"blt0ba59e988f7aec63","ACL":{},"content_type":"image/png","created_at":"2019-02-19T18:16:15.632Z","created_by":"blt5c97f327f30903e707c39c30","description":"","file_size":"48267","filename":"customer-bpce-image1.png","parent_uid":null,"tags":[],"title":"customer-bpce-image1.png","updated_at":"2023-01-11T13:35:45.245Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-11T13:35:52.984Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ba59e988f7aec63/63bebb310dc3963ccff8aa76/customer-bpce-image1.png"},"title":"Keeping up with Kibana: This week in Kibana for May 28, 2018","title_l10n":"Keeping up with Kibana: This week in Kibana for May 28, 2018","updated_at":"2025-03-10T11:54:09.582Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/keeping-up-with-kibana-2018-05-28","publish_details":{"time":"2025-03-10T11:54:13.258Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt495b203e24e8e651","_version":12,"locale":"en-us","ACL":{},"abstract_l10n":"We are deprecating support for ciphers that are considered weak and will update the list of ciphers supported to connect to Elasticsearch Service to include the Mozilla Intermediate ciphers after January 30, 2022.","author":["blte2d7fdc8a799bffb"],"body_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAt Elastic Cloud we are committed to offering our customers the most secure way to run their workloads in the cloud. With the goal of being “secure by default,” we are deprecating ciphers that are considered weak and insecure. Going forward, we will only support ciphers that are included in the \u003ca href=\"https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\"\u003eMozilla intermediate\u003c/a\u003e list. (edit: we are adding AES128-GCM-SHA256\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAES256-GCM-SHA384 to this list for Windows 11 compatibility).\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis change is scheduled to take effect after Jan 30th 2022. If you only have deployments in Azure regions, this change does not affect you.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe will communicate a precise date closer to the change.\u003c/p\u003e\u003ch3\u003eWhat are the changes?\u003c/h3\u003e\u003cp\u003eWe are updating the list of ciphers supported for clients connecting to their Elasticsearch clusters, Kibana, or other components on Elasticsearch Service. The changes are basically on two fronts:\u003c/p\u003e\u003cul\u003e\u003cli aria-level=\"1\"\u003e\u003cem\u003eWe will deprecate certain ciphers that are considered weak by modern encryption standards. The ciphers we are going to stop supporting in all regions are:\u0026nbsp;\u003c/em\u003e\u003cul\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-ECDSA-AES128-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES128-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-ECDSA-AES256-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES256-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-DES-CBC3-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eAES128-SHA256\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eAES128-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eAES256-SHA1\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eDES-CBC3-SHA\u003c/em\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli aria-level=\"1\"\u003e\u003cem\u003eWe are \u003c/em\u003e\u003cem\u003e\u003cstrong\u003eonly\u003c/strong\u003e\u003c/em\u003e\u003cem\u003e going to support the ciphers that are included in the \u003c/em\u003e\u003ca href=\"https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\"\u003e\u003cem\u003eMozilla intermediate\u003c/em\u003e\u003c/a\u003e\u003cem\u003e list of ciphers and are considered a security best practice. In addition to the ciphers in the Mozilla intermediate list we have also added AES128-GCM-SHA256 and AES256-GCM-SHA384 (see list below) for Windows 11 compatibility. We will remove these at a later point of time.\u003c/em\u003e\u003cul\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES128-GCM-SHA256\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-ECDSA-AES256-GCM-SHA384\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES256-GCM-SHA384\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-ECDSA-CHACHA20-POLY1305\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-CHACHA20-POLY1305\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES-128-CBC-SHA\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-ECDSA-AES128-SHA256\u003c/em\u003e\u003c/li\u003e\u003cli aria-level=\"2\"\u003e\u003cem\u003eECDHE-RSA-AES128-SHA256\u003c/em\u003e\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"2\"\u003e\u003cem\u003eAES128-GCM-SHA256\u003c/em\u003e\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"2\"\u003e\u003cem\u003eAES256-GCM-SHA384\u003c/em\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cbr /\u003e\u003cli\u003e\u003cp\u003eEdit: We have added ECDHE-ECDSA-AES128-GCM-SHA256, AES128-GCM-SHA256 and AES256-GCM-SHA384 to the list of supported ciphers since the last update.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003ch3\u003eWhat is the impact on me?\u003c/h3\u003e\u003cp\u003eIf you use clients that \u003cstrong\u003edo not\u003c/strong\u003e currently support at least one of the ciphers from the list of ciphers to be supported, you will need to update your clients to do so. This is important to be able to communicate with your cluster or any endpoints on Elastic Cloud (Kibana, APM Server, etc.) once the cipher list is updated.\u003c/p\u003e\u003ch3\u003eWhat should I do if I have clients that are using outdated ciphers?\u003c/h3\u003e\u003cp\u003eIf there are many teams at your organization using various clients, we recommend sending them a note on the upcoming changes encouraging them to update their clients. If you still don’t know what to do, reach out to \u003ca href=\"mailto:support@elastic.co\"\u003esupport@elastic.co\u003c/a\u003e.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eHow do I test which ciphers my clients support?\u0026nbsp;\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eThese changes are already in effect in the following regions, you can test your clients by creating a small test deployment in any one of these regions. If your deployments are in one of these regions only, the changes don’t impact you.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eAWS\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- af-south-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- ca-central-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- eu-north-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- eu-south-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- eu-west-3\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- me-south-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- ap-east-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- ap-south-1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- ap-northeast-2\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eGCP\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- asia-east1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- asia-northeast1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- asia-northeast3\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- asia-southeast1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- australia-southeast1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- northamerica-northeast1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- southamerica-east1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- us-east1\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- us-east4\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: #24292e;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e- us-west2\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eWhat will happen if I do nothing?\u003c/h3\u003e\u003cp\u003eThe TLS handshake involves a client and a server negotiating a cipher supported by both parties. If you are running clients that support none of the ciphers that will be supported after the change, such clients will not be able to establish a connection with your Elasticsearch cluster or other Elastic Cloud endpoints (Kibana, APM Server, etc.), leading to downtime. \u003cstrong\u003eWe strongly recommend updating such clients.\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eAll ESS customers will be contacted by email about these changes, we will send regular email reminders and status page updates closer to the dates when the changes will roll out.\u003c/p\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2021-06-23T18:52:23.380Z","created_by":"bltd9bd8e1ce5969ea6","disclaimer":[],"full_bleed_image":{"_version":1,"is_dir":false,"uid":"blte1ff01b854421089","ACL":{},"content_type":"image/png","created_at":"2021-02-24T15:35:54.554Z","created_by":"bltf6ab93733e4e3a73","file_size":"57519","filename":"blog-banner-cloud-blue.png","parent_uid":null,"tags":[],"title":"blog-banner-cloud-blue.png","updated_at":"2021-02-24T15:35:54.554Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-02-24T15:36:06.706Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1ff01b854421089/6036725a946aa93dbe5995e0/blog-banner-cloud-blue.png"},"markdown_l10n":"","publish_date":"2021-07-07T15:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Changes to support for ciphers used to connect to Elasticsearch Service","seo_description_l10n":"","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt231f19497aaf4242","ACL":{},"content_type":"image/png","created_at":"2021-02-24T15:35:54.852Z","created_by":"bltf6ab93733e4e3a73","file_size":"113075","filename":"blog-thumb-cloud-blue.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-cloud-blue.png","updated_at":"2022-02-11T21:03:14.508Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:40.632Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt231f19497aaf4242/6036725a259b2810197dbbf3/blog-thumb-cloud-blue.png"},"title":"Changes to support for ciphers used to connect to Elasticsearch Service","title_l10n":"Changes to support for ciphers used to connect to Elasticsearch Service","updated_at":"2025-03-10T11:53:03.411Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/notice-cipher-changes-ess","publish_details":{"time":"2025-03-10T11:53:07.267Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb2412645e995337e","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Every ElasticON is packed with user stories, roadmaps, deep dives, and Q\u0026A with Elastic experts. Join us for the free, virtual event October 5-7 2021.","author":["blt9396b940ff8a6007"],"body_l10n":"\u003cp\u003eThis has been the year of solving: From rapid digital transformation emboldened by the hybrid workplace to substantial cybersecurity attacks disrupting infrastructure, solvers were ready at the front lines.\u003c/p\u003e\u003cp\u003eElastic has been the platform for solvers who are addressing exceptional challenges including: \u003ca href=\"https://www.elastic.co/blog/de-watergroep-and-devoteam-build-elastic-observability-pipeline-to-deliver-water-to-millions\"\u003edelivering water to 3 million customers\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/customers/zurich-insurance-group\"\u003edriving insurance innovation\u003c/a\u003e, and \u003ca href=\"https://www.elastic.co/customers/emirates-nbd\"\u003esecuring billions in customer assets\u003c/a\u003e. And this year’s ElasticON Global 2021 theme, “Solve,” celebrates all of those working to solve the world’s most complex problems every day–from here on Earth, to the cloud, and even to \u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-2\" target=\"_blank\"\u003eMars\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eJoin your fellow solvers at \u003ca href=\"https://events.elastic.co/elasticon/global/register\"\u003ethe virtual event\u003c/a\u003e. Whether you're new to the Elastic community or an ElasticON alumnus, we welcome you to learn more about how to turn data to action using our three solutions built on a single stack.\u0026nbsp;\u003c/p\u003e\u003cp\u003ePrepare for \u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-3\u0026sol=null\u0026typ=null\u0026lev=null\"\u003ethree action-packed days\u003c/a\u003e with inspirational keynotes, product roadmaps and demos, customer success stories, and expert advice.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDay 1\u003c/strong\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eElastic Observability: Unified, actionable, frictionless\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eElastic Security: Limitless XDR. Unbounded security\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eElastic Enterprise Search: Solve with speed, scale, and relevance, out of the box\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-1 \"\u003eAnd more ...\u003c/a\u003e\u003cspan\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDay 2\u003c/strong\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eRethinking Observability with Elastic Machine Learning and statistics\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eGet the crawl rolling: Indexing with the Elastic web crawler\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eMicroservice choreography and triaging errors with Elastic Observability and the Elastic Stack\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-2 \" target=\"_blank\"\u003eAnd more ...\u003c/a\u003e\u003cspan\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDay 3\u003c/strong\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eExploring Enterprise Search with Elastic on Microsoft Azure: A hands-on lab learning experience\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eCapture the Bug with Elastic Observability\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eCapture the Flag with Elastic Security\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003e\u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-3 \" target=\"_blank\"\u003eAnd more ...\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFrom keynotes to fireside chats, attendees are sure to be inspired.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eConference highlights\u003c/h1\u003eWe’ve got\u0026nbsp; you covered — from \u003ca href=\"https://www.elastic.co/enterprise-search\"\u003eenterprise search\u003c/a\u003e to \u003ca href=\"https://www.elastic.co/observability\"\u003eincreased observability\u003c/a\u003e, or \u003ca href=\"https://www.elastic.co/security\"\u003etighter security\u003c/a\u003e to \u003ca href=\"https://www.elastic.co/cloud/\"\u003ecloud accessibility\u003c/a\u003e. Whatever you’re interested in learning about, we’ve curated a wealth of specific content designed to help you drive innovation and deliver more reliable solutions at scale.\u0026nbsp;\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAn opening keynote from Elastic founder and CEO Shay Banon and chief product officer Ashutosh Kulkarni on the power of an open community and ecosystem, plus what innovations are on the horizon over the next year for the unified Elastic Search Platform.\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eA fireside chat with Microsoft EVP, Cloud + AI, Scott Guthrie, and Shay Banon focused on the companies’ joint commitment to cloud innovation and how they are helping organizations remove barriers to technology adoption and deliver greater value to customers.\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eA fireside chat with chef, culinary innovator, and founder of World Central Kitchen, José Andrés, who will speak about his mission to use the power of food to nourish communities and strengthen economies around the world during times of crisis and beyond.\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eA fireside chat with Diana Trujillo, flight director, and robotic arm system domain lead for the Mars Perseverance mission, who will speak about the hard work, dedication, and passion it took to realize her dream of becoming an aerospace engineer at NASA’s Jet Propulsion Laboratory.\u003cspan\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou’ll have access to more than \u003ca href=\"https://www.elastic.co/elasticon/global/speakers\"\u003e100 technical sessions\u003c/a\u003e offering key learnings and insights from Elastic customers, partners, and experts, including Adobe, General Motors, IBM, Microsoft, SAP, Twitter, and others.\u003cbr /\u003e\u003cbr /\u003eWe’ve even got a virtual exhibit hall where you can chat live with fellow participants, access exclusive promotions, and meet with ElasticON Global sponsors including presenting sponsor, Microsoft Azure, along with ClearQuery, Google Cloud, Novetta, Pure Storage, SVA System Vertrieb Alexander GmbH, Swimlane, and Teleport.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eExcellence Awards\u003c/h1\u003e\u003cp\u003eThe Elastic Excellence Awards program will recognize philanthropic, innovative, and transformative projects and the people behind them. This year awards will be given in eight categories:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eCause Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eEnterprise Search Business Transformation Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eObservability Business Transformation Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eSecurity Business Transformation Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eSolve with Search Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eInnovation Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003ePublic Sector Award\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eCertified Professional of the Year\u003c/li\u003e\u003c/ul\u003e\u003ch1 dir=\"ltr\"\u003eSkills workshops and trainings\u0026nbsp;\u003c/h1\u003e\u003cp\u003eDevelop new skills through technical workshops and live, instructor-led training courses to help prepare you for certification exams. Participants can access discounted pricing for three Elastic courses: Elastic Observability Engineer, Elasticsearch Engineer, and Data Analysis with Kibana. Courses are offered multiple days and times, \u003ca href=\"https://www.elastic.co/elasticon/global/agenda?solutionProduct=null\u0026type=null\u0026technicalLevel=null\u0026day=day-0\"\u003eso find the best spot for you\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eSolve with us\u003c/h1\u003e\u003cp\u003eWe hope to see you there and if you still have questions, learn more about \u003ca href=\"https://www.elastic.co/elasticon/global/why-attend\"\u003ewhat ElasticON Global can do for you\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eBuilding on past philanthropic efforts, Elastic will make a donation to World Central Kitchen and Girlstart on behalf of every person participating in ElasticON Global. Additional donation opportunities will be made available to attendees during the event.\u003c/p\u003e\u003ca href=\"https://events.elastic.co/elasticon/global/register\"\u003eRegister to join us\u003c/a\u003e! Level-up your skills and inspire innovation with some of the world’s leading solvers.","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2021-09-21T20:30:24.370Z","created_by":"blt1e57c6588ae1816e","disclaimer":[],"full_bleed_image":{"uid":"blta1cbddeb4726a1df","ACL":{},"_version":1,"content_type":"image/png","created_at":"2021-01-12T16:26:17.549Z","created_by":"bltf6ab93733e4e3a73","file_size":"77773","filename":"blog-banner-megaphone-logo.png","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T16:26:00.903Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-banner-megaphone-logo.png","updated_at":"2021-01-12T16:26:17.549Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta1cbddeb4726a1df/5ffdcda9e4028c63a64d9380/blog-banner-megaphone-logo.png"},"markdown_l10n":"","publish_date":"2021-09-22T13:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Join us at ElasticON Global: Elastic’s free, virtual user conference October 5-7","seo_description_l10n":"Every ElasticON is packed with user stories, roadmaps, deep dives, and Q\u0026A with Elastic experts. Join us for the free, virtual event October 5-7 2021.","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt05b074fc2dd9b6f2","ACL":{},"content_type":"image/png","created_at":"2021-01-12T16:26:17.534Z","created_by":"bltf6ab93733e4e3a73","file_size":"53698","filename":"blog-thumb-megaphone-logo.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-megaphone-logo.png","updated_at":"2022-02-11T21:04:12.027Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:03.242Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt05b074fc2dd9b6f2/5ffdcda97f3df4662710b21b/blog-thumb-megaphone-logo.png"},"title":"Join us at ElasticON Global: Elastic’s free, virtual user conference October 5-7","title_l10n":"Join us at ElasticON Global: Elastic’s free, virtual user conference October 5-7","updated_at":"2025-03-10T11:51:52.995Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/join-us-at-elasticon-global-elastics-free-virtual-user-conference-October-5-7","publish_details":{"time":"2025-03-10T11:51:57.509Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd1501b9c0a3fc477","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltcf0a69ce766b1421"],"body_l10n":"\u003cp\u003eEver want to search your database entities from Elasticsearch?\u0026nbsp;Now you can use Logstash\u0026nbsp;to do just that!\u0026nbsp;In this blog we introduce the \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html\"\u003eJDBC input\u003c/a\u003e, which has been created to import data from any database that supports the JDBC interface. Below, we show you few examples of using this plugin.\u003c/p\u003e\u003ch2\u003eGetting Started\u003c/h2\u003e\u003ch3\u003eInstallation\u003c/h3\u003e\u003cpre class=\"prettyprint\"\u003ebin/plugin install logstash-input-jdbc\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003e\u003cbr /\u003e\u003c/h3\u003e\u003ch3\u003eDriver Support\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.8327272415161155;margin-top: 0pt;margin-bottom: 11pt;\"\u003ePopular databases like Oracle, Postgresql, and MySQL have compatible JDBC drivers that can be used with this input. This plugin does not come packaged with any of these JDBC drivers out of the box, but is straightforward to download. You can then configure the plugin to use the desired jdbc driver library. The setting jdbc_driver_library and jdbc_driver_class are used to load the library path and the driver's class name.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.8327272415161155;margin-top: 0pt;margin-bottom: 11pt;\" rel=\"line-height:1.8327272415161155;margin-top:0pt;margin-bottom:11pt;\"\u003eLets get started with the examples!\u003c/p\u003e\u003ch2\u003eExample 1: Simple Postgres Input\u003c/h2\u003e\u003cp\u003eHere is an example of how you get started reading from a local \u003ca href=\"http://postgresql.org\"\u003ePostgresql\u003c/a\u003e\u0026nbsp;database. As a prerequisite,\u0026nbsp;\u003ca href=\"https://jdbc.postgresql.org/download.html\"\u003edownload\u003c/a\u003e\u0026nbsp;the Postgresql JDBC drivers to use with the plugin.\u003c/p\u003e\u003ch3\u003eSetting Up The\u0026nbsp;Database\u003c/h3\u003e\u003cp\u003eBefore we get started, let's create a table called contacts and populate it with some contacts!\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ecreate table contacts (\u003cbr /\u003e\u0026lt;p\u0026gt;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;uid serial,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;email VARCHAR(80) not null,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;first_name VARCHAR(80) NOT NULL,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;last_name VARCHAR(80) NOT NULL\u003cbr /\u003e);\u003cbr /\u003eINSERT INTO contacts(email, first_name, last_name) VALUES('jim@example.com', 'Jim', 'Smith');\u003cbr /\u003eINSERT INTO contacts(email, first_name, last_name) VALUES(null, 'John', 'Smith');\u003cbr /\u003eINSERT INTO contacts(email, first_name, last_name) VALUES('carol@example.com', 'Carol', 'Smith');\u003cbr /\u003eINSERT INTO contacts(email, first_name, last_name) VALUES('sam@example.com', 'Sam', null);\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAfter this runs, here are the contents in the database in table form.\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eEmail \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Name \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eLast Name \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003enull \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJohn \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSmith \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ecarol@example.com \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCarol \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSmith \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003esam@example.com \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSam \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSmith \u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ejim@example.com \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJim \u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSmith\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ch3\u003eLogstash Configuration\u003c/h3\u003e\u003cp\u003eWe can go ahead and output all these events to the console with this sample\u0026nbsp;Logstash\u0026nbsp;configuration:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e# file: simple-out.conf\u003cbr /\u003einput {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;# Postgres jdbc connection string to our database, mydb\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_connection_string =\u0026gt; \"jdbc:postgresql://localhost:5432/mydb\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;# The user we wish to execute our statement as\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_user =\u0026gt; \"postgres\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;# The path to our downloaded jdbc driver\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_library =\u0026gt; \"/path/to/postgresql-9.4-1201.jdbc41.jar\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;# The name of the driver class for Postgresql\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_class =\u0026gt; \"org.postgresql.Driver\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;# our query\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;statement =\u0026gt; \"SELECT * from contacts\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;}\u003cbr /\u003e}\u003cbr /\u003eoutput {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;stdout { codec =\u0026gt; json_lines }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNow we can run Logstash and see the results!\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p style=\"line-height: 22.3999996185303px; color: rgb(57, 57, 57); font-family: Arial, Helvetica, Verdana, Tahoma, sans-serif; white-space: normal;\"\u0026gt;$\u0026nbsp;logstash-1.5.3/bin/logstash -f simple-out.conf\u0026nbsp;\u0026lt;/p\u0026gt;\u0026lt;p style=\"line-height: 22.3999996185303px; color: rgb(57, 57, 57); font-family: Arial, Helvetica, Verdana, Tahoma, sans-serif; white-space: normal;\"\u0026gt;Logstash startup completed\u0026lt;/p\u0026gt;\u0026lt;p style=\"line-height: 22.3999996185303px; color: rgb(57, 57, 57); font-family: Arial, Helvetica, Verdana, Tahoma, sans-serif; white-space: normal;\"\u0026gt;{\"uid\":1,\"email\":null,\"first_name\":\"hello\",\"last_name\":null,\"@version\":\"1\",\"@timestamp\":\"2015-07-29T21:03:18.958Z\"}\u003cbr /\u003e{\"uid\":2,\"email\":\"jim@example.com\",\"first_name\":\"Jim\",\"last_name\":\"Smith\",\"@version\":\"1\",\"@timestamp\":\"2015-07-29T21:03:18.959Z\"}\u003cbr /\u003e{\"uid\":3,\"email\":null,\"first_name\":\"John\",\"last_name\":\"Smith\",\"@version\":\"1\",\"@timestamp\":\"2015-07-29T21:03:18.959Z\"}\u003cbr /\u003e{\"uid\":4,\"email\":\"carol@example.com\",\"first_name\":\"Carol\",\"last_name\":\"Smith\",\"@version\":\"1\",\"@timestamp\":\"2015-07-29T21:03:18.959Z\"}\u003cbr /\u003e{\"uid\":5,\"email\":\"sam@example.com\",\"first_name\":\"Sam\",\"last_name\":null,\"@version\":\"1\",\"@timestamp\":\"2015-07-29T21:03:18.961Z\"}\u0026lt;/p\u0026gt;\u0026lt;p style=\"line-height: 22.3999996185303px; color: rgb(57, 57, 57); font-family: Arial, Helvetica, Verdana, Tahoma, sans-serif; white-space: normal;\"\u0026gt;Logstash shutdown completed\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAwesome, we read data from Postgresql!\u003c/p\u003e\u003cp\u003eUp next,\u0026nbsp;we will demonstrate two examples of how you may use this plugin in the context of Elasticsearch.\u003c/p\u003e\u003ch3\u003eExample 2:\u0026nbsp;Synchronizing Data In Your Table To Elasticsearch\u003c/h3\u003e\u003cp\u003eIn the case that we are using our database as an input source for Elasticsearch, we may\u0026nbsp;be interested in keeping our existing documents\u0026nbsp;in-sync with our data as the database undergoes updates.\u0026nbsp;In this case, we can simply index our rows in Elasticsearch with unique ids such that any\u0026nbsp;time we re-index them, they will just update. This way, we prevent Elasticsearch from assigning\u0026nbsp;a new ID for each record and generating duplicates!\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;# file: contacts-index-logstash.conf\u003cbr /\u003einput {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_connection_string =\u0026gt; \"jdbc:postgresql://localhost:5432/mydb\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_user =\u0026gt; \"postgres\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_validate_connection =\u0026gt; true\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_library =\u0026gt; \"/path/to/postgresql-9.4-1201.jdbc41.jar\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_class =\u0026gt; \"org.postgresql.Driver\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;statement =\u0026gt; \"SELECT * from contacts\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;}\u003cbr /\u003e}\u003cbr /\u003eoutput {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;elasticsearch {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;protocol =\u0026gt; http\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;index =\u0026gt; \"contacts\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;document_type =\u0026gt; \"contact\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;document_id =\u0026gt; \"%{uid}\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;host =\u0026gt; \"ES_NODE_HOST\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;}\u003cbr /\u003e}\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eLet's do a quick check to see that \"Sam\" was indexed into Elasticsearch\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;curl ES_NODE_HOST:9200/contacts/contact/5?pretty\u003cbr /\u003e{\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_index\" : \"contacts\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_type\" : \"contact\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_id\" : \"5\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_version\" : 1,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"found\" : true,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_source\":{\"uid\":5,\"email\":\"sam@example.com\",\"first_name\":\"Sam\",\"last_name\":null,\"@version\":\"1\",\"@timestamp\":\"2015-07-29T22:12:20.146Z\"}\u003cbr /\u003e}\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eSo far we just saw how to use a query to fetch results from a database query, but what if\u0026nbsp;we want to update our index with new changes? What if some of our contacts changed emails,\u0026nbsp;or we want to update someone's last name? Here is a sequence of changes that we can apply to\u0026nbsp;our table and later verify the behavior we want in the resulting Elasticsearch index.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;UPDATE contacts SET last_name = 'Smith' WHERE email = 'sam@example.com';\u003cbr /\u003eUPDATE contacts SET email = 'john@example.com' WHERE uid = 3;\u003cbr /\u003eINSERT INTO contacts(email, first_name, last_name) VALUES('new@example.com', 'New', 'Smith');\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNow we can run Logstash with the same configuration. When we do the same query as before, we will\u0026nbsp;\u003c/p\u003e\u003cp\u003enotice that our document containing Sam has been updated and @version is now 2\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;curl ES_NODE_HOST:9200/contacts/contact/5?pretty\u003cbr /\u003e{\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_index\" : \"contacts\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_type\" : \"contact\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_id\" : \"5\",\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_version\" : 2,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"found\" : true,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"_source\":{\"uid\":5,\"email\":\"sam@example.com\",\"first_name\":\"Sam\",\"last_name\":\"Smith\",\"@version\":\"1\",\"@timestamp\":\"2015-07-29T22:12:56.980Z\"}\u003cbr /\u003e}\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eUsing this method, we can re-index our table into Elasticsearch without ending up with duplicates. One thing to note is that we are not able to capture deletes to documents under this scheme.\u003c/p\u003e\u003ch2\u003eExample 3: MusicBrainz Demo\u003c/h2\u003e\u003cp\u003e\u003ca href=\"http://musicbrainz.org\"\u003eMusicBrainz\u003c/a\u003e is an open music database containing up-to-date information\u0026nbsp;about artists, their works, and everything in-between. You can learn\u0026nbsp;more at\u0026nbsp;\u003ca href=\"http://musicbrainz.org\"\u003ehttp://musicbrainz.org\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eMusicBrainz graciously\u0026nbsp;hosts a biweekly\u0026nbsp;data dump of their database \u003ca href=\"http://ftp.musicbrainz.org/pub/musicbrainz/data/fullexport/\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003eThis data is\u0026nbsp;1.8GB with information about\u0026nbsp;around 18\u0026nbsp;million tracks\u003c/p\u003e\u003ch3\u003eHow to get the MusicBrainz data\u003c/h3\u003e\u003cp\u003eYou must first run your own mirror of the MusicBrainz database. This can\u0026nbsp;be achieved using a tool called \u003ca href=\"https://bitbucket.org/lalinsky/mbslave\"\u003embslave\u003c/a\u003e. The project's repo has instructions on syncing with the data-dump.\u003c/p\u003e\u003ch3\u003eFormulating a query to load\u003c/h3\u003e\u003cp\u003eNow that we have all of this wealth of music data in an accessible database, we can choose a subset of the data we wish to index into Elasticsearch.\u0026nbsp;We may be interested in exploring the data about artists and their releases. Here is a\u0026nbsp;SQL query to fetch a few attributes belonging to artists and their releases:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;SELECT\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_group.gid AS album_id,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_group.type AS album_primary_type_id,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_group_primary_type.name AS album_primary_type_name,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release.name AS release_name,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist.name AS artist_name,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist.gid AS artist_gid,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist_credit.id AS artist_credit_id,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist.type AS artist_type_id,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist_type.name AS artist_type_name,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;artist.begin_date_year artist_begin_date_year,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;area.name AS artist_country_name,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_country.date_year AS release_year,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_country.date_month AS release_month,\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;release_country.date_day AS release_day\u003cbr /\u003eFROM\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;musicbrainz.artist\u003cbr /\u003eINNER JOIN musicbrainz.artist_credit_name\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON artist_credit_name.artist = artist.id\u003cbr /\u003eINNER JOIN musicbrainz.artist_credit\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON artist_credit.id = artist_credit_name.artist_credit\u003cbr /\u003eINNER JOIN musicbrainz.release_group\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON release_group.artist_credit = artist_credit.id\u003cbr /\u003e\u0026lt;span\u0026gt;\u0026lt;/span\u0026gt;INNER JOIN musicbrainz.release\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON release.release_group = release_group.id\u003cbr /\u003eINNER JOIN musicbrainz.release_country\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON release.id = release_country.release\u003cbr /\u003eINNER JOIN musicbrainz.artist_type\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON artist.type = artist_type.id\u003cbr /\u003eINNER JOIN musicbrainz.area\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON artist.area = area.id\u003cbr /\u003eINNER JOIN musicbrainz.release_group_primary_type\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;ON release_group_primary_type.id = release_group.type\u003cbr /\u003e\u0026lt;span\u0026gt;\u0026lt;/span\u0026gt;WHERE\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;((release_country.date_year IS NOT NULL) AND\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;(release_country.date_month IS NOT NULL) AND\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;(release_country.date_day IS NOT NULL))\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eUsing Logstash to Query The Database and Index Into Elasticsearch\u003cspan\u003e\u003c/span\u003e\u003c/h3\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;p\u0026gt;input {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_library =\u0026gt; \"/path/to/driver.jar\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_driver_class =\u0026gt; \"org.postgresql.Driver\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_url =\u0026gt; \"jdbc://postgresql\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;jdbc_user =\u0026gt; \"musicbrainz\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;statement_filepath =\u0026gt; \"query.sql\"\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;}\u003cbr /\u003e}\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;output {\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;elasticsearch { protocol =\u0026gt; http }\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;}\u0026lt;/p\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eIn this case, we have such a complex query that we chose to leverage the\u0026nbsp;statement_filepath parameter option.\u0026nbsp;\u003c/p\u003e\u003ch3\u003eExploring Data in Kibana\u003c/h3\u003e\u003cp\u003eOne great feature of migrating a part of the data into Elasticsearch is the ability to generate great insightful visualizations using Kibana. For starters, let's see how many musical releases are introduced year over year!\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c9512798d8e381fd7c7/download?uid=blt34ee9177b75fa356?uid=blt34ee9177b75fa356\" data-sys-asset-uid=\"blt246e03b110fd12f5\" width=\"572\" height=\"431\" style=\"width: 572;height: 431;\"/\u003e\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e(image:\u0026nbsp;Number of releases per year from 1900 to 2010)\u003c/p\u003e\u003cp\u003eSeeing general counts is a nice starter, but we can explore much more! For example, these releases have artists, countries, and release types associated with them. In the following Kibana dashboard we can see the 20 artists with the most number of releases associated to them. We can also visualize the differences between album, EP, and singles releases across the various producing countries.\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c950342dfd738263266/download?uid=blt736a3d8684d25830?uid=blt736a3d8684d25830\" data-sys-asset-uid=\"blt6c481a1036436dc9\" width=\"562\" height=\"327\" style=\"width: 562;height: 327;\"/\u003e\u003c/p\u003e\u003cp\u003eWe can drill\u0026nbsp;into our donut visualization and filter for\u0026nbsp;EPs that were produced by artists from the United Kingdom.\u003cbr /\u003e\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c9558208ba076e281b6/download?uid=blt56470000d74aa90f?uid=blt56470000d74aa90f\" data-sys-asset-uid=\"blt66b13a43b0cd13f9\" width=\"611\" height=\"336\" style=\"width: 611;height: 336;\"/\u003e\u003c/p\u003e\u003cp\u003eYou may recognize some of these artists, while others may be new to you. Musicbrainz collects data about so many artists, there is always something new to discover!\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eMore Information\u003c/h2\u003e\u003cp\u003eThis post only begins to explore the integrations and features the JDBC plugin includes. For more information, check out the\u0026nbsp;plugin's \u003ca href=\"https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html\"\u003edocumentation\u003c/a\u003e. We would love your feedback on our \u003ca href=\"https://discuss.elastic.co/c/logstash\"\u003eforum\u003c/a\u003e; if you think you’ve found a bug in this plugin, please submit an \u003ca href=\"https://github.com/logstash-plugins/logstash-input-jdbc/issues\"\u003eissue\u003c/a\u003e.\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:42:07.657Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt2ff68c6d90c2b030","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:04:26.332Z","updated_at":"2018-10-09T10:04:26.332Z","content_type":"image/jpeg","file_size":"18637","filename":"insert-into-logstash-jdbc-input-plugin-database-full-bleed.jpg","title":"insert-into-logstash-jdbc-input-plugin-database-full-bleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-07T05:49:55.472Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2ff68c6d90c2b030/5bbc7d2a20bcc78f36235c29/insert-into-logstash-jdbc-input-plugin-database-full-bleed.jpg"},"markdown_l10n":"","publish_date":"2015-08-03T08:10:10.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltae953c1ebbd1cada","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:03:50.268Z","updated_at":"2018-10-09T10:03:50.268Z","content_type":"image/png","file_size":"80299","filename":"insert-into-logstash-jdbc-input-plugin-database-thumbnail.png","title":"insert-into-logstash-jdbc-input-plugin-database-thumbnail.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-07T05:49:55.472Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltae953c1ebbd1cada/5bbc7d06becc14715d488b9a/insert-into-logstash-jdbc-input-plugin-database-thumbnail.png"},"title":"INSERT INTO LOGSTASH SELECT DATA FROM DATABASE","title_l10n":"INSERT INTO LOGSTASH SELECT DATA FROM DATABASE","updated_at":"2025-03-10T11:50:05.036Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/logstash-jdbc-input-plugin","publish_details":{"time":"2025-03-10T11:50:08.800Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt931f5da4602bc388","_version":22,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security has been updated and our users are not affected by SolarWinds’ recent security advisory regarding a supply-chain attack on the Orion management platform. Identify potential attacks using new and existing rules in this post.","author":["bltb5fbc25dec714531"],"body_l10n":"\u003ch2\u003eExecutive summary\u003c/h2\u003e\u003cul\u003e\u003cli\u003eElastic Security’s malware prevention technology, used by both Elastic Endgame and the endpoint security capabilities within Elastic Security, has been updated and is not affected by attacks described in this disclosure\u003c/li\u003e\u003cli\u003eExisting Elastic Security rules (listed below) can help identify potential attacks\u003c/li\u003e\u003cli\u003eNew Elastic Security rules (listed below) can help detect new threats\u003c/li\u003e\u003cli\u003eRecommended searches/threat hunts are listed below for Elastic Security (Elastic Endgame recommendations can be found on our \u003ca href=\"https://support.elastic.co/customers/s/login/\"\u003esupport portal\u003c/a\u003e)\u003c/li\u003e\u003cli\u003eUsers can leverage\u0026nbsp;Elastic ML models to detect potential C2 from the SUNBURST attack\u003c/li\u003e\u003cli\u003eUsers are invited to work directly with our protection engineers in our \u003ca href=\"https://github.com/elastic/detection-rules\"\u003epublic rules repo\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eBackground\u003c/h2\u003e\u003cp\u003eOn December 13, \u003ca href=\"https://www.solarwinds.com/securityadvisory\"\u003eSolarWinds released a security advisory\u003c/a\u003e\u0026nbsp;regarding a successful supply-chain attack on the Orion management platform. The attack affects Orion versions 2019.4 HF 5 through 2020.2.1, software products released between March and June of 2020. Likewise, on December 13, \u003ca href=\"https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\"\u003eFireEye released information about a global campaign involving SolarWinds supply-chain compromise\u003c/a\u003e that affected some versions of Orion software.\u003c/p\u003e\u003cp\u003eMany details of the intrusion have not been made public, and this content may be later updated as additional information becomes known. Elastic provides this information for users in the free tier, and recommends subscription customers refer to the \u003ca href=\"https://support.elastic.co/customers/s/login/\"\u003esupport portal\u003c/a\u003e for additional information about licensed features.\u003c/p\u003e\u003ch2\u003eMalware protection\u003c/h2\u003e\u003cp\u003eWe have updated our MalwareScore protection, used by both Elastic Endgame and Elastic Security. This update includes blocklist entries for known bad file hashes, providing essential prevention capability to mitigate deployed SolarWinds client software containing malicious code. Users should receive this update automatically.\u003c/p\u003e\u003ch2\u003eFree and open behavioral detections\u003c/h2\u003e\u003cp\u003eWe have reviewed public materials disclosed by SolarWinds and FireEye to ensure we have as up-to-date an understanding of tactics, techniques, and procedures (TTPs) as possible. Additionally, Elastic reviewed \u003ca href=\"https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/\"\u003econtent published by Volexity\u003c/a\u003e\u0026nbsp;describing post-exploitation activities observed during professional services engagements. While information about how the adversary responsible has leveraged this supply-chain compromise is limited, materials published by FireEye and Volexity indicate attempts to obtain lasting operational control by targeting directory services and other forms of authentication with a particular emphasis on information access.\u003c/p\u003e\u003cp\u003eThe following existing behavioral detections for the Elastic Security solution may identify evidence of successful post-exploitation:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/rules/azure/persistence_user_added_as_owner_for_azure_service_principal.toml\"\u003eUser Added as Owner for Azure Service Principal\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/rules/azure/persistence_mfa_disabled_for_azure_user.toml\"\u003eMulti-Factor Authentication Disabled for an Azure User\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/86b1a56c1bfb42da504923e70bef788177967985/rules/microsoft-365/credential_access_microsoft_365_brute_force_user_account_attempt.toml\"\u003eAttempts to Brute Force a Microsoft 365 User Account\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/73e2690ec0683c3b77d54458da56c5d8b1c41092/rules/microsoft-365/credential_access_microsoft_365_potential_password_spraying_attack.toml\"\u003ePotential Password Spraying of Microsoft 365 User Accounts\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/rules/azure/initial_access_consent_grant_attack_via_azure_registered_application.toml\"\u003ePossible Consent Grant Attack via Azure-Registered Application\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/rules/azure/credential_access_key_vault_modified.toml\"\u003eAzure Key Vault Modified\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/538aa80bba56535bb32eaab6cad9ef44d959ea30/rules/windows/defense_evasion_process_termination_followed_by_deletion.toml\"\u003eProcess Termination followed by Deletion\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/e6645a8be9f70397b096928f28c49899d69adf04/rules/windows/defense_evasion_clearing_windows_event_logs.toml\"\u003eClearing Windows Event Logs\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdditionally, new behavioral rules are being released for the following activities:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/3b583cebade7de127f90dcbb7a93b9e083048b3c/rules/windows/collection_email_powershell_exchange_mailbox.toml\"\u003eExporting Exchange MailBox via PowerShell\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/3b583cebade7de127f90dcbb7a93b9e083048b3c/rules/windows/defense_evasion_solarwinds_backdoor_service_disabled_via_registry.toml\"\u003eSolarWinds Process Disabling Services via Registry\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/3b583cebade7de127f90dcbb7a93b9e083048b3c/rules/windows/execution_apt_solarwinds_backdoor_child_cmd_powershell.toml\"\u003eCommand Execution via SolarWinds Process\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/3b583cebade7de127f90dcbb7a93b9e083048b3c/rules/windows/execution_apt_solarwinds_backdoor_unusual_child_processes.toml\"\u003eSuspicious SolarWinds Child Process\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/7.11/rules/azure/initial_access_azure_active_directory_powershell_signin.toml\"\u003eAzure Active Directory PowerShell Sign-in\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/7.11/rules/azure/defense_evasion_azure_service_principal_addition.toml\"\u003eAzure Service Principal Addition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/5e8b86a84eb9d5291ae64ec440254ca3ae274808/rules/windows/command_and_control_sunburst_c2_activity_detected.toml\"\u003eSUNBURST Command and Control Activity Detected\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/7.11/rules/azure/defense_evasion_azure_application_credential_modification.toml\"\u003eAzure Application Credential Modification\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/rules/windows/execution_scheduled_task_powershell_source.toml\"\u003eOutbound Scheduled Task Activity via PowerShell\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eElastic Security users may find value in enabling additional \u003ca href=\"https://github.com/elastic/detection-rules\"\u003edetection-rules\u003c/a\u003e in \u003cem\u003eall\u003c/em\u003e categories, prioritizing triage and analysis of results related to SolarWinds client software.\u003c/p\u003e\u003cp\u003eUsers should note that the detection-rules command-line interface (\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/CLI.md\"\u003eCLI\u003c/a\u003e) is required to import rules, and the import-rules function can import rules in several formats either individually or from a directory.\u003c/p\u003e\u003ch2\u003eThreat hunting using Elastic\u003c/h2\u003e\u003cp\u003eUsers who have deployed the Elastic endpoint may find that hunts focused on the following are important leads to prioritize based on public reporting:\u003c/p\u003e\u003ch3\u003eDisabling services via the Windows registry\u003c/h3\u003e\u003ch4\u003eEQL\u003c/h4\u003e\u003cpre\u003eregistry where registry.path : \"HKLM\\\\SYSTEM\\\\*ControlSet*\\\\Services\\\\*\\\\Start\" and registry.data.strings == \"4\" and not (process.name : \"services.exe\" and user.domain: \"NT AUTHORITY\")\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eKQL\u003c/h4\u003e\u003cpre\u003eregistry.path:HKLM\\\\System\\\\*ControlSet*\\\\Services\\\\*\\\\Start and registry.data.strings:\"4\" and not (process.name:\"services.exe\" and user.domain:\"NT AUTHORITY\")\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eUnusual descendants of the SolarWinds client\u003c/h3\u003e\u003ch4\u003eEQL\u003c/h4\u003e\u003cpre\u003eprocess where event.type in (\"start\",\"process_started\") and process.parent.name:(\"SolarWinds.BusinessLayerHost.exe\",\"SolarWinds.BusinessLayerHostx64.exe\")\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eKQL\u003c/h4\u003e\u003cpre\u003eevent.category:process and event.type:start and process.parent.name:(\"SolarWinds.BusinessLayerHost.exe\" or \"SolarWinds.BusinessLayerHostx64.exe\")\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eCreation of executable files by the SolarWinds client\u003c/h3\u003e\u003ch4\u003eEQL\u003c/h4\u003e\u003cpre\u003efile where process.name in (\"SolarWinds.BusinessLayerHost.exe\", \"SolarWinds.BusinessLayerHostx64.exe\") and file.name : (\"*.dll*\", \"*.exe*\", \"*.ps1*\", \"*.jpg*\", \"*.png*\")\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eKQL\u003c/h4\u003e\u003cpre\u003eevent.category:file and event.type:creation and file.extension:(dll or DLL or exe or EXE or ps1 or PS1 or jpg or JPG or png or PNG) and process.name:(\"SolarWinds.BusinessLayerHost.exe\" or \"SolarWinds.BusinessLayerHostx64.exe\")\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eUnexpected network communications by the SolarWinds client\u003c/h3\u003e\u003ch4\u003eEQL\u003c/h4\u003e\u003cpre\u003enetwork where network.protocol == \"http\" and process.name: (\"SolarWinds.BusinessLayerHostx64.exe\", \"ConfigurationWizard.exe\", \"NetflowDatabaseMaintenance.exe\", \"NetFlowService.exe\", \"SolarWinds.Administration.exe\", \"SolarWinds.BusinessLayerHost.exe\", \"SolarWinds.Collector.Service.exe\" , \"SolarwindsDiagnostics.exe\") and wildcard(http.request.body.content, \"POST*/swip/Upload.ashx*\", \"PUT*/swip/Upload.ashx*\", \"GET*/swip/SystemDescription*\", \"HEAD*/swip/SystemDescription*\", \"GET*/swip/Events*\", \"HEAD*/swip/Events*\") and not wildcard(http.request.body.content, \"POST*solarwinds.com*\", \"PUT*solarwinds.com*\", \"GET*solarwinds.com*\", \"HEAD*solarwinds.com*\")\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eKQL\u003c/h4\u003e\u003cpre\u003eevent.category:network and event.type:protocol and network.protocol:http and process.name:(ConfigurationWizard.exe or NetFlowService.exe or NetflowDatabaseMaintenance.exe or SolarWinds.Administration.exe or SolarWinds.BusinessLayerHost.exe or SolarWinds.BusinessLayerHostx64.exe or SolarWinds.Collector.Service.exe or SolarwindsDiagnostics.exe) and http.request.body.content:(((*/swip/Upload.ashx* and (POST* or PUT*)) or (*/swip/SystemDescription* and (GET* or HEAD*)) or (*/swip/Events* and (GET* or HEAD*))) and not *solarwinds.com*)\u003cbr /\u003e\u003c/pre\u003e\u003ch2\u003eFor our users leveraging machine learning\u003c/h2\u003e\u003cp\u003eMachine learning is a critical capability when tracking down and detecting unknown threats. Elastic Security ships prebuilt jobs and rules that can jumpstart security teams across any organization. In this case, SUNBURST detection was not the exception. In \u003ca href=\"https://www.elastic.co/blog/supervised-and-unsupervised-machine-learning-for-dga-detection\"\u003ethis blog\u003c/a\u003e, Elastic users can find step-by-step instructions to leverage one of the latest additions to our fleet: a model that combines supervised and unsupervised learning for effectively detect Domain Generation Algorithm (DGA) activity in organizations.\u003c/p\u003e\u003ch2\u003eNext steps\u003c/h2\u003e\u003cp\u003eElastic will update our malware protection signer allowlist to remove an allowlist entry for SolarWinds Worldwide, LLC. As a result, SolarWinds users may see malware alerts for software signed by SolarWinds. These may be false positives.\u003c/p\u003e\u003cp\u003eElastic Security's researchers are monitoring this situation for any updates. As new information emerges, we will evaluate and create additional protections as needed.\u003c/p\u003e\u003cp\u003eElastic recommends users follow all applicable guidance from SolarWinds in addition to the guidance provided in this document. Users of SolarWinds products should also review reference materials for associated network-based indicators and conduct searches to identify potential evidence of prior or ongoing compromise. Elastic users can easily search for atomic indicators without learning a new query language.\u003c/p\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2020-12-15T17:54:09.183Z","created_by":"bltc87e8bcd2aefc255","disclaimer":["bltc28183b66ccd29e9"],"full_bleed_image":{"uid":"bltdee39bad4d3c7965","ACL":{},"_version":1,"content_type":"image/jpeg","created_at":"2020-12-15T21:34:00.574Z","created_by":"bltf6ab93733e4e3a73","file_size":"145965","filename":"blog-banner-digital-red-shield.jpg","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-15T21:34:07.114Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-banner-digital-red-shield.jpg","updated_at":"2020-12-15T21:34:00.574Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdee39bad4d3c7965/5fd92bc869cce544cffa72f0/blog-banner-digital-red-shield.jpg"},"markdown_l10n":"","publish_date":"2020-12-15T22:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security provides free and open protections for SUNBURST","seo_description_l10n":"Elastic Security has been updated and our users are not affected by SolarWinds’ recent security advisory regarding a supply-chain attack on the Orion management platform. Identify potential attacks using new and existing rules in this post.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt58039093428c8670","ACL":{},"_version":1,"content_type":"image/jpeg","created_at":"2020-12-15T21:33:59.500Z","created_by":"bltf6ab93733e4e3a73","file_size":"191083","filename":"blog-thumb-digital-red-shield.jpg","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-15T21:34:07.129Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-thumb-digital-red-shield.jpg","updated_at":"2020-12-15T21:33:59.500Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt58039093428c8670/5fd92bc77c43e43bf41983af/blog-thumb-digital-red-shield.jpg"},"title":"Elastic Security provides free and open protections for SUNBURST","title_l10n":"Elastic Security provides free and open protections for SUNBURST","updated_at":"2025-03-10T11:49:02.298Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-security-provides-free-and-open-protections-for-sunburst","publish_details":{"time":"2025-03-10T11:49:05.847Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte3b1bc93c2634e11","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt494a7006515ea7c6"],"body_l10n":"\u003cp\u003eThe Elasticsearch engineering team is busy working on features for Elasticsearch 6.0. One of the changes that is coming in Elasticsearch 6.0 is \u003cem\u003estrict content-type checking\u003c/em\u003e.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eWhat’s changing?\u003c/h1\u003e\u003cp dir=\"ltr\"\u003eStarting from Elasticsearch 6.0, all REST requests that include a body must also provide the correct content-type for that body.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIn earlier releases of Elasticsearch, the content-type was optional, and if it was missing or not recognised, then the server would \u003cem\u003esniff\u003c/em\u003e the content and make an educated guess regarding the content-type. That will no longer happen in Elasticsearch 6.0 - every incoming request needs to have the correct content-type for the body it contains.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThis ability to enforce strict content-type checking has existed since Elasticsearch 5.3 via the http.content_type.required \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/5.3/modules-http.html#_settings_2\"\u003econfiguration setting\u003c/a\u003e. In 5.x it is optional, and defaults to \u003ctt\u003efalse\u003c/tt\u003e, in Elasticsearch 6.0, that setting defaults to \u003ctt\u003etrue\u003c/tt\u003e, and there is no way to disable it.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eWhy are we changing this?\u003c/h1\u003e\u003cp dir=\"ltr\"\u003eWe know that the content-type sniffing has been quite convenient when using basic HTTP tools such as curl. Many of us are quite accustomed to searching a cluster by running something like this:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ecurl 'http://localhost:9200/_search' -d'\u003cbr /\u003e{\u003cbr /\u003e \"query\" : {\u003cbr /\u003e \"match_all\" : {}\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eBut, we need to make that sort of operation slightly more verbose, and include the content-type, in the interests of \u003cem\u003e\u003cstrong\u003eclarity\u003c/strong\u003e\u003c/em\u003e and \u003cem\u003e\u003cstrong\u003esecurity\u003c/strong\u003e\u003c/em\u003e.\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eClarity\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eAs Elasticsearch has evolved we’ve made a conscious decision to favour reliability and predictability over leniency. And while being lenient with content-types has been convenient, it also produced some surprising results.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFor example, if you tried to send plain text content to an API that didn’t support it, then you would usually receive a clear error like this:\u003c/p\u003e\u003cblockquote style=\"font-family: monospace;font-style: normal;font-size: 100%;\"\u003eContent-Type header [text/plain] is not supported\u003c/blockquote\u003e\u003cp dir=\"ltr\"\u003eBut under the covers Elasticsearch was doing its best to try and guess what you might have meant. So, if your body started with “\u003ctt\u003e{\u003c/tt\u003e” then it would guess that your content was actually JSON, but when it tried to parse that, it would fail and the error message would look more like:\u003c/p\u003e\u003cblockquote style=\"font-family: monospace;font-style: normal;font-size: 100%;\"\u003eUnexpected character ('a' (code 97)): was expecting double-quote to start field name\u003c/blockquote\u003e\u003cp dir=\"ltr\"\u003eAnd, while most of our APIs support YAML formatted requests, the content-type sniffing required that the body start with a start-of-document marker (“\u003ctt\u003e---\u003c/tt\u003e”), which is not what users expected.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWhen it comes to content-type, we’ve come to the conclusion that “Say what you mean” provides a more reliable and predictable outcome, than guessing. Being explicit is the safer, clearer and more consistent approach.\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eSecurity\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eStrict checking of content-type is also useful as a layer of protection against \u003cem\u003eCross Site Request Forgery\u003c/em\u003e attacks.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eBecause the Elasticsearch REST API uses simple HTTP requests, what’s easy to do with curl, is often easy to do with your web browser. If your internal network allows it, you can point your favourite browser at the \u003ctt\u003e/_cluster/settings\u003c/tt\u003e endpoint on one of your Elasticsearch nodes and see the settings for your cluster.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eUnfortunately, if an attacker has the right knowledge about your internal network and Elasticsearch cluster, they can craft a malicious webpage that would use that same technique to perform unwanted updates to your cluster. Web browsers implement a number of security policies that help protect from such attacks, and part of that protection is to place limits on the content-types that may be used when sending data to remote servers.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eAs an example, consider this very simple web page:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;html\u0026gt;\u003cbr /\u003e \u0026lt;body\u0026gt;\u003cbr /\u003e \u0026lt;script src=\"https://code.jquery.com/jquery-3.2.1.min.js\"\u003cbr /\u003e type=\"text/javascript\"\u0026gt;\u0026lt;/script\u0026gt;\u003cbr /\u003e \u0026lt;script type=\"text/javascript\"\u0026gt;\u003cbr /\u003e $(function() {\u003cbr /\u003e $.ajax({\u003cbr /\u003e url: \"http://localhost:9200/visitors/doc/\",\u003cbr /\u003e type:'POST',\u003cbr /\u003e data: JSON.stringify({ browser: navigator.userAgent,\u003cbr /\u003e date: new Date() }),\u003cbr /\u003e contentType: 'text/plain'\u003cbr /\u003e });\u003cbr /\u003e });\u003cbr /\u003e \u0026lt;/script\u0026gt;\u003cbr /\u003e \u0026lt;/body\u0026gt;\u003cbr /\u003e\u0026lt;/html\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eIf you run an out-of-the-box install of Elasticsearch 5 on your local computer, and then open up that page in your web browser, it will add a new document in your Elasticsearch cluster that stores your browser’s \u003cem\u003eUser Agent\u003c/em\u003e and the time that you loaded the page. That’s not so scary, but with minimal changes we could make that same page overwrite or delete existing documents.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you try run that code in your browser, you will find that there an error message is displayed in the development console. Here’s what it looks like in Google Chrome:\u003c/p\u003e\u003cblockquote style=\"font-family: monospace;font-style: normal;font-size: 100%;\"\u003eXMLHttpRequest cannot load http://localhost:9200/visitors/doc/. No 'Access-Control-Allow-Origin' header is present on the requested resource.\u003c/blockquote\u003e\u003cp dir=\"ltr\"\u003eThat error is due to the \u003cem\u003eSame Origin Policy\u003c/em\u003e\u003csup id=\"footref-1\"\u003e\u0026nbsp;\u003c/sup\u003e\u003ca href=\"#footnote-1\"\u003e\u003csup id=\"footref-1\"\u003e1\u003c/sup\u003e\u003c/a\u003e that is one of the security features of the web. By default, a web page loaded from one site may only access content from that same site. This policy prevented our sample web page from reading the JSON that was sent as a response when it stored the document in Elasticsearch.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eBut why does the browser even allow us to send data to the Elasticsearch server if we’re not allowed to read the result? The answer lies in a second browser feature called \u003cem\u003eCross Origin Resource Sharing\u003c/em\u003e (CORS)\u003csup id=\"footref-2\"\u003e\u0026nbsp;\u003c/sup\u003e\u003ca href=\"#footnote-2\"\u003e\u003csup id=\"footref-2\"\u003e2\u003c/sup\u003e\u003c/a\u003e. While the \u003cem\u003eSame Origin Policy\u003c/em\u003e acts as a very useful default to securing the web, there are also many times where it is helpful for two otherwise independent sites to be able to share resources. CORS defines a mechanism by which a site can optionally grant other sites access to its resources.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eDue to the history of the web, and the way it has evolved over time, CORS assumes that some types of requests can always be \u003cem\u003esent\u003c/em\u003e safely. For example, web browsers have always allowed cross-origin form submission - a form on my web page can be configured to send its data to your server. If the browser determines that a cross-origin request meets certain requirements, then it will declare it to be \u003cem\u003esafe\u003c/em\u003e and will send that request off to the third-party server. It is only when the response comes back from that server, that the browser checks to see whether the original web page is allowed to access the provided content.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIn our example above, the request sets the content-type to be \u003ctt\u003etext/plain\u003c/tt\u003e which browsers treat as a safe value\u003csup id=\"footref-3\"\u003e\u0026nbsp;\u003c/sup\u003e\u003ca href=\"#footnote-3\"\u003e\u003csup id=\"footref-3\"\u003e3\u003c/sup\u003e\u003c/a\u003e, so the requests is sent off to the Elasticsearch server. When Elasticsearch responds, the browser looks for special CORS-related headers, so that it can decide whether the calling script is allowed to process the content of the response. By default, an Elasticsearch server does not include any of those CORS headers in the response, so the cross-origin request fails, and our web-page is prevented from seeing the results of the POST. But by then the damage has already been done - the request was sent to the Elasticsearch cluster and the document has been stored.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe strict content-type checking in Elasticsearch 6.0 helps prevent that damage. The Index API that is being used in this example does not support a content-type of \u003ctt\u003etext/plain\u003c/tt\u003e, so Elasticsearch 6.0 will reject the request without performing any updates.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWe might attempt to work around those content-type checks by changing our test page to send a valid Content-Type such as JSON.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;html\u0026gt;\u003cbr /\u003e \u0026lt;body\u0026gt;\u003cbr /\u003e \u0026lt;script src=\"https://code.jquery.com/jquery-3.2.1.min.js\"\u003cbr /\u003e type=\"text/javascript\"\u0026gt;\u0026lt;/script\u0026gt;\u003cbr /\u003e \u0026lt;script type=\"text/javascript\"\u0026gt;\u003cbr /\u003e $(function() {\u003cbr /\u003e $.ajax({\u003cbr /\u003e url: \"http://localhost:9200/visitors/doc/\",\u003cbr /\u003e type:'POST',\u003cbr /\u003e data: JSON.stringify({ browser: navigator.userAgent,\u003cbr /\u003e date: new Date() }),\u003cbr /\u003e contentType: 'application/json'\u003cbr /\u003e });\u003cbr /\u003e });\u003cbr /\u003e \u0026lt;/script\u0026gt;\u003cbr /\u003e \u0026lt;/body\u0026gt;\u003cbr /\u003e\u0026lt;/html\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\"\u003eHowever, the CORS security policy does not treat \u003ctt\u003eapplication/json\u003c/tt\u003e as a \u003cem\u003esafe\u003c/em\u003e content-type, so the browser performs what is known as a \u003cem\u003epreflight\u003c/em\u003e request. That request is sent to the same URL on the Elasticsearch server, but the HTTP method is set to \u003ctt\u003eOPTIONS\u003c/tt\u003e and no data is sent in the request body. Once again the web browser looks for the special CORS response headers, and since Elasticsearch doesn’t send them, the cross-origin request is refused and the \u003ctt\u003ePOST\u003c/tt\u003e body is never sent to the Elasticsearch server.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eBy enforcing strict content-type checks in Elasticsearch 6.0, we reduce the risk of \u003cem\u003eCross Site Request Forgery\u003c/em\u003e attacks and help protect against accidental or malicious destruction of data.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eWhat do I need to do?\u003c/h1\u003e\u003cp dir=\"ltr\"\u003eFor most users there’s nothing you need to do - everything has been taken care of.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eAll the components of the Elastic Stack, as well as our official REST clients will send the correct content-type for each request - just make sure that you’re on a recent version. If you are using a third-party client, or one that you built yourself, then you’ll need to check whether that client sends a valid content-type for each request.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you regularly use \u003ctt\u003ecurl\u003c/tt\u003e or another command line tool to send data into Elasticsearch, you’ll need to add the Content-Type header to any request that contains a body. For curl, that means adding -H'Content-Type: application/json' to the command line of any request that has a JSON body\u003csup id=\"footref-4\"\u003e\u0026nbsp;\u003c/sup\u003e\u003ca href=\"#footnote-4\"\u003e\u003csup id=\"footref-4\"\u003e4\u003c/sup\u003e\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you’re interested in testing your application or client library, we’ve released \u003ca href=\"https://www.elastic.co/blog/elasticsearch-6-0-0-alpha2-released\"\u003e6.0.0-alpha2\u003c/a\u003e, and it includes content-type checking. Alternatively, you can turn on strict content-type checking in recent versions of Elasticsearch 5 (see below).\u003c/p\u003e\u003ch1 dir=\"ltr\" rel=\"line-height:1.38;margin-top:20pt;margin-bottom:6pt;\"\u003eWhat about Elasticsearch 5.x?\u003c/h1\u003e\u003cp dir=\"ltr\"\u003eI mentioned earlier that you can enable strict content-type checking in recent releases of Elasticsearch 5 by enabling the http.content_type.required configuration option. Given the security reasons mentioned above, you should consider whether that is something that would be of value to you right now.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you’re deploying a brand new Elasticsearch cluster, it’s probably a good idea to require strict content-types from the start. It will be one less thing to worry about when you do upgrade to 6.x, and it gives you an added layer of protection against \u003cem\u003eCross Site Request Forgery\u003c/em\u003e attacks.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you have an existing Elasticsearch installation, then turning on that setting may be a little trickier - you need to know that all of your clients are sending the correct content-type. But if you can tackle that problem now that will get you one step closer to being able to migrate to Elasticsearch 6 when it is officially available.\u003c/p\u003e\u003ch1 dir=\"ltr\"\u003eConclusion\u003c/h1\u003e\u003cp dir=\"ltr\"\u003eThis is not a decision that we made lightly. We had a lot of conversation about it, and considered various options. We recognise that the old content sniffing approach was convenient, but we feel strongly that this change is a necessary one to help provide stable, reliable and predictable features in Elasticsearch.\u003c/p\u003e\u003chr/\u003e\u003cp id=\"footnote-1\" style=\"margin: 0 1em;\"\u003e\u003ca href=\"#footref-1\" style=\"font-size: 80%;min-width: 1.2em;display: inline-block;\"\u003e1.\u003c/a\u003e\u0026nbsp;\u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy\"\u003ehttps://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy\u003c/a\u003e\u003c/p\u003e\u003cp id=\"footnote-2\" style=\"margin: 0 1em;\"\u003e\u003ca href=\"#footref-2\" style=\"font-size: 80%;min-width: 1.2em;display: inline-block;\"\u003e2.\u003c/a\u003e\u0026nbsp;\u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS\"\u003ehttps://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS\u003c/a\u003e\u003c/p\u003e\u003cp id=\"footnote-3\" style=\"margin: 0 1em;\"\u003e\u003ca href=\"#footref-3\" style=\"font-size: 80%;min-width: 1.2em;display: inline-block;\"\u003e3.\u003c/a\u003e\u0026nbsp;\u003ca href=\"https://fetch.spec.whatwg.org/#cors-safelisted-request-header\"\u003ehttps://fetch.spec.whatwg.org/#cors-safelisted-request-header\u003c/a\u003e\u003c/p\u003e\u003cp id=\"footnote-4\" style=\"margin: 0 1em;\"\u003e\u003ca href=\"#footref-4\" style=\"font-size: 80%;min-width: 1.2em;display: inline-block;\" rel=\"font-size:90%;min-width:1.2em;display:inline-block\"\u003e4.\u003c/a\u003e\u0026nbsp;If you’re copying examples from our documentation, you’ll find that the the \u003cspan style=\"color: #00a9e5;\"\u003eCOPY AS CURL\u003c/span\u003e button automatically includes this option.\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:04:32.243Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"bltffd625cb0946c2c3","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-15T06:56:34.505Z","updated_at":"2018-10-15T06:56:34.505Z","content_type":"image/jpeg","file_size":"185571","filename":"content-typewriter-header.jpg","title":"content-typewriter-header.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:51:51.966Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltffd625cb0946c2c3/5bc43a22ee56595935433902/content-typewriter-header.jpg"},"markdown_l10n":"","publish_date":"2017-07-25T14:44:30.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"Elasticsearch 6.0 will enforce strict content-type checking. All REST requests that include a body must also provide the correct Content-Type header.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt048e5e01aa446692","ACL":{},"created_at":"2023-11-06T20:38:02.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"devsecops","label_l10n":"DevSecOps","tags":[],"title":"DevSecOps","updated_at":"2023-11-06T20:38:02.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.187Z","user":"blt4b2e1169881270a8"}},{"title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltfb7ae09ed75b8f86","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-15T06:56:29.805Z","updated_at":"2018-10-15T06:56:29.805Z","content_type":"image/jpeg","file_size":"115735","filename":"content-typewriter-thumb.jpg","title":"content-typewriter-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:51:51.966Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb7ae09ed75b8f86/5bc43a1db126b38913d73917/content-typewriter-thumb.jpg"},"title":"Strict Content-Type Checking for Elasticsearch REST Requests","title_l10n":"Strict Content-Type Checking for Elasticsearch REST Requests","updated_at":"2025-03-10T11:47:13.936Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/strict-content-type-checking-for-elasticsearch-rest-requests","publish_details":{"time":"2025-03-10T11:47:30.925Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7d113691929d2058","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltc2297dffec6bba68"],"body_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eQuestion: How many engineers does it take to change a light bulb?\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAnswer: The light bulb works fine on the system in my office...\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eOK. It isn’t a great joke. But it’s the perfect setup for discussing an important topic here at Elastic: How do busy engineers, often working on large and gnarly projects, handle the small issues — like changing a metaphorical light bulb — that inevitably pop up from time to time?\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe answer: Fix-It Friday.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe Elasticsearch code is housed in a public repository \u003ca href=\"https://github.com/elastic/elasticsearch\"\u003eon GitHub\u003c/a\u003e and accessible to anyone. When a user finds bugs, spots missing features, or wants to make a specific request, they can flag it using the issues tab by simply submitting a new issue. The process is open and transparent — just the way we like it.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eEach day, someone on the Elasticsearch team is assigned to a role called support dev help. In this role, the engineer has the dual duty of aiding the Elastic support team while looking for fresh issues in the Elasticsearch repository. When a new issue arises, the engineer will add a label to help the team prioritize when to tackle it, and how much effort it might take to solve it.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHowever, not all issues have a simple diagnosis, nor an easy fix.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“If there’s enough information, but it’s not clear that the issue is something we really want to handle due to policy, or maybe the person handling the ticket doesn’t have enough knowledge in the issue area to make a decision on it, then we can mark the ticket ‘discuss’ and it goes into the queue for Fix-It Friday,” said Colin Goodheart-Smithe, Elasticsearch Software Engineer. \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eElasticsearch Team Lead Clint Gormley created the Fix-It Friday initiative a little over three years ago as a time when these small issues were given to engineers to solve. That ambitious concept didn’t last very long. The team quickly learned that small issues often turned out to be big ones in disguise. (Think: the filament in the light bulb looks dead, but in reality the electricity is out.) So, the scope of Fix-It Friday evolved into a get together for discussing user requests and finding solutions. Since the Elastic team is distributed, the meetup also became a weekly opportunity to get off Slack and email and get focused on a team video call.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“It’s a good time,” said Gormley, “getting a group with such a wide range of expertise in one virtual room — it’s amazing.”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAbout 10 issues are discussed during a typical one hour Fix-It Friday session. Issues are later fixed and implemented or de-escalated. When asked whether there was a particular issue from a Fix-It Friday meeting that jumped out at him, or that he thought was quirky or fun, Gormley laughed. “We’ve only been through 12,000 issues or something ….”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBut one seemingly small bug hiding something larger did spring to mind. Users reported heavy queries submitted to Elasticsearch never timing out, and Gormley recalled queries which ran for hours.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“Usually, our queries run milliseconds, so if one runs for an hour, you know you have a problem,” he explained.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn these situations users, thinking nothing is happening, run the query again. So, instead of one \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html\"\u003ewildcard query\u003c/a\u003e running for an hour, they actually have two — or more. This isn’t exactly an issue that could break anything, but it had the potential to slow results and reduce resources. The issue was marked for discussion at a Fix-It Friday session. After a lengthy debate, Elastic engineers considered adding a default timeout, meaning in one hour’s time, the query got canceled. It seemed like a good idea at first. But with several eyeballs on the issue, another perspective developed.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eData is stored in indexes mapped out to shards, which are situated on different machines. When you run a query, it reaches out to all the shards, gathering the results and providing those results to the user. But what happens if one of the shards is missing due to a dying node on the shard, or when it gets disconnected from the network, causing the heavy query to fail? Should Elasticsearch show an exception? Or show only the results from the available shards?\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eUsers performing a simple search might be happy with getting results only from available shards. But users performing analytics would want to know that they’re receiving partial results. For the timeout option, Elastic engineers decided that a silent timeout (when you do not get a notification that the query stopped running) was out of the question. They also considered throwing an exception so that the user knew something was wrong with the query. But what of other circumstances, such as a missing shard, that can create partial results? Should that throw a hard exception too? In the end, they decided to add a global and per-request setting to toggle this behavior. The timeout discussion turned out to be too large a decision for one engineer to make on their own.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“From a user perspective it’s important that we actually look at these things,” said Gormley. “Our users are very involved. If they’ve taken the time to write a decent issue, we owe it to them to respond appropriately.”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis is where the value of Fix-It Friday really comes into play — it’s a broadening of the collective Elastic mind. For engineers, Fix-It Friday is a chance to break from the day-to-day and think about new issues in different ways, providing an opportunity to meditate on an problem that may not be their particular focus but is part of the larger product. In the end, Fix-It Friday isn’t about simply fixing bugs, or fielding requests — it’s about widening the scope of what Elastic can do.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“It's about making decisions,” said Elasticsearch Software Engineer Adrien Grand. “It’s about which direction we want to take.”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“You see people asking us to add features that work on small datasets but won’t scale,” said Gormley. “If we make something as a small-scale solution, inevitably someone will want to use it on the big scale and it will fail. That kind of stuff is important for new devs to know so that they can make these decisions later on. There’s an ethos to how we develop; guiding principles of what to add, and what not to add.”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHowever, Gormley added, nothing is set in stone.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“That willingness to change minds is an important part of the Elastic culture.”\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e“As usual in open source,” added Adrien Grand, “no is temporary, but yes is forever.”\u003c/p\u003e","category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:04:00.950Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"Fix-It-Friday-Solving-Issues.jpg","uid":"blt207e3803f666e598","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:18:33.139Z","updated_at":"2019-01-05T09:18:33.139Z","content_type":"image/jpeg","file_size":"191702","filename":"Fix-It-Friday-Solving-Issues.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T18:02:55.445Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt207e3803f666e598/5c30766933d6423967f5b5f0/Fix-It-Friday-Solving-Issues.jpg"},"markdown_l10n":"","publish_date":"2017-12-22T17:40:59.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"black-and-white-code-programming-tech-79290.jpg","uid":"bltea769ac573ee2244","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:18:36.498Z","updated_at":"2019-01-05T09:18:36.498Z","content_type":"image/jpeg","file_size":"69779","filename":"black-and-white-code-programming-tech-79290.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T18:02:55.445Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltea769ac573ee2244/5c30766cebb7714d66027174/black-and-white-code-programming-tech-79290.jpg"},"title":"Solving the Small but Important Issues with Fix-It Fridays","title_l10n":"Solving the Small but Important Issues with Fix-It Fridays","updated_at":"2025-03-10T11:45:45.006Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/solving-the-small-but-important-issues-with-fix-it-fridays","publish_details":{"time":"2025-03-10T11:45:48.432Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1d36e81324226831","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Want to submit your first pull request (PR) to Elastic? In this post, we outline how we use pull requests, how to submit, and the process when we receive one.","author":["bltc2297dffec6bba68"],"body_l10n":"\u003cp\u003eGetting things done at Elastic is a collaborative effort.\u003c/p\u003e\u003cp\u003eOur engineers work around the clock (quite literally for a \u003ca href=\"https://www.elastic.co/about/our-source-code\"\u003edistributed company\u003c/a\u003e) developing new products and features. It’s an immense amount of work, requiring fine attention to detail. But no matter how careful we are, we’re not perfect, and with any open source project as complex as ours, we still need the community's help to make it better.\u003c/p\u003e\u003cp\u003eIn \u003ca href=\"https://www.elastic.co/blog/solving-the-small-but-important-issues-with-fix-it-fridays\"\u003eSolving the Small but Important Issues with Fix-It Fridays\u003c/a\u003e, we discussed how contributions from our community are the driving factor of our continued success in developing our products. One of the great benefits of being an open source project is that we have a large community of developers looking out for bugs and eagerly waiting for a chance to squash them.\u003c/p\u003e\u003cp\u003eIf you’re a new member to the community and want to submit your first pull request (PR), or have questions about how the process works, you’ve come to the right place! In this post, we’ll provide an overview of how pull requests work for Elastic, what the process is when we receive one, and how to avoid common mistakes that might prevent your contribution from being implemented.\u003c/p\u003e\u003ch2\u003eSo, how do I submit a pull request?\u003c/h2\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt20df7811154eb06b/5fa98bde42256d5ffdf418b1/blog-how-we-pull-1.png\" style=\"border: none;transform: rotate(0.00rad);webkit-transform: rotate(0.00rad);\" width=\"624\" height=\"275\"/\u003e\u003c/p\u003e\u003cp\u003eBefore you submit a PR, you need to create a fork in a GITHUB repository and make your code changes. This is usually done under your own GitHub account, which creates a copy of the source repository for you. All of our projects live in their own GitHub repository. A full list of our repositories are available on the \u003ca href=\"https://github.com/elastic\"\u003eElastic organization page\u003c/a\u003e on GitHub.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOnce you’ve created a fork of a repository and changed the code, you’ll be asked if you want to create a PR to push the suggested changes to the master branch of the product repository. For example, \u003ca href=\"https://github.com/elastic/elasticsearch\"\u003ethe Elasticsearch repository\u003c/a\u003e seen below. To keep things simple, we'll show examples from the Elasticsearch repository throughout this post.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt236f36ccc109c964/5fa98bd64a4abb73ff79c618/blog-how-we-pull-2.png\" style=\"border: none;transform: rotate(0.00rad);webkit-transform: rotate(0.00rad);\" width=\"624\" height=\"336\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc7e6969602ebde49/5fa98bde6f82405d9a4aa965/blog-how-we-pull-3.png\" style=\"border: none;transform: rotate(0.00rad);webkit-transform: rotate(0.00rad);\" width=\"624\" height=\"84\"/\u003e\u003c/p\u003e\u003cp\u003eWhen you click on the “New pull request”, you’ll be greeted by our \u003ca href=\"https://github.com/elastic/elasticsearch/blob/master/.github/PULL_REQUEST_TEMPLATE.md\"\u003epull request template\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7f6935bae5ef3748/5fa98bd646f622769b5ec879/blog-how-we-pull-4.png\" style=\"border: none;transform: rotate(0.00rad);webkit-transform: rotate(0.00rad);\" width=\"624\" height=\"247\"/\u003e\u003c/p\u003e\u003cp\u003eThis template will give you the guidance that will help your PR get through the first review, so be sure to read through it since each product has its own set of criteria and documentation.\u003c/p\u003e\u003cp\u003eMake sure to avoid these common mistakes when submitting:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eSubmitting duplicates -\u003c/strong\u003e First, search for open PRs that already address the bug your code is attempting to fix. Duplicates are usually denied.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eNot including tests -\u003c/strong\u003e A PR that includes code changes should include a test that illustrates the new code’s behavior. Ideally, this test should reproduce the problem the PR is fixing so that the test fails without the code, and passes when the code is applied.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eMaster branch\u0026nbsp;only -\u003c/strong\u003e Make sure that any PR which changes code is made against the master branch in the relevant directory.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOnce you’ve completed all the requirements spelled out in the template, click “Create Pull Requests”. Now the ball is in our court.\u003c/p\u003e\u003ch2\u003eTriaging and labeling\u003c/h2\u003e\u003cp\u003eThe first step we take is to make sure the PR meets the requirements of a good request (as mentioned above), and if it does, to tag the PR with a label so that it ends up in the right hands for further investigation. Labels might include \u0026gt;bug, \u0026gt;feature, etc. Once the pull request has a label, it is assigned to the proper subteam to handle. From that point, dealing with the request is the responsibility of the team in charge of that area.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3cb04a52dd873501/5fa98bde65bdd35303e00a60/blog-how-we-pull-5.png\" style=\"border: none;transform: rotate(0.00rad);webkit-transform: rotate(0.00rad);\" width=\"624\" height=\"409\"/\u003e\u003c/p\u003e\u003ch2\u003eBeginning the process\u003c/h2\u003e\u003cp\u003eOnce the PR is labelled it is picked up by one of our developers. We try to get back to the requester as soon as possible and we ask that you have patience when submitting the PR as handling the request properly may take some time due to level and depth of requests coming in around the clock.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eSubmitting documentation changes\u003c/h2\u003e\u003cp\u003eNote: We also receive a lot of PRs that modify or request changes to our docs. This process is a lot simpler than code changes — all that’s required is to click “edit” on the Elastic docs page, make changes, and submit the request. There’s no need to fork a project and no tests required. We label these PRs “\u0026gt;doc” and handle them as quickly as possible.\u003c/p\u003e\u003ch2\u003eOften, there’s more work to be done\u003c/h2\u003e\u003cp\u003eA PR often needs to be adapted before it’s ready to merge. At this point, the PR becomes a collaborative space where discussion takes place, changes are proposed, and further commits are made.\u003c/p\u003e\u003cp\u003eDuring the review process we run tests against the PR, and the results can be seen on GitHub. Sometimes, the test will fail when the changes in the PR are applied, even if the submitted tests worked. This isn’t the end of the line though. We’ll help the contributor fix the contributed code so that all tests pass.\u003c/p\u003e\u003cp\u003eCode style, as well as code and naming conventions, is something we also look at in this stage. Users who submit pull requests should expect that their code will go through at least one review round. Code is never perfect (nope, not even ours!) and ready to merge when submitted — so expect some collaboration along the way.\u003c/p\u003e\u003ch2\u003eHow long will it take to commit my PR?\u003c/h2\u003e\u003cp\u003ePRs vary in the time it takes to handle them. A simple line of code might be handled swiftly, but complex code changes will go through multiple rounds of review. If you feel that your PR has sat for a long time without any action, it’s OK to ping the ticket as a reminder it’s still active.\u003c/p\u003e\u003ch2\u003eCommitting the code\u003c/h2\u003e\u003cp\u003eWhen everything is ready to go, the reviewers will add a comment with the approval action — which may be a LGTM (\"Looks Good To Me\") comment, or something along those lines. After the PR is accepted, an Elastic developer will merge the pull request into the master branch and then back port the change to the development branches as necessary.\u003c/p\u003e\u003cp\u003eSo, that’s how it works — in a nutshell. Of course, pull requests vary. The process may be simple, or difficult. The only way you’ll know the process in depth is to roll up your sleeves and get in there, elbow deep.\u003c/p\u003e\u003cp\u003eReady to submit your first PR? Have a look through the \u003ca href=\"https://github.com/elastic\"\u003eElastic repositories available on GitHub\u003c/a\u003e, familiarize yourself with the guidelines, and give it a go. If you have any further questions about the process then head over to our \u003ca href=\"https://discuss.elastic.co/\"\u003eDiscuss forums\u003c/a\u003e, create a topic, and we'll be happy to help.\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:50:26.808Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"Debug.jpg","uid":"blt82a39e38e1a5ae8a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:43:07.565Z","updated_at":"2019-02-04T06:43:07.565Z","content_type":"image/jpeg","file_size":"80335","filename":"Debug.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:25:37.436Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82a39e38e1a5ae8a/5c57defba209c1ca0be9dcd9/Debug.jpg"},"markdown_l10n":"","publish_date":"2018-09-10T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How We Handle Pull Requests at Elastic","seo_description_l10n":"Want to submit your first pull request (PR) to Elastic? In this post, we outline how we use pull requests, how to submit, and the process when we receive one.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"Code request.jpg","uid":"blt9455447ab8242933","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:43:13.822Z","updated_at":"2019-02-04T06:43:13.822Z","content_type":"image/jpeg","file_size":"128256","filename":"Code_request.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:25:37.436Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9455447ab8242933/5c57df0165157fdb0b6c6329/Code_request.jpg"},"title":"How We Handle Pull Requests at Elastic","title_l10n":"How We Handle Pull Requests at Elastic","updated_at":"2025-03-10T11:44:35.547Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/how-we-handle-pull-requests-at-elastic","publish_details":{"time":"2025-03-10T11:44:40.964Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt47e67819b1cc33ac","_version":21,"locale":"en-us","ACL":{},"abstract_l10n":"In 7.11, we’re thrilled to release the beta of runtime fields, Elastic's implementation of schema on read. You now have the best of both — the performance and scale you expect from schema on write, combined with the flexibility with schema on read.","author":["blt59e7f7049d793705"],"body_l10n":"\u003cp\u003eWe’re pleased to announce Elasticsearch 7.11.0, based on Apache Lucene 8.7.0.\u003c/p\u003e\u003cp\u003eVersion 7.11 is the latest stable release of Elasticsearch and is now available for deployment via \u003ca href=\"https://www.elastic.co/products/elasticsearch/service\"\u003eElasticsearch Service on Elastic Cloud\u003c/a\u003e or via \u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003edownload\u003c/a\u003e for use in your own environment(s).\u003c/p\u003e\u003cp\u003eReady to roll up your sleeves and get started? We have the links you need:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/cloud/\"\u003eStart Elasticsearch on Elastic Cloud\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003eDownload Elasticsearch\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/release-notes-7.11.0.html\"\u003eElasticsearch 7.11.0 release notes\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/breaking-changes-7.0.html\"\u003eElasticsearch 7.11.0 breaking changes\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWith today’s release, our \u003ca href=\"https://www.elastic.co/enterprise-search\"\u003eElastic Enterprise Search\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/observability\"\u003eElastic Observability\u003c/a\u003e, and \u003ca href=\"https://www.elastic.co/security\"\u003eElastic Security\u003c/a\u003e solutions also received updates. To learn more, check out our main \u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-7-11-0-searchable-snapshots-schema-on-read\"\u003eElastic 7.11\u0026nbsp;release\u003c/a\u003e blog or read the \u003ca href=\"https://elastic.co/blog/whats-new-elastic-enterprise-search-7-11-0-web-crawler-box-content-source\"\u003eElastic Enterprise Search blog\u003c/a\u003e, \u003ca href=\"https://elastic.co/blog/whats-new-elastic-observability-7-11-0-apm-service-overview-page-ecs-logging-library-ga\"\u003eElastic Observability blog\u003c/a\u003e, and \u003ca href=\"https://elastic.co/blog/whats-new-elastic-security-7-11-0-cloud-host-detections-accessible-UI\"\u003eElastic Security blog\u003c/a\u003e for more details.\u003c/p\u003e\u003ch2\u003eKnown Issue\u003c/h2\u003e\u003cp\u003eInstallations of Elasticsearch 7.11.0 with an\u0026nbsp;Active Directory or LDAP realm configured will fail to start. A fix will be released in 7.11.1. For more details, please see the\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/release-notes-7.11.0.html#known-issues-7.11.0\"\u003e7.11.0 release notes\u003c/a\u003e.\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.x/release-notes-7.11.0.html#known-issues-7.11.0\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eSchema on read for Elasticsearch is here\u003c/h2\u003e\u003cp\u003eYou’ve read that right: schema on read is here for Elasticsearch 7.11. You can now get the best of both worlds on a single platform — the performance and scale you expect from schema on write, combined with the flexibility and data discovery of schema on read. We call the feature that delivers schema on read \u003cstrong\u003eruntime fields\u003c/strong\u003e,\u003cstrong\u003e \u003c/strong\u003eand it's now in beta.\u003c/p\u003e\u003cp\u003eRuntime fields let you define and evaluate fields at query time, which opens a wide range of new use cases. If you need to adapt to a changing log format or fix an index mapping, use runtime fields to change the schema on the fly without reindexing your data. Or if you are indexing new data and don’t have intimate knowledge of what it contains, you can use runtime fields to discover this data and define your schema without impacting others.\u003c/p\u003e\u003cp\u003eNo matter the use case, runtime fields reduce the time to get value from your data.\u003c/p\u003e\u003ch3\u003eBetter together\u003c/h3\u003e\u003cp\u003eElasticsearch is known for being a fast distributed search and analytics engine because we use schema on write. With schema on write, fields are written to disk at ingest time, so you need to plan what fields you want in advance and test to ensure you’re happy with the results.\u003c/p\u003e\u003cp\u003eThe payoff is fast queries, which is why schema on write is still the default mechanism within Elasticsearch for indexing and searching data. With schema on read, there is added flexibility as it doesn’t require as much planning and testing, which comes in handy when you don’t know your data or when you realize after indexing you want to\u0026nbsp;do things differently.\u003cbr /\u003e\u003cbr /\u003eWhat’s unique about our implementation of schema on read is that we’ve built runtime fields on the same Elastic Stack — the same architecture, the same tools, and the same interfaces you are already using. There are no new datastores, languages, or components, and there’s no additional procedural overhead.\u0026nbsp; Using both of these mechanisms complement each other, giving you performance with schema on write and flexibility with schema on read.\u003c/p\u003e\u003cp\u003eBe sure to read more on the \u003ca href=\"https://www.elastic.co/blog/introducing-elasticsearch-runtime-fields\"\u003eruntime fields blog\u003c/a\u003e and if you’re ready to dig in, check out the \u003ca href=\"https://elastic.co/blog/getting-started-with-elasticsearch-runtime-fields\"\u003etechnical blog\u003c/a\u003e.\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/rSvmFXHwD4Fy39EKPYBKob.jpg\" data-uuid=\"rSvmFXHwD4Fy39EKPYBKob\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"1\" disable_analytics=\"1\" style=\"width: 100%;margin: auto;display: block;\" width=\"100%\"/\u003e\u003c/div\u003e\u003ch2\u003eYour data is good as cold with searchable snapshots and cold tier both generally available\u003c/h2\u003e\u003cp\u003eIn Elasticsearch 7.10 we \u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-7-10-0-searchable-snapshots-store-more-for-less\"\u003eannounced\u003c/a\u003e \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/searchable-snapshots.html\"\u003esearchable snapshots\u003c/a\u003e, a new capability that brings S3 and other object stores to life. Searchable snapshots let you directly search the data stored in your snapshots as well as the new cold tier, which can reduce your data storage costs by up to 50% over the existing warm tier. Storing more data at a reduced cost provides an easy and fast way to get a deeper level of data insight.\u003c/p\u003e\u003cp\u003eData is a differentiator to how business and operations run. With exponential data growth, it becomes economically unfeasible to store and search all of your data on expensive compute with SSD drives.\u003c/p\u003e\u003cp\u003eThe typical solution over time is to \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/index-lifecycle-management.html\"\u003emove your data\u003c/a\u003e to a different data tier consisting of less performant disks and compute, and eventually migrating read-only data to snapshots stored on low-cost object storage (such as AWS S3). If you want to search data stored in snapshots, you first need to manually restore the data back to the cluster. This takes time and effort.\u003c/p\u003e\u003cp\u003eBut with searchable snapshots, you can directly search these snapshots without the need to “rehydrate” your data.\u003c/p\u003e\u003cp\u003eThe cold tier stores your read-only data locally, but it backs the indices with snapshots stored in S3, Azure, Google Cloud, or other low-cost object stores for resiliency. This removes the need to store replicas of your data locally, effectively doubling the density of your local storage nodes. Using the cold tier, you can retain more data locally at a large scale for a significantly reduced cost — all with the same level of reliability, redundancy, and automatic recovery you’ve come to expect from Elasticsearch.\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/8AjEgtqGRTz5R6F7B7kFJV.jpg\" data-uuid=\"8AjEgtqGRTz5R6F7B7kFJV\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"1\" disable_analytics=\"1\" style=\"width: 100%;margin: auto;display: block;\" width=\"100%\"/\u003e\u003c/div\u003e\u003cp\u003eWith the cold tier, you no longer need to choose which piece of observability data to delete to save money. Imagine searching year over year on application performance without needing to restore your data first from backups. Or gain increased insight by combining observability data with business intelligence to make intuitive data-driven decisions.\u003c/p\u003e\u003cp\u003eArm threat hunters and security analysts with years of high-volume security data sources now made easily accessible through searchable snapshots. Collect additional security-related data at greater scale and keep it accessible for longer than previously practical or economical. Performing large security forensic investigations has become a lot easier and less time consuming with data stored on the cold tier.\u003c/p\u003e\u003cp\u003eWhile we are excited with these new capabilities, our journey does not stop here. We’re currently developing a frozen tier, which takes things a step further and allows you to store and search your data directly on the object store. Removing the need to store data locally at all can reduce your storage costs by an even bigger margin.\u003c/p\u003e\u003cp\u003eThis means you’ll be able to search nearly an unlimited amount of data, on demand, with costs approaching that of just storing data on S3.\u003c/p\u003e\u003cp\u003eSearchable snapshots and the cold tier are now generally available for self-managed users. Both are also available in Elastic Cloud along with a cold slider. If you’d like to know more details, please visit the \u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003esearchable snapshots page\u003c/a\u003e or read our \u003ca href=\"https://www.elastic.co/blog/introducing-elasticsearch-searchable-snapshots\"\u003ededicated blog\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eThreat detection in action with EQL, now generally available\u003c/h3\u003e\u003cp\u003eEvent query language or EQL has come a long way in helping with threat investigation, identification, and prevention. For those not familiar with EQL, it’s a sequential correlation language that allows you to view multiple events within a system, draw conclusions to give a better perspective of that system, and observe these sequences over a span of time.\u003c/p\u003e\u003cp\u003eSince our announcement in 7.9, we’ve been continuously developing and maturing EQL to assist in threat detection. Let’s walk through one example of how EQL can help identify a MITRE ATT\u0026amp;CK™: Spearphishing (T1193); PowerShell (T1086).\u003c/p\u003e\u003cp\u003eIn this attack there is a scriptable child process such as a PowerShell, VBScript or cmd.exe within an MS Office product such as Word, Excel, or Powerpoint.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEQL\u003c/strong\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eprocess where\u003cbr /\u003e process.parent.name in (\u003cbr /\u003e \"WINWORD.EXE\", \"EXCEL.EXE\", \"POWERPNT.EXE\"\u003cbr /\u003e )\u003cbr /\u003e and process.name in (\u003cbr /\u003e \"powershell.exe\", \"cscript.exe\", \"wscript.exe\", \"cmd.exe\"\u003cbr /\u003e )\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eEQL will then use these previous sequence correlations over a span of time to identify the validity.\u003c/p\u003e\u003cp\u003eIn this EQL query we are asking “Did MS Office create a VBScript and then execute over a max span of 5 minutes?”\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003esequence with maxspan=5m\u003cbr /\u003e [file where file.extension == \"exe\"\u003cbr /\u003e and process.name in (\"WINWORD.EXE\") \u003cbr /\u003e ] by file.path\u003cbr /\u003e [process where true] by process.executable\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe power in EQL is that it allows you to match a sequence of events of various types. It’s similar to other query languages, which helps reduce the learning curve. And it’s built for security — specifically threat hunting and behavior detection.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eFind the path with geo_line aggregation\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe new geo_line aggregation aggregates all the geo_point values within a bucket into a LineString ordered by the chosen sort field (usually timestamp). This feature is useful when you have a set of locations of an object, and you want the path that the object travelled.\u003c/p\u003e\u003cp\u003eAn example of a use case is in shipping logistics. You can collect GPS coordinates of your freight trucks on a regular interval, sort by the timestamp of each such location document, and draw a line that represents the path the truck traveled.\u003c/p\u003e\u003ch2\u003eTrack security configuration changes with a new security_config_change event.type\u003c/h2\u003e\u003cp\u003eAs an administrator, making security changes like adding a user or a user role is trivial, but troubleshooting access issues or auditing these changes was impossible.\u003c/p\u003e\u003cp\u003eWith the new event.type security_config_change, adding a user or a role is now tracked in the audit log. With this change, there is no need to log the entire payload to audit details of changes to security settings because they are now available with a dedicated event type.\u003c/p\u003e\u003cp\u003eHere’s an example of what is logged when the Put User API is invoked to create or update a native user:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:10:09,749+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"put_user\", \"request.id\":\"VIiSvhp4Riim_tpkQCVSQA\", \"put\":{\"user\":{\"name\":\"user1\",\"enabled\":false,\"roles\":[\"admin\",\"other_role1\"],\"full_name\":\"Jack Sparrow\",\"email\":\"jack@blackpearl.com\",\"has_password\":true,\"metadata\":{\"cunning\":10}}}}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eFor additional information or examples, be sure to check out the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/audit-event-types.html\"\u003eaudit event types documentation\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003eA UI is worth a thousand API calls\u003c/h2\u003e\u003cp\u003eElasticsearch UI enhancements are one of the many examples of how Elastic continues to provide a better user experience. Here are some of the major UI enhancements in 7.11.\u003c/p\u003e\u003ch3\u003eAutocomplete for Pain|less\u003c/h3\u003e\u003cp\u003eNot an expert in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/modules-scripting-painless.html\"\u003ePainless scripting\u003c/a\u003e? Can’t quite remember the correct syntax? Not a problem with the new autocomplete UI for painless scripts. With helpful autocomplete syntax suggestions, including mapped fields and source, and inline error reporting, you save time and frustration with scripting in Painless. You can find this new UI everywhere painless is used in \u003ca href=\"https://www.elastic.co/kibana\"\u003eKibana\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt620fdd16631e4074/6019946361513a1aa7473ea4/blog-elasticsearch-7-11-painless.gif\" data-sys-asset-uid=\"blt620fdd16631e4074\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch3\u003eSearchable snapshots in ILM UI\u003c/h3\u003e\u003cp\u003eIf you are a longtime user of Elasticsearch, you know that \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/index-lifecycle-management.html\"\u003eindex lifecycle management\u003c/a\u003e has come a long way when it comes to moving data and having the ability to configure it within the UI. With the recent addition of data tiers and searchable snapshots, you now have the ability to configure hot and cold phases and searchable snapshots within the ILM policies UI.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8215515f87c37212/6019948254849c183a1c044b/blog-elasticsearch-7-11-searchable-snaps.gif\" data-sys-asset-uid=\"blt8215515f87c37212\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch3\u003eRuntime fields editor in the index template\u003c/h3\u003e\u003cp\u003eThe beta release of runtime fields delivers schema on read to Elasticsearch, which opens many new workflows. One of the ways to define runtime fields is during the creation of an index template. With the index template mapping editor, you can explore the possibilities by creating and editing runtime fields in your index template mappings.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltde04630fed53b29f/6019949f0f1c0c1aa6f87f02/blog-elasticsearch-7-11-runtime-fields.gif\" data-sys-asset-uid=\"bltde04630fed53b29f\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch3\u003eTransform adds a new type: Latest in machine learning\u003c/h3\u003e\u003cp\u003eTransforms in 7.11 has added another type focused on allowing you to copy the most recent documents to a new index. This new type of Transform is called Latest and works by identifying one or more fields as a unique key and a date field for sorting, then creating an index that can be updated with the most recent document.\u003c/p\u003e\u003cp\u003eScenarios where this becomes especially useful include where companies are trying to keep track of the latest purchase their customers have made or in a monitoring setting where tracking the latest event coming from a host is critical.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1c552014dfa6c0f2/601994b629a02c49ba1f431d/blog-elasticsearch-7-11-transform.jpg\" data-sys-asset-uid=\"blt1c552014dfa6c0f2\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eThat's all folks…\u003cspan\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e7.11 is another monumental release for Elasticsearch, and we couldn't cover all of it within this blog. Be sure to check out more in the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.11/release-highlights.html\"\u003erelease highlights\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eReady to get your hands dirty and try some of the new functionalities? Spin up a \u003ca href=\"https://cloud.elastic.co/registration\"\u003efree 14-day trial of Elastic Cloud\u003c/a\u003e or \u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003edownload Elasticsearch\u003c/a\u003e today. Try it out and be sure to let us know what you think on Twitter (\u003ca href=\"https://twitter.com/elastic\"\u003e@elastic\u003c/a\u003e), in \u003ca href=\"https://discuss.elastic.co/c/elasticsearch\"\u003eour forum\u003c/a\u003e, or join us on our \u003ca href=\"https://join.slack.com/t/elasticstack/shared_invite/zt-l83t3arq-0ivqSOe2S6IBiRGBb6ollg\"\u003ecommunity slack channel.\u003c/a\u003e\u003c/p\u003e","category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-02-02T14:59:55.237Z","created_by":"blt34e7f499d15c5bd0","disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt524d5ee0222d5354","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:36.948Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"54225","filename":"blog-banner-release-elasticsearch.png","parent_uid":null,"tags":[],"title":"blog-banner-release-elasticsearch.png","updated_at":"2021-01-26T17:45:10.329Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-02-03T15:47:40.504Z","user":"bltde77f2161b811714"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt524d5ee0222d5354/601055260cb0aa0ffcdd590e/blog-banner-release-elasticsearch.png"},"markdown_l10n":"","publish_date":"2021-02-10T17:03:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch 7.11.0 released","seo_description_l10n":"In Elasticsearch 7.11, we’re thrilled to release the beta of runtime fields, Elastic's implementation of schema on read. You now have the best of both — the performance and scale you expect from schema on write, combined with the flexibility with schema on read.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"blt8c2b608c10eb1fd8","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:42.964Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"51730","filename":"blog-thumb-release-elasticsearch.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-elasticsearch.png","updated_at":"2022-02-11T21:03:50.956Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.895Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c2b608c10eb1fd8/601055106215cf0f9a18d799/blog-thumb-release-elasticsearch.png"},"title":"Elasticsearch 7.11.0 released: Adding flexibility with schema on read","title_l10n":"Elasticsearch 7.11.0 released: Adding flexibility with schema on read","updated_at":"2025-03-10T11:42:21.599Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/whats-new-elasticsearch-7-11-0-schema-on-read-is-here","publish_details":{"time":"2025-03-10T11:42:25.025Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt23fc1bf24f8f6102","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"The 6.4 release of Kibana includes new features highlighted by the addition of sample data, the Elastic Maps service, experimental API docs, scripted field and saved object changes and many redesigned UIs.","author":["blt4ca268ce71bf38df"],"body_l10n":"\u003cp\u003eWelcome to the 6.4.0 release of Kibana!\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/downloads/kibana\"\u003eDownload Kibana 6.4.0\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/guide/en/kibana/6.4/release-notes-6.4.0.html\"\u003eKibana 6.4.0 release notes\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou can get all the details\u0026nbsp;in the release notes linked above, but there are a few changes which are worth highlighting:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOne-click sample data\u003c/li\u003e\u003cli\u003eImproved workflow for inspecting data\u003c/li\u003e\u003cli\u003eNew Beta tutorials\u003c/li\u003e\u003cli\u003eSaved Objects refresh\u003c/li\u003e\u003cli\u003eScripted fields preview\u003c/li\u003e\u003cli\u003eCustom rules for fine tuning machine learning results\u003c/li\u003e\u003cli\u003eImproved usability for managing machine learning jobs\u003c/li\u003e\u003cli\u003eResponse time anomalies with machine learning in APM\u003c/li\u003e\u003cli\u003eNew query bar for searching and filtering APM data\u003c/li\u003e\u003cli\u003eLanding page for Elastic Maps Service\u003c/li\u003e\u003cli\u003eApply Vega\u0026nbsp;filters to dashboard context\u0026nbsp;\u003c/li\u003e\u003cli\u003eExperimental API docs\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eOne-click sample data\u003c/h2\u003e\u003cp\u003eTo improve the getting started experience, Kibana has a sample data set that enables you to take Kibana for a test ride without having to go through the process of loading data yourself.\u0026nbsp; With one click, you can install a Flight data set and start interacting with Kibana visualizations in seconds.\u003c/p\u003e\u003cp\u003eTo access the sample data, go to the Kibana home page and click the link next to Sample Data.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltad181a4693ba62f4/5fa98f3097f9f35d942e9b6f/blog-kibana-6-4-0-1.png\" width=\"624\" height=\"431\" style=\"width: 624;height: 431;\"/\u003e\u003c/p\u003e\u003ch2\u003eImproved workflow for inspecting data\u003c/h2\u003e\u003cp\u003eIf you’ve used a spy panel in the past to inspect the data behind a visualization, you’ll notice that this feature's been given a facelift.\u0026nbsp; It’s also easier to access--you can inspect visualizations from multiple places in the UI.\u0026nbsp; On a dashboard, open the panel menu for a visualization and select Inspect.\u0026nbsp; In the visualization editor, click Inspect in the menu bar.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt584eb9c28891e07a/5fa98f2ffaf76f509e12e9a1/blog-kibana-6-4-0-2.png\" width=\"624\" height=\"484\" style=\"width: 624;height: 484;\"/\u003e\u003c/p\u003e\u003ch2\u003eAdditional tutorials for adding data to Kibana\u003c/h2\u003e\u003cp\u003eYou’ll find new Beta tutorials on the Add Data page. The majority of these tutorials are\u0026nbsp;for Metricbeat modules that fetch metrics from services.\u0026nbsp; They include the Beta label to indicate that they are a pre-release of the software.\u003c/p\u003e\u003cp\u003eTo access the tutorials, go to the Kibana home page. In Add Data to Kibana, find the data type you’re interested in and click its button to view a list of available tutorials.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt84b67115b20d1bec/5fa98f2809ed4c6f277eb608/blog-kibana-6-4-0-3.png\" width=\"624\" height=\"483\" style=\"width: 624;height: 483;\"/\u003e\u003c/p\u003e\u003ch2\u003eSaved Objects design refresh\u003c/h2\u003e\u003cp\u003eSaved Objects in Management has a new look. The updated page provides the same features in terms of filtering, importing, exporting, and deleting of saved objects, plus three main improvements:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou can now import and export index patterns.\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eImporting saved objects has a more user-friendly workflow.\u003c/li\u003e\u003cli\u003eA new Relationship view allows you to view how other objects use an object, so you know the impact of deleting it.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4179e635d6dd971f/5fa98f30fd99385ff6003cd4/blog-kibana-6-4-0-4.png\" width=\"624\" height=\"431\" style=\"width: 624;height: 431;\"/\u003e\u003c/p\u003e\u003ch2\u003ePreview your scripted fields\u003c/h2\u003e\u003cp\u003eIndex patterns in Management now allows you to test run a \u003ca href=\"/guide/en/kibana/6.4/scripted-fields.html\"\u003escript\u003c/a\u003e to see if your scripted fields work as intended. If your results require more context, you can easily include more fields in the test run.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003eTo try out this feature, open Index patterns \u0026gt; Scripted fields.\u0026nbsp; Add or edit a scripted field and click Get help with syntax and preview the results or your script.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003eScripts are validated on save.\u0026nbsp; You can’t save a script that won't compile.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta372f5567cfe6b0f/5fa98f293cdbef7187ce5539/blog-kibana-6-4-0-5.png\" width=\"624\" height=\"483\" style=\"width: 624;height: 483;\"/\u003e\u003c/p\u003e\u003ch2\u003eCustom rules for fine tuning machine learning results\u003c/h2\u003e\u003cp\u003eIf you want to fine tune your machine learning results (for example, to skip anomalies related to certain servers), you can now create custom rules in Kibana. Custom rules instruct anomaly detectors to change their behavior based on domain-specific knowledge that you provide. \u003ca href=\"/guide/en/elastic-stack-overview/6.4/ml-rules.html\"\u003eSee machine learning custom rules\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc7e99eb0822567d3/5fa98f2972a3526f28dba3c0/blog-kibana-6-4-0-6.jpg\" width=\"624\" height=\"567\" style=\"width: 624;height: 567;\"/\u003e\u003c/p\u003e\u003ch2\u003eImproved usability for managing machine learning jobs\u003c/h2\u003e\u003cp\u003eThe Machine Learning \u0026gt; Job Management page has a new look, which comes with better searching, filtering, and multi-select options, enabling you to manage multiple jobs with fewer clicks.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41678ad943916efd/5fa98f274a4abb73ff79c62c/blog-kibana-6-4-0-7.jpg\" width=\"624\" height=\"327\" style=\"width: 624;height: 327;\"/\u003e\u003c/p\u003e\u003ch2\u003eResponse time anomalies with machine learning in APM\u003c/h2\u003e\u003cp\u003eThe APM UI now integrates with machine learning to show anomalies in response times on transactions. This makes catching unexpected behavior in your services much easier by annotating critical anomalies on top of the response times graph. It’s a one-click setup in the APM UI to get the job running. Please note that the feature is beta in 6.4.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt22adc819dfed8db9/5fa98f2f65bdd35303e00a74/blog-kibana-6-4-0-8.png\" width=\"624\" height=\"244\" style=\"width: 624;height: 244;\"/\u003e\u003c/p\u003e\u003ch2\u003eNew query bar for searching and filtering APM data\u003c/h2\u003e\u003cp\u003eAdding a query will instantly apply to the data shown in graphs and tables, making the scope of the data immediately more focused. It comes with a handy autocomplete that helps find the fields and even provides suggestions to the data they include. This way you can easily filter for transaction response times higher than 2000 ms, a particular user ID, or even a response status code. Please note that the feature is beta in 6.4.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3dc749bd93ee47f4/5fa98f2fffb61e50a0faad3d/blog-kibana-6-4-0-9.png\" width=\"624\" height=\"264\" style=\"width: 624;height: 264;\"/\u003e\u003c/p\u003e\u003ch2\u003eLanding page for Elastic Maps Service\u003c/h2\u003e\u003cp\u003eThe Elastic Maps Service powers all geospatial visualizations for Kibana by serving up basemaps tiles and vector boundary layers, key features that are essential for visualizing geodata. The new landing page allows you to preview the data that is published by Elastic Maps Service, either as a map or as data.\u0026nbsp;\u003c/p\u003e\u003cp\u003eYou can do a text search for feature properties, or use your mouse to see the available properties for each feature. You can also use the landing page to download the vector data that is hosted by the Elastic Maps Service.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt401af1bedc075263/5fa98f2f4e40cf53001f50b9/blog-kibana-6-4-0-10.png\" width=\"624\" height=\"468\" style=\"width: 624;height: 468;\"/\u003e\u003c/p\u003e\u003ch2\u003eApply Vega filters to dashboard context\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 14px;\"\u003eVega now allows modifying filters and the time range in Kibana, by adding utility functions, that can be called in your signal handlers. Check the \u003ca href=\"https://github.com/elastic/kibana/pull/17586\"\u003ePR description\u003c/a\u003e for a description of the functions.\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eExperimental API docs\u003c/h2\u003e\u003cp\u003eThis release adds documentation for these experimental APIs:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe \u003ca href=\"/guide/en/kibana/6.4/api.html\"\u003eKibana role management API\u003c/a\u003e enables you to control access to Kibana features and saved objects.\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eThe \u003ca href=\"/guide/en/kibana/6.4/logstash-configuration-management-api.html\"\u003eLogstash configuration management API\u003c/a\u003e allows you to programmatically integrate with the Logstash configuration management feature.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eKibana also provides documentation for the \u003ca href=\"/guide/en/kibana/6.4/saved-objects-api.html\"\u003esaved objects API\u003c/a\u003e, which allows you to manage Kibana saved objects, including dashboards, visualizations, and index patterns.\u003c/p\u003e","category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:18:25.275Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt29843bb98ba59a2a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:11.833Z","updated_at":"2018-10-11T05:37:11.833Z","content_type":"image/jpeg","file_size":"71803","filename":"blog-kibana-banner.jpg","title":"blog-kibana-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:49:05.384Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt29843bb98ba59a2a/5bbee187eb7e90a514e6e46b/blog-kibana-banner.jpg"},"markdown_l10n":"","publish_date":"2018-08-23T16:04:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"The 6.4 release of Kibana includes new features highlighted by the addition of sample data, the Elastic Maps service, experimental API docs, scripted field and saved object changes and many redesigned UIs.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt83342df3b2b2883d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T10:13:19.103Z","updated_at":"2018-10-10T10:13:19.103Z","content_type":"image/png","file_size":"125966","filename":"kibana-image.png","title":"kibana-image.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:19:39.373Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt83342df3b2b2883d/5bbdd0bf6d5c9db27fe9985d/kibana-image.png"},"title":"Kibana 6.4.0 Released","title_l10n":"Kibana 6.4.0 Released","updated_at":"2025-03-10T11:40:44.957Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/kibana-6-4-0-released","publish_details":{"time":"2025-03-10T11:40:50.401Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7a2b3ad49e3f0772","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Introducing Index Sorting in Elasticsearch 6.0! Users can enjoy improved query time performance by storing documents on disk in a specific order at index time.","author":["bltdabf9b8408da96f6","blt92817206712cedcd"],"body_l10n":"\u003cp\u003eIn Elasticsearch 6.0 we’re introducing a new feature called Index Sorting. Users can now optimize Elasticsearch indexes to store documents on disk in a specific order. We’re very excited for Index Sorting, as it’s another useful tool in optimizing Elasticsearch performance!\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThrough this article, we’ll dive into a number of areas:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLucene’s Index Sorting functionality\u003c/li\u003e\u003cli\u003eExamples where Index Sorting will improve query performance\u003c/li\u003e\u003cli\u003eCaveats to consider in using Index Sorting for time series data\u003c/li\u003e\u003cli\u003ePerformance considerations\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eIndex Sorting in Lucene\u003c/h2\u003e\u003ch3\u003eLucene’s IndexSorter\u003c/h3\u003e\u003cp\u003eMany years ago, Lucene introduced an offline tool known as the \u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-2482\"\u003eIndexSorter\u003c/a\u003e. The IndexSorter copied a source index to a new destination index, and ordered the documents on disk based on a user specified order. At that time, because it was not possible to update the destination index directly, users of this feature had to re-build a sorted view every time new documents were added to the source index. The IndexSorter was the first attempt to provide a way to sort documents on disk, not at search time, but at index time.\u003c/p\u003e\u003cp\u003eWith index sorting, a new concept called “early termination” was introduced. Suppose for instance that you want to retrieve N documents sorted by date (date being a field in the index). If the index is sorted on disk by this date field it would be possible to “stop” the request after visiting the first N documents that match the query (since they are already in the order the user specified). This is what we call “early termination”. Early termination of a query can bring significant improvement to search response times, especially for sort-based queries, and led to the increased popularity of the IndexSorter tool among Lucene users. The static nature of the tool prevented its usage for indices with a lot of updates, which is why it was eventually replaced with a solution that allows incremental updates. Instead of doing a one-time sort of a static index, a new solution was proposed to sort documents at merge time.\u003c/p\u003e\u003ch3\u003eLucene improvements\u003c/h3\u003e\u003cp\u003eOriginally, Lucene indexed documents in the order they were received, and assigned each document an incremental (and internal) document id (assigned on a per segment basis). The first document indexed in a segment had a document id of 0, and so on. At search time, each segment is visited in document id order, to retrieve documents that match a user query. In order to retrieve the best N documents for a query, Lucene needs to visit every document matching the query across all segments. If the query matches millions of documents, retrieving only the best N would still require millions of documents to be visited.\u003c/p\u003e\u003cp\u003eA Lucene index creates a new segment whenever a refresh is triggered. This new segment contains all the documents that were added after the last refresh. When the segment is flushed it becomes visible to the searcher and new documents can appear in search results. Because refreshes occur constantly, the number of segments can easily explode in an index. Segment merges happen in the background to limit the number of segments from growing too large. Merges are triggered based on a policy that selects segments eligible for merging, the selected segments are then merged in a new segment that replaces the old segments. By default, the segment merge process copies documents from different segments to a new segment based on their internal document ids. In order to replace the static tool (the IndexSorter mentioned above), a \u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-4752\"\u003enew merge policy was introduced\u003c/a\u003e to allow index sorting for dynamic indices that reorders documents during the merge process based on a configurable order (the value of a field for instance). This new design was a huge step in the right direction, and allowed an index to be sorted on the fly and to use this information on a per-segment basis. Some segments are sorted (segments created by a merge) and some are not (the newly flushed segments). At merge time, the unsorted segments are first “sorted” and then merged with other sorted segments.\u003c/p\u003e\u003cp\u003eThis merge policy that lived in a module was then moved to a top-level option on the IndexWriterConfig to make index sorting a \u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-6766\"\u003efirst class citizen\u003c/a\u003e in Lucene.\u003c/p\u003e\u003cp\u003eThough some benchmarks showed that the cost of sorting at merge time can divide the total throughput of indexation by a factor of 2:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta924260b54220c12/5fa9877924612d7400da3968/blog-index-sort-6-1.png\" width=\"624\" height=\"212\" alt=\"Screen Shot 2017-08-10 at 10.16.39 AM.png\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);\"/\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://home.apache.org/~mikemccand/lucenebench/sparseResults.html#index_throughput\"\u003ehttps://home.apache.org/~mikemccand/lucenebench/sp...\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe reason for the reduction in indexing performance is simple: re-sorting segments has a cost, causing merge time and memory consumption for these indices to increase by a large factor.\u003c/p\u003e\u003cp\u003eSince re-sorting multiple segments at a time is costly, we decided to sort documents earlier in the indexation process. Instead of waiting for merge times to sort multiple segments, we’ve moved the sorting to flush time (when the segments are first created): \u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-7579\"\u003eLUCENE-7579.\u003c/a\u003e If all segments are already sorted, merging can occur using a simple merge-sort strategy, which is much faster. This new strategy was first introduced in Lucene 6.5 and increased the throughput benchmarks by almost 65% (see annotation V).\u003c/p\u003e\u003cp\u003eAs you can see in this story index sorting had a lot of history in Lucene but until now it was not available in Elasticsearch. Thanks to all these optimizations, we’ve decided to unlock this feature in Elasticsearch 6.0 and we’re really excited to show how this feature can help you to optimize your use case with this new release!\u003c/p\u003e\u003ch2\u003eIndex Sorting in Action\u003c/h2\u003e\u003ch3\u003eEarly termination of search queries\u003c/h3\u003e\u003cp\u003eIt’s very common in applications to query for the top X results, sorted by value Y (top player scores, new users, latest events, etc.). In most cases, Elasticsearch will not have enough information to quickly gather the first X results and sort them until the entire data set has been examined. Doc values make this process more efficient, however, in the cases where the dataset is extremely large, a lot more values will be examined and compared than are needed by the user.\u003c/p\u003e\u003cp\u003eWith the introduction of index sorting in Elasticsearch 6.0, we can now specify the ordering of documents on disk, allowing Elasticsearch to short circuit and return queries more efficiently. For instance, if we’re creating a leaderboard for a video game company to track the top 3 player scores (and we have a very large number of players!), we can instruct Elasticsearch to store documents in the order of their player score, allowing us to compute the leaderboard much more efficiently.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb218fa68545af041/5fa98780ffb61e50a0faacfb/blog-index-sort-6-2.jpg\" width=\"624\" height=\"187\" alt=\"leaderboard.jpg\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e// Get the top 3 player scores (based on the number of points)\u003cbr /\u003eGET scores/score/_search\u003cbr /\u003e{\u003cbr /\u003e \"size\": 3,\u003cbr /\u003e \"sort\": [\u003cbr /\u003e { \"points\": \"desc\" }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eDepending on the version of Elasticsearch, and on usage of index sorting, we can store the documents on disk very efficiently for the query above:\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;font-family: Arial;color: rgb(0, 0, 0);background-color: transparent;vertical-align: baseline;white-space-collapse: preserve;text-wrap-mode: wrap;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/599b0598949407fa18d59c85/download?uid=blt3a1f0c3350489703\" data-sys-asset-uid=\"blt3a1f0c3350489703\" alt=\"first_diag.png\"/\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe query above will still need to return a count for the number of results (and requires a little extra work). We can remove this requirement with the new option \"track_total_hits\"\u0026nbsp;set to false:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e// Get the top 3 player scores (based on the number of points)\u003cbr /\u003eGET scores/score/_search\u003cbr /\u003e{\u003cbr /\u003e \"size\": 3,\u003cbr /\u003e \"track_total_hits\" : false,\u003cbr /\u003e \"sort\": [\u003cbr /\u003e { \"points\": \"desc\" }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe now have a very efficient leaderboard query for top player scores, using a sorted index.\u003c/p\u003e\u003ch3\u003e\u003c/h3\u003e\u003ch3\u003eSpecifying an index sorting order in Elasticsearch 6.0\u003c/h3\u003e\u003cp\u003eTo continue with our example above (creating a leaderboard of top player scores), we will need to tell Elasticsearch how to order the documents on disk. We can do this by providing a definition in the settings for the index:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT scores\u003cbr /\u003e{\u003cbr /\u003e \"settings\" : {\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"sort.field\" : \"points\", \u003cbr /\u003e \"sort.order\" : \"desc\" \u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"score\": {\u003cbr /\u003e \"properties\": {\u003cbr /\u003e \"points\": {\u003cbr /\u003e \"type\": \"long\"\u003cbr /\u003e },\u003cbr /\u003e \"playerid\": {\u003cbr /\u003e \"type\": \"keyword\"\u003cbr /\u003e },\u003cbr /\u003e \"game\" : {\u003cbr /\u003e \"type\" : \"keyword\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe example above will sort documents on disk by the points field (in descending order). This is helpful for the simple query above (for top 3 player scores).\u0026nbsp;\u003c/p\u003e\u003ch3\u003eGrouping documents within an index by similar structure\u003c/h3\u003e\u003cp\u003eThere are many advantages to storing documents sorted by a similar type. For instance, if there is an index named “scores”, some scores may come from the game “Joust”, and include specific fields such as “top-speed” and “farthest-jump”, a score for a different game, such as “Dragon’s Lair” may include fields for “sword-fight-score” and “goblins-killed”:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e// Score for the game \"Joust\"\u003cbr /\u003e{\u003cbr /\u003e \"game\" : \"joust\",\u003cbr /\u003e \"playerid\" : \"1234\",\u003cbr /\u003e \"top-speed\" : 212,\u003cbr /\u003e \"farthest-jump\" : 49\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cpre class=\"prettyprint\"\u003e// Score for the game \"Dragon’s Lair\"\u003cbr /\u003e{\u003cbr /\u003e \"game\" : \"dragons-lair\",\u003cbr /\u003e \"playerid\" : \"5678\",\u003cbr /\u003e \"sword-fight-score\" : 89,\u003cbr /\u003e \"goblins-killed\" : 3\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eStoring the documents on disk sorted by game will help place similar documents (with similar field names) together. The advantages to this are query speed (although it’s important to remember this really depends on the query) and compression. Storing similar fields closer together may lead to better compression, and Elasticsearch (and in turn Lucene) is able to store the deltas more efficiently:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT scores\u003cbr /\u003e{\u003cbr /\u003e \"settings\" : {\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"sort.field\" : \"game\", \u003cbr /\u003e \"sort.order\" : \"desc\" \u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eMore efficient AND conjunctions\u003c/h3\u003e\u003cp\u003eUsing index sorting to locate documents on disk in a specific order can also \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-modules-index-sorting-conjunctions.html\"\u003eimprove AND conjunctions\u003c/a\u003e, complex queries with many conditions.\u003c/p\u003e\u003cp\u003eLet’s continue with our video game example, when a player joins a game, they must be paired up with another player in the same region, skill level, and course. A sample query to find similar players for starting a new match may look similar to the following (get 10 players within the \"EU\"\u0026nbsp;region, playing \"Dragon’s Lair\", with a skill rating of 9, and at the \"Castle\" map):\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET players/player/_search\u003cbr /\u003e{\u003cbr /\u003e \"size\": 3,\u003cbr /\u003e \"track_total_hits\" : false,\u003cbr /\u003e \"query\" : { \u003cbr /\u003e \"bool\" : {\u003cbr /\u003e \"filter\" : [\u003cbr /\u003e { \"term\" : { \"region\" : \"eu\" } },\u003cbr /\u003e { \"term\" : { \"game\" : \"dragons-lair\" } },\u003cbr /\u003e { \"term\" : { \"skill-rating\" : 9 } },\u003cbr /\u003e { \"term\" : { \"map\" : \"castle\" } } \u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eLet's look at how the Elasticsearch may gather the results needed for the query:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/599616921eff86ee22016a11/download?uid=blt9aa0104633a60b1f\" data-sys-asset-uid=\"blt9aa0104633a60b1f\" alt=\"new_query_without.png\"/\u003e\u003c/p\u003e\u003cp\u003eNow, let's specify the ordering of the documents on disk to improve our query above:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT players\u003cbr /\u003e{\u003cbr /\u003e \"settings\" : {\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"sort.field\" : [\"region\", \"game\", \"skill-rating\", \"map\"], \u003cbr /\u003e \"sort.order\" : [\"asc\", \"asc\", \"asc\", \"asc\"] \u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"player\": {\u003cbr /\u003e \"properties\": {\u003cbr /\u003e \"playerid\": {\u003cbr /\u003e \"type\": \"keyword\"\u003cbr /\u003e },\u003cbr /\u003e \"region\": {\u003cbr /\u003e \"type\": \"keyword\"\u003cbr /\u003e },\u003cbr /\u003e \"skill-rating\" : {\u003cbr /\u003e \"type\" : \"integer\"\u003cbr /\u003e },\u003cbr /\u003e \"game\" : {\u003cbr /\u003e \"type\" : \"keyword\"\u003cbr /\u003e },\u003cbr /\u003e \"map\" : {\u003cbr /\u003e \"type\" : \"keyword\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe can now see the documents are placed closer together:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/5996174b2d8186e8071aa7e5/download?uid=blt79a4bd69300b6a4c\" data-sys-asset-uid=\"blt79a4bd69300b6a4c\" alt=\"new_query_with2.png\"/\u003e\u003c/p\u003e\u003cp\u003eBy using a sorted index, we can locate the documents with\u0026nbsp;similar field\u0026nbsp;values closer together, making our query to find players for a given match more efficient.\u003c/p\u003e\u003ch3\u003eWhen index sorting isn't a good fit\u003c/h3\u003e\u003cp\u003eStoring sorted values on disk requires a lot more work at index time from Elasticsearch than storing unsorted values. In some cases the performance overhead of index sorting can decrease write performance by as much as 40-50%. For this reason it is very important to determine if the application should be optimized for query performance or write performance. Optimizing an application for write performance (and taking the hit on query performance) will most likely mean index sorting is not a good option.\u003c/p\u003e\u003cp\u003eYou can check the throughput for indexation with and without index sorting. As mentioned above, the performance hit will vary widely and depend on your use case. For example, the geonames Elasticsearch benchmark shows a very small performance hit for Index Sorting (the blue line labeled “Append Sorted”):\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltabbe6b882b3ff86d/5fa9878142256d5ffdf418a3/blog-index-sort-6-3.png\" width=\"624\" height=\"340\" alt=\"Screen Shot 2017-08-10 at 1.11.12 PM.png\" style=\"width: 624;height: 340;\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://elasticsearch-benchmarks.elastic.co/index.html#tracks/geonames/nightly/30d\"\u003ehttps://elasticsearch-benchmarks.elastic.co/index....\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAlternatively, the “NYC Taxis” benchmark shows a large drop in indexing performance with index sorting:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte19365eb5b04302c/5fa9877a09ed4c6f277eb5f6/blog-index-sort-6-4.png\" width=\"624\" height=\"339\" alt=\"Screen Shot 2017-08-10 at 1.12.42 PM.png\" style=\"width: 624;height: 339;\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://elasticsearch-benchmarks.elastic.co/index.html#tracks/nyc-taxis/nightly/30d\"\u003ehttps://elasticsearch-benchmarks.elastic.co/index....\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIn system design, there are tradeoffs at almost every level, with index sorting, the tradeoff we’re considering is less efficient writes (as the document must be sorted) for faster queries (in specific scenarios) vs more efficient writes and slower queries (as the results must be sorted at query time).\u003c/p\u003e\u003cp\u003eSimilar to any new feature, it is very important to test index sorting with your specific use case and dataset.\u003c/p\u003e\u003ch2\u003eWe’re not finished\u003c/h2\u003e\u003cp\u003eThis is only the beginning, we’ll continue to improve index sorting for a larger range of use cases!\u003c/p\u003e\u003cp\u003eHopefully this article gives you a good overview of index sorting as a great new tool to consider in your Elasticsearch 6.0 toolbox. In addition to this blog post, the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-modules-index-sorting.html\"\u003edocumentation on Index Sorting\u003c/a\u003e can be a great resource to bookmark. If you want to try out the new index sorting functionality, download \u003ca href=\"https://www.elastic.co/blog/elasticsearch-6-0-0-beta1-released\"\u003e6.0.0-beta1\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/blog/elastic-pioneer-program-6-0\"\u003ebecome a pioneer\u003c/a\u003e!\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:27:33.905Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt2687e8f094c63672","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-15T07:15:30.543Z","updated_at":"2018-10-15T07:15:30.543Z","content_type":"image/png","file_size":"4275","filename":"sorting-leaderboard.png","title":"sorting-leaderboard.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:46:10.577Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2687e8f094c63672/5bc43e929264e07113847db5/sorting-leaderboard.png"},"markdown_l10n":"","publish_date":"2017-08-21T15:56:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8aa2f12f523f80cb","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-15T07:15:20.246Z","updated_at":"2018-10-15T07:15:20.246Z","content_type":"image/png","file_size":"2670","filename":"index-sorting-img.png","title":"index-sorting-img.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:46:10.577Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8aa2f12f523f80cb/5bc43e88c93e69af7fbf97f6/index-sorting-img.png"},"title":"Introducing Index Sorting in Elasticsearch 6.0","title_l10n":"Introducing Index Sorting in Elasticsearch 6.0","updated_at":"2025-03-10T11:37:54.792Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/index-sorting-elasticsearch-6-0","publish_details":{"time":"2025-03-10T11:37:59.015Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt93b70002148168a5","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"This is Part II of a series on PSD2 in which we will focus on creating “observability” in a public API architecture.","author":["blt8bf5cf20b113d800"],"body_l10n":"\u003cp\u003eAt Elastic, we :heart: APIs because developers love to work with them to get things done. APIs also have the power to change (or disrupt) an industry quickly and decisively, as is the case with The Revised Payment Service Directive (PSD2). APIs make it possible to seemlessly switch from Web browsers to apps, to deploy content to any platform, and to find the best deals among thousands of suppliers. PSD2 sets out to standardize APIs between EU banks and abolish the existing lock-ins that still exist in the industry. Because while financial institutions are closer to the forefront of the innovation curve than almost any other industry, the point can be made that this has not resulted in wide-spread open access to the core banking ecosystems - namely accounts and transactions. PSD2 is a directive from the European Union that will make banks open up access to their, otherwise private, core banking functions in ways that we have not seen before. PSD2 legislation introduces a breadth of opportunity for retail banks, while also introducing new risk. The Elastic Stack plays a vital role in many of the world’s banks today, and that will especially be true for PSD2 architectures.\u003c/p\u003e\u003cp\u003eThis is Part II of a series on PSD2 in which we will focus on creating “observability” in a public API architecture, that is to say at all times knowing the status of the business service, its anomalies that require attention and all historical raw data around individual users and requests. \u003ca href=\"/blog/psd2-architectures-with-the-elastic-stack\"\u003ePart I\u003c/a\u003e focuses on using the Elastic Stack for running next-generation retail banking APIs and also gives a general introduction of PSD2 regulation and strategic options for EU retail banks.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cdl\u003e\u003cdt\u003eObservability\u003c/dt\u003e\u003cdd\u003e“Seeing” all that is happening in a complex architecture. Three distinct but related types of data emerged: Logs, Traces, and Metrics.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003eLogs\u003c/dt\u003e\u003cdd\u003eRecords of discrete events. Often a combination of text and numerical data. Examples: an API request, a transaction error.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003eTraces\u003c/dt\u003e\u003cdd\u003eInformation related to a specific request. Examples: database queries related to a request, or a stack trace of a microservice. Traces look a lot like Logs, but are more verbose and specific to a single action. For simplicity, we will group Traces and Logs together in this article.\u003c/dd\u003e\u003c/dl\u003e\u003cdl\u003e\u003cdt\u003eMetrics\u003c/dt\u003e\u003cdd\u003eRecords of observations on a timeline interval. Aggregatable into higher-level KPIs and usually numerical. Examples: CPU usage, number of transactions.\u003c/dd\u003e\u003c/dl\u003e\u003ch2\u003eA Shopping List\u003c/h2\u003e\u003cp\u003eAt Elastic we get to see many customers running production, value-add installations, the successful deployments provide the business with a platform to leverage for insight. The commonality that can be extracted from these installations include but are not limited to:\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eSecurity and Privacy: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cstrong\u003eThis includes corporate and legislative requirements around audit logging, privacy, multi-tenancy, encryption at e and data separation. Running public APIs that give access to funds and transaction histories will be a prima target for bad actors.\u003c/strong\u003e\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eMonitoring and Alerting: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003eThe ability to know current and historical status of the service, and be informed of any serious deviations from what is considered normal. We expect SLAs to apply to these services that will demand intelligent monitoring of the whole architecture. \u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003eCorrelation of metrics and logs is vital\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003e to quickly understand what actions to take.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eQuality of Service: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003eThe ability to throttle in case of overloads, to protect itself from DDoS attacks and to allow the enforcement of Fair Use policies on the public APIs.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eEasy, far-reaching scalability: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003eScaling the platforms should be simple and painless.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eReal-time answers: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003eAnswer calls fast to support the needs and expectations of users, throughout the solution.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eSelf-learning and self-service: \u003c/strong\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 400;vertical-align: baseline;white-space: pre-wrap;\"\u003eGetting useful intelligence out of the data without having to foresee and manages what exactly is relevant (because who would know beforehand how security breaches or outages might unfold?) requires abilities to find anomalies, create advanced dashboards, and a raw data store. It also requires tooling that enables non-techies to get what they need through self-service BI.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\" rel=\"line-height:1.38;margin-top:18pt;margin-bottom:6pt;\"\u003eThe Elastic Stack for Logging and Metrics\u003c/h2\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/59e4cf4265db43d1714179e5/download?uid=blt01bc63a2f3bcb482\" data-sys-asset-uid=\"blt01bc63a2f3bcb482\" alt=\"Screen Shot 2017-10-16 at 17.24.21.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eAt the highest level, Elastic is functioning as the data platform for all logs, metrics, and traces that are generated in the Elastic data platform. A separate cluster will ensure separation of resources and data. Data agents generate and collect relevant data into a pipeline that transforms the data before ingesting it into a permanent data store. From ingestion, that data is immediately available for automated and manual analytics: machine learning, dashboarding, ad-hoc queries, and the likes.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eThe Elastic Stack for Logging and Metrics\u003c/h2\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/59e4cfafaa78dca571c320be/download?uid=blt24506b4eaeaacc3c\" data-sys-asset-uid=\"blt24506b4eaeaacc3c\" alt=\"Screen Shot 2017-10-16 at 17.26.10.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eMore specifically, the logical architecture looks like pictured above. The Elastic Stack offers a complete suite of products for API observability architectures:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eBeats\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e is a platform for lightweight shippers that send data from edge machines to Logstash and Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eLogstash\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e is a dynamic data collection pipeline with an extensible plugin ecosystem and strong Elasticsearch synergy.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eElasticsearch\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e is a distributed, REST API enabled, JSON-based search and analytics engine designed for horizontal scalability, maximum reliability, and easy management.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eKibana\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e gives shape to your data and is the extensible user interface for configuring and managing all aspects of the Elastic Stack.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eX-Pack\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e is a single extension that integrates handy features — security, alerting, monitoring, reporting, graph exploration, and machine learning\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eThe Elastic Stack logical architecture for Observability combines all these products into an end to end platform with accompanying services, like Consulting and Expert Support. As you have probably read a bunch of times by now, Elastic :heart: APIs. That is why the Elastic Stack products natively supports REST API endpoints for easy integration into any architecture.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eKeeping an Eye on Things, All Things\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cstrong\u003eLog events\u003c/strong\u003e are composed of documents in the 1st Normal Form (1NF), usually with a timestamp. 1NF is important to achieve linear scalability: it is not feasible to arbitrarily join multiple datasets of hundreds of terabytes while the user or a real-time process is waiting for the answer. Of course, it’s a good idea to join those datasets at time of ingestion! That still allows us to scale to billions of events per day without slowing down.\u003c/p\u003e\u003cp\u003eMillions of similar events will stream into the Elastic platform using the Elastic Beats data agent towards Logstash, Elastic’s data processing product. Logstash will be able to enrich, lookup, filter and transform the data in transit before storing it in Elasticsearch. After Logstash, the same document might look like this. It has relevant information added to it that will help the observability of what is actually happening on our APIs. Bold fields added by Logstash. There is ample opportunity to add in any business logic.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:5pt;margin-bottom:0pt;\"\u003eA simplified, enriched event log describing a single API call, in JSON format, after enrichment with GeoIP information and a threat score:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e[{\u003cbr /\u003e \"timestamp\": \"2018-01-05T18:25:43.512Z\",\u003cbr /\u003e \"http_method\": \"GET\",\u003cbr /\u003e \"request\": \"transactions/latest\",\u003cbr /\u003e \"result\": 200,\u003cbr /\u003e \"error\": null,\u003cbr /\u003e \"ip\": \"123.123.123.123\",\u003cbr /\u003e \"geoip_fields\": {\u003cbr /\u003e \"country_iso_code\": \"NL\",\u003cbr /\u003e \"city_name\": \"Rotterdam\",\u003cbr /\u003e \"location\": { \"lat\": 51.922755, \"lon\": 4.479196 }\u003cbr /\u003e // other fields omitted\u003cbr /\u003e }\u003cbr /\u003e \"user\": \"Alice\",\u003cbr /\u003e \"user_last_login\": \"2018-01-01T16:40:09.938Z\",\u003cbr /\u003e \"threat_score\": 0.042,\u003cbr /\u003e \"authentication_method\": \"app_fingerprint\",\u003cbr /\u003e ... // other fields omitted\u003cbr /\u003e}]\u003cbr /\u003e\u003c/pre\u003e\u003cblockquote\u003eWhen we pre-filter, pre-aggregate or otherwise remove data before our data store, we will, by definition, lose an unknown amount of information.\u003c/blockquote\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eElasticsearch will take billions of logs and metrics to provide you an unobstructed view of what is actually happening, in real-time. Kibana sits on top of the stack to discover data and manage Elastic components. This is where scalability becomes important. When we pre-filter, pre-aggregate or otherwise remove data before our data store, we will, by definition, lose observability. Luckily, the Elastic Stack can take on any workload, even if you turn out to be the largest retail bank of the globe.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003ePoint Solutions for Logs, Metrics, Metrics\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eA number of point solutions for a subset of the desired functionality are available, often closed source and not seldom including a form of vendor lock-in. Apart from added complexity in buying, deploying and operating multiple systems where one can suffice, the real problem is the additional overhead of having to deal with multiple ‘truths’ at the same time. While attackers are rampaging through the system, or outages are hampering performance, your SecOps and DevOps might be manually correlating the “logging solution” output, with the “metrics solution” output, possibly demanding another tool to overlay on the said point solutions. And while some integration options are usually available, some of these \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003esolutions\u003c/span\u003e do not expose their raw data willingly.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eElastic clears these issues completely, by bringing together what should be together.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eScaling Up Within Budget\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eSo, now that we have established the need to \u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003esave all data\u003c/span\u003e and keep it in a real-time data store for enough time to be able to train Machine Learning jobs, understand longer-term patterns of behavior, and investigate interesting events. \u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eNo one knows what data will become valuable later.\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eHow do we keep costs at bay? Elastic has support for several advanced strategies:\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eMulti-tier (or hot/warm) architecture:\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e allocate data in tiers (hot, warm, tapid?) and designate data nodes to exist in one of those tiers. It allows read and write separation (only hot data gets written to), and most importantly an option to store more data on a warm node, allowing a slight performance degradation for older data while saving infrastructure costs at the same time.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eIncrease compression\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e on older data\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eOptimize data for Warm Archive:\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e this goes a bit ‘under the hood’, but there are a number of actions you can take on your older shards to optimze them for reading in a Warm zone: Merge Segments, Shrink to less Shards\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eA multi-tier data architecture looks like this:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/59e4d0fda32c30ab71e2c356/download?uid=blt11c66e6503b522c1\" data-sys-asset-uid=\"blt11c66e6503b522c1\" alt=\"Screen Shot 2017-10-16 at 17.31.48.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eMonitoring a World-Class API Service\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 5pt;\"\u003eAll these provide their own perspective on what is happening in the system. So it helps to keep them in the same place. This is where the agnostic nature of Elastic shines: it really does not limit the types of data that can be used on it. You can happily aggregate metrics into KPIs on dashboards, alongside frequent errors taken from log files, with stack traces on the same data store so that DevOps Engineers can dive into anything interesting in seconds.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 5pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfcec5c8ee8f6289d/5fa9833665bdd35303e00a28/blog-psd2-2-1.png\" width=\"526\" height=\"278\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eKibana makes it possible for everyone to create the most relevant perspective on the data, and share those visualizations, dashboards, graphs and machine learning jobs with the organization. Or just keep it for themselves.\u003c/p\u003e\u003ch3 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 4pt;\"\u003eThe (Un)known (Un)knowns with X-Pack Machine Learning\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eSelf-learning anomaly detection is all about tackling both \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003eknowns\u003c/span\u003e and \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003eunknowns\u003c/span\u003e. We believe that even if nobody has predicted something \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003ecould\u003c/span\u003e happening, does not mean it’s not relevant if it \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003edoes\u003c/span\u003e. At the same time, you probably have other things to do than create alerts for anything that you know \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003ecould\u003c/span\u003e happen.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eSolutions for…\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eKnown knowns: \u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003eif an API gets overloaded, we will be in a lot of trouble. We know exactly what to look for, and when to let the alarms go off.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eKnown unknowns:\u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e we know that users will use our APIs today, but we do not know how many. We can use history to guide us, but we cannot be exact. If we see something “out of the ordinary”, it’s probably worth a look by a human. At least we know what KPIs and metrics are relevant.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;font-weight: 700;vertical-align: baseline;white-space: pre-wrap;\"\u003eUnknown unknowns: \u003c/span\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003ewe acknowledge that something might popup at any moment that disrupts our systems, our business. Like a new security vulnerability. We cannot predict which KPIs or metrics will be relevant, but we do know that as long as wel have good observability, the data will have the information we need. If we only know what to look for.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eKnown knowns we can easily cover with X-Pack Alerting. It uses pre-defined boundaries of what is “OK” and what is “not OK.” It will respond in real-time to anything in the known known department. The other two need something more.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eEnter X-Pack Machine Learning. It will learn from history to predict the future, and tell you when something is not right, including the associated probabilities. It covers both known unknowns and unknown unknowns by looking holistically at all the data. At the same time, it’s so easy that a kid can use it, freeing up time from your people with the “sexiest jobs of the 21st century” (Harvard Business Review) to work on other, more complex challenges.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blteb06d502ff8a4103/5fa98336ffb61e50a0faacdd/blog-psd2-2-2.gif\" width=\"624\" height=\"351\" alt=\"machine-learning-final.gif\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 16pt;margin-bottom: 5pt;\"\u003eTraces, or action-specific logs\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eAnd of course, you’ll be able to dive into anything interesting or suspicious. Across your infrastructure and application stack. Any information that you have made available about a single request (or many!) is right in front of you.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;text-align: center;\"\u003e\u003cspan style=\"font-size: 10pt;background-color: transparent;vertical-align: baseline;white-space-collapse: preserve;text-wrap-mode: wrap;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte713a5eca5f2fcf3/5fa9833742256d5ffdf41887/blog-psd2-2-3.png\" width=\"624\" height=\"236\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);display: block;margin: auto;\"/\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eWe would love to talk to you some more, but our time is running out. Some good reads on IT Operations Analytics with the Elastic Stack:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/using-elasticsearch-and-machine-learning-for-it-operations\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eBlog: Using Elastic and Machine Learning for IT Operations\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/webinars/elastic-for-operational-analytics\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eWebinar: Elastic for Operational Analytics\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/elasticon/tour/2015/amsterdam/connecting-the-dots-with-elasticsearch-tracing-of-events-within-ing\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eTalk: Tracing of Events within ING Bank\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.youtube.com/watch?v=mqEqBN0_Lnc\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eVideo: 8 Minutes on IT Operations with Machine Learning Demo\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 16pt;margin-bottom: 4pt;\"\u003eFinding Bad Guys\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn security as well as with IT operations, we can utilize X-Pack Machine Learning to find unusual patterns in all of our data, with quantitative and qualitative algorithms.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2906e295760102a9/5fa9833009ed4c6f277eb5ce/blog-psd2-2-4.png\" width=\"624\" height=\"268\" style=\"width: 624;height: 268;\"/\u003e\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:5pt;margin-bottom:0pt;\"\u003eShould we spot suspicious activity, we can utilize X-Pack Graph to create connections between data points and traverse the logs using algorithms that put the \u003cspan style=\"font-size: 11pt;background-color: transparent;font-style: italic;vertical-align: baseline;white-space: pre-wrap;\"\u003erelevance\u003c/span\u003e first, the popularity second. This is an excellent way to weed out noise that could otherwise interfere with our observability.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:5pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;text-align: center;\"\u003e\u003cspan style=\"font-size: 10pt;background-color: transparent;vertical-align: baseline;white-space-collapse: preserve;text-wrap-mode: wrap;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt16dd1da81d53cac6/5fa9832f46f622769b5ec843/blog-psd2-2-5.png\" width=\"395\" height=\"340\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);display: block;margin: auto;\"/\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eWe would love to talk to you some more, but this blog is not meant as a comprehensive discussion of how to do API Security Analytics. Luckily, such resources already exist. Some good reads on Security Analytics with the Elastic Stack:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-6\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eBlog Series: Integrating Elastic with ArcSight SIEM\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/webinars/automated-anomaly-detection-with-machine-learning\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eWebinar: Automated Anomaly Detecting with Machine Learning\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.youtube.com/watch?v=Qd9UZWxbLFw\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eVideo: 6 Minutes on Security Analytics with Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 16pt;margin-bottom: 4pt;\"\u003eExpand Your Horizon with APM\u003c/h3\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eAdding APM (Application Performance Monitoring) to the Elastic Stack is a natural next step in providing our users with end-to-end monitoring, from logging, to server-level metrics, to application-level metrics, all the way to the end-user experience in the browser or client. It allows for more visibility of the operations of your APIs. APM is currenty in Alpha and hence not quite ready for production today. However, as new, exciting innovations go, it’s worth taking a look at it today!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5bdbcb0b4be6ea9a/5fa98337fd99385ff6003c78/blog-psd2-2-6.png\" width=\"624\" height=\"353\" style=\"border-width: initial;border-style: none;transform: rotate(0rad);display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003eSome good reads on the upcoming APM module of the Elastic Stack:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/starting-down-the-path-for-elastic-apm\"\u003e\u003cspan style=\"font-size: 11pt;background-color: transparent;text-decoration-line: underline;vertical-align: baseline;white-space: pre-wrap;\"\u003eBlog: Starting Down the Path of APM for the Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 5pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 9pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003eIcons made by Freepik from flaticon.com\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003cspan style=\"font-size: 9pt;background-color: transparent;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:28:18.934Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"psd2-architectures-elasticsearch-fullbleed.jpg","uid":"blte6583088ad57a933","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T10:09:29.607Z","updated_at":"2019-01-05T10:09:29.607Z","content_type":"image/jpeg","file_size":"165387","filename":"psd2-architectures-elasticsearch-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:59:56.128Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6583088ad57a933/5c30825929d13af10bc2ac92/psd2-architectures-elasticsearch-fullbleed.jpg"},"markdown_l10n":"","publish_date":"2017-10-24T16:57:49.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"psd2-architectures-elasticsearch-fullbleed.jpg","uid":"blte6583088ad57a933","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T10:09:29.607Z","updated_at":"2019-01-05T10:09:29.607Z","content_type":"image/jpeg","file_size":"165387","filename":"psd2-architectures-elasticsearch-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:59:56.128Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6583088ad57a933/5c30825929d13af10bc2ac92/psd2-architectures-elasticsearch-fullbleed.jpg"},"title":"PSD2: Monitoring Modern Banking API Architectures with the Elastic Stack, Part II","title_l10n":"PSD2: Monitoring Modern Banking API Architectures with the Elastic Stack, Part II","updated_at":"2025-03-10T11:35:51.180Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/psd2-architectures-with-the-elastic-stack-part-ii","publish_details":{"time":"2025-03-10T11:35:57.678Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1869f3e94e545dd7","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"How Elastic engineers and staffers are supporting the Unicode Consortium's Adopt-a-Character program, and why you should donate!","author":["blt2494922cd45b66e9","bltd3e6819c090469cd"],"body_l10n":"\u003cp\u003eThe \u003ca href=\"http://unicode.org/\" target=\"_blank\"\u003eUnicode Consortium\u003c/a\u003e is a non-profit corporation founded in 1991. Its goals include standardizing and supporting the languages of the world and allowing people to use any language on their computers and smartphones.\u003c/p\u003e\u003cp\u003eThis work is essential for the software we build at Elastic. Unicode does more than just list out all the characters. They describe how to parse text, how to sort in different languages, and so much more to support all human languages.\u003c/p\u003e\u003cp\u003eThe Unicode Consortium's \u003ca href=\"http://blog.unicode.org/2015/12/unicode-launches-adopt-character.html\" target=\"_blank\"\u003eAdopt-a-Character program\u003c/a\u003e raises money to support a variety of important missions. Conserving the world's living languages is a huge task, and includes working with language experts, technologists, and cultural leaders, all in order to support minority languages on computers.\u003c/p\u003e\u003cp\u003eAccording to Unicode, close to 98 percent of our world's living languages are digitally disadvantaged. This means that operating systems, web browsers and mobile applications don't support them. So the Adopt-a-Character donations help Unicode — a neutral organization\u0026nbsp;interested in language conservation and technological standardization — to drive the work to correct this. They plan to focus use of the funds on adding characters for both modern and historic disadvantaged languages, and to support internationalization for those languages (\u003ca href=\"http://cldr.unicode.org/\" target=\"_blank\"\u003eCLDR\u003c/a\u003e and \u003ca href=\"https://en.wikipedia.org/wiki/International_Components_for_Unicode\" target=\"_blank\"\u003eICU\u003c/a\u003e).\u003c/p\u003e\u003cp\u003eWhen Elastic Founder and CTO \u003ca href=\"https://twitter.com/kimchy\"\u003eShay Banon\u003c/a\u003e found out about the adoption program, he had a cool idea: why not allow every engineer at Elastic (as well as other teammates within the company) to choose and adopt a character?\u003c/p\u003e\u003cp\u003eBesides supporting a good cause, it tells us a bit about every engineer on our team! Here's what we chose:\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003cth width=\"25%\"\u003e\u003cp\u003e\u003cstrong\u003eCharacter Adopted\u003c/strong\u003e \u003c/p\u003e\u003c/th\u003e\u003cth width=\"75%\"\u003e\u003cp\u003e\u003cstrong\u003eWho and Why\u003c/strong\u003e\u003c/p\u003e\u003c/th\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7212798d8e381ffc2d/download?uid=bltde28a09b63a94dd6?uid=bltde28a09b63a94dd6\" data-sys-asset-uid=\"blt1e18067c622301b4\" alt=\"gold-007B.png\"/\u003e and \u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d71d8edd48f769384a0/download?uid=blte01bbb4961d8c5b9?uid=blte01bbb4961d8c5b9\" data-sys-asset-uid=\"bltb6083c2951d50b29\" alt=\"gold-007D.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eElastic loves the curly braces — and it's a great cause. :) (Suggested by Brandon Mensing, Product Management, Strategy)\u003cbr /\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d77d8edd48f7693859d/download?uid=blt2952366a472080f9?uid=blt2952366a472080f9\" data-sys-asset-uid=\"blt83d45881ff25800c\" alt=\"elastic-unicode-curly-braces-awards.jpg\" width=\"420\" height=\"252\" style=\"width: 420;padding: 10px;height: 252;\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d710342dfd73826593d/download?uid=blt45c49c27b6f6fc81?uid=blt45c49c27b6f6fc81\" data-sys-asset-uid=\"blt609f2112e9376e9e\" alt=\"globe-with-meridians.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eRyan Schneider, Education Engineer: I adopted this emoji as it relates to one of the strongest ideals of our company which is its distributed culture that gives us the talent, camaraderie, and strengths that drive our products. The other globe emojis were tempting, but they specifically faced the globe on one particular region which showed bias. Our true distributed nature spans the entire globe.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7112798d8e381ffc17/download?uid=blt559b5193ef9487cc?uid=blt559b5193ef9487cc\" data-sys-asset-uid=\"bltd6808972b14f1160\" alt=\"doughnut.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTyler Fontaine, Support Engineer: Because mmm donut.\u003cbr /\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d71d8edd48f769384af/download?uid=blt058137609964e359?uid=blt058137609964e359\" data-sys-asset-uid=\"blt7fb14070324790cb\" alt=\"donut.gif\" style=\"width: 300;padding: 10px;\" width=\"300\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eScene from \u003ca href=\"http://www.fox.com/the-simpsons/full-episodes\" target=\"_blank\"\u003eThe Simpsons\u003c/a\u003e. Copyright © 2016 by FOX Broadcasting Company. All Rights Reserved.\u003c/figcaption\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7158208ba076e2a77d/download?uid=blt4d855d9093c0a535?uid=blt4d855d9093c0a535\" data-sys-asset-uid=\"blt5c804b9e3d416402\" alt=\"monkey-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe Elastic \u003ca href=\"https://www.elastic.co/blog/elastic-support-speaking-code-and-human\"\u003eSupport\u003c/a\u003e Team, because we're loveable Support Monkeys.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d720342dfd738265949/download?uid=bltd34116f962b70102?uid=bltd34116f962b70102\" data-sys-asset-uid=\"blt2a39c5a9c48b14c4\" alt=\"coffee.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNik Everett, Software Engineer: Because coffee keeps us going.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7243e9adc538716152/download?uid=blt5ff3cf7f6416ad60?uid=blt5ff3cf7f6416ad60\" data-sys-asset-uid=\"blt23b2de9ff85d755c\" alt=\"for-all.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTyler Hannan: Back before I realized I could make money in software, I was a theoretical mathematics \u0026amp; philosophy student. I was also … um … \"involved\" in the type of art that is placed in large swatches in abandoned buildings and/or trains and, more often, in galleries. Because we were a bunch of theoretical mathematicians making street art, we signed each piece with one consistent maths symbol. One that encapsulated the purpose, and name, of our little crew.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d723dc542cb38c0a9cd/download?uid=blt1996a4de20afb752?uid=blt1996a4de20afb752\" data-sys-asset-uid=\"blt2495500f93e9445a\" alt=\"hand-with-finger-raised.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eRobert Muir, Software Engineer: The money really does go to a good cause to fund important work on the world's languages. Besides that, you get a cool tweet from unicode. I did adopt this specific character because of this controversial \u003ca href=\"http://www.buzzfeed.com/charliewarzel/inside-emojigeddon-the-fight-over-the-future-of-the-unicode\" target=\"_blank\"\u003earticle\u003c/a\u003e. TL;DR: \"We're devoting the funds raised from the program to help flesh out support for digitally disadvantaged languages. And it's proved to be successful largely because of emoji.\"\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7212798d8e381ffc32/download?uid=blt3815d2ffd38717d7?uid=blt3815d2ffd38717d7\" data-sys-asset-uid=\"blt158ac3e1da2e6596\" alt=\"upside-down-smiley.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpencer Alger, JavaScript Developer: I just adopted the upside-down smiley, because it's silly and simple and I love using it.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d72d8edd48f769384c3/download?uid=bltbc7e21bf1bbccc10?uid=bltbc7e21bf1bbccc10\" data-sys-asset-uid=\"bltd67987aebb047f7a\" alt=\"panda-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNicolas Ruflin, Software Engineer: I adopted it because who doesn't like Pandas? A Panda always helps to keep a conversation friendly.\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d723dc542cb38c0a9db/download?uid=blt9261c7a33ea9cc69?uid=blt9261c7a33ea9cc69\" data-sys-asset-uid=\"blt7959d19b242daf1f\" alt=\"horns.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eRuss Cam, Software Engineer: Because rock'n'roll!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d720342dfd73826596e/download?uid=bltdf847b831d7a6a1a?uid=bltdf847b831d7a6a1a\" data-sys-asset-uid=\"bltb2af5fbc76790412\" alt=\"wind-blowing.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eRobin Clarke, Helper-outer: Because \"best winds\" is the best way to say goodbye.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d723dc542cb38c0a9ec/download?uid=bltb438dc19805374db?uid=bltb438dc19805374db\" data-sys-asset-uid=\"blte78dbe3ed02590a9\" alt=\"penguin.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJakob Reiter, Support Engineer: I've adopted the penguin, as it represents GNU/Linux and I probably wouldn't be working here, if I hadn't been introduced to GNU/Linux almost 13 years ago when I started my career in IT.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7258208ba076e2a7a6/download?uid=blt4814050ff96728c8?uid=blt4814050ff96728c8\" data-sys-asset-uid=\"blt6aadbd8ff30efb15\" alt=\"thumbs-up.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJoão Duarte, Log Whisperer: because this is the correct response to \"Can you all see this?\" when screen sharing in Zoom. Also I've always been a fan of nonverbal communication so I use thumbs up a lot!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7243e9adc53871616e/download?uid=blt794d2a2cae8670df?uid=blt794d2a2cae8670df\" data-sys-asset-uid=\"bltb0baaccaec9d31b8\" alt=\"burrito.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTudor Golubenco, Software Engineer: Because I like to use it as a reaction meaning \"thanks\". Plus, it's tasty.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d729e7a83165490e6f2/download?uid=blt00b2febc208d717b?uid=blt00b2febc208d717b\" data-sys-asset-uid=\"bltb19f2db4b72f6227\" alt=\"keyboard.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMartijn Laarman, Software Developer: Because without one who knows where I'd be? :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d723dc542cb38c0a9f1/download?uid=bltf91453ebab5c448e?uid=bltf91453ebab5c448e\" data-sys-asset-uid=\"bltb47800c3764cffc8\" alt=\"shield.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAndrei Stefan, Support Engineer: Adopted because, well… \u003ca href=\"https://www.elastic.co/products/shield\"\u003esecurity\u003c/a\u003e. ;-)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7358208ba076e2a7b3/download?uid=blteeab566308e40b0d?uid=blteeab566308e40b0d\" data-sys-asset-uid=\"blt52badb091381ce95\" alt=\"yellow-ribbon.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJongmin Kim, Developer Evangelist: This yellow ribbon is tied on my backpack. This has been done by many people in my local area in remembrance of the sinking of Sewol Ferry on 16 April 2014, which claimed 476 victims including 375 high school students. And also for remembrance of all people who have been victims of all kinds of situations like industrial accidents, natural disasters, and wars.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7343e9adc538716179/download?uid=blt9eee0eb563cebf12?uid=blt9eee0eb563cebf12\" data-sys-asset-uid=\"bltd1bb65d0018de425\" alt=\"black-spade-suit.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePete Dyson, Support Engineer: I adopted the black spade suit. So the story behind it is that I met my wife playing online poker :) She was in Berlin and I was in Brisbane, Australia. And through some crazy aligned planets thing, she now lives in Australia and we're married with three crazy kids. So I also have one of these tattooed on my left arm, an ace of spades playing card... which I got on my 28th birthday on the 28th of Feb 2008.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d730342dfd73826597e/download?uid=blt4aa4a15df17136aa?uid=blt4aa4a15df17136aa\" data-sys-asset-uid=\"blt95aa516bd9bdadaf\" alt=\"baby-bottle.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSteve Kearns, Sr. Director, Product Management: After 5+ years of having a unicode character poster on the wall of my cubicle while learning the intricacies of various human languages and search, it's nice to be able to give back. I adopted because I'm expecting a baby in the next few days! Target release date is May 2, but releases rarely go according to plan ;) Editor's note: The release was pushed back to May 10, and mom and baby are healthy.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d73d8edd48f769384e4/download?uid=blt7b4b809238502bd7?uid=blt7b4b809238502bd7\" data-sys-asset-uid=\"blt289b33e251115b84\" alt=\"horse-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAdrien Grand, Software Engineer: I adopted the horse face because unicorns are overrated.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d733dc542cb38c0aa00/download?uid=blt98444c60ce195108?uid=blt98444c60ce195108\" data-sys-asset-uid=\"blt80e633e0059f23bf\" alt=\"checkered-flag.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDaniel Mitterdorfer, Software Engineer: I have adopted the chequered flag\u0026nbsp;(U+1F3C1)\u0026nbsp;as I have been into car racing since I was a small boy.\u0026nbsp;That’s why I have also named our benchmarking tool for Elasticsearch \"\u003ca href=\"https://www.elastic.co/blog/announcing-rally-benchmarking-for-elasticsearch\"\u003eRally\u003c/a\u003e.\" But unfortunately, there is no Unicode character for a rally car yet. :(\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d739985d589763790c0/download?uid=blt2fbeeb538ff43bec?uid=blt2fbeeb538ff43bec\" data-sys-asset-uid=\"blt4af4c5cc20c6a109\" alt=\"ear-of-maize.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCourt Ewing, Tech Lead Kibana: I've adopted U+1F33D (ear of maize) because I live in the middle of Amish country and our local tech community has sort of adopted that emoji as its own thing. It now carries a million different unofficial meanings for us — we could probably have entire discussions exclusively with the corn emoji. This Adopt-a-Character program is awesome.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d733dc542cb38c0aa15/download?uid=blta7e8b719419e2a49?uid=blta7e8b719419e2a49\" data-sys-asset-uid=\"blt6c218d7ae9875ad0\" alt=\"soft-ice-cream.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAli Beyad, Software Engineer: I've adopted U+1F366 (soft ice cream) … because I asked my 4 year old daughter which one she would pick and that is what she sagaciously chose.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d733dc542cb38c0aa10/download?uid=blt164f16fa878dea21?uid=blt164f16fa878dea21\" data-sys-asset-uid=\"blt87d6f4efce5f7889\" alt=\"frog-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDavid Pilato, Developer Evangelist: I'm still wondering why I choose U+1F438 ???\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d73d8edd48f769384f5/download?uid=bltf33c3a7e6b16015d?uid=bltf33c3a7e6b16015d\" data-sys-asset-uid=\"blt5e4606ba7dcf287f\" alt=\"raised-fist-type-4.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePeter Kim, Chief Coffee Connoisseur: I adopted the raised fist to support the struggle of oppressed peoples around the world against all forms of injustice. From Wikipedia: The raised fist is a symbol of solidarity and support. It is also used as a salute to express unity, strength, defiance, or resistance. The salute dates back to ancient Assyria as a symbol of resistance in the face of violence.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7343e9adc53871618a/download?uid=blt30c3c6ea9a0c824b?uid=blt30c3c6ea9a0c824b\" data-sys-asset-uid=\"blt65f4e4e6cc7c3fb1\" alt=\"rooster.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJay Greenberg, Support Engineer: I have adopted the rooster for obvious reasons.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d73d8edd48f769384fb/download?uid=blta8beb0df5345991f?uid=blta8beb0df5345991f\" data-sys-asset-uid=\"bltb5b3b5d7c6036ad3\" alt=\"dragon.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eLee Drengenberg, Software Engineer: I got this instead of an actual tattoo.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7358208ba076e2a7d0/download?uid=bltb393abcfa2fb2e02?uid=bltb393abcfa2fb2e02\" data-sys-asset-uid=\"bltee8ea5ca88b107ff\" alt=\"gem-stone.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eGuy Boertje, Software Engineer: I chose U+1F48E, gem or diamond. This is for all Elastic \"diamonds\" that I share this amazing ride with. \"Diamond geezer\" is a relatively new London slang term. In London today, a geezer is a person who is \"one of us\" or \"a good sort\" — usually male. Diamond was added to refine it to a \"the best of us,\" \"the best of sorts\". Now it's shortened to simply \"diamond\" as in \"You are a real diamond\" — not gender specific though. \"Geezer\" was used before for someone who can operate narrowly on either side of the law — a skallywag, a dodgy sort or someone that \"knows people that know people\". Obviously Elastic has none of these. In US English, I believe geezer refers to an old man, but this is clearly wrong. :-)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d733dc542cb38c0aa2b/download?uid=bltad06dd97d68984dd?uid=bltad06dd97d68984dd\" data-sys-asset-uid=\"blt16775e4e3d075d61\" alt=\"cricket-bat-ball.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eShaunak Kashyap, Developer: I chose it for my favorite sport, watching and playing. Plus I'm pretty sure that one isn't going to have too many takers. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7312798d8e381ffc62/download?uid=bltf372d1e243a87201?uid=bltf372d1e243a87201\" data-sys-asset-uid=\"blt96f7ccb78662867e\" alt=\"alien.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCostin Leau, Software Engineer: I picked it because I do believe that space is the final frontier. And hope that not too far in the future humanity will be exploring other planets, visiting other galaxies, discover ubik and maybe, just maybe meeting extra-terrestrial (and why not, friendly) life forms.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7458208ba076e2a7e3/download?uid=bltb6425998851dc955?uid=bltb6425998851dc955\" data-sys-asset-uid=\"blta85b4cf3d507a581\" alt=\"snowboarder.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMatt Bargar, Software Engineer: I adopted it because I wanted to be a professional snowboarder when I grew up. Alas, I was born in Ohio.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7443e9adc53871619f/download?uid=bltcd4d59995c97f68d?uid=bltcd4d59995c97f68d\" data-sys-asset-uid=\"bltbf8b3fde77c08327\" alt=\"screaming.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eColin Surprenant, Software Engineer: I chose it because this is probably the finance team's reaction upon receiving all of our funky expense reports. :P\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d74d8edd48f7693850c/download?uid=bltc9f2dfc9342fbd07?uid=bltc9f2dfc9342fbd07\" data-sys-asset-uid=\"blt06a3b547f0a0c87a\" alt=\"ChPKrsSU4AAwNHa.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eUri Boness, Elastic Co-Founder: 'Cause I hate talking / explaining core values.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d749985d589763790ef/download?uid=blt4d893051200a9632?uid=blt4d893051200a9632\" data-sys-asset-uid=\"blt9248c6d83d4865b6\" alt=\"magnifying-glass.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAlex Brasetvik, Software Engineer: I adopted this — You know, for search … (Wish there had been a skydiver emoji.)\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d749e7a83165490e725/download?uid=blt66fe87e62bcb4285?uid=blt66fe87e62bcb4285\" data-sys-asset-uid=\"blt7c02c36f36a9f1f6\" alt=\"roasted-sweet-potato.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAaron Bull Schaefer, Infrastructure Engineer: I've chosen the good ole' roasted sweet potato (U+1F360) as they are not only delicious, but rich in complex carbohydrates, dietary fiber, and beta-carotene, with a dash of potentially healthy (not yet studied) resin glycosides having antibacterial and antifungal properties. As if that weren't enough, :sweet_potato: is one of my favorite exclamatory reactions to messages in Slack.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d743dc542cb38c0aa33/download?uid=blt69e71eaa2d80a277?uid=blt69e71eaa2d80a277\" data-sys-asset-uid=\"blt3f35a548b958e21b\" alt=\"bug.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJason Bryan, Support Engineer: I have adopted the bug (U+1F41B) to pay tribute to the bug gods and because the pupa stage is terribly underrated.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d740342dfd7382659ad/download?uid=blt35335c98236c55a1?uid=blt35335c98236c55a1\" data-sys-asset-uid=\"blt3bc0266571787a3c\" alt=\"speaker-with-sound-waves.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSteve Mayzak, VP Worldwide Solutions Architecture: I adopted this one for my love of music and bass!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d743dc542cb38c0aa38/download?uid=bltf14f6251e651434e?uid=bltf14f6251e651434e\" data-sys-asset-uid=\"blt8914e321f01d5cd4\" alt=\"heat-waves.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePaul Echeverri, Senior Technical Writer: I adopted it because I love hot water and hot springs of all sorts.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7443e9adc5387161ab/download?uid=bltc2d2f487528272f2?uid=bltc2d2f487528272f2\" data-sys-asset-uid=\"blt1dc8afb5fe034513\" alt=\"raised-hand-vulcan.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNicholas Lim, Services Engineer: Adopted this on two counts: I \u0026lt;3 Spock and my resounding wish is for everyone to \"Live long and prosper.\"\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d749e7a83165490e737/download?uid=blt4118e6f3ef3fd3b0?uid=blt4118e6f3ef3fd3b0\" data-sys-asset-uid=\"blte733243ab9ef12bf\" alt=\"spider.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMedcl Zeng, Developer Evangelist: I adopt this spider, which is the hard-working agent for the internet.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb7f10cd843a4079/5fa95ae172a3526f28dba26c/runner.png\" data-sys-asset-uid=\"bltfb7f10cd843a4079\" alt=\"runner.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eChristian Strzadala, Software Engineer: I've adopted this as I do run a fair bit.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d749985d589763790ff/download?uid=blt19af81bd84561f34?uid=blt19af81bd84561f34\" data-sys-asset-uid=\"blt99f27dd99efb6d1c\" alt=\"chet.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJordan Zimmerman, Cloud Engineer: I adopted U+05D7, the Hebrew letter Chet. When followed by a yud it is the word \"life\" (chai): חי. I'm such a softy. חי makes the number 18 so, many Jews always add $18 when giving money gifts.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d740342dfd7382659bc/download?uid=bltfe6bab322db2ac39?uid=bltfe6bab322db2ac39\" data-sys-asset-uid=\"blte71bd5cd05f1ecd8\" alt=\"snowboarder.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eBaha Azarmi, Solutions Architect: I adopted U+1F3C2 … Well, you know why :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d759e7a83165490e746/download?uid=blt0b66da1d4f1a95fb?uid=blt0b66da1d4f1a95fb\" data-sys-asset-uid=\"blte55370e500dd3a26\" alt=\"desert.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eChristian Zumbiehl, Professional Services: I chose this one because I am fascinated by deserts and I see the cactus as a model of persistence.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7443e9adc5387161c3/download?uid=bltde165e5c18cf878d?uid=bltde165e5c18cf878d\" data-sys-asset-uid=\"blt826c7f3fc99d807e\" alt=\"fermata.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eChristoph Büscher, Software Engineer: I adopted a character from music notation. The fermata is used to indicate to hold a note a bit longer than usual, to give it more space and attention because it's really good.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d74d8edd48f76938531/download?uid=bltbc0c2272c6850215?uid=bltbc0c2272c6850215\" data-sys-asset-uid=\"blt0e6d7e0b1ccdcb01\" alt=\"black-question-mark.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eKurt Hurtado, Software Engineer: I adopted 'BLACK QUESTION MARK ORNAMENT' (U+2753 ). At Elastic, we always ask \"WHY?\"... it's an important part of our culture. Also, when I teach classes on the Elastic Stack, I love getting questions from attendees. I learn best myself when I'm asking questions.\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d740342dfd7382659cc/download?uid=blta346b43a971de6e9?uid=blta346b43a971de6e9\" data-sys-asset-uid=\"blte114275f1441906a\" alt=\"pepper.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTim Sullivan, UI Engineer: I adopted it because it looks a lot like the kind of Thai chilis that my wife grows at home. We're both huge fans of chili and spicy food, and it's something that we've always had in common.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7143e9adc538716144/download?uid=bltad017cf2260f03af?uid=bltad017cf2260f03af\" data-sys-asset-uid=\"blt0ad01ddd70ff6d7c\" alt=\"monkey.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJay Modi, Security Engineer: I adopted it because, well, I like monkeys.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d75d8edd48f76938538/download?uid=blt7c98986c0e2b1ed2?uid=blt7c98986c0e2b1ed2\" data-sys-asset-uid=\"blt211c3369b40c4b85\" alt=\"unicodeBronze-2601.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eHenry Pak, Solutions Architect: Adopted it because\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7543e9adc5387161cb/download?uid=blt310c85ce06ef2313?uid=blt310c85ce06ef2313\" data-sys-asset-uid=\"bltab64ec4155a2c782\" alt=\"There_is_no_cloud.jpg\" style=\"width: 300;padding: 10px;\" width=\"300\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eScene from \u003ca href=\"http://www.warnerbros.com/matrix\" target=\"_blank\"\u003eThe Matrix\u003c/a\u003e. Copyright © 1999 by Warner Bros. All Rights Reserved.\u003c/figcaption\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d75d8edd48f76938545/download?uid=bltae8ab14e0277716b?uid=bltae8ab14e0277716b\" data-sys-asset-uid=\"blt017e485daabe393c\" alt=\"sparkles.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eKosho Owa, Solutions Architect: I have adopted it because it can make anything shiny.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7543e9adc5387161d6/download?uid=bltc7b5f669823a9b15?uid=bltc7b5f669823a9b15\" data-sys-asset-uid=\"bltcf5fd791f19c5e88\" alt=\"books.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDeb Adair, Technical Writer: I adopted books. You know, for docs!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d759e7a83165490e756/download?uid=bltd5cadf3af89349f1?uid=bltd5cadf3af89349f1\" data-sys-asset-uid=\"blt3f9f9d205141e544\" alt=\"water-wave.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSherry Ger, Support Engineer: I adopted that because it is how it feels in support!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d750342dfd7382659da/download?uid=blt7a5f9c5144f52ad6?uid=blt7a5f9c5144f52ad6\" data-sys-asset-uid=\"blt922f4a814e0c8546\" alt=\"cjk-radical-j-simplified.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eShay Banon, the dude abides: I have adopted U+2EEF, it was my first tattoo (followed 30 minutes later by my second one). Why it was my first tattoo is a different story :)\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7558208ba076e2a813/download?uid=blt7ca9b67a4f8f0559?uid=blt7ca9b67a4f8f0559\" data-sys-asset-uid=\"blt01f32c2233eb72d2\" alt=\"japanese-beginner.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAaron Mildenstein, Software Engineer: I adopted U+1F530 because, well, Japan. This symbol goes on the back of cars with new drivers, kind of like a \"beginner on board\" identification. It fits with my \"untergeek\" nickname and reminds me to always keep learning as though I were a beginner.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d759985d58976379130/download?uid=blt3242cbd2e2bd855c?uid=blt3242cbd2e2bd855c\" data-sys-asset-uid=\"blt33eada05c9424905\" alt=\"tiger-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePhilipp Krenn, Developer Advocate: I've adopted U+1F42F. I'm just like a big cat that likes to sleep whenever possible, I love Hobbes from Calvin and Hobbes, and it has been my emoji in many chats.\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d750342dfd7382659e7/download?uid=blt52fb82ef354966e1?uid=blt52fb82ef354966e1\" data-sys-asset-uid=\"blt806be65eca7ecc61\" alt=\"racing-car.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eKevin Kluge, VP of Engineering: I adopted U+1F3CE. It looks like a Ferrari F1 car. I've been following F1 and rooting for \u003ca href=\"http://formula1.ferrari.com/en/\"\u003eFerrari\u003c/a\u003e for a long time. I also do some amateur car racing as my primary hobby, when work and family allow. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d753dc542cb38c0aa6d/download?uid=bltf4eee27e4cdca478?uid=bltf4eee27e4cdca478\" data-sys-asset-uid=\"blt81eba3fc643f166a\" alt=\"peace-dove.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eGabriel Moskovicz, Engineer: I adopted U+1F54A, the dove of peace. Pretty sure it is self-explanatory. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d759e7a83165490e764/download?uid=blt0936fddec8128a79?uid=blt0936fddec8128a79\" data-sys-asset-uid=\"blt1d45db4515bbb6cb\" alt=\"cjk-unified-ideograph-96ea.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJason Tedor, Software Engineer: I adopted U+96EA because my wife's name is 深雪 meaning \"deep snow\" and it also seemed fitting since I'm from Alaska.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d769985d5897637914e/download?uid=bltc0572ea4e21c1e8c?uid=bltc0572ea4e21c1e8c\" data-sys-asset-uid=\"bltd59b58156947e084\" alt=\"snow-capped-mountains.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMark Harwood, Software Engineer: I adopted \"snow-capped mountain\" — they've always been a big part of my family. I married my wife on top of one :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d753dc542cb38c0aa7d/download?uid=blt6aa2b7bd14401308?uid=blt6aa2b7bd14401308\" data-sys-asset-uid=\"bltdde5b8b851ebdf91\" alt=\"wolf-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eChris Earle, Monitoring Lead: I adopted U+1F43A because I love dogs and that reminds me of German Shepherds, which is my favorite breed. It looks more like a Husky or Wolf in some other emoji formats and they're pretty cool too.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7612798d8e381ffcd4/download?uid=blta0527d25f72f7c47?uid=blta0527d25f72f7c47\" data-sys-asset-uid=\"blt73c73c3708953fce\" alt=\"tree.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDeDe Morton, Sr. Technical Writer: I adopted the tree (U+1F333) for the rich imagery of being rooted while also reaching towards the sky … for the connections that we have to the people we love and to the past and future through our ancestors and children … for the fruit that nourishes us … and for the air that we breathe.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d760342dfd7382659f8/download?uid=blt9124a764f9bcf33e?uid=blt9124a764f9bcf33e\" data-sys-asset-uid=\"blt0ffacb8c955e96be\" alt=\"hangul-choseong-khieukh.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eBohyun Kim, Senior Product Manager: I adopted a Korean consonant, since it gets used the most when I type in Korean. This character has the sound of [kʰ] which can sound like a soft laughing sound when they're spoken in a series (e.g. 'ㅋㅋㅋㅋ' translates to ‘kkkk').\u0026nbsp;So when I find something really funny, I will type this about 20 times :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d769e7a83165490e775/download?uid=blt02f3dce62f78d37a?uid=blt02f3dce62f78d37a\" data-sys-asset-uid=\"blt0582572fefd0c594\" alt=\"light-bulb.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eBoaz Leskes, Software Engineer: It's the best of part of any serious programming/debugging session.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d769985d5897637914f/download?uid=blt3a62d2b2cbb85abc?uid=blt3a62d2b2cbb85abc\" data-sys-asset-uid=\"bltbfd7f46c026d7738\" alt=\"glowing-star.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eColin Goodheart-Smithe, Software Engineer: I adopted it because I studied nuclear astrophysics at university so I learnt all about (and have since forgotten all about) stars.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7643e9adc538716204/download?uid=blt16f292f289480fa0?uid=blt16f292f289480fa0\" data-sys-asset-uid=\"blt9c9a2b6b469a73ab\" alt=\"rocket.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMartijn van Groningen, Software Engineer: I've adopted U+1F680 because rockets are cool.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7612798d8e381ffce2/download?uid=bltc839914af6fb07cb?uid=bltc839914af6fb07cb\" data-sys-asset-uid=\"bltb89cc11ba830d3d5\" alt=\"noodles-bowl.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ePius Fung, Support Engineer: I adopted because I can eat noodles 365 days a year. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d76d8edd48f76938571/download?uid=blt2afaff6846554fae?uid=blt2afaff6846554fae\" data-sys-asset-uid=\"blt6c63af8cff2c145b\" alt=\"mountain.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSuyog Rao, Team Lead: Adopted U+26F0. You know, for the love of mountains and outdoors. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7658208ba076e2a846/download?uid=blt5e14aeb1ea947631?uid=blt5e14aeb1ea947631\" data-sys-asset-uid=\"blt742c069de6ce874c\" alt=\"lion-face.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAntonio Bonuccelli, Elastic Support: Adopting a lion face ‘cause it's an endangered species and it is also my zodiac sign. :-)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d76d8edd48f76938579/download?uid=blt8ea7407bcefda290?uid=blt8ea7407bcefda290\" data-sys-asset-uid=\"blt39e864fb4a141fb5\" alt=\"person-with-praying-hands.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDrew Raines, Software Developer:\u0026nbsp;I adopted \u003cem\u003eperson with folded hands, type-6\u003c/em\u003e as homage to the four pair in my home. This image embodies two beautiful things: transracial adoption and prayer. I grew up a white boy in the American south. My children are black Africans. Adoption has allowed me to incarnate into the black experience. I watch as they get disciplined before their white peers. I educate them how to talk to the police for fear they won’t come home one night when they’re teenagers. But I have hope in the God who adopted me, who\u0026nbsp;promised to \u003cem\u003eproclaim liberty to the captives\u003c/em\u003e and \u003cem\u003eset at liberty those who are oppressed\u003c/em\u003e (Lk 4). While we wait for that day, he told us to pray. Hate is not someone else’s problem. It’s in me. Left to my own, I wouldn’t need any lessons on how to judge people or think I’m better than they are. A hater like I am cannot just talk to a perfect God with impunity. Jesus Christ incarnated into the human experience, bearing the punishment that I deserve for rejecting God and hating my neighbor, and defeated the domain of darkness whence all hate comes so that, in part, I could \u003cem\u003epray\u003c/em\u003e. It’s soil in which I plant my hope that his promise is true. So I do it. For my family, for my neighbor, for you.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d760342dfd738265a11/download?uid=bltc5dfdf9168089b67?uid=bltc5dfdf9168089b67\" data-sys-asset-uid=\"blt2425f07f415de27b\" alt=\"artist-palette.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMarcelo Rodriguez, Support Engineer: I adopted it for the inner artist in all of us and our Engineering All-Hands reminded me that what we do is more of an art than a science.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d760342dfd738265a16/download?uid=blt79863b8fe0f54725?uid=blt79863b8fe0f54725\" data-sys-asset-uid=\"bltf5315a584576654e\" alt=\"minidisc.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAndrew Cholakian, Software Engineer: I adopted it because I always wanted a MiniDisc player but could never afford one. Now I have one foreevvvveerrrrr.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d763dc542cb38c0aaa0/download?uid=blt6230686c402ad543?uid=blt6230686c402ad543\" data-sys-asset-uid=\"blt40dc430ecec45180\" alt=\"raised-hand.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eUri Cohen, product guy: I adopted raised hand with part between middle and ring fingers, type-4 for three reasons: 1) Because it's the Vulcan salute, and I highly appreciate good reason behind everything I do (albeit not at the expense of emotions). 2) It's also (and that's where Leonard Nimoy borrowed it from) how Cohens, which stands for priests in Hebrew, raise their hands in the \u003ca href=\"https://en.wikipedia.org/wiki/Priestly_Blessing\"\u003etraditional priest blessing\u003c/a\u003e in synagogue. I am not religious, at least not in the traditional way, but being a Cohen is part of my heritage. The type 4 is, well, because it's the closest to my skin tone :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7643e9adc538716212/download?uid=bltb06ec706bb04e8e7?uid=bltb06ec706bb04e8e7\" data-sys-asset-uid=\"blt037bb4055f64788d\" alt=\"party-popper.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eNicolás Bevacqua, UI Engineer: I adopted party popper because I'm a huge fan of this emoji. It makes me feel so good every time I add one of these into a message, for some reason!\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d769985d58976379161/download?uid=bltefbdab3999c3298e?uid=bltefbdab3999c3298e\" data-sys-asset-uid=\"blt6c67f7939aaac2af\" alt=\"boom.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eMiguel Bosin, Support Engineer: I adopted because this is what I felt when I joined Elastic and met the impressive (in many senses) people I have met so far.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d763dc542cb38c0aaa1/download?uid=bltf8ebcf1141631444?uid=bltf8ebcf1141631444\" data-sys-asset-uid=\"blt52b18024cbaf6f1e\" alt=\"baseball.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJason Dickson, Content Coordinator: I adopted U+26BE because it reminds me of watching baseball with my grandfather and attending San Jose Giants games with my wife and friends.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7758208ba076e2a851/download?uid=bltd01944aaea3cf041?uid=bltd01944aaea3cf041\" data-sys-asset-uid=\"blt8427fd2bb62b517c\" alt=\"movie-camera.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eBen Ferrer, Video Content Creator: I've always had a camera in my hand since I was a kid, and cinematography has been my passion for quite awhile.\u003c/p\u003e\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d77d8edd48f7693858b/download?uid=bltc43946eb525e2cb1?uid=bltc43946eb525e2cb1\" data-sys-asset-uid=\"blt7feafead69eaaef8\" alt=\"white-rat.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTanya Bragin, member of the Product team: I thought of adopting this when I was texting with my husband about our three-year-old daughter. She is German, and a diminutive name often used in Germany for little girls is inexplicably \"Maeuschen,\" which means \"little mouse.\" So when we text each other, we often use this character to describe Alina. I decided to adopt this emoji to signify my unbounded love for her, and the amazing experience it has been for me being a parent and raising a child.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d7743e9adc538716224/download?uid=blt985f5f04353ad667?uid=blt985f5f04353ad667\" data-sys-asset-uid=\"blte5f181176a893ddc\" alt=\"top-hat.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eJames Baiera, Software Engineer: I've adopted the top hat emoji. Years ago, some old friends gave me the nickname \"Jimmy the Hat,\" due in part because I always wear a hat (though not a top hat). Also because my first name is Jimmy. It's an exceedingly clever nickname that has stuck with me since.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp align=\"center\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d773dc542cb38c0aaaf/download?uid=blt0f722798a4163f07?uid=blt0f722798a4163f07\" data-sys-asset-uid=\"blt8a31d24b3b138392\" alt=\"floppy-disk.png\"/\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDimitrios Liappis, Infrastructure Engineer: I adopted the floppy disk emoji\u0026nbsp;\u003ca href=\"http://www.unicode.org/emoji/charts/emoji-list.html#1f4be\" target=\"_blank\"\u003e\u003cbr /\u003e\u003c/a\u003e(U+1F4BE) because this is what got me started with computers and I still fondly take care of devices that can read them. :)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr /\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eLuisa Antonio, Marketing Coordinator: I chose the laughing face emoji because laughing on a daily basis is a must for me. A good sense of humor goes a long way in life\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eSoon to be added: The Elastic \u003ca href=\"https://www.elastic.co/training\"\u003eEducation\u003c/a\u003e\u0026nbsp;Team will be\u0026nbsp;adopting the owl\u0026nbsp;(U+1F989) from Unicode 9.0\u0026nbsp;at\u0026nbsp;bronze level.\u0026nbsp;As seen in the \u003ca href=\"http://www.latimes.com/business/technology/la-fi-tn-new-emoji-unicode-9-20160602-snap-story.html\"\u003eLos Angeles Times last week\u003c/a\u003e, the owl is one of a set of\u0026nbsp;brand-new emojis coming soon to a screen near you!\u0026nbsp;The Unicode Consortium is\u0026nbsp;close to allowing adoption of Unicode 9.0 characters with their website update in the coming weeks. Check back and you can\u0026nbsp;be first to adopt one of the awesome new emojis!\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eIn case you're wondering, adopting wasn't required and all adoption fees were eligible for reimbursement by Elastic. And here's an example of the cool certificates that a Bronze-level sponsor may choose to receive:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d729985d58976379092/download?uid=blt0e158b6c742c14b6?uid=blt0e158b6c742c14b6\" data-sys-asset-uid=\"blt51e21fa6f3050fd5\" alt=\"Elastic-Baha-Unicode-Consortium.jpg\" width=\"624\"/\u003e\u003c/p\u003e\u003cp\u003eElastic commends the Unicode Consortium for all the work it is doing, and we encourage everyone reading this to visit the \u003ca href=\"http://unicode.org/\" target=\"_blank\"\u003eUnicode Consortium\u003c/a\u003e site and its \u003ca href=\"http://unicode.org/consortium/adopt-a-character.html\" target=\"_blank\"\u003eAdopt-a-Character program\u003c/a\u003e, and make a donation to sponsor your favorite character today!\u003c/p\u003e","category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:18:56.195Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt9b9e21e089f315b8","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:37.770Z","updated_at":"2018-10-11T05:10:37.770Z","content_type":"image/jpeg","file_size":"205625","filename":"blog-unicode-sponsor-banner.jpg","title":"blog-unicode-sponsor-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:16:11.924Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9b9e21e089f315b8/5bbedb4d6a851d9f7f70c82b/blog-unicode-sponsor-banner.jpg"},"markdown_l10n":"","publish_date":"2016-06-07T14:20:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch Loves the Unicode Adopt-a-Character Program","seo_description_l10n":"Shay Banon found out about the Unicode Consortium's Adopt-a-Character program, and he had a cool idea: why not allow every engineer at Elastic (as well as other teammates within the company) to choose and adopt a character?","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt389c921db479034d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:30.572Z","updated_at":"2018-10-11T05:10:30.572Z","content_type":"image/jpeg","file_size":"75873","filename":"blog-unicode-sponsor-thumb.jpg","title":"blog-unicode-sponsor-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:16:11.924Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt389c921db479034d/5bbedb4663ed239936a7df03/blog-unicode-sponsor-thumb.jpg"},"title":"Adopt-a-Character Program and the Unicode Consortium :-)","title_l10n":"Adopt-a-Character Program and the Unicode Consortium :-)","updated_at":"2025-03-10T11:34:44.388Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-love-for-the-adopt-a-character-program-and-the-unicode-consortium","publish_details":{"time":"2025-03-10T11:34:48.061Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt202b6cb6e7511b42","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"Create a threshold alert in Elasticsearch using a simple and easy Kibana UI.","author":["blt7df598857705e791","blt84d458550c3f5c4e"],"body_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/elasticon/conf/2017/sf/opening-keynote\"\u003eSimple things should be simple\u003c/a\u003e was one of the themes at Elastic{ON} ‘17, our annual user conference where we connect with our users. During and prior to the user conference,\u0026nbsp;we received many requests for a simple and easy to use UI to create alerts. As it turns out, creating a single UI to work effectively for all types of alerts is pretty hard. For example, a UI that can create an alert when the\u0026nbsp;average CPU utilization goes over 50%\u0026nbsp;looked\u0026nbsp;pretty different from a UI that can create an\u0026nbsp;alert when there are many concurrent logins from the same IP address.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eSince it is hard to build a universal UI for all types of alerts, we decided to tackle the UI for the most commonly requested alert first: a simple, threshold\u0026nbsp;alert that is triggered\u0026nbsp;when a metric goes above or below a given threshold.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBefore we can get into examples, make sure that you have the minimum of version of 6.0.0-beta 2 of \u003ca href=\"https://www.elastic.co/downloads/elasticsearch#preview-release\"\u003eElasticsearch\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/downloads/kibana#preview-release\"\u003eKibana\u003c/a\u003e installed with \u003ca href=\"https://www.elastic.co/downloads/x-pack#preview-release\"\u003eX-Pack\u003c/a\u003e installed on both. Also, ensure that you have Elasticsearch configured with a user with \u003ca href=\"https://www.elastic.co/guide/en/kibana/6.0/watcher-security.html\"\u003esufficient rights\u003c/a\u003e. Now, we need some interesting data with which to build our alerts. \u003ca href=\"https://www.elastic.co/beats/metricbeat\"\u003eMetricbeat\u003c/a\u003e is a great beat for monitoring system and user processes on a machine. To set up Metricbeat, refer to our documentation \u003ca href=\"https://www.elastic.co/guide/en/beats/metricbeat/6.0/metricbeat-installation.html\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eOnce Metricbeat is installed and running, open up a browser and navigate to Kibana. Click on the Management app in the side navigation bar, and then click on Watcher under the Elasticsearch heading.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd79cd0b30bd5c1d6/5fa958d509ed4c6f277eb496/blog-threshold-alert-1.png\" width=\"624\" height=\"348\" style=\"width: 624;height: 348;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eNow, click on the ‘Create New Watch’ button and select ‘Threshold Alert’. This will bring you to the new threshold alert UI.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn the ‘Create a new threshold alert’ panel, configure the name, index, time field and the trigger interval. This will reveal the condition panel with a simple condition already populated, as well as a visualization of the data that the condition is based upon.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0d576f8480155b0a/5fa958dc6f82405d9a4aa796/blog-threshold-alert-2.png\" width=\"624\" height=\"163\" style=\"width: 624;height: 163;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFor our first example, we want a threshold alert that is triggered when the maximum of the total CPU usage on a machine ever goes above 50% during the past 5 minutes. This is a very common type of alerts because it can help understand when and where the spikes are happening to take an action. We will choose 50% as a threshold value. Modify the condition expression so that it matches the image below.\u0026nbsp;As you change the expression, the visualization is updated automatically to show the threshold value and data as red and blue lines respectively.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt054cca82200a0818/5fa958dbffb61e50a0faab99/blog-threshold-alert-3.png\" width=\"615\" height=\"301\" style=\"width: 615;height: 301;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr class=\"kix-line-break\"/\u003eNow that we have configured the condition to trigger the\u0026nbsp;alert, let’s configure what we want to happen when that condition is met. In this case, we want to send an E-mail to the person to which it matters most. Click on the ‘Add new action’ select box, and choose ‘E-mail’. A sample configuration for an e-mail action is shown below.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blteb2d144ab6cb6a27/5fa958dc97f9f35d942e99c0/blog-threshold-alert-4.png\" width=\"624\" height=\"259\" style=\"width: 624;height: 259;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eNote that you can use \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-template.html#search-template\"\u003emustache\u003c/a\u003e syntax to access the {{ctx}} object which contains information about the alert when it triggers. We are using that here to embed the max CPU value into the body of our e-mail. If you have an \u003ca href=\"https://www.elastic.co/guide/en/x-pack/6.0/actions-email.html#configuring-email\"\u003ee-mail account configured in Elasticsearch\u003c/a\u003e, then you can click on the ‘Test fire an e-mail now’ and watcher will send out a sample e-mail.\u003c/p\u003e\u003cp\u003eClick on the ‘Save’ button to save your new alert. There is now a threshold alert running on your Elasticsearch cluster.\u003c/p\u003e\u003cp\u003eWant to see this feature in a live demo?\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 478px;margin-bottom: 15px;\"\u003e\u003cimg style=\"width: 100%;margin: auto;display: block;\" class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/Pzht5TWZYmh74gvk38QPUg.jpg\" data-uuid=\"Pzht5TWZYmh74gvk38QPUg\" data-v=\"4\" data-type=\"inline\" width=\"100%\"/\u003e\u003c/div\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBut of course there’s more, like what’s coming up next. We have plans to allow you to use Kibana's saved searches to be the input for a threshold alert since those are fairly common and currently used in other areas of Kibana. We also plan to build out more UIs for other alerting use cases, such as comparing today’s value with last week’s value and alerting when the change goes\u0026nbsp;beyond a certain threshold.\u003c/p\u003e\u003cbr /\u003eGo use this feature\u0026nbsp;and check out our \u003ca href=\"https://www.elastic.co/guide/en/kibana/6.0/watcher-ui.html\"\u003edocumentation\u003c/a\u003e for more details. As you dive into the 6.0 preview releases, we'd love to hear your feedback as part of our \u003ca href=\"https://www.elastic.co/blog/elastic-pioneer-program-6-0\" target=\"_blank\"\u003ePioneer Program\u003c/a\u003e. Your insights make\u0026nbsp;our software better!","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:22:15.395Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf7e0361d38ceea67"],"full_bleed_image":{"title":"Screen Shot 2017-09-12 at 4.37.01 PM.png","uid":"blt8c93fdb27c9974d3","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:41:23.178Z","updated_at":"2019-01-05T09:41:23.178Z","content_type":"image/png","file_size":"114006","filename":"Screen_Shot_2017-09-12_at_4.37.01_PM.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:28:26.145Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c93fdb27c9974d3/5c307bc34657a057675ba7c4/Screen_Shot_2017-09-12_at_4.37.01_PM.png"},"markdown_l10n":"","publish_date":"2017-09-13T09:30:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltb1d5b7df835c3535","ACL":{},"created_at":"2023-11-06T21:38:33.456Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"continuous-monitoring","label_l10n":"Continuous monitoring","tags":[],"title":"Continuous monitoring","updated_at":"2023-11-06T21:38:33.456Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.388Z","user":"blt4b2e1169881270a8"}},{"title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"title":"DevOps","label_l10n":"DevOps","keyword":"devops","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd2296d539450bf20","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:41.888Z","updated_at":"2021-12-16T22:34:41.888Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.169Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"Screen Shot 2017-09-12 at 3.40.08 PM.png","uid":"bltec7f90943d63b5af","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:41:38.908Z","updated_at":"2019-01-05T09:41:38.908Z","content_type":"image/png","file_size":"97060","filename":"Screen_Shot_2017-09-12_at_3.40.08_PM.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:28:26.145Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec7f90943d63b5af/5c307bd233d6423967f5b62c/Screen_Shot_2017-09-12_at_3.40.08_PM.png"},"title":"Creating a threshold alert in Elasticsearch is simpler than ever.","title_l10n":"Creating a threshold alert in Elasticsearch is simpler than ever.","updated_at":"2025-03-10T11:32:38.423Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/creating-a-threshold-alert-in-elasticsearch-is-simpler-than-ever","publish_details":{"time":"2025-03-10T11:32:42.629Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb8713a9f8f7f14a0","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"This step-by-step set of instructions will walk you through setting up an Elastic Cloud account, creating and securing your Elasticsearch cluster, and more.","author":["bltfcef00cc055272b5"],"body_l10n":"\u003ctable style=\"background: #FFFFD2;\"\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eDON'T PANIC.\u0026nbsp;\u003c/strong\u003eThis article contains instructions for Elasticsearch 2.x\u0026nbsp;and Kibana Version 4.x, but still works. An updated version for 5.x can be found \u003ca href=\"/blog/getting-started-with-hosted-elasticsearch-v5-and-a-sample-dataset\"\u003ehere\u003c/a\u003e.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eGetting an Elasticsearch environment up and running has never been easier. With Elastic Cloud, you can launch your cluster and start ingesting data in literally minutes. See how in this \u003ca href=\"https://youtu.be/MNkdXSzt96E\" target=\"_blank\"\u003e3-minute video\u003c/a\u003e. This step-by-step set of instructions will walk you through setting up an Elastic Cloud account, creating and securing a Elasticsearch cluster, importing data, and visualizing it in Kibana. So, let's get started.\u003c/p\u003e\u003ch2\u003eLog into Elastic Cloud\u0026nbsp;\u003c/h2\u003e\u003col\u003e\u003cli\u003eGo to \u003cspan style=\"font-size: 14.6667px;text-decoration: underline;vertical-align: baseline;white-space: pre-wrap;background-color: transparent;\"\u003e\u003c/span\u003e\u003ca href=\"https://cloud.elastic.co\" target=\"_blank\"\u003ehttps://cloud.elastic.co\u003c/a\u003e in your browser and sign up for an account.\u0026nbsp;\u003c/li\u003e\u003cli\u003eYou will receive a confirmation email. Open it and follow the instructions to start your trial.\u003c/li\u003e\u003cli\u003eLog into your\u0026nbsp;Elastic Cloud account\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCreate your first\u0026nbsp;hosted\u0026nbsp;Elasticsearch cluster\u003c/h2\u003e\u003col\u003e\u003cli\u003eOnce you have signed in, go to the Cluster tab to create your cluster.\u0026nbsp;\u003c/li\u003e\u003cli\u003eSelect cluster size. I will select a cluster with 4GB memory and 64GB storage\u0026nbsp;\u003c/li\u003e\u003cli\u003eChoose a region that is close to your location. I am choosing US West.\u0026nbsp;\u003c/li\u003e\u003cli\u003eSelect replication. I am choosing only one Datacenter location.\u0026nbsp;\u003c/li\u003e\u003cli\u003eClick on\u0026nbsp;Create to provision your cluster.\u0026nbsp;\u0026nbsp;Provisioning will start and you will receive a notification once it's complete.\u003c/li\u003e\u003c/ol\u003e\u003cul\u003e\u003c/ul\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d6b0342dfd73826582d/download?uid=bltfd5f7b26de739143?uid=bltfd5f7b26de739143\" data-sys-asset-uid=\"blt4b2a517253f115d3\" alt=\"Cloud-CreateCluster.gif\"/\u003e\u003c/p\u003e\u003cspan\u003e\u003c/span\u003e\u003ch2\u003eSecure your Cluster\u003c/h2\u003e\u003cp\u003eNext, let's configure cluster access and security.\u003c/p\u003e\u003col\u003e\u003cli\u003eClick on the Configure Shield link on the Overview page.\u0026nbsp;\u003c/li\u003e\u003cli\u003eCreate additional users and/or configure existing usernames and passwords. I will create\u0026nbsp;a new user,\u0026nbsp;sa_admin\u003c/li\u003e\u003cli\u003eIf you added new users, configure their roles. I will configure sa_admin\u0026nbsp;user with admin role\u0026nbsp;\u003c/li\u003e\u003cli\u003eCopy the usernames and password before hitting the Save. This is important because the passwords are hashed once you save the config. Save your credentials in a secure vault. Or a Post-it note\u0026nbsp;😉.\u0026nbsp;\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt43820ebc23d53bf6/5f9b1f1b6178a9645452b84e/blog-cloud-sandbox-2.png\" data-sys-asset-uid=\"blt43820ebc23d53bf6\" alt=\"blog-cloud-sandbox-2.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eYou can update your passwords or add additional users using the same process.\u0026nbsp;You may also use the new security API that is included in 2.3.1 by following the\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/shield/2.3/shield-rest.html#shield-users-rest\" target=\"_blank\"\u003einstructions in our documentation\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eEnable Kibana\u003c/h2\u003e\u003col\u003e\u003cli\u003eTo enable Kibana, go to the Configuration link and go to the Kibana 4 section.\u0026nbsp;\u003c/li\u003e\u003cli\u003eSelect Enable from the dropdown list, then click Update. \u0026nbsp;The displayed\u0026nbsp;endpoint is how you access Kibana - it is unique for your cluster.\u0026nbsp;\u003c/li\u003e\u003cli\u003eClick on the link and to open Kibana in a new tab.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eLog into Kibana with username \u0026amp; password configured in the previous step.\u0026nbsp;\u003c/li\u003e\u003c/ol\u003e\u003col\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d6c12798d8e381ffb16/download?uid=blt8bccaf94c539ea49?uid=blt8bccaf94c539ea49\" data-sys-asset-uid=\"blte360d26fdf492cc1\" alt=\"Cloud-Kibana.gif\"/\u003e\u003c/p\u003e\u003ch2\u003eElasticsearch Endpoint\u003cspan\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp\u003eOnce you are logged into Kibana, you will first see the Discovery tab.\u0026nbsp;However, there is no data to visualize.\u0026nbsp;Next, we will work on ingesting data into Elasticsearch.\u0026nbsp;Let's gather some information so we can be successful.\u0026nbsp;\u003c/p\u003e\u003col\u003e\u003cli\u003eGo to the Overview link in the Elastic Cloud console. The listed endpoints are used for API access for your cluster.\u0026nbsp;\u003c/li\u003e\u003cli\u003eClick on the https link, this will show the cluster. Copy the https URL;\u0026nbsp;this will be used in the following steps. \u003cspan style=\"font-size: 14.6667px;font-family: Arial;color: rgb(0, 0, 0);vertical-align: baseline;white-space: pre-wrap;background-color: transparent;\"\u003e\u003c/span\u003e\u0026nbsp;\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaff9614bcb37eb68/5f9b1f3c83a0a3620dd3b42c/blog-cloud-sandbox-4.png\" data-sys-asset-uid=\"bltaff9614bcb37eb68\" alt=\"blog-cloud-sandbox-4.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eImport Data\u003c/h2\u003e\u003cp\u003eNow, let’s get some data into our Elasticsearch cluster to see the Elastic Stack in action. If you don’t have a sample dataset handy, use one from the various data samples in our\u0026nbsp;\u003ca href=\"https://github.com/elastic/examples\" target=\"_blank\"\u003eGitHub Examples Repo.\u003c/a\u003e I will be using the \u003ca href=\"https://github.com/elastic/examples/tree/master/Common%20Data%20Formats/apache_logs\" target=\"_blank\"\u003eApache logs sample\u003c/a\u003e\u0026nbsp;and \u003ca href=\"https://www.elastic.co/downloads/logstash\" target=\"_blank\"\u003eLogstash\u003c/a\u003e\u0026nbsp;(download your system version). To ingest the logs into our hosted Elasticsearch cluster, we will need to modify the elasticsearch output of the \u003ca href=\"https://github.com/elastic/examples/blob/master/Common%20Data%20Formats/apache_logs/logstash/apache_logstash.conf\" target=\"_blank\"\u003eLogstash config included in the example\u003c/a\u003e.\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e1. Download the repository, and change to the directory that contains the\u0026nbsp;apache_logstash.conf\u0026nbsp;file. Be sure to replace hosts endpoint in the config\u0026nbsp;with your own cluster endpoint (copied in the previous step)\u003cbr /\u003e2. Modify username and password to the user account with write access configured Secure Elasticsearch section. I will be using sa_admin user\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eelasticsearch {\u003cbr /\u003e hosts =\u0026gt; \"https://e66e6e11692c749cc8e09f25e1af4efa.us-west-1.aws.found.io:9243/\"\u003cbr /\u003e user =\u0026gt; \"sa_admin\"\u003cbr /\u003e password =\u0026gt; \"my_f@ncy_p@55w0rd\"\u003cbr /\u003e index =\u0026gt; \"apache_elastic_example\"\u003cbr /\u003e template =\u0026gt; \"./apache_template.json\"\u003cbr /\u003e template_name =\u0026gt; \"apache_elastic_example\"\u003cbr /\u003e template_overwrite =\u0026gt; true \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp style=\"margin-left: 20px;\"\u003e3. Run the following command to index the data into Elasticsearch via\u0026nbsp;Logstash:\u003c/p\u003e\u003col\u003e\u003c/ol\u003e\u003cpre class=\"prettyprint\"\u003ecat ../apache_logs | \u0026lt;Logstash_Install_Dir\u0026gt;/bin/logstash -f apache_logstash.conf\u003cbr /\u003e\u003c/pre\u003e\u003cp style=\"margin-left: 20px;\"\u003e4. You can verify your data exists in Elasticsearch by going to ES_ENDPOINT/apache_elastic_example/_count, where ES_ENDPOINT is the Elasticsearch endpoint URL.\u0026nbsp;You should see the count as 10000.\u003c/p\u003e\u003col\u003e\u003c/ol\u003e\u003cpre class=\"prettyprint\"\u003e{\"count\":10000,\"_shards\":{\"total\":1,\"successful\":1,\"failed\":0}}\u003cbr /\u003e\u003c/pre\u003e\u003cp style=\"margin-left: 20px;\"\u003e5. You can verify the health of your cluster by going to\u0026nbsp;ES_ENDPOINT/_cat/indices.\u0026nbsp;You should see your apache_elastic_example index listed along with its\u0026nbsp;statistics:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ehealth status index pri rep docs.count docs.deleted store.size pri.store.size\u003cbr /\u003eyellow open .kibana 1 1 2 0 19.1kb 19.1kb\u003cbr /\u003eyellow open apache_elastic_example 1 1 10000 0 7.3mb 7.3mb\u003cbr /\u003e\u003c/pre\u003e\u003ch2\u003eVisualize Data\u003c/h2\u003e\u003cp\u003eNow let's access your Kibana instance and continue with the example\u0026nbsp;instructions to visualize our data.\u003c/p\u003e\u003col\u003e\u003cli\u003eGo to Indices options under the Settings tab and add the apache_elastic_example index to Kibana\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/597a55668fbeeb9e0c70eec2/download?uid=blt090db32089b5e739\" data-sys-asset-uid=\"blt090db32089b5e739\" alt=\"kibana-index.png\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e2.\u0026nbsp;You can look at your data by selecting apache_elastic_example index on the Discovery tab.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 14.6667px;font-family: Arial;color: rgb(0, 0, 0);vertical-align: baseline;white-space: pre-wrap;background-color: transparent;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/597a5a41e8291db20cf37569/download?uid=bltabeb130913ba393c\" data-sys-asset-uid=\"bltabeb130913ba393c\" alt=\"another_example.png\"/\u003e\u003c/p\u003e\u003cp style=\"margin-left: 20px;\"\u003e3. Import the examples dashboard by clicking\u0026nbsp;on Settings\u0026nbsp;\u0026gt;\u0026nbsp;Objects\u0026nbsp;\u0026gt;\u0026nbsp;Import and selecting the\u0026nbsp;\u003ca href=\"https://github.com/elastic/examples/blob/master/Common%20Data%20Formats/apache_logs/logstash/apache_kibana-4.json\" target=\"_blank\"\u003eapache_kibana-4.json\u003c/a\u003e\u0026nbsp;file.\u0026nbsp;You can view this dashboard by clicking on the view button (eye icon) or by going to the Dashboards tab and clicking the Load Saved Dashboard button.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa1b0173cc5b053b/5f9b1f5b878c0d548cdc27c2/blog-cloud-sandbox-7.png\" data-sys-asset-uid=\"bltaa1b0173cc5b053b\" alt=\"blog-cloud-sandbox-7.png\" style=\"display: block;margin: auto;\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eNow you have some sample Apache log data in Elasticsearch and you can begin to get some insight and more importantly value from your logs. You can continue exploring\u0026nbsp;with other sample datasets from the \u003ca href=\"https://github.com/elastic/examples\" target=\"_blank\"\u003eExamples repo\u003c/a\u003e\u0026nbsp; and the\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/kibana/4.5/getting-started.html#tutorial-load-dataset\" target=\"_blank\"\u003eKibana getting started guide\u003c/a\u003e \u0026nbsp;or\u0026nbsp;start sending your own data by using Logstash or Beats.\u003c/p\u003e\u003cp\u003eHere are some other useful links to help you on the journey of using the Elastic Stack on Cloud.\u003c/p\u003e\u003cul\u003e\u003cli\u003eCloud\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/cloud/current/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eKibana\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/kibana/4.5/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/kibana/4.5/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eSecurity\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/shield/2.3/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/shield/2.3/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eElasticsearch\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/2.4/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/2.4/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eBeats\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/beats/libbeat/1.3/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/beats/libbeat/1.3/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eLogstash\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/logstash/2.4/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/logstash/2.4/index.html\u003c/a\u003e\u003c/li\u003e\u003cli\u003eThe Definitive Guide \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html\" target=\"_blank\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/guide/current/index.html\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOr, you can continue your Training with some official classes by some world class Education Engineers:\u0026nbsp;\u003ca href=\"https://www.elastic.co/training\" target=\"_blank\"\u003ehttps://www.elastic.co/training\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eEditor's Note\u0026nbsp;(July 27, 2017): We've updated some links and content to direct to more current resources (e.g., GitHub repos and documentation)\u0026nbsp;and reflect more accurate information.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:01:52.721Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt2fe033ff23dccbec","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T06:33:32.976Z","updated_at":"2018-10-11T06:33:32.976Z","content_type":"image/jpeg","file_size":"208693","filename":"elastic-cloud-tutorial-full-bleed.jpg","title":"elastic-cloud-tutorial-full-bleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T18:14:58.935Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2fe033ff23dccbec/5bbeeebceb7e90a514e6e4b3/elastic-cloud-tutorial-full-bleed.jpg"},"markdown_l10n":"","publish_date":"2016-06-01T14:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Cloud Tutorial: Getting Started with a sample dataset","seo_description_l10n":"This step-by-step set of instructions will walk you through setting up an Elastic Cloud account, creating and securing a Elasticsearch cluster, importing data, and visualizing it in Kibana.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt9249a7101bf25edc","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:36:09.265Z","updated_at":"2018-10-09T13:36:09.265Z","content_type":"image/jpeg","file_size":"103281","filename":"elastic-cloud-tutorial.jpg","title":"elastic-cloud-tutorial.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T18:14:58.935Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9249a7101bf25edc/5bbcaec90e6edaf014d23bee/elastic-cloud-tutorial.jpg"},"title":"Tutorial: Getting Started with Elastic Cloud with a Sample Dataset","title_l10n":"Tutorial: Getting Started with Elastic Cloud with a Sample Dataset","updated_at":"2025-03-10T11:15:21.806Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/building-cloud-sandbox-with-sample-data-v2","publish_details":{"time":"2025-03-10T11:15:25.258Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb788399e560fae32","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt4ca268ce71bf38df"],"body_l10n":"\u003ch4\u003eWelcome to Keeping up with Kibana! This is a series of posts on new developments in the Kibana project and any related learning resources and events.\u003c/h4\u003e\u003cp\u003eThe Kibana team continues to move forward on its large initiatives. We’re throwing more resources against getting Canvas to beta. Dave is joining the team for the next two weeks to help polish up the design and get it looking at its best. We’re already making sizable progress there and Catherine’s done a great job migrating to EUI components. With all this early effort Canvas will be our first plugin to use Kibana 7’s styling entirely.\u003c/p\u003e\u003cp\u003eThe security team continues their tear of moving Kibana to a role-based access control world. While still early, we’re close on merging some first-phase PRs that will allow us to move to stage 2 of adding individual workspaces to the app. Once that’s in this will let teams segment their content into buckets viewable by certain roles. This should help all of our larger customers who have trouble organizing their 1000s of Kibana saved objects across hundreds of consumers.\u003c/p\u003e\u003cp\u003eWe’re also making progress on moving our visualization libraries into EUI where they can be cohesively styled and made more reusable. That team is also very close to merging in a new inspector, which should greatly improve the experience of seeing the data behind each visualization when viewed through a dashboard.\u003c/p\u003e\u003ch3\u003eCanvas\u003c/h3\u003e\u003cp\u003eThe team continues to focus on features and fixes related to Beta release and eventual migration to the X-Pack codebase.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc5d59108544638e2/5f9b21e31f9166620ed86f01/blog-Keeping-up-with-Kibana-2018-06-18.png\" data-sys-asset-uid=\"bltc5d59108544638e2\" alt=\"blog-Keeping-up-with-Kibana-2018-06-18.png\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eRelease with support for Elastic SQL (in version 2002) \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/443\"\u003e#443\u003c/a\u003e \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/642\"\u003e#642\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eMore work for Reporting; correctly handle element done events\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana-canvas/pull/641\"\u003e#641\u003c/a\u003e\u003c/li\u003e\u003cli\u003eAdded temporary SCSS build for Design to use, pending SCSS support in Kibana \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/670\"\u003e#670\u003c/a\u003e\u003c/li\u003e\u003cli\u003eAdded legend config to pie charts \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/672\"\u003e#672\u003c/a\u003e\u003c/li\u003e\u003cli\u003eHide stack traces on errors when in Production mode \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/666\"\u003e#666\u003c/a\u003e\u003c/li\u003e\u003cli\u003eMore EUI work \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/650\"\u003e#650\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFixed issue when deleting the only workpad \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/682\"\u003e#682\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFixed issue where errros wrapped in Boom were causing unhandled Promise rejections \u003ca href=\"https://github.com/elastic/kibana-canvas/pull/673\"\u003e#673\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDesign\u003c/h3\u003e\u003cp\u003eThe design team continuing on mocks for Beats central management. Caroline is working through designs for a new Visualizations editor which we’ll be showing off soon. Chandler closed a bunch of blockers around tables and tabs in EUI and built out a service for fixed position popovers that should solve our positioning woes in EUI soon. Dave started work on \u003ca href=\"http://snid.es/1M1q2u2k1Q17\"\u003ecleaning up Canvas\u003c/a\u003e and hopes to have it looking sharp in the next couple weeks. We’re also working toward getting a \u003ca href=\"https://github.com/elastic/eui/pull/921\"\u003esuper selector component\u003c/a\u003e added to EUI soon.\u003c/p\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eRefactor EuiTabbedContent to track its selected tab by name \u003ca href=\"https://github.com/elastic/eui/pull/931\"\u003e#931\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eCustom column sort values for EuiInMemoryTable \u003ca href=\"https://github.com/elastic/eui/pull/929\"\u003e#929\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFlyout alterations \u003ca href=\"https://github.com/elastic/eui/pull/925\"\u003e#925\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFix default sort comparator to logically handle null/undefined values \u003ca href=\"https://github.com/elastic/eui/pull/922\"\u003e#922\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDiscovery\u003c/h3\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003e[Context view] Incrementally increase context time window \u003ca href=\"https://github.com/elastic/kibana/pull/16878\"\u003e#16878\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eAllow overwriting filters when adding via `queryFilter` \u003ca href=\"https://github.com/elastic/kibana/pull/19754\"\u003e#19754\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eGeo\u003c/h3\u003e\u003cp\u003eThe team focused on the Elastic Map Service landing page and fixing the Sophox application we use to produce our vector data layers. Work continues on the \u003ca href=\"https://github.com/elastic/kibana/issues/19582\"\u003ePhase 1\u003c/a\u003e of the GIS App first seen at Elastic{on}.\u003c/p\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eEMS Landing Page can be now configured to use staging or production manifests. \u003ca href=\"https://github.com/elastic/ems-landing-page/pull/11\"\u003ehttps://github.com/elastic/ems-landing-page/pull/1...\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/ems-landing-page/pull/11\"\u003e\u003cbr /\u003e\u003c/a\u003eMinimize JavaScript for EMS landing page \u003ca href=\"https://github.com/elastic/ems-landing-page/pull/6\"\u003ehttps://github.com/elastic/ems-landing-page/pull/6\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eManagement\u003c/h3\u003e\u003cp\u003eThe team focused on wrapping up phase 1 of index lifecycle management and phase 1 of rollup support in Kibana.\u0026nbsp; Additionally, some cleanup work is still being done on console.\u003c/p\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/19760\"\u003ehttps://github.com/elastic/kibana/pull/19760\u003c/a\u003e adds documentation links to console\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eOperations\u003c/h3\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eRemove node version validator from git pre-commit hook script \u003ca href=\"https://github.com/elastic/kibana/pull/19950\"\u003e#19950\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eRemove devDependencies from licenses report by default allowing to include dem with --dev flag\u003ca href=\"https://github.com/elastic/kibana/pull/19626\"\u003e#19626\u003c/a\u003e\u003c/li\u003e\u003cli\u003eChanged eslint extends order in order to allow kibana eslint rules to be more important than the ones from prettier \u003ca href=\"https://github.com/elastic/eui/pull/927\"\u003e#927\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eQA\u003c/h3\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eFix for timelion flaky tests PR: \u003ca href=\"https://github.com/elastic/kibana/pull/19996\"\u003e19996\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eConverted management tests to ES6 format PR: \u003ca href=\"https://github.com/elastic/kibana/pull/19870\"\u003e19870\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eSecurity\u003c/h3\u003e\u003cp\u003eThe first phase of our RBAC project is out for review! This phase is the first step to controlling access to Kibana using custom application permissions, as opposed to direct access to the Kibana index. We put some final touches on this PR, which allows us to introduce this feature in a backwards compatible manner, without requiring any changes to the kibana.yml configuration. This all sets us up nicely for our upcoming second phase, which introduces Spaces (\u003ca href=\"https://github.com/elastic/kibana/issues/18948\"\u003e#18948\u003c/a\u003e)!\u003c/p\u003e\u003cp\u003eSpeaking of Spaces, we collaborated with the Design Team this week to prototype a new UI for managing Kibana privileges within individual spaces. We also added the ability to customize the “avatar” for each space.\u003c/p\u003e\u003ch3\u003eSharing\u003c/h3\u003e\u003ch5\u003ePRs\u003c/h5\u003e\u003cul\u003e\u003cli\u003eFix gaps in sample data: \u003ca href=\"https://github.com/elastic/kibana/issues/19912\"\u003ehttps://github.com/elastic/kibana/issues/19912\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/19912\"\u003e\u003cbr /\u003e\u003c/a\u003eAccessibility fixes:\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/pull/19838\"\u003ehttps://github.com/elastic/kibana/pull/19838\u003c/a\u003e,\u0026nbsp;\u003ca href=\"https://github.com/elastic/kibana/issues/19830\"\u003ehttps://github.com/elastic/kibana/issues/19830\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eVisualizations\u003c/h3\u003e\u003cp\u003eExplicit passing of filters and queries (#19172) has been merged. We now no longer rely on inheritance between the application and individual visualizations to apply global filters/queries. Every application (like dashboard) is now required to pass in all global context (filters, queries) explicitly to any visualization. That will allow for panel individual filters/queries and also cleans up some quiet old tech-debts.\u003c/p\u003e\u003cp\u003eThe last blocking issues on the new Inspector are nearly resolved and our work on the new XYAxis chart component (\u003ca href=\"https://github.com/elastic/eui/issues/536\"\u003eeui/#536\u003c/a\u003e) is moving forward. We've also started adding extension points into the Editor that are required to support roll-up indexes in the visualization editor.\u003c/p\u003e\u003ch3\u003ePRs\u003c/h3\u003e\u003cul\u003e\u003cli\u003eRefactoring Markdown lifecycle methods to React 16.3 \u003ca href=\"https://github.com/elastic/kibana/pull/19436\"\u003e(#19436\u003c/a\u003e)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e","category":[],"created_at":"2019-04-01T13:13:30.163Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt29843bb98ba59a2a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:11.833Z","updated_at":"2018-10-11T05:37:11.833Z","content_type":"image/jpeg","file_size":"71803","filename":"blog-kibana-banner.jpg","title":"blog-kibana-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:49:05.384Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt29843bb98ba59a2a/5bbee187eb7e90a514e6e46b/blog-kibana-banner.jpg"},"markdown_l10n":"","publish_date":"2018-06-18T16:31:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"Canvas adds support for Elastic SQL. The first phase of role-based access control is out for review.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"canvas.png","uid":"bltbf64f655ce7bbd44","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T07:00:17.079Z","updated_at":"2019-01-05T07:00:17.079Z","content_type":"image/png","file_size":"61177","filename":"canvas.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T19:59:05.130Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf64f655ce7bbd44/5c30560193d9791a70cd73fb/canvas.png"},"title":"Keeping up with Kibana: This week in Kibana for June 18th, 2018","title_l10n":"Keeping up with Kibana: This week in Kibana for June 18th, 2018","updated_at":"2025-03-10T11:13:02.103Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/Keeping-up-with-Kibana-2018-06-18","publish_details":{"time":"2025-03-10T11:13:05.615Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6a34c8b32c6d194b","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"A new visualization type in Kibana lets you create custom visualizations using Vega, an open source, JSON-based, declarative language.","author":["bltab86dacd5699378c"],"body_l10n":"\u003cp\u003e\u003cem\u003eInterested in a\u0026nbsp;walkthrough of Vega-based visualizations in Kibana? \u003c/em\u003e\u003ca href=\"/webinars/creating-custom-kibana-visualizations-with-vega-plugin\"\u003e\u003cem\u003eCheck out this video\u003c/em\u003e\u003c/a\u003e\u003cem\u003e.\u003c/em\u003e\u003c/p\u003e\u003cp\u003eBeginning with Kibana 6.2, users can now go beyond the built-in visualizations offered. This new visualization type lets users create custom visualizations without developing their own plugin using an open source JSON-based declarative language called \u003ca href=\"https://vega.github.io/vega/examples/\"\u003eVega\u003c/a\u003e, or its simpler version called \u003ca href=\"https://vega.github.io/vega-lite/examples/\"\u003eVega-Lite\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eUnlike other visualizations, the Vega vis is a blank canvas on which you, the developer, can draw visual elements based on one or more data sources including custom URLs. For example, you can design a Sankey diagram of the network traffic patterns. This Sankey visualization will be demonstrated in the \u003ca href=\"/blog/sankey-visualization-with-vega-in-kibana\"\u003enext blog post\u003c/a\u003e.\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt457ad68e7663aa65/5f971b5945fa7d72ddd1dbfe/blog-custom-vega-1.png\" width=\"624\" height=\"311\" style=\"width: 624;height: 311;\"/\u003e\u003c/p\u003e\u003ch2\u003eHello World Scatter Plot with Vega-Lite\u003c/h2\u003e\u003cp\u003eOur first example will be drawing a scatter plot from the sample Logstash data using the simpler Vega-Lite language.\u003c/p\u003e\u003ch3\u003eData\u003c/h3\u003e\u003cp\u003eThe first step of any Vega visualization is to get the right data using Elasticsearch query language. We will use 3 fields from the sample Logstash data. The data was generated using \u003ca href=\"https://github.com/elastic/makelogs#makelogs\"\u003emakelogs utility\u003c/a\u003e. This query can be tried in the “dev tools” tab to see the full result structure. We will use the same query as part of the Vega code below.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET logstash-*/_search\u003cbr /\u003e{\u003cbr /\u003e \"size\": 10,\u003cbr /\u003e \"_source\": [\"@timestamp\", \"bytes\", \"extension\"]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe output is an array of these elements inside the { hits: { hits: [...] }} structure:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{ \"hits\": { \"hits\": [\u003cbr /\u003e {\u003cbr /\u003e \"@timestamp\": \"2018-02-01T18:05:55.363Z\",\u003cbr /\u003e \"bytes\": 2602,\u003cbr /\u003e \"extension\": \"jpg\"\u003cbr /\u003e },\u003cbr /\u003e ...\u003cbr /\u003e] }}\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eDrawing\u003c/h3\u003e\u003cp\u003eNow create a new Vega visualization. If the Vega vis is not listed, ensure lab visualizations in \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/advanced-options.html\"\u003eadvanced settings\u003c/a\u003e (visualize:enableLabs) are enabled. Delete the default code, and paste this instead. Vega vis is written using JSON superset called \u003ca href=\"https://hjson.org/\"\u003eHJSON\u003c/a\u003e.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e $schema: https://vega.github.io/schema/vega-lite/v2.json\u003cbr /\u003e data: {\u003cbr /\u003e # URL object is a context-aware query to Elasticsearch\u003cbr /\u003e url: {\u003cbr /\u003e # The %-enclosed keys are handled by Kibana to modify the query\u003cbr /\u003e # before it gets sent to Elasticsearch. Context is the search\u003cbr /\u003e # filter as shown above the dashboard. Timefield uses the value \u003cbr /\u003e # of the time picker from the upper right corner.\u003cbr /\u003e %context%: true\u003cbr /\u003e %timefield%: @timestamp\u003cbr /\u003e index: logstash-*\u003cbr /\u003e body: {\u003cbr /\u003e size: 10000\u003cbr /\u003e _source: [\"@timestamp\", \"bytes\", \"extension\"]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e # We only need the content of hits.hits array\u003cbr /\u003e format: {property: \"hits.hits\"}\u003cbr /\u003e }\u003cbr /\u003e # Parse timestamp into a javascript date value\u003cbr /\u003e transform: [\u003cbr /\u003e {calculate: \"toDate(datum._source['@timestamp'])\", as: \"time\"}\u003cbr /\u003e ]\u003cbr /\u003e # Draw a circle, with x being the time field, and y - number of bytes\u003cbr /\u003e mark: circle\u003cbr /\u003e encoding: {\u003cbr /\u003e x: {field: \"time\", type: \"temporal\"}\u003cbr /\u003e y: {field: \"_source.bytes\", type: \"quantitative\"}\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt672e9a61067273f6/5f971b5989353a72dcaeae99/blog-custom-vega-2.png\" width=\"490\" height=\"364\" style=\"width: 490;height: 364;\"/\u003e\u003c/p\u003e\u003cp\u003eWe should make a few more cleanups and improvements:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable X axis title by adding\u0026nbsp;axis: { title: null } to x encoding\u003c/li\u003e\u003cli\u003eSet Y axis title with axis: { title: \"Transferred bytes\" }\u003c/li\u003e\u003cli\u003eMake dots different color and shape depending on the extension field: add this to encodings:\u003c/li\u003e\u003c/ul\u003e\u003cpre class=\"prettyprint\"\u003ecolor: {field:\"_source.extension\", type:\"nominal\", legend: {title:\"File type\"}}\u003cbr /\u003eshape: {field:\"_source.extension\", type:\"nominal\"}\u003cbr /\u003e\u003c/pre\u003e\u003ch2 style=\"text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt124f340e20cfaf62/5f971b5e1f9166620ed85bdc/blog-custom-vega-3.png\" width=\"499\" height=\"366\" style=\"width: 499;height: 366;\"/\u003e\u003c/h2\u003e\u003cp\u003eWe could even change the visualization entirely by putting extension as the y axis, and using size. Replace all of encodings with these:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ex: {field: \"time\", type: \"temporal\", axis: {title: null}}\u003cbr /\u003ey: {field: \"_source.extension\", type: \"nominal\", axis: {title: null}}\u003cbr /\u003esize: {field: \"_source.bytes\", type: \"quantitative\", legend: null}\u003cbr /\u003ecolor: {field: \"_source.extension\", type: \"nominal\", legend: null}\u003cbr /\u003e\u003c/pre\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt27a9b03a8013629d/5f971b59432f517518d3f851/blog-custom-vega-4.png\" style=\"border: medium none;transform: rotate(0rad);\" width=\"464\" height=\"376\"/\u003e\u003c/p\u003e\u003ch2\u003eBuilding Trend Indicator with Vega\u003c/h2\u003e\u003cp\u003eFor the Vega example, let’s build a very simple trend indicator to compare the number of events in the last 10 minutes vs the 10 minutes before that.\u003c/p\u003e\u003cp style=\"text-align: center;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2a3fb28f33e54cf3/5f971b59cb9eba781f084e21/blog-custom-vega-5.png\" style=\"border: medium none;transform: rotate(0rad);\" width=\"624\" height=\"119\"/\u003e\u003c/p\u003e\u003cp\u003eWe can ask Elasticsearch for the 10 min aggregates, but those aggregates would be aligned on 10 minute boundaries, rather than being the “last 10 minutes”. Instead, we will ask for the last 20 aggregates, 1 minute each, excluding the current (incomplete) minute. The extended_bounds param ensures that even when there is no data, we still get a count=0 result for each bucket. Try running this query in the Dev Tools tab - copy/paste it, and hit the green play button.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET logstash-*/_search\u003cbr /\u003e{\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"time_buckets\": {\u003cbr /\u003e \"date_histogram\": {\u003cbr /\u003e \"field\": \"@timestamp\",\u003cbr /\u003e \"interval\": \"1m\",\u003cbr /\u003e \"extended_bounds\": { \"min\": \"now-20m/m\", \"max\": \"now-1m/m\" }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"@timestamp\": { \"gte\": \"now-20m/m\", \"lte\": \"now-1m/m\" }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\": 0\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe result would be\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e // ... skipping some meta information ...\u003cbr /\u003e \"aggregations\": {\u003cbr /\u003e \"time_buckets\": {\u003cbr /\u003e \"buckets\": [\u003cbr /\u003e {\u003cbr /\u003e \"key_as_string\": \"2018-02-09T00:52:00.000Z\",\u003cbr /\u003e \"key\": 1518137520000,\u003cbr /\u003e \"doc_count\": 1\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"key_as_string\": \"2018-02-09T00:53:00.000Z\",\u003cbr /\u003e \"key\": 1518137580000,\u003cbr /\u003e \"doc_count\": 3\u003cbr /\u003e },\u003cbr /\u003e // ... 18 more objects\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAnd the actual Vega spec with inline comments:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e # Schema indicates that this is Vega code\u003cbr /\u003e $schema: https://vega.github.io/schema/vega/v3.0.json\u003cbr /\u003e # All our data sources are listed in this section\u003cbr /\u003e data: [\u003cbr /\u003e {\u003cbr /\u003e name: values\u003cbr /\u003e # when url is an object, it is treated as an Elasticsearch query\u003cbr /\u003e url: {\u003cbr /\u003e index: logstash-*\u003cbr /\u003e body: {\u003cbr /\u003e aggs: {\u003cbr /\u003e time_buckets: {\u003cbr /\u003e date_histogram: {\u003cbr /\u003e field: @timestamp\u003cbr /\u003e interval: 1m\u003cbr /\u003e extended_bounds: {min: \"now-20m/m\", max: \"now-1m/m\"}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e query: {\u003cbr /\u003e range: {\u003cbr /\u003e @timestamp: {gte: \"now-20m/m\", lte: \"now-1m/m\"}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e size: 0\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e # We only need a specific array of values from the response\u003cbr /\u003e format: {property: \"aggregations.time_buckets.buckets\"}\u003cbr /\u003e # Perform these transformations on each of the 20 values from ES\u003cbr /\u003e transform: [\u003cbr /\u003e # Add \"row_number\" field to each value -- 1..20\u003cbr /\u003e {\u003cbr /\u003e type: window\u003cbr /\u003e ops: [\"row_number\"]\u003cbr /\u003e as: [\"row_number\"]\u003cbr /\u003e }\u003cbr /\u003e # Break results into 2 groups, group #0 with row_number 1..10,\u003cbr /\u003e # and group #1 with row numbers being 11..20\u003cbr /\u003e {type: \"formula\", expr: \"floor((datum.row_number-1)/10)\", as: \"group\"}\u003cbr /\u003e # Group 20 values into an array of two elements, one for\u003cbr /\u003e # each group, and sum up the doc_count fields as \"count\"\u003cbr /\u003e {\u003cbr /\u003e type: aggregate\u003cbr /\u003e groupby: [\"group\"]\u003cbr /\u003e ops: [\"sum\"]\u003cbr /\u003e fields: [\"doc_count\"]\u003cbr /\u003e as: [\"count\"]\u003cbr /\u003e }\u003cbr /\u003e # At this point \"values\" data source should look like this:\u003cbr /\u003e # [ {group:0, count: nnn}, {group:1, count: nnn} ]\u003cbr /\u003e # Check this with F12 or Cmd+Opt+I (browser developer tools),\u003cbr /\u003e # and run this in console:\u003cbr /\u003e # console.table(VEGA_DEBUG.view.data('values'))\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e {\u003cbr /\u003e # Here we create an artificial dataset with just a single empty object\u003cbr /\u003e name: results\u003cbr /\u003e values: [\u003cbr /\u003e {}\u003cbr /\u003e ]\u003cbr /\u003e # we use transforms to add various dynamic values to the single object\u003cbr /\u003e transform: [\u003cbr /\u003e # from the 'values' dataset above, get the first count as \"last\",\u003cbr /\u003e # and the one before that as \"prev\" fields.\u003cbr /\u003e {type: \"formula\", expr: \"data('values')[0].count\", as: \"last\"}\u003cbr /\u003e {type: \"formula\", expr: \"data('values')[1].count\", as: \"prev\"}\u003cbr /\u003e # Set two boolean fields \"up\" and \"down\" to simplify drawing\u003cbr /\u003e {type: \"formula\", expr: \"datum.last\u0026gt;datum.prev\", as: \"up\"}\u003cbr /\u003e {type: \"formula\", expr: \"datum.last\u0026lt;datum.prev\", as: \"down\"}\u003cbr /\u003e # Calculate the change as percentage, with special handling of 0\u003cbr /\u003e {\u003cbr /\u003e type: formula\u003cbr /\u003e expr: \"if(datum.last==0, if(datum.prev==0,0,-1), (datum.last-datum.prev)/datum.last)\"\u003cbr /\u003e as: percentChange\u003cbr /\u003e }\u003cbr /\u003e # Calculate which symbol to show - up or down arrow, or a no-change dot\u003cbr /\u003e {\u003cbr /\u003e type: formula\u003cbr /\u003e expr: if(datum.up,'🠹',if(datum.down,'🠻','🢝'))\u003cbr /\u003e as: symbol\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e # Marks is a list of all drawing elements.\u003cbr /\u003e # For this graph we only need a single text mark.\u003cbr /\u003e marks: [\u003cbr /\u003e {\u003cbr /\u003e type: text\u003cbr /\u003e # Text mark executes once for each of the values in the results,\u003cbr /\u003e # but results has just one value in it. We could have also used it\u003cbr /\u003e # to draw a list of values.\u003cbr /\u003e from: {data: \"results\"}\u003cbr /\u003e encode: {\u003cbr /\u003e update: {\u003cbr /\u003e # Combine the symbol, last value, and the formatted percentage\u003cbr /\u003e # change into a string\u003cbr /\u003e text: {\u003cbr /\u003e signal: \"datum.symbol + ' ' + datum.last + ' ('+ format(datum.percentChange, '+.1%') + ')'\"\u003cbr /\u003e }\u003cbr /\u003e # decide which color to use, depending on the value\u003cbr /\u003e # being up, down, or unchanged\u003cbr /\u003e fill: {\u003cbr /\u003e signal: if(datum.up, '#00ff00', if(datum.down, '#ff0000', '#0000ff'))\u003cbr /\u003e }\u003cbr /\u003e # positioning the text in the center of the window\u003cbr /\u003e align: {value: \"center\"}\u003cbr /\u003e baseline: {value: \"middle\"}\u003cbr /\u003e xc: {signal: \"width/2\"}\u003cbr /\u003e yc: {signal: \"height/2\"}\u003cbr /\u003e # Make the size of the font adjust with the size of the visualization\u003cbr /\u003e fontSize: {signal: \"min(width/10, height)/1.3\"}\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThis is the first of many for the Vega blog post series! Be on the lookout for our next post where we’ll \u003ca href=\"/blog/sankey-visualization-with-vega-in-kibana\"\u003ecreate a Sankey chart\u003c/a\u003e. And make sure to \u003ca href=\"/webinars/creating-custom-kibana-visualizations-with-vega-plugin\"\u003echeck out this video walkthrough of Kibana visualizations with Vega\u003c/a\u003e.\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:02:23.376Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"blog-vega-fb.jpg","uid":"blt8e4a071e6ba82b81","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T13:48:18.560Z","updated_at":"2019-02-04T13:48:18.560Z","content_type":"image/jpeg","file_size":"153196","filename":"blog-vega-fb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:38:13.818Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8e4a071e6ba82b81/5c5842a2516e21cf0b2a124c/blog-vega-fb.jpg"},"markdown_l10n":"","publish_date":"2018-02-20T18:31:07.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":["vega"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"blog-vega-thumb.jpg","uid":"blt17a214e3e183063e","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T07:04:08.921Z","updated_at":"2019-01-05T07:04:08.921Z","content_type":"image/jpeg","file_size":"42461","filename":"blog-vega-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:38:13.818Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17a214e3e183063e/5c3056e8aab458d30b314274/blog-vega-thumb.jpg"},"title":"Custom Vega Visualizations in Kibana 6.2","title_l10n":"Custom Vega Visualizations in Kibana 6.2","updated_at":"2025-03-10T11:08:14.291Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/custom-vega-visualizations-in-kibana","publish_details":{"time":"2025-03-10T11:08:21.041Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb4b1e73e35d30243","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"This blog post talks about how you can use Reporting and Watcher integration on Elastic Cloud to schedule the delivery of PDF reports.","author":["bltc511a9eb9519c0e7"],"body_l10n":"\u003cp\u003eEverybody gets a report!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eWe recently \u003ca href=\"https://www.elastic.co/blog/reporting-2-4-0-released\"\u003ereleased\u003c/a\u003e the first version of Reporting for Kibana which gives users the ability to generate a PDF report from saved Kibana dashboards. \u0026nbsp;By leveraging \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/introduction.html\"\u003eWatcher\u003c/a\u003e’s email action, you can send PDF reports regularly, or only when certain events have occurred.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn this blog post, I will demonstrate the power of Reporting and Watcher integration and how we are dogfooding this in house. \u0026nbsp;For our example use case, we are sending bi-weekly PDF reports to our systems team manager if there are any helpdesk tickets filed by internal employees mentioning a specific keyword.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eTo get up and running quickly, I have set up an instance on \u003ca href=\"https://www.elastic.co/cloud/as-a-service\"\u003eElastic Cloud\u003c/a\u003e because it is \u003cem\u003eso\u003c/em\u003e easy to get Elasticsearch (with authentication via \u003ca href=\"https://www.elastic.co/guide/en/shield/current/index.html\"\u003eShield\u003c/a\u003e) and Kibana running on the latest and greatest versions. \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe following example below was created against ES 2.4.0 with Kibana 4.6.1 (when Reporting was originally released).\u0026nbsp;There have been changes in Cloud and Reporting since then. \u0026nbsp; I have added notes in the sections below related to the changes in our products since the original release.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eStep 1: \u0026nbsp;Populate the Data\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFirst step is simply to populate Elasticsearch with the data you are reporting against. \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe track helpdesk tickets internally using Salesforce’s Service Cloud. \u0026nbsp;In this case, I have written a custom Logstash salesforce plugin using the \u003ca href=\"https://github.com/ejholmes/restforce\"\u003erestforce\u003c/a\u003e ruby gem to join object data related to posts, emails and chatter comments from various objects so we can get tickets with the full feed history intact.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eStep 2: \u0026nbsp;Install the Reporting Plugin\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"margin-top: 0pt;margin-bottom: 0pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e(Starting in 5.0+, Reporting is now installed with X-Pack on Elastic Cloud. \u0026nbsp;It is no longer necessary to install the Reporting plugin separately).\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eReporting is built on top of Kibana, so you will have to set up Kibana and \u003ca href=\"https://www.elastic.co/guide/en/reporting/current/getting-started.html\"\u003einstall the Reporting plugin\u003c/a\u003e. \u0026nbsp;If you are running on Elastic Cloud, the Reporting plugin is already installed for you when you enable Kibana :)\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3eec3bae4c04e1ff/5f88649c4671ee30c689e87c/report-1.png\" height=\"91\" width=\"84\" style=\"width: 84;height: 91;\"/\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"margin-top: 18pt;margin-bottom: 6pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003eStep 3: \u0026nbsp;Secure Your\u0026nbsp;Data\u003c/h2\u003e\u003ch2 dir=\"ltr\" style=\"margin-top: 18pt;margin-bottom: 6pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003e\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBecause the data for my use case can potentially be sensitive, I have enabled Shield in my Elastic Cloud instance (“configure Shield”) for authentication. \u0026nbsp;From the Elastic Cloud instance,\u0026nbsp;simply\u0026nbsp;click on the link and then configure the users and roles accordingly. \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2b013e82631ad8f6/5f88649aa50ed742e7fcc321/report-2.png\" height=\"40\" width=\"546\" style=\"width: 546;height: 40;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eYou can create\u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/shield/current/reporting.html#reporting\"\u003eusers with a reporting role\u003c/a\u003e\u0026nbsp;for report generation purposes.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eNote: \u0026nbsp;When installing Kibana in your local environment and enabling security via Shield, keep in mind that Reporting on 2.4 requires the \u003ca href=\"https://www.elastic.co/guide/en/shield/current/kibana.html#kibana\"\u003eKibana Shield plugin\u003c/a\u003e, and the Kibana Shield plugin in turn requires \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl\"\u003eSSL to be enabled\u003c/a\u003e in Kibana. \u0026nbsp;Starting in 5.0+, we no longer require SSL to be enabled in Kibana to use the Kibana Shield plugin (certainly, you may still want to enable SSL for production deployments). \u0026nbsp;Since I am running on Elastic Cloud, SSL is already enabled by default. Yay!\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eStep 4: \u0026nbsp;Create a Dashboard and View the Report\u003c/h2\u003e\u003cp dir=\"ltr\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\" style=\"margin-top: 0pt;margin-bottom: 0pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e(For 5.0+, refer to the Reporting\u0026nbsp;\u003c/strong\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/5.5/xpack-reporting.html\" target=\"_blank\"\u003e\u003cstrong\u003edocumentation\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;for the latest screens and instructions).\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\" style=\"margin-top: 0pt;margin-bottom: 0pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eCurrently, you can only generate a PDF report against a dashboard if the dashboard is an existing/saved object in Kibana.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt292a06e83bc57255/5f88649c1252ff30caf61f59/report-3.png\" height=\"388\" width=\"466\" style=\"width: 466;height: 388;\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eOnce you have created the desired dashboard, click on the “Generate Report” icon (rightmost icon).\u0026nbsp; This will give you a button to generate a Printable PDF report. \u0026nbsp;Clicking on the button will issue a one-time reporting request to the reporting queue. \u0026nbsp;\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt59100050e2c2a73e/5f88649aace59e4b82917b68/report-4.png\" height=\"60\" width=\"624\" style=\"width: 624;height: 60;\"/\u003e\u003c/p\u003e\u003cp\u003eWhen the report is ready, you can locate the report in the list of generated reports from \u003cstrong\u003eSettings \u0026gt; Reporting \u003c/strong\u003eand download it using\u0026nbsp;the corresponding action icon.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8840b3777b0c45f8/5f88649cf9d3bf27fac3be21/report-5.png\" height=\"141\" width=\"624\" style=\"width: 624;height: 141;\"/\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"margin-top: 18pt;margin-bottom: 6pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003eStep 5: \u0026nbsp;Create a Watch to Send the Report\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cstrong\u003e(On 5.0+, Watcher comes packaged with X-pack which is automatically installed on Elastic Cloud. \u0026nbsp;In the above example, it uses the \"http\" attachment type of the email action which applies to Reporting 4.6 and 5.0. \u0026nbsp;Starting in 5.1+, we now have a specialized \"\u003c/strong\u003e\u003ca href=\"https://www.elastic.co/guide/en/x-pack/5.5/actions-email.html#configuring-email\" target=\"_blank\"\u003e\u003cstrong\u003ereporting\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e\"\u0026nbsp;attachment type specifically for integration between Alerting/Watcher and Reporting. \u0026nbsp;Refer to Reporting \u003c/strong\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/5.5/automating-report-generation.html#automating-report-generation\" target=\"_blank\"\u003e\u003cstrong\u003edocumentation\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e for detailed steps.)\u003c/strong\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFollow the Watcher installation steps to \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/installing-watcher.html\"\u003einstall the Watcher plugin\u003c/a\u003e. \u0026nbsp; Since I am using an Elastic Cloud instance, it’s a simple check of the watcher option under the Plugins section and it will install it for you!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltea7d61fcb64f04cb/5f88649a1f5f6d4173b501d6/report-6.png\" height=\"63\" width=\"624\" style=\"width: 624;height: 63;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eOnce Watcher is installed and the Watcher service is running, create the watch using the \u003ca href=\"https://www.elastic.co/guide/en/sense/current/index.html\"\u003eSense\u003c/a\u003e editor or curl equivalent, etc.. \u0026nbsp;If you are running on the Elastic Cloud, Sense editor is pre-installed with Kibana. \u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/reporting/current/getting-started.html#automating-report-generation\"\u003eWatcher + Reporting integration\u003c/a\u003e uses Watcher’s email action with attachment capability to trigger report generation and subsequently send the resulting PDF file to the recipients specified.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBefore creating the watch, \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/email-services.html#email-account\"\u003econfigure a valid smtp server\u003c/a\u003e for Watcher to use for sending emails. \u0026nbsp;On Elastic Cloud, you do not have to set up a smtp server and will use the one provided by the Cloud environment \u0026nbsp;(however, remember to \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/watcher.html#watcher-whitelist\"\u003ewhitelist\u003c/a\u003e the email addresses for the recipients of your reports).\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cstrong\u003eUse case:\u003c/strong\u003e \u0026nbsp;Our systems manager has been receiving reports that customers have trouble attaching files to\u0026nbsp;Salesforce Service Cloud support cases. \u0026nbsp;He would like to get a bi-weekly analytics report over 6 months of data on tickets filed against the Service Cloud (our support system) only if there are tickets created related to attachments within the past 2 weeks.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe watch below queries the helpdesk ticket data to see if there are any tickets filed against the support system by internal employees within the past 2 weeks, and if these tickets mention attachments in their feeds (which can be\u0026nbsp;posts, emails, or comments on either). \u0026nbsp;If so, the watch will fire and request the saved dashboard to be generated as a PDF report to be sent to the systems manager.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _watcher/watch/reporting\u003cbr /\u003e{\u003cbr /\u003e \"trigger\": {\u003cbr /\u003e \"schedule\": {\u003cbr /\u003e \"interval\": \"14d\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": \"sfcases\",\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"size\": 0,\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"bool\": {\u003cbr /\u003e \"must\": [\u003cbr /\u003e {\u003cbr /\u003e \"query_string\": {\u003cbr /\u003e \"query\": \"Ticket_Category:support AND Feeds:attachment\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ],\u003cbr /\u003e \"filter\": [\u003cbr /\u003e {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"CreatedDate\": {\u003cbr /\u003e \"gte\": \"now-14d\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"term\": {\u003cbr /\u003e \"Ticket_Category\": \"support\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"condition\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"inline\": \"if (ctx.payload.hits.total \u0026gt;0) return true; else return false;\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"actions\": {\u003cbr /\u003e \"email_admin\": {\u003cbr /\u003e \"email\": {\u003cbr /\u003e \"to\": \"'John Smith \u0026lt;email_address@elastic.co\u0026gt;'\",\u003cbr /\u003e \"subject\" : \"[Report][Helpdesk] Service Cloud Attachment Tickets\",\u003cbr /\u003e \"body\" : \"There are new helpdesk tickets created within the past 2 weeks against the Service Cloud with feeds related to attachments. Please review the bi-weekly PDF report attached.\",\u003cbr /\u003e \"attachments\": {\u003cbr /\u003e \"helpdesk_attachment_tickets.pdf\": {\u003cbr /\u003e \"http\": {\u003cbr /\u003e \"content_type\": \"application/pdf\",\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"method\": \"POST\",\u003cbr /\u003e \"headers\": {\u003cbr /\u003e \"kbn-xsrf\": \"reporting\"\u003cbr /\u003e },\u003cbr /\u003e \"read_timeout\": \"300s\",\u003cbr /\u003e \"scheme\": \"https\",\u003cbr /\u003e \"auth\": {\u003cbr /\u003e \"basic\": {\u003cbr /\u003e \"username\": \"reporting_user\",\u003cbr /\u003e \"password\": \"password\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"url\": \"https://\u0026lt;elastic_cloud_instance_id\u0026gt;.us-east-1.aws.found.io/api/reporting/generate/dashboard/Support-(Dashboard)-Service-Cloud-Internal-Case-Analytics?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-6M,mode:quick,to:now))\u0026amp;_a=(filters:!(),options:(darkTheme:!f),panels:!((col:7,id:%27Support-(Pie)-By-Status%27,panelIndex:3,row:3,size_x:3,size_y:2,type:visualization),(col:4,id:%27Support-(Pie)-By-Severity-Level%27,panelIndex:4,row:3,size_x:3,size_y:2,type:visualization),(col:3,id:%27Support-(Bar)-Date-Histogram%27,panelIndex:9,row:1,size_x:10,size_y:2,type:visualization),(col:10,id:%27Support-(Pie)-Origin%27,panelIndex:12,row:3,size_x:3,size_y:2,type:visualization),(col:1,id:%27Support-(Bar)-Owner%27,panelIndex:15,row:5,size_x:6,size_y:4,type:visualization),(col:7,id:%27Support-(Bar)-Contacts%27,panelIndex:16,row:5,size_x:6,size_y:4,type:visualization),(col:1,id:%27Support-(Pie)-Ticket-Category%27,panelIndex:17,row:3,size_x:3,size_y:2,type:visualization),(col:1,id:%27Support-(Metric)-Total-%23-of-Internal-Cases%27,panelIndex:19,row:1,size_x:2,size_y:2,type:visualization),(col:1,columns:!(CaseNumber,Contact,Subject,Priority,Status),id:%27Case-View-(Internal)%27,panelIndex:20,row:9,size_x:12,size_y:4,sort:!(CreatedDate,desc),type:search)),query:(query_string:(analyze_wildcard:!t,query:%27Ticket_Category:support%20AND%20Feeds:attachment%27)),title:%27Support%20-%20(Dashboard)%20Service%20Cloud%20Internal%20Case%20Analytics%27,uiState:(P-15:(vis:(legendOpen:!t)),P-4:(spy:(mode:(fill:!f,name:!n)),vis:(legendOpen:!t)),P-9:(vis:(legendOpen:!f))))\u0026amp;sync\"\u0026lt;/elastic_cloud_instance_id\u0026gt;\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe \u003cstrong\u003erequest.url\u003c/strong\u003e\u0026nbsp;string in the watch’s email action is copied from the Generation URL\u0026nbsp;entry from above (screenshot in Step 4) which will be used by Watcher to generate the report on the fly. \u0026nbsp;Currently, report generation is synchronous, which means that it is important to set the \u003cstrong\u003erequest.read_timeout\u003c/strong\u003e\u0026nbsp;to a timeout that is longer than the time it takes to generate the report. \u0026nbsp;Otherwise, Watcher tasks can start to queue up.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFor more detailed explanation of the other settings in the email action, refer to the Reporting \u003ca href=\"https://www.elastic.co/guide/en/reporting/current/getting-started.html#automating-report-generation\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"margin-top: 18pt;margin-bottom: 6pt;line-height: 1.38;background-color: rgb(255, 255, 255);\"\u003eStep 6: \u0026nbsp;Check Out the Report\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHere is the resulting\u0026nbsp;Watcher alert email sent by Elastic Cloud with the PDF report:\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e---------- Forwarded message ----------\u003cbr /\u003eFrom: Watcher Alert \u0026lt;noreply@watcheralert.found.io\u0026gt;\u003cbr /\u003eDate: Thu, Sep 15, 2016 at 12:43 PM\u003cbr /\u003eSubject: [Report][Helpdesk] Service Cloud Attachment Tickets\u003cbr /\u003eTo: 'John Smith \u0026lt;email_address@elastic.co\u0026gt;\u003cbr /\u003eThere are new helpdesk tickets created within the past 2 weeks against the Service Cloud with feeds related to attachments. Please review the bi-weekly PDF report attached.\u003cbr /\u003e\u0026lt;\u0026lt; helpdesk_attachment_tickets.pdf (211K) \u0026gt;\u003cbr /\u003e--\u003cbr /\u003eThis email is sent via a Watcher alert on a Found hosted cluster. Your email address was previously whitelisted. To stop receiving any Watcher alert, click: \u0026lt;\u0026lt;a href=\"http://email.watcheralert.found.io/u/eJwNxDEOwyAMAMDXwEZkDIF68JA_ZOoSEQMtUtVEhP6_ueEyx1wh6Ma9nEcf7fvawCDYYICMnVdLyi0e7yBMSP6p3-xsTLaE-JAqexXcEQiJhPLs0KesO5_tdykP5ZOu0WSSQw9WuPwBv48fcg\"\u0026gt;\u0026lt;span\u0026gt;\u0026lt;/span\u0026gt;\u0026lt;/a\u0026gt;http://email.watcheralert.found.io/u/…..\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAnd here are a few example screens from the generated PDF report received by the systems manager. \u0026nbsp;How cool is that!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt84b71e13e6aa4416/5f88649b3db5122648cbcd27/report-7.png\" height=\"274\" width=\"459\" style=\"width: 459;height: 274;\"/\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf77e4f1b0e5d33dc/5f88649a271ecf4a1a644e21/report-8.png\" height=\"543\" width=\"457\" style=\"width: 457;height: 543;\"/\u003e\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdc458f9de1f9727c/5f886499dcf0e74b7cbf661e/report-9.png\" height=\"126\" width=\"462\" style=\"width: 462;height: 126;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eImagine the possibilities! \u0026nbsp;Give it a try and don’t forget to view the\u0026nbsp;\u003ca href=\"https://www.elastic.co/webinars/reporting-and-alerting-overview-and-demo?baymax=rtp\u0026elektra=products\u0026iesrc=ctr\"\u003eReporting Webinar\u003c/a\u003e video\u0026nbsp;to learn more about the new reporting capabilities :)\u003c/p\u003e\u003cdiv\u003e\u003cbr /\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:39:19.293Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt6991d59444b0d068","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T10:34:21.679Z","updated_at":"2018-10-10T10:34:21.679Z","content_type":"image/jpeg","file_size":"84336","filename":"blog-reporting-fullbleed.jpg","title":"blog-reporting-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:33:28.734Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6991d59444b0d068/5bbdd5adcca23e4e0cc6b469/blog-reporting-fullbleed.jpg"},"markdown_l10n":"","publish_date":"2016-10-03T16:46:20.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"You get a report! You get a report!","seo_description_l10n":"This blog post talks about how you can use Reporting and Watcher integration on Elastic Cloud to schedule the delivery of PDF reports.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt23c1099fc18829f9","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T10:34:16.927Z","updated_at":"2018-10-10T10:34:16.927Z","content_type":"image/jpeg","file_size":"43645","filename":"blog-reporting-thumb.jpg","title":"blog-reporting-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:33:28.734Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt23c1099fc18829f9/5bbdd5a8587df1a314bc77a9/blog-reporting-thumb.jpg"},"title":"You get a report! You get a report!","title_l10n":"You get a report! You get a report!","updated_at":"2025-03-10T11:06:06.158Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/you_get_a_report_you_get_a_report","publish_details":{"time":"2025-03-10T11:06:10.451Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc7bb0b96acd395fe","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"In this integration, we explore NHL Play-by-Play data in Elasticsearch \u0026 Kibana, then dive into creating a custom WMS tile server for a hockey rink backdrop.","author":["blt6e6b2409dd184f91"],"body_l10n":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eNote:\u0026nbsp;For a more detailed and flexible approach\u0026nbsp;using geo-referenced vectors, the reader should follow the steps outlined \u003c/strong\u003e\u003ca href=\"https://www.elastic.co/blog/operational-analytics-with-elasticsearch-at-elasticon-2017-part-2\"\u003e\u003cstrong\u003ein this blog post\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e.\u0026nbsp;\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eThe National Hockey League (NHL) provides public access to each game’s play-by-play data, in convenient JSON format (see \u003ca href=\"https://assets.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt59f1e2e912ab70b1/5f516abcb553152466d1c1c0/PlayByPlay.json\"\u003esample doc\u003c/a\u003e* for 1 game), which we can ingest into Elasticsearch with minimal effort. \u0026nbsp;In this blog post, we will explore approximately 73 thousand plays made (so far) in the 2016-2017 NHL Season.\u003c/p\u003e\u003cp\u003eEach play contains the following information: \u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eTime of Play\u003c/li\u003e\u003cli dir=\"ltr\"\u003eType of Play (Goal, Shot, Hit, Penalty, Fight)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWho made the play\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWho else was involved in the play\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWho was on the ice at the time of the play\u003c/li\u003e\u003cli dir=\"ltr\"\u003eX,Y coordinates of play location on the ice.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eA text description of the play.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eUsing Kibana dashboard with some basic visualizations, we can drill down on a specific game. \u0026nbsp;\u0026nbsp;Let’s see a timeline of plays, colour coded by type and split by team, then some pie charts of each play, also split by team. \u0026nbsp;\u0026nbsp;The first pie shows us that only the Ducks scored in this game. \u0026nbsp;\u003cem\u003eGogliano\u003c/em\u003e and \u003cem\u003eSilfverberg\u003c/em\u003e made this a 2-0 win over the Stars.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt15712bc88f5738df/5f8861f11529bb3239a1f1bd/kibana-nhl-1.png\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003cbr /\u003eA hockey rink is 200 Feet by 85 Feet, which conveniently equates closely to longitude and latitude (180 by 90). \u0026nbsp;\u0026nbsp;In the case that your data does not equate naturally, you could use Logstash to translate the coordinates to a compatible longitude and latitude range. \u0026nbsp;The following visualization shows the location of all goals scored, but something’s not right - Latitude and Longitude is a nice coordinate hack, but we need the correct backdrop.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6b48cc6ffe994e1e/5f8861f12f59ae27f3d60e40/kibana-nhl-2.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eAs of \u003ca href=\"https://www.elastic.co/blog/kibana_4.2_beta2\"\u003eKibana 4.2, we added support for custom map tiles\u003c/a\u003e, so we can turn our world into a hockey rink (for those of us who haven’t already).\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eSidney Crosby’s Shot Locations\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltebfafefc8f3d23cb/5f8861f14671ee30c689e83a/kibana-nhl-3.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eP.K. Subban’s Shot Locations\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb6807bdb86d1eb91/5f8861f1f6c586323f8b34d4/kibana-nhl-4.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 10pt;margin-bottom: 0pt;\"\u003eSetting up a custom Tile Server\u003c/h2\u003e\u003cp\u003eLet’s now outline the process used to load this custom map into the Kibana visualization. \u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 1) Create a GeoTIFF version of the Arena image\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003egdal_translate -of GTiff -a_srs EPSG:4326 -a_ullr -105 45 105 -45 nhl_rink.gif nhl_rink_gtiff.tiff\u003cbr /\u003egdal_warp -t_srs EPSG:4326 nhl_rink_gtiff.tiff nhl_rink.tiff\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe \u003ca href=\"http://www.gdal.org/gdal_translate.html\"\u003egdal_translate\u003c/a\u003e and \u003ca href=\"http://www.gdal.org/gdalwarp.html\"\u003egdalwarp\u003c/a\u003e\u0026nbsp;commands are used in conjunction to encode longitude/latitude points into the image, and to “reproject”, or set control points.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 2) Set up GeoServer\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://geoserver.org/\"\u003eGeoServer\u003c/a\u003e is a free and open-source \u003ca href=\"https://en.wikipedia.org/wiki/Web_Map_Service\"\u003eWMS\u003c/a\u003e server, which makes it compatible with Kibana. \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Downloading and installing this software onto your favourite platform is easy, and results in a Web Front end that you can log into to manage your tile service. \u0026nbsp;\u0026nbsp;Once the server is running, you can log into via \u003cem\u003ehttp://\u0026lt;hostname\u0026gt;:8080/geoserver.\u003c/em\u003e\u0026nbsp; \u0026nbsp;\u0026nbsp;In the screenshots, we are working with GeoServer 2.7.2.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 3) Create a new Workspace\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eFrom the Data-\u0026gt;Workspaces menu, click “Add new Workspace”. \u0026nbsp;\u0026nbsp;In this example, we name it “NHL”, and also set the Namespace URI to “NHL” \u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 4) Import the GeoTIFF into Data Stores.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eFrom the Data-\u0026gt;Stores menu, click “Add new Store”. \u0026nbsp;\u0026nbsp;\u0026nbsp;Select GeoTIFF. \u0026nbsp;\u0026nbsp;Select the Workspace you just created, and set a datasource name. \u0026nbsp;For this example, we use the DS name “nhl_rink_ds”. \u0026nbsp;\u0026nbsp;\u0026nbsp;Browse to select your nhl_rink.tiff file, and press Save.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte2afbd188247962c/5f8861ee271ecf4a1a644e09/kibana-nhl-5.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 5) Create the WMS Layer\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eFrom the Data-\u0026gt;Layers menu, click “Add new Resource”. \u0026nbsp;\u0026nbsp;\u0026nbsp;Select your newly created data source (NHL:nhl_rink_ds). \u0026nbsp;\u0026nbsp;By default, the Layer will be named the same as the store image name, without the file extension. (nhl_rink). \u0026nbsp;Click Publish (which then opens up the Layer Settings) then Click Save.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt233dbd7b50c72fb1/5f8861f03db5122648cbccfb/kibana-nhl-6.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThat’s it, your tile service is ready to go!\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStep 6) Configure Kibana to use the new tile server\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eFinally, create a tile map visualization in Kibana and configure a custom WMS compliant map server.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1e10ee39fdbd4513/5f8861ef1f5f6d4173b501b4/kibana-nhl-7.png\" alt=\"Screen Shot 2017-01-11 at 1.37.32 PM.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003ctable style=\"font-size: 14px;\"\u003e\u003ctbody\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS url\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003ehttp://\u0026lt;hostname\u0026gt;:8080/geoserver/NHL/wms\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS layers\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003enhl_rink\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS version\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003e1.1.0\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS format\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eimage/png\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS attribution\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eMy NHL Data\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr style=\"height: 0px;\"\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWMS styles\u003c/p\u003e\u003c/td\u003e\u003ctd style=\"border-color: rgb(0, 0, 0);padding: 7px;\"\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eraster\u0026nbsp; \u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 10pt;margin-bottom: 0pt;\"\u003eExploring Further\u003c/h2\u003e\u003cp\u003eConsider the possibilities for drawing conclusions about the data set:\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhich goalies are vulnerable to shots from certain players shooting from certain locations?\u003c/li\u003e\u003cli\u003eWho is drawing the most penalties (Aggregating by p2name.raw where type.raw:penalty)?\u003c/li\u003e\u003cli\u003eTime Series Analysis in\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/timelion-timeline\"\u003eTimelion\u003c/a\u003e to show relationships between stats\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTry Importing the data into Elasticsearch yourself: \u0026nbsp;\u003ca href=\"https://github.com/elastic/examples/tree/master/Exploring%20Public%20Datasets/nhl\"\u003eFind the source code with instructions on GitHub.\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAs always, we appreciate your feedback, so feel free to ping us on \u003ca href=\"https://discuss.elastic.co/\"\u003eDiscuss\u003c/a\u003e\u0026nbsp;or\u0026nbsp;\u003ca href=\"https://twitter.com/elastic\"\u003eTwitter\u003c/a\u003e. \u0026nbsp;Or, if you want to kick it up a notch and meet us in person, please come to our big user conference Elastic{ON} in March 2017!\u003cbr /\u003e\u003c/p\u003e\u003chr/\u003e\u003cp\u003e* - The game data was previously available from\u0026nbsp;http://live.nhl.com/GameData/20142015/2014021136/PlayByPlay.json\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:38:24.031Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"Screen Shot 2017-01-18 at 10.22.50 AM.png","uid":"blt4760580d9e4fc357","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T08:38:26.436Z","updated_at":"2019-02-04T08:38:26.436Z","content_type":"image/png","file_size":"108969","filename":"Screen_Shot_2017-01-18_at_10.22.50_AM.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:41:25.987Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4760580d9e4fc357/5c57fa0265ace9e30b31635b/Screen_Shot_2017-01-18_at_10.22.50_AM.png"},"markdown_l10n":"","publish_date":"2017-01-24T14:36:08.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"Screen Shot 2017-01-18 at 10.24.17 AM.png","uid":"blt752a10e825e961d3","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T08:38:20.925Z","updated_at":"2019-02-04T08:38:20.925Z","content_type":"image/png","file_size":"120083","filename":"Screen_Shot_2017-01-18_at_10.24.17_AM.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:41:25.987Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt752a10e825e961d3/5c57f9fca209c1ca0be9dd4f/Screen_Shot_2017-01-18_at_10.24.17_AM.png"},"title":"Kibana and a Custom Tile Server for NHL Data","title_l10n":"Kibana and a Custom Tile Server for NHL Data","updated_at":"2025-03-10T11:02:13.734Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/kibana-and-a-custom-tile-server-for-nhl-data","publish_details":{"time":"2025-03-10T11:02:18.175Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfc289dfab4213783","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Elasticsearch engineer Boaz Leskes gave a guest lecture to 100 students from the VU University of Amsterdam on the Life of a Cocument in Elasticsearch.","author":["blt7d550e7b21fc20a2"],"body_l10n":"\u003cp\u003eJust when you think you’ve graduated from university, there’s always something that pulls you right back in. We all remember the fun of exams, the deadlines, the never ending books, the long days, and of course, the partying. And then there’s that amazing moment when you finally graduate and say goodbye to university. But who would’ve thought that going back to school could actually be quite interesting?\u003c/p\u003e\u003cp\u003eWe’re happy to say that we got invited to give a guest lecture at the VU University in Amsterdam to teach computer science and engineering students the basics of Elasticsearch. \u003ca href=\"https://twitter.com/bleskes\"\u003eBoaz Leskes\u003c/a\u003e, one of our core software engineers, was the lucky one to give this presentation to around 100 students. Surprisingly enough only two students have heard about Elasticsearch and Lucene before but guess what, that was about to change...\u003c/p\u003e\u003cp\u003eBoaz explained the lifecycle of a single document in Elasticsearch (see slides below\u0026nbsp;from his presentation at Elastic{ON}15). The talk\u0026nbsp;covered many different aspects including what happens when you index a single document in Elasticsearch and how Elasticsearch ensures a document is replicated and found across the whole cluster reliably.\u003c/p\u003e\u003cdiv style=\"height: 478px;margin-bottom: 20px;\"\u003e\u003ciframe width=\"100%\" height=\"478\" src=\"//speakerdeck.com/player/3097bd6f3f3e450a8415f49e7c17bf75\" class=\"video-iframe\" frameborder=\"0\" allowfullscreen=\"\"\u003e\u003cspan id=\"selection-marker-1\" class=\"redactor-selection-marker\"\u003e\u003c/span\u003e\u003c/iframe\u003e\u003c/div\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAfter some term descriptions to lay the ground Boaz got the students’ attention and he even started cracking his jokes as he usually does to get them even more ‘awake’. And yes, they were actually answering some of his questions and they were pretty good at it!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAt this point, the students were captured including the one sitting in front of me who wrote down pretty much every sentence Boaz said. Boaz continued with his talk and explained more about the how, when and where a document is stored and processed in\u0026nbsp;Elasticsearch. At the end of his presentation, it was question time! Despite a tough start being confronted with a\u0026nbsp;completely new topic, students\u0026nbsp;were asking a lot of good questions.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe two students with the best questions got offered an Elasticsearch book at the end - no, it’s not just a \u003ca href=\"https://speakerdeck.com/bleskes/life-of-a-document-in-elasticsearch?slide=6\"\u003eJSON document within the presentation\u003c/a\u003e, the book actually exists. :)\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAll in all the guest lecture was a great success, at least from our perspective. Let’s hope the students see it the same way!\u0026nbsp;And in my opinion, going back to school was totally worth it!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eIf you are interested, Boaz’ presentation slides can be downloaded from\u0026nbsp;\u003ca href=\"https://speakerdeck.com/bleskes/life-of-a-document-in-elasticsearch\"\u003ehere\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003eApplause, Applause!\u003cbr /\u003e\u003c/p\u003e","category":[],"created_at":"2019-04-18T15:19:50.541Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"_version":3,"is_dir":false,"uid":"blt9390c3a66f9a7673","ACL":{},"content_type":"image/png","created_at":"2019-09-04T15:43:09.575Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"73492","filename":"blog-banner-generic-black.png","parent_uid":null,"tags":[],"title":"blog-banner-generic-black.png","updated_at":"2020-11-25T17:47:29.005Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T17:47:21.551Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9390c3a66f9a7673/5fbe98b142256d5ffdf46887/blog-banner-generic-black.png"},"markdown_l10n":"","publish_date":"2015-11-27T16:18:43.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Goes Back To School","seo_description_l10n":"Boaz gave a guest lecture to 100 students from the VU University of Amsterdam on the Life of a document in Elasticsearch.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":4,"is_dir":false,"uid":"blt906fe334a8bd62cc","ACL":{},"content_type":"image/png","created_at":"2019-12-05T18:00:18.530Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"32572","filename":"blog-thumb-generic-black.png","parent_uid":null,"tags":[],"title":"blog-thumb-generic-black.png","updated_at":"2020-11-25T17:48:14.349Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T17:48:07.076Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt906fe334a8bd62cc/5fbe98de4e40cf53001fa2a4/blog-thumb-generic-black.png"},"title":"Elastic Goes Back To School","title_l10n":"Elastic Goes Back To School","updated_at":"2025-03-10T10:57:17.179Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-goes-back-to-school","publish_details":{"time":"2025-03-10T10:57:20.703Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltadf3df28c911c68c","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blta3a0ef5d1f46fd39"],"body_l10n":"\u003cp\u003e\u003cem\u003e“Alert me when my Elasticsearch cluster state is red!\"\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eYou asked, we heard.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eSome of our users have been creating Watches based on the data that X-Pack monitoring collects to get real-time alerts. We then thought,\u0026nbsp;‘Wouldn’t it be nice if we created some Watches for the common cluster problems and make everyone’s life easier?’\u003c/p\u003e\u003cp dir=\"ltr\"\u003eSo we did. We worked hard to automatically surface potential issues within your Elastic Stack. We hope you like it!\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFor this first-class feature in X-Pack monitoring, we leveraged X-Pack alerting via Watcher to periodically query the monitoring data, identify issues and provide alerts for critical issues.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWhen you click on the Monitoring app, you will see any active Cluster Alerts as part of the overview of your Elastic Stack.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfcbb7b1b0900aac0/5f878677f9d3bf27fac3b90c/es-cluster-alerts-blog-image.gif?disposition=inline\" width=\"918\" height=\"703\" style=\"width: 918;height: 703;\"/\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eUnder Top Cluster Alerts, we see that “Elasticsearch cluster status is yellow” with a link to allocate missing replica shards. Clicking the link takes you to the index listing page, which has information about indices that have unassigned shards. There needs to be more than one node in a cluster so that replica shards could be assigned. To resolve this issue, we need to add a second node to join this single-node cluster. Anything that makes the Elasticsearch health turn green will make this Cluster Alert go away - most of the time, that means adding another node to host the replica shards.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIn the 5.4 release, we’re shipping with the following four Watches to get this rolling:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYellow or red Elasticsearch cluster state\u003c/li\u003e\u003cli\u003eMismatching versions of Elasticsearch nodes\u003c/li\u003e\u003cli\u003eMismatching versions of different Kibana instances\u003c/li\u003e\u003cli\u003eMismatching versions of Logstash nodes in your cluster\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eIn future releases, we plan to provide alerts for X-Pack license expiration approaching, Elasticsearch shards approaching maximum size limits, CPU, memory, and disk utilization, and the holy grail: nodes joining and leaving the cluster. We know that one size does not fit all, we plan on working on customizable thresholds in the future.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWe are also actively working to enable E-mail configuration from Kibana for the built-in Watches. In the future, we will let you set notifications via Slack, HipChat, PagerDuty, Jira and Webhook integrations.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWhen you're on vacation on a beautiful beach, you can fully enjoy your time and relax knowing that your Elastic Stack issues will be kept under close watch with Cluster Alerts in X-Pack monitoring.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eTo try out this new feature, get started today with \u003ca href=\"https://www.elastic.co/start\"\u003ethe latest release\u003c/a\u003e with a trial license, where you can take a full advantage of all \u003ca href=\"https://www.elastic.co/subscriptions\"\u003eX-Pack features\u003c/a\u003e.\u0026nbsp;If you have any questions or requests, please let us know via our \u003ca href=\"https://discuss.elastic.co/c/x-pack\"\u003eX-Pack discuss\u003c/a\u003e forum.\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-18T15:15:30.655Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf7e0361d38ceea67"],"full_bleed_image":{"uid":"bltd1357fd2c4876f68","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2019-05-02T02:45:25.809Z","updated_at":"2019-05-02T02:45:25.809Z","content_type":"image/jpeg","file_size":"62402","filename":"beach-pier-lone-man-boat-sand-banner.jpg","title":"beach-pier-lone-man-boat-sand-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T02:45:36.946Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd1357fd2c4876f68/5cca59c54c5fe893641667c8/beach-pier-lone-man-boat-sand-banner.jpg"},"markdown_l10n":"","publish_date":"2017-05-30T20:56:53.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt970bec35974cf578","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2019-05-02T02:45:20.723Z","updated_at":"2019-05-02T02:45:20.723Z","content_type":"image/jpeg","file_size":"44240","filename":"beach-pier-lone-man-boat-sand-thumb.jpg","title":"beach-pier-lone-man-boat-sand-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T02:45:36.946Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt970bec35974cf578/5cca59c0683c75ef655381d1/beach-pier-lone-man-boat-sand-thumb.jpg"},"title":"Cluster Alerts for Elasticsearch Issues: Cluster Alerts in X-Pack Monitoring","title_l10n":"Cluster Alerts for Elasticsearch Issues: Cluster Alerts in X-Pack Monitoring","updated_at":"2025-03-10T10:55:50.761Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elasticsearch-cluster-alerts-for-issues-from-xpack-monitoring","publish_details":{"time":"2025-03-10T10:55:54.967Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfcbdb493b8e32695","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt5a853ed84ea8bcc8"],"body_l10n":"\u003cp\u003eToday we are proud to announce the general availability of Elastic Application Performance Monitoring (APM) Server on top of the Elasticsearch Service. Elastic APM provides rich insights into application performance and visibility for distributed workloads, while the Elasticsearch Service simplifies provision and management. Elastic APM on Elasticsearch Service supports a number of languages including Java, Go, Ruby, Python, and Javascript.\u003c/p\u003e\u003cp\u003eThese new \u003ca href=\"/blog/elastic-apm-6-6-0-released\"\u003eElastic APM 6.6\u003c/a\u003e abilities pair with the other powerful features already available on the Elasticsearch service including:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutomated anomaly detection for APM data with machine learning\u003c/li\u003e\u003cli\u003eFaster troubleshooting with alerting on top of APM data\u003c/li\u003e\u003cli\u003eCost-effective hot-warm architecture with built-in index curation\u003c/li\u003e\u003cli\u003eCentralizing logs, metrics, and APM data\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eExisting Elasticsearch Service users can add APM Servers to any existing or new deployment with version 6.3 and above.\u003c/p\u003e\u003ch2\u003eAdd\u0026nbsp;APM Server to your deployment... for free\u003c/h2\u003e\u003cp\u003eAs an easy way to try Elastic APM on Elasticsearch Service, we are also including a 512 MB APM Server\u0026nbsp;instance with all new 6.6+ deployments and\u0026nbsp;as part of the \u003ca href=\"https://www.elastic.co/blog/elasticsearch-service-on-elastic-cloud-introduces-new-pricing-with-reduced-costs\"\u003efree allowance\u003c/a\u003e\u0026nbsp;announced last year. This new addition to the free allowance joins the existing 1 GB machine learning node and 1 GB Kibana instance. With this instance of APM Server, you can start instrumenting your applications and send hundreds of events per second before needing to scale up.\u003c/p\u003e\u003cp\u003eIf you are a current user of the Elasticsearch Service, upgrade your deployment and start up your own APM server to take it for a spin. If you aren't a current user, sign up for a\u0026nbsp;\u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup\"\u003e14-day free trial of Elasticsearch Service\u003c/a\u003e\u0026nbsp;and give the whole stack a whirl.\u003c/p\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2019-04-01T13:47:36.151Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt524d5ee0222d5354","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:36.948Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"54225","filename":"blog-banner-release-elasticsearch.png","parent_uid":null,"tags":[],"title":"blog-banner-release-elasticsearch.png","updated_at":"2021-01-26T17:45:10.329Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-02-03T15:47:40.504Z","user":"bltde77f2161b811714"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt524d5ee0222d5354/601055260cb0aa0ffcdd590e/blog-banner-release-elasticsearch.png"},"markdown_l10n":"","publish_date":"2019-01-29T19:01:54.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":["newsletter"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"blt8c2b608c10eb1fd8","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:42.964Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"51730","filename":"blog-thumb-release-elasticsearch.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-elasticsearch.png","updated_at":"2022-02-11T21:03:50.956Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.895Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c2b608c10eb1fd8/601055106215cf0f9a18d799/blog-thumb-release-elasticsearch.png"},"title":"Introducing Elastic APM on Elasticsearch Service","title_l10n":"Introducing Elastic APM on Elasticsearch Service","updated_at":"2025-03-10T10:54:18.859Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/introducing-elastic-apm-on-elasticsearch-service","publish_details":{"time":"2025-03-10T10:54:22.040Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltec0223f5e225d370","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Our Cloud service experienced issues with managing memory for the clusters. This blog is a postmortem of the incident.","author":["blt553467a41584839d","blt2b6896ceeb9a2141"],"body_l10n":"\u003cp\u003eElastic Cloud is on the tail end of eliminating a mix of memory issues that has caused problems for a lot of low-memory nodes, and in some rare cases even large nodes. Following the memory problems, we experienced connectivity issues on a handful of servers in eu-west-1 that affected any cluster with at least one node on these impacted servers.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eAfter investigation, we found that there were a number of small problems that, when combined, created larger issues. \u0026nbsp;This post attempts to summarise the breadth of things that all contributed to the problems, and the extent of testing we’re ramping up to avoid repeating our mistakes. You might learn a thing or two about Linux, Docker, memory accounting, glibc, JVM-settings, Netty, and Elasticsearch as well. We sure have.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 24px;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cspan style=\"font-size: 30px;\"\u003e\u003cstrong\u003eScope\u0026nbsp;of the memory problem\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eElastic Cloud runs tens of thousands of Elasticsearch nodes. These nodes run on servers with memory ranging from 30-244 GiB and 4-32 cores, which we call our “allocator pool”. A single server can host a lot of Elasticsearch nodes, each running in containers getting a reserved slice of memory and a (boostable) slice of the CPU. The servers run a small number of different kernel and Docker versions, and we’ll get back to why.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe memory issues can be categorised as:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHigh memory pressure from Elasticsearch causing increased GC-load and latencies, and eventually the JVM running out of heap space. There were several things that could lead to this.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eGrowth in the JVM’s non-heap memory, eating away memory intended for page cache and possibly causing kernel-level OOM-reaping.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eBecause we used long-running containers, kernel memory was being incorrectly accounted, causing the kernel to kill processes in a container almost as soon as the node started.\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAll of these could affect a single node, but just one would be sufficient to make the node unreliable.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWhenever a process is restarted due to memory issues, we log the event and notify the account owner and operational contacts (rate limiting to max one email per 6 hours). While Elasticsearch keeps getting more careful against running out of memory, it’s not uncommon for an overloaded cluster to run out of memory.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThus, we know that in the period we had the most issues, approximately 1% of the running clusters were affected. That’s a lot of clusters, but as most mitigations affect every cluster and some required restarting Elasticsearch and/or upgrading, we needed to proceed carefully to not cause any problems to the majority of nodes not having any issues.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cspan style=\"font-size: 30px;\"\u003e\u003cstrong\u003eOn environment variety\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eElastic Cloud is based on the acquisition of Found, which launched a hosted Elasticsearch service in 2012. Having managed lots of containers since before Docker even existed and container schedulers were buzzwords, we have a lot of experience in how container-features can cause Linux to crash, or sometimes worse, cause nodes to slow down to a crawl. Even the 4.4 kernel series in Ubuntu LTS recently had OOM-issues.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWith the exception of security patches, we’re typically very slow when it comes to upgrading Linux and Docker: issues with these components can severely hurt our reliability or create significant ops workload \u0026nbsp;to clean up containers that are not being created or destroyed correctly. Docker is a fast-moving technology, and generally only the most recent versions receive security patches. This makes it important to keep up, and we were gradually increasing the numbers of servers running more recent versions as we gained confidence in it.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eOur server fleet is also composed of servers of varying size. Smaller servers limit the blast radius if there’s an issue, while larger servers are necessary to host the beefier clusters. Depending on available capacity during provisioning, a small 1GB node can end up on a massive server. A node will be allotted the same CPU time regardless of the numbers of cores available, so performance differences are small between servers. There are settings that rely \u0026nbsp;on the core count, however, and we didn’t properly cover all the bases of settings that look at cores. This could pose problems for a small node landing on a large server.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHaving run the 3.19-series of the kernel for a long time without issues, it took some time before we suspected it could be the issue. This will be described more later, but we’ve found that \u0026nbsp;Docker ≥1.12 has problems on Linux \u0026lt;4.4.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eTo start with, we turned every stone related to Elasticsearch and the JVM.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cspan style=\"font-size: 30px;\"\u003e\u003cstrong\u003eElasticsearch, Lucene, and the JVM\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eElasticsearch needs both heap space and page cache to perform well. A cluster with 1 GB memory on Cloud gets a little less than half the memory for heap space, to leave memory for page cache and non-heap JVM usage.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThere were a few issues in the early 5.0s that could cause a small node to quickly OOM as segments grew large enough to consume the available buffer space the S3 snapshotter could use, which was changed to 100 MB. This would be about 20% of a 1GB nodes available space, quickly leading to issues. That was quickly identified and remedied and every cluster was upgraded to apply the fix.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHowever, we still saw Elasticsearch 5.x use a lot more non-heap memory than 2.x, which we eventually attributed to Elasticsearch 5 upgrading to Netty 4. Disabling Netty’s pooled allocator and recycler further reduced non-heap memory.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eThat still wasn’t enough, some nodes kept on OOM-ing – but now by the kernel’s OOM-reaper, which triggers if a process in a container with limited memory exceeds its memory. Increased non-heap usage would normally result in performance reductions, and not processes getting killed by the kernel OOM-reaper. So we knew we still had an issue.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eWe found more tweaks that improved the memory usage issues:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eUpgrading to JVM 8 turned tiered compilation on by default, something not really necessary for Elasticsearch. This would eat up 48MB memory for additional code caches.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eglibc’s memory allocator could waste a lot of memory on servers with many cores. A colleague coming in from Prelert has described the interactions of the \u003ca href=\"http://info.prelert.com/blog/java-8-and-virtual-memory-on-linux\"\u003eJVM and virtual memory on Linux\u003c/a\u003e as they relate to that change, which could waste a lot of memory for a small node running on a large server.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThere were a number of small fixes in Elasticsearch between 5.0.0 and 5.2.2 that helped with memory usage. \u0026nbsp;\u0026nbsp;For example, not \u003ca href=\"https://github.com/elastic/elasticsearch/pull/22711\"\u003eclosing a stream\u003c/a\u003e could leak memory.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWe reduced the number of JVM allocated GC threads. \u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eWe are also expanding our test suites to include tests that specifically address long running containers under load, and measure memory usage.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cspan style=\"font-size: 30px;\"\u003e\u003cstrong\u003eKernel and Docker bugs\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAfter much debugging, we found that specific combinations of kernel version and Docker version create a major problem with memory accounting. \u0026nbsp;In our case, combining kernel version 3.19 with Docker version 1.12 exposed this bug. \u0026nbsp;We had been running the 3.19 kernel for a long time, and it wasn’t immediately obvious that the kernel was a contributing factor to memory issues.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe core of the issue is that Docker 1.12 turns on kmem accounting. \u0026nbsp;In 3.x versions of the Linux kernel, this causes problems because of a \u003ca href=\"https://lwn.net/Articles/628829/\"\u003eslab shrinker issue\u003c/a\u003e. \u0026nbsp;In a nutshell, this causes the kernel to think that there is more kernel memory used than there actually is, and it starts killing processes to reclaim memory. \u0026nbsp;Eventually it kills the JVM, which obviously hurts the cluster. \u0026nbsp;There is a fix for the slab shrinker issue in kernel versions \u0026gt;= 4.0. \u0026nbsp;Our testing led us to combine kernel version 4.4 with Docker 1.12. \u0026nbsp;This combination solved the kmem accounting problems.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cspan style=\"font-size: 30px;\"\u003e\u003cstrong\u003eLooking forward\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAs you can see, there were a number of issues that combined to create a kind of “perfect storm” of memory issues. \u0026nbsp;We are now at a point where we’re convinced we’ve identified all of the major issues and are a long way toward addressing them throughout our fleet.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe total number of affected clusters in our SaaS environment was around 1%. \u0026nbsp;While this seems like a small number, we’re committed to reaching out to affected customers and offering explanations and help. \u0026nbsp;Although this issue affected clusters of all sizes, smaller clusters were the fastest to be affected due to the already limited amount of memory. \u0026nbsp;Since trial customers tend to run smaller clusters, we’ll be contacting trial customers who were active during the affected time period and offering new or extended trials.\u003c/p\u003e\u003cbr /\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:39:16.155Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt30e796ddb40ad174","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T08:33:06.391Z","updated_at":"2018-10-11T08:33:06.391Z","content_type":"image/jpeg","file_size":"104582","filename":"banner-the-thinker-blue.jpg","title":"banner-the-thinker-blue.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:21:44.731Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt30e796ddb40ad174/5bbf0ac2becc14715d4891de/banner-the-thinker-blue.jpg"},"markdown_l10n":"","publish_date":"2017-03-03T17:09:51.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Memory issues we'll remember","seo_description_l10n":"Our Cloud service experienced issues with managing memory for the clusters. This blog is a postmortem of the incident.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltbe725cb027423d89","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T08:33:08.804Z","updated_at":"2018-10-11T08:33:08.804Z","content_type":"image/jpeg","file_size":"45012","filename":"thumb-the-thinker-blue.jpg","title":"thumb-the-thinker-blue.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:21:44.731Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbe725cb027423d89/5bbf0ac4192fad64364a513b/thumb-the-thinker-blue.jpg"},"title":"Memory Issues We'll Remember","title_l10n":"Memory Issues We'll Remember","updated_at":"2025-03-10T10:53:01.322Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/memory-issues-well-remember","publish_details":{"time":"2025-03-10T10:53:05.977Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0f12ec44e37dd19a","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"I wanted to visualize the weather outside. So I built a way using some hobby hardware, Elasticsearch \u0026 Kibana.","author":["blt960dc480f767f8f4"],"body_l10n":"\u003cp\u003eI’m far from a meteorologist. I’m a hacker with a garage/office that I spend way too much time in. I have a bias toward things that feel like data. A friend told me that I was maybe being a bit of a garage troll; I am tucked away from the sun and warmth. I decided that I needed to figure out if she was right.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThis was a perfect opportunity to dive into the Internet of Playful Things: Arduino for my weather measurements, Elasticsearch for storage, and Kibana for viewing and analysis. With off-the-shelf parts, open source libraries and a Saturday afternoon available, I got to work.\u003c/p\u003e\u003cp\u003eIn true DIY blog post fashion, here’s the finished product. I’m far too impatient to test with weeks and weeks worth of data. In order to speed up my testing, I raided the freezer and bathroom for some supplies...\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/E8MPU4HroDPfJmKKCrUFYe.jpg\" data-uuid=\"E8MPU4HroDPfJmKKCrUFYe\" data-v=\"4\" data-type=\"inline\" style=\"width: 100%;margin: auto;display: block;\" width=\"100%\"/\u003e\u003c/div\u003e\u003cp\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eI choose the ESP8266 more and more often lately. It’s a microcontroller with WiFi capabilities that can be used by itself or with most other platforms. Folks have built compatibility layers for Node.js, Python, and Arduino with it. It has become a very popular device because of its price and capabilities. For only a couple bucks, you can add WiFi to any hobby hardware project. For about sixteen dollars, you can get a battery-powered Arduino and node/lua-compatible development board. For this project I chose a board from \u003ca href=\"https://www.adafruit.com/product/2821\"\u003eAdafruit\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eElasticsearch and Kibana provide a very tidy combination for storing and visualizing the sensor data coming out of my hardware. Prebuilt modules from Adafruit make creating your own wireless weather station simple.\u003c/p\u003e\u003ch2\u003eThings you’ll need\u003c/h2\u003e\u003cp\u003eElectronics\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.adafruit.com/product/2821\"\u003eAdafruit Feather HUZZAH or another ESP8266 dev board\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.adafruit.com/products/1603\"\u003eAdafruit BMP180 Temperature/Pressure/Altitude Sensor\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTools\u003c/p\u003e\u003cul\u003e\u003cli\u003eSoldering Iron\u003c/li\u003e\u003cli\u003eHookup Wire\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNice to have\u003c/p\u003e\u003cul\u003e\u003cli\u003e3.7v Lithium Battery - \u003ca href=\"https://www.adafruit.com/products/1603?q=lithium\u0026\"\u003elike these\u003c/a\u003e\u003c/li\u003e\u003cli\u003eBreadboard - \u003ca href=\"https://www.adafruit.com/products/64\"\u003ehalf size is just right\u003c/a\u003e\u003c/li\u003e\u003cli\u003eJumper Wires - \u003ca href=\"https://www.adafruit.com/products/1957\"\u003elike these\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eComputer\u003c/p\u003e\u003cul\u003e\u003cli\u003eArduino Software (with some extra libraries and examples, detailed below)\u003c/li\u003e\u003cli\u003eElasticsearch + Kibana\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor Elasticsearch and Kibana, you can setup an instance on \u003ca href=\"https://www.elastic.co/cloud/as-a-service\"\u003eElastic Cloud\u003c/a\u003e or you’ll need to share a network with your devices and use a local instance of both.\u003c/p\u003e\u003ch2\u003eHardware Build\u003c/h2\u003e\u003cp\u003eI recommend using a breadboard for most prototypes and temporary projects. The first step is to solder the header pins onto the board. Adafruit ships most of its modules without the pins soldered on. If you haven’t soldered before, there are lots of really good guides to getting started. SparkFun has \u003ca href=\"https://learn.sparkfun.com/tutorials/how-to-solder---through-hole-soldering\"\u003ea nice guide\u003c/a\u003e. If you’re getting really into it you should dig into the \u003ca href=\"http://workmanship.nasa.gov/lib/insp/2%20books/frameset.html\"\u003eNASA Workmanship Standards\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eA note on soldering and tools:\u003c/p\u003e\u003cp\u003eMost guides on how to solder are written by people who do it a lot. Like most other hobbies and professions, using good tools will make the job easier. It’s also expensive. All you really need to get started is an iron, solder, and something to cut and strip wires with. Get better tools as you need them. My \u003ca href=\"http://www.oaklandlibrary.org/locations/tool-lending-library/tool-list-lending-guidelines\"\u003elocal library will loan the tools\u003c/a\u003e, yours might too. You might also have a \u003ca href=\"https://wiki.hackerspaces.org/List_of_Hacker_Spaces\"\u003elocal hackerspace\u003c/a\u003e which may be able to assist with tools, equipment, and techniques.\u003c/p\u003e\u003cp\u003eMy first toolset, which got me through about 10 years of experimenting.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"blog-2-weather-station.jpg\" data-sys-asset-uid=\"blt9733f1e16e3536ab\" src=\"https://api.contentstack.io/v2/assets/57bb09cb1251899a28dc2012/download?uid=blt9733f1e16e3536ab\"/\u003e\u003c/p\u003e\u003cp\u003eThis sensor board uses SPI to communicate with the microcontroller. The ESP8266 has SPI support, so we hook up Data (SDA) and Clock (SCL) lines to the SDA and SCL lines of each board for communication.\u003c/p\u003e\u003cp\u003eWe also hook up the 3v and Ground (GND) lines to power sensor board. That’s it! 4 wires is all we need.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"blog-3-weather-station.jpg\" data-sys-asset-uid=\"blt040cf6db92ab8fcf\" src=\"https://api.contentstack.io/v2/assets/57bb09d21251899a28dc2018/download?uid=blt040cf6db92ab8fcf\"/\u003e\u003c/p\u003e\u003ch2\u003eArduino Software\u003c/h2\u003e\u003cp\u003eIf you haven’t already, download and install the Arduino IDE and ESP8266 Board Package. \u003ca href=\"https://learn.adafruit.com/adafruit-feather-huzzah-esp8266/using-arduino-ide\"\u003eFollow this guide if you need help\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eYou’ll also need to install the libraries below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://github.com/PaulStoffregen/Time\"\u003eNTP\u003c/a\u003e - NTP is the network time protocol, it’s how we get the clock day/time from the internet to generate timestamps.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/adafruit/Adafruit_Sensor\"\u003eAdafruit Unified Sensor Library\u003c/a\u003e \u003ca href=\"https://learn.adafruit.com/using-the-adafruit-unified-sensor-driver/introduction\"\u003e(More information)\u003c/a\u003e\u003c/li\u003e\u003cli\u003eAdafruit \u003ca href=\"https://github.com/adafruit/Adafruit_BMP085_Unified\"\u003eBMP085U\u003c/a\u003e Sensor Library (this also covers the BMP180 sensor we are using)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.arduino.cc/en/Guide/Libraries\"\u003eUse this guide\u003c/a\u003e if you need help installing Arduino Libraries.\u003c/p\u003e\u003cp\u003eHaving WiFi makes it very easy to publish directly to Elasticsearch via the HTTP interface. The only real challenge was getting the Arduino code to generate an Elasticsearch compatible timestamp. I think that we’ve got a clever and straight-forward solution, by combining the arduino `mils()` function with an NTP generated unix timestamp.\u003c/p\u003e\u003cp\u003eChange the SSID and password in the sketch below and you should be ready to start.\u003c/p\u003e\u003ch2\u003eConfiguring Elasticsearch\u003c/h2\u003e\u003cp\u003eBefore we start sending data we’re going to prime Elasticsearch to index the documents we’re sending. Make sure to check the Elasticsearch URL (my `response = requests.put` line) to match your Elasticsearch endpoint.\u003c/p\u003e\u003cp\u003eI’m using Python and the requests library, but you can use whatever tool you’re familiar with.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eimport requests\u003cbr /\u003eimport json\u003cbr /\u003edata = {\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"reading\": {\u003cbr /\u003e \"properties\": {\u003cbr /\u003e \"temperature\": {\"type\": \"float\"},\u003cbr /\u003e \"pressure\": {\"type\": \"float\"},\u003cbr /\u003e \"timestamp\": {\"type\": \"date\"},\u003cbr /\u003e },\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003eresponse = requests.put('http://localhost:9200/weather', data=json.dumps(data))\u003cbr /\u003etry:\u003cbr /\u003e assert response.status_code is 200\u003cbr /\u003eexcept AssertionError:\u003cbr /\u003e raise AssertionError(\"Your mapping was not created\", response)\u003cbr /\u003e# You could use this snippet to delete your old data if you have an error.\u003cbr /\u003e#response = requests.delete('http://localhost:9200/weather')\u003cbr /\u003e#try:\u003cbr /\u003e# assert response.status_code is 200\u003cbr /\u003e#except AssertionError:\u003cbr /\u003e# raise AssertionError(\"Your mapping was not deleted\", response)\u003cbr /\u003e\u003c/pre\u003e\u003ch2\u003eSending Data\u003c/h2\u003e\u003cp\u003eModify the \u003ca href=\"#sketch1\"\u003esketch\u003c/a\u003e as mentioned above, and upload it to your device. It should start sending data to your Elasticsearch instance. You can verify in the Serial Monitor under `Tools -\u0026gt; Serial Monitor`. Make sure that the baud rate is set to 115200.\u003c/p\u003e\u003ch2\u003eConfiguring Kibana\u003c/h2\u003e\u003cp\u003eOpen your Kibana instance, click “Settings” and add a new pattern. If you type “weather” into the index pattern, it should autofill the timestamp.\u003c/p\u003e\u003cp\u003eMine looks like this:\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"blog-4-weather-station.png\" data-sys-asset-uid=\"blt6055beb7b47ea60a\" src=\"https://api.contentstack.io/v2/assets/57bb09d81251899a28dc201f/download?uid=blt6055beb7b47ea60a\"/\u003e\u003c/p\u003e\u003cp\u003eOnce you create a new index, you can click `Visualize` to start making graphs.\u003c/p\u003e\u003cp\u003eHere’s one I created. Start with the settings I have in the screenshot and then experiment to find what you like.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"blog-5-weather-station.png\" data-sys-asset-uid=\"bltdcbcc5191d4eec35\" src=\"https://api.contentstack.io/v2/assets/57bb09de7791d1a8275e38f5/download?uid=bltdcbcc5191d4eec35\"/\u003e\u003c/p\u003e\u003cp\u003e\u003ca name=\"sketch1\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eArduino Code Listing\u003c/h2\u003e\u003cpre class=\"prettyprint\"\u003e /*\u003cbr /\u003e * Simple HTTP get webclient test\u003cbr /\u003e */\u003cbr /\u003e#include \u0026lt;ESP8266WiFi.h\u0026gt;\u003cbr /\u003e#include \u0026lt;Wire.h\u0026gt;\u003cbr /\u003e#include \u0026lt;Adafruit_Sensor.h\u0026gt;\u003cbr /\u003e#include \u0026lt;Adafruit_BMP085_U.h\u0026gt;\u003cbr /\u003e#include \u0026lt;TimeLib.h\u0026gt;\u003cbr /\u003e#include \u0026lt;WiFiUdp.h\u0026gt;\u003cbr /\u003eAdafruit_BMP085_Unified bmp = Adafruit_BMP085_Unified(10085);\u003cbr /\u003estatic const char ntpServerName[] = \"us.pool.ntp.org\"; \u003cbr /\u003e// Setup your wifi SSID and password here.\u003cbr /\u003econst char* ssid = \"CanIGetAWiFi\";\u003cbr /\u003econst char* password = \"n0youCan7\";\u003cbr /\u003econst int timeZone = 0; // UTC\u003cbr /\u003e// Variables needed for NTP\u003cbr /\u003e// Elasticsearch needs us to generate timestamps for the data in order to make date histograms in Kibana.\u003cbr /\u003eWiFiUDP Udp;\u003cbr /\u003eunsigned int localPort = 8888; // local port to listen for UDP packets\u003cbr /\u003etime_t getNtpTime();\u003cbr /\u003evoid printDigits(int digits);\u003cbr /\u003evoid sendNTPpacket(IPAddress \u0026amp;address);\u003cbr /\u003e// This is the IP address, or DNS name of my Elasticsearch instance.\u003cbr /\u003econst char* host = \"192.168.1.215\";\u003cbr /\u003econst int port = 9200;\u003cbr /\u003eint motion;\u003cbr /\u003e// Variables\u003cbr /\u003efloat temperature;\u003cbr /\u003eString timestamp;\u003cbr /\u003etime_t start_time;\u003cbr /\u003euint32_t t_ms;\u003cbr /\u003euint32_t start_mills;\u003cbr /\u003eString run_mills;\u003cbr /\u003eint milis_chars;\u003cbr /\u003evoid setup() {\u003cbr /\u003e Serial.begin(115200);\u003cbr /\u003e delay(100);\u003cbr /\u003e // We start by connecting to a WiFi network\u003cbr /\u003e Serial.println();\u003cbr /\u003e Serial.print(\"Connecting to \");\u003cbr /\u003e Serial.println(ssid);\u003cbr /\u003e WiFi.begin(ssid, password);\u003cbr /\u003e while (WiFi.status() != WL_CONNECTED) {\u003cbr /\u003e delay(500);\u003cbr /\u003e Serial.print(\".\");\u003cbr /\u003e }\u003cbr /\u003e Serial.println(\"\");\u003cbr /\u003e Serial.println(\"WiFi connected\"); \u003cbr /\u003e Serial.println(\"IP address: \");\u003cbr /\u003e Serial.println(WiFi.localIP());\u003cbr /\u003e Serial.println(\"Setting up NTP\");\u003cbr /\u003e Udp.begin(localPort);\u003cbr /\u003e Serial.print(\"Local port: \");\u003cbr /\u003e Serial.println(Udp.localPort());\u003cbr /\u003e Serial.println(\"waiting for sync\");\u003cbr /\u003e setSyncProvider(getNtpTime);\u003cbr /\u003e setSyncInterval(300);\u003cbr /\u003e start_time = now();\u003cbr /\u003e Serial.println(\"Pressure Sensor Test\"); Serial.println(\"\");\u003cbr /\u003e /* Initialise the sensor */\u003cbr /\u003e if(!bmp.begin())\u003cbr /\u003e {\u003cbr /\u003e /* There was a problem detecting the BMP085 ... check your connections */\u003cbr /\u003e Serial.print(\"Ooops, no BMP180 detected ... Check your wiring!\");\u003cbr /\u003e while(1);\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003evoid loop() { \u003cbr /\u003e // Measure pressure \u0026amp; temperature from BMP sensor\u003cbr /\u003e // Modified from https://learn.adafruit.com/bmp085/using-the-bmp085-api-v2\u003cbr /\u003e sensors_event_t event;\u003cbr /\u003e bmp.getEvent(\u0026amp;event);\u003cbr /\u003e float pressure = event.pressure;\u003cbr /\u003e float temperature;\u003cbr /\u003e bmp.getTemperature(\u0026amp;temperature);\u003cbr /\u003e // Use WiFiClient class to create TCP connections, connect to the Elasticsearch instance.\u003cbr /\u003e WiFiClient client;\u003cbr /\u003e if (!client.connect(host, port)) {\u003cbr /\u003e Serial.println(\"connection failed\");\u003cbr /\u003e return;\u003cbr /\u003e }\u003cbr /\u003e run_mills = String(millis());\u003cbr /\u003e milis_chars = run_mills.length();\u003cbr /\u003e // To generate a millisecond unix timestamp, we first get the second timestamp, and add to it, the last three characters of the arduino/relative millisecond timestamp\u003cbr /\u003e timestamp = String(now()) + run_mills.charAt(milis_chars-3) + run_mills.charAt(milis_chars-2) + run_mills.charAt(milis_chars-1);\u003cbr /\u003e // With such a simple document, we're just going to use a string to generate the JSON to send to Elasticsearch\u003cbr /\u003e String data = \"{pressure: \"+String(pressure)+\", temperature: \"+String(temperature)+\", timestamp: \"+ timestamp +\"}\";\u003cbr /\u003e // We can inspect the data being sent over the Serial line, in the Arduino IDE.\u003cbr /\u003e Serial.println(data);\u003cbr /\u003e // We now create a URI for the request\u003cbr /\u003e // This is the index of the Elasticsearch document we're creating\u003cbr /\u003e String url = \"/weather/reading\";\u003cbr /\u003e // \u003cbr /\u003e client.print(String(\"POST \") + url + \" HTTP/1.1\\r\\n\" +\u003cbr /\u003e // If you're using Shield, you'll need to generate an authentication header\u003cbr /\u003e \"Content-Length: \" + data.length() + \"\\r\\n\" +\u003cbr /\u003e \"\\r\\n\" + data);\u003cbr /\u003e // We need this delay in here to give the WiFi Time\u003cbr /\u003e delay(50);\u003cbr /\u003e // Read all the lines of the reply from server and print them to Serial\u003cbr /\u003e while(client.available()){\u003cbr /\u003e String line = client.readStringUntil('\\r');\u003cbr /\u003e Serial.print(line);\u003cbr /\u003e }\u003cbr /\u003e Serial.println();\u003cbr /\u003e}\u003cbr /\u003e/* Copied from https://github.com/PaulStoffregen/Time/blob/master/examples/TimeNTP_ESP8266WiFi/TimeNTP_ESP8266WiFi.ino#L99 */\u003cbr /\u003e/*-------- NTP code ----------*/\u003cbr /\u003econst int NTP_PACKET_SIZE = 48; // NTP time is in the first 48 bytes of message\u003cbr /\u003ebyte packetBuffer[NTP_PACKET_SIZE]; //buffer to hold incoming \u0026amp; outgoing packets\u003cbr /\u003etime_t getNtpTime()\u003cbr /\u003e{\u003cbr /\u003e IPAddress ntpServerIP; // NTP server's ip address\u003cbr /\u003e while (Udp.parsePacket() \u0026gt; 0) ; // discard any previously received packets\u003cbr /\u003e Serial.println(\"Transmit NTP Request\");\u003cbr /\u003e // get a random server from the pool\u003cbr /\u003e WiFi.hostByName(ntpServerName, ntpServerIP);\u003cbr /\u003e Serial.print(ntpServerName);\u003cbr /\u003e Serial.print(\": \");\u003cbr /\u003e Serial.println(ntpServerIP);\u003cbr /\u003e sendNTPpacket(ntpServerIP);\u003cbr /\u003e uint32_t beginWait = millis();\u003cbr /\u003e while (millis() - beginWait \u0026lt; 1500) {\u003cbr /\u003e int size = Udp.parsePacket();\u003cbr /\u003e if (size \u0026gt;= NTP_PACKET_SIZE) {\u003cbr /\u003e Serial.println(\"Receive NTP Response\");\u003cbr /\u003e Udp.read(packetBuffer, NTP_PACKET_SIZE); // read packet into the buffer\u003cbr /\u003e unsigned long secsSince1900;\u003cbr /\u003e // convert four bytes starting at location 40 to a long integer\u003cbr /\u003e secsSince1900 = (unsigned long)packetBuffer[40] \u0026lt;\u0026lt; 24;\u003cbr /\u003e secsSince1900 |= (unsigned long)packetBuffer[41] \u0026lt;\u0026lt; 16;\u003cbr /\u003e secsSince1900 |= (unsigned long)packetBuffer[42] \u0026lt;\u0026lt; 8;\u003cbr /\u003e secsSince1900 |= (unsigned long)packetBuffer[43];\u003cbr /\u003e return secsSince1900 - 2208988800UL + timeZone * SECS_PER_HOUR;\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e Serial.println(\"No NTP Response :-(\");\u003cbr /\u003e return 0; // return 0 if unable to get the time\u003cbr /\u003e}\u003cbr /\u003e// send an NTP request to the time server at the given address\u003cbr /\u003evoid sendNTPpacket(IPAddress \u0026amp;address)\u003cbr /\u003e{\u003cbr /\u003e // set all bytes in the buffer to 0\u003cbr /\u003e memset(packetBuffer, 0, NTP_PACKET_SIZE);\u003cbr /\u003e // Initialize values needed to form NTP request\u003cbr /\u003e // (see URL above for details on the packets)\u003cbr /\u003e packetBuffer[0] = 0b11100011; // LI, Version, Mode\u003cbr /\u003e packetBuffer[1] = 0; // Stratum, or type of clock\u003cbr /\u003e packetBuffer[2] = 6; // Polling Interval\u003cbr /\u003e packetBuffer[3] = 0xEC; // Peer Clock Precision\u003cbr /\u003e // 8 bytes of zero for Root Delay \u0026amp; Root Dispersion\u003cbr /\u003e packetBuffer[12] = 49;\u003cbr /\u003e packetBuffer[13] = 0x4E;\u003cbr /\u003e packetBuffer[14] = 49;\u003cbr /\u003e packetBuffer[15] = 52;\u003cbr /\u003e // all NTP fields have been given values, now\u003cbr /\u003e // you can send a packet requesting a timestamp:\u003cbr /\u003e Udp.beginPacket(address, 123); //NTP requests are to port 123\u003cbr /\u003e Udp.write(packetBuffer, NTP_PACKET_SIZE);\u003cbr /\u003e Udp.endPacket();\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cimg alt=\"blog-6-weather-station.jpg\" data-sys-asset-uid=\"bltcfb2a4739572e401\" src=\"https://api.contentstack.io/v2/assets/57bb09e71251899a28dc202f/download?uid=bltcfb2a4739572e401\"/\u003e\u003c/p\u003e\u003cp\u003eIt turned out that the temperature alone wasn’t enough to dissuade my friend that I’ve been spending too much time inside the house. That being said, setting up this experiment couldn’t have been easier and I’m really looking forward to using WiFi-enabled microcontrollers to send readings to Elasticsearch for further experiments.\u003c/p\u003e\u003cp\u003eI also got this sweet live gif of myself with a hair dryer and a popsicle on this temperature sensor, so there’s that.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"blog-7-weather-station.gif\" data-sys-asset-uid=\"bltb7b317058e3f4f13\" src=\"https://api.contentstack.io/v2/assets/57bb0a771251899a28dc2049/download?uid=bltb7b317058e3f4f13\"/\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/issackelly\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://twitter.com/issackelly\"\u003eIssac Kelly\u003c/a\u003e is an Engineer and Designer in Oakland, CA.\u003c/p\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2019-04-01T13:40:01.214Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt57d8676269e9a5a6","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T10:27:35.705Z","updated_at":"2018-10-10T10:27:35.705Z","content_type":"image/png","file_size":"202128","filename":"blog-hero-weather-station.png","title":"blog-hero-weather-station.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:58:01.776Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt57d8676269e9a5a6/5bbdd417bb1e335136d9ec2e/blog-hero-weather-station.png"},"markdown_l10n":"","publish_date":"2016-08-25T13:53:34.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"An Arduino-Based Home Weather Station Built with Arduino, Elasticsearch, and Kibana","seo_description_l10n":"I wanted to visualize the weather outside. So I built a way to do it using some hobby hardware, Elasticsearch, and Kibana.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8d9878a192a994c7","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T10:27:38.411Z","updated_at":"2018-10-10T10:27:38.411Z","content_type":"image/png","file_size":"100314","filename":"blog-thumbnail-weather-station.png","title":"blog-thumbnail-weather-station.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:58:01.776Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d9878a192a994c7/5bbdd41a117bd0dc7fcc606c/blog-thumbnail-weather-station.png"},"title":"An Arduino-Based Home Weather Station on the Elastic Stack","title_l10n":"An Arduino-Based Home Weather Station on the Elastic Stack","updated_at":"2025-03-10T10:51:44.265Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/arduino-based-home-weather-station-on-the-elastic-stack","publish_details":{"time":"2025-03-10T10:51:49.501Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt53538aa46a21e49d","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic{ON}Tour was a sell-out Elastic user conference held in Munich on Nov 10, 2015. This year Elastic raised €16K to support Django Girls awesome programs.","author":["bltbf7b8e4eaf437b73"],"body_l10n":"\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4cf60342dfd738264356/download?uid=blta07409776f340069?uid=blta07409776f340069\" data-sys-asset-uid=\"bltb9dccc8472d13e3c\" alt=\"Djangogirls.png\" width=\"129\" height=\"129\" style=\"width: 129;height: 129;float: right;margin: 0 0 20px 20px;text-align: right;\"/\u003e\u003ca href=\"https://djangogirls.org/\" target=\"_blank\"\u003eDjango Girls\u003c/a\u003e is a non-profit organization that empowers and helps women to organize free, one-day programming workshops by providing tools, resources and support. It was born in Berlin in July 2014 and started by two Olas:\u0026nbsp;\u003ca href=\"http://twitter.com/olasitarska\" target=\"_blank\"\u003eSitarska\u003c/a\u003e\u0026nbsp;and\u0026nbsp;\u003ca href=\"http://twitter.com/asendecka\" target=\"_blank\"\u003eSendecka\u003c/a\u003e. Today, Django Girls is a volunteer run organization with hundreds of people contributing to bring more women into the Python \u0026amp; Django communities.\u003c/p\u003e\u003cp\u003eThis summer, Django Girls celebrated its \u003ca href=\"http://love.djangogirls.org/\" target=\"_blank\"\u003efirst year anniversary\u003c/a\u003e: nearly one hundred event have happened since its inception. Growing that quickly has been amazing but also a bit scary: to make it more sustainable, the support team decided to recruit someone to help them. I was lucky enough to be selected and I started working for Django Girls in September.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOne of the perks of being the Django Girls Awesomeness Ambassador is receiving cool emails. Some of these emails include those from future organizers really excited about their workshops, as well as from attendees and coaches who just want to say thank you. When we received an email from \u003ca href=\"https://www.elastic.co/\" target=\"_blank\"\u003eElastic\u003c/a\u003e expressing interest in supporting the Django Girls mission, I was only starting the job and I have to say, I was as excited as our organizers: sponsorship for Django Girls and going to Munich to run a booth, count me in! I started to prepare a booth, think about what to say to people and what swag to bring with me. A few days before going to Munich, we received another email from Elastic saying they managed to raise almost\u0026nbsp;15,000 € for us (see slide below from the event presentation. I went to Munich still not believing that all this money was for us! “Of course it is!”, said Livia, my contact from Elastic and she asked me what we planned to do with it.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4cf658208ba076e2921d/download?uid=bltd9c90d33e4b36832?uid=bltd9c90d33e4b36832\" data-sys-asset-uid=\"blt7f9baad69197d864\" alt=\"Munich Tour.jpg\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eFig. 1 Impression from the main stage at Elastic{ON} Tour Munich\u003c/em\u003e\u003c/p\u003e\u003cp\u003eI'm especially excited, because thanks to the Elastic sponsorship my future as a Awesomeness Ambassador is secured: currently, most of the money Django Girls Foundation receives covers my role in the organization. My job is to make the life of the \u003ca href=\"https://github.com/DjangoGirls/wiki/blob/master/general/people.md\" target=\"_blank\"\u003esupport team\u003c/a\u003e easier so they can work on other projects: a \u003ca href=\"http://yaypython.com/\" target=\"_blank\"\u003eprogramming book\u003c/a\u003e, cool \u003ca href=\"https://www.youtube.com/channel/UC0hNd2uW8jTR5K3KBzRuG2A\" target=\"_blank\"\u003evideos for people who can’t attend our workshop\u003c/a\u003e, etc. My main job is to stay on top of the Django Girls inbox and make sure that anyone who asks for help will be answered swiftly with the necessary support, especially making sure everyone is happy and that planned events are happening as scheduled. I also help maintain our website and resources: our \u003ca href=\"http://tutorial.djangogirls.org\" target=\"_blank\"\u003etutorial\u003c/a\u003e and its translations, \u003ca href=\"https://djangogirls.org/resources/\" target=\"_blank\"\u003edocumentations\u003c/a\u003e, \u003ca href=\"https://github.com/DjangoGirls/resources\" target=\"_blank\"\u003eposters and swag\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOn top of securing the existence of the Awesomeness Ambassador position, we also plan to use this money on two cool initiatives. The first one is sending swag boxes to organizers full of stickers, buttons and tattoos - it will be our “Django Girls Organizer Starter Kit”. If you haven’t heard about us already, you have to look at \u003ca href=\"https://www.flickr.com/photos/djangogirls/\" target=\"_blank\"\u003epictures\u003c/a\u003e of our events: we want a positive learning atmosphere and all these little details contribute to it.\u003c/p\u003e\u003cp\u003eThe second initiative is working on the inaugural Django Girls Summit! Yes, the Summit! We are extremely excited about this plan. We want to organize a two day unconference where organizers could meet and share their experiences about \u0026nbsp;Django Girls workshops: what was hard, how they handled problems, how they find sponsors and so on and so on. We imagine it as a place where people who are making Django Girls what it is now could meet in person and learn from each other. We are really excited about this and can’t wait to start planning it!\u003c/p\u003e\u003cp\u003eThank you again Elastic for the visibility you’ve gave to our organization, for the booth at Munich and for this awesome sponsorship. You have been with us from almost the very beginning, supporting us on many different levels: as mentors, supporters and sponsors. Thank you for being awesome!\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp style=\"text-align: right;\"\u003e\u003cem\u003eLucie Daeye, is the Django Girls Awesomess Ambassador since September 2015 and organizer of Pyladies Paris. She was doing a PhD in Geography and Korean studies when decided to switch career to become a developer.\u003c/em\u003e\u003c/p\u003e\u003cp style=\"text-align: right;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cem \u003e\u003cbr italic=\"[object Object]\"/\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cem \u003e\u003cbr italic=\"[object Object]\"/\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe original blog post has been published a few days ago\u0026nbsp;\u003c/em\u003e\u003ca href=\"http://blog.djangogirls.org/post/135185350903/meet-our-new-sponsor-elastic\" target=\"_blank\"\u003e\u003cem\u003ehere\u003c/em\u003e\u003c/a\u003e\u003cem\u003e.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:32:02.903Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","publish_date":"2015-12-15T14:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Django Girls review of Elastic{ON} Tour Munich","seo_description_l10n":"Elastic{ON}Tour was a sell-out Elastic user conference held in Munich on Nov 10, 2015. This year Elastic raised €16K to support Django Girls awesome programs. Read their review here.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt796d7e3e5965fd1b","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T11:20:53.918Z","updated_at":"2018-10-09T11:20:53.918Z","content_type":"image/png","file_size":"38195","filename":"logo-django-girls-720x420.png","title":"logo-django-girls-720x420.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:15:09.002Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt796d7e3e5965fd1b/5bbc8f15c863b8e614126a29/logo-django-girls-720x420.png"},"title":"Django Girls review of Elastic{ON} Tour Munich","title_l10n":"Django Girls review of Elastic{ON} Tour Munich","updated_at":"2025-03-10T10:43:21.392Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/django-girls-review-of-elasticon-tour-munich","publish_details":{"time":"2025-03-10T10:43:25.442Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt314e43bf8d382077","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt619a4d5c39ed775a"],"body_l10n":"\u003cp\u003eGaining actionable insights from continuously produced data in real-time is a common requirement for many businesses today. A wide-spread use case for real-time data processing is dashboarding. A typical architecture to support such a use case is based on a data stream processor, a data store with low latency read/write access, and a visualization framework.\u003c/p\u003e\u003cp class=\"normal\"\u003eIn this blog post, we demonstrate how to build a real-time dashboard solution for stream data analytics using Apache Flink, Elasticsearch, and Kibana. The following figure depicts our system architecture.\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4ced43e9adc538714ad1/download?uid=bltae1ce211c170912e?uid=bltae1ce211c170912e\" data-sys-asset-uid=\"blt7e4ec8c4f4708211\" alt=\"Real-time-dashboard-for-stream-data analytics.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eIn our architecture, Apache Flink executes stream analysis jobs that ingest a data stream, apply transformations to analyze, transform, and model the data in motion, and write their results to an Elasticsearch index. Kibana connects to the index and queries it for data to visualize. All components of our architecture are open source systems under the Apache License 2.0. We show how to implement a Flink DataStream program that analyzes a stream of taxi ride events and writes its results to Elasticsearch and give instructions on how to connect and configure Kibana to visualize the analyzed data in real-time.\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eWhy use Apache Flink for stream processing?\u003c/h2\u003e\u003cp class=\"normal\"\u003eBefore we dive into the details of implementing our demo application, we discuss some of the features that make Apache Flink an outstanding stream processor. Apache Flink 0.10, which was recently released, comes with a competitive set of stream processing features, some of which are unique in the open source domain.\u0026nbsp;The most important ones are:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eSupport for event time and out of order streams: \u003c/strong\u003eIn reality, streams of events rarely arrive in the order that they are produced, especially streams from distributed systems and devices. Until now, it was up to the application programmer to correct this “time drift”, or simply ignore it and accept inaccurate results, as streaming systems (at least in the open source world) had no support for \u003cem\u003eevent time\u003c/em\u003e (i.e., processing events by the time they happened in the real world). Flink 0.10 is the first open source engine that supports out of order streams and which is able to consistently process events according to their timestamps.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eExpressive and easy-to-use APIs in Scala and Java: \u003c/strong\u003eFlink's DataStream API ports many operators which are well known from batch processing APIs such as map, reduce, and join to the streaming world. In addition, it provides stream-specific operations such as window, split, and connect. First-class support for user-defined functions eases the implementation of custom application behavior. The DataStream API is available in Scala and Java.\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003e\u003cstrong\u003eSupport for sessions and unaligned windows:\u003c/strong\u003e Most streaming systems have some concept of \u003cem\u003ewindowing\u003c/em\u003e, i.e., a grouping of events based on some function of time. Unfortunately, in many systems these windows are hard-coded and connected with the system’s internal checkpointing mechanism. Flink is the first open source streaming engine that completely decouples windowing from fault tolerance, allowing for richer forms of windows, such as sessions.\u003cspan\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eConsistency, fault tolerance, and high availability: \u003c/strong\u003eFlink guarantees consistent state updates in the presence of failures (often called “exactly-once processing”), and consistent data movement between selected sources and sinks (e.g., consistent data movement between Kafka and HDFS). Flink also supports worker and master failover, eliminating any single point of failure.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003e\u003cstrong\u003eLow latency and high throughput:\u003c/strong\u003e We have clocked Flink at \u003ca href=\"http://data-artisans.com/high-throughput-low-latency-and-exactly-once-stream-processing-with-apache-flink/\" target=\"_blank\"\u003e1.5 million events per second per core\u003c/a\u003e, and have also observed latencies in the \u003ca href=\"http://data-artisans.com/high-throughput-low-latency-and-exactly-once-stream-processing-with-apache-flink/\" target=\"_blank\"\u003e25 millisecond range\u003c/a\u003e for jobs that include network data shuffling. Using a tuning knob, Flink users can navigate the latency-throughput trade off, making the system suitable for both high-throughput data ingestion and transformations, as well as ultra low latency (millisecond range) applications.\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003e\u003cstrong\u003eConnectors and integration points:\u003c/strong\u003e Flink integrates with a wide variety of open source systems for data input and output (e.g., HDFS, Kafka, Elasticsearch, HBase, and others), deployment (e.g., YARN), as well as acting as an execution engine for other frameworks (e.g., Cascading, Google Cloud Dataflow). The Flink project itself comes bundled with a Hadoop MapReduce compatibility layer, a Storm compatibility layer, as well as libraries for machine learning and graph processing.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDeveloper productivity and operational simplicity: \u003c/strong\u003eFlink runs in a variety of environments. Local execution within an IDE significantly eases development and debugging of Flink applications. In distributed setups, Flink runs at massive scale-out. The YARN mode allows users to bring up Flink clusters in a matter of seconds. Flink serves monitoring metrics of jobs and the system as a whole via a well-defined REST interface. A build-in web dashboard displays these metrics and makes monitoring of Flink very convenient.\u003cspan\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp class=\"normal\"\u003eThe combination of these features makes Apache Flink a unique choice for many stream processing applications.\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eBuilding a demo application with Flink, Elasticsearch, and Kibana\u003c/h2\u003e\u003cp class=\"normal\"\u003eOur demo ingests a stream of taxi ride events and identifies places that are popular within a certain period of time, i.e., we compute every 5 minutes the number of passengers that arrived at each location within the last 15 minutes by taxi. This kind of computation is known as a sliding window operation. We share a \u003ca href=\"https://github.com/dataArtisans/flink-streaming-demo/blob/master/src/main/scala/com/dataartisans/flink_demo/examples/SlidingArrivalCount.scala\" target=\"_blank\"\u003eScala implementation\u003c/a\u003e of this application (among others) on \u003ca href=\"https://github.com/dataArtisans/flink-streaming-demo\" target=\"_blank\"\u003eGithub\u003c/a\u003e. You can easily run the application from your IDE by cloning the repository and importing the code. The \u003ca href=\"https://github.com/dataArtisans/flink-streaming-demo\" target=\"_blank\"\u003erepository's README\u003c/a\u003e file provides more detailed instructions.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eAnalyze the taxi ride event stream with Apache Flink\u003c/h2\u003e\u003cp class=\"normal\"\u003eFor the demo application, we generate a stream of taxi ride events from a\u003ca href=\"http://www.nyc.gov/html/tlc/html/about/trip_record_data.shtml\"\u003e\u003cbr /\u003e\u003c/a\u003e\u003ca href=\"http://www.nyc.gov/html/tlc/html/about/trip_record_data.shtml\" target=\"_blank\"\u003epublic dataset of the New York City Taxi and LimousineCommission\u003c/a\u003e (TLC). The data set consists of records about taxi trips in New York City from 2009 to 2015. We took some of this data and converted it into a data set of taxi ride events by splitting each trip record into a ride start and a ride end event. The events have the following schema:\u0026nbsp;\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003erideId: Long\u003cbr /\u003etime: DateTime // start or end time\u003cbr /\u003eisStart: Boolean // true = ride start, false = ride end\u003cbr /\u003elocation: GeoPoint // lon/lat of pick-up or drop-off location\u003cbr /\u003epassengerCnt: short\u003cbr /\u003etravelDist: float // -1 on start events\u003cbr /\u003e\u003c/pre\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003eWe implemented a custom SourceFunction to serve a DataStream[TaxiRide] from the ride event data set. In order to generate the stream as realistically as possible, events are emitted by their timestamps. Two events that occurred ten minutes after each other in reality are ingested by Flink with a ten minute lag. A speed-up factor can be specified to “fast-forward” the stream, i.e., with a speed-up factor of 2.0, these events are served five minutes apart. Moreover,\u0026nbsp;the source function adds a configurable random delay to each event to simulate the real-world jitter. Given this stream of taxi ride events, our task is to compute every five minutes the number of passengers that arrived within the last 15 minutes at locations in New York City by taxi.\u003c/p\u003e\u003cp class=\"normal\"\u003eAs a first step we obtain a StreamExecutionEnvironment and set the TimeCharacteristic to EventTime. Event time mode guarantees consistent results even in case of historic data or data which is delivered out-of-order.\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003eval env = StreamExecutionEnvironment.getExecutionEnvironment\u003cbr /\u003eenv.setStreamTimeCharacteristic(TimeCharacteristic.EventTime)\u003cbr /\u003e\u003c/pre\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003eNext, we define the data source that generates a DataStream[TaxiRide] with at most 60 seconds serving delay (events are out of order by max. 1 minute) and a speed-up factor of 600 (10 minutes are served in 1 second).\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003e// Define the data source\u003cbr /\u003eval rides: DataStream[TaxiRide] = env.addSource(new TaxiRideSource(\u003cbr /\u003e “./data/nycTaxiData.gz”, 60, 600.0f))\u003cbr /\u003e\u003c/pre\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003eSince we are only interested in locations that people travel to (and not where they come from) and because the original data is a little bit messy (locations are not always correctly specified), we apply a few filters to first cleanse the data.\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003eval cleansedRides = rides\u003cbr /\u003e // filter for ride end events\u003cbr /\u003e .filter( !_.isStart )\u003cbr /\u003e // filter for events in NYC\u003cbr /\u003e .filter( r =\u0026gt; NycGeoUtils.isInNYC(r.location) )\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003eThe location of a taxi ride event is defined as a pair of continuous longitude/latitude values. We need to map them into a finite set of regions in order to be able to aggregate events by location. We do this by defining a grid of approx. 100x100 meter cells on the area of New York City. We use a utility function to map event locations to cell ids and extract the passenger count as follows:\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003e// map location coordinates to cell Id, timestamp, and passenger count\u003cbr /\u003eval cellIds: DataStream[(Int, Long, Short)] = cleansedRides\u003cbr /\u003e .map { r =\u0026gt;\u003cbr /\u003e ( NycGeoUtils.mapToGridCell(r.location), r.time.getMillis, r.passengerCnt )\u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003eAfter these preparation steps, we have the data that we would like to aggregate. Since we want to compute the passenger count for each location (cell id), we start by keying (partitioning by key) the stream by cell id (_._1). Subsequently, we define a sliding time window and run a \u0026lt;code\u0026gt;WindowFunction\u0026lt;/code\u0026gt;; by calling apply():\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003eval passengerCnts: DataStream[(Int, Long, Int)] = cellIds\u003cbr /\u003e // key stream by cell Id\u003cbr /\u003e .keyBy(_._1)\u003cbr /\u003e // define sliding window on keyed stream\u003cbr /\u003e .timeWindow(Time.minutes(15), Time.minutes(5))\u003cbr /\u003e // count events in window\u003cbr /\u003e .apply { (\u003cbr /\u003e cell: Int,\u003cbr /\u003e window: TimeWindow,\u003cbr /\u003e events: Iterable[(Int, Short)],\u003cbr /\u003e out: Collector[(Int, Long, Int)]) =\u0026gt;\u003cbr /\u003e out.collect( ( cell, window.getEnd, events.map( _._2 ).sum ) )\u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003eThe timeWindow()\u0026nbsp;operation groups stream events into finite sets of records on which\u0026nbsp;a window or aggregation function can be applied. For our application, we call apply() to process the windows using a WindowFunction. The WindowFunction\u0026nbsp;receives four parameters, a Tuple that contains the key of the window, a Window object that contains details such as the start and end time of the window, an Iterable\u0026nbsp;over all elements in the window, and a Collector to collect the records emitted by the WindowFunction. We want to count the number of passengers that arrive within the window’s time bounds. Therefore, we have to emit a single record that contains the grid cell id, the end time of the window, and the sum of the passenger counts which is computed by extracting the individual passenger counts from the iterable (events.map( _._2)) and summing them (.sum).\u0026nbsp;\u003cbr /\u003eFinally, we translate the cell id back into a GeoPoint (referring to the center of the cell) and print the result stream to the standard output. The final env.execute() call takes care of submitting the program for execution.\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003eval cntByLocation: DataStream[(Int, Long, GeoPoint, Int)] = passengerCnts \u003cbr /\u003e// map cell Id back to GeoPoint\u003cbr /\u003e.map( r =\u0026gt; (r._1, r._2, NycGeoUtils.getGridCellCenter(r._1), r._3 ) )\u003cbr /\u003ecntByLocation\u003cbr /\u003e// print to console\u003cbr /\u003e.print()\u003cbr /\u003eenv.execute(“Total passenger count per location”)\u003cbr /\u003e\u003c/pre\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003eIf you followed the \u003ca href=\"https://github.com/dataartisans/flink-streaming-demo\" target=\"_blank\"\u003einstructions to import the demo code\u003c/a\u003e into your IDE, you can run the \u003ca href=\"https://github.com/dataArtisans/flink-streaming-demo/blob/master/src/main/scala/com/dataartisans/flink_demo/examples/SlidingArrivalCount.scala\" target=\"_blank\"\u003eSlidingArrivalCount.scala\u003c/a\u003e program by executing its main() methods. You will see Flink’s log messages and the computed results being printed to the standard output.\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eYou might wonder why the the program produces results much faster than once every five minutes per location. This is due to the event time processing mode. Since all time-based operations (such as windows) are based on the timestamps of the events, the program becomes independent of the speed at which the data is served. This also means that you can process historic data which is read at full speed from some data store and data which is continuously produced with exactly the same program.\u003c/p\u003e\u003cp class=\"normal\"\u003eOur streaming program will run for a few minutes until the packaged data set is completely processed but you can terminate it at any time. As a next step, we show how to write the result stream into an Elasticsearch index.\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003ePrepare the Elasticsearch\u003c/h2\u003e\u003cp class=\"normal\" style=\"line-height: 22.4px;color: rgb(57, 57, 57);font-family: Arial, Helvetica, Verdana, Tahoma, sans-serif;font-weight: normal;\"\u003e\u003co:p\u003eT\u003c/o:p\u003ehe Flink Elasticsearch connector depends on Elasticsearch 1.7.3. Follow these steps to setup Elasticsearch and to create an index.\u0026nbsp;\u003c/p\u003e\u003col\u003e\u003cli\u003eDownload Elasticsearch 1.7.3 as .tar (or .zip) archive \u003ca href=\"https://www.elastic.co/downloads/past-releases/elasticsearch-1-7-3\" target=\"_blank\"\u003ehere\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eExtract the archive file:\u003cbr /\u003etar xvfz elasticsearch-1.7.3.tar.gz\u003cbr /\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003e\u003c/span\u003eEnter the extracted directory and start Elasticsearch\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003ecd elasticsearch-1.7.3\u003cbr /\u003e./bin/elasticsearch\u003cbr /\u003e\u003c/pre\u003e\u003c/li\u003e\u003cli\u003eCreate an index called “nyc-idx”: \u0026nbsp;\u003cbr /\u003ecurl -XPUT \"http://localhost:9200/nyc-idx\"\u003c/li\u003e\u003cli\u003eCreate an index mapping called “popular-locations”:\u0026nbsp;\u003cpre class=\"prettyprint\" style=\"font-size: 12.6px;\"\u003ecurl -XPUT \"http://localhost:9200/nyc-idx/_mapping/popular-locations\" -d'\u003cbr /\u003e{\u003cbr /\u003e \"popular-locations\" : {\u003cbr /\u003e \"properties\" : {\u003cbr /\u003e \"cnt\": {\"type\": \"integer\"},\u003cbr /\u003e \"location\": {\"type\": \"geo_point\"},\u003cbr /\u003e \"time\": {\"type\": \"date\"}\u003cbr /\u003e }\u003cbr /\u003e } \u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp class=\"normal\"\u003eThe \u003ca href=\"https://github.com/dataArtisans/flink-streaming-demo/blob/master/src/main/scala/com/dataartisans/flink_demo/examples/SlidingArrivalCount.scala\" target=\"_blank\"\u003eSlidingArrivalCount.scala\u003c/a\u003e program is prepared to write data to the Elasticsearch index you just created but requires a few parameters to be set at the beginning of the main() function. Please set the parameters as follows:\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eval writeToElasticsearch = true \u003cbr /\u003eval elasticsearchHost = // look up the IP address in the Elasticsearch logs\u003cbr /\u003eval elasticsearchPort = 9300\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eNow, everything is set up to fill our index with data. When you run the program by executing the main() method again, the program will write the resulting stream to the standard output as before but also insert the records into the nyc-idx Elasticsearch index.\u003c/p\u003e\u003cp\u003eIf you later want to clear the nyc-idx index, you can simply drop the mapping by running\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ecurl -XDELETE 'http://localhost:9200/nyc-idx/popular-locations'\u003cbr /\u003e\u003c/pre\u003e\u003cp class=\"normal\"\u003eand create the mapping again with the previous command.\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eVisualizing the results with Kibana\u003c/h2\u003e\u003cp class=\"normal\"\u003eIn order to visualize the data that is inserted into Elasticsearch, we install Kibana 4.1.3 which is compatible with Elasticsearch 1.7.3. The setup is basically the same as for Elasticsearch.\u003c/p\u003e\u003cp class=\"normalCxSpMiddle\" style=\"margin-left: 36.0pt;mso-add-space: auto;text-indent: -18.0pt;mso-list: l0 level1 lfo1;\"\u003e1.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Download Kibana 4.1.3 for your environment \u003ca href=\"https://www.elastic.co/downloads/past-releases/kibana-4-1-3\" target=\"_blank\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp class=\"normalCxSpMiddle\" style=\"margin-left: 36.0pt;mso-add-space: auto;text-indent: -18.0pt;mso-list: l0 level1 lfo1;\"\u003e2.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Extract the archive file.\u003c/p\u003e\u003cp class=\"normalCxSpMiddle\" style=\"margin-left: 36.0pt;mso-add-space: auto;text-indent: -18.0pt;mso-list: l0 level1 lfo1;\"\u003e3.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Enter the extracted folder and start Kibana by running the start script: ./bin/kibana\u003c/p\u003e\u003cp class=\"normalCxSpMiddle\" style=\"margin-left: 36.0pt;mso-add-space: auto;text-indent: -18.0pt;mso-list: l0 level1 lfo1;\"\u003e4.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Open \u003ca href=\"http://localhost:5601\" target=\"_blank\"\u003ehttp://localhost:5601\u003c/a\u003e in your browser to access Kibana.\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eNext we need to configure an index pattern. Enter the index name “nyc-idx” and click on “Create”. Do not uncheck the “Index contains time-based events” option. Now, Kibana knows about our index and we can start to visualize our data.\u003cbr /\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eFirst click on the “Discover” button at the top of the page. You will find that Kibana tells you “No results found”.\u003cbr /\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eThis is because Kibana restricts time-based events by default to the last 15 minutes. Since our taxi ride data stream starts on January, 1st 2013, we need to adapt the time range that is considered by Kibana. This is done by clicking on the label “Last 15 Minutes” in the top right corner and entering an absolute time range starting at 2013-01-01 and ending at 2013-01-06.\u003cbr /\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eWe have told Kibana where our data is and the valid time range and can continue to visualize the data. For example we can visualize the arrival counts on a map. Click on the “Visualize” button at the top of the page, select “Tile map”, and click on “From a new search”.\u003cbr /\u003eSee the following screenshot for the tile map\u0026nbsp;\u003cspan style=\"0: 0;1: :;2: ;3: l;4: ;;5: 1;6: :;7: ;8: i;9: ;;10: 2;11: :;12: ;13: n;14: ;;15: 3;16: :;17: ;18: e;19: ;;20: 4;21: :;22: ;23: -;24: ;;25: 5;26: :;27: ;28: h;29: ;;30: 6;31: :;32: ;33: e;34: ;;35: 7;36: :;37: ;38: i;39: ;;40: 8;41: :;42: ;43: g;44: ;;45: 9;46: :;47: ;48: h;49: ;;50: 1;51: 0;52: :;53: ;54: t;55: ;;56: 1;57: 1;58: :;59: ;60: :;61: ;;62: 1;63: 2;64: :;65: ;66: ;67: ;;68: 1;69: 3;70: :;71: ;72: 2;73: ;;74: 1;75: 4;76: :;77: ;78: 2;79: ;;80: 1;81: 5;82: :;83: ;84: .;85: ;;86: 1;87: 6;88: :;89: ;90: 4;91: ;;92: 1;93: 7;94: :;95: ;96: p;97: ;;98: 1;99: 8;100: :;101: ;102: x;103: ;;104: 1;105: 9;106: :;107: ;108: ;;109: ;;\"\u003econfiguration (left-hand side).\u003cbr /\u003e\u003cbr /\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4cedd8edd48f76936e3f/download?uid=bltf1f62db73d923fd0?uid=bltf1f62db73d923fd0\" data-sys-asset-uid=\"blted7add5609e867dc\" alt=\"Kibana-map-configuration.png\" style=\"max-width: 100%;\"/\u003e\u0026nbsp;\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003eAnother interesting visualization is to plot the number of arriving passengers over time. Click on “Visualize” at the top, select “Vertical bar chart”, and select “From a new search”. Again, have a look at the following screenshot for an example for how to configure the chart.\u003cbr /\u003e\u003cbr /\u003e\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4ced58208ba076e290cf/download?uid=blt6c4b8b02175e1150?uid=blt6c4b8b02175e1150\" data-sys-asset-uid=\"blt10c054ec93365faa\" alt=\"Kibana-verticl-bar-chart.png\" style=\"max-width: 100%;\"/\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003cbr /\u003eKibana offers many more chart types and visualization options which are out of the scope of this post. You can easily play around with this setup, explore Kibana’s features, and implement your own Flink DataStream programs to analyze taxi rides in New York City.\u003cbr /\u003e\u003cbr /\u003e\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003ch2\u003e\u003ca name=\"h.sk7gnkn852yk\"\u003e\u003cbr /\u003e\u003c/a\u003eWe’re done and hope you had some fun\u003c/h2\u003e\u003cp class=\"normal\"\u003eIn this blog post we demonstrated how to build a real-time dashboard application with Apache Flink, Elasticsearch, and Kibana. By supporting event-time processing, Apache Flink is able to produce meaningful and consistent results even for historic data or in environments where events arrive out-of-order. The expressive DataStream API with flexible window semantics results in significantly less custom application logic compared to other open source stream processing solutions. Finally, connecting Flink with Elasticsearch and visualizing the real-time data with Kibana is just a matter of a few minutes. We hope you enjoyed running our demo application and had fun playing around with the code.\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003cem\u003eFabian Hueske is a PMC member of Apache Flink. He is contributing to Flink \u0026nbsp;\u003c/em\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4cee9e7a83165490d14f/download?uid=blt0942cc226cc2c30c?uid=blt0942cc226cc2c30c\" data-sys-asset-uid=\"blt6e5b5c42df586968\" alt=\"fabian_2.jpg\" width=\"170\" height=\"170\" style=\"width: 170;height: 170;float: right;margin: 0px;text-align: right;\"/\u003e\u003cem\u003esince its earliest days when it started as research project as part of his PhD studies at TU Berlin. Fabian did internships with IBM Research, SAP Research, and Microsoft Research and is a co-founder of data Artisans, a Berlin-based start-up devoted to foster Apache Flink. He is interested in distributed data processing and query optimization.\u003c/em\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e\u003cp class=\"normal\"\u003e\u003co:p\u003e\u003c/o:p\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:17:56.437Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"data-artisans-kibana-architecture-full-bleed.jpg","uid":"blt8ce3612c276e15af","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:43:37.854Z","updated_at":"2019-02-04T06:43:37.854Z","content_type":"image/jpeg","file_size":"103634","filename":"data-artisans-kibana-architecture-full-bleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:20:51.318Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8ce3612c276e15af/5c57df1902ac90e80ba0a8cc/data-artisans-kibana-architecture-full-bleed.jpg"},"markdown_l10n":"","publish_date":"2015-12-07T14:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Building real-time dashboard applications with Apache Flink, Elasticsearch, and Kibana","seo_description_l10n":"This blog post shows how to build a real-time dashboard solution for stream data analytics using Apache Flink, Elasticsearch, and Kibana.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt0a824b431b273457","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:33:59.571Z","updated_at":"2018-10-09T10:33:59.571Z","content_type":"image/jpeg","file_size":"27109","filename":"data-artisans-logo.jpeg","title":"data-artisans-logo.jpeg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:20:51.318Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0a824b431b273457/5bbc8417b160bf6a367eb817/data-artisans-logo.jpeg"},"title":"Building real-time dashboard applications with Apache Flink, Elasticsearch, and Kibana","title_l10n":"Building real-time dashboard applications with Apache Flink, Elasticsearch, and Kibana","updated_at":"2025-03-10T10:42:06.957Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/building-real-time-dashboard-applications-with-apache-flink-elasticsearch-and-kibana","publish_details":{"time":"2025-03-10T10:42:11.648Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt21db21b485e789be","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"The new Singapore region for Elasticsearch Service is our 4th GCP region in Asia Pacific and our 12th GCP region globally.","author":["blta469eec733f1f129"],"body_l10n":"\u003cp\u003eWe are pleased to share the news that the Google Cloud Platform Singapore (asia-southeast1)\u0026nbsp;region for the Elasticsearch Service on Elastic Cloud is now available! This is our 12th GCP region globally and our 4th GCP region in Asia Pacific.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eExisting users can simply \u003ca href=\"https://cloud.elastic.co\"\u003elog in\u003c/a\u003e to start using the GCP Singapore region on our Elasticsearch Service immediately. New users can \u003ca href=\"https://www.elastic.co/gcp\"\u003esign up\u003c/a\u003e\u0026nbsp;for a free 14-day trial to try it out.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eElasticsearch Service brings you the best search, observability, and security solutions. Get access to features such as machine learning and index lifecycle management. Build visualizations intuitively with Kibana Lens and put your creative mark on them with Canvas. And with our use case-ready deployment templates, provisioning, configuring, and scaling your deployments is a breeze.\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eGo deeper with Google and the Elasticsearch Service\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe \u003ca href=\"https://www.elastic.co/blog/elastic-and-google-team-up-to-bring-a-more-native-elasticsearch-service-experience-on-google-cloud\"\u003epartner with Google\u003c/a\u003e to bring the Elasticsearch Service to GCP. Elastic will continue to introduce new GCP regions for the Elasticsearch Service to complement our joint engineering work on native GCP console integration.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eElastic and GCP customers can also subscribe to the Elasticsearch Service via the \u003ca href=\"https://console.cloud.google.com/marketplace/details/endpoints/elasticsearch-service.gcpmarketplace.elastic.co\"\u003eGCP Marketplace\u003c/a\u003e. If you're a marketplace customer, integrated billing consolidates usage charges into your existing GCP bill. These charges are deductible from prepaid GCP agreements.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eGet started with the Elasticsearch Service in GCP Singapore\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eIf you are looking to move an existing cluster or deployment, be sure to check out our documentation about \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-migrate-data.html\"\u003emigrating your Elasticsearch data\u003c/a\u003e, with more details in our \u003ca href=\"https://www.elastic.co/webinars/migrating-your-elasticsearch-data-to-elastic-cloud\"\u003emigrating Elasticsearch data webinar\u003c/a\u003e. If you still have questions, \u003ca href=\"https://www.elastic.co/contact\"\u003ewe're here to help\u003c/a\u003e.\u003c/p\u003e\u003cdiv\u003e\u003cbr /\u003e\u003c/div\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2020-03-17T21:04:39.826Z","created_by":"blt09675795f3a8cdd57c4f255b","disclaimer":[],"full_bleed_image":{"uid":"blt940496fcf44f1298","created_by":"blt09675795f3a8cdd57c4f255b","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-03-17T21:43:08.357Z","updated_at":"2021-01-12T21:14:14.424Z","content_type":"image/png","file_size":"42527","filename":"blog-banner-cloud-gcp-region.png","title":"blog-banner-cloud-gcp-region.png","ACL":{},"_version":4,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T21:14:16.512Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt940496fcf44f1298/5ffe1126fee93e550328c4ab/blog-banner-cloud-gcp-region.png"},"markdown_l10n":"","publish_date":"2020-03-18T21:04:08.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch Service is now available on Google Cloud Platform (GCP) in Singapore","seo_description_l10n":"The new Singapore region for Elasticsearch Service is our 4th GCP region in Asia Pacific and our 12th GCP region globally.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":5,"is_dir":false,"uid":"blt83d6e1208fcdaef9","ACL":{},"content_type":"image/png","created_at":"2020-03-17T21:42:17.536Z","created_by":"blt09675795f3a8cdd57c4f255b","description":"","file_size":"36615","filename":"blog-thumb-cloud-gcp-region.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-cloud-gcp-region.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.418Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt83d6e1208fcdaef9/5ffe112b7f3df4662710b33e/blog-thumb-cloud-gcp-region.png"},"title":"Elasticsearch Service is now available on Google Cloud Platform (GCP) in Singapore","title_l10n":"Elasticsearch Service is now available on Google Cloud Platform (GCP) in Singapore","updated_at":"2025-03-10T10:40:20.255Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elasticsearch-service-is-now-available-on-google-cloud-platform-gcp-in-singapore","publish_details":{"time":"2025-03-10T10:40:24.074Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta29d3aee29c50bfa","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blte305d0d8f427e122"],"body_l10n":"\u003cp\u003eElasticsearch supports a wide range of use-cases across our user base, and more and more of these rely on fast indexing to quickly get large amounts of data into Elasticsearch. Even though Elasticsearch is fast and index performance is continually improved, it is still possible to overwhelm it. At that point you typically see parts of bulk requests getting rejected. In this blog post we will look at the causes and how to avoid it.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThis is the second installment in a series of blog posts where we look at and discuss your common questions. The first installment discussed and provided guidelines around \"\u003ca href=\"/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster\"\u003eHow many shards one should aim to have in an Elasticsearch cluster?\u003c/a\u003e\"\u003c/p\u003e\u003ch2\u003eWhat happens when a bulk indexing request is sent to Elasticsearch?\u003c/h2\u003e\u003cp\u003eLet’s start at the beginning and look at what happens behind the scenes when a bulk indexing request is sent to Elasticsearch.\u003c/p\u003e\u003cp\u003eWhen a bulk request arrives at a node in the cluster, it is, in its entirety, put on the bulk queue and processed by the threads in the bulk thread pool. The node that receives the request is referred to as the coordinating node as it manages the life of the request and assembles the response. This can be a node dedicated to just coordinating requests or one of the data nodes in the cluster.\u003c/p\u003e\u003cp\u003eA bulk request can contain documents destined for multiple indices and shards. The first processing step is therefore to split it up based on which shards the documents need to be routed to. Once this is done, each bulk sub-request is forwarded to the data node that holds the corresponding primary shard, and it is there enqueued on that node’s bulk queue. If there is no more space available on the queue, the coordinating node will be notified that the bulk sub-request has been rejected.\u003c/p\u003e\u003cp\u003eThe bulk thread pool processes requests from the queue and documents are forwarded to replica shards as part of this processing. Once the sub-request has completed, a response is sent to the coordinating node.\u003c/p\u003e\u003cp\u003eOnce all sub-requests have completed or been rejected, a response is created and returned to the client. It is possible, and even likely, that only a portion of the documents within a bulk request might have been rejected.\u003c/p\u003e\u003cp\u003eThe reason Elasticsearch is designed with request queues of limited size is to protect the cluster from being overloaded, which increases stability and reliability. If there were no limits in place, clients could very easily bring a whole cluster down through bad or malicious behaviour. The limits that are in place have been set based on our extensive experience supporting Elasticsearch for different types of use-cases.\u003c/p\u003e\u003cp\u003eWhen using the HTTP interface, requests that results in at least a partial rejection will return with response code 429, 'Too many requests'. The principle also applies when the transport protocol is used, although the protocol and interface naturally is different. Applications and clients may report these errors back to the user in different ways, and some may even attempt to handle this automatically by retrying any rejected documents.\u003c/p\u003e\u003ch2\u003eHow can we test this in practice?\u003c/h2\u003e\u003cp\u003eIn order to illustrate the practical impact of this behaviour, we devised a simple test where we use \u003ca href=\"https://github.com/elastic/rally\"\u003eour benchmarking tool Rally\u003c/a\u003e to run bulk indexing requests against a couple of \u003ca href=\"/cloud\"\u003eElastic Cloud clusters\u003c/a\u003e with varying number of data nodes. Configuration and instructions on how to run Rally is available in \u003ca href=\"https://gist.github.com/cdahlqvist/2f368e8a874259b5cf4ca28b8a75d454\"\u003ethis gist\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThe same indexing workload was run against three different Elastic Cloud clusters. We have been indexing with one replica shard configured wherever possible. The clusters consisted of one, two and three data nodes respectively, with each data node having 8GB RAM (4GB heap for Elasticsearch, 4GB native memory). Invoking the GET /_nodes/thread_pool API we could see that each data node by default had a fixed bulk thread pool size of two with a queue size of 200:\u003c/p\u003e\u003cpre\u003e%\u0026gt; curl -XGET http://\u0026lt;es_url\u0026gt;:\u0026lt;es_port\u0026gt;/_nodes/thread_pool\u0026lt;/es_port\u0026gt;\u0026lt;/es_url\u0026gt;\u003cbr /\u003e\"bulk\": {\u003cbr /\u003e\"type\": \"fixed\",\u003cbr /\u003e\"min\": 2,\u003cbr /\u003e\"max\": 2,\u003cbr /\u003e\"queue_size\": 200\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eDuring the test we indexed into a varying number of shards (2, 4, 8, 16, and 32) using a varying number of concurrent clients (8, 16, 24, 32, 48, and 64) for each cluster. For every combination of shard and client count we indexed 6.4 million documents with a batch size of 100 documents and another 6.4 million documents with a batch size of 200 documents. This means that in total we attempted to index 384 million documents per cluster.\u003c/p\u003e\u003cp\u003eFor this test we treat the clusters as a black box, and perform the analysis from the client’s perspective. To limit the scope we will also not look at the impact of various configurations on performance as that is a quite large topic on its own.\u003c/p\u003e\u003cp\u003eAll the generated, detailed metrics were sent to a separate Elastic Cloud instance for analysis using Kibana. For each request Rally measures how many the documents in the bulk request were rejected and successful. Based on this data we can classify each request as successful, partially rejected, and fully rejected. A few requests also timed out, and these have also been included for completeness.\u003c/p\u003e\u003cp\u003eUnlike Beats and Logstash, Rally does not retry failed indexing requests, so each has the same number of requests executed but the final number of documents indexed varied from run to run depending on the volume of rejections.\u003c/p\u003e\u003ch2\u003eHow bulk rejection frequency depend on shard count, clients count, and data node count?\u003c/h2\u003e\u003cp\u003eBulk rejections occur when the bulk queues fill up. The number of queue slots that get used depends both on the number of concurrent requests, and the number of shards being indexed into. To measure this correlation we have added a calculated metric, \u003cstrong\u003eclient shard concurrency\u003c/strong\u003e, to each run. This is defined as \u003cem\u003ethe number of shards being indexed into\u003c/em\u003e, multiplied by \u003cem\u003ethe number of concurrent indexing threads\u003c/em\u003e, and indicates how many queue slots would be needed to hold all bulk sub-requests.\u003c/p\u003e\u003cp\u003eIn the graph below, we show how the percentage of requests that result in partial or full rejections, depends on the client shard concurrency for the three different clusters.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3cfc31f3fdd1b884/5e613b0b18d3347ceffbbb41/bulk-rejection-blog-1.png\" data-sys-asset-uid=\"blt3cfc31f3fdd1b884\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eFor clusters with one or two nodes we can see that appearance of bulk rejections start when the client shard concurrency level is somewhere between 192 and 256. This makes sense as each node has a bulk queue size of 200. For the cluster with 3 nodes we can see that it is able to handle even higher level of client shard concurrency without any bulk rejections appearing.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOnce we get over this limit, we start seeing partial bulk rejections, where at least one sub-request has managed to get queued and processed. A relatively small portion of requests also result on full rejections as the concurrency level increases, especially for the single node cluster.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen we compare the single and two node clusters, we can see that the percentage of fully successful requests increases slightly and that there are fewer full rejections. This is expected, as the total bulk queue across the cluster is twice as large and requests are sent to all data nodes. Even though the total bulk queue size is twice as large across the cluster, the 2 node cluster does not appear able to handle twice the client shard concurrency of the single node cluster. This is likely due to the fact that distribution is not perfect and that the introduction of replica shards have resulted in each indexing operation requiring more work and being slower as a result. An important thing to note is also that all partial rejections are treated as equals in this graph. The number of rejected documents is not shown and does indeed vary depending on the cluster size, but we will shortly look at that in greater detail.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen we go to three data nodes, we see a more marked improvement, and receive requests without any rejections at high levels of concurrency. We also only see full rejections for the highest concurrency levels.\u003c/p\u003e\u003cp\u003eIf we instead plot the average portion of rejected documents per request as a function of shard and client count for the three clusters, we get the following graphs.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf49d04d4bd8150d/5e613aed18d3347ceffbbb3b/bulk-rejection-blog-2.png\" data-sys-asset-uid=\"bltbf49d04d4bd8150d\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cdiv\u003e\u003c/div\u003e\u003cp\u003eHere we can see that the percentage of rejected events grows with increased concurrency levels for all cluster sizes. We can also see that the rejection levels drop across the board with the more data nodes we add, which is expected.\u003c/p\u003e\u003cp\u003eEarlier we saw that partial rejections started at approximately the same time for both one and two node clusters. If we now look at these graphs, we can see that the portion of rejected documents grows faster for the single node cluster compared to the one with two data nodes. This means that even though we saw a similar level of partially rejected requests, the larger cluster had more documents indexed per request.\u003c/p\u003e\u003ch2\u003eCan’t I just get around this by increasing the bulk queue size?\u003c/h2\u003e\u003cp\u003eOne of the most common reactions when faced with bulk rejections is to increase the size of the bulk queue. Why not set it to a really large value so you do not have to worry about this again?\u003c/p\u003e\u003cp\u003eIncreasing the size of the queue is not likely to improve the indexing performance or throughput of your cluster. Instead it would just make the cluster queue up more data in memory, which is likely to result in bulk requests taking longer to complete. The more bulk requests there are in the queue, the more precious heap space will be consumed. If the pressure on the heap gets too large, it can cause a lot of other performance problems and even cluster instability.\u003c/p\u003e\u003cp\u003eAdjusting the queue sizes is therefore strongly discouraged, as it is like putting a temporary band-aid on the problem rather than actually fixing the underlying issue. So what else can we do improve the situation?\u003c/p\u003e\u003ch2\u003eCan coordinating only nodes help?\u003c/h2\u003e\u003cp\u003eBy introducing coordinating only nodes, the data nodes will be able to focus on processing sub-requests, as the request itself will not take up a slot on their bulk queue. This is generally good, but the actual benefit of this arrangement is likely to vary from use-case to use-case. In many use cases it does relatively little difference, and we see lots of successful indexing heavy use cases that do not use dedicated coordinating nodes.\u003c/p\u003e\u003ch2\u003eWhat conclusions can we draw?\u003c/h2\u003e\u003cp\u003eAs always, there is not necessarily any good one-size-fits-all solution, and the way to address bulk rejections will vary from use-case to use-case. If you see bulk rejections, try to understand why they are taking place and whether it is a single node or the whole cluster that is affected.\u003c/p\u003e\u003cp\u003eIf the cluster is unable to cope with the load, ensure that all nodes are sharing the load evenly. If this does not help, it may be necessary to scale the cluster out or up. This will increase capacity and make it less likely that queues are filled up. Increasing the bulk queue size is only likely to postpone the problems, and may actually make them worse.\u003c/p\u003e\u003cp\u003eAlso remember that rejected requests do not always mean that all documents were unsuccessful. Make sure you inspect the full response and retry the appropriate documents. Logstash and Beats already do this by default.\u003c/p\u003e\u003cp\u003eWe hope this has given you a better understand of how it works. If you have any further questions, there are \u003ca href=\"/community\"\u003emany ways to engage with us\u003c/a\u003e, including through \u003ca href=\"https://discuss.elastic.co/\"\u003eour forum\u003c/a\u003e.\u003c/p\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:05:32.006Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"elasticsearch-cluster-bulk-rejections-fullbleed.jpg","uid":"blt418d869df45a88bb","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:29:36.877Z","updated_at":"2019-01-05T09:29:36.877Z","content_type":"image/jpeg","file_size":"145061","filename":"elasticsearch-cluster-bulk-rejections-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:54:39.309Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt418d869df45a88bb/5c3079006e9992e16f529a4f/elasticsearch-cluster-bulk-rejections-fullbleed.jpg"},"markdown_l10n":"","publish_date":"2017-11-22T17:13:16.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"elasticsearch-cluster-bulk-rejections-thumbnail.jpg","uid":"blt44b8ccc839f287db","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:29:32.644Z","updated_at":"2019-01-05T09:29:32.644Z","content_type":"image/jpeg","file_size":"63921","filename":"elasticsearch-cluster-bulk-rejections-thumbnail.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T19:54:39.309Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt44b8ccc839f287db/5c3078fcb2b2be79676e84cc/elasticsearch-cluster-bulk-rejections-thumbnail.jpg"},"title":"Why am I seeing bulk rejections in my Elasticsearch cluster?","title_l10n":"Why am I seeing bulk rejections in my Elasticsearch cluster?","updated_at":"2025-03-10T10:39:05.401Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/why-am-i-seeing-bulk-rejections-in-my-elasticsearch-cluster","publish_details":{"time":"2025-03-10T10:39:10.554Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte6fa4df46b3ae6b5","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt34ee8792416ba5d6"],"body_l10n":"\u003ch2\u003eWe are hiring\u003c/h2\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://grnh.se/62cf75441\"\u003eKibana - Senior Product Designer\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://grnh.se/24ddf24d1\"\u003eKibana - Senior JavaScript Engineer\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://grnh.se/a12f57d31\"\u003eKibana - Platform JavaScript Engineer (Node.js)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://grnh.se/cf4410401\"\u003eKibana - Principal Product Manager Maps\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://grnh.se/aef19e931\"\u003eKibana - Senior/Principal Product Manager Analytics\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003ePlatform\u003c/h2\u003e\u003ch3\u003eChanges for developers:\u003c/h3\u003e\u003cul\u003e\u003cli\u003eA new \u003ca href=\"https://github.com/elastic/kibana/pull/56636\"\u003e\u003cspan style=\"font-family: monospace;\"\u003egetServerInfo()\u003c/span\u003e API\u003c/a\u003e is available for plugins that need to know Kibana’s public URL.\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eApp Architecture\u003c/h2\u003e\u003ch3\u003eSearch bar default behaviors\u003c/h3\u003e\u003cp\u003eUsing \u003cspan style=\"font-family: monospace;\"\u003eSearchBar\u003c/span\u003e or \u003cspan style=\"font-family: monospace;\"\u003eTopNavMenu\u003c/span\u003e? We got some news for you!\u003c/p\u003e\u003cp\u003eBoth components now ship with \u003ca href=\"https://github.com/elastic/kibana/pull/56160\"\u003epre-wired default behaviors\u003c/a\u003e, so you don't have to write any additional code to utilize filter and query state management, auto refresh settings or saved query workflow.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eTo enable, pass in \u003cspan style=\"font-family: monospace;\"\u003euseDefaultBehavious=\"true\"\u003c/span\u003e to the component, as well as an (optional) initial state, remove your own management code and you should be good to go.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eTo get notifications on state changes (for example to sync with a state container), you still have to use a combination of observables and callbacks, as \u003ca href=\"https://github.com/elastic/kibana/pull/56160/files#diff-945c21bd7ac7af10525d33c7e544c4c2R581\"\u003eseen here\u003c/a\u003e. Update for that is \u003ca href=\"https://github.com/elastic/kibana/issues/57168\"\u003ecoming soon\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003ePlugin Generator\u003c/h3\u003e\u003cp\u003eIf you wish to generate a new Kibana Platform plugin, check out the \u003ca href=\"https://github.com/elastic/kibana/pull/55281\"\u003eupdated Plugin Generator tool\u003c/a\u003e. It is now up to date with the most recent plugin structure and guidelines.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-family: monospace;\"\u003enode scripts/generate_plugin \"My Plugin\" -i\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003ePlease post feedback and suggestions on the outstanding \u003ca href=\"https://github.com/elastic/kibana/issues/56652\"\u003eimprovements issue\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e","category":[],"created_at":"2020-02-11T19:07:28.952Z","created_by":"bltc9d62ae104284d62","disclaimer":[],"full_bleed_image":{"uid":"blt0ba64554b53df4df","ACL":{},"_version":1,"content_type":"image/png","created_at":"2019-10-18T22:04:10.512Z","created_by":"bltf6ab93733e4e3a73","file_size":"27476","filename":"kibana-weekly-blog-banner.png","is_dir":false,"parent_uid":null,"tags":[],"title":"kibana-weekly-blog-banner.png","updated_at":"2019-10-18T22:04:10.512Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-18T22:04:17.945Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ba64554b53df4df/5daa36dadf78486c826db921/kibana-weekly-blog-banner.png"},"markdown_l10n":"","publish_date":"2020-02-11T21:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"kibana weekly update contains platform migration, and maps feature enhancements","seo_description_l10n":"In this week's Kibana Engineer update we look at the update to Maps icon styling features and some platform updates","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blta6ce6c7fc47ff2cb","ACL":{},"_version":1,"content_type":"image/png","created_at":"2019-10-18T22:04:10.428Z","created_by":"bltf6ab93733e4e3a73","file_size":"22849","filename":"kibana-weekly-blog-thumb.png","is_dir":false,"parent_uid":null,"tags":[],"title":"kibana-weekly-blog-thumb.png","updated_at":"2019-10-18T22:04:10.428Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-18T22:04:32.538Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta6ce6c7fc47ff2cb/5daa36da2dc72966da7451aa/kibana-weekly-blog-thumb.png"},"title":"Keeping up with Kibana: This week in Kibana for February 11th, 2020","title_l10n":"Keeping up with Kibana: This week in Kibana for February 11th, 2020","updated_at":"2025-03-10T10:37:58.311Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/keeping-up-with-kibana-2020-02-11","publish_details":{"time":"2025-03-10T10:38:01.571Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf8998749005e56e3","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt4f911b4247a9427a"],"body_l10n":"\u003cp\u003eLast week, \u003ca href=\"https://www.elastic.co/blog/staying-in-control-with-moving-averages-part-1\"\u003ewe introduced how to build a simple Control Chart\u003c/a\u003e using the new moving_avg pipeline aggregations. \u0026nbsp;The demonstration used a very simple dataset, where the trend was very flat, and the spike was very obvious. \u0026nbsp;In fact, it was so obvious you could probably catch it with a simple threshold.\u003c/p\u003e\u003cp\u003eThis week, we'll show how the same control chart can be used in more tricky scenarios, such as constantly increasing linear trends, or cyclic/seasonal data\u003c/p\u003e\u003ch2 dir=\"ltr\" rel=\"line-height:1.38;margin-top:10pt;margin-bottom:0pt;\"\u003eLinear Trends\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe example from last week was very simple, and a threshold set by eye would have been sufficient. \u0026nbsp;For example, you could easily determine the ideal mean, calculate three standard deviations yourself, and alert when it goes above that point. \u0026nbsp;This works well for flat trends, but what if your data happens to have a constant linear trend?\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eJust\u0026nbsp;as a refresher, here is the aggregation we built last week:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\" style=\"font-size: 12.6000003814697px;\"\u003e{\u003cbr /\u003e \"size\": 0,\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"date_histo\": {\u003cbr /\u003e \"histogram\": {\u003cbr /\u003e \"field\": \"tick\",\u003cbr /\u003e \"interval\": \"hour\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"stats\": {\u003cbr /\u003e \"extended_stats\": {\u003cbr /\u003e \"field\": \"value\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"movavg_mean\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.avg\",\u003cbr /\u003e \"window\": 24,\u003cbr /\u003e \"model\": \"ewma\",\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"alpha\": 0.1 \u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"movavg_std\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.std_deviation\",\u003cbr /\u003e \"window\": 24,\u003cbr /\u003e \"model\": \"ewma\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"shewhart_ucl\": {\u003cbr /\u003e \"bucket_script\": {\u003cbr /\u003e \"buckets_path\": {\u003cbr /\u003e \"mean\": \"movavg_mean.value\",\u003cbr /\u003e \"std\": \"movavg_std.value\"\u003cbr /\u003e },\u003cbr /\u003e \"script\": \"mean + (3 * std)\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eLet's re-use that same aggregation on some data with a constant linear trend, which includes the same spike on Thursday. \u0026nbsp;Without changing anything, we'll see:\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003ca href=\"https://api.contentstack.io/v2/assets/575e4c9c3dc542cb38c084f9/download?uid=blt1e5f788806ad9d40?uid=blt1e5f788806ad9d40\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c9c3dc542cb38c084f9/download?uid=blt1e5f788806ad9d40?uid=blt1e5f788806ad9d40\" data-sys-asset-uid=\"blt59216816fa960ad9\" width=\"689\" height=\"149\" style=\"width: 689;height: 149;\"/\u003e\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eSmoothed average: purple\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eMax value: yellow\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eUpper control limit: green\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAs you can see, a\u0026nbsp;simple threshold would no longer work; it would be triggered due to the natural growth of the values. \u0026nbsp;There are several ways you could work around it (plot a linear threshold trigger, diff against yesterday, etc). \u0026nbsp;But the control chart handles this scenario in stride without modification\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBecause the threshold is generated dynamically based on the \"local\" data in the moving averages, the constant linear trend is no problem and everything just works.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eCyclic Trends\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eCyclic trends are even more fun. \u0026nbsp;Imagine your data has some seasonality. \u0026nbsp;In this case, I just plotted a random sine wave, but you'll see this cyclic behavior everywhere in real data: \u0026nbsp;sales numbers, server utilization, queue lengths, etc. \u0026nbsp;Cycles can be very tricky for simpler spike detection algorithms. \u0026nbsp;The algorithm needs to differentiate between the natural peaks and real spikes.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIf we apply the exact same aggregation as before, we get a decent chart:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://api.contentstack.io/v2/assets/575e4c9cd8edd48f7693603f/download?uid=blte63ebbbcb7a64d8e?uid=blte63ebbbcb7a64d8e\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c9cd8edd48f7693603f/download?uid=blte63ebbbcb7a64d8e?uid=blte63ebbbcb7a64d8e\" data-sys-asset-uid=\"bltdd73a9e465e66522\" width=\"696\" height=\"150\" style=\"width: 696;height: 150;\"/\u003e\u003c/a\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cem\u003eSmoothed average: purple\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eMax value: yellow\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eUpper control limit: green\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eYou'll notice a problem though. \u0026nbsp;The maximum values in yellow consistently \"trip\" the threshold (in green) on the leading edge. \u0026nbsp;It looks like the green threshold lags behind the data, and never quite anticipates the upcoming cycle. \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe problem is the moving average model. \u0026nbsp;Simpler models like linear and ewma always display a certain amount of lag, and in particular struggle with cyclic data. \u0026nbsp;The lag was present in all the previous examples (go look), it just usually isn’t a problem with non-seasonal data.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eInstead, we should use holt_winters, a moving average model that includes terms that can account for seasonality. \u0026nbsp;Let's replace the two previous moving averages with this:\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"movavg_mean\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.avg\",\u003cbr /\u003e \"window\": 200,\u003cbr /\u003e \"model\": \"holt_winters\",\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"period\": 69\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e},\u003cbr /\u003e\"movavg_std\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.std_deviation\",\u003cbr /\u003e \"window\": 150,\u003cbr /\u003e \"model\": \"holt_winters\",\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"period\": 69\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e},\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eYou'll notice a few changes. \u0026nbsp;Obviously, we swapped ewma for holt_winters. \u0026nbsp;Next, we changed the window size. \u0026nbsp;Holt-Winters requires a larger window so that it can more accurately model seasonal behavior. \u0026nbsp;Finally, we specified how large the \"period\" of the data is. \u0026nbsp;In this case, it is roughly 62 hours from peak to peak. \u0026nbsp;Holt-Winters has more parameters that are tunable, but we are going to rely on the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-pipeline-movavg-aggregation.html#movavg-minimizer\"\u003eautomatic minimization\u003c/a\u003e to choose those for us.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe graph that we get out looks much better:\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://api.contentstack.io/v2/assets/575e4c9cd8edd48f7693603a/download?uid=blt0c6c71d33f680ac4?uid=blt0c6c71d33f680ac4\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c9cd8edd48f7693603a/download?uid=blt0c6c71d33f680ac4?uid=blt0c6c71d33f680ac4\" data-sys-asset-uid=\"bltc28ae47c3a2fd1f6\" width=\"724\" height=\"151\" style=\"width: 724;height: 151;\"/\u003e\u003c/a\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cem\u003eSmoothed average: purple\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eMax value: yellow\u003c/em\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cem\u003eUpper control limit: green\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe threshold now lines up with the data perfectly, and we correctly detect the spike (and nothing else). \u0026nbsp;You will notice a new anomaly though. \u0026nbsp;Exactly one period after the first spike a new spike exists where there wasn’t one previously. \u0026nbsp;And if you look closely, you'll see a tiny spike two periods afterwards which is also new.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis is an artifact from Holt-Winters. \u0026nbsp;Forecasts are built based on past seasonal data, and since the past data\u0026nbsp;had a spike, you'll see traces of that in future forecasts. \u0026nbsp;This artifact can be diminished slightly by increasing the window length, and in general isn't usually large enough to trigger a \"threshold breach\".\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eExtra Credit: Configuring a Watcher alert\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIf you have Watcher installed -- \u003ca href=\"/what-is/elasticsearch-alerting\"\u003ean alerting and notification plugin for Elasticsearch\u003c/a\u003e -- it is trivial to add a watch which will alert you when a spike has been detected. \u0026nbsp;We will define a watch that checks every hour (finer granularity is unnecessary, since the data is only logged at 1hr intervals). \u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThen we plop in our aggregation, and setup some email and logging notifications and define the condition. \u0026nbsp;The condition is simply checking to see if the maximum value is greater than the upper control limit.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ecurl -XPUT 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{\u003cbr /\u003e \"trigger\": {\u003cbr /\u003e \"schedule\": {\u003cbr /\u003e \"interval\": \"1hr\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": [\"reactor_logs\"],\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"size\": 0,\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"histo\": {\u003cbr /\u003e \"date_histogram\": {\u003cbr /\u003e \"field\": \"tick\",\u003cbr /\u003e \"interval\": \"hour\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"stats\": {\u003cbr /\u003e \"extended_stats\": {\u003cbr /\u003e \"field\": \"value\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"movavg_mean\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.avg\",\u003cbr /\u003e \"window\": 24,\u003cbr /\u003e \"model\": \"ewma\",\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"alpha\": 0.1\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"movavg_std\": {\u003cbr /\u003e \"moving_avg\": {\u003cbr /\u003e \"buckets_path\": \"stats.std_deviation\",\u003cbr /\u003e \"window\": 24,\u003cbr /\u003e \"model\": \"ewma\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"shewhart_ucl\": {\u003cbr /\u003e \"bucket_script\": {\u003cbr /\u003e \"buckets_path\": {\u003cbr /\u003e \"mean\": \"movavg_mean.value\",\u003cbr /\u003e \"std\": \"movavg_std.value\"\u003cbr /\u003e },\u003cbr /\u003e \"script\": \"mean + (3 * std)\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"condition\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"inline\": \"def lastBucket = ctx.payload.aggregations.histo.buckets.last(); return lastBucket.stats.max \u0026gt; lastBucket.shewhart_ucl.value\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"actions\": {\u003cbr /\u003e \"log_error\": {\u003cbr /\u003e \"logging\": {\u003cbr /\u003e \"text\": \"Reactor Meltdown!\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"send_email\": { \u003cbr /\u003e \"email\": {\u003cbr /\u003e \"to\": \"user@example.com\", \u003cbr /\u003e \"subject\": \"Watcher Notification - Reactor Meltdown!\",\u003cbr /\u003e \"body\": \"Reactor is melting down, please investigate. :)\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}'\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWith this in place, Watcher will email you as soon as the upper control limit has been reached. \u0026nbsp;It is fairly trivial to extend this to log/alert on “warnings”, such as when values exceed two standard deviations instead of three, or has remained above the mean for more than 10 consecutive hours. \u0026nbsp;The sky is the limit!\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eConclusion\u003c/h2\u003e\u003cp\u003eI hope this article was interesting. \u0026nbsp;Most folks are acquainted with the smoothing capabilities of moving averages;\u0026nbsp; they are great for smoothing out noise so you can see the more general trend. \u0026nbsp;But they can also be the building blocks for much richer functionality, such as finding anomalous data points in a dynamic dataset. \u0026nbsp;It's fairly remarkable how powerful simple, statistical techniques can be in practice.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBecause of the new functionality in pipeline aggregations, all of this functionality can now be expressed in Elasticsearch itself. \u0026nbsp;And when coupled with Watcher, you can build robust alerting and notifications directly from your data, without having to pipe it to an external system first.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn the future, we'll be looking at how you can forecast into the future with moving averages, other methods for anomaly detection and more. \u0026nbsp;Stay tuned!\u003c/p\u003e\u003cdiv\u003e\u003cbr /\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:48:47.627Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"bltc1071980bd992b5e","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:05:36.712Z","updated_at":"2018-10-09T10:05:36.712Z","content_type":"image/jpeg","file_size":"75535","filename":"staying-in-control-with-moving-averages-full-bleed.jpg","title":"staying-in-control-with-moving-averages-full-bleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:09:49.300Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1071980bd992b5e/5bbc7d706c9763b95d07a74e/staying-in-control-with-moving-averages-full-bleed.jpg"},"markdown_l10n":"","publish_date":"2015-08-12T14:37:11.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":null,"title":"Staying in Control with Moving Averages - Part 2","title_l10n":"Staying in Control with Moving Averages - Part 2","updated_at":"2025-03-10T10:35:51.491Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/staying-in-control-with-moving-averages-part-2","publish_details":{"time":"2025-03-10T10:35:54.946Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0184c325196e29b4","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt4f911b4247a9427a"],"body_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWelcome to the third and final installment of this series on building a statistical anomaly detector in Elasticsearch. \u0026nbsp;As a quick recap, let’s look at what we’ve built so far:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eIn Part 1, we \u003ca href=\"https://www.elastic.co/blog/implementing-a-statistical-anomaly-detector-part-1\"\u003econstructed a pipeline aggregation that crunched millions of data points\u003c/a\u003e to generate\u0026nbsp;the top 90th percentile of\u0026nbsp;\"surprise\" values. \u0026nbsp;It did this by\u0026nbsp;constructing a time-series per\u0026nbsp;(metric, query) tuple, calculating the surprise of that tuple, then finding the top 90th percentile of surprise for each metric.\u003c/li\u003e\u003cli dir=\"ltr\"\u003eIn Part 2, we \u003ca href=\"https://www.elastic.co/blog/implementing-a-statistical-anomaly-detector-part-2\"\u003eused Timelion to graph the 90th percentile surprise over time\u003c/a\u003e. \u0026nbsp;We then used Timelion’s flexible syntax to construct a dynamic threshold\u0026nbsp;three standard deviations above the moving average of the surprise. \u0026nbsp;When the surprise passed this threshold, we showed it on the chart with a bar\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eToday, we’ll take what we built in Part 1 and 2 and automate it completely using\u0026nbsp;\u003ca href=\"https://www.elastic.co/what-is/elasticsearch-alerting\"\u003eWatcher\u003c/a\u003e, Elastic’s real-time alerting and notification plugin for Elasticsearch.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWith Watcher’s ability to use mustache templating and groovy scripting, it is a remarkably powerful alerting engine. \u0026nbsp;We can encode the entire Atlas system in just two watches. \u0026nbsp;The first watch will generate all of the surprise data (just like Part 1) while the second watch will create the threshold and check for anomalies (like Timelion in Part 2).\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eLet’s get started!\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eData Collection Watch\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe first watch’s job is to collect the top 90th surprise values for each metric on an hourly basis, emulating the data collection process we built in Part 1. \u0026nbsp;This means we can leverage most of the hard work from that section (e.g. the pipeline aggregation).\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFirst, here is the entire watch (then we’ll break it down piece-by-piece):\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _watcher/watch/atlas\u003cbr /\u003e{\u003cbr /\u003e \"trigger\":{\u003cbr /\u003e \"schedule\":{\u003cbr /\u003e \"hourly\" : { \"minute\" : 0 }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\":{\u003cbr /\u003e \"search\":{\u003cbr /\u003e \"request\":{\u003cbr /\u003e \"indices\":\"data\",\u003cbr /\u003e \"types\": \"data\",\u003cbr /\u003e \"body\":{\u003cbr /\u003e \"query\":{\u003cbr /\u003e \"filtered\":{\u003cbr /\u003e \"filter\":{\u003cbr /\u003e \"range\":{\u003cbr /\u003e \"hour\":{\u003cbr /\u003e \"gte\":\"now-24h\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\":0,\u003cbr /\u003e \"aggs\":{\u003cbr /\u003e \"metrics\":{\u003cbr /\u003e \"terms\":{\u003cbr /\u003e \"field\":\"metric\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\":{\u003cbr /\u003e \"queries\":{\u003cbr /\u003e \"terms\":{\u003cbr /\u003e \"field\":\"query\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\":{\u003cbr /\u003e \"series\":{\u003cbr /\u003e \"date_histogram\":{\u003cbr /\u003e \"field\":\"hour\",\u003cbr /\u003e \"interval\":\"hour\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\":{\u003cbr /\u003e \"avg\":{\u003cbr /\u003e \"avg\":{\u003cbr /\u003e \"field\":\"value\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"movavg\":{\u003cbr /\u003e \"moving_avg\":{\u003cbr /\u003e \"buckets_path\":\"avg\",\u003cbr /\u003e \"window\":24,\u003cbr /\u003e \"model\":\"simple\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"surprise\":{\u003cbr /\u003e \"bucket_script\":{\u003cbr /\u003e \"buckets_path\":{\u003cbr /\u003e \"avg\":\"avg\",\u003cbr /\u003e \"movavg\":\"movavg\"\u003cbr /\u003e },\u003cbr /\u003e \"script\":\"(avg - movavg).abs()\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"largest_surprise\":{\u003cbr /\u003e \"max_bucket\":{\u003cbr /\u003e \"buckets_path\":\"series.surprise\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"ninetieth_surprise\":{\u003cbr /\u003e \"percentiles_bucket\":{\u003cbr /\u003e \"buckets_path\":\"queries\u0026gt;largest_surprise\",\u003cbr /\u003e \"percents\":[\u003cbr /\u003e 90.0\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"extract\":[\u003cbr /\u003e \"aggregations.metrics.buckets.ninetieth_surprise\",\u003cbr /\u003e \"aggregations.metrics.buckets.key\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"actions\":{\u003cbr /\u003e \"index_payload\":{\u003cbr /\u003e \"transform\":{\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"hourly\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"index\" : \"atlas\",\u003cbr /\u003e \"doc_type\" : \"data\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIt’s long, but don’t panic! \u0026nbsp;A lot of it is repeated code from Part 1. \u0026nbsp;Let’s start looking at the individual components:\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _watcher/watch/atlas\u003cbr /\u003e{\u003cbr /\u003e \"trigger\":{\u003cbr /\u003e \"schedule\":{\u003cbr /\u003e \"hourly\" : { \"minute\" : 0 }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe first thing in our request is the HTTP command. \u0026nbsp;Watches are stored inside your cluster, so we execute a PUT command to the _watcher endpoint and add a new watch called “atlas”. \u0026nbsp;Next, we schedule the watch to run with a\u0026nbsp;“trigger”. \u0026nbsp;Triggers allow watches to run on schedules, much like a cronjob. \u0026nbsp;We are going to use an \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/trigger.html#schedule-hourly\"\u003ehourly trigger\u003c/a\u003e, which fires every hour\u0026nbsp;on the hour.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAfter our trigger, we define the \"input\" to the watch:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"input\":{\u003cbr /\u003e \"search\":{\u003cbr /\u003e \"request\":{\u003cbr /\u003e \"indices\":\"data\",\u003cbr /\u003e \"types\": \"data\",\u003cbr /\u003e \"body\":{...},\u003cbr /\u003e \"extract\":[\u003cbr /\u003e \"aggregations.metrics.buckets.ninetieth_surprise\",\u003cbr /\u003e \"aggregations.metrics.buckets.key\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eInputs provide the data that a watch uses to make decisions. \u0026nbsp;There are a variety of inputs available, \u0026nbsp;but we’ll use a search input. \u0026nbsp;This input\u0026nbsp;executes an arbitrary Elasticsearch query and allows a watch to use the response for later processing. \u0026nbsp;The “request” parameter defines the details about the request: the indices/types to query and the request body (which is the pipeline aggregation we built in Part 1). \u0026nbsp;Combined with the trigger, our watch will execute the large pipeline agg against the raw data every hour.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe “extract” parameter lets us extract\u0026nbsp;details that we are interested in, to simplify further processing in the watch. \u0026nbsp;It is conceptually very similar to filter_path, merely a filtering mechanism to reduce response verbosity. \u0026nbsp;Here we are using it to extract the five top-90th percentile surprises and their keys.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFinally we define an \"action\":\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"actions\":{\u003cbr /\u003e \"index_payload\":{\u003cbr /\u003e \"transform\":{\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"hourly\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"index\" : \"atlas\",\u003cbr /\u003e \"doc_type\" : \"data\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe action is executed after the query has run, and defines the \"output\" of a watch. \u0026nbsp;\u003ca href=\"https://www.elastic.co/guide/en/watcher/current/actions.html\"\u003eActions\u003c/a\u003e can send emails, send messages to Slack, post to custom webhooks, etc. \u0026nbsp;For our purposes, we actually want to put data back inside Elasticsearch. \u0026nbsp;We need to index the results of the pipeline aggregation so we can alert on it. \u0026nbsp;To do that, we setup an index_payload action which will index documents back into Elasticsearch for us.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBut before we can index anything, we need to convert the JSON aggregation response into a set of indexable\u0026nbsp;documents. \u0026nbsp;That is done via the transform\u0026nbsp;script hourly.groovy which resides on our node (in the config/scripts/ directory). \u0026nbsp;It looks like this:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003edef docs = [];\u003cbr /\u003efor(item in ctx.payload.aggregations.metrics.buckets) {\u003cbr /\u003e def doc = [\u003cbr /\u003e metric : item.key,\u003cbr /\u003e value : item.ninetieth_surprise.values[\"90.0\"],\u003cbr /\u003e execution_time: ctx.execution_time\u003cbr /\u003e ];\u003cbr /\u003e docs \u0026lt;\u0026lt; doc;\u003cbr /\u003e}\u003cbr /\u003ereturn [ _doc : docs ];\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIts function is very simple: iterate over the 90th percentile buckets and create an array holding the key, the value and the execution time. \u0026nbsp;Then append that to a bulk array and return it when done iterating over the buckets.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe returned array is in the Bulk API syntax, which Watcher will insert into the “atlas” index under the “data” type. \u0026nbsp;Once this watch is added to the cluster, Elasticsearch will begin collecting hourly surprise metrics just like we did in the simulator. \u0026nbsp;Perfect! \u0026nbsp;Let’s write the watch that finds anomalies now.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eAnomaly Detection Watch\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe goal of this watch is to replicate what we did in Part 2 with Timelion. \u0026nbsp;Namely, it needs to construct a threshold that is three standard deviations above the moving average of the 90th surprise...per metric. \u0026nbsp;Then it needs to raise some kind of alert if that threshold is broken.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis watch follows a similar layout as the last one, but has a bit more custom logic. \u0026nbsp;The whole watch looks like this:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _watcher/watch/atlas_analytics\u003cbr /\u003e{\u003cbr /\u003e \"trigger\": {\u003cbr /\u003e \"schedule\": {\u003cbr /\u003e \"hourly\" : { \"minute\" : 5 }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": \"atlas\",\u003cbr /\u003e \"types\": \"data\",\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"filtered\": {\u003cbr /\u003e \"filter\": {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"execution_time\": {\u003cbr /\u003e \"gte\": \"now-6h\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\": 0,\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"metrics\": {\u003cbr /\u003e \"terms\": {\u003cbr /\u003e \"field\": \"metric\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"series\": {\u003cbr /\u003e \"date_histogram\": {\u003cbr /\u003e \"field\": \"execution_time\",\u003cbr /\u003e \"interval\": \"hour\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"avg\": {\u003cbr /\u003e \"avg\": {\u003cbr /\u003e \"field\": \"value\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"series_stats\": {\u003cbr /\u003e \"extended_stats\": {\u003cbr /\u003e \"field\": \"value\",\u003cbr /\u003e \"sigma\": 3\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"extract\": [\u003cbr /\u003e \"aggregations.metrics.buckets\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"condition\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"analytics_condition\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"transform\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"analytics_transform\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"actions\": {\u003cbr /\u003e \"index_payload\": {\u003cbr /\u003e \"logging\": {\u003cbr /\u003e \"text\": \"{{ctx.alerts}}\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"email_alert\" : {\u003cbr /\u003e \"email\": {\u003cbr /\u003e \"to\": \"'John Doe \u0026lt;john.doe@example.com\u0026gt;'\",\u003cbr /\u003e \"subject\": \"Atlas Alerts Triggered!\",\u003cbr /\u003e \"body\": \"Metrics that appear anomalous: {{ctx.alerts}}\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe'll walk through it step-by-step again. \u0026nbsp;Similar to the first watch,\u0026nbsp;we PUT the watch into the cluster with a specific name (“atlas_analytics”) and setup an hourly schedule for it to run. However, the schedule is offset by five minutes this time to allow the first watch time to complete.\u003c/p\u003e\u003cp\u003eWe also use a search input again:\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": \"atlas\",\u003cbr /\u003e \"types\": \"data\",\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"filtered\": {\u003cbr /\u003e \"filter\": {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"execution_time\": {\u003cbr /\u003e \"gte\": \"now-6h\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\": 0,\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"metrics\": {\u003cbr /\u003e \"terms\": {\u003cbr /\u003e \"field\": \"metric\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"series\": {\u003cbr /\u003e \"date_histogram\": {\u003cbr /\u003e \"field\": \"execution_time\",\u003cbr /\u003e \"interval\": \"hour\"\u003cbr /\u003e },\u003cbr /\u003e \"aggs\": {\u003cbr /\u003e \"avg\": {\u003cbr /\u003e \"avg\": {\u003cbr /\u003e \"field\": \"value\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"series_stats\": {\u003cbr /\u003e \"extended_stats\": {\u003cbr /\u003e \"field\": \"value\",\u003cbr /\u003e \"sigma\": 3\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"extract\": [\u003cbr /\u003e \"aggregations.metrics.buckets\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis search is a little different. \u0026nbsp;First, it is querying /atlas/data instead of /data/data;\u0026nbsp;this watch is aggregating the results of the previous watch instead of\u0026nbsp;the raw data. \u0026nbsp;The query is also filtering to\u0026nbsp;just the last\u0026nbsp;six hours which\u0026nbsp;allows us to scope the time frame to a specific window.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAn\u0026nbsp;aggregation is used\u0026nbsp;to build a date_histogram per metric (e.g. a time-series per metric). \u0026nbsp;Inside each series we calculate the average and standard deviation (making sure to ask the stats agg for three standard deviations via the sigma parameter). \u0026nbsp;Finally, we extract out just the buckets because we don’t care about the rest of the response.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eYou’ll notice that in Part 2 we used a moving average and standard deviation to calculate this data, while here it is a plain average / stddev. \u0026nbsp;Why is that? \u0026nbsp;Because this watch executes every hour, the window of time will naturally slide across the data.\u0026nbsp;Unlike the Timelion implementation -- which had to display all points of time in one graph -- we are only concerned with generating the data points for this hour, so a simple avg works fine.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eSo at this point, our watch has all the required information to flag an anomaly...but we need to run some custom logic to tie it together. \u0026nbsp;That’s what happens next, in the condition clause:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"condition\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"analytics_condition\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eA condition is a \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/condition.html\"\u003egatekeeper to the action\u003c/a\u003e: if the condition evaluates true, the action is run. \u0026nbsp;Our condition uses another groovy script, analytics_condition.groovy:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003edef docs = [];\u003cbr /\u003edef status = false;\u003cbr /\u003efor(item in ctx.payload.aggregations.metrics.buckets) {\u003cbr /\u003e def std_upper = Double.valueOf(item.series_stats.std_deviation_bounds.upper);\u003cbr /\u003e def avg = Double.valueOf(item.series.buckets.last().avg.value);\u003cbr /\u003e if (std_upper == Double.NaN || avg == Double.NaN) {\u003cbr /\u003e continue;\u003cbr /\u003e }\u003cbr /\u003e if (avg \u0026gt; std_upper) {\u003cbr /\u003e status = true;\u003cbr /\u003e break;\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003ereturn status;\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThe script is really very simple: extract the standard deviation upper bound (which is provided by the aggregation natively) and the average, then see if the average is greater than the upper bound. \u0026nbsp;If the average is indeed greater, set a flag and return true\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAt this point, if the condition returned false is returned empty, the watch ends: nothing is anomalous. \u0026nbsp;But if it returns true, we continue onwards to the transform clause:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"transform\": {\u003cbr /\u003e \"script\": {\u003cbr /\u003e \"file\": \"analytics_transform\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eTransformations can be used to \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/transform.html\"\u003emodify, enrich and manipulate data\u003c/a\u003e. \u0026nbsp;We’ll use the transformation to tidy up the data so that a list of alerts can be embedded in an email easily. \u0026nbsp;Again, we use a groovy script to do the transformation, this one called analytics_transform.groovy:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003edef alerts = [];\u003cbr /\u003efor(item in ctx.payload.aggregations.metrics.buckets) {\u003cbr /\u003e def std_upper = Double.valueOf(item.series_stats.std_deviation_bounds.upper);\u003cbr /\u003e def avg = Double.valueOf(item.series.buckets.last().avg.value);\u003cbr /\u003e if (Double.isNaN(std_upper) || Double.isNaN(avg)) {\u003cbr /\u003e continue;\u003cbr /\u003e }\u003cbr /\u003e if (avg \u0026gt; std_upper) {\u003cbr /\u003e alerts \u0026lt;\u0026lt; item.id;\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003ereturn [alerts: alerts];\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eLook familiar? \u0026nbsp;This is basically the same as the analytics_condition.groovy script used in the condition clause. \u0026nbsp;The only difference is that any anomalous metrics are appended to an array, instead of changing a flag. \u0026nbsp;The array is then returned, which we can use in our final email action:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e \"actions\": {\u003cbr /\u003e \"index_payload\": {\u003cbr /\u003e \"logging\": {\u003cbr /\u003e \"text\": \"{{ctx.alerts}}\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"email_alert\" : {\u003cbr /\u003e \"email\": {\u003cbr /\u003e \"to\": \"'John Doe \u0026lt;john.doe@example.com\u0026gt;'\",\u003cbr /\u003e \"subject\": \"Atlas Alerts Triggered!\",\u003cbr /\u003e \"body\": \"Metrics that appear anomalous: {{ctx.alerts}}\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIn the last part of the watch, we perform two actions. \u0026nbsp;First, we log the anomalies (for debugging purposes). \u0026nbsp;We also define an email_alert, which will fire off an email. \u0026nbsp;The body of the email can use mustache for templating, which is how we can embed the list of alerts (via {{ctx.alerts}}, the array we built in the transformation step)\u003c/p\u003e\u003ch2 dir=\"ltr\" style=\"line-height: 1.38;margin-top: 18pt;margin-bottom: 6pt;\"\u003eConclusion\u003c/h2\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAnd that’s it! \u0026nbsp;The watches are long, but relatively straightforward when you work through them step-by-step. \u0026nbsp;All the difficult work was done in Part 1 and\u0026nbsp;2...moving the logic into Watcher is mostly\u0026nbsp;trivial.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eOnce these watches are enabled, the cluster will automatically start monitoring and alerting on an hourly basis. \u0026nbsp;It is very tunable because watches can be modified at any time via API calls. You could make the interval shorter or longer, extend the amount of data in each aggregation pass, modify any of the aggregation settings, change the types of moving averages in the pipeline agg, introduce entirely new metrics,\u0026nbsp;etc. \u0026nbsp;It is a very easy system to tweak even once it is live and in production.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan\u003e\u003c/span\u003eI hope you’ve enjoyed this three-part series. \u0026nbsp;It was a very fun project to work on, and really helped me understand the power that pipeline aggregations, Timelion and Watcher bring to the table (especially when combined). \u0026nbsp;Until next time!\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:52:43.018Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"bltfda3d7019e246c37","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:54:31.474Z","updated_at":"2018-10-09T10:54:31.474Z","content_type":"image/jpeg","file_size":"103567","filename":"timelion-dashboard-anomaly-detector.jpg","title":"timelion-dashboard-anomaly-detector.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:14:46.139Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfda3d7019e246c37/5bbc88e7bb1e335136d9e8f2/timelion-dashboard-anomaly-detector.jpg"},"markdown_l10n":"","publish_date":"2015-12-16T16:11:21.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Implementing a Statistical Anomaly Detector in Elasticsearch - Part 3","seo_description_l10n":"In the final article of this three-part series, we build a fully automated anomaly detector using Watcher to send email alerts.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt12f7710e8fc6bd66","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:43:42.568Z","updated_at":"2018-10-09T10:43:42.568Z","content_type":"image/svg+xml","file_size":"5225","filename":"graph-watcher.svg","title":"graph-watcher.svg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T03:14:46.139Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt12f7710e8fc6bd66/5bbc865e63ed239936a7db02/graph-watcher.svg"},"title":"Implementing a Statistical Anomaly Detector in Elasticsearch - Part 3","title_l10n":"Implementing a Statistical Anomaly Detector in Elasticsearch - Part 3","updated_at":"2025-03-10T10:34:39.377Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/implementing-a-statistical-anomaly-detector-part-3","publish_details":{"time":"2025-03-10T10:34:43.420Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1821],"blogV2entries":[[{"uid":"blt1de8c55f6f6997fd","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic and Tines unveil Tines Workflow Automation, a new product offering available through Elastic that brings orchestration and automation to security and observability teams.","author":["blt91eeaf08ab3d1d6a","bltc2f4d6e97d81ab56","bltcfe4b34171051a0b"],"category":["bltb79594af7c5b4199"],"created_at":"2025-03-18T18:05:31.377Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs705c79d4a74dc858"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Tines are unveiling an integrated product offering to transform the crucial work of security and observability teams. We’re excited to introduce Tines Workflow Automation, available directly through Elastic. This seamless package extends Elastic with the orchestration and automation capabilities of Tines, equipping SOC teams with security orchestration, automation, and response (SOAR) and observability teams with incident response automation. Together, Elastic and Tines strengthen defenses and ensure operational resilience, maximizing the return on your existing technology investments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"From complexity to clarity","_metadata":{"uid":"csbd58d0b135d443a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday’s digital world inundates organizations with a deluge of data, alerts, and issues requiring intervention. Security analysts must tackle threats fast enough to prevent harm, while SREs and DevOps engineers grapple with identifying and resolving performance problems before users are affected. Many of these teams are understaffed and overburdened, and the nature of their work requires coordinating efforts across departments and systems.\u003cbr /\u003e\u003cbr /\u003eThe common thread is that practitioners must be able to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eanalyze\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eact\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e across the IT environment, without data silos or workflow breakdowns blocking the way. They require real-time insights to cut through the noise and automation to keep pace. And they need these capabilities to function seamlessly.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Turn data into insights — and insights into action","_metadata":{"uid":"cs93f975c2fa11fbae"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Tines transform security and observability programs by augmenting Elastic’s solutions with Tines’ intuitive, AI-powered workflow orchestration and automation solution.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s Search AI Platform provides groundbreaking log management, advanced analytics, and AI features. You can ingest and normalize information of almost any kind (including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003ecustom data in just minutes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e), swiftly \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003e\u003cspan style='font-size: 12pt;'\u003esearch years of archives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and tackle use cases with machine learning (ML), alerting, and AI.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTines enables teams of all sizes and skill sets to \u003c/span\u003e\u003ca href=\"https://www.tines.com/product/?utm_source=Elastic\u0026utm_medium=partner\u0026utm_campaign=launch\"\u003e\u003cspan style='font-size: 12pt;'\u003ebuild, run, and monitor their most important workflows\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAI and workflow orchestration \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eplatform gives teams the tools to enrich data, add contextualization, and \u003c/span\u003e\u003ca href=\"https://www.tines.com/guides/essential-guide-to-workflow-automation/security/?utm_source=Elastic\u0026utm_medium=partner\u0026utm_campaign=launch\"\u003e\u003cspan style='font-size: 12pt;'\u003emeet users where they are\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (natural language, no code, low code, or bring your own code). As a result, they get greater value and experience fewer silos from their disparate data and alerting systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach platform plays a vital role. Elastic delivers real-time insights at unprecedented scale, arming practitioners to ask the right questions, receive relevant answers, and make informed decisions. Tines then propels resulting workflows —\u0026nbsp;from the simplest routine tasks to the most sophisticated multi-stage, multi-system responses.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth technologies can be deployed in the cloud or on-premises, and both smoothly scale from the needs of a start-up to the demands of a global enterprise.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrate, automate, celebrate","_metadata":{"uid":"cs6909b0e12618e12b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrebuilt bidirectional connections make it easy to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/tines-action-type.html\"\u003e\u003cspan style='font-size: 12pt;'\u003elink Elastic alerts with Tines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/tines.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eanalyze data from Tines in Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and connect many other systems in your environment.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow for the fun part. You can quickly find and implement workflows in the \u003c/span\u003e\u003ca href=\"https://www.tines.com/library/tools/elastic/?utm_source=Elastic\u0026utm_medium=partner\u0026utm_campaign=launch\"\u003e\u003cspan style='font-size: 12pt;'\u003eTines library\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, including sequences contributed by Elastic’s SOC team and other community members. Popular automations include enriching alerts, quarantining compromised hosts, and revoking privileged access.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWant to start with a blank slate? Tines offers an intuitive workflow builder that allows you to incorporate your organization’s preexisting processes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8694ae47ca225149"}}},{"image":{"image":{"uid":"blte8430abcffb35476","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-18T18:43:30.681Z","created_by":"blte369ea3bcd6ac892","file_size":"318764","filename":"tines-workflow-builder.png","parent_uid":null,"tags":[],"title":"tines-workflow-builder.png","updated_at":"2025-03-18T18:43:30.681Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T12:30:00.498Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte8430abcffb35476/67d9bed264766010febf2cdc/tines-workflow-builder.png"},"_metadata":{"uid":"cs5908a91a13f5ae15"},"caption_l10n":"","alt_text_l10n":"Tines workflow builder","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse8608930bcfc9e17"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCases\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e propel investigation and remediation by centralizing critical information and enabling collaboration across your team.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0a6dcecda29f1d31"}}},{"image":{"image":{"uid":"blt67721c105593f69c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-18T18:44:44.347Z","created_by":"blte369ea3bcd6ac892","file_size":"142203","filename":"tines-case.png","parent_uid":null,"tags":[],"title":"tines-case.png","updated_at":"2025-03-18T18:44:44.347Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T12:30:00.530Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67721c105593f69c/67d9bf1ccca70a2e833a0a41/tines-case.png"},"_metadata":{"uid":"csc8f8fec939443b3d"},"caption_l10n":"","alt_text_l10n":"Tine case","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82aa1f90d6e09b12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003eDashboards visualize data from Cases and Records, streamlining monitoring and reporting on workflow performance.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs017a7f12ffcfa57e"}}},{"image":{"image":{"uid":"bltfd9ce5b40c28182c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-18T18:45:54.344Z","created_by":"blte369ea3bcd6ac892","file_size":"110713","filename":"tines-dashboard.png","parent_uid":null,"tags":[],"title":"tines-dashboard.png","updated_at":"2025-03-18T18:45:54.344Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T12:30:00.513Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfd9ce5b40c28182c/67d9bf62fa2ac21dcc3602f5/tines-dashboard.png"},"_metadata":{"uid":"cs8261aa3045c0f075"},"caption_l10n":"","alt_text_l10n":"Tines dashboard","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"The power of Elastic with Tines Workflow Automation","_metadata":{"uid":"csfc1d7cc503ccc9a5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic delivers a robust set of tools designed to propel analysis — and with Tines Workflow Automation, its capabilities reach a whole new level.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResolve issues faster:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Connect disjointed systems, coordinate across teams, and harness AI to expedite investigation and response.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRaise operational efficiency: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003eBuild workflows and leverage AI features to empower your team to work repetitive tasks faster and more consistently.\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eReduce costs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Mitigate security incidents, avoid costly service disruptions, and handle growing demands with your existing resources.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eExecute consistently:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Standardize operating procedures, foster collaboration, and embed transparency to drive continuous improvement.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csf9bfc20af9932157"}}},{"quotes":{"quote_l10n":"“We can use Elastic and Tines to build workflows that actually fit our needs and help us accomplish what we need to accomplish. And I can’t say the same for a lot of the other software vendor combinations.”","_metadata":{"uid":"cs6f838382fc72ae4f"},"quote_author_l10n":"Braxton Williams, Engineering Manager, Texas A\u0026M System Cyber Operations","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Elevate your SOC with SOAR","_metadata":{"uid":"cscde0ae0a4f96fea0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/false-positives-automated-siem-investigations-elastic-tines\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAugment Elastic Security with Tines Workflow Automation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to leverage AI-driven security analytics with SOAR:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOrchestration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Effortlessly coordinate complex workflows across different systems and business units.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAutomation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Free up valuable analyst time to focus on high-priority threats and strategic initiatives by automating actions across your IT ecosystem.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResponse:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Minimize the frequency and impact of cyber incidents by tracking and managing fast and effective measures.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Reach your observability goals faster","_metadata":{"uid":"cs6fe6490139ce6154"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.tines.com/blog/elastic-observability-and-tines/?utm_source=Elastic\u0026utm_medium=partner\u0026utm_campaign=launch\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePair Elastic Observability with Tines Workflow Automation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to prevent outages, accelerate problem resolution, and enhance operational efficiency through intelligent orchestration:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMonitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Seamlessly aggregate and analyze telemetry data across your entire technology stack.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAnalysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Enable teams to focus on service improvements by automating routine monitoring and investigation tasks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Reduce downtime and service degradation through automated troubleshooting and remediation workflows.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Achieve measurable results","_metadata":{"uid":"csb67c910bd9676363"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Tines are long-time partners, currently serving over 60 joint customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Tines Workflow Automation is a force multiplier,” notes Santosh Krishnan, GM of security and observability at Elastic. “We’re glad to make this strategic offering available publicly in unison with Elastic Security and Elastic Observability.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“The time it takes to turn insights into action often determines the effectiveness of security and observability teams,” said Eoin Hinchy, founder and CEO at Tines. “By connecting real-time analysis and AI-powered workflows, the combined offering from Elastic and Tines minimizes that time. This results in faster issue resolution, reduced costs, and, of course, less stress and workload on practitioners.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic counts on the Tines platform within its SOC. Aaron Jewitt, principal detection engineer at Elastic, estimates that it handles the workload of 95 full-time employees, explaining that “we automate many tasks that would be impossible to complete otherwise.”\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What will you automate first?","_metadata":{"uid":"cs718f0a8e1502cd20"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Tines are teaming up to help teams work smarter, respond faster, and achieve more. Explore our unified offering and contact Elastic to unlock the full potential of your security and observability programs:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExperience a free trial of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and connect it with \u003c/span\u003e\u003ca href=\"https://www.tines.com/blog/announcing-the-tines-community-edition/?utm_source=Elastic\u0026utm_medium=partner\u0026utm_campaign=launch\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTines community edition\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSee Tines and Elastic in action in a \u003c/span\u003e\u003ca href=\"https://www.databreachtoday.com/webinars/texas-am-university-system-cyber-operations-drives-efficient-scaling-w-6164?rf=elasticxtines\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecase study webinar\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with Texas A\u0026amp;M University System Cyber Operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eContact us\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to learn more about Elastic + Tines.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"","_metadata":{"uid":"cs1f794af14248a662"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdbca444744d4ee35"}}}],"publish_date":"2025-03-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":" Elastic and Tines partner to orchestrate and automate team workflows","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Automate your security and observability workflows with Tines Workflow Automation, now available directly from Elastic","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AIOps","label_l10n":"AIOps","keyword":"aiops","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2690a3f48e0fb443","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:07:47.588Z","updated_at":"2023-11-06T20:07:47.588Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.779Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte799688802bb242c","ACL":{},"created_at":"2023-11-06T21:32:44.031Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"soar","label_l10n":"SOAR","tags":[],"title":"SOAR","updated_at":"2023-11-06T21:32:44.031Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.584Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt4c21aa7fe852d60e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-18T18:05:30.208Z","created_by":"blte369ea3bcd6ac892","file_size":"44660","filename":"Elastic_Tines-announcement_blog.png","parent_uid":null,"tags":[],"title":"Elastic_Tines-announcement_blog.png","updated_at":"2025-03-18T18:05:30.208Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T12:30:00.482Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4c21aa7fe852d60e/67d9b5ea1c40c5bb82b21d09/Elastic_Tines-announcement_blog.png"},"title":"Elastic and Tines team up to offer SOAR and AIOps","title_l10n":" Elastic and Tines team up to offer SOAR and AIOps","updated_at":"2025-03-19T01:17:47.131Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-tines-automate-security-observability","publish_details":{"time":"2025-03-19T15:43:22.054Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt86615aaf0ea465be","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how to detect OS Credential Dumping (T1003) in this comprehensive guide. Learn how to unmask adversaries, protect your credentials, and fortify your defenses with actionable insights and ES|QL queries tailored for detection.","author":["bltd7e3256924767ce0"],"category":["blte5cc8450a098ce5e"],"created_at":"2025-03-17T17:30:51.357Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs23a5c41df52d3427"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the shadowy depths of your network, whispers grow louder — something isn’t right. Adversaries are on the prowl, targeting the very keys to your kingdom: your credentials. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eT1003 - OS Credential Dumping\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is their weapon of choice to steal password hashes and sensitive authentication materials. They quietly harvest secrets to impersonate users, escalate privileges, and move laterally through your environment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2ba24d81556374ad"}}},{"image":{"image":{"uid":"bltf853a5d0fbb413bf","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-17T18:01:59.278Z","created_by":"blte369ea3bcd6ac892","file_size":"1831871","filename":"Hunting-with-Elastic-Security.png","parent_uid":null,"tags":[],"title":"Hunting-with-Elastic-Security.png","updated_at":"2025-03-17T18:01:59.278Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T15:00:00.955Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf853a5d0fbb413bf/67d8639702de2038be5a6585/Hunting-with-Elastic-Security.png"},"_metadata":{"uid":"csf59206df4302d610"},"caption_l10n":"","alt_text_l10n":"Hunting-with-Elastic-Security","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs839e6e7528921412"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProtecting credentials is critical to maintaining the confidentiality, integrity, and availability of your systems. The challenge is to uncover signs of OS Credential Dumping and assess whether an adversary has attempted to harvest sensitive authentication data — or confirm that your defenses are holding strong.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis hunt matters because once credentials are stolen, the door to your infrastructure is left wide open. It’s time to arm yourself, dig into the logs, and expose their movements. The hunt for OS Credential Dumping begins now. Can you track the adversaries lurking within your systems and unmask their tricks? Let’s sharpen our tools and find out!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Understanding the technique","_metadata":{"uid":"cs04c88fba514353f9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/\"\u003e\u003cspan style='font-size: 12pt;'\u003eT1003 - OS Credential Dumping\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a technique within the \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/\"\u003e\u003cspan style='font-size: 12pt;'\u003eMITRE ATT\u0026amp;CK\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e® framework that adversaries use to obtain credentials stored in operating systems. By extracting password hashes, plaintext passwords, or authentication tokens, attackers gain the ability to impersonate legitimate users, escalate privileges, and move laterally across your environment. The technique is categorized under the \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/tactics/TA0006/\"\u003e\u003cspan style='font-size: 12pt;'\u003eCredential Access tactic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, as it directly targets sensitive credentials to advance an attack.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eT1003 includes several dangerous \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003esub-techniques\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e that highlight the diverse ways adversaries can dump credentials:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/001/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLSASS Memory (T1003.001)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Targeting the LSASS process to retrieve credentials stored in memory (Tools like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eMimikatz\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are often used here.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/002/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity Account Manager (SAM) (T1003.002)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Extracting local account credentials from the SAM registry hive\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/003/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNTDS (T1003.003)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Dumping credentials from the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eNTDS.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file in Active Directory environments, compromising domain accounts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/004/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLSA Secrets (T1003.004)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Extracting cached credentials and service account information stored in registry keys\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/005/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCached Domain Credentials (T1003.005)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Accessing credentials cached locally on Windows systems to enable offline authentication\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/006/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDCSync (T1003.006)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Simulating domain controller replication to retrieve credentials from Active Directory without running code on the DC\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/007/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProc Filesystem (T1003.007)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Dumping credentials from Linux systems using the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/proc\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e filesystem\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1003/008/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e/etc/passwd and /etc/shadow (T1003.008)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Retrieving user account details and hashed passwords from Unix-based systems\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf left undetected, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOS Credential Dumping\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e can lead to catastrophic consequences. Attackers who gain access to credentials can bypass authentication mechanisms, impersonate privileged users, and maintain Persistence throughout your network. This compromises confidentiality as sensitive accounts and systems are exposed, disrupts integrity by allowing unauthorized access, and jeopardizes availability as attackers escalate privileges to disable critical systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the broader MITRE ATT\u0026amp;CK framework, T1003 is a gateway for attackers to pivot from Credential Access to other phases of an attack, such as Lateral Movement, Persistence, and even Impact. Failing to detect and mitigate this technique can allow adversaries to establish control over your environment, leading to data theft, ransomware deployment, or complete system compromise.\u003cbr /\u003e\u003cbr /\u003eUnderstanding the significance of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eT1003\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is paramount — hunting for this activity ensures you can protect the keys to your kingdom before attackers use them against you.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data sources to optimize the hunt","_metadata":{"uid":"cs988a996df239b865"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDetecting \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOS Credential Dumping (T1003)\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e requires leveraging a combination of logs, monitoring tools, and data sources that provide visibility into process execution, file access, registry manipulation, and memory interactions. Below is a breakdown of essential data sources and what they detect, a as well as recommended Elastic integrations to optimize the hunt:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e1. Process monitoring\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Processes interacting with LSASS memory \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e(lsass.exe)\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, tools like Mimikatz, and suspicious process creation events\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Critical for detecting tools or scripts attempting to dump credentials in memory\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/windows.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWindows Integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party to monitor process creation events, command-line arguments, and anomalous behavior.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e2. Windows event logs (security and system)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Unauthorized access to registry hives (SAM, SECURITY), system files \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e(ntds.dit)\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and cached credentials; also flags Privilege Escalation attempts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Provides insights into adversary access to sensitive files and resources\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUse \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/windows.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWindows Integration\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003efor to capture relevant Security Event IDs such as: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEvent ID 4663\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Object Access (File or Registry), \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEvent ID 4688\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Process Creation, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEvent ID 4656\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Handle Requested for Object Access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e3. File access logs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Attempts to access sensitive files like:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eC:\\\\Windows\\\\System32\\\\config\\\\SAM\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e stores local user account password hashes for authentication\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eC:\\\\Windows\\\\System32\\\\config\\\\SECURITY\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e contains system security policies, including local security authority (LSA) secrets\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eNTDS.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for Active Directory credential dumping\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Helps detect unauthorized attempts to copy or dump system files\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/fim.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFile Integrity Monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eor another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003efor file integrity monitoring and file access tracking.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e4. Registry monitoring\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Adversaries accessing or exporting registry hives, such as SAM, SECURITY, or SYSTEM, to retrieve credential data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Monitors manipulation of critical registry keys and hive exports using commands like \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ereg save\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eor another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party to detect suspicious changes or access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e5. Memory forensics\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Tools accessing LSASS memory (e.g., Mimikatz) to extract credentials\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIdentifies in-memory attacks that bypass file-based detection mechanisms\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or tools like \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVolatility\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to analyze memory dumps for credential access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e6. Command execution logs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Suspicious commands used to dump credentials, such as:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ereg save\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e exports registry hives, including SAM and SECURITY, which store credential and security policy data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003evssadmin\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e creates a Volume Shadow Copy, often used to access locked system files like NTDS.dit\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003elsass.exe \u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003edumps using tools like \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eprocdump.exe\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Critical for identifying commands or scripts used to trigger credential dumping activities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party to monitor command-line executions and log PowerShell events.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e7. Audit logs for Active Directory\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Access to the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eNTDS.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file or abnormal replication activity (DCSync attacks)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Protects domain credentials by monitoring access to key AD data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party for Active Directory logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e8. Linux audit logs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Attempts to access \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/proc/mem\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/etc/passwd\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/etc/shadow\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e files on Linux systems\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Monitors credential dumping attempts on Unix-based systems\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/endpoint-security.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/fim.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFile Integrity Monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e, \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eor another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party with File Integrity Monitoring to track access to these sensitive files.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Threat hunting with ES|QL queries","_metadata":{"uid":"cs3a9801463ebb0f5b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eES|QL\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e queries to track down Credential Dumping activities, as we can query and analyze large volumes of security data within Elasticsearch. ES|QL enables analysts to write intuitively, correlate events, and uncover anomalies associated with techniques like OS Credential Dumping. By leveraging ES|QL’s powerful filtering, aggregation, and transformation capabilities, SOC teams can quickly pinpoint suspicious process activities, anomalous file access patterns, or unauthorized registry changes. This approach simplifies complex hunting tasks, making it easier to detect, investigate, and respond to potential threats in real time while leveraging the flexibility and speed of the Elastic Stack.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 1: Detect processes accessing LSASS memory (T1003.001)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc3019d1a9d9b6ee2"}}},{"code":{"code":"FROM logs-*\n| WHERE TO_LOWER(process.name) == \"lsass.exe\"\n AND TO_LOWER(process.parent.name) IN (\"procdump.exe\", \"mimikatz.exe\", \"powershell.exe\")\n| KEEP process.name, process.parent.name, process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs3c913b40568f7413"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd7dd8f66c9d4f1a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query identifies processes interacting with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elsass.exe\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, a common target for credential dumping tools like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eMimikatz\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eProcdump\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Accessing LSASS memory is a key indicator of T1003.001.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 2: Monitor registry hive exports (T1003.002)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd2e1da70aa38c107"}}},{"code":{"code":"FROM logs-*\n| WHERE process.command_line LIKE \"*reg save*\" \n AND (process.command_line LIKE \"*\\\\\\\\sam*\" \n OR process.command_line LIKE \"*\\\\\\\\security*\" \n OR process.command_line LIKE \"*\\\\\\\\system*\")\n| KEEP process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs8e4f3c76224f9c5c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1710db267150655c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query flags the use of the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ereg save\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e command, which adversaries use to export the SAM, SECURITY, and SYSTEM registry hives. These files contain credential information.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 3: Detect NTDS.dit access for Active Directory dumping (T1003.003)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs671600cfc112acdb"}}},{"code":{"code":"FROM logs-*\n| WHERE TO_LOWER(file.path) LIKE \"*\\\\\\\\ntds.dit\"\n AND TO_LOWER(event.action) == \"access\"\n| KEEP file.path, user.name, host.name, @timestamp\n\n","_metadata":{"uid":"cs2c52f6585acddb93"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6abddd38aef6d040"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Adversaries dump the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003entds.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file to retrieve domain credentials. This query detects unauthorized access attempts to the NTDS file in Active Directory environments.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 4: Detect suspicious DCSync behavior (T1003.006)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs05e8e332d0dac093"}}},{"code":{"code":"FROM logs-*\n| WHERE event.action == \"replication\" \n AND user.name != \"domain_admin\"\n| KEEP event.action, user.name, host.name, @timestamp\n","_metadata":{"uid":"csb710f0a2cf6f01e4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs02bca76a89aea0a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The DCSync attack allows an adversary to impersonate a domain controller and retrieve credentials. This query looks for abnormal replication requests from non-admin accounts.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 5: Monitor access to /etc/passwd and /etc/shadow (T1003.008)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7c1694f0ddbfeb06"}}},{"code":{"code":"FROM logs-*\n| WHERE file.path IN (\"/etc/passwd\", \"/etc/shadow\") AND event.action == \"read\"\n| KEEP file.path, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs3e8687456177a5c5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb1cc45f47d3b7a15"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e On Unix-based systems, attackers dump \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/passwd\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/shadow\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e files to obtain user account information and password hashes. This query detects unauthorized read access.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 6: Identify cached domain credential dumps (T1003.005)\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs42b719ed5f15ef3b"}}},{"code":{"code":"FROM logs-*\n| WHERE process.command_line LIKE \"*reg.exe*\" \n OR process.command_line LIKE \"*HKLM\\\\\\\\SECURITY*\"\n| KEEP process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs860b1ff7994a1f92"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6686287b181677c4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Cached domain credentials are often stored in the SECURITY hive. This query detects attempts to dump cached credentials using registry commands.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 7: Detect Mimikatz execution in command-line\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3939ea8bcfc3045e"}}},{"code":{"code":"\nFROM logs-*\n| WHERE process.command_line LIKE \"*mimikatz*\"\n| KEEP process.name, process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs11da0833bf591a4d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs19daeda9982b937b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Mimikatz is a popular tool for credential dumping. This query flags direct invocations of Mimikatz or similar tools in the command line.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 8: Identify suspicious use of Procdump for LSASS dumping\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9c6fcd90fdc9605a"}}},{"code":{"code":"FROM logs-*\n| WHERE process.command_line LIKE \"*procdump*\" \n AND process.command_line LIKE \"*lsass*\"\n| KEEP process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"csaa4466e6a2529fad"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs58de093bba0a864e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Procdump is sometimes used to dump LSASS memory. This query detects any use of Procdump targeting LSASS.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 9: Detect unusual file access on SAM registry hive\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f6e263d0ae1a0f0"}}},{"code":{"code":"FROM logs-*\n| WHERE file.path LIKE \"C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\config\\\\\\\\SAM\"\n AND event.action IN (\"read\", \"access\", \"open\")\n| KEEP file.path, user.name, process.name, host.name, @timestamp\n","_metadata":{"uid":"csc350d6693923f27f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ddd0ca3d6430d1d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query detects command-line activity indicative of Credential Dumping or data extraction.The SAM registry hive contains hashed credentials. This query detects any unauthorized attempts to read or access the file.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 10: Monitor volume shadow copy usage\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d9444f707710c0d"}}},{"code":{"code":"FROM logs-*\n| WHERE TO_LOWER(process.command_line) LIKE \"*vssadmin*\" \n AND TO_LOWER(process.command_line) LIKE \"*create shadow*\"\n| KEEP process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"csedcf193eeb4b186b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbe91d1febc942028"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Adversaries create shadow copies to bypass file locks and access sensitive files like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003entds.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This query monitors the creation of shadow copies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 11: Detect tools accessing /proc/mem for credential dumps\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2889c703e8040cd6"}}},{"code":{"code":"FROM logs-*\n| WHERE TO_LOWER(file.path) LIKE \"/proc/*\" \n AND TO_LOWER(process.name) IN (\"gcore\", \"dd\", \"cat\")\n| KEEP file.path, process.name, user.name, host.name, @timestamp\n","_metadata":{"uid":"csdd927dcec0278056"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbcb6cad9a5918b96"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e On Linux, adversaries can dump process memory via the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/proc\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e filesystem. This query identifies suspicious tools accessing \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/proc\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e paths.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 12: Detect large NTDS.dit file transfers\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8ca7064d96494d08"}}},{"code":{"code":"FROM logs-*\n| WHERE network.protocol == \"smb\"\n AND file.name LIKE \"ntds.dit*\"\n| KEEP file.name, source.ip, destination.ip, @timestamp\n","_metadata":{"uid":"csa59e5c45f2d65beb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf17841ab2b72e424"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query detects large SMB file transfers involving \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003entds.dit\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e , indicating possible exfiltration of Active Directory credentials.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 13: Monitor PowerShell scripts targeting LSASS\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4a04de4e734bba31"}}},{"code":{"code":"FROM logs-*\n| WHERE process.command_line LIKE \"*powershell*\" \n AND process.command_line LIKE \"*lsass*\"\n| KEEP process.command_line, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs9ef3ba95bedbdf27"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd84f3ff935ea68d7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Adversaries often use PowerShell scripts to dump LSASS memory. This query detects PowerShell commands targeting LSASS.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 14: Detect attempts to copy sensitive registry hives\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa201487b20345343"}}},{"code":{"code":"FROM logs-*\n| WHERE (file.path LIKE \"*\\\\\\\\SYSTEM\" \n OR file.path LIKE \"*\\\\\\\\SECURITY\" \n OR file.path LIKE \"*\\\\\\\\SAM\")\n AND event.action == \"copy\"\n| KEEP file.path, user.name, host.name, @timestamp\n","_metadata":{"uid":"cs059ac56f6419b49c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9b59c12f50f01685"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Attackers copy registry hives to extract credentials offline. This query detects such attempts.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery 15: Identify new tools writing to sensitive credential files\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2efb532dd5e87c85"}}},{"code":{"code":"FROM logs-*\n| WHERE (file.path == \"/etc/shadow\" \n OR file.path LIKE \"*\\\\\\\\SAM\" \n OR file.path LIKE \"*\\\\\\\\SECURITY\")\n AND event.action == \"write\"\n| KEEP file.path, user.name, process.name, host.name, @timestamp\n","_metadata":{"uid":"cs36d23e84c55a99c9"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb598b77c6f0ba994"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query monitors write operations to critical files like\u0026nbsp;\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/shadow\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or SAM, which may indicate tampering or malicious credential extraction attempts.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hunt efficiently","_metadata":{"uid":"cs5a82d909b3e54a5e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe whispers in your network have grown silent, but what did you uncover? Were you able to catch the adversary red-handed, dumping credentials from LSASS memory or exfiltrating the NTDS.dit file under the cover of darkness? Perhaps you followed the trails of registry exports, shadow copies, or suspicious processes trying to claim your keys to the kingdom. Whether you proved the adversary's activity or validated your defenses, you have strengthened your security posture and sharpened your detection capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRemember, OS Credential Dumping (T1003) is relied upon for escalating privileges, impersonating users, and traversing your environment like a ghost in the machine. The hunt for stolen credentials is a critical effort that can expose silent intruders before they wreak havoc. By monitoring LSASS access, registry hives, and file activity, you have not only thwarted today’s threats but also prepared for tomorrow’s battles.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, did you uncover the adversary, or can you confidently prove they weren’t there? Either way, your network is now safer, your defenses stronger, and your tools sharper. But stay vigilant — credential dumping remains a relentless adversarial technique, and the hunt is never truly over.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo elevate your threat hunting capabilities, check out the\u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/elevate-your-threat-hunting\"\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic Security Labs Threat Hunting package\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Stay ahead of adversaries with advanced detection strategies and keep refining your skills.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKeep hunting, and always stay one step ahead.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cse6d5f443093ef5eb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse06bdb712046c422"}}}],"publish_date":"2025-03-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt7a4eb1026ba18f63","ACL":{},"created_at":"2023-11-06T20:07:03.185Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"advanced-persistent-threat","label_l10n":"Advanced Persistent Threat (APT)","tags":[],"title":"Advanced Persistent Threat (APT)","updated_at":"2023-11-06T20:07:03.185Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:50.393Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8d69fdea14ecdbfc","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-03-17T17:29:37.511Z","created_by":"blte369ea3bcd6ac892","file_size":"119246","filename":"Blog_Header_Image-_ELK_Hunting_Series-2.jpg","parent_uid":null,"tags":[],"title":"Blog Header Image- ELK Hunting Series-2.jpg","updated_at":"2025-03-17T17:29:37.511Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-19T15:00:00.972Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d69fdea14ecdbfc/67d85c010c5905ca38fcfca5/Blog_Header_Image-_ELK_Hunting_Series-2.jpg"},"title":"Hunting with Elastic Security: Detecting credential dumping with ES|QL","title_l10n":"Hunting with Elastic Security: Detecting credential dumping with ES|QL","updated_at":"2025-03-18T20:31:02.864Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-security-detecting-credential-dumping","publish_details":{"time":"2025-03-19T15:44:12.052Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd4e064cad664b3d7","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Elasticsearch transforms data management in the aviation industry by enabling real-time analysis of vast amounts of information. Learn how we enhance customer experience through personalised services and quick data retrieval for customer support.","author":["bltcf42cb9c7bfeca25"],"category":["bltc17514bfdbc519df"],"created_at":"2025-03-03T17:00:36.900Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf374fe5304022ead"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDigital customer experience is no longer a luxury but a \u003c/span\u003e\u003ca href=\"https://www.which.co.uk/reviews/airlines/article/best-and-worst-airlines-a5EhC8N851et\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003enecessity for European airlines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. It drives customer satisfaction, enhances operational efficiency, and creates a sustainable competitive advantage. As the industry continues to evolve, airlines that prioritise investment in cutting-edge digital technologies and platforms will be better positioned to thrive in a dynamic and demanding market.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe ability to store, search, and analyse large volumes of data in real time plays a critical role in operations, customer service, safety, and compliance for airlines.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStrong adoption and execution of data management help airlines, airports, and service providers enhance operational efficiency, improve customer experiences, and gain competitive advantages. Poor adoption risks being stranded on the ground and a loss of competitive edge.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real-time search and analytics in a data-heavy industry","_metadata":{"uid":"csaa2bc2a1a14c584c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe aviation industry generates vast amounts of data daily, including flight schedules, passenger information, baggage tracking, aircraft maintenance logs, weather data, and operational metrics. Managing and deriving insights from this data is crucial but complex.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch — an open source, distributed search and analytics engine — has emerged as a transformative technology across industries for its ability to handle large volumes of unstructured data across varied datasets.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn practice, Elasticsearch’s ability to search and index data in real time is invaluable for tracking flight statuses and passenger information. Several European Airlines use Elasticsearch to monitor schedules and provide passengers with real-time updates on delays or gate changes. Similarly, airports deploy Elasticsearch to offer precise baggage tracking by integrating data from IoT-enabled tags and scanners, ensuring smoother operations and reducing lost luggage incidents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhanced customer experience through personalised services","_metadata":{"uid":"cs607f6b1b2f1b914e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eModern passengers expect a seamless travel experience that is often facilitated by personalised digital interactions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch powers sophisticated recommendation engines by analysing historical travel data, preferences, and real-time booking trends. For example, airlines can suggest ancillary services, such as extra baggage or lounge access, based on a passenger’s past behavior or preferences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFurthermore, Elasticsearch’s speed and scalability enable airlines to enhance customer service. By integrating Elasticsearch into customer support systems, airlines can quickly retrieve relevant data, such as booking history or frequent flyer status, to provide personalised and timely assistance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch enhances airside, too ","_metadata":{"uid":"csd96eb6e946d137a1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe power of Elasticsearch isn’t limited to landside. Airside, it can enhance predictive maintenance and safety, operational efficiency, and cost savings. Here are some of the use cases:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMaintenance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Aircraft maintenance involves analysing and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/airbus\"\u003e\u003cspan style='font-size: 12pt;'\u003ecentralising information across vast amounts of sensor data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, maintenance logs, and operational history to identify potential issues before they become critical.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCompliance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAviation authorities and airlines must be able to quickly search for and retrieve necessary documentation during audits or investigations. Because it can handle structured and unstructured data, Elasticsearch ensures that safety and regulatory compliance processes are both thorough and efficient.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOperational efficiency: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBy aggregating and analysing airport operations data, such as passenger flow, gate usage, and security line wait times, stakeholders can identify bottlenecks and optimise resource allocation. Airlines can also use Elasticsearch to analyse fuel consumption patterns, optimise routes, and reduce operational costs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, by indexing weather forecasts alongside historical flight data, Elasticsearch can help create models to anticipate and mitigate disruptions caused by adverse weather conditions — lowering costs and improving punctuality.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSafety:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This is the cornerstone of aviation. Elasticsearch contributes to safety by facilitating predictive maintenance. Aircraft maintenance involves analysing vast amounts of sensor data, maintenance logs, and operational history to identify potential issues before they become critical. This is achieved by ingesting and analysing this data in real time, enabling predictive analytics that help schedule maintenance efficiently and avoid costly downtime.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFraud detection and cybersecurity: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWith increased digitisation comes greater susceptibility to fraud and cyber attacks. Elasticsearch’s machine learning capabilities are used by customers in the aviation industry around the world. They use them to detect anomalies in data streams, such as unusual booking patterns or unauthorised access attempts. And real-time alerting systems help mitigate potential threats swiftly, protecting sensitive customer and operational data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch gives wings to data management ","_metadata":{"uid":"cs73747a63b08d685d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch is revolutionising how the aviation industry manages and analyses data. Its ability to process vast datasets in real time, provide actionable insights, and enhance both operational and customer-centric processes makes it an invaluable tool for airlines, airports, and other aviation stakeholders.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the industry continues to embrace digital transformation, Elasticsearch’s role in improving efficiency, safety, and customer satisfaction will only grow — cementing its place as a cornerstone technology in aviation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReady to start your journey? \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eSign up for a 14-day free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csfa583e5c3c4a55a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86745345abf06cb2"}}}],"publish_date":"2025-03-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blte63217e73b24f852","ACL":{},"created_at":"2023-11-06T21:49:35.924Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-frame-analytics","label_l10n":"Data frame analytics","tags":[],"title":"Data frame analytics","updated_at":"2023-11-06T21:49:35.924Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.093Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt5c7c769c44d0a39f","ACL":{},"created_at":"2020-06-17T03:22:38.187Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"automotive-manufacturing","label_l10n":"Automotive \u0026 manufacturing","tags":[],"title":"Automotive \u0026 manufacturing","updated_at":"2020-07-06T22:17:51.159Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.604Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdc295116bb7f305e","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:08.977Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:08.977Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"travel-transportation","label_l10n":"Travel \u0026 transportation","tags":[],"title":"Travel \u0026 transportation","updated_at":"2020-07-06T22:17:27.413Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt7a4eb1026ba18f63","ACL":{},"created_at":"2023-11-06T20:07:03.185Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"advanced-persistent-threat","label_l10n":"Advanced Persistent Threat (APT)","tags":[],"title":"Advanced Persistent Threat (APT)","updated_at":"2023-11-06T20:07:03.185Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:50.393Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"AIOps","label_l10n":"AIOps","keyword":"aiops","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2690a3f48e0fb443","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:07:47.588Z","updated_at":"2023-11-06T20:07:47.588Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.779Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdd4b5182721ccd42","ACL":{},"created_at":"2023-11-06T20:38:13.883Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"digital-experience","label_l10n":"Digital experience","tags":[],"title":"Digital experience","updated_at":"2023-11-06T20:38:13.883Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.180Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte6358c0a4368f192","ACL":{},"created_at":"2023-11-06T20:39:12.952Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"end-user-experience","label_l10n":"End user experience","tags":[],"title":"End user experience","updated_at":"2023-11-06T20:39:12.952Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:48.382Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Knowledge base search","label_l10n":"Knowledge base search","keyword":"knowledge-base-search","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2c020c0c24ae64ef","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:41:47.026Z","updated_at":"2023-11-06T20:41:47.026Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.958Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3c3c124c70b20f1e","ACL":{},"created_at":"2023-11-06T20:47:25.066Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"predictive-analytics","label_l10n":"Predictive analytics","tags":[],"title":"Predictive analytics","updated_at":"2023-11-06T20:47:25.066Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:06.368Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Search UI","label_l10n":"Search UI","keyword":"search-ui","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltaea23ea6eafbd6eb","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:31:21.217Z","updated_at":"2023-11-06T21:31:21.217Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.855Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd11e6308b4dbe770","ACL":{},"created_at":"2023-11-06T21:32:01.057Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-research","label_l10n":"Security research","tags":[],"title":"Security research","updated_at":"2023-11-06T21:32:01.057Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.638Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt3296a54c4e9420ae","_version":1,"title":"174142 - Blog header image- Elasticsearch in the aviation industry-2.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-23T02:08:34.835Z","updated_at":"2025-02-23T02:08:34.835Z","content_type":"image/jpeg","file_size":"180858","filename":"174142_-_Blog_header_image-_Elasticsearch_in_the_aviation_industry-2.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-18T17:50:32.634Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3296a54c4e9420ae/67ba832250b73077e87aec44/174142_-_Blog_header_image-_Elasticsearch_in_the_aviation_industry-2.jpg"},"title":"Elasticsearch in the aviation industry: A game-changer for data management","title_l10n":"Elasticsearch in the aviation industry: A game-changer for data management","updated_at":"2025-03-18T17:50:39.480Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elasticsearch-data-management-aviation","publish_details":{"time":"2025-03-18T17:52:11.318Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb804d682fce266d9","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Uncover hidden exfiltration attempts in your network with ELK Stack insights. Learn how to detect T1048 - Exfiltration Over Alternative Protocol, safeguard sensitive data, and outsmart adversaries leveraging covert channels.","author":["bltd7e3256924767ce0"],"category":["bltb79594af7c5b4199"],"created_at":"2025-03-12T01:49:04.925Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5c23e1f688d7da5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNot all network traffic is what it seems. Some flows conceal secrets, quietly exfiltrating sensitive data beyond your defenses. MITRE ATT\u0026amp;CK® T1048 - Exfiltration Over Alternative Protocol is a stealth technique adversaries use to smuggle data out of your environment by bypassing traditional security controls. Whether tunneling through ICMP, abusing DNS, or leveraging obscure application protocols, attackers exploit these alternative pathways to avoid detection and sneak critical information past your defenses.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs050d013626200aa5"}}},{"image":{"image":{"uid":"bltce2619a4ad3a01bf","_version":1,"title":"Hunting-with-Elastic-Security.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-12T01:40:24.759Z","updated_at":"2025-03-12T01:40:24.759Z","content_type":"image/jpeg","file_size":"135999","filename":"Hunting-with-Elastic-Security.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-12T20:41:06.507Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltce2619a4ad3a01bf/67d0e6083d54877c320f034a/Hunting-with-Elastic-Security.jpg"},"_metadata":{"uid":"cs3379f0ccadd997e3"},"caption_l10n":"","alt_text_l10n":"Hunting with Elastic Security","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs74f1a2c4bb45e809"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe risks are severe — intellectual property, credentials, or confidential data could be extracted without a trace. Could these seemingly ordinary data streams hide something more sinister? An adversary may already be using T1048 to outmaneuver your security. DNS queries, ICMP echoes, or unexpected protocol usage might be concealing exfiltrated data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog will arm you with the knowledge and tools to detect these covert exfiltration methods. By analyzing logs, dissecting traffic patterns, and leveraging ES|QL, you’ll uncover hidden threats and expose adversarial tactics. Can you stop data from slipping through the cracks, or will exfiltration routes remain undetected? It’s time to find out — the hunt begins now!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Understanding the technique","_metadata":{"uid":"cs7cb3372072e8b03b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/\"\u003e\u003cspan style='font-size: 12pt;'\u003eMITRE ATT\u0026amp;CK technique T1048\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, known as \"Exfiltration Over Alternative Protocol,\" involves adversaries transferring stolen data using protocols different from their primary command and control (C2) channels. This method enables attackers to bypass security measures that monitor standard C2 traffic, thereby reducing the likelihood of detection. Commonly exploited protocols include FTP, SMTP, HTTP/S, DNS, and SMB. Adversaries may also employ encryption or obfuscation to further conceal the exfiltration process. (\u003c/span\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/\"\u003e\u003cspan style='font-size: 12pt;'\u003eattack.mitre.org\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e)\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Sub-techniques of T1048","_metadata":{"uid":"csc69dc47e0256fc92"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003e1.\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/001/\"\u003e\u003cspan style='font-size: 11pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003eT1048.001: Exfiltration Over Symmetric Encrypted Non-C2 Protocol\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Adversaries exfiltrate data over a symmetrically encrypted network protocol distinct from the existing C2 channel. Symmetric encryption uses the same key for both encryption and decryption, necessitating a shared secret between communicating parties.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExample:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Utilizing protocols like HTTPS, where data is encrypted symmetrically after an initial key exchange, to transfer stolen information to a different server\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003e2.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 11pt;'\u003e \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/002/\"\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003eT1048.002: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e In this method, adversaries exfiltrate data using an asymmetrically encrypted protocol separate from the primary C2 channel. Asymmetric encryption employs a pair of keys — public and private — for encryption and decryption, enhancing security by eliminating the need for a shared secret.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExample:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Leveraging protocols that use asymmetric encryption for secure data transfer to an alternate destination\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003e3.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 11pt;'\u003e \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/003/\"\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003eT1048.003: Exfiltration Over Unencrypted Non-C2 Protocol\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Adversaries exfiltrate data over an unencrypted network protocol different from the main C2 channel. This approach may involve obfuscating data within protocols that are typically unencrypted, such as HTTP, FTP, or \u003c/span\u003e\u003ca href=\"https://www.akamai.com/glossary/what-is-dns-tunneling\"\u003e\u003cspan style='font-size: 12pt;'\u003eDNS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExample:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Embedding stolen data within HTTP requests to a web server controlled by the attacker without employing encryption, relying instead on data obfuscation techniques\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy leveraging alternative protocols, adversaries exploit gaps in security tools and monitoring strategies. For example, ICMP packets typically used for diagnostic purposes can be manipulated to carry data payloads, and DNS requests can be crafted to exfiltrate data under the guise of normal traffic. These tactics create significant challenges for defenders, who must analyze benign-looking traffic for hidden threats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnderstanding the significance of T1048 and its sub-techniques is critical for building robust defenses. By focusing on suspicious patterns in network traffic and scrutinizing less-monitored protocols, you can expose exfiltration attempts before they succeed. Proactively addressing these threats ensures your organization’s most valuable assets remain secure.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data sources to optimize the hunt","_metadata":{"uid":"cs5f34f7c7dfe62e8b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo effectively detect T1048 activities, consider the following data sources and their respective Elastic integrations:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e1. Application logs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Monitor logs from applications handling data transfers.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Unusual file downloads from cloud services like Google Drive or Microsoft OneDrive, such as multiple downloads by a single user in a short period\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/elastic_agent.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Agent\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can be configured with centrally managed\u0026nbsp; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and ship application logs to Elastic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e2. Cloud storage access logs: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTrack access to cloud storage services.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Unusual queries or access patterns, especially from unexpected sources, indicating potential improper permissions or unauthorized access\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/elastic_agent.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Agent\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can be configured with out-of-the-box \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations?search=cloud%20storage\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegrations to collect cloud storage\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e access logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e3. Command execution logs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Record executed commands and their arguments.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Commands that initiate data transfers, such as \u003cspan data-type='inlineCode'\u003ecurl,\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eftp\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003escp\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e,\u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e which may indicate exfiltration attempts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e You can leverage one of Elastic’s many \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to collect executed commands and their arguments. An integration you could utilize is the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/system.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSystem\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e4. File access logs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Monitor access to files, especially sensitive ones.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Access to or modification of files that may be staged for exfiltration\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/fim.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFile Integrity Monitoring Integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/endpoint.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can track file modification events.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e5. Network traffic logs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze network connections and data flows.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e New or unusual network connections, especially to untrusted hosts, and traffic patterns that don't conform to expected protocols\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e For network logs, you can leverage one of Elastic’s many \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Most firewall integrations will ingest the required data correctly. You could also utilize the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/network_traffic.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNetwork Packet Capture\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to capture and analyze network traffic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e6. User activity logs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Monitor and analyze user activity.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Users initiating large or unusual data transfers, which may be precursors to exfiltration\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/endpoint.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Endpoint Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eor another \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that collects logging information from a third party for monitoring user activity logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Threat hunting with ES|QL queries","_metadata":{"uid":"cs79aec23444ae3e42"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo uncover adversaries leveraging \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/techniques/T1048/\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eT1048 - Exfiltration Over Alternative Protocol\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we need to analyze network behaviors, process activities, and data flows for signs of hidden exfiltration. By leveraging \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/ecs/current/ecs-reference.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic Common Schema (ECS)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, these data sources are parsed and normalized into a consistent format, ensuring more effective correlation and detection across diverse logs. Below are \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eES|QL queries\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e designed to detect specific aspects of this technique, using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/ecs/current/ecs-ecs.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eECS fields\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to streamline analysis and enhance threat-hunting capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Identify non-standard protocol usage\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdc62669809afbedb"}}},{"code":{"code":"FROM logs-*\n| WHERE network.protocol NOT IN (\"http\", \"https\", \"ftp\") AND network.direction == \"egress\"\n| STATS bytes_out = sum (network.bytes) by source.ip,destination.ip, network.protocol\n","_metadata":{"uid":"csaff1508c2e793b55"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse9ec480d90848088"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query identifies traffic using \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003enon-standard protocols\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, excluding common ones like HTTP, HTTPS, FTP, and SSH. Non-standard protocols are less frequently used for legitimate purposes and are often exploited by adversaries for covert communication or data exfiltration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Cross-reference with firewall logs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc541ca6f4b89df4d"}}},{"code":{"code":"FROM logs-*\n| WHERE event.outcome == \"success\" AND destination.port IN (53, 123, 69)\n| KEEP destination.ip, rule.name, event.outcome","_metadata":{"uid":"cse0eeba404c06cd8b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc48721a7c007fb35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This query identifies \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003efirewall rules\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e that allow traffic on specific ports commonly associated with alternative protocols, such as DNS (port 53), NTP (port 123), or TFTP (port 69). Monitoring these logs helps uncover potential misconfigurations or malicious activity where attackers are leveraging non-standard ports for data exfiltration.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy correlating this data with other logs (e.g., application or host logs), analysts can validate the legitimacy of the traffic and identify malicious activities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Correlate with host-based connections\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc32b21f15d39577d"}}},{"code":{"code":"FROM logs-*\n| WHERE network.protocol == \"dns\" AND network.direction == \"egress\"\n| STATS bytes_out = sum(network.bytes) by source.ip, destination.ip, network.protocol\n","_metadata":{"uid":"csaa38021beb680482"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs641266ad66845247"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis query focuses on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ehost-based DNS connections\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a significant amount of outbound traffic. Monitoring host-level DNS activity allows analysts to identify endpoints generating excessive data transfers over DNS, which could signal suspicious behavior such as DNS tunneling for data exfiltration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Detect large outbound DNS queries\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csacacfe9d57ea2e39"}}},{"code":{"code":"FROM logs-*\n| WHERE network.protocol == \"dns\" \n| EVAL dns_length = length(dns.question.name)\n| WHERE dns_length \u003e 100\n| KEEP source.ip, destination.ip, dns.question.name, dns_length, @timestamp","_metadata":{"uid":"cs6c30e13a6bd33c1b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0dbc16eebc8aa4c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis query identifies \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003elarge DNS queries\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which may indicate suspicious activity such as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDNS tunneling\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. DNS is primarily used for resolving domain names into IP addresses, and legitimate DNS queries are typically concise. However, attackers can exploit the DNS protocol to encode and exfiltrate data, resulting in unusually large query lengths.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy monitoring the length of DNS queries and correlating them with known patterns of DNS tunneling, defenders can act quickly to block malicious domains or implement additional restrictions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis query provides a simple yet powerful mechanism for detecting potential data exfiltration attempts over DNS, allowing organizations to proactively address a common technique used by adversaries.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e5. Identify ICMP traffic with data payloads\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8bae03238f24ace8"}}},{"code":{"code":"FROM logs-*\n| WHERE network.transport == \"icmp\" \n AND network.bytes \u003e 0\n| KEEP source.ip, destination.ip, network.bytes, @timestamp","_metadata":{"uid":"cs48053ae95cbf09ba"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs030a85d63c964c13"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis query detects \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eICMP (Internet Control Message Protocol) traffic\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003enon-empty payload\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. ICMP is primarily used for diagnostic purposes, such as pinging a host to check its availability. Typically, ICMP packets carry minimal or no payload data, so the presence of a payload is unusual and can indicate covert activity.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e6. Monitor outbound FTP connections\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs264e80fddaba66a2"}}},{"code":{"code":"FROM logs-*\n| WHERE process.name == \"ftp\" AND network.direction IN (\"outbound\", \"egress\", \"external\")\n| KEEP user.name, source.ip, destination.ip, network.bytes, @timestamp","_metadata":{"uid":"cs417f72c2a8f49128"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs25ee8a7e1edece4b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis query focuses on detecting \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eoutbound FTP (File Transfer Protocol) connections\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. FTP is a protocol commonly used for transferring files between systems, both internally and externally. While legitimate in some environments, its use for outbound connections, especially to unknown or untrusted destinations, is a potential indicator of data exfiltration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e7. Identify outbound SMB traffic\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbe119b0d4a6ae9ce"}}},{"code":{"code":"FROM logs-*\n| WHERE network.protocol == \"smb\" AND network.direction IN (\"outbound\", \"egress\", \"external\")\n| KEEP source.ip, destination.ip\n","_metadata":{"uid":"cs542be39455fc542e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6f3ce9b517cc1b6b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplanation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis query focuses on detecting \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eoutbound SMB traffic\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which is often a red flag for potential data exfiltration. SMB (Server Message Block) is a protocol primarily used for file sharing, printer sharing, and other networked resource access within an organization’s internal network.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cstrong\u003e8. Detect abnormal application data transfer activity\u003c/strong\u003e\u003c/p\u003e\u003ch1\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/h1\u003e"}],"_metadata":{"uid":"cs2f61982f39981fdf"}}},{"code":{"code":"FROM logs-*\n| WHERE event.category == \"file\"\n AND process.name IN (\"dropbox\", \"google-drive\", \"onedrive\")\n AND event.action == \"creation\"\n AND file.size \u003e 5000000\n| KEEP user.name, process.name, event.action, file.size, source.ip, destination.ip, @timestamp","_metadata":{"uid":"cs39bd721df6cee496"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6daf263fd85c6032"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eExplanation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This query monitors \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eapplication logs\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for abnormal file uploads through popular file-sharing applications like Dropbox, Google Drive, and OneDrive. It flags large file uploads (over 5MB) that could indicate potential data exfiltration.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eCorrelating the process name \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e(process.name)\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with the user \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e(user.name)\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and upload size \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e(bytes_out)\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e provides deeper context, helping analysts differentiate between normal and suspicious activity.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"The next challenge: Stay vigilant","_metadata":{"uid":"cs34a676c528eb8646"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe hunt for exfiltration pathways has come to an end, but what did you uncover? Were the whispers in your network a false alarm, or did you expose an adversary stealthily siphoning data through alternative protocols? By digging into DNS queries, scrutinizing ICMP payloads, and monitoring less-traveled protocols, you’ve shone a light on hidden streams that could carry sensitive information beyond your defenses.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you found signs of T1048 - Exfiltration Over Alternative Protocol, you’ve taken critical steps to disrupt the adversary’s escape route and protect your organization’s most valuable assets. If not, your proactive approach has validated your defenses, ensuring your network is resilient against covert exfiltration attempts. Either way, your efforts have bolstered your security posture and sharpened your detection capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe challenge now is to remain vigilant. Adversaries are constantly refining their techniques, seeking new ways to bypass traditional monitoring. Remember, every DNS query, ICMP packet, or unusual protocol is a potential signal of malicious intent. The hunt may be over for today, but the lessons you’ve learned and the tools you’ve honed will serve you in future battles.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, did you catch the adversary in the act, or can you confidently say your defenses held firm? Either way, your network is safer, and your skills as a hunter are sharper. Want to stay ahead of the latest threats? Learn how Elastic Security can help you detect, investigate, and respond to modern attacks with cutting-edge research and techniques. Visit\u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to explore expert insights, real-world threat analysis, and powerful defense strategies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe logs don’t lie — let them guide your hunt.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs197f31ba8a3743b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa891133737b1ceae"}}}],"publish_date":"2025-03-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt7a4eb1026ba18f63","ACL":{},"created_at":"2023-11-06T20:07:03.185Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"advanced-persistent-threat","label_l10n":"Advanced Persistent Threat (APT)","tags":[],"title":"Advanced Persistent Threat (APT)","updated_at":"2023-11-06T20:07:03.185Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:50.393Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt4ea103fc5647f722","_version":1,"title":"1-175401 - Blog Header Image- ELK Hunting Series-1.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-12T01:38:45.228Z","updated_at":"2025-03-12T01:38:45.228Z","content_type":"image/jpeg","file_size":"97302","filename":"1-175401_-_Blog_Header_Image-_ELK_Hunting_Series-1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-12T20:41:06.495Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ea103fc5647f722/67d0e5a5a01ee932970610b1/1-175401_-_Blog_Header_Image-_ELK_Hunting_Series-1.jpg"},"title":"Hunting with Elastic Security: Detecting covert data exfiltration","title_l10n":"Hunting with Elastic Security: Detecting covert data exfiltration","updated_at":"2025-03-14T15:11:07.603Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-security-detecting-covert-data-exfiltration","publish_details":{"time":"2025-03-14T15:11:11.683Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt62a26b9c217a3102","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"This series gives you an inside look at how we're using generative AI in Elastic customer support. Join us as we share our journey in real time!","author":["blt57f0334083eb9790"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-06-27T18:49:32.722Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb3ef354065f10f37"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEmbark on a technical journey from zero to hero as we explore the development of a GenAI app for customer support. T\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/category/inside-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003eInside Elastic blog series\u003c/span\u003e\u003c/a\u003e \u003cspan style=\"font-size: 12pt;\"\u003eshowcases Elastic's internal operations solving real-world business challenges. This specific series will shed light on our journey to integrate generative AI into our customer success and support operations, providing you with a behind-the-scenes look at our process. We’re blogging about this capability as we’re building it, and we’re excited for you to join the ride!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI: The Next Frontier","_metadata":{"uid":"cs84b3616f4eb2629d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe launch of OpenAI's generative AI tools in late 2022 opened a world of possibilities for AI-generated content. Business leaders quickly sought ways to harness this technology for their unique challenges. This is especially true of our Customer Success and Support teams’ operations, after hearing questions from our leaders at Elastic like:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI improve customer support efficiency and effectiveness?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI enhance the customer experience and satisfaction?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI be integrated with existing customer support systems and processes?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI assist in automating repetitive tasks and free up support agents' time for more complex and strategic activities?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Field Engineering team, responsible for custom internal tooling, started to investigate generative AI and met at an offsite to brainstorm potential applications. Given we are Elastic, we were aware of our product’s search capabilities and how we integrate into the larger AI technology stack. However, technology alone doesn’t answer any of the questions above.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile discussing the possibilities of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we landed on two support workflows that we thought could benefit our internal teams and, as a result, our customers:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomated case summaries:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our support engineers spend a significant amount of time providing case summaries for escalation or transitioning a case from one engineer to another. Our hypothesis was that we could use generative AI to automate this process and increase our support team’s efficiency and effectiveness, improve issue resolution, and boost customer satisfaction overall.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDrafting an initial reply:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Service level agreements are a key benefit of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/support\"\u003e\u003cspan style='font-size: 12pt;'\u003esupport offering\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and ensuring timely response is paramount. We were unsure if the large language model (LLM) was smart enough to offer an accurate, relevant response, but we were convinced that our learnings from this process would be critical in deciding the next use case.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArmed with this decision, we decided to build a scalable proof of concept that would allow us to operationalize these workflows for a subset of our users while including a feedback mechanism to rate and improve quality.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building a proof of concept for feedback","_metadata":{"uid":"cs2ce87d0283eadfbf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor context, our Field Engineering team has built our system’s infrastructure on top of \u003c/span\u003e\u003ca href=\"https://cloud.google.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGoogle Cloud Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, with Salesforce \u003c/span\u003e\u003ca href=\"https://www.salesforce.com/service/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eService Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e powering our case management. This existing setup made it straightforward to integrate our initial proof of concept with \u003c/span\u003e\u003ca href=\"https://cloud.google.com/vertex-ai?\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eVertex AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which was already enabled internally and compliant with our security and privacy policies.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOf course, we knew Elastic would play a role in our design (and subsequent blogs will speak to that), but at this initial stage we were focused on the LLM itself and applying generative text to the outlined workflow. The very first architecture looked like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac2f8393231913a7"}}},{"image":{"image":{"uid":"bltcb97c512e241c08d","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:02.732Z","updated_at":"2024-06-27T18:50:02.732Z","content_type":"image/png","file_size":"245511","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.844Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcb97c512e241c08d/667db45ab113249b1a3a2706/1.png"},"_metadata":{"uid":"cs0fb120c63b220710"},"caption_l10n":"","alt_text_l10n":"architecture","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"banner":{"reference":[{"uid":"bltcd245d630daca83c","_content_type_uid":"banner"}],"_metadata":{"uid":"csd11e1a67b0672411"}}},{"title_text":{"title_text":[{"title_l10n":"Creating a case summary","_metadata":{"uid":"csc9a4c1bf96adc650"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt a high level, we wanted to keep the automation simple. We asked our CRM team to add a custom button on all cases that would call an external endpoint. That external endpoint was a Google \u003c/span\u003e\u003ca href=\"https://cloud.google.com/functions?\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCloud Function\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that did the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1.\u0026nbsp; The function accepted the Salesforce unique case ID as input and retrieved the case details as text.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2. The retrieved text would then be automatically sent to Vertex AI combined with the following \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/prompt-engineering\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eengineered prompt\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eWrite the summary of the following customer agent conversation in a paragraph? \\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003cspan\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eConsidering the conversation below, what are the pending actions by the Agent? Keep the response short.\\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eUse only the information from the conversation below:\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e${text}\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eProvide the answers in the dictionary format : {Summary:[], Pending Actions:[]}`;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. The AI-generated response was posted to the case via a Salesforce \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChatter Post\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThat was basically it! The lone exception was for long-running cases, where we had to break down the text into summaries of summaries. Once we landed on a design, we had this up and running in a week.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automating a draft initial reply","_metadata":{"uid":"csab444269458cbe13"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile a little more complex than case summaries, automating a reply for our support engineers to review was relatively straightforward. We leveraged an existing automation for all newly created cases and called a new Google \u003c/span\u003e\u003ca href=\"https://cloud.google.com/pubsub?\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePub/Sub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e queue to handle all the incoming requests separately. The Pub/Sub performed the following tasks:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. It stored the Case ID in the queue for when resources were available.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2. On execution, it passed the Case ID to a different Google Cloud Function that would extract only the customer’s initial request as text.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. The retrieved text would then be automatically sent to Vertex AI combined with the following engineered prompt:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eYou are an expert Elastic Support Engineer, using only Elastic products, provide a \\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eresponse with resolution to this email by a customer:\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e${text}\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"`;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4. The AI-generated response was posted to the case via a Salesforce Chatter Post.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAgain, a simple approach to capturing an initial draft reply that was scalable for the subset of cases we were looking at. This took us a few extra days to modify our existing code and the additional Pub/Sub functionality and took us roughly two weeks to complete.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing Vertex AI as our LLM for this proof of concept was an easy decision. We knew we would have plenty to think about related to LLM accuracy (see below), but the ease of connecting it with our existing infrastructure made this process much quicker. Much like search, the relevance of an AI-generated response is a deeper conversation and something we knew we would tackle next.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Capturing user feedback","_metadata":{"uid":"cscd558c80799bdfa3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn example of the previously mentioned Salesforce Chatter post:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb1ce0dcec516afd5"}}},{"image":{"image":{"uid":"blte1ccb7e67d424fc8","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:08.632Z","updated_at":"2024-06-27T18:50:08.632Z","content_type":"image/png","file_size":"115487","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.834Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1ccb7e67d424fc8/667db460abc513cfa45d0981/2.png"},"_metadata":{"uid":"cs7b18f3d25417227f"},"caption_l10n":"","alt_text_l10n":"support automation","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbaeb9ba00c954eca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn both use cases, draft reply and case summary, the decision to use Salesforce Chatter to deliver the AI-generated text was based on the idea that we could use standard Chatter features for \u003c/span\u003e\u003ca href=\"https://help.salesforce.com/s/articleView?id=sf.collab_feed_like.htm\u0026type=5\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\"likes\"\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to identify positive sentiment and threaded responses to capture subjective feedback. This was a critical step in the process and reduced friction in the feedback loop as users could work cases and provide their feedback in the same operational system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are much more sophisticated techniques for evaluating LLM accuracy, especially when Elasticsearch provides context. Still, we intentionally avoided that for the proof of concept as our data population was manageable, and we wanted to review every comment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Objectively evaluating results and making decisions","_metadata":{"uid":"cs1eb5eb9f37612fe3"},"header_style":"H2","paragraph_l10n":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDays Open\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e44\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerated Content\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e940\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFeedback\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e217\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePositive Sentiment\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e15.67%\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe initial user feedback yielded a ~16% positive response rate, which was lower than expected. Reviewing subjective feedback revealed that the LLM lacked in-depth knowledge of our products, which hindered its ability to address technical support queries. The model performed much better with generic summaries and responses that didn't require specific product knowledge. This highlighted a content gap, as the LLM was trained on public data and lacked access to key data sources like our product documentation and internal knowledge base articles.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBased on this data, we decided to add two new design principles:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRefine the input data: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe recognized the need for a more explicit input experience to provide clearer, more direct questions to the LLM for improved responses. This is equivalent to the “garbage in, garbage out” statement in data engineering.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSet a higher accuracy/sentiment threshold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Technical support requires high accuracy, so we aimed for a \u0026gt;80% benchmark and developed systems to measure and enhance accuracy at various stages.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGuided by these principles, we decided that the optimal experience would be to consolidate these and all other potential functions into a unified chat interface. That should help curate the inputs in a consistent way for better workflow and responses. Furthermore, we knew the next evolution would need to include Elasticsearch for improved response accuracy via a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eretrieval augmented generation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e architecture.\u0026nbsp; This should allow us to evaluate accuracy at scale and significantly improve the precision of our responses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Solving business problems","_metadata":{"uid":"cs40950c394c9b4dce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArmed with this data-backed understanding of how a large language model responds to our specific workflows and our decision to integrate the solution into a chatbot, we revisited the questions from our business leaders:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI improve customer support efficiency and effectiveness?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe believe we can build a self-service chatbot experience that will answer support related product questions. Support agents’ use of the chatbot will speed up their analysis and investigation, reducing mean time to resolution. In addition, new joiners can learn from the chatbot rather than other members of the team. This can reduce onboarding time and create capacity in existing team members who are fielding these questions today.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI enhance the customer experience and satisfaction?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Technology Services Industry Association (\u003c/span\u003e\u003ca href=\"https://www.tsia.com/who-we-are\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTSIA\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e), which works with thousands of support organizations, has years of research supporting the fact that customers \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eprefer\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e self-service over assisted support. Exposing a similar self-service chatbot can increase both user experience and customer satisfaction as real-time, relevant responses can reduce customer response times to milliseconds and don’t require reading through vast pages of documentation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI be integrated with existing customer support systems and processes?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur talented team of developers can easily integrate a chat experience into our custom Support Portal at the point where customers are asking these questions and leverage Elasticsearch for knowledge content search.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI assist in automating repetitive tasks and free up support agents' time for more complex and strategic activities?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport agents consistently search for product documentation, internal enablement content, and knowledge articles for an answer. Natural language chat is an evolution of these search activities that deliver contextual, relevant responses rather than recommending information to read. The efficiencies gained in search time alone will free up support agent time for other value-add, strategic activities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter a few months of gathering data, we presented our findings, designs, and plans for a chat-based Support AI Assistant to our stakeholders, aligned on the above outcomes, and moved from proof of concept to an approved project.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur customers and our community are at the heart of everything we do. When building any internal or external experience, we keep our Customers, 1st. Investing in this process allowed us to build an informed plan to execute against, keeping our customers front of mind.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"cs8633d8f7e155ba19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur Field Engineering team is now focused on developing a scalable, secure, and accurate Support AI Chat Assistant. This blog series will continue with regular updates, each installment highlighting a different aspect of our build process. Stay tuned for more insights and inspiration for your own generative AI projects.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTake a sneak peek at our current architecture:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac5924db3c65fd36"}}},{"image":{"image":{"uid":"blt118be6e915c596fa","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:14.625Z","updated_at":"2024-06-27T18:50:14.625Z","content_type":"image/png","file_size":"141109","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.854Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt118be6e915c596fa/667db466c8ca77b311cde359/3.png"},"_metadata":{"uid":"cs385d06149928aa63"},"caption_l10n":"","alt_text_l10n":"current architecture","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"Check out what's next in the series","_metadata":{"uid":"cs040f5fe406b98e35"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 2: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for Customer Support — Building a Knowledge Library\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 3: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for Customer Support — Designing a chat interface for chatbots... for humans\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 4:\u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elser-rag-search-for-relevance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e GenAI for Customer Support — Tuning RAG search for relevance\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLaunch blog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-customer-support-elastic-support-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Explore the Elastic Support Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb51c8571dc7e72c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOriginally published June 27, 2024; updated March 13, 2025.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e\u003cbr italic=\"[object Object]\"/\u003e\u003cbr italic=\"[object Object]\"/\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6a6327a5ef33e020"}}}],"publish_date":"2025-03-13","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Search UI","label_l10n":"Search UI","keyword":"search-ui","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltaea23ea6eafbd6eb","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:31:21.217Z","updated_at":"2023-11-06T21:31:21.217Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.855Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltedaba1c436cb0ded","ACL":{},"created_at":"2023-11-06T20:40:47.717Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"information-retrieval","label_l10n":"Information retrieval","tags":[],"title":"Information retrieval","updated_at":"2023-11-06T20:40:47.717Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:37.018Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltac88392b5d494907","_version":1,"title":"elastic-de-143903-V2_V1 (1).jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:49:31.019Z","updated_at":"2024-06-27T18:49:31.019Z","content_type":"image/jpeg","file_size":"130759","filename":"elastic-de-143903-V2_V1_(1).jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.819Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltac88392b5d494907/667db43bbbf7b42e25a74e95/elastic-de-143903-V2_V1_(1).jpeg"},"title":"GenAI for customer support — Part 1: Building our proof of concept","title_l10n":"GenAI for customer support — Part 1: Building our proof of concept","updated_at":"2025-03-14T05:50:57.958Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/genai-customer-support-building-proof-of-concept","publish_details":{"time":"2025-03-14T05:53:48.370Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3833271eee9fa0e8","_version":16,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic enables data mesh in the public sector with key pillars, architecture, and real-world examples for better data access and governance.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2025-03-12T03:18:19.289Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5237fe68c5f54eeb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThink about all the data behind projects like defense intelligence, public health records, urban planning models, and more. Government agencies are generating enormous quantities of data all the time. Things get even more tricky when the data is spread across cloud platforms, on-prem systems, or specialized environments like satellites and emergency response centers. It’s hard to find information, much less use it efficiently. And with different teams working with many different apps and data formats, a real lack of interoperability arises.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDespite their best efforts to build data-driven organizations, the reality is that 65% of public sector leaders still struggle to use data continuously in real time and at scale, according to a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/public-sector-leaders-insights-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003erecent Elastic study\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“It’s taking us longer to do our job, which is not good since most of our work is done in an emergency,” one public sector leader told Elastic. “We need to be able to get information as soon as possible.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe mountain of data is growing. Access to it is bottlenecking. So how can public sector agencies ditch the complexity of those centralized silos? Data mesh offers an alternative way to organize data that could be the answer.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is data mesh?","_metadata":{"uid":"csb0e253a0885aa251"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePut simply, a data mesh overcomes silos. Data collected from across the entire network is available to be retrieved and analyzed at any or all points of the ecosystem — as long as the user has permission to access it. It provides a unified yet distributed layer that simplifies and standardizes data operations.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf67d54b70186787b"}}},{"video":{"vidyard_uuid":"6sU9zxWp9jECdPkHKndD6C","_metadata":{"uid":"cs26a5e68a4fb63467"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"4 pillars of data mesh","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh is built on four key principles:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDomain ownership:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e How agencies and departments manage their own data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData as a product: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWhere those domain owners make sure their datasets are high quality and easily accessible\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSelf-service platforms:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Let both internal and external teams find and use high-quality data without IT holdups\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFederated governance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Makes sure everything’s working smoothly and securely across systems\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s look at each of these a little closer.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csb539a0e5300d6071"}},{"title_l10n":"Domain ownership","header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInstead of relying on a central IT team to manage all data, data ownership is distributed across government agencies and departments. Essentially, you’re building technical teams that mirror how the agency itself is composed. You want the people who are most intimately familiar with that data to own it. This can be applied to public health, defense, urban planning, and more — just about any public sector use case.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, the US Cybersecurity and Infrastructure Security Agency (CISA) uses a data mesh approach to gain visibility into security data from hundreds of federal agencies, while allowing each agency to retain control of its data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/cisa-zero-trust-whitepaper\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLearn more about accelerating CISA Zero Trust with Elastic as a unified data layer\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis leads us to the second (and arguably most important) pillar — the one which the other three pillars are designed to support:\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs54fe89aea595bb25"}},{"title_l10n":"Data as a product","header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach dataset is treated as a product with clear documentation and quality standards. The department that owns the data needs to make sure it’s easily accessible and organized for when other departments need it. In other words, they are accountable and responsible for sharing that data as a usable product.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom a government perspective, this could be census information, emergency response data, or intelligence reports, for example. It all depends on the structure of the project or government agency. What’s important is that this curated data will be ready to use when other teams come looking for it, and they won’t have to spend time cleaning or verifying it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, you may ask, isn’t this just another way to silo analytical data? What are the nuts and bolts of how other departments can access it? That leads us to our next pillar.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csbea1458ab794ecbc"}},{"title_l10n":"Self-service platforms","header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDepartments are being asked to do a lot here, and they’ll need convenient platforms that make their data accessible to others. Searchable catalogs for easy data discovery, query tools for real-time analysis, and the ability for users to clean and integrate data themselves as well as share insights through dashboards and APIs are all tools that can be used.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThey’ll also need built-in governance to enforce access controls, which leads us to our final pillar.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs1db5ab2c30a73a6e"}},{"title_l10n":"Federated computational governance","header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, we’ve established that each department is in control of its own data. However, the data mesh still needs overarching governance protocols to keep it secure and prevent risk.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese security controls should be built into the system that retrieves the data, rather than applied separately by each department. The system should check user permissions as part of the search and make sure people only see the data they’re allowed to access right from the start.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the public sector, this could be anything from privacy regulations in healthcare data to classified information in defense systems.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csa5591de26070dc51"}}],"_metadata":{"uid":"cs7cf5a5b2415d4180"}}},{"image":{"image":{"uid":"blt31caafdf8b1809bf","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-12T03:17:08.019Z","created_by":"blte369ea3bcd6ac892","file_size":"269507","filename":"Elastic-vision-of-the-data-mesh.png","parent_uid":null,"tags":[],"title":"Elastic-vision-of-the-data-mesh.png","updated_at":"2025-03-12T03:17:08.019Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-12T15:00:07.390Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt31caafdf8b1809bf/67d0fcb484b60342daba05aa/Elastic-vision-of-the-data-mesh.png"},"_metadata":{"uid":"csc643920e9c09c157"},"caption_l10n":"","alt_text_l10n":"Common data layer with unified analytics from Elastic","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"banner":{"reference":[{"uid":"blt23855197ea4f5f29","_content_type_uid":"banner"}],"_metadata":{"uid":"cs87e1e2efd07e5526"}}},{"title_text":{"title_text":[{"title_l10n":"Data mesh architecture","_metadata":{"uid":"csa6b177da2cd766f0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA data mesh architecture is a framework that unites the pillars of data mesh into a process to manage distributed data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing a data mesh architecture reduces friction in the collaboration process. It’s a game-changer for teams working with domain-specific data for model training and analytics, thanks to its more user-centric approach.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh helps enable more efficient data handling and governance at scale, despite multiple platforms and implementation teams. Data mesh architecture creates more autonomy as well as more democratization of data — if you have scalable, self-serve data observability. Data observability is what lets teams manage all that data under a single pane of glass.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEffective data observability is built into the architecture of a data mesh. It’s what gives teams access to insights they can use from all the data they collect. Think of it this way: Data observability is about having eyes on the health and integrity of the data, while data mesh architectures are about decentralized management of that data. And to manage it, you have to be able to see into it in detail.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data mesh vs. other approaches","_metadata":{"uid":"csc612d9c216512604"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow does data mesh compare to alternative forms of analytical data architecture and storage? Let’s look at two others that often draw comparisons: data fabric and data lakes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data mesh vs. data fabric","_metadata":{"uid":"cs6e56743d5256c12d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh and data fabric are similar approaches in that they both take a decentralized approach, collecting data at remote sites. However, a data fabric takes data collected at one site and copies it to another site. This data is shared as individual records and cannot be correlated with other records unless it gets consumed by something that makes sense of it. This approach can often lead to data silos.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA data mesh approach, on the other hand, does not rely on copying data and instead indexes data locally upon ingest into a distributed platform where users can search for data locally and across remote sites. In this model, data is unified at the search platform layer. Data is indexed once and then is available to any authorized user or use case through this unified layer.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data mesh vs. data lake","_metadata":{"uid":"csbdfc11ed0462c056"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou may have noticed that there are a lot of water-related metaphors in data: data streams, data pipelines, etc. Data, like water, can be collected, stored, filtered, and distributed — sometimes efficiently, sometimes chaotically.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the same way that a lake collects water from multiple sources, a data lake collects data and holds it for future use. In other words, it’s a storage environment for any combination of structured, semi-structured, or unstructured data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData lakes can sometimes be helpful to data mesh domain owners as they process and curate their data products. They can use a data lake for long-term storage of large, unstructured datasets (say, satellite imagery or public records) that don’t have a specific purpose yet. But if a data lake becomes disorganized and difficult to navigate, it turns into a data swamp — murky, cluttered, and hard to extract value from.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data mesh and AI","_metadata":{"uid":"csf5d725d70f2a82f1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh can offer a way to democratize \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI and machine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for public sector agencies. Traditionally, data science teams have operated as centralized hubs, pulling data from multiple sources to develop machine learning models. However, as noted earlier, this process can cause redundant work and inconsistencies, leading to challenges with model reproducibility.\u003cbr /\u003e\u003cbr /\u003eBy flipping that model around with data mesh and embedding AI development within domain teams, you can clean and refine data at its source and create an AI-driven data product other departments can utilize.\u003cbr /\u003e\u003cbr /\u003eTake national disaster response as an example. AI models embedded in emergency response teams often analyze data like real-time satellite imagery, sensor data, and even social media reports to identify the hardest-hit areas. With data mesh, different agencies ranging from government agencies to first responders could access this information immediately without waiting for centralized processing and improve their response times as a result.\u003cbr /\u003e\u003cbr /\u003eData mesh also improves AI governance because it incorporates it right from the start, standardizing tasks like model validation, bias detection, explainability, and monitoring for model drift.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How to implement data mesh for public sector","_metadata":{"uid":"csf13078117f7904f7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach public sector organization has a unique set of data needs, which is why one-size-fits-all data silos can be slow and stifling to internal and external users. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/public-sector-leaders-insights-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eTwo out of three public sector leaders\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e said that they’re unsatisfied with the data insights available to them.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh can be customized to the unique needs of each public sector agency, from defense to national security or federal, state, and local government.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo get started with data mesh, public sector agencies will need to follow a few steps:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAssign responsibility for data to specific departments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTreat datasets as well-documented, accessible assets designed for internal and external use and make sure they comply with regulatory requirements.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplement tools that let agencies, analysts, and policymakers easily access and analyze data without relying on centralized IT teams.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnforce governance across agencies, keeping in mind frameworks like \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/fedramp\"\u003e\u003cspan style='font-size: 12pt;'\u003eFedRAMP\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cmmc-compliance\"\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/zero-trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eZero Trust\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd finally, encourage data sharing across organizations to make better decisions and improve public services while maintaining security controls.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Government and defense applications","_metadata":{"uid":"cscd80488c5762c39b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData mesh is a natural fit for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003egovernment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and defense sectors, where vast, distributed datasets have to be securely accessed and analyzed in real time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/defense\"\u003e\u003cspan style='font-size: 12pt;'\u003edefense\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, it assists with faster intelligence gathering and asset management so operators in the field can act with the latest data. In \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/healthcare\"\u003e\u003cspan style='font-size: 12pt;'\u003epublic health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, it can help rapidly integrate epidemiological data from hospitals or research labs to respond to outbreaks. Transportation departments can analyze traffic and weather data across cities. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/education\"\u003e\u003cspan style='font-size: 12pt;'\u003eEducation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e departments can view children’s test scores over the past decade and cross-reference them to other data, such as time spent learning remotely versus in-person.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s take \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/us-navy-digital-keel-search\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis example\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from the US Navy: Its push for digital modernization hinges on the ability to “securely move any information from anywhere to anywhere” to achieve information superiority. But traditional centralized data storage is too risky, especially in air-gapped and Denied, Degraded, Intermittent, and Limited (DDIL) environments. Here’s a case where a global data mesh can help, allowing data to remain at its source while still being searchable and accessible across the Navy’s vast operational landscape. This decentralized approach keeps ops resilient even if a server or data center fails and provides a unified view of mission-critical data without needing to move or duplicate it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data mesh in action with Elastic","_metadata":{"uid":"cse6ecf7d227115992"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Company\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Elastic’s data analytics platform serves as a powerful global data mesh, offering \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003emachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/semantic-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, alerting, and visualization in a unified system. In other words, Elastic serves a unifying function by giving agencies full visibility into their data as well as the ability to ingest, organize, access, and analyze it.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThree key features set Elastic apart:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-enable-ccs.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCross-cluster search (CCS)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which lets you run a single search request against one or more remote clusters\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/searchable-snapshots.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which provide a cost-effective way for you to access and query infrequently used, historical data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRole-based access control, which provides integrated security\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s data mesh approach also can serve as a foundation for modern security frameworks like \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/zero-trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eZero Trust\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and opens up new possibilities for data-driven operations.\u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e\u003cbr /\u003e\u003cbr /\u003eLearn more about how Elastic helps government, healthcare, and education teams maximize data value with speed, scale, and relevance\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7f3a1b5e5b181123"}}},{"callout":{"title_l10n":"Explore more data mesh in the public sector resources","_metadata":{"uid":"csd6634ad0a73b1029"},"paragraph_l10n":"\n\u003cul\u003e\n \u003cli\u003e\n \u003ca href=\"https://www.elastic.co/blog/elastic-global-data-mesh-security-governance-policy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing Elastic as a global data mesh: Unify data access with security, governance, and policy\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"https://www.elastic.co/public-sector/accelerating-defense-missions-with-global-data-mesh\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerating defense missions with a global data mesh\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"https://www.elastic.co/virtual-events/maximizing-data-value-in-public-sector\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMaximizing data value in public sector\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"https://www.elastic.co/industries/public-sector/cisa-zero-trust-whitepaper\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerating CISA Zero Trust with Elastic as a unified data layer\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3910785f2fd6c146"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third-party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third-party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc30aa1c413ac6947"}}}],"publish_date":"2025-03-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf2d5f3033a993cfe","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-03-12T03:10:10.380Z","created_by":"blte369ea3bcd6ac892","file_size":"162150","filename":"Blog_Header_Image_Public_Sector.jpg","parent_uid":null,"tags":[],"title":"Blog Header Image Public Sector.jpg","updated_at":"2025-03-12T03:10:10.380Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-12T15:00:07.379Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf2d5f3033a993cfe/67d0fb1218b08463aaaabbac/Blog_Header_Image_Public_Sector.jpg"},"title":"Understanding data mesh in public sector: Pillars, architecture, and examples","title_l10n":"Understanding data mesh in public sector: Pillars, architecture, and examples","updated_at":"2025-03-13T21:49:22.512Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/data-mesh-public-sector","publish_details":{"time":"2025-03-13T21:52:32.320Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt91c0befca9468e88","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"The public sector is shifting from imagining the possibilities of generative AI to operationalizing and realizing its value at scale. Learn more about GenAI trends and data preparedness in government and defense agencies and educational institutions.","author":["blt6d82d216763f3c7c"],"category":["bltc17514bfdbc519df"],"created_at":"2025-03-12T01:06:05.141Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc31b55df6ea873fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArtificial intelligence (AI) and generative AI (GenAI) are rapidly transforming the public sector, moving beyond theoretical possibilities to real-world applications. Proper data preparedness, stewardship, and governance will play critical roles in successful GenAI implementations.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eWe recently hosted a webinar, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/public-sector-data-stewardship-idc\"\u003e\u003cspan style='font-size: 12pt;'\u003ePublic sector data stewardship for the AI era\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, with industry experts Max Klaps, research director at IDC, and Dave Erickson, distinguished architect at Elastic. They explored the current state of GenAI adoption in government, education, and defense and dove into the data challenges and opportunities GenAI presents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The evolution of AI in government","_metadata":{"uid":"cs268ae25a03cc4123"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere’s been a significant shift in how government agencies and other public sector organizations approach AI. Initially, organizations experimented with various AI tools and pilot projects. However, the focus has now shifted toward identifying specific use cases that deliver tangible value and align with the organization's mission and key performance indicators (KPIs).\u003cbr /\u003e\u003cbr /\u003eAccording to IDC research, about half of public sector organizations are running pilots, and 20% are implementing AI in production. The key question now is where AI can drive the most significant impact. Organizations are prioritizing use cases that enhance operational efficiency, improve resilience, reduce errors, ensure compliance, and provide better observability into their processes. Ultimately, the goal is to leverage AI, particularly GenAI, to achieve better outcomes for the public sector workforce, citizens, and students.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Prioritizing high-impact use cases","_metadata":{"uid":"cs9425bd1a1aaf0e23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe focus has been on several key use cases, categorized as \"horizon one,\" which aim for early wins and test existing capabilities and future-oriented use cases with higher impact and external focus.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/the-future-of-generative-ai-in-public-sector#the-3-horizons-of-generative-ai-use-cases-in-public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003eHorizon one use cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e often involve internal processes, such as critical natural infrastructure protection, financial market oversight, dynamic digital legislation, public communication and notification, and AI research and writing assistance for higher education. These use cases often revolve around content access, summarization, and preparation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking ahead, public sector leaders are exploring and scaling use cases that directly impact mission outcomes. These include enhancing service delivery, reducing the burden of tax compliance, ensuring payment integrity and reducing fraud, integrating natural language capabilities into 311 systems, and hyper-personalizing student recruitment and intervention in higher education.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Overcoming challenges and ensuring data readiness","_metadata":{"uid":"cs8d83e5d963b0e199"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing GenAI is not without its challenges, with common obstacles such as:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGovernance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRisk\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCost control\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScalability\u0026nbsp;\u003cbr /\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eBut one recurring theme is the critical importance of data readiness. Although there's a need for high-quality data, quantity isn’t necessarily the primary concern. Public sector organizations can leverage pretrained models and focus on providing the AI with relevant, curated data for specific use cases. This approach, known as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, ensures that AI answers are grounded in authoritative information and reduces the risk of inaccurate or biased outputs. The quality of data being fed to the generative models is critical.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csaed0933643543276"}}},{"banner":{"reference":[{"uid":"bltc11264e44c984bd8","_content_type_uid":"banner"}],"_metadata":{"uid":"cs0cde6017f909872b"}}},{"title_text":{"title_text":[{"title_l10n":"RAG: A key pattern for success","_metadata":{"uid":"csd2b0d53ae6f83b27"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is a crucial workflow for grounding GenAI with proper context. Instead of relying solely on the model’s pre-existing knowledge, RAG involves retrieving relevant data from an organization's proprietary data (e.g., documents, images, audio) and using that data to inform the AI's response. This approach enhances the accuracy, trustworthiness, and explainability of AI-generated answers.\u003cbr /\u003e\u003cbr /\u003eElastic plays a significant role in enabling \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/rag\"\u003e\u003cspan style='font-size: 12pt;'\u003eRAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e enables organizations to store, retrieve, and analyze vast amounts of data, making it easier to ground AI in authoritative information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Responsible AI and risk mitigation","_metadata":{"uid":"csb49a3094a834b680"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eResponsible AI involves ensuring that AI systems are ethical, explainable, and transparent. Organizations can take several practical steps to promote responsible AI, including:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAssessing and categorizing the risk levels of different use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrioritizing risk mitigation strategies, such as implementing data security protocols and detecting bias\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing clear accountability and reporting mechanisms\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEngaging with the public to explain the risks and opportunities of AI\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s essential to use a common language and framework for discussing AI risks, such as the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) in the United States. Another important consideration is separating the compensating controls for responsible AI from the AI itself — in other words, maintaining control over the guardrails you need. Also, continuous evaluation of AI-generated answers is essential for ensuring ongoing public trust.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Preparing the workforce for GenAI","_metadata":{"uid":"csb0dbf54623b1e6d1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePeople are crucial to the successful implementation of GenAI. Organizations need to invest in training and development to ensure that their workforce is prepared for this shift. Key areas of focus include:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing AI awareness (and risk) training for all employees\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProviding technical staff with the tools and opportunities to work with AI\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging the expertise of the partner ecosystem, such as academic research institutions and standards bodies\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCreate spaces where staff can experience AI's limitations and learn how to use it effectively as a tool. Emphasize moving away from the mindset of AI as an all-knowing entity and embrace a more practical approach that stresses understanding AI's capabilities and limitations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more","_metadata":{"uid":"cs191a11cb27927d74"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTune into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/public-sector-data-stewardship-idc\"\u003e\u003cspan style='font-size: 12pt;'\u003ePublic sector data stewardship for the AI era\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for more insights on capitalizing on the incredible power and potential of GenAI.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs56a97382c9bcfb44"}}},{"callout":{"title_l10n":"Explore additional GenAI resources:","_metadata":{"uid":"csc80e203e2a0d83d5"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic for generative AI\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — GenAI technical details, research, and tutorials\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"http://www.elastic.co/blog/public-sector-leaders-insights-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5 insights from public sector leaders: Solving organizational challenges with data and AI\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEbook: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/how-search-ai-transforms-call-centers-citizen-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow Search AI is transforming call centers and citizen support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat is a large language model (LLM)?\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse213e7a5d22a3620"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdfecdeec986d8a47"}}}],"publish_date":"2025-03-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}},{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd6680e0300eee933","ACL":{},"created_at":"2023-11-06T20:37:41.282Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"defense","label_l10n":"Defense","tags":[],"title":"Defense","updated_at":"2023-11-06T20:37:41.282Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.232Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb2519aa4ed213854","ACL":{},"created_at":"2023-11-06T20:39:02.976Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education","label_l10n":"Education","tags":[],"title":"Education","updated_at":"2023-11-06T20:39:02.976Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.189Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt09263c5a3152c7a7","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-03-12T01:05:53.405Z","created_by":"blte369ea3bcd6ac892","file_size":"71040","filename":"blog_header_image_publicsector_ai_175791.jpg","parent_uid":null,"tags":[],"title":"blog_header_image_publicsector_ai_175791.jpg","updated_at":"2025-03-12T01:05:53.405Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-12T15:00:04.054Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09263c5a3152c7a7/67d0ddf11aa775f81cb199fd/blog_header_image_publicsector_ai_175791.jpg"},"title":"Public sector data stewardship for the AI era","title_l10n":"Public sector data stewardship for the AI era","updated_at":"2025-03-12T17:09:23.288Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/public-sector-data-stewardship-ai","publish_details":{"time":"2025-03-12T17:10:24.252Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt04a8c1ef59294253","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Cloud Serverless on AWS has achieved several industry-recognized security and compliance certifications. This milestone reinforces our commitment to security, privacy, and regulatory compliance. ","author":["blt2b87f31037aed281"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2025-01-21T19:49:56.143Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Elastic Cloud Serverless on AWS achieves major compliance certifications","_metadata":{"uid":"cs540a68b192b87927"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe are thrilled to announce that Elastic Cloud Serverless on AWS has achieved several significant compliance certifications. This milestone reinforces our commitment to security, privacy, and regulatory compliance. Elastic Cloud Serverless is now audited or certified under the following industry-leading frameworks: SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR).\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What this means for you","_metadata":{"uid":"cscd530b3bd4ae87fe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese certifications demonstrate our dedication to maintaining high standards of security, governance, and data protection. Here’s a brief overview of why each framework matters to you:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSOC 2 Type 2:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The Elastic Cloud Serverless service meets rigorous standards for security, availability, confidentiality, and privacy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eISO 27001:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic has established, implemented, maintained, and continually improved upon an information security management system (ISMS). Elastic Cloud Serverless is now certified under that ISMS.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eISO 27017 and 27018:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic has implemented security controls applicable to the provision and use of cloud services as well as measures to protect personal data in the cloud.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePCI DSS:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless has demonstrated compliance with all applicable PCI DSS requirements.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHIPAA:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless satisfies the requirements of the HIPAA Security Rule and Breach Notification Rule.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCSA STAR:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The CSA STAR certification demonstrates our commitment to cloud security best practices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Why it matters","_metadata":{"uid":"cs5c2d54851c13cf9b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieving these certifications is a testament to our continued investment in comprehensive security practices and our commitment to protecting your data. In addition to a faster, more flexible way to scale search, security, and observability capabilities — introduced with the general availability of Elastic Cloud Serverless — it also meets the highest standards of security and compliance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more","_metadata":{"uid":"csa6b6fd39ed7116b4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo learn more about our full portfolio of compliance certifications, visit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/trust\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTrust Center\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe are excited to continue providing you with secure, reliable, and compliant cloud services. We will continue to maintain these certifications and expand our portfolio of supported compliance frameworks to position Elastic Cloud Serverless \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eon AWS\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as a trusted solution for search, security, and observability applications.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAs of the publication date, currently Elastic Cloud Serverless on AWS is externally certified and attested to against the above mentioned frameworks and standards. As Elastic Cloud Serverless expands to additional regions and cloud providers, we will work to certify and attest to the new environments at the same level of rigor.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9d5a6e932fc0a060"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3f95493814396f47"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd1744f3cffdd5f5b"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9fe4026c50b65a9b","_version":1,"title":"serverless-infosec.jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T19:48:37.301Z","updated_at":"2025-01-21T19:48:37.301Z","content_type":"image/jpeg","file_size":"159422","filename":"serverless-infosec.jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T20:21:43.352Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9fe4026c50b65a9b/678ffa156f0a081f9c2672fd/serverless-infosec.jpeg"},"title":"Elastic Cloud Serverless on AWS achieves major compliance certifications","title_l10n":"Elastic Cloud Serverless on AWS achieves major compliance certifications","updated_at":"2025-03-11T23:52:23.461Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-cloud-serverless-achieves-major-compliance-certifications","publish_details":{"time":"2025-03-11T23:55:07.464Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt01804ff7ae45ff93","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"As cyber threats grow in complexity, traditional security models are no longer enough. Zero Trust offers a proactive approach to securing access and sensitive data. See how a unified data layer helps public sector organizations implement Zero Trust.","author":["blt9580becc8544cdfa"],"category":["bltb79594af7c5b4199"],"created_at":"2025-03-11T01:51:29.299Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs776798c6a56d4021"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the evolving and complex cyber landscape, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/zero-trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eZero Trust\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e approach is instrumental in addressing both internal and external threats. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIt's a comprehensive strategy rather than a single solution\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, demanding the orchestration of multiple components to be genuinely effective.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs data, systems, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/cybersecurity#types-of-cybersecurity-threats\"\u003e\u003cspan style='font-size: 12pt;'\u003ecyber threats\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e continue to grow in complexity, traditional security models are no longer sufficient. This is where Zero Trust (ZT) comes into play — \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003enever trust, always verify\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It ensures that every request for access, whether internal or external, is authenticated, authorized, and encrypted. This significantly reduces the risk of unauthorized access, insider threats, data breaches, and advanced cyber attacks.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile the US federal government, including defense agencies, is already mandated to adopt Zero Trust architectures, other industries are beginning to follow suit. However, despite its increasing adoption and clear benefits, public sector organizations face significant challenges when trying to implement this security framework.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Challenges of Zero Trust deployment for public sector organizations","_metadata":{"uid":"csd2254e0e9b3ee7f9"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Complexity of implementation","_metadata":{"uid":"cs368f09fe716f9648"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDeploying a Zero Trust\u0026nbsp; architecture across an organization is complex, especially for large enterprises and critical infrastructure. These environments often rely on diverse and legacy systems, requiring significant resources and expertise to integrate ZT principles effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Heterogeneous IT environments","_metadata":{"uid":"cs48b1a97364a00246"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAgencies operate across diverse environments, from on-prem data centers to multiple cloud services and providers — some managed internally, others externally. Navigating these hybrid infrastructures while maintaining security, interoperability, and visibility adds significant complexity.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Legacy tools and limited scalability","_metadata":{"uid":"cs2f635ddd0c4be0b9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany federal government agencies rely on decades-old infrastructure that wasn’t designed with Zero Trust principles in mind. Legacy IT systems struggle to keep up, lacking scalability, speed, and cross-environment support.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Balancing security with usability","_metadata":{"uid":"cs5f7935131a7c29cd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eZero Trust inherently limits access based on user roles, which can sometimes be perceived as a barrier to collaboration and productivity. Organizations must ensure security policies remain effective to prevent unauthorized access without restricting employees’ ability to perform their work.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Siloed data and lack of holistic visibility","_metadata":{"uid":"cs9335636693711108"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach Zero Trust pillar generates data in different formats, often stored in silos without interoperability. This lack of unified data makes it difficult to monitor and analyze risks holistically. Manually correlating data across disparate systems slows down threat detection and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/investigation-response\"\u003e\u003cspan style='font-size: 12pt;'\u003eincident response\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Fragmented security solutions","_metadata":{"uid":"cscea6a5cf2e0aea08"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany vendors sell separate security tools that should be integrated into a comprehensive solution. This leads to a disconnected user experience, higher security risks, and inefficiencies in data protection.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3f32a498e4d894b1"}}},{"banner":{"reference":[{"uid":"bltf3f60f328ddf7fc5","_content_type_uid":"banner"}],"_metadata":{"uid":"csc67218ab493dace0"}}},{"title_text":{"title_text":[{"title_l10n":"Why traditional security models are failing","_metadata":{"uid":"cs7121488d009c53d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePublic sector organizations\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehandle massive amounts of sensitive data on a daily basis. Traditionally, sharing this data involved creating copies and transmitting them across networks in an attempt to centralize it. However, in an era where global data amounts to hundreds of exabytes, this method is now outdated and inefficient. In addition, secure access to this data is essential, guaranteeing that only authorized individuals can interact with it without risking its integrity or security.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eData retention \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eis a major concern for public sector agencies. Some are required to store security logs for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-hosted-data-retention-government-compliance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e365 days or longer\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Ten or twenty years ago, this was manageable, but today’s data explosion makes traditional storage models impractical. Agencies generate terabytes of data daily, and duplicating all of it into a central repository is neither cost-effective nor scalable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key considerations for public sector when implementing Zero Trust","_metadata":{"uid":"csccee21633cb36183"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA successful Zero Trust strategy depends on an organization’s ability to see and secure all its data. Seamless information discovery enhances user experience, while real-time monitoring, resilient storage, and unified security visibility strengthen defenses. By integrating these elements, agencies can balance security with efficiency and maintain a proactive security posture.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAgencies must overcome complex legacy environments, usability concerns, data silos, and interoperability issues while ensuring compliance with federal mandates. For instance, in the example of critical infrastructure, Zero Trust adoption must be seamless to avoid service disruptions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo address these barriers, public sector organizations should:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTake a phased approach\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to implementation, focusing on high-risk areas first\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInvest in tools for consolidation \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ethat provide cross-platform visibility and real-time analytics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnsure \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eZero Trust policies\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e that enhance security\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e without disrupting essential operations\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTypically, organizations purchase security products for two reasons: to reduce risk and to optimize costs. However, there’s more to consider beyond just these factors. Effective security requires not only the right tools but also a strategy that ensures efficiency, scalability, and a strong return on investment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How Elastic’s capabilities support Zero Trust adoption in the public sector","_metadata":{"uid":"csee5fb7a35ed59185"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic supports public sector agencies worldwide in their Zero Trust strategies by offering a unified data layer that connects isolated data, enabling faster, easier, and more secure access to critical information, regardless of format or location, all without requiring centralization.\u003cbr /\u003e\u003cbr /\u003eBy combining the precision of search with the intelligence of AI, Elastic connects data silos for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereal time insights, analysis, and automated actions\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that strengthen \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/operational-resilience-pillars\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eoperational resilience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, mitigate cybersecurity risks, and improve public sector operational efficiency.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real-world applications and success stories from Zero Trust implementation","_metadata":{"uid":"cs0bf5c653bcf940cc"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Data mesh for US federal agencies","_metadata":{"uid":"cs18bf80ae5b4087f5"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor US federal agencies, the Elastic data mesh powers the Continuous Diagnostics and Mitigation (CDM) dashboard, enabling multiple US federal agencies to obtain a unified view of security threats and patterns without transferring data ownership to a central repository. This capability is vital for projects where data visibility is necessary but ownership is distributed.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Unified view across multiple data centers ","_metadata":{"uid":"cs986374010ef87b7f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne public sector customer needed a unified view across two data centers, each generating 2.5 terabytes of security data per day. Their initial plan was to replicate all data, doubling storage costs. However, with Elastic’s cross-cluster search, they eliminated the need for replication, drastically reducing infrastructure complexity and costs. Now, they can access a single pane of glass view from either data center — without duplicating data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why do public sector organizations choose Elastic for Zero Trust?","_metadata":{"uid":"cs6060f4f9adb7fa7f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/observability/tool-consolidation\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTool consolidation\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eA single, unified platform for search, security, observability, and analytics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStorage costs savings: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eEnables frozen tier storage for cost-effective \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-hosted-data-retention-government-compliance\"\u003e\u003cspan style='font-size: 12pt;'\u003elong-term data retention\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, without sacrificing searchability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpen, transparent, and flexible: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt on an open source foundation, offering flexibility and adaptable licensing to avoid dependence on a single provider\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntegration capabilities: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eSeamlessly integrates with third-party tools and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for compatibility with existing systems\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost-effective scaling: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eDesigned for easy scalability to meet growing data needs, making it suitable for businesses of all sizes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eComprehensive support: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOffers a wealth of support resources, including detailed documentation, training programs, and active community forums\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eElastic helps public sector organizations \u003c/span\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e\u003cstrong\u003esecure critical data, improve operational resilience, and streamline compliance efforts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eReady to learn more? Watch our webinar: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/missing-piece-zero-trust-strategy\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe missing piece of your Zero Trust strategy\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExplore additional Zero Trust resources:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eDeep dive into the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eFor further reading and hands-on workshops, visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eIf you are starting with your Zero Trust strategy, check out: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/zero-trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eWhat is Zero Trust?\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eWhite paper: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/es/does-your-zero-trust-strategy-have-a-unified-data-access-layer\"\u003e\u003cspan style='font-size: 12pt;'\u003eDoes your Zero Trust strategy have a unified data access layer?\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-provides-the-foundation-for-the-dods-pillars-of-zero-trust-networking\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic provides the foundation for the DoD's pillars of Zero Trust Networking\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/querying-a-petabyte-of-cloud-storage-in-10-minutes\"\u003e\u003cspan style='font-size: 12pt;'\u003eQuerying a petabyte of cloud storage in 10 minutes\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview/security?plcmt=hero\u0026pg=en-security-page\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart your journey with Elastic today with a 14-day free trial\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"","_metadata":{"uid":"csa4556eae62cfecb3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1187b9618657328e"}}}],"publish_date":"2025-03-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"How public sector agencies can solve Zero Trust challenges and break down silos with a unified data layer","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltc5bbc20e390f300b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-03-11T01:51:27.090Z","created_by":"blte369ea3bcd6ac892","file_size":"144273","filename":"Blog_Header_Image_The_Missing_Piece_175402.jpg","parent_uid":null,"tags":[],"title":"Blog Header Image The Missing Piece 175402.jpg","updated_at":"2025-03-11T01:51:27.090Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-11T15:00:03.848Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc5bbc20e390f300b/67cf971fb8764e771be8d4d6/Blog_Header_Image_The_Missing_Piece_175402.jpg"},"title":"The missing piece of your Zero Trust strategy: A unified data layer","title_l10n":"The missing piece of your Zero Trust strategy: A unified data layer ","updated_at":"2025-03-11T02:04:39.460Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/missing-piece-zero-trust-data-layer","publish_details":{"time":"2025-03-11T15:00:03.831Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt21ab91b446588c5b","_version":12,"locale":"en-us","ACL":{},"abstract_l10n":"From customer-facing search boxes to database search crawlers, enterprise search technology can strengthen cybersecurity threat and risk management","author":["bltd2df0da99707cbf2"],"category":["bltc17514bfdbc519df"],"created_at":"2022-05-16T07:33:14.459Z","created_by":"bltac225ac457fe0293","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"CISO takeaways","_metadata":{"uid":"cseba173c1509f830b"},"paragraph_l10n":"\u003cul\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eMany enterprises still don’t have a clear or full view of their digital assets\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eSearch tools add a new layer of threat detection to existing cybersecurity defenses\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\" aria-level=\"1\"\u003eSearch applications can also help limit the spread of malware\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf11c395a165c8f0c"},"header_style":"H2","paragraph_l10n":"\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003ca href=\"https://www.elastic.co/what-is/data-security\" target=\"_self\"\u003eData security\u003c/a\u003e is increasingly under threat inside the enterprise amid three converging forces: the proliferation of cloud tools and platforms; the many different types of data that they generate, and the need to correlate all of it for analytics.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eWhile \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003ecloud platforms\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e are the critical infrastructure for how technology teams scale and operate today, many companies still don’t have a clear or complete view of all their digital assets in this emerging environment. Advanced \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003eenterprise search capabilitie\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003es, however, can eliminate blind spots and add an important layer of cybersecurity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e“Today, enterprises need to be able to query their environment, and they need to be able to query their data,” says Katie Teitler, senior product marketer at Axonius, a cybersecurity asset management company, and former research chief at TAG Cyber. “They need the ability to have a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003efull-stack view\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e of what’s going on in the network. Without good visibility or search capabilities, they can’t identify and address vulnerabilities.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eThat is an important advantage of modern enterprise search. They use machine learning algorithms, natural language processing (NLP) capabilities, and other tools to better understand context and meaning from a wider array of data types and formats.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eHere’s a look at three strategies to leverage advanced search to improve security.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003eDefine search queries for security needs\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eEffectively searching databases can help enterprises address a range of security concerns, such as risks associated with system integrations, outside attacks, and insider threats. But security teams need to identify and refine their search targets.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e“Organizations must \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-build-and-lead-a-data-driven-organization-and-why-it-matters\" target=\"_self\"\u003econtextualize security data\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e within a business context,” says Jon Oltsik, senior principal analyst and ESG fellow at Enterprise Strategy Group, an IT research and strategy firm. “When I’m investigating suspicious behavior, I may be extra diligent if this behavior takes place in business-critical applications or data,” he says. To search for insider threats, Oltsik adds, security analysts “need to collect data on user access patterns so they can detect anomalous behavior.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eData can help identify if an asset has a known vulnerability, and it can help identify potentially vulnerable devices on a network. “I can find answers to all these questions if I have the data and I have the right query capabilities,” Oltsik says.\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003eUse search to accelerate and refine threat detection\u0026nbsp;\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eSearch tools can also help limit the damage of malware attacks. For example, in December 2021, a \u003c/span\u003e\u003ca href=\"https://www.cisa.gov/uscert/ncas/alerts/aa21-356a\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003ecritical security vulnerability\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e was identified in Apache Log4j, a Java tool used by countless applications for recording events into error logs. The vulnerability, called Log4Shell, allowed attackers to \u003c/span\u003e\u003ca href=\"https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003erun malicious software\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e, or even potentially take over, a server running Log4j. The challenge for CISOs continues to be how ubiquitous Log4j is.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e“There are millions of applications and services running this library,” explains Mandy Andress, CISO at Elastic. “Dependencies were not easily identifiable, so it was really hard to even tell if you were impacted, if you needed to upgrade, if you needed to patch, or if you didn’t have any issues whatsoever.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eThat’s where robust search came into play. Elastic knew its systems and assets could be vulnerable. And by working with partners and SaaS providers, its InfoSec team was able to identify thousands of potential security holes. But were those vulnerabilities being exploited?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eThe team then put search to work and was able to search vast amounts of data in mere seconds. A cursory search, across 60 clusters and a petabyte of data, took only 10 seconds, says Andress. A second and more targeted query, based upon those initial findings, delivered another set of results in less than a minute. In the past, that kind of searching could have taken days or even weeks — at which point additional risks would have been identified. Instead, Elastic was able to deploy patches and upgrades within a few hours.\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003eRead: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/why-cybersecurity-needs-to-be-everyones-job-and-4-steps-to-get-started\" target=\"_self\"\u003e\u003cstrong\u003eWhy cybsersecurity needs to be everyone's job\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003eIncorporate search into long-term security strategy\u003c/strong\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eAttackers have continued to probe other widely used resources. “These attackers are going for the largest targets they can,” says Teitel.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eExisting vulnerabilities will remain risks. “We’ll be seeing attacks in the future that are successful because there are unpatched and still vulnerable Log4j versions out there,” Andress says.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eAll of which makes search platforms an increasingly important tool for CISOs. “You can’t just say, ‘What’s in my environment today?’” says Teitel. “You have to search over time: ‘Where was I on April 1? Where am I now on May 1? Where will I be on June 1?”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eIt’s all part of a game of catch-up with attackers that security teams must continue to improve on, because the volume and complexity of threats will only increase. “Attackers have a lot of patience,” adds Teitel. “Time is on their side.”\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003ca href=\"https://www.elastic.co/explore/security-without-limits/cybersecurity-solutions-riskier-world?rogue=ebook\u0026baymax=\u0026storm=footer\u0026elektra=socialmedia\" target=\"_self\"\u003e\u003cstrong\u003eCheck out our special report on cybersecurity solutions for a riskier world\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaabbbcfbd7416d71"}}}],"publish_date":"2022-05-16T07:22:30.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltac352930d0bd6c7f","ACL":{},"created_at":"2023-11-06T21:36:27.692Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"xdr","label_l10n":"XDR","tags":[],"title":"XDR","updated_at":"2023-11-06T21:36:27.692Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.167Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt518d58c000517b46","created_by":"bltac225ac457fe0293","updated_by":"bltac225ac457fe0293","created_at":"2022-05-16T07:29:10.559Z","updated_at":"2022-05-16T07:29:10.559Z","content_type":"image/jpeg","file_size":"202793","filename":"search-security-1440x840.jpg","title":"search-security-1440x840.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-16T07:44:49.869Z","user":"bltac225ac457fe0293"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt518d58c000517b46/6281fd46a4aac35766f2f0c2/search-security-1440x840.jpg"},"title":"Cybersecurity is a data challenge, and better search technology is key to improving visibility and action","title_l10n":"Cybersecurity is a data challenge, and better search technology is key to improving visibility and action","updated_at":"2025-03-10T09:00:39.945Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/cybersecurity-is-a-data-challenge-and-better-search-technology-is-key-to-improving-visibility-and-action","publish_details":{"time":"2025-03-10T09:00:46.894Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt42e310ee99655fa4","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic recently conducted a survey of telco industry leaders. Here are a few top insights on how they're using data and AI to address business challenges and meet their goals.","author":["blte520dce49f64b517"],"category":["bltc17514bfdbc519df"],"created_at":"2025-03-05T00:28:58.688Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3f32cbacd22f5d72"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eThe telecommunications industry is at the forefront of innovation and connectivity, often setting high standards and expectations for customers’ digital experiences. Now, as AI moves past its buzzword phase, telco leaders have been steadily integrating AI into their businesses, further advancing their ability to respond to customer needs and provide high standards of service.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eAt the core of these digital experiences — especially AI — is the ability to strategically use data to meet business goals.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The importance of data in telecommunications","_metadata":{"uid":"cseabcf7b036a39225"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eTelco companies generate and handle enormous volumes of data daily. This data includes call records, network performance metrics, customer interactions, and more. Efficiently managing and analyzing this data is essential for:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eOptimizing network performance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eBy analyzing network data, telco companies can identify and resolve issues quickly, ensuring a seamless experience for their operations and their customers.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eEnhancing customer experience:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e Understanding customer behavior and preferences through data analysis helps companies provide more personalized services and boost customer satisfaction.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eFraud detection and prevention: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eAnalyzing call patterns and usage data can help to detect fraudulent activities and prevent potential losses.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"","_metadata":{"uid":"csf2ce700ac1a0a009"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eDespite leaders aspiring to build data-driven organizations, the reality is that \u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e\u003cstrong\u003e70% of leaders in telecommunications, technology, and media and entertainment industries still struggle to utilize data continuously — in real time and at scale\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e. Many industry leaders are tackling this gap by using AI and generative AI. But to reach that level of advanced maturity where AI can have maximum value, companies first need a strong data foundation. Going back to data fundamentals ensures that businesses can manage, access, and use exponentially growing data volumes, all while dealing with complex business challenges.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eElastic and Socratic Technologies surveyed 1,005 C-suite, business, and technology leaders on the current state of their business. This research — with data and results specifically from 326 telecommunications, technology, and media and entertainment leaders — highlights several recurring insights about how telco leaders approach business challenges, underlying data problems, and investment priorities (AI, generative AI, and automation) for the near future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eBelow, we’ll explore a couple of these insights from the report.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Solving data challenges can solve business challenges","_metadata":{"uid":"cs7f545ab79501d2e7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnderlying data challenges can hinder telco companies’ ability to access critical information for informed real-time decision-making. Without the ability to access relevant data and insights in real time, companies are experiencing consequences such as misinformed and delayed responses to market shifts, customer needs, and operational issues. These challenges can ultimately lead to revenue loss, lowered productivity, heightened risk exposure, decreased customer satisfaction, and escalating operational costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eAs one telecommunications C-suite leader noted in the survey, “T\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ehe sheer volume and velocity of incoming data overwhelm traditional processing infrastructures, leading to latency issues and hindering timely decision-making processes.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAcross the board, the study found that leaders are having difficulty getting actionable insights from their data. According to the C-suite executives and decision-makers,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e 59% are unsatisfied with the data insights they have today, and only 34% are leveraging data insights daily for business decisions\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo solve this problem, executives and leaders are prioritizing data analytics and data science tools as their top technology investment, as noted by 61% of respondents. As companies work toward becoming true data-driven businesses, it’s important to know how and if the tools and systems in their IT environments are able to provide a single, holistic, and connected view of all data types, across their business. Otherwise, it can be easy to run into data sprawl and tool sprawl and lack a “single pane of glass” that multiple teams can rely on for their data-centric use cases.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs53d3a5059561fafb"}}},{"banner":{"reference":[{"uid":"blta3ffaaba0b6a0bd1","_content_type_uid":"banner"}],"_metadata":{"uid":"cs8f97bc9d917ddf26"}}},{"title_text":{"title_text":[{"title_l10n":"GenAI is making an impact, fast","_metadata":{"uid":"cs23e1b47019b97385"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor telco leaders, generative AI is much more than a buzzword, with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e88% of C-suite executives planning to invest in or having already invested in generative AI\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTelcos are using generative AI for use cases such as customer service chatbots, network optimization, inventory allocation, customer sentiment analysis, and more.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, as seen in the above findings around data utility, the impacts of generative AI will only be as helpful as the data behind it. Being able to organize, access, and analyze all your data — structured and unstructured — with a single tool is essential, especially for telcos using a retrieval augmented generation (RAG) model. In that case, information would first be gathered from your proprietary data for critical context before being passed to a large language model (LLM).\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWithout the ability to quickly organize and make sense of all data types in one platform, generative AI will be basing its outputs on incomplete, outdated, or inaccurate information. That’s why it’s critical to spend some time on your data strategy and making sure your entire teams are working with the same tools and information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more about data and AI in telco","_metadata":{"uid":"csc085ff43021d0c54"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLearn what else telco leaders had to say about data and AI by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/solving-business-challenges-data-ai-telecommunications\"\u003e\u003cspan style='font-size: 12pt;'\u003edownloading the full study\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csb1bfb64708ccca81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third-party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third-party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4fe927d7b42d75cf"}}}],"publish_date":"2025-03-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7e757baff4a3fec6","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:24.553Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:24.553Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"telecommunication","label_l10n":"Telecommunication","tags":[],"title":"Telecommunication","updated_at":"2020-07-06T22:17:31.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}}],"tags_partner":[],"tags_topic":[{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4732ba20ad170771","ACL":{},"created_at":"2023-11-06T20:48:01.608Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"public-multi-hybrid-cloud","label_l10n":"Public, multi \u0026 hybrid cloud","tags":[],"title":"Public, multi \u0026 hybrid cloud","updated_at":"2023-11-06T20:48:01.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:51.878Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt2555bd3a8871e1aa","_version":1,"title":"blogheaderimage_TelcoIT_175403_.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-07T23:00:55.838Z","updated_at":"2025-03-07T23:00:55.838Z","content_type":"image/jpeg","file_size":"121863","filename":"blogheaderimage_TelcoIT_175403_.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-07T23:03:37.425Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2555bd3a8871e1aa/67cb7aa78c6f4e4b68b842ac/blogheaderimage_TelcoIT_175403_.jpg"},"title":"AI in the telecommunications industry: Overcoming foundational data challenges","title_l10n":"AI in the telecommunications industry: Overcoming foundational data challenges","updated_at":"2025-03-08T00:09:56.348Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/ai-telecommunications-industry-overcoming-data-challenges","publish_details":{"time":"2025-03-08T00:10:05.655Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt4656b13e4df19c1f","_version":21,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic has been recognized as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management (SIEM) report with an overall rating of 4.6 out of 5.","author":["bltb0cc3d711c5c0b3a","blt0dbe04e5acc0f969"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2021-12-03T21:05:07.519Z","created_by":"bltc87e8bcd2aefc255","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs39397031c225b7ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eElastic has been recognized as a Customers’ Choice in the 2021 \u003cem\u003eGartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management \u003c/em\u003e(\u003cem\u003eSIEM) \u003c/em\u003ereport with an overall rating of 4.6 out of 5 based on 51 reviews as on November 25, 2021.\u003c/p\u003e\u003cp\u003eThe report combines the feedback and experiences of more than 51 \u003ca href=\"https://www.elastic.co/security\"\u003eElastic Security\u003c/a\u003e customers on Gartner Peer Insights™. Elastic’s \u003cem\u003eWillingness to Recommend\u003c/em\u003e score was 98% — the highest of all vendors included in the report.\u003c/p\u003e\u003cp style=\"max-width: 225px;\"\u003e\u003cimg data-image=\"4fc839eftaz9\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt941e632c7863eb19/61aa902f47c677586bb0327f/gartner-peer-insights.jpg\" data-sys-asset-uid=\"blt941e632c7863eb19\" alt=\"gartner-peer-insights.jpg\" width=\"225\" height=\"131\" style=\"width: 225;max-width: 225px;height: 131;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003eElastic appreciates the wonderful community of security practitioners that use Elastic Security as their SIEM solution, and how readily they provide us with feedback to help make our solution even better.\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eWhat customers have to say\u003c/h2\u003e"}],"_metadata":{"uid":"cs05f1eb0894596acb"}}},{"quotes":{"quote_l10n":"\"This product is already very mature and the expected features are going in the right direction. We were able to improve our security considerably with it.\"","_metadata":{"uid":"cs8029d5167d05fb0a"},"quote_author_l10n":"\u003ca href=\"https://www.gartner.com/reviews/market/security-information-event-management/vendor/elasticsearch/product/elastic-siem/review/view/3846224\"\u003eSenior Security Manager in the Services industry\u003c/a\u003e","quote_details_l10n":""}},{"quotes":{"quote_l10n":"“The solution provides fast and accurate insight across all the different apps and systems. With the built in tools and functionality correlating events across the environment is really easy and together with the rest of the stack our SOC can continuously monitor, investigate and respond in an intuitive and fast flow.”","_metadata":{"uid":"cs54a606867696f567"},"quote_author_l10n":"\u003ca href=\"https://www.gartner.com/reviews/market/security-information-event-management/vendor/elasticsearch/product/elastic-siem/review/view/3783118\"\u003eTechnical Lead Security Monitoring in the Services industry\u003c/a\u003e","quote_details_l10n":""}},{"quotes":{"quote_l10n":"\"You can't beat the speed and price. Great experience especially with how fast new features are being released. The search speed is incredible that no other product can compete with. Easy to scale and easy to have 100% availability due to distributed architecture.\"","_metadata":{"uid":"cs130dd250a83d1633"},"quote_author_l10n":"\u003ca href=\"https://www.gartner.com/reviews/market/security-information-event-management/vendor/elasticsearch/product/elastic-siem/review/view/3782034\"\u003eSenior Security Analyst in the Communications industry\u003c/a\u003e","quote_details_l10n":""}},{"quotes":{"quote_l10n":"“Have displaced a number of legacy SIEM products, being able to provide longer retention, higher ingest rate and at a reduced price point. Plenty of non vendor training options available that use Elastic as their tool of choice for training making it a great choice for SOCs.”","_metadata":{"uid":"cs2c85417b3d33f35c"},"quote_author_l10n":"\u003ca href=\"https://www.gartner.com/reviews/market/security-information-event-management/vendor/elasticsearch/product/elastic-siem/review/view/3781878\"\u003eIT Security Manager in the Manufacturing industry\u003c/a\u003e","quote_details_l10n":""}},{"quotes":{"quote_l10n":"\"Great option to scale to your needs without blowing your budget - The new wave of SIEM in general is quickly evolving, but I see the most potential to really bring everything together well with Elastic.\"","_metadata":{"uid":"cs20df988a006d7dae"},"quote_author_l10n":"\u003ca href=\"https://www.gartner.com/reviews/market/security-information-event-management/vendor/elasticsearch/product/elastic-siem/review/view/3781786\"\u003eSr InfoSec Ops Engineer in the Retail industry\u003c/a\u003e","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8ca998ffbbd7830a"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eAbout the Gartner Peer Insights Voice of the Customer Report\u003c/h2\u003e\u003cp\u003eCustomer feedback is truly a gift and we are honored. The report is a document that synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers.\u003c/p\u003e\u003cp\u003eGartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. Reviews go through a strict validation and moderation process in an effort to ensure they are authentic. The “\u003cem\u003eVoice of the Customer\u003c/em\u003e” document only includes vendors with 20 or more eligible published reviews during the specified 18-month submission period. Reviews from end users of companies with less than $50M in revenue are excluded from this methodology.\u003c/p\u003e\u003cp\u003eVendors placed in the upper-right quadrant of the “Voice of the Customer” quadrants are recognized with the Gartner Peer Insights Customers’ Choice distinction, denoted with a Customers’ Choice badge. The recognized vendors meet or exceed both the market average Overall Rating and the market average User Interest and Adoption.\u003c/p\u003e\u003cp\u003eElastic overall scored as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003eProduct capabilities (4.5 out 5) based on 49 responses\u003c/li\u003e\u003cli\u003eSales experience (4.5 out of 5) based on 42 responses\u003c/li\u003e\u003cli\u003eDeployment experience (4.5 out of 5) based on 48 responses\u003c/li\u003e\u003cli\u003eSupport experience (4.5 out of 5) based on 46 responses\u003c/li\u003e\u003cli\u003eWillingness for customers to recommend (98%) based on 51 responses\u003c/li\u003e\u003cli\u003e4.6 out of 5 overall rating from customers based on 51 responses\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eThanks to our Elastic Security Community\u003c/h2\u003e\u003cbr /\u003e\u003cp\u003eThe Elastic Security team is motivated by a vision to help protect the world’s data. Our software developers, security researchers, rule developers, data scientists, data engineers, Linux internal experts, product designers, quality assurance, user experience pros, and product managers all strive to bring deep security expertise to Elastic users through the Elastic Security solution.\u003c/p\u003e\u003cp\u003eThe SIEM capability is a key component of Elastic Security, built into the Elastic Stack, along with Endpoint Security and integrations that help identify security events as well as simplify and automate workflows necessary for efficient security operations.\u003c/p\u003e\u003cp\u003eWe are extremely pleased that Elastic Security is helping our SIEM users protect their organizations’ data and systems against cyber threats. We are thankful to our community of users for sharing their feedback, including their successes and challenges, with Elastic, their peers. Join our \u003ca href=\"https://www.elastic.co/community/\"\u003eElastic community\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eNot using Elastic Security yet? Take a look at one of our \u003ca href=\"https://www.elastic.co/webinars/unlock-your-soc-stop-threats-with-limitless-xdr\"\u003elatest demos\u003c/a\u003e and \u003ca href=\"https://cloud.elastic.co/registration\"\u003etry it free\u003c/a\u003e (no credit card required).\u003c/p\u003e\u003cp\u003e*Gartner, “\u003cem\u003eGartner Peer Insights Voice of the Customer: Security Incident and Event Management”, \u003c/em\u003ePeer Contributors, November 25, 2021.\u003c/p\u003e\u003cp\u003eGartner Disclaimer:\u003c/p\u003e\u003cp\u003e\u003cem\u003eGartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.\u003c/em\u003e\u003c/p\u003e\u003cem\u003eThe Gartner Peer Insights Customers’ Choice badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.\u003c/em\u003e"}],"_metadata":{"uid":"cs15c83991c05bfea6"}}}],"publish_date":"2021-12-09T20:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"title":"SIEM","label_l10n":"SIEM","keyword":"siem","hidden_value":false,"tags":[],"locale":"en-us","uid":"blta7a92715fa2dc7aa","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-07-12T21:52:53.275Z","updated_at":"2021-07-12T21:52:53.275Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-10-07T18:59:30.492Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt64ac6f0006f42861","ACL":{},"content_type":"image/png","created_at":"2021-05-05T14:26:05.870Z","created_by":"blt3e52848e0cb3c394","file_size":"111765","filename":"blog-security-timeseries-radar-720x420.png","tags":[],"title":"blog-security-timeseries-radar-720x420.png","updated_at":"2021-05-05T14:26:05.870Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-05-13T22:00:14.883Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt64ac6f0006f42861/6092aafd162d47104df4b8b9/blog-security-timeseries-radar-720x420.png"},"title":"Elastic Security was recognized as a Customers’ Choice in 2021 Gartner Peer Insights ‘Voice of Customer’: SIEM Report","title_l10n":"Elastic Security was recognized as a Customers’ Choice in 2021 Gartner Peer Insights ‘Voice of Customer’: SIEM Report","updated_at":"2025-03-07T16:01:46.693Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-security-recognized-customers-choice-gartner-peer-insights-report","publish_details":{"time":"2025-03-07T16:01:50.381Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt796edd8c52d4fcf7","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"CISOs must rethink how to manage cyber risk as an organizational priority.","author":["blteeb004d031583a0e"],"category":[],"created_at":"2021-10-29T16:14:15.940Z","created_by":"blt1e57c6588ae1816e","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"csb4a770a8c2de9a47"},"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eKey takeaways:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003eCyber risks aren’t exotic threats; they are just another form of business risk\u003c/li\u003e\u003cli\u003eCISOs should focus budgets first on people and processes, and then on technology\u003c/li\u003e\u003cli\u003eFostering a culture of openness around security helps organizations better accept and manage risk\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7f897a603d921d48"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eEach year, companies pour more money into their cybersecurity budgets — more than $\u003ca href=\"https://cybersecurityventures.com/cybersecurity-spending-2021-2025/\"\u003e262 billion\u003c/a\u003e collectively in 2021, up from just $3.5 billion about 20 years ago. Yet every year, the attacks, breaches, and losses continue to increase. Employing the same tactics while expecting different results is not a rational approach to managing cybersecurity risk.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSome security tactics, of course — defining acceptable levels of risk, using liability insurance to transfer some of that risk, and mitigating damage when it happens — remain important in reducing the impact of attacks. Yet, business leaders need to rethink their organizational strategy. Enterprise security is too important to be the sole purview of a handful of specialists, as it has been for years. It needs to be enmeshed into everyone's job around the enterprise.\u0026nbsp;\u003c/p\u003e\u003cp\u003eHere are four strategies CISOs should consider to help put cyber risk management on a better path.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e1. It’s time to normalize cybersecurity risk\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eFirst, organizations must change how they think about cyber risks. Cyberattacks have traditionally been seen as a unique, exogenous threat, separate from other aspects of corporate risk management. That needs to change.\u0026nbsp;\u003c/p\u003e\u003cp\u003eCyber risk \u003cem\u003eis\u003c/em\u003e business risk. It needs to be incorporated into every company’s risk-management framework and managed with some of the same methodologies used in financial and operational risk modeling. If CFOs and COOs can sleep decently at night, so too should their security peers in the C-suite.\u003c/p\u003e\u003cp\u003eIn many ways, cybersecurity is not a technology problem, it’s an organizational one. Security processes should be as fundamental to the enterprise as those for onboarding employees or designing great customer experiences. They need to receive the same consideration as every other necessary business function, along with commensurate funding and headcount.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSecurity also needs to be more proactive and less reactive. Just as a company wouldn’t wait to hire sales staff until after a product launch, it shouldn’t wait for a major incident before it funds a cybersecurity team and puts the right processes in place.\u003c/p\u003e\u003cp\u003eIt’s a given that organizations will continue to endure serious breaches; the more important question is whether they took reasonable measures to prevent them, and how effectively they respond.\u0026nbsp;\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e2. Focus on people, processes, and technology — in that order\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eNext, CISOs need to reconsider where they’re focusing their resources. Their budgets should follow a clearly defined set of priorities, and tech should — in most cases — not be at the top. The first priority is people, and that means investing in training your employees in proper security hygiene, in teaching and reskilling your teams, and in strengthening a security culture.\u003c/p\u003e\u003cp\u003eThe next spending priority should be internal processes. How thoroughly, for example, has the organization rehearsed what it will do in the event of a ransomware attack? Internal and external communications, operational continuity planning, and how (or whether) to engage with the attackers are all best planned before the crisis hits.\u003c/p\u003e\u003cp\u003eThird, only \u003cem\u003eafter\u003c/em\u003e the most pressing issues around people and processes have been addressed, should CISOs invest in technology tools to help reduce and manage threats.\u0026nbsp;\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e3. More carrots, fewer sticks\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eNearly 9\u003ca href=\"https://cisomag.eccouncil.org/psychology-of-human-error-could-help-businesses-prevent-security-breaches/\"\u003e in 10\u003c/a\u003e data breaches are the result of human error, according to a recent study by Stanford University researchers. And despite the more than $1 billion that companies spend annually on security awareness training, that’s unlikely to change. Companies need to find new ways to reward good security practices.\u003c/p\u003e\u003cp\u003eShaming employees for security slipups, for instance, doesn’t make them more vigilant. More often than not, it just scares them into silence and makes them less likely to speak up. Or they may try to solve the problem on their own and unknowingly make it worse. If they work in a highly regulated industry, that can lead to sanctions.\u003c/p\u003e\u003cp\u003eInstead, organizations need to foster a culture of openness around security, encouraging employees to ask questions and raise red flags. Some companies send out simulated phishing attacks and reward employees who successfully identify them with gift cards and other perks. Others offer public recognition for employees who pass the required security training. Nearly any form of positive acknowledgment is a step in the right direction.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e4. Make security tools easier to use\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eMuch of the billions of dollars companies spend on security technology goes toward shelfware that never gets used. In many cases, these are complicated tools that require experts who understand how to use them, and such people are in short supply. With a \u003ca href=\"https://www.zdnet.com/article/the-cybersecurity-jobs-crisis-is-getting-worse-and-companies-are-making-basic-mistakes-with-hiring/\"\u003esecurity labor shortage\u003c/a\u003e that isn’t going away soon, according to the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG), security tech must become easier to use.\u003c/p\u003e\u003cp\u003eSimpler tools would not only enable CISOs to hire more people to handle essential security functions, but also they would open up the workforce to a more diverse array of individuals with different backgrounds and tech expertise. Engineers also need to spend more time providing easy-to-understand dashboards that allow senior executives and other less technical people to understand the current state of risk.\u003c/p\u003e\u003cp\u003eOne of the reasons that my company, Elastic, offers a free and open technology stack is to encourage and enable a vibrant community of contributors. We also believe that opening products to the broader audience of developers makes them more secure.\u003c/p\u003e\u003cp\u003eEnterprise security cannot remain a siloed function handled by a crew of specialists. It needs to be part of everyone’s responsibilities. Making it so can help companies move beyond simply reacting to crises and into a new paradigm where they manage cybersecurity efficiently, like any other risk.\u003c/p\u003e\u003cp\u003e\u003cem\u003eNate Fick is the VP of Security Strategy\u0026nbsp;at Elastic.\u003c/em\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7e639a3fcdf0dbfc"}}}],"publish_date":"2021-11-04T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Why cybersecurity needs to be everyone’s job–and 4 steps to get started","seo_description_l10n":"CISOs must rethink how to manage cyber risk as an organizational priority.","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"CISOs must rethink how to manage cyber risk as an organizational priority.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blte0dda6da06a373ab","ACL":{},"content_type":"image/jpeg","created_at":"2021-11-04T00:02:58.661Z","created_by":"blt1e57c6588ae1816e","file_size":"149200","filename":"Normalization_v2_1440x840.jpg","parent_uid":null,"tags":[],"title":"Normalization_v2_1440x840.jpg","updated_at":"2021-11-04T00:02:58.661Z","updated_by":"blt1e57c6588ae1816e","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-11-08T20:00:00.732Z","user":"blt1e57c6588ae1816e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte0dda6da06a373ab/61832332ffff3679072221d6/Normalization_v2_1440x840.jpg"},"title":"Why cybersecurity needs to be everyone’s job–and 4 steps to get started","title_l10n":"Why cybersecurity needs to be everyone’s job–and 4 steps to get started","updated_at":"2025-03-07T13:01:13.326Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/why-cybersecurity-needs-to-be-everyones-job-and-4-steps-to-get-started","publish_details":{"time":"2025-03-07T13:01:17.342Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltecbae6a1e237690a","_version":22,"locale":"en-us","ACL":{},"abstract_l10n":"Observing Kubernetes deployments can be a challenge for an SRE or IT operations professional, but it all starts with the basics: knowing which components are observable, what can be observed, and how to understand and use that telemetry data. ","author":["blt5bd19cc24d46cd2f"],"category":["bltb79594af7c5b4199"],"created_at":"2022-11-08T19:32:11.758Z","created_by":"blt469f34057b68c377","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6754944989345e5b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn avid bird-watcher once told me that for bird-watching beginners, it’s more important to focus on learning about the birds and identifying their unique songs rather than trying to find the perfect pair of binoculars.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8fb9f1f8603b253d"}}},{"image":{"image":{"uid":"bltaa54b5b2131fe6ca","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T15:07:17.448Z","updated_at":"2022-11-09T15:07:17.448Z","content_type":"image/jpeg","file_size":"865874","filename":"observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg","title":"observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:22.888Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa54b5b2131fe6ca/636bc2252e16be076e6df481/observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg"},"_metadata":{"uid":"cs4c83c0aa3007c534"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-x-large: 100%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3d66025af19470b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of the aspects that makes Kubernetes such an interesting and dynamic system to observe is that unlike many other pieces of technology, it is not just one big bird always singing the same song but a group of different bird species who happen to sing a variety of amazing songs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing these metaphors around bird-watching relates well to Kubernetes observability. Let's first learn about the equivalent Kubernetes birds we can observe by looking at the key Kubernetes components and start exploring their bird songs by understanding which signals each one emits.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn this blog, we will focus on observing the infrastructure of Kubernetes over observing applications deployed on Kubernetes, giving us a view from the perspective of a Kubernetes cluster administrator.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch2\u003eWhat is observable in Kubernetes?\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKubernetes has four main components that we need to be aware of in order to understand what we will be observing: the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003econtrol plane, nodes, pods, and containers\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8b02526932bcf0b2"}}},{"image":{"image":{"uid":"blt7c73df35b00d1632","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-08T19:29:05.366Z","updated_at":"2022-11-08T19:29:05.366Z","content_type":"image/png","file_size":"47653","filename":"kubernetes-diagram-720x420_2x.png","title":"kubernetes-diagram-720x420_2x.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:22.914Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7c73df35b00d1632/636aae01358231185a7a828d/kubernetes-diagram-720x420_2x.png"},"_metadata":{"uid":"cs707a8fc190ae5fa1"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9bc876471ee131cb"},"header_style":"H2","paragraph_l10n":"\u003ch3 style=\"text-align: justify;\"\u003eMonitoring the Kubernetes control plane\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis is a machine (virtual or physical) comprising a collection of items that are mainly focused on dealing with Kubernetes being an orchestrator. The key element of the control plane is the kube-apiserver, and the data we can get through it will enable us to best understand the overall status of the cluster.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eControl plane elements observable through the kube-apiserver are:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli style=\"font-size: 12pt;\"\u003eetcd: \u003cspan style=\"font-size: 12pt;\"\u003ea distributed key value pair database used as a backing store for cluster data\u003c/span\u003e\u003c/li\u003e\u003cli style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekube-scheduler: the controller responsible for deciding which node to place new pods in\u003c/span\u003e\u003c/li\u003e\u003cli style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekube-controller-manager: runs all controller processes; logically controllers are separate but to reduce complexity they’re bundled into a single binary and process\u003c/span\u003e\u003c/li\u003e\u003cli style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecloud-controller-manager: the controller responsible for interacting with cloud provider resources via the cloud provider API\u003c/span\u003e\u003cspan\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA read through the Kubernetes \u003c/span\u003e\u003ca href=\"https://kubernetes.io/docs/concepts/overview/components/#control-plane-components\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is recommended to get into more details of the functions that each of these control plane components is there to perform.\u003c/span\u003e\u003c/p\u003e\u003ch3 style=\"text-align: justify;\"\u003eMonitoring Kubernetes nodes\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNodes give Kubernetes its computing power. They are the (virtual or physical) machines pods run on. Each node contains the following elements:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"font-size: 12pt;\"\u003e\u003c/p\u003e\u003cul\u003e\u003cli style=\"font-size: 12pt;\"\u003ekubelet: an a\u003cspan style=\"font-size: 12pt;\"\u003egent in charge of registering the node with control plane, making sure containers running in each pod are healthy and communicating this information back to the control plane through the kube-apiserver\u003c/span\u003e\u003c/li\u003e\u003cli style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekube-proxy: a network proxy that runs on each node, making network communication to pods from inside and outside the cluster possible\u003c/span\u003e\u003c/li\u003e\u003cli style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econtainer\u0026nbsp;runtime: the software that is responsible for running containers\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMore details on each node component can be found in the Kubernetes \u003c/span\u003e\u003ca href=\"https://kubernetes.io/docs/concepts/overview/components/#node-components\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003ch3 style=\"text-align: justify;\"\u003eMonitoring Kubernetes pods and containers\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePods are the smallest deployable computing unit in Kubernetes. We can think of pods as a wrapping for running containers.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe most common model is to have one container per pod, but there can be multiple containers running in a pod for use cases that require them to be tightly coupled or share resources, such as applications with sidecar containers.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eUnderstanding the Kubernetes resource based model\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKubernetes has a declarative model based on resources. The idea is that users provide an intent and Kubernetes acts on that intent to create or modify the resources as requested by the user without requiring further user input.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe will discuss only some examples from the \u003c/span\u003e\u003ca href=\"https://kubernetes.io/docs/reference/kubernetes-api/\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efull list of resources\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e available through the Kubernetes API.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch3 style=\"text-align: justify;\"\u003eWorkload resources\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePods can be created using different workload resources, which can provide different patterns of deployment. These can be Deployments, ReplicaSets, StatefulSets, DaemonSets, Jobs, etc.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor example,\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDaemonSets\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eensure that there is an instance of the same pod running on each node.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGrasping \u003c/span\u003e\u003ca href=\"https://kubernetes.io/docs/concepts/workloads/controllers/\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edetails of how each workload resource works\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is crucial for a thorough understanding of deployment issues in Kubernetes.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eOther relevant resources\u003c/h3\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003enamespace: a cluster resource that can be used to provide logical boundaries for other resources, enabling a cluster administrator to decide who has access to what or monitoring a group of resources that may be linked with a specific area of the business\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eevent: \u0026nbsp;a report of an event somewhere in the cluster, usually a state change in the system\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eWhat can be observed in each Kubernetes component?\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSimilar to how bird songs are composed of different musical notes, the status of a Kubernetes cluster is derived from the signals it emits. Understanding these signals will get us closer to having music in our ears.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe signals we can get from the Kubernetes components can be categorized within the three pillars of observability: metrics, logs, and traces.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eKubernetes metrics\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMetrics are numerical signals that can help us understand a component's overall behavior over time. For example, we can use metrics to build a dashboard to understand resource usage and answer questions such as “What is the average CPU consumption per pod?”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd8b1c50691e4dd2c"}}},{"image":{"image":{"uid":"blt252b9d8fbd48eedb","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T15:07:39.724Z","updated_at":"2022-11-09T15:07:39.724Z","content_type":"image/jpeg","file_size":"984306","filename":"observingkubernetesbasics-cpuconsumption-3-3.jpeg","title":"observingkubernetesbasics-cpuconsumption-3-3.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:22.937Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt252b9d8fbd48eedb/636bc23b421feb097ddb607a/observingkubernetesbasics-cpuconsumption-3-3.jpeg"},"_metadata":{"uid":"cs8c1e82035a8713c3"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaa9e7f1cb36cd6da"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMetrics are available in \u003c/span\u003e\u003ca href=\"https://prometheus.io/docs/instrumenting/exposition_formats/\"\u003e\u003cspan style='font-size: 12pt;'\u003ePrometheus format\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which is structured plain text that humans and machines can both read. The majority of Kubernetes components metrics are available on the /metrics endpoint of the HTTP server.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGiven the open source origins of Kubernetes, the Kubernetes community makes the decision to introduce or deprecate metrics as the Kubernetes ecosystem grows and evolves. There is a published \u003c/span\u003e\u003ca href=\"https://github.com/kubernetes/kubernetes/blob/master/test/instrumentation/testdata/stable-metrics-list.yaml\"\u003e\u003cspan style='font-size: 12pt;'\u003elist of stable metrics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to help you stay on top of things.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eKubernetes logs\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogs are records that help us keep track of what a component is doing at a given time. The information provided by logs when correlated with metrics makes for a powerful combination and provides important insights. While metrics will tell you that a resource is dead, logs will help you understand the exact reason the resource died. The lowest level of logs we can gather from Kubernetes is individual container logs — these are available as standard streams (stdout and stderr).\u003c/span\u003e\u003cbr/\u003e\u003cbr/\u003e\u003cspan style='font-size: 12pt;'\u003eGetting a sneak peek at a pod’s logs using the kubectl cli is as easy as typing the below \u003c/span\u003e\u003ca href=\"https://jamesdefabia.github.io/docs/user-guide/kubectl/kubectl_logs/\"\u003e\u003cspan style='font-size: 12pt;'\u003ekubectl logs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e command.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f16131b35729ee8"}}},{"code":{"code":"kubectl logs POD ","_metadata":{"uid":"cs90e143e0a57a1106"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3cc3716432df2720"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExample:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs925b3e6f60383c74"}}},{"code":{"code":"# Return snapshot logs from a pod running Elastic Agent as its only container\n\nkubectl logs elastic-agent-894vs -n kube-system \n","_metadata":{"uid":"cs052a48f30dad6b8c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaba615abbe69010f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe result will contain a number of logs looking similar to the example below.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdbdd11ee58d40d8d"}}},{"code":{"code":"{\"log.level\":\"info\",\"@timestamp\":\"2022-10-03T10:39:28.047Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":307},\"message\":\"operation 'operation-start' skipped for filebeat.8.3.1\",\"ecs.version\":\"1.6.0\"}","_metadata":{"uid":"csd539edcd6c056ce5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfa890de0d920cc0c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is important to be aware that Kubernetes containers’ ephemeral nature means that container logs will only be available for the previous and current instance of a container. Therefore, implementing a cluster-level logging solution is required to guarantee access to logs beyond the lifetime of a pod or even the cluster.\u003c/span\u003e\u003c/p\u003e\u003ch3 style=\"text-align: justify;\"\u003eTraces in Kubernetes\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA trace will record the touchpoints of a request or action as it moves through the different components of a distributed system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eApplication layer tracing can be implemented with external components in similar fashion to any other distributed system. For tracing of requests between Kubernetes system components, there is a feature in \u003c/span\u003e\u003ca href=\"https://kubernetes.io/docs/concepts/cluster-administration/system-traces/\"\u003e\u003cspan style='font-size: 12pt;'\u003ealpha state\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e aimed at keeping records of latency and relationships between operations in the cluster.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eKubernetes events\u003cspan style='color:rgb(67, 67, 67);'\u003e\u0026nbsp;\u003c/span\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is an area where bird watching significantly diverts from Kubernetes, and that is the ephemeral nature of Kubernetes. Imagine that we’re part of a video game with characters that get killed and respawn automatically with another identity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKeeping track of that happening would be impossible with conventional heartbeat signals. This is where another type of information called Kubernetes events can help us stay on top of changes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile Kubernetes events are not part of the aforementioned three pillars of observability, they are a resource that has a crucial role in helping us understand the potential causes of issues. Events are a resource type that is automatically generated when other resources have a change of state, an error occurrence, or any other message that is important to broadcast. Each event message is assigned a type (normal, error, warning, etc.) to better help us categorize those we should be more aware of.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvents can be explored by using the kubectl describe pod command or using kubectl get events.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting events with kubectl describe pod example:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs21d4d994a479609e"}}},{"code":{"code":"# Explore the events related to a specific Kubernetes pod\nkubectl describe pod elastic-agent-894vs -n kube-system","_metadata":{"uid":"cscddfe59d89de7663"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8063a9fced416207"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe output of describe will have a section at the end containing the events for this specific pod.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs672554fcb16df59e"}}},{"code":{"code":"Events:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedScheduling 2m (x4886 over 3d16h) default-scheduler 0/3 nodes are available: 1 Insufficient memory, 2 node(s) didn't match Pod's node affinity/selector.\n Normal NotTriggerScaleUp 110s (x31772 over 3d16h) cluster-autoscaler pod didn't trigger scale-up:\n","_metadata":{"uid":"csf5f785ccde8d148d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc451210433c934e6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting events with kubectl get events example:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs025a4cdf89a99a56"}}},{"code":{"code":"# Explore the events across the cluster\nkubectl get events -A","_metadata":{"uid":"cs83df2af4a6e5e77b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6062b88125e7db41"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe output of describe will have a section at the end containing the latest cluster wide events.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7f96a49eda6a03cb"}}},{"code":{"code":"LAST SEEN TYPE REASON OBJECT MESSAGE\n49m Warning ContainerdStart node/miguel-cluster1 Starting containerd container runtime...\n49m Warning DockerStart node/miguel-cluster1 Starting Docker Application Container Engine...\n49m Warning KubeletStart node/miguel-cluster1 Started Kubernetes kubelet.\n50m Normal Starting node/miguel-cluster1 Starting kubelet.\n50m Warning InvalidDiskCapacity node/miguel-cluster1 invalid capacity 0 on image filesystem\n50m Normal NodeHasSufficientMemory node/node/miguel-cluster1 Node node/miguel-cluster1 status is now: NodeHasSufficientMemory\n50m Normal NodeHasNoDiskPressure node/miguel-cluster1 Node node/miguel-cluster1 status is now: NodeHasNoDiskPressure\n","_metadata":{"uid":"cs0c10accae1fc0cbb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs286c8ae0c401295d"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eDeducing the status of a Kubernetes cluster from signals\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNow that we are familiar with a variety of musical notes, it is time to create some observability music!\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSimilar to how there is no fixed formula to create songs, there is no unique way to find meaningful correlation in the signals we are gathering. There are, however, best practices that can help us make sure we ask the right questions according to our use case and get the best possible answers.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eUsing Kubernetes metrics to identify issues\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe most popular methods for analyzing metrics on distributed systems can help you choose which metrics to gather and how to analyze the performance of your system. Great resources include Google’s SRE book, \u003c/span\u003e\u003ca href=\"https://sre.google/sre-book/monitoring-distributed-systems/#xref_monitoring_golden-signals\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe four golden signals\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Brendan Gregg’s \u003c/span\u003e\u003ca href=\"https://www.brendangregg.com/usemethod.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUSE method\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or Tom Wilkie’s \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=TJLpYXbnfQ4\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRED method\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing one of these will help us make music by choosing the metrics relevant to our system. There are different tools to help us stay on top of information; the appropriate one will be based on the circumstances.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVisualizations\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDashboards can help us get a quick visual of the overall status of the metrics we have chosen or help us understand behavior over time. The below example dashboard provides a good overview of the status of the Pod workload resources and Pod resource usage of CPU and memory.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs31bc8843da8a2f66"}}},{"image":{"image":{"uid":"blt2129d020a916ee65","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T16:09:56.574Z","updated_at":"2022-11-09T16:09:56.574Z","content_type":"image/jpeg","file_size":"1694059","filename":"observingkubernetesbasics-podresources-4.jpeg","title":"observingkubernetesbasics-podresources-4.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:22.962Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2129d020a916ee65/636bd0d42e673b30d507d573/observingkubernetesbasics-podresources-4.jpeg"},"_metadata":{"uid":"csbfe18727e362b529"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs42e5abe04d27c917"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStaying on top of your Kubernetes cluster at all times\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor observability practitioners whose goal is to keep Kubernetes up and running at all times, such as an SRE or a CloudOps professional, being stuck to a dashboard with the hope of looking at the right thing at the right time is not a feasible option. Many common use cases can be covered by implementing threshold rules that will trigger informative alerts when a threshold is reached or close to being reached.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, set up an automated rule that will send a Slack message whenever a pod is restarted more than X times within a certain period.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0f2428ecb0bc8481"}}},{"image":{"image":{"uid":"blta7ce7108e9c0a254","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T16:10:11.532Z","updated_at":"2022-11-09T16:10:11.532Z","content_type":"image/png","file_size":"243150","filename":"observingkubernetesbasics-rules-5.png","title":"observingkubernetesbasics-rules-5.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:22.987Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta7ce7108e9c0a254/636bd0e3571726758dbe44f7/observingkubernetesbasics-rules-5.png"},"_metadata":{"uid":"cs8bc7f8d829997bdd"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9207d29bc0992d09"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSpotting what you might otherwise miss\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSetting up basic threshold rules will not provide enough coverage given there are behaviors that can only be considered abnormal based on the preceding or surrounding data points. The use of tools like machine learning will enable us to find anomalies in behavior or predict how a Kubernetes component should perform based on trends and with limited guidance required from the user.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, using a single metric ML job to identify an anomaly for Kubernetes Pods CPU usage.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbf1f6ad3f79d9211"}}},{"image":{"image":{"uid":"blt32d88b7ae4dc555b","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T16:10:23.150Z","updated_at":"2022-11-09T16:10:23.150Z","content_type":"image/png","file_size":"439194","filename":"observingkubernetesbasics-metricviewer-6.png","title":"observingkubernetesbasics-metricviewer-6.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:23.014Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt32d88b7ae4dc555b/636bd0ef120bae1633ca891a/observingkubernetesbasics-metricviewer-6.png"},"_metadata":{"uid":"cs8377ea21d7b5d488"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csad299d885755901f"},"header_style":"H2","paragraph_l10n":"\u003ch3\u003eMoving the investigation from metrics to logs\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter metrics have helped us identify issues, logs are great at surfacing granular information with rich local context. Trying to find an issue by looking at logs on their own can be compared to finding a needle in a haystack, but once metrics have helped us to narrow down potential cluster issues to a few components, log analysis will help us understand more details about what has happened. Stored and indexed logs can be visualized with a variety of tools to help you slice and dice them as required.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs132209dfb4aa5281"}}},{"image":{"image":{"uid":"blt642238f034d83d05","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-09T16:10:36.599Z","updated_at":"2022-11-09T16:10:36.599Z","content_type":"image/png","file_size":"643001","filename":"observingkubernetesbasics-logs-7.png","title":"observingkubernetesbasics-logs-7.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:23.037Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt642238f034d83d05/636bd0fc0b5d2311678e5f22/observingkubernetesbasics-logs-7.png"},"_metadata":{"uid":"csd8dfabdcbb6167e1"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc726b0c591967f5d"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003ePutting it all into practice\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that you are familiar with the most common type of Kubernetes birds and their songs, it’s important to actually go and do some Kubernetes watching — this is where finding a good pair of binoculars or a telephoto lens will come in handy.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdea782a09a8737c9"}}},{"image":{"image":{"uid":"bltdc0aa4fc84474ded","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-08T19:30:00.705Z","updated_at":"2022-11-08T19:30:00.705Z","content_type":"image/png","file_size":"215254","filename":"observingkubernetesbasics-binoculars-8.png","title":"observingkubernetesbasics-binoculars-8.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-09T20:09:23.061Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdc0aa4fc84474ded/636aae3809737b2f10270a45/observingkubernetesbasics-binoculars-8.png"},"_metadata":{"uid":"csa59470311fd875f7"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-x-large: 100%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92d460fca0e756b4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo properly observe Kubernetes, we need reliable software tools to help us gather and store the data we can get from it and more importantly, help us visualize the most comprehensive picture of the status of our Kubernetes clusters and containers running on them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"font-size: 12pt;\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore how Elastic can provide you with a unified \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/kubernetes-cluster-metrics-logs-monitoring\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKubernetes observability\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e solution to help you store all types of Kubernetes signals from logs, metrics, and traces. Elastic Observability offers a multitude of data analysis tools to help you surface the meaning behind the data, such as cluster overview dashboards, log analysis console, and machine learning based anomaly detection.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs697e39408d62641d"}}}],"publish_date":"2022-11-09","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":{"uid":"blt6074501b9d5f3cca","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-15T12:35:59.892Z","updated_at":"2022-11-15T12:35:59.892Z","content_type":"image/jpeg","file_size":"68550","filename":"observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg","title":"observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-15T13:28:36.553Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6074501b9d5f3cca/637387af3177be104ac20207/observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg"},"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt5f2c0926801ce9c6","ACL":{},"created_at":"2023-11-06T21:28:52.513Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kubernetes","label_l10n":"Kubernetes","tags":[],"title":"Kubernetes","updated_at":"2023-11-06T21:28:54.645Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.349Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt81b58809978b575d","created_by":"blt469f34057b68c377","updated_by":"blt469f34057b68c377","created_at":"2022-11-08T19:27:26.155Z","updated_at":"2022-11-10T16:10:17.909Z","content_type":"image/jpeg","file_size":"68550","filename":"observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg","title":"observingkubernetesbasics-podresources-4.png","ACL":{},"_version":3,"parent_uid":null,"is_dir":false,"tags":[],"description":"","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-10T16:10:54.717Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt81b58809978b575d/636d22691eced80972fa27bf/observingkubernetesbasics-pexelsrajukhanpathan-1-1.jpeg"},"title":"The basics of observing Kubernetes: A bird-watcher’s perspective","title_l10n":"The basics of observing Kubernetes: A bird-watcher’s perspective","updated_at":"2025-03-07T12:59:52.689Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/monitoring-kubernetes-observability-basics","publish_details":{"time":"2025-03-07T12:59:56.336Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt77d3ec36b4bb3ab1","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security has earned the AV-Comparatives Approved Product Award for Enterprise Main-Test Series 2024. It excelled in diverse protection scenarios, demonstrating superior threat protection and system performance while minimizing false alarms.","author":["blt2197c290679d2e28"],"category":["bltb79594af7c5b4199"],"created_at":"2025-03-05T00:53:09.408Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa1db0f0f75bbc578"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security has earned \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/av-comparatives-awards-2024-for-elastic/#:~:text=Elastic%20was%20very%20successful%20in,Product%20Award%20for%20both%20runs\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives’ 2024 Approved Product Award in the Enterprise Main-Test Series\u003cwbr\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. The honor reflects its outstanding malware defense, optimal system performance, and minimal false positives. Excelling across protection, performance, and false-positive benchmarks, Elastic Security has proven its ability to safeguard organizations without compromise. This independent recognition underscores our commitment to delivering world-class security solutions for businesses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why the test matters","_metadata":{"uid":"csd730de47da588025"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.av-comparatives.org/consumer/\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a globally respected independent testing lab known for its rigorous evaluations of security software. Its enterprise-focused trials simulate real-world attacks to assess a product’s ability to block threats, maintain system performance, and minimize false positives. Earning the Approved Product award demonstrates that Elastic Security meets these high standards.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Highlights from Elastic Security’s performance","_metadata":{"uid":"cs95830b00c2ab29b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAV-Comparatives Enterprise Approved Product Award winner:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Recognized for robust protection, high performance, and minimal false positives\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e99.8% malware protection rate:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Effectively detects and mitigates real-world threats\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eZero false positives:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensures security teams focus on real threats, not noise\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMinimal system impact:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Proven to maintain performance without slowing business operations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSeamless integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Designed for modern security teams, leveraging the speed and extensibility of the Elastic Search AI Platform\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese outcomes reflect our continuous efforts to enhance security measures and provide reliable protection for businesses of all sizes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Performance is in our DNA","_metadata":{"uid":"cse05b3669641e658d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn today’s cybersecurity landscape, strong malware protection is essential for ensuring smooth business operations. A sluggish device or high resource consumption can be a warning sign of malicious processes. While advanced security features like behavior-based threat detection, ransomware defense, and AI-driven analytics are vital, overall system performance plays an equally important role in endpoint security.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic Security, we recognize that effective protection must come without sacrificing speed or stability. We’ve made it our mission to deliver powerful security capabilities with minimal impact on CPU and memory usage — setting a high standard for how the Elastic Agent is developed and maintained. This philosophy has been validated by independent testing: our AV-Comparatives results confirmed that we can keep systems secure without slowing them down.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Get started with Elastic Security","_metadata":{"uid":"csed350ee319256480"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJoin the growing number of businesses that trust Elastic Security — now recognized by AV-Comparatives as an industry-leading solution — to protect their organization against attacks. Experience the peace of mind that comes with knowing your endpoints (and your organization as a whole) are secure against the latest threats. Start your Elastic Security \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and discover the difference that our protection can make. Visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eelastic.co/security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to learn more and get started.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more detailed results, see the \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/av-comparatives-awards-2024-for-elastic/#:~:text=Elastic%20was%20very%20successful%20in,Product%20Award%20for%20both%20runs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAV-Comparatives Awards 2024 for Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e report.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs1b8c32be487105bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86302c4a0596c579"}}}],"publish_date":"2025-03-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security Achieves AV-Comparatives Enterprise Award 2024","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Awarded for outstanding protection, performance, and minimal false positives.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte41b0699a34eac99","ACL":{},"created_at":"2023-11-06T20:38:53.624Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"edr","label_l10n":"EDR","tags":[],"title":"EDR","updated_at":"2023-11-06T20:38:53.624Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:26.559Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte6358c0a4368f192","ACL":{},"created_at":"2023-11-06T20:39:12.952Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"end-user-experience","label_l10n":"End user experience","tags":[],"title":"End user experience","updated_at":"2023-11-06T20:39:12.952Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:48.382Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltd12745b736426a5f","_version":1,"title":"lake with woman.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-07T00:05:04.998Z","updated_at":"2025-03-07T00:05:04.998Z","content_type":"image/jpeg","file_size":"38797","filename":"lake_with_woman.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-07T00:07:04.138Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd12745b736426a5f/67ca3831045f582d16c0200e/lake_with_woman.jpg"},"title":"Elastic Security wins AV-Comparatives 2024 Enterprise Approved Product Award","title_l10n":"Elastic Security wins AV-Comparatives 2024 Enterprise Approved Product Award","updated_at":"2025-03-07T00:05:25.327Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-security-av-comparatives-award","publish_details":{"time":"2025-03-07T00:07:03.829Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbb7503a3cf33f6aa","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is excited to announce the technical preview of Elastic Cloud Serverless on Google Cloud. Built on the industry-first Search AI Lake architecture, it combines vast storage, low-latency querying, and advanced AI capabilities. ","author":["blt7969873b62221c94"],"category":["bltb79594af7c5b4199"],"created_at":"2025-03-05T01:19:28.495Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb0336d5279e3fe04"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are excited to announce the technical preview of Elastic Cloud Serverless on Google Cloud — now available in the Iowa (us-central1) region. Elastic Cloud Serverless provides the fastest way to start and scale observability, security, and search solutions without managing infrastructure. Built on the industry-first \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — which leverages Google Cloud Storage — it combines vast storage, separate storage and compute, low-latency querying, and advanced AI capabilities to deliver uncompromising speed and scale.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start and scale quickly with Elastic Cloud Serverless on Google Cloud","_metadata":{"uid":"cs93d860d26b435649"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNo compromise on speed or scale:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elasticsearch Serverless dynamically scales to accommodate your workload, handling unpredictable traffic spikes automatically — all while delivering low-latency search on boundless object storage.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHassle-free operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Say goodbye to managing clusters, provisioning nodes, or fine-tuning performance. Free your team from operational tasks — no need to manage infrastructure, do capacity planning, upgrade, or scale data.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePurpose-built product experience:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless offers a streamlined workflow to help you create projects tailored to your unique use cases in observability, security, and search. With guided onboarding, you can use in-product resources and tools that guide you every step of the way, accelerating time to value.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFlexible usage-based pricing model: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless offers a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-pricing-packaging\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eusage-based pricing model\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that scales with your needs. You only pay for what you use — whether it’s for data ingested and retained in Elastic Security and Observability products or for compute resources in Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Getting started with Elastic Cloud Serverless on Google Cloud","_metadata":{"uid":"cs132d7d4eb4f63a23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo try Elastic Cloud Serverless, \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esign up\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003elog in\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to the Elastic Cloud console and create a serverless project.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor Observability or Security projects, select Google Cloud as the cloud provider and US Central 1 (Iowa) as the region.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor Elasticsearch projects, choose a use case (“General Purpose” or “Optimized for Vectors”), and then select Google Cloud as the cloud provider and US Central 1 (Iowa) as the region.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eClick \"Create project,” and your Elastic Cloud Serverless project will be provisioned in minutes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eVisit our \u003ca href=\"https://www.elastic.co/docs/current/serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to learn more.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"cs224468dddbac675f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are just getting started. We are working to expand Elastic Cloud Serverless to additional Google Cloud regions and introduce new features to further enhance performance and usability. Stay tuned for exciting updates as we bring the full power of Elastic’s solutions to Google Cloud users.\u003cbr /\u003e\u003cbr /\u003eThe future of search, security, and observability is here without compromise on speed, scale, or cost. Experience Elastic Cloud Serverless and Search AI Lake to unlock new opportunities with your data. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e about the possibilities of serverless or start your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree trial now\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on Google Cloud in technical preview.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csd8fa2c1657cb07dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs67163a49c2eed79c"}}}],"publish_date":"2025-03-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Announcing the technical preview of Elastic Cloud Serverless on Google Cloud","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions — without managing infrastructure. ","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltd3330c8b33d68fef","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-03-05T01:15:44.202Z","created_by":"blte369ea3bcd6ac892","file_size":"92385","filename":"175344_-_Blog_Header_Image_Elastic_Cloud_Serverless_1_V1.jpg","parent_uid":null,"tags":[],"title":"175344 - Blog Header Image Elastic Cloud Serverless 1_V1.jpg","updated_at":"2025-03-05T01:15:44.202Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-03-10T13:00:02.047Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd3330c8b33d68fef/67c7a5c05e83f4d0aecb8bad/175344_-_Blog_Header_Image_Elastic_Cloud_Serverless_1_V1.jpg"},"title":"Elastic Cloud Serverless now available in technical preview on Google Cloud","title_l10n":"Elastic Cloud Serverless now available in technical preview on Google Cloud ","updated_at":"2025-03-06T18:01:44.712Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-cloud-serverless-google-cloud-tech-preview","publish_details":{"time":"2025-03-10T13:00:02.030Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltead58fb81fb7307d","_version":37,"locale":"en-us","ACL":{},"abstract_l10n":"With Elastic Observability 8.1, development teams can now get enhanced visibility into AWS Lambda and CI/CD build pipelines, and leverage open standards based instrumentation for unified data ingest and analysis across a wide variety of data types.","author":["blt06813ba62b8b04b9"],"category":["bltfaae4466058cc7d6"],"created_at":"2022-03-02T13:15:24.433Z","created_by":"blt469f34057b68c377","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse916570ae67fc8cd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eTechnologies such as \u003ca href=\"https://www.elastic.co/what-is/serverless-computing\" target=\"_self\"\u003eserverless computing\u003c/a\u003e frameworks and CI/CD automation tools help accelerate software development lifecycles (SDLC) to give development teams a competitive edge in the marketplace. Armed with these technologies, teams can deploy and innovate faster and more frequently by automating repetitive tasks and eliminating the need to manage or provision servers.\u003c/p\u003e\u003cp\u003eWith Elastic Observability 8.1, DevOps and SRE teams can now leverage even better support for these technologies with the ability to capture application traces from AWS Lambda, ingest OpenTelemetry logs, and collect detailed Jenkins build logs using the OpenTelemetry Collector.\u003c/p\u003e\u003cp\u003eThese new features allow customers to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAccelerate release cycles with observability for AWS Lambda functions and CI/CD build pipelines\u003c/li\u003e\u003cli\u003eStandardize open standards based data collection by ingesting OpenTelemetry logs along with metrics and traces\u003c/li\u003e\u003cli\u003eUnify these data streams with other relevant observability data and easily navigate investigative workflows without losing context\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eElastic Observability 8.1 is \u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-7-13-blog\" target=\"_self\"\u003eavailable now on Elastic Cloud\u003c/a\u003e — the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also \u003ca href=\"https://www.elastic.co/downloads/\" target=\"_self\"\u003edownload the Elastic Stack\u003c/a\u003e and our cloud orchestration products, Elastic Cloud Enterprise and Elastic Cloud for Kubernetes, for a self-managed experience.\u003c/p\u003e\u003ch2\u003eGet enhanced visibility into AWS Lambda (Beta)\u003c/h2\u003e\u003cp\u003eGet end-to-end application performance monitoring (APM) visibility and correlate AWS Lambda traces with other Elastic Observability data for faster and more comprehensive root cause analysis.\u0026nbsp;\u003c/p\u003e\u003cp\u003eLambda is a popular high-availability compute service provided by Amazon that lets developers run event-driven functions on a pay-per-use basis without having to provision or manage servers — increasing development efficiency and controlling costs.\u003c/p\u003e\u003cp\u003eWith Elastic Observability 8.1, development teams can now \u003ca href=\"https://www.elastic.co/guide/en/apm/guide/current/monitoring-aws-lambda.html\" target=\"_blank\"\u003ecollect serverless application traces\u003c/a\u003e from Lambda functions written in Node.js, Python and Java. Elastic additionally supports native cloud monitoring with open standards with the ability to collect \u003ca href=\"https://www.elastic.co/blog/tracing-aws-lambdas-with-opentelemetry-and-elastic-observability\" target=\"_blank\"\u003eLambda traces via OpenTelemetry\u003c/a\u003e (Java and Python only).\u003c/p\u003e"}],"_metadata":{"uid":"cs2bc783fa5b9c5c38"}}},{"video":{"vidyard_uuid":"JJHRxzPN11jQWJ1uiFptJh","_metadata":{"uid":"cs933bd22429e9075e"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb78260f351d55b58"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eAugment CI/CD observability with Jenkins logs\u003c/h2\u003e\n\u003cp\u003eDevelopers around the world rely on Jenkins automation to reliably build, test, and deploy their software. Elastic empowers developers with visibility into their CI/CD pipelines with high level health indicator dashboards and drill-downs, along with intuitive visualizations of critical build activities.\u003c/p\u003eNow, in Technical Preview with Elastic Observability 8.1, teams can improve traceability of their software supply chain process by additionally collecting \u003ca href=\"https://plugins.jenkins.io/opentelemetry/\" target=\"_blank\"\u003edetailed Jenkins logs\u003c/a\u003e, including errors and build execution details, such as test outputs, using the OpenTelemetry Collector."}],"_metadata":{"uid":"cs9ba52b6ae4a18a71"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt55c8587a58bd472f","ACL":{},"content_type":"image/png","created_at":"2022-03-02T17:53:38.458Z","created_by":"blt469f34057b68c377","file_size":"757655","filename":"Image3.png","parent_uid":null,"tags":[],"title":"Image3.png","updated_at":"2022-03-02T17:53:38.458Z","updated_by":"blt469f34057b68c377","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T20:34:55.688Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt55c8587a58bd472f/621faf224428422d082c435a/Image3.png"},"_metadata":{"uid":"cscf2e7581253d8c62"},"caption_l10n":"Troubleshoot Jenkins errors and build execution issues with detailed logs — in combination with high level CI/CD pipeline health dashboards and other intuitive drill-downs.","alt_text_l10n":"Troubleshoot Jenkins errors and build execution issues with detailed logs — in combination with high level CI/CD pipeline health dashboards and other intuitive drill-downs.","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs72c4c56b02220372"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eStandardize data collection with OpenTelemetry\u003c/h2\u003e\n\u003cp\u003eElastic Observability users can now also ingest OpenTelemetry logs, in addition to existing support for ingesting OpenTelemetry metrics and traces. With the ability to ingest \u003ca href=\"https://www.elastic.co/observability/opentelemetry\" target=\"_blank\"\u003eOpenTelemetry observability\u003c/a\u003e data into Elastic, DevOps teams can now maintain an open standards-based, vendor-neutral observability architecture while streamlining investigative workflows with contextual navigation across signal types and layers.\u003c/p\u003e"}],"_metadata":{"uid":"cs453e4023c3a8ab65"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt7a563316b21adb86","ACL":{},"content_type":"image/png","created_at":"2022-03-02T17:43:44.449Z","created_by":"blt469f34057b68c377","file_size":"658717","filename":"image_(4).png","parent_uid":null,"tags":[],"title":"image_(4).png","updated_at":"2022-03-02T17:43:44.449Z","updated_by":"blt469f34057b68c377","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T20:34:55.712Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7a563316b21adb86/621facd068865368951c6443/image_(4).png"},"_metadata":{"uid":"csabd8f615b9002045"},"caption_l10n":"Organizations that already use the OpenTelemetry Collector for tracing and metrics collection can now standardize data collection across a diversity of sources and data types by also using it for log ingest.","alt_text_l10n":"Organizations that already use the OpenTelemetry Collector for tracing and metrics collection can now standardize data collection across a diversity of sources and data types by also using it for log ingest.","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2d941260b8fadcca"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eAccelerate troubleshooting with unified observability\u003c/h2\u003e\n\u003cp\u003eElastic Observability 8.1 extends visibility to additional platforms and data sources, including AWS Lambda traces, OpenTelemetry logs, and Jenkins build details. \u003c/p\u003e\n\u003cp\u003eWith all the data in one place, within \u003ca href=\"https://www.elastic.co/guide/en/ecs/current/ecs-reference.html\" target=\"_blank\"\u003eone common schema\u003c/a\u003e, teams that use Elastic can streamline investigative workflows and easily correlate across and navigate to other relevant observability data for contextual troubleshooting. In addition, leveraging Elastic’s \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/data-tiers.html\" target=\"_blank\"\u003efrozen tier\u003c/a\u003e for cost effective and secure long-term storage enables better root cause analysis and audit trails based on historical data. These advantages, unique to Elastic, are now extended to storing and analyzing OpenTelemetry logs, and troubleshooting CI/CD pipeline anomalies and serverless applications. \u003c/p\u003e\u003ch2\u003eTry it out\u003c/h2\u003e\n\u003cp\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003ca href=\"https://cloud.elastic.co/\"\u003eElastic Cloud console\u003c/a\u003e. If you’re new to Elastic Cloud, take a look at our \u003ca href=\"https://www.elastic.co/training/free#quick-starts\"\u003eQuick Start guides\u003c/a\u003e (bite-sized training videos to get you started quickly) or our \u003ca href=\"https://www.elastic.co/training/free#fundamentals\"\u003efree fundamentals training courses\u003c/a\u003e. You can always get started for free with a \u003ca href=\"http://cloud.elastic.co/registration\"\u003efree 14-day trial of Elastic Cloud\u003c/a\u003e. Or \u003ca href=\"https://www.elastic.co/downloads/\"\u003edownload\u003c/a\u003e the self-managed version of the Elastic Stack for free.\u003c/p\u003e\n\u003cp\u003eRead about these capabilities and more in the \u003ca href=\"https://www.elastic.co/guide/en/observability/8.1/whats-new.html\"\u003eElastic Observability 8.1\u003c/a\u003e release notes, and other Elastic Stack highlights in the \u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-1-0\"\u003eElastic 8.1\u003c/a\u003e announcement post.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all. \u003c/em\u003e\u003c/p\u003e\u003cbr\u003e"}],"_metadata":{"uid":"cs0a852d8d5e0150a6"}}}],"publish_date":"2022-03-08T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Observability 8.1: Visibility into AWS Lambda, CI/CD pipelines, and more","seo_description_l10n":"With Elastic Observability 8.1, development teams can now get enhanced visibility into AWS Lambda and CI/CD build pipelines, and leverage open standards based instrumentation for unified data ingest and analysis across a wide variety of data types.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"title":"DevOps","label_l10n":"DevOps","keyword":"devops","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd2296d539450bf20","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:41.888Z","updated_at":"2021-12-16T22:34:41.888Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.169Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4f7e02463a803fc1","ACL":{},"created_at":"2023-11-06T20:35:19.646Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-native","label_l10n":"Cloud native","tags":[],"title":"Cloud native","updated_at":"2023-11-06T20:35:19.646Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:35:54.838Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Python","label_l10n":"Python","keyword":"python","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6293a0df96e13ba7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:49:39.583Z","updated_at":"2023-11-06T20:49:39.583Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.836Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"OpenTelemetry","label_l10n":"Open source/standards","keyword":"opentelemetry","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt069bd34528952802","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:44:13.512Z","updated_at":"2023-11-06T20:44:13.512Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.903Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt44910d88c864d1cb","ACL":{},"content_type":"image/png","created_at":"2021-01-12T16:51:33.775Z","created_by":"bltf6ab93733e4e3a73","file_size":"5838","filename":"blog-thumb-observability-pattern-color.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-observability-pattern-color.png","updated_at":"2022-02-11T21:04:12.027Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:03.790Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt44910d88c864d1cb/5ffdd3955b28c33f6281ce94/blog-thumb-observability-pattern-color.png"},"title":"Elastic Observability 8.1: Visibility into AWS Lambda, CI/CD pipelines, and more","title_l10n":"Elastic Observability 8.1: Visibility into AWS Lambda, CI/CD pipelines, and more","updated_at":"2025-03-06T12:45:14.228Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/whats-new-elastic-observability-8-1-0","publish_details":{"time":"2025-03-06T12:45:17.764Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5f32c1b70555bc8c","_version":26,"locale":"en-us","ACL":{},"abstract_l10n":"In 8.2, Elastic has newly introduced support for the Elasticsearch query syntax for all Enterprise Search engines which allows you to take it to the next level when your search experience needs extra configurability.","author":["blt5fd2526d9811bef1"],"category":["blte5cc8450a098ce5e"],"created_at":"2022-04-14T19:04:09.519Z","created_by":"blt1e57c6588ae1816e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3094ce79b097476b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eElastic 8.2 introduces a new search API for App Search. The Elasticsearch Search API, now in beta, brings more of the flexibility and power of Elasticsearch to App Search. Elastic 8.2 also introduces a Search Explain API for App Search, which exposes the Elasticsearch queries generated by App Search. Use these Elasticsearch queries as the basis for your own.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eIn this post, we'll look at the new APIs and explore the following use cases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"#case1\" target=\"_self\"\u003eI want to count how many documents would match my query, without the overhead of the search results payload\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case2\" target=\"_self\"\u003eI want to count how many documents match my query, grouped by a certain field or fields\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case3\" target=\"_self\"\u003eI want to search for documents that are like a specific document in the same index\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case4\" target=\"_self\"\u003eI want to use a custom function to calculate document scores\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case5\" target=\"_self\"\u003eI want to retrieve a subset of documents without applying any scoring or grouping. These features are not useful to me and make the query slower\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case6\" target=\"_self\"\u003eI want to search for an exact match of a word or phrase, not a fuzzy match\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"#case7\" target=\"_self\"\u003eI want to add a runtime field to my documents and return it in my search\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eThe Elasticsearch Search API for App Search\u003c/h2\u003e\u003cp\u003eIn App Search v8.2, we’ve added a new beta API called Elasticsearch Search API. Using this API, you can query the App Search document indices using free-form Elasticsearch queries.\u003c/p\u003e\u003cp\u003ePerhaps you’ve been using App Search for a while, and although it’s powerful out of the box, you’d like to customize your search queries. App Search makes it very easy to get up and running with search. At the same time, it hides details and makes assumptions. The Elasticsearch Search API can fill this gap by providing direct access to query the underlying indices with Elasticsearch.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eThe API is available as:\u003c/p\u003e"}],"_metadata":{"uid":"cs08dbd634c0f829f2"}}},{"code":{"code":"GET /api/as/v0/engines/\u003cengine-name\u003e/elasticsearch/_search\nPOST /api/as/v0/engines/\u003cengine-name\u003e/elasticsearch/_search\n\n","_metadata":{"uid":"cs9fbed01c38309c0a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs78a3633597b5dd65"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe API accepts the following parameters:\u003c/p\u003e"}],"_metadata":{"uid":"cs54be143519e1e5ed"}}},{"code":{"code":"request: JSON object with the following properties:\nrequest.body: JSON. This query will be sent as-is to Elasticsearch.\nrequest.query_params: List of parameters. A parameter is an object with a key and a value.\nanalytics: JSON object with the following properties:\nanalytics.query: String. Query associated with this request.\nanalytics.tags: List of tags to attach to this request.\n","_metadata":{"uid":"cs372f60ef013e1338"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs46d7d6204751bc50"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eConfiguration\u003c/h2\u003e\u003cp\u003eThis API is only available via a \u003ca href=\"https://www.elastic.co/guide/en/app-search/current/authentication.html#authentication-private\" target=\"_self\"\u003eprivate key\u003c/a\u003e. In addition, a feature flag \u003ccode\u003efeature_flag.elasticsearch_search_api\u003c/code\u003e should be set to \u003ccode\u003etrue\u003c/code\u003e in the Enterprise Search \u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/configuration.html#configuration-file\" target=\"_self\"\u003econfiguration file\u003c/a\u003e.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eKeep in mind that with this API, results are formatted differently than \u003ca href=\"https://www.elastic.co/guide/en/app-search/current/search.html\" target=\"_self\"\u003eSearch API\u003c/a\u003e results. Documents are returned from Elasticsearch as-is, without applying any additional formatting. This means you can’t use this API as a drop-in replacement for the Search API.\u003c/p\u003e"}],"_metadata":{"uid":"csf1082f24bfb0437f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa9d21600c303e596"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eUse cases\u003c/h2\u003eWhat kind of problems can you solve with this API? We’ll look at a few, using the National Parks sample engine that comes with App Search.\u003ch3 id=\"case1\"\u003eI want to count how many documents would match my query, without the overhead of the search results payload.\u003c/h3\u003e\u003cp\u003eProvide a body to the API, and set the “size” parameter to 0. Example:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf87a45a36c28601"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\"query\": {\"match_all\": {}}},\n \"query_params\": [\n {\"key\": \"size\", \"value\": \"0\"}\n ]\n }\n}\n","_metadata":{"uid":"csd332537fdbe4d46f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9e992a9f2a08eb52"},"header_style":"H2","paragraph_l10n":"\u003ch3 id=\"case2\"\u003eI want to count how many documents match my query, grouped by a certain field or fields.\u003c/h3\u003e\u003cbr /\u003e\u003cp\u003eProvide a body with \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations.html\" target=\"_self\"\u003eaggregations\u003c/a\u003e (“aggs”) to the API, and set the “size” to 0. Multiple aggs can be specified. In this example, for brevity, I’m not specifying any query, so aggregations will be applied to all documents in the documents index. In reality, you will want to do some kind of searching and filtering:\u003c/p\u003e"}],"_metadata":{"uid":"csced8424f6e4ca541"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"aggs\": {\n \"top_states\": {\n \"terms\": {\n \"field\": \"states.enum\",\n \"size\": 100\n }\n },\n \"world_heritage_site\": {\n \"terms\": {\n \"field\": \"world_heritage_site.enum\",\n \"size\": 10\n }\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"0\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs5429acde44a5d8ab"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs56cc9c8249c23145"},"header_style":"H2","paragraph_l10n":"\u003ch3 id=\"case3\"\u003eI want to search for documents that are like a specific document in the same index.\u003c/h3\u003eUse the Elasticsearch’s \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-mlt-query.html\" target=\"_self\"\u003emore_like_this (MLT)\u003c/a\u003e query. Example\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csadf98edec2b5d416"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"query\": {\n \"more_like_this\": {\n \"fields\": [\n \"title\",\n \"description\"\n ],\n \"like\": [\n {\n \"_id\": \"park_sequoia\"\n }\n ],\n \"min_term_freq\": 1,\n \"max_query_terms\": 12\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs646947b8ae058133"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs06987fcfdea26afd"},"header_style":"H2","paragraph_l10n":"\u003ch3 id=\"case4\"\u003eI want to use a custom function to calculate document scores.\u003c/h3\u003e\u003cbr /\u003e\u003cp\u003eWhy not? With a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-function-score-query.html\" target=\"_self\"\u003ecustom function\u003c/a\u003e, you can calculate document scores as a function of park square footage and number of visitors:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8667aa34b9c24684"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"query\": {\n \"function_score\": {\n \"script_score\": {\n \"script\": {\n \"source\": \"Math.log(doc['acres.float'].value * doc['acres.float'].value)\"\n }\n }\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs959e54fee90364bf"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs308b5ba84e87d23d"},"header_style":"H2","paragraph_l10n":"\u003ch3 id=\"case5\"\u003eI want to retrieve a subset of documents without applying any scoring or grouping. These features are not useful to me and make the query slower.\u003c/h3\u003e\u003cbr /\u003eThis is what filter context in Elasticsearch is for — you can \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-filter-context.html#filter-context\" target=\"_self\"\u003efilter\u003c/a\u003e the documents using a combination of criteria, but they won’t be scored. The following query selects all national parks in California within 300 miles of San Francisco International airport:\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd7be9a42cc239fbf"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"query\": {\n \"bool\": {\n \"filter\": [\n {\n \"geo_distance\": {\n \"distance\": \"300mi\",\n \"location.location\": {\n \"lat\": 37.62126189231072,\n \"lon\": -122.3790626898805\n }\n }\n },\n {\n \"term\": {\n \"states.enum\": \"California\"\n }\n }\n ]\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"csf84118c3ce27bb61"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92001754266eef83"},"header_style":"H2","paragraph_l10n":"\u003ch3 id=\"case6\"\u003eI want to search for an exact match of a word or phrase, not a fuzzy match.\u003c/h3\u003e\u003cp\u003eIn its current version, App Search doesn’t make this easy. This is because after text fields are \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-overview.html#tokenization\" target=\"_self\"\u003etokenized\u003c/a\u003e, the search is not being done on exact terms anymore, but on the resulting tokens. For example, the word “needle-like” will be turned into two tokens: “needle” and “like”. So if you try to use a match query:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6580c3d23e621d42"}}},{"code":{"code":"{\n \"query\": {\n \"match\": {\n \"description\": \"needle-like\"\n }\n }\n}\n","_metadata":{"uid":"cs61d0c90a83ed4716"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc4ba0610064e7a7f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eYou will find documents that match “needle” and / or “like”. In our sample National Parks index, this will return three documents. Here is a workaround using a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html\"\u003eruntime field\u003c/a\u003e:\u003c/p\u003e"}],"_metadata":{"uid":"cs4a3a2b5079ce54f6"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"query\": {\n \"bool\": {\n \"filter\": {\n \"term\": {\n \"has_exact_word\": true\n }\n }\n }\n },\n \"runtime_mappings\": {\n \"has_exact_word\": {\n \"type\": \"boolean\",\n \"script\": {\n \"source\": \"emit(doc['description.enum'].value.contains('needle-like'))\"\n }\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs3a9bf57eddc6e3a8"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs73dd749517d10108"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe query above will return only one document, that in fact contains the exact word “needle-like”.\u003c/p\u003e\u003cp\u003eHere is another workaround using a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-script-query.html\"\u003escript query\u003c/a\u003e:\u003c/p\u003e"}],"_metadata":{"uid":"cs6824a1077a5b86c9"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"query\": {\n \"bool\": {\n \"filter\": {\n \"script\": {\n \"script\": \"doc['description.enum'].value.contains('needle-like')\"\n }\n }\n }\n }\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs5fd294cc979ab1f1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse3adefb5c42ba578"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThese workarounds might temporarily solve a legitimate business problem, but performance would be severely degraded. The script query would have to scan every document in the index and, for an index of any significance, this quickly becomes unsustainable. The best way to solve this problem would be to apply a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-custom-analyzer.html\" target=\"_self\"\u003ecustom analyzer\u003c/a\u003e to your documents index. This ensures that text is tokenized in a way that makes sense for your set of documents.\u003c/p\u003e\u003ch3 id=\"case7\"\u003eI want to add a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html\" target=\"_self\"\u003eruntime field\u003c/a\u003e to my documents and return it in my search.\u003c/h3\u003e\u003cbr /\u003e\u003cp\u003eLet’s add distance to SFO (in miles) to all documents in the National Parks index. The following query adds a runtime field, and includes it in “fields” to ensure it’s being returned in the response:\u003c/p\u003e"}],"_metadata":{"uid":"cse27e670bb9e736cc"}}},{"code":{"code":"{\n \"request\": {\n \"body\": {\n \"runtime_mappings\": {\n \"miles_to_sfo\": {\n \"type\": \"double\",\n \"script\": {\n \"source\": \"emit(0.00062137 * doc['location.location'].planeDistance(37.62126189231072, -122.3790626898805))\"\n }\n }\n },\n \"fields\": [\n \"miles_to_sfo\"\n ]\n },\n \"query_params\": [\n {\n \"key\": \"size\",\n \"value\": \"100\"\n }\n ]\n }\n}\n","_metadata":{"uid":"cs3d1a2467213cc16c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6573a7274494953b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eKeep in mind that, because runtime fields are evaluated at query time, they will naturally be less performant than indexed fields. One thing you can do to improve query performance is ensure you’re only retrieving a subset of documents you actually need, by applying filters on other indexed fields. This means the runtime field doesn’t have to be evaluated for the whole dataset. If this is a query you will be making regularly, and especially if the index contains a lot of documents, you should consider \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime-indexed.html\"\u003epromoting this field\u003c/a\u003e to an indexed field.\u003c/p\u003e\u003ch2\u003eThe Search Explain API for App Search\u003c/h2\u003e\u003cbr/\u003e\u003cp\u003eThe new Search Explain API is another useful tool that will help you write your Elasticsearch queries.\u003c/p\u003eThe Search Explain API accepts the same parameters as the App Search \u003ca href=\"https://www.elastic.co/guide/en/app-search/current/search.html\"\u003eSearch API\u003c/a\u003e. However, instead of running a search and returning results, it builds and returns an Elasticsearch query that App Search would run.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe API is available as:\u003c/p\u003e"}],"_metadata":{"uid":"cs065814c4f677aa1f"}}},{"code":{"code":"GET /api/as/v0/engines/\u003cengine-name\u003e/search_explain\nPOST /api/as/v0/engines/\u003cengine-name\u003e/search_explain\n","_metadata":{"uid":"cs9902f2a76fcb7325"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs893b7e896f2c3ee0"},"header_style":"H2","paragraph_l10n":"You can see what happens when you search for “everglade” in App Search:"}],"_metadata":{"uid":"csee93aea2510bd221"}}},{"code":{"code":"curl -XPOST 'http://localhost:3002/api/as/v0/engines/national-parks-demo/search_explain' \\\n--header 'Content-Type: application/json' \\\n--header 'Authorization: Bearer private-abcdef' \\\n--data-raw '{\n \"query\": \"everglade\"\n}'\n","_metadata":{"uid":"cse22dded28cd62d68"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa9b660626f186cd3"},"header_style":"H2","paragraph_l10n":"Response:"}],"_metadata":{"uid":"cs8120be8003bb91dd"}}},{"code":{"code":"{\n \"meta\": {\n \"alerts\": [],\n \"warnings\": [],\n \"precision\": 2,\n \"engine\": {\n \"name\": \"national-parks-demo\",\n \"type\": \"default\"\n },\n \"request_id\": \"d3346586-46b0-419f-91a2-e051253ab455\"\n },\n \"query_string\": \"GET enterprise-search-engine-national-parks-demo/_search\",\n \"query_body\": {\n \"query\": {\n \"bool\": {\n \"must\": {\n \"function_score\": {\n \"boost_mode\": \"sum\",\n \"score_mode\": \"sum\",\n \"query\": {\n \"bool\": {\n \"must\": [\n {\n \"bool\": {\n \"should\": [\n {\n \"multi_match\": {\n \"query\": \"everglade\",\n \"minimum_should_match\": \"1\u003c-1 3\u003c49%\",\n \"type\": \"cross_fields\",\n \"fields\": [\n \"world_heritage_site^1.0\",\n \"world_heritage_site.stem^0.95\",\n \"world_heritage_site.prefix^0.1\",\n \"world_heritage_site.joined^0.75\",\n \"world_heritage_site.delimiter^0.4\",\n \"description^2.4\",\n \"description.stem^2.28\",\n \"description.prefix^0.24\",\n \"description.joined^1.8\",\n \"description.delimiter^0.96\",\n \"title^5.0\",\n \"title.stem^4.75\",\n \"title.prefix^0.5\",\n \"title.joined^3.75\",\n \"title.delimiter^2.0\",\n \"nps_link^0.7\",\n \"nps_link.stem^0.665\",\n \"nps_link.prefix^0.07\",\n \"nps_link.joined^0.525\",\n \"nps_link.delimiter^0.28\",\n \"states^2.8\",\n \"states.stem^2.66\",\n \"states.prefix^0.28\",\n \"states.joined^2.1\",\n \"states.delimiter^1.12\",\n \"id^1.0\"\n ]\n }\n },\n {\n \"multi_match\": {\n \"query\": \"everglade\",\n \"minimum_should_match\": \"1\u003c-1 3\u003c49%\",\n \"type\": \"best_fields\",\n \"fuzziness\": \"AUTO\",\n \"prefix_length\": 2,\n \"fields\": [\n \"world_heritage_site.stem^0.1\",\n \"description.stem^0.24\",\n \"title.stem^0.5\",\n \"nps_link.stem^0.07\",\n \"states.stem^0.28\"\n ]\n }\n }\n ]\n }\n }\n ]\n }\n },\n \"functions\": [\n {\n \"script_score\": {\n \"script\": {\n \"source\": \"Math.max(_score + ((1.5 * (doc.containsKey(\\\"visitors.float\\\") \u0026\u0026 !doc[\\\"visitors.float\\\"].empty ? doc[\\\"visitors.float\\\"].value : 0))) - _score, 0)\"\n }\n }\n }\n ]\n }\n }\n }\n },\n \"sort\": [\n {\n \"_score\": \"desc\"\n },\n {\n \"_doc\": \"desc\"\n }\n ],\n \"highlight\": {\n \"fragment_size\": 300,\n \"type\": \"plain\",\n \"number_of_fragments\": 1,\n \"order\": \"score\",\n \"encoder\": \"html\",\n \"require_field_match\": false,\n \"fields\": {}\n },\n \"size\": 10,\n \"from\": 0,\n \"timeout\": \"30000ms\",\n \"_source\": [\n \"visitors\",\n \"square_km\",\n \"world_heritage_site\",\n \"date_established\",\n \"description\",\n \"location\",\n \"id\",\n \"acres\",\n \"title\",\n \"nps_link\",\n \"states\"\n ]\n }\n}\n","_metadata":{"uid":"cse5020c5848b41daa"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse075ff076c24ffa9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhoa. A lot seems to be happening there. App Search is:\u003cbr/\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003ecombining 2 different multi-match queries, one type of best_fields and another of type cross_fields\u003c/li\u003e\u003cli\u003ecalculating a script score, multiplying the document score returned by Elasticsearch by an additional factor of visitors\u003c/li\u003e\u003cli\u003eapplying field weights and boosts\u003c/li\u003e\u003cli\u003eadding highlighting\u003c/li\u003e\u003cli\u003esumming up the resulting document scores\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis query could be used as a starting point, and modified as needed to achieve your search objectives.\u003c/p\u003e\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eIn this blog post, we gave you some tips for using the new Elasticsearch Search API in App Search. We provided several use cases, based on App Search feature requests we have received over time. We also let you take a peek into the inner workings of App Search, with the new Search Explain API.\u003c/p\u003eWe hope that this new API will empower you to build that perfect search experience you’ve always been looking for. Try it out with a free trial on \u003ca href=\"https://cloud.elastic.co/registration\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e. We’d love to hear what you build with it, and if you have any feedback, don’t hesitate to \u003ca href=\"https://www.elastic.co/contact\" target=\"_self\"\u003elet us know\u003c/a\u003e."}],"_metadata":{"uid":"cs8735b8afcdd57378"}}}],"publish_date":"2022-05-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch Search API: A new way to locate App Search documents","seo_description_l10n":"In 8.2, Elastic has newly introduced support for the Elasticsearch query syntax for all Enterprise Search engines allow which you to take it to the next level when your search experience needs extra configurability.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1e6d5146b2e18cf1","created_by":"blt3c43ba848c427672","updated_by":"blt3c43ba848c427672","created_at":"2022-02-07T15:00:01.871Z","updated_at":"2022-02-07T15:00:01.871Z","content_type":"image/png","file_size":"43652","filename":"thumb-sea-of-documents.png","title":"thumb-sea-of-documents.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-02-07T15:01:40.509Z","user":"blt3c43ba848c427672"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1e6d5146b2e18cf1/620133f1d96fa00bff5eeb0c/thumb-sea-of-documents.png"},"title":"Elasticsearch Search API: A new way to locate App Search documents","title_l10n":"Elasticsearch Search API: A new way to locate App Search documents","updated_at":"2025-03-06T12:31:50.150Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elasticsearch-search-api-a-new-way-to-locate-app-search-documents","publish_details":{"time":"2025-03-06T12:31:54.630Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb8d7df8022aa9c7b","_version":15,"locale":"en-us","ACL":{},"abstract_l10n":"In the latest version of Search UI, version 1.10, we introduced a slew of new functionality, including being extended Elasticsearch features as well as Typescript support. Follow along with code samples to get started today.","author":["blt1485ed52f0118421"],"category":["bltb79594af7c5b4199"],"created_at":"2022-04-14T23:06:20.934Z","created_by":"blt1e57c6588ae1816e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0112c5b6de4beead"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWe just published Search UI version \u003ca href=\"https://github.com/elastic/search-ui/releases/tag/v1.10.0\" target=\"_self\"\u003e1.10\u003c/a\u003e, and we're excited to share it with you.\u003c/p\u003e\u003cp\u003eSearch UI 1.10 adds two important features that make building search even easier:\u003c/p\u003e\u003col\u003e\u003cli\u003eFirst-class support for Elasticsearch\u003c/li\u003e\u003cli\u003eTypescript support\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eRead on to learn more.\u003c/p\u003e\u003ch2\u003eWhat is Search UI again?\u003c/h2\u003e\u003cp\u003eThere are two essential parts of building a search experience; managing your data (indexing, relevance tuning, analytics) and creating an interface so that users can search your data. Elastic's \u003ca href=\"https://github.com/elastic/search-ui\" target=\"_self\"\u003eSearch UI\u003c/a\u003e is a purpose-built library that helps you build user-facing search experiences.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eSearch UI is not a new project. In fact, we introduced our \u003ca href=\"https://www.elastic.co/blog/search-ui-1-0-0-released\" target=\"_self\"\u003e1.0\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/blog/search-ui-1-2-0-released\" target=\"_self\"\u003e1.2\u003c/a\u003e releases \u003ca href=\"https://www.elastic.co/blog/search-ui-1-0-0-released\" target=\"_self\"\u003eback in 2019\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOne fact that remains as true today as it was in 2019 – Search UI is by far the \u003ca href=\"https://codeburst.io/how-to-build-great-react-search-experiences-quickly-8c69081f328d\" target=\"_self\"\u003efastest way to build a Search Experience with Elastic\u003c/a\u003e, and we’re re-investing in it this year. We want to enhance the developer experience and expand the breadth of use cases we're able to help with. To that end, we're kicking it off with a 1.10 release that’s chock full of useful features. For future reference, bookmark the \u003ca href=\"https://docs.elastic.co/search-ui/tutorials/elasticsearch\" target=\"_self\"\u003eSearch UI tutorial\u003c/a\u003e in our documentation for additional detail.\u003c/p\u003e\u003ch2\u003eSearch UI now has first-class support for Elasticsearch\u003c/h2\u003e\u003cbr /\u003e\u003cp\u003eWhen we built Search UI, we saw a tremendous opportunity to pair it with Elastic's \u003ca href=\"https://www.elastic.co/app-search/service\" target=\"_self\"\u003eApp Search\u003c/a\u003e, which gives you a highly streamlined toolkit for building end-to-end search.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThe reality is that our customers have varying needs with different grades of complexity. Some development teams use App Search for search applications. Some also use \u003ca href=\"https://www.elastic.co/workplace-search/\" target=\"_self\"\u003eWorkplace Search\u003c/a\u003e for internal enterprise search, and \u003ca href=\"https://www.elastic.co/elasticsearch/\" target=\"_self\"\u003eElasticsearch\u003c/a\u003e for its performance and complete customizability.\u003c/p\u003e\u003cp\u003eThe particular search solution you're using is just an implementation detail as far as search experience is concerned. We like to think of Elastic as a single search solution, and we want the same to be true of Search UI. It shouldn't dictate the experience that you deliver to end-users.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eTo that end, Search UI includes the concept of connectors.\u003c/p\u003e\u003ch2\u003eConnectors let Search UI connect to different backends\u003c/h2\u003e\u003cp\u003eConnectors are pluggable components that connect your search experience to various backends. They tell Search UI how to query your data. So regardless of your backend, you can build your search experience with Search UI and just pop in the appropriate connector.\u003c/p\u003e"}],"_metadata":{"uid":"cs561b37f248ff4c88"}}},{"image":{"image":{"uid":"blt03060ce345e03be0","created_by":"blt1e57c6588ae1816e","updated_by":"blt1e57c6588ae1816e","created_at":"2022-04-14T23:10:49.553Z","updated_at":"2022-04-14T23:10:49.553Z","content_type":"image/png","file_size":"150835","filename":"search-ui-110.png","title":"search-ui-110.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-03T18:08:24.943Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt03060ce345e03be0/6258a9f9899dad4bfa8b232f/search-ui-110.png"},"_metadata":{"uid":"cs36467c476c82d979"},"caption_l10n":"**You can create a custom connector to connect to ANY API. We'll cover this below.","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csffa02350a9a2b46f"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eExample of the Elasticsearch connector in action\u003c/h2\u003e\u003cp\u003e\u003cbr/\u003eHere's an example of a simple search experience built with Search UI that shows a search box and results. It uses an AppSearchAPIConnector to query App Search for search results:\u003c/p\u003e"}],"_metadata":{"uid":"cs220fecf41b7f345c"}}},{"code":{"code":"\nimport AppSearchAPIConnector from \"@elastic/search-ui-app-search-connector\";\nimport { SearchProvider, Results, SearchBox } from \"@elastic/react-search-ui\";\n\nconst connector = new AppSearchAPIConnector({\n searchKey: \"search-371auk61r2bwqtdzocdgutmg\",\n engineName: \"search-ui-examples\",\n endpointBase: \"http://127.0.0.1:3002\"\n});\n\nexport default function App() {\n return (\n \u003cSearchProvider\n config={{\n apiConnector: connector\n }}\n \u003e\n \u003cdiv className=\"App\"\u003e\n \u003cSearchBox /\u003e\n \u003cResults /\u003e\n \u003c/SearchProvider\u003e\n );\n}\n\n","_metadata":{"uid":"csb48dd7618f28c9ea"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdbb17c357eb82942"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eUsing Elasticsearch? No problem, simply change your connector:\u003c/p\u003e"}],"_metadata":{"uid":"cs56dde908736b6756"}}},{"code":{"code":"import ElasticsearchAPIConnector from \"@elastic/search-ui-elasticsearch-connector\";\nimport { SearchProvider, Results, SearchBox } from \"@elastic/react-search-ui\";\n\nconst connector = new ElasticsearchAPIConnector({\n host: \"http://localhost:9200\",\n index: \"search-ui-examples\",\n apiKey: \"apiKeyExample\"\n});\n\nexport default function App() {\n return (\n \u003cSearchProvider\n config={{\n apiConnector: connector\n }}\n \u003e\n \u003cdiv className=\"App\"\u003e\n \u003cSearchBox /\u003e\n \u003cResults /\u003e\n \u003c/SearchProvider\u003e\n );\n}\n\n","_metadata":{"uid":"csb2ae63878fde0ffa"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs62701509f1142387"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe way you build your Search Experience doesn't need to change. Build your search experience and then configure a connector to tell it where to get your data.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eEasy, right?\u003c/p\u003e\u003ch2\u003eMoving to production\u003c/h2\u003e\u003cp\u003e\u003cbr/\u003eWhat's the catch?\u003c/p\u003e\u003cp\u003eNo catch, really! But there are a couple of considerations you might want to make.\u003c/p\u003e\u003cp\u003eFirstly, this connector code above makes calls directly to Elasticsearch's search endpoint from the browser.\u003c/p\u003e\u003cp\u003eThis is great because it can get you up and running quickly since it doesn't require you to set up any kind of server application. It's just your front-end code making calls directly to an Elasticsearch server that only takes a moment to set up on Elastic Cloud.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eFor many use cases like internal or non-public applications, this is sufficient. However, there are some precautions that Elastic recommends you consider before taking this setup public. They're outlined \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/es-security-principles.html#security-protect-cluster-traffic\" target=\"_self\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor public-facing search use cases, you generally want an application layer to obscure your /_search endpoint so you can restrict queries to Elasticsearch.\u0026nbsp;\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eThankfully, this connector can also run on the server with node.js, so you can easily use it as a base for an application layer.\u003c/p\u003e\u003ch2\u003eRun it on the server\u003c/h2\u003e"}],"_metadata":{"uid":"csaf1f972ce685f398"}}},{"image":{"image":{"uid":"bltec1c444da0b800f9","created_by":"blt1e57c6588ae1816e","updated_by":"blt1e57c6588ae1816e","created_at":"2022-04-14T23:13:40.573Z","updated_at":"2022-04-14T23:13:40.573Z","content_type":"image/png","file_size":"131079","filename":"search-ui-110-2.png","title":"search-ui-110-2.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-03T18:08:24.948Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec1c444da0b800f9/6258aaa43531aa4a9d8316e2/search-ui-110-2.png"},"_metadata":{"uid":"cs390766085ccd0b1a"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8e9a312e9e718de7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eA \"connector\" in Search UI is just a pure function that accepts the search state (i.e., user input, selected filters, the current page number) and converts that state into an Elasticsearch query.\u003cbr/\u003e\u003c/p\u003e\u003cp\u003eThe Elasticsearch connector is JavaScript. As described above, JavaScript can run in a browser, but it can also run on a server.\u0026nbsp;\u003cbr/\u003e\u003cbr/\u003eThis means that you can create a simple REST API that accepts search state as a parameter and uses this library to convert that search state to Elasticsearch queries on the server.\u003c/p\u003e\u003ch3\u003eServer Code, using Express\u003c/h3\u003e\u003cp\u003eYou could, for example, create a small \u003ca href=\"https://expressjs.com/\" target=\"_self\"\u003eExpress\u003c/a\u003e application that exposes the connector's operations as a REST API.\u003c/p\u003e"}],"_metadata":{"uid":"cs3bb4960595fa27d7"}}},{"code":{"code":"var express = require(\"express\");\nvar APIConnector =\n require(\"@elastic/search-ui-elasticsearch-connector\").default;\nrequire(\"cross-fetch/polyfill\");\nvar app = express();\napp.use(express.json());\napp.use(express.urlencoded({ extended: false }));\nconst connector = new APIConnector(\n {\n host: \"http://localhost:9200\", // host url for the elasticsearch instance\n index: \"search-ui-examples\", // index name where the search documents are contained\n apiKey: \"apiKeyExample\" // Optional. apiKey used to authorize a connection to Elasticsearch instance.\n }\n);\napp.post(\"/search\", async (req, res) =\u003e {\n const { query, options } = req.body;\n const response = await connector.onSearch(query, options);\n res.json(response);\n});\napp.post(\"/autocomplete\", async (req, res) =\u003e {\n const { query, options } = req.body;\n const response = await connector.onAutocomplete(query, options);\n res.json(response);\n});\nvar listener = app.listen(8080, function () {\n console.log(\"Listening on port \" + listener.address().port);\n});\n","_metadata":{"uid":"cs3f7bf5294d4d5a22"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse1c1cd57ea8bcb38"},"header_style":"H2","paragraph_l10n":"\u003ch3\u003eClient Code - using Search UI\u003c/h3\u003eOnce you've exposed your connector on the server with our new REST API, you'll need to consume it in Search UI.\u003cbr/\u003e\u003cp\u003eFor this, you need to use custom connectors. A custom connector lets you implement a connector interface so that you can connect Search UI to any search API.\u003c/p\u003e\u003cp\u003eWe'll modify our previous example and a custom connector to connect to our new REST API.\u003c/p\u003e"}],"_metadata":{"uid":"cse3d760b40755a3da"}}},{"code":{"code":"\nimport { SearchProvider, Results, SearchBox } from \"@elastic/react-search-ui\";\n\nclass CustomConnector {\n constructor(host) {\n this.host = host;\n }\n\n async onSearch(query, options) {\n const response = await fetch(this.host + \"/search\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\"\n },\n body: JSON.stringify({\n query,\n options\n })\n });\n return response.json();\n }\n\n async onAutocomplete(query, options) {\n const response = await fetch(this.host + \"/autocomplete\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\"\n },\n body: JSON.stringify({\n query,\n options\n })\n });\n return response.json();\n }\n}\n\nconst connector = new CustomConnector(\"https://my-api-host/\");\n\nexport default function App() {\n return (\n \u003cSearchProvider\n config={{\n apiConnector: connector\n }}\n \u003e\n \u003cdiv className=\"App\"\u003e\n \u003cSearchBox /\u003e\n \u003cResults /\u003e\n \u003c/SearchProvider\u003e\n );\n}\n\n","_metadata":{"uid":"cs933515068a8629a9"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4a6797dde8be754a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThat's it!. You should see the `CustomConnector` executing requests to the server, providing the search state and configuration in the body. The node.js server will use the Elasticsearch connector to perform a search in Elasticsearch and return results to the client.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eSince you now perform the queries server-side, you've added an additional layer of security and alleviated some of the concerns associated with calling Elasticsearch directly from a browser.\u003c/p\u003e\u003ch2\u003eShare your feedback with us for the Elasticsearch connector Technical Preview\u003c/h2\u003e\u003cp\u003eWhile the Elasticsearch connector is now \u003ca href=\"https://www.npmjs.com/package/@elastic/search-ui-elasticsearch-connector\" target=\"_self\"\u003epublished\u003c/a\u003e and available for use, it is still in Technical Preview. As a result, you'll find a few features that are still unimplemented, and you may even find a bug or two. Rest assured, we’ll continue to improve on it as it reaches maturity.\u003c/p\u003e\u003cp\u003ePlease help us by directing your feedback, questions, or bug reports \u003ca href=\"https://github.com/elastic/search-ui/issues/704\" target=\"_self\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003eTypescript support and other quality of life improvements\u003c/h2\u003e\u003cp\u003eLast but not least, this is 2022, not 2019 anymore; Typescript is a modern, scalable way to build frontend applications. To that end, we've converted this project from a JavaScript framework to Typescript with Typescript definitions.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eBetter late than never, right?\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://codesandbox.io/s/search-ui-national-parks-example-ts-k6u5iz?file=/src/App.tsx\" target=\"_self\"\u003eGive it a try in our CodeSandbox\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eDeveloper productivity is important to us. We'll continue to release bug fixes and introduce other quality of life features in the future. Stay tuned for more!\u003c/p\u003e"}],"_metadata":{"uid":"cs71aa10e73ddbff29"}}}],"publish_date":"2022-05-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Search UI 1.10 makes building search experiences for Elasticsearch even easier","seo_description_l10n":"In the latest version of Search UI, version 1.10, we introduced a slew of new functionality, including being extended Elasticsearch features as well as Typescript support. Follow along with code samples to get started today.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Search UI","label_l10n":"Search UI","keyword":"search-ui","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltaea23ea6eafbd6eb","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:31:21.217Z","updated_at":"2023-11-06T21:31:21.217Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.855Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt3284cac2b1db6082","ACL":{},"content_type":"image/png","created_at":"2022-04-01T16:42:56.015Z","created_by":"blt3044324473ef223b70bc674c","file_size":"66788","filename":"illustration-search-results-1-608x420.png","parent_uid":null,"tags":[],"title":"illustration-search-results-1-608x420.png","updated_at":"2022-04-01T16:42:56.015Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-04-01T17:50:02.942Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3284cac2b1db6082/62472b9080fcca09d1b99b96/illustration-search-results-1-608x420.png"},"title":"Search UI 1.10 makes building search experiences for Elasticsearch even easier","title_l10n":"Search UI 1.10 makes building search experiences for Elasticsearch even easier","updated_at":"2025-03-06T12:28:35.074Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/search-ui-1-1-0-makes-building-search-experiences-for-elasticsearch-even-easier","publish_details":{"time":"2025-03-06T12:28:39.216Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt4f85135f988e8cc1","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"A recent Forbes article showed that 98% of workers want to work remotely at least some of the time, but only 16% of companies operate remotely. Elastic has always operated distributedly — we are distributed by design.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2023-08-22T23:14:42.968Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs751998b62c17159e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA recent \u003c/span\u003e\u003ca href=\"https://www.forbes.com/advisor/business/remote-work-statistics/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eForbes article\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e showed that 98% of workers want to work remotely at least some of the time, but only 16% of companies operate remotely.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eElastic® has always operated distributedly — we are \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-elastic-distributed-by-design\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edistributed by design\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. But, with Elasticians in more than 40 countries around the world it can prove challenging to create an environment where teams can thrive.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eWe asked three team leaders to share their best tips for successfully leading distributed teams.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eEncourage growth\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs a manager, you’re at least partially responsible for your team members \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-the-elastic-guide-to-finding-a-company-you-can-grow-with\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecareer progression\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. But ultimately, each Elasitican needs to drive their own career development with their managers there to support and guide them, Diana Jourdan, Senior Manager Software Engineering, says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eStacey King Poling, Director, Software Engineering, asks every one in her organization what their career goals are.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“It’s extremely important if you want to be a successful leader that you support, mentor, and groom successors within your space and to work very hard to promote within,” she says.\u003cbr /\u003e\u003cbr /\u003eBut, it’s also important for team members to take the lead and drive their own growth.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“Be proactive and take responsibility when new opportunities arise,” Diana says. “Share your goals and interests early on with your manager and ask questions.”\u003cbr /\u003e\u003cbr /\u003eGet out of your comfort zone, build a network of people with the same interests and goals, and seek out mentorship, Diana says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“Elastic has a program called peer to peer, where anyone in the company can join and be paired with folks from different organizations with either technical or soft skills they would like to learn from. You could join this program as a mentor or a mentee and it is a great opportunity to get career advice, brainstorm, or just extend the professional network.”\u003cbr /\u003e\u003cbr /\u003eAnd Madhura, Director of Engineering, agrees. She believes every individual is responsible for their own career path.\u003cbr /\u003e\u003cbr /\u003e“It is very important to have regular career conversations with your manager, as well as your team members,” she says. “The action after those conversations is different depending on your role. Set clear and simple goals for yourself, discuss and update them after your conversations with your manager.”\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d85cd3d4aaba99a"}}},{"video":{"vidyard_uuid":"M31yAC9Tmo5VJXrSfBcdSf?","_metadata":{"uid":"cs9310e3eb90d2341f"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf7b4e386c193dd73"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eCelebrate differences\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEspecially when a team is spread across time zones, cultures, and countries, celebrating their differences but also their similarities can help bring a team closer together.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eAs a leader, you have to speak your team’s language, Stacey says.\u003cbr /\u003e\u003cbr /\u003e“Try to find answers to questions like the following: What language does your team speak collectively? What is the preferred communication method for every member of your team? What is your own preferred method of communication? How can you find the best possible middle ground?,” she says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eMadhura Chopda, Director of Engineering, believes that everyone should come as they are.\u003cbr /\u003e\u003cbr /\u003e“I genuinely believe that one can bring the most value if they come in as they are, with an open mind to adapt to various situations. There is no one solution that fits all,” she says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eStacey agrees, saying, “I try to look at the best in people and believe that if I have an open, transparent, continuous dialogue with my team members, they will genuinely support us.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eBe open\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic has teams spread over different time zones, so communication, whether synchronous or asynchronous is key.\u003cbr /\u003e\u003cbr /\u003eDiana’s team is split over 3 time zones, with the majority of team members in EMEA.\u003cbr /\u003e\u003cbr /\u003e“We value working out in the open and keeping the team Slack channel active,” she says. “Discussions happen in documents, Github, and emails.”\u003cbr /\u003e\u003cbr /\u003eAnd collaboration and brainstorming can come from asynchronous communication, says Madhura.\u003cbr /\u003e\u003cbr /\u003e“I have seen discussions and brainstorming be successful when they are run through shared docs. As a leader, I can moderate the discussion by asking questions that motivate preparation and research to be done before answering them,” she says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eBut, teams or individuals are encouraged to get on a call when a discussion gets too long or there may be a misunderstanding.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“One of the Elastic values is to assume no malice and try to understand what the others’ perspective is,” Diana says.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003eA distributed environment doesn’t mean it’s all work and no play. For non-work related stuff, Diana’s team has a shenanigans Slack channel and a weekly slot in everyone's calendar for people to share about their families, hobbies, or the latest article or joke they read, she says.\u003cbr /\u003e\u003cbr /\u003eBut in the end, it’s all about being understanding, especially when you’re not face to face.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e“One thing that has worked with me is always trying to lead with empathy, even at times when emotions run high,” Madhura says.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eLooking to join a company that’s distributed by design? \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-lead-distributed-team\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBrowse open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs49e8618d5dad61c4"}}}],"publish_date":"2023-08-23","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt0414045bd4e12b0e","_content_type_uid":"tags_culture"},{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"},{"uid":"bltc1899ef5008b2218","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt7759d55af6e70783","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2023-08-22T23:08:00.012Z","updated_at":"2023-08-22T23:08:00.012Z","content_type":"image/jpeg","file_size":"168396","filename":"128099_-_How_to_lead_a_distributed_team_Blog_Banner-01_V1.jpg","title":"128099_-_How_to_lead_a_distributed_team_Blog_Banner-01_V1.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T15:47:35.544Z","user":"blte369ea3bcd6ac892"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7759d55af6e70783/64e53fd07b6375b01c417442/128099_-_How_to_lead_a_distributed_team_Blog_Banner-01_V1.jpg"},"title":"How to successfully lead a team in a distributed workplace","title_l10n":"How to successfully lead a team in a distributed workplace","updated_at":"2025-03-06T12:26:33.718Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/culture-lead-distributed-team","publish_details":{"time":"2025-03-06T12:26:37.879Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte60f486821bf2935","_version":20,"locale":"en-us","ACL":{},"abstract_l10n":"Byte Buddy makes it easy to write Java agents without bytecode know-how. But class loaders and other complexities can still ruin your day. Here's a novel invokedynamic-based architecture that simplifies agent development.","author":["blt124a19c640fd9c5e","blt85c73920ec923a06"],"category":[],"created_at":"2021-11-15T14:59:04.564Z","created_by":"blt1e57c6588ae1816e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf19e9e48345e314f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eOne of the nicest things about Byte Buddy is that it allows you to write a Java agent without manually having to deal with byte code. To instrument a method, agent authors can simply write the code they want to inject in pure Java. This makes writing Java agents much more accessible and avoids complicated on-boarding requirements.\u003c/p\u003e\n\u003cp\u003eAfter the first successful experiments, agent authors often get hit by a wall of complexity that the JVM throws at them: class loaders (OSGi, oh my!), class visibility, dependence on internal APIs, class path scanners, and version conflicts to name a few. \u003c/p\u003e\n\u003cp\u003eIn this article, we'll look at a relatively novel approach to break through this wall of complexity. The architecture, which is based on the invokedynamic bytecode instruction, a bytecode that is best known for leveraging Java’s lambda expressions, allows for a simple mental model when writing instrumentations. As a bonus, this also enables updating to a newer version of the agent at runtime, without having to restart the instrumented application.\u0026nbsp;The Elastic APM Java agent started the \u003ca href=\"https://github.com/elastic/apm-agent-java/issues/1337\"\u003emigration to this invokedynamic-based architecture\u003c/a\u003e over a year ago and recently completed the migration.\u003c/p\u003e\u003ch2\u003eIssues with traditional advice dispatching approaches\u003c/h2\u003e\n\u003cp\u003eLet's consider a simple example of an agent that wants to measure the response time of Java servlets. In so-called advice methods, one can define code that should run before or after the actual method. It's also possible to get access to the arguments of the instrumented method.\u003c/p\u003e"}],"_metadata":{"uid":"cs1a5254da6e27704a"}}},{"code":{"code":"@Advice.OnMethodEnter\npublic static long enter() {\n return System.nanoTime();\n}\n\n@Advice.OnMethodExit\npublic static void exit(\n @Advice.Argument(0) HttpServletRequest request,\n @Advice.Enter long startTime) {\n System.out.printf(\n \"Request to %s took %d ns%n\",\n request.getRequestURI(),\n System.nanoTime() - startTime);\n}","_metadata":{"uid":"cs43b71bd003b89b51"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5f464ea8dc6244d9"},"header_style":"H2","paragraph_l10n":"In Byte Buddy, there are two main ways how advice gets applied to an instrumented method.\u003cbr /\u003e\u003ch2\u003eInlined advice\u003c/h2\u003e\u003cp\u003eBy default, the enter and exit advice is copied into the target methods, as if the original author of the class had added the agent’s code into the method. The instrumented method, if written in plain Java, would then look something like this:\u003c/p\u003e"}],"_metadata":{"uid":"cs202e88ad5d183aa7"}}},{"code":{"code":"protected void service(HttpServletRequest req, HttpServletResponse resp) {\n long startTime = System.nanoTime();\n // original method body\n System.out.printf(\n \"Request to %s took %d ns%n\",\n request.getRequestURI(),\n System.nanoTime() - startTime);\n}","_metadata":{"uid":"cs0d9566108497f369"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9f2ded6761ae33d6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe advantage is that the advice has access to any value or type that is normally reachable from the instrumented method. In the above example, this allows accessing \u003ccode\u003ejavax.servlet.http.HttpServletRequest\u003c/code\u003e, even though the agent does not itself ship with that interface. As the agent’s code is run within the targeted method, it simply picks up the type definition that is already available to the method itself.\u003c/p\u003e\n\u003cp\u003eOn the downside, the advice code is no longer executed in the context that it is defined within. As a result, you can, for example, not set a breakpoint in an advice method, because it is never actually called. Remember: the methods are merely used as a template.\u003c/p\u003e\n\u003cp\u003eBut the real issue is that factoring code out of the advice methods or calling any methods that are normally reachable from advice is no longer possible. Since all code is now executed from the instrumented method, the agent might run on an entirely different class loader with no connection to the instrumented method, so even public methods might not be invokable from the instrumented code. We'll see more of this issue in the next section. \u003c/p\u003e\u003ch2\u003eDelegated advice\u003c/h2\u003eFor a similar but still very different approach, it is possible to instruct Byte Buddy to delegate to the advice methods instead. This can be controlled via the advice annotation attribute \u003ccode\u003e@Advice.OnMethodEnter(inline = false)\u003c/code\u003e. By default, Byte Buddy will delegate to an advice method via a static method call. The instrumented method would then look like this:"}],"_metadata":{"uid":"cse5317b3033a1a9b8"}}},{"code":{"code":"protected void service(HttpServletRequest req, HttpServletResponse resp) {\n long startTime = AdviceClass.enter();\n // original method body\n AdviceClass.exit(req, startTime);\n}","_metadata":{"uid":"cs39e3dd5952a96d1a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs965d50ca112e2e9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eSimilarly to before, it is up to the agent’s developer to ensure that the advice code is visible to the instrumented method. If the instrumented method does not share a class loader hierarchy with the agent’s code, this instrumentation would yield a \u003ccode\u003eNoClassDefFoundError\u003c/code\u003e upon reaching the above method. And even if the delegated advice is reachable from the agent, argument types such as \u003ccode\u003eHttpServletRequest\u003c/code\u003e might not be available to the agent’s class loader. This would then only move the error to the agent’s code upon its advice invocation.\u003c/p\u003e\u003ch2\u003eClass loader issues\u003c/h2\u003e\n\u003cp\u003eBy default, agents get added to the system class loader when they are attached to the JVM and the \u003ccode\u003ejava.lang.instrument.Instrumentation\u003c/code\u003e interface offers ways to add the agent to the bootstrap class loader. In theory, adding classes to the bootstrap class loader makes them visible everywhere. However, some class loaders (such as OSGi) only allow certain classes (such as \u003ccode\u003ejava.*, com.sun.*\u003c/code\u003e) to be loaded from the system or bootstrap class loader. A common solution is to instrument all class loaders and explicitly redirect class loading of classes in certain packages directly to the bootstrap loader.\u003c/p\u003e\n\u003cp\u003eBut adding classes to the system class loader and the bootstrap class loader also comes with downsides. The additional classes can slow down class path scanners or even cause failures that prevent the application from starting. See \u003ca href=\"https://github.com/elastic/apm-agent-java/pull/364\"\u003eelastic/apm-agent-java#364\u003c/a\u003e for an example. Also, it's not possible to unload classes of such a persistent class loader, which is an issue when designing an agent that wants to offer the possibility of its own removal during runtime.\u003c/p\u003e\n\u003cp\u003eConceptually, there are only two approaches to overcoming these class loader issues where an advice class wants to invoke different methods that are normally shipped with the agents but where these methods might not be reachable. Either this code must be injected into the instrumented class' class loader such that they can be looked up directly from there. Or, a new class loader must be defined as a child of this former class loader where any additional types can now be located by implementing such a custom class loader.\u003c/p\u003e\n\u003cp\u003eFor the first approach, Byte Buddy comes with utilities that allow classes to be injected into any class loader \u003ccode\u003e(net.bytebuddy.dynamic.loading.ClassInjector)\u003c/code\u003e. While this seems like a straightforward fix, it comes with major drawbacks. The more flexible injectors are built on top of internal APIs such as \u003ccode\u003esun.misc.Unsafe / jdk.internal.misc.Unsafe\u003c/code\u003e. And also safer-sounding class injector strategies like \u003ccode\u003eUsingReflection\u003c/code\u003e use clever workarounds to circumvent the safeguards that have been introduced in recent Java versions that usually disallow accessing private fields using \u003ccode\u003eUnsafe::putBoolean\u003c/code\u003e. As of today, it's a cat-and-mouse game between Oracle who restricts access to internal APIs and enforces visibility in the reflection API, and the discovery of new loopholes that can circumvent these. At the same time, the official gateway of using a method handle lookup is barely compatible with agents and its integration is an open issue (\u003ca href=\"https://bugs.openjdk.java.net/browse/JDK-8200559\"\u003ehttps://bugs.openjdk.java.net/browse/JDK-8200559\u003c/a\u003e). Therefore, it seems rather risky to build a whole agent architecture using the currently unsafe APIs that Oracle is aiming to lock down further.\u003c/p\u003e\n\u003cp\u003eWith the second approach, all advice and helper classes are loaded in a child class loader. This works without relying on unsafe API because the class loader is implemented by the agent developer and because a class loader can get access to all types that are defined by its parent class loader.\u003c/p\u003e\n\u003cp\u003eAnother advantage of loading helper classes in a dedicated class loader as opposed to injecting them into the instrumented class's class loader is that it is possible to unload these classes. This allows to fully detach the agent from the application and to attach a new version of the agent without leaving any trace of the previous version, also known as live-updating the agent. Byte Buddy already allows reverting all the instrumentations it has applied via re-transformation. When no other references to the agent helper class loaders are leaked, this makes all its objects, classes, and even the entire class loader eligible for garbage collection.\u003c/p\u003e\n\u003cp\u003eOne complication with this approach is that the advice class is not visible to the instrumented class. The instrumented method \u003ccode\u003eHttpServlet::service\u003c/code\u003e from the previous example calls \u003ccode\u003eAdviceClass\u003c/code\u003e via a static method call. This would lead to a \u003ccode\u003eNoClassDefFoundError\u003c/code\u003e at runtime, as \u003ccode\u003eAdviceClass\u003c/code\u003e is not visible in the context of the \u003ccode\u003eHttpServlet::service method\u003c/code\u003e. That's because \u003ccode\u003eAdviceClass\u003c/code\u003e is loaded by a child class loader of the instrumented class \u003ccode\u003e(HttpServlet)\u003c/code\u003e. While \u003ccode\u003eAdviceClass\u003c/code\u003e can access classes that are visible to the instrumented class, such as the \u003ccdoe\u003eHttpServletRequest argument, the reverse is not true. \u003c/cdoe\u003e\u003c/p\u003e\u003ch2\u003eIntroducing an invokedynamic-based advice dispatching approach\u003c/h2\u003e\n\u003cp\u003eThere's another, lesser-known alternative to dispatching advice via a static method call. With \u003ccode\u003enet.bytebuddy.asm.Advice.WithCustomMapping::bootstrap\u003c/code\u003e, you can instruct Byte Buddy to insert an \u003ccode\u003einvokedynamic\u003c/code\u003e bytecode instruction into the instrumented methods. This instruction was added in Java 7 with the goal of better support for dynamic languages in the JVM, such as Groovy and JRuby. \u003c/p\u003e\n\u003cp\u003eIn a nutshell, an \u003ccode\u003einvokedynamic\u003c/code\u003e invocation consists of two phases: looking up a \u003ccode\u003eCallSite\u003c/code\u003e and then invoking the \u003ccode\u003eMethodHandle\u003c/code\u003e the \u003ccode\u003eCallSite\u003c/code\u003e holds. If the same invokedynamic instruction is executed another time, \u003ccode\u003eCallSite\u003c/code\u003e from the initial lookup will be invoked.\u003c/p\u003e\n\u003cp\u003eThe following example shows how an invokedynamic instruction looks like in the bytecode of a method.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e// InvokeDynamic #1:exit:(Ljavax/servlet/ServletRequest;long)V\u0026lt;/p\u0026gt;\n\u0026lt;p\u0026gt;invokedynamic #1076, 0 \u003c/code\u003e\u003c/p\u003e\u003cbr\u003eThe lookup of the \u003ccode\u003eCallSite\u003c/code\u003e happens within a so-called bootstrap method. This method receives a couple of arguments for the lookup, such as the advice class name, method name, and the advice's \u003ccode\u003eMethodType\u003c/code\u003e that represents the arguments and return type. The following example shows how the bootstrap method is declared within the bytecode of a class."}],"_metadata":{"uid":"cs505c82d5062668be"}}},{"code":{"code":"BootstrapMethods:\n 1: #1060 REF_invokeStatic java/lang/IndyBootstrapDispatcher.bootstrap:(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;[Ljava/lang/Object;)Ljava/lang/invoke/CallSite\n Method arguments:\n #1049 org.example.ServletAdvice\n #1050 1\n #12 javax/servlet/http/HttpServlet\n #1072 service\n #1075 REF_invokeVirtual javax/servlet/http/HttpServlet.service:(Ljavax/servlet/HttpServletRequest;Ljavax/servlet/HttpServletResponse;)V","_metadata":{"uid":"cs679706426ac018de"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5c714c6c23c4107f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe class that contains the bootstrap method (in this case \u003ccode\u003ejava/lang/IndyBootstrapDispatcher.bootstrap)\u003c/code\u003e; must be visible from any instrumented class. Therefore, this class needs to be added to the bootstrap class loader. To ensure compatibility with filtering class loaders, such as OSGi loaders, the class is placed into the \u003ccode\u003ejava.lang\u003c/code\u003e package.\u003c/p\u003e\n\u003cp\u003eWhile this approach doesn't completely avoid class injection, injecting only a single class does result in a reduced surface of eternal classes that are added by the agent and reduces the need to refactor an existing agent if future releases of the JDK no longer allow for such injection.\u003c/p\u003e\n\u003cp\u003eIn the Elastic APM Java agent, the bootstrap method will create a new class loader whose parent is the class loader of the instrumented class and load the advice and any amount of helpers from it. We can then load the advice class from this newly created class loader given the advice class name that is provided as an argument to the bootstrap method \u003ccode\u003e(Method arguments: org.example.ServletAdvice)\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eUsing the other arguments of the bootstrap method, we can construct a \u003ccode\u003eMethodHandle\u003c/code\u003e and a \u003ccode\u003eCallSite\u003c/code\u003e that represents the advice method within the child class loader we created. For our needs, the target method is always the same. Thus, a \u003ccode\u003eConstantCallSite\u003c/code\u003e can be returned that allows the JIT to inline the advice method.\u003c/p\u003e\n\u003cp\u003eNow that we only rely on exactly one class to be visible from the instrumented methods (\u003ccode\u003ejava.lang.IndyBootstrapDispatcher\u003c/code\u003e), we can further isolate the agent by loading its classes that aren't specific to a particular library it instruments from a dedicated class loader. As described in the previous section, hiding the agent's classes from the regular class loader hierarchy avoids compatibility issues, for example with class path scanners. It also allows the agent to ship any dependencies, such as Byte Buddy or a logging library, without having to shade (aka relocate) the dependencies to the agent's namespace. This makes debugging the agent that much easier. Due to the isolated class loader, there is no concern about conflicting classes that may be present in the application's class loader hierarchy. More details on the implementation of one such isolated class loader can be found in the Elastic APM Java agent's source code for \u003ca href=\"https://github.com/elastic/apm-agent-java/blob/43b0e11917a4f6eddb38b02bfe7a5917985058d9/elastic-apm-agent/src/main/java/co/elastic/apm/agent/premain/ShadedClassLoader.java#L1\"\u003eShadedClassLoader\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe resulting class loader hierarchy looks like this:\u003c/p\u003e"}],"_metadata":{"uid":"cs0e827f908d8eb3e3"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt272e6c07cfb98930","ACL":{},"content_type":"image/png","created_at":"2021-11-15T15:05:23.998Z","created_by":"blt1e57c6588ae1816e","file_size":"7892","filename":"blog-elastic-invokedynamic-1.png","parent_uid":null,"tags":[],"title":"blog-elastic-invokedynamic-1.png","updated_at":"2021-11-15T15:05:23.998Z","updated_by":"blt1e57c6588ae1816e","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-11-22T18:00:00.549Z","user":"blt1e57c6588ae1816e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt272e6c07cfb98930/6192773434c0aa7f9f958e57/blog-elastic-invokedynamic-1.png"},"_metadata":{"uid":"csf3b6729d295cfc68"},"caption_l10n":"","alt_text_l10n":"Class loader hierarchy","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs43cecf4c2963aae6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNote that the agent helper class loader, which loads the advice and library-specific helper classes, has two parents: The class loader of the instrumented class (such as the class loader that servlet containers create for each web application) and the agent class loader. That allows advice and helper classes to access both types that are visible from the instrumented class' class loader and the agent class loader. While having multiple parents is not offered by the built-in class loaders, it is relatively straightforward to implement it oneself. Byte Buddy also comes with an implementation called\u0026nbsp;\u003ccode\u003enet.bytebuddy.dynamic.loading.MultipleParentClassLoader\u003c/code\u003e.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eIn summary, this section described how the \u003cstrong\u003einvokedynamic instruction can be used to call an advice method that is loaded from a child class loader of the instrumented class' defining class loader\u003c/strong\u003e. As a result, this allows the agent to hide its classes from the application while providing a way to invoke the isolated methods from the application classes it instruments. This is useful because the advice and all other classes loaded by this class loader can access the instrumented libraries' classes while the advice code is still executed as regular code. It also avoids injecting the advice and helper classes into the target class loader directly, which is only possible today by using internal APIs that Oracle is aiming to increasingly lock down.\u003c/p\u003e\u003ch2\u003eAssignReturned\u003c/h2\u003e\n\u003cp\u003eWhile advice that uses either inlining or delegation is implemented by the same API, and seems rather similar as a result, there are differences. Delegation advice cannot easily write values in the scope of the instrumented method. When advice is inlined, the advice method can simply assign values to annotated parameters which Byte Buddy then translates to a replacement of the represented value during the inlining process. As an example, the following inlined advice would replace the first argument of an instrumented method - here a Runnable - with a wrapper instance that also implements the Runnable interface, which reports any future invocations back to the agent:\u003c/p\u003e"}],"_metadata":{"uid":"csf92aa7e6dcb19824"}}},{"code":{"code":"@Advice.OnMethodEnter\npublic static void enter(\n @Advice.Argument(value = 0, readOnly = false) Runnable callback) {\n callback = new TracingRunnable(callback);\n}","_metadata":{"uid":"cs5cddd92299799db2"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0354be126dc46847"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs the above code is inlined, the advice simply replaces the value that is assigned to the first argument of the instrumented method. As a result, the instrumented method is now executed as if its caller had already passed the \u003cspan data-type='inlineCode'\u003eTracingRunnable\u003c/span\u003e to it.\u003c/p\u003e\u003cp\u003eWhen using delegation, this does not work, unfortunately. With delegation, the new value would only be assigned to the parameter of the advice method, without affecting the instrumented method’s assignment which would still carry the original runnable after the advice method was executed.\u003c/p\u003e\u003cp\u003eTo offer such assignments when using delegating advice, Byte Buddy recently introduced the Advice.AssignReturned post-processor. Advice post processors are handlers that are invoked after an advice method was dispatched, to allow for additional operations that are independent of the advice that was applied. But most importantly, post processors always generate code that is inlined into the instrumented method, even if the advice itself is invoked via delegation. This allows for writing values in the scope of the instrumented method if these values were returned from the advice method. With post processors being an extension to the regular Advice implementation, they need to first be registered manually by calling:\u003c/p\u003e"}],"_metadata":{"uid":"cs3201090a301b1d10"}}},{"code":{"code":"Advice.withCustomBinding()\n .with(new Advice.AssignReturned.Factory());","_metadata":{"uid":"cs609abe6d88d446bd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa6faaf2b6d22a701"},"header_style":"H2","paragraph_l10n":"As the name suggests, this post-processor allows an \nassignment of the value that is returned from an advice method to \nparameters of the instrumented method. To implement the above example, \none would, for example, instruct the post-processor to assign the \nreturned value to the instrumented method’s first argument as it was \ndone before:\u003cbr\u003e"}],"_metadata":{"uid":"cs518de51234170b6b"}}},{"code":{"code":"@Advice.OnMethodEnter(inline = false)\n@Advice.AssignReturned.ToArguments(@ToArgument(0))\npublic static Runnable enter(@Advice.Argument(0) Runnable callback) {\n return new TracingRunnable(callback);\n}","_metadata":{"uid":"cs96b84dac42b56166"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf9dca34186a4b797"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eJust as in the inlined example, the instrumented method would now observe the \u003ccode\u003eTracingRunnable\u003c/code\u003e\n as its first argument as it was replaced by the post-processor. And \nbesides assigning argument values, it is also possible to assign values \nto fields, to the method’s return value, its thrown exception and even \nto its \u003cem\u003ethis\u003c/em\u003e reference if the method is non-static.\u003c/p\u003e\n\n\u003cp\u003eIn some cases, it might however be required to assign more than one \nvalue. With inlined advice, this is straightforward to implement by \nassigning multiple values within the advice method directly to each \nannotated parameter. With delegating advice, multiple assignments are \nhowever similarly easy to implement by returning an array as a return \ntype and by specifying what index of the returned array contains what \nvalue.\u003c/p\u003e\n\u003cp\u003eTo extend the hypothetical example, assuming that the instrumented \nmethod also requires an executor service as a second argument, we could \nenforce the usage of a freshly created cached thread pool by providing \nit as a second argument to an advice method’s returned array. When \nannotating the advice method’s assignments, every assignment now only \nneeds to indicate what array index represents which of the assigned \nvalues.\u003c/p\u003e"}],"_metadata":{"uid":"csa18c04e611774ac6"}}},{"code":{"code":"@Advice.OnMethodEnter(inline = false)\n@Advice.AssignReturned.ToArguments(\n @ToArgument(value = 0, index = 0, typing = DYNAMIC),\n @ToArgument(value = 1, index = 1, typing = DYNAMIC))\npublic static Runnable enter(@Advice.Argument(0) Runnable callback) {\n return new Object[] {\n new TracingRunnable(callback),\n Executors.newCachedThreadPool()\n };\n}","_metadata":{"uid":"cs0b419cbf466d3901"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2839777f12a59432"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eFinally, as \u003ccode\u003eObject-typed\u003c/code\u003e arrays might contain non-assignable values, the annotations must specify that dynamic typing is to be used. Doing so, Byte Buddy attempts a type-casting of values prior to assigning. To avoid the potential \u003ccode\u003eClassCastExceptions\u003c/code\u003e from affecting the instrumented application, the post processor can be configured to suppress these exceptions.\u003c/p\u003e"}],"_metadata":{"uid":"csb6d01cc3a62d86a6"}}},{"code":{"code":"new Advice.AssignReturned().Factory()\n .withSuppressed(ClassCastException.class)","_metadata":{"uid":"cs6423722539a73037"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdb05f662b56f872e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eFailing to configure dynamic typing in cases when the array contains non-assignable values would lead to an exception during the instrumenting of a class. Aside from loss of instrumentation, the application will not be affected.\u003c/p\u003e\u003ch2\u003eTrade-offs\u003c/h2\u003e\n\u003cp\u003eOne of the limitations of this architecture is that it's not possible to support Java 6 applications as it relies on the \u003ccode\u003einvokedynamic bytecode\u003c/code\u003e instruction that has been added in Java 7. As the Elastic APM Java agent never supported Java 6, this was not an issue in that case. Many other agents don't even support Java 7 anymore, whose market share is just around 1-5%, depending on what study is considered.\u003c/p\u003e\n\u003cp\u003eIn addition to the requirement of Java 7+, the instrumented class has to be at bytecode level 51, meaning that it has to be compiled with a target of Java 7 or later. That's because it's not possible to use \u003ccode\u003einvokedynamic\u003c/code\u003e instructions for older class file versions. Some libraries, in particular older JDBC drivers, which an agent may want to instrument, are sometimes compiled with quite old class file versions. There's a relatively simple workaround, though. Using a \u003ccode\u003eClassVisitor\u003c/code\u003e, we can let ASM re-write the bytecode to class file version 51 (Java 7). This has proven to be a stable and reliable way since this has been introduced in the Elastic APM Java agent. It does come with a bit of a performance penalty but we only need to do that for the relatively rare occasion where the class file version of the instrumented class is lower than 51.\u003c/p\u003eAnother thing to keep in mind is that early versions of Java 7 (before update 60, which released in May 2014) and Java 8 (before update 40, which released in March 2015) have bugs in their \u003ccode\u003einvokedynamic\u003c/code\u003e and \u003ccode\u003eMethodHandle\u003c/code\u003e support. For that reason, the Elastic APM Java agent disables itself if it's detected to run on these JVM versions.\u003cbr\u003e\u003cbr\u003e\u003ch2\u003eNext Steps\u003c/h2\u003e\n\u003cp\u003eHave a look at the \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/java/current/intro.html\"\u003edocs\u003c/a\u003e to find out more about the Elastic APM Java Agent and how it can help you to identify and fix performance issues in your application. If you want to build your own Java agent, visit \u003ca href=\"https://bytebuddy.net\"\u003ebytebuddy.net\u003c/a\u003e to learn more.\u003c/p\u003e"}],"_metadata":{"uid":"cs33d17829c1bac146"}}}],"publish_date":"2021-11-22T14:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Embracing invokedynamic to tame class loaders in Java agents","seo_description_l10n":"Byte Buddy makes it easy to write Java agents without bytecode know-how. But class loaders and other complexities can still ruin your day. Here's a novel invokedynamic-based architecture that simplifies agent development.","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt2ad8c87e6be56a66","ACL":{},"content_type":"image/png","created_at":"2020-06-18T00:07:58.016Z","created_by":"bltf6ab93733e4e3a73","file_size":"61385","filename":"blog-thumb-ml-anomaly-laptop.png","tags":[],"title":"blog-thumb-ml-anomaly-laptop.png","updated_at":"2020-06-18T00:07:58.016Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-22T15:00:00.000Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2ad8c87e6be56a66/5eeab05e7bcaf625d820e601/blog-thumb-ml-anomaly-laptop.png"},"title":"Embracing invokedynamic to tame class loaders in Java agents","title_l10n":"Embracing invokedynamic to tame class loaders in Java agents","updated_at":"2025-03-06T12:21:23.612Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/embracing-invokedynamic-to-tame-class-loaders-in-java-agents","publish_details":{"time":"2025-03-06T12:21:27.983Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8a3a98d212becf67","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Hello from the Elastic DevRel team! In this newsletter, we cover the first pre-release of Elasticsearch and the Elastic Stack 9.0, the availability of Elastic Cloud Serverless on Azure, the latest blogs and videos, and upcoming events.","author":["blt45e4796f6aeab23a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-03-04T08:28:47.482Z","created_by":"blt96ac6007eba0a223","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3cf37c76981816a5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(38, 38, 38);font-size: 12pt;'\u003eHello from the Elastic DevRel team! \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIn this newsletter, we cover the first pre-release of Elasticsearch and the Elastic Stack 9.0, the availability of Elastic Cloud Serverless on Azure, the latest blogs and videos, and upcoming events, including ElasticONs in Sydney and Singapore.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdb3bd3ba9d5f1a5a"}}},{"title_text":{"title_text":[{"title_l10n":"What’s new","_metadata":{"uid":"cscfb0d60bd39449e3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003eThe first 9.0 pre-release, 9.0.0-beta1, of \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/releases/tag/v9.0.0-beta1\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://github.com/elastic/kibana/releases/tag/v9.0.0-beta1\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKibana\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003e, and the rest of the Elastic Stack \u003c/span\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003eis now available\u003c/span\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003e. Give it a try, let us know what works and what doesn't, and please don't use it in production (yet).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003eThe easiest way to try it out today is through start-local: \u003c/span\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003ecurl -fsSL https://elastic.co/start-local | sh -s -- -v 9.0.0-beta1\u003c/span\u003e \u003c/span\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003eWe'll dive into more features in the following (pre-) releases, but for beta1, here is an overview of what's now available in ES|QL, the new piped query language.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5d90010ab3741bf4"}}},{"title_text":{"title_text":[{"title_l10n":"1. Lookup joins","_metadata":{"uid":"csa030b335d292c28f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLookup joins, a highly requested feature, are the first of many planned join commands. These joins function like SQL LEFT OUTER JOINs, enabling the direct joining of data or event streams with lookup indices. The ES|QL editor suggests lookup indices and conditions to expedite query construction.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6e2e284ae44af890"}}},{"title_text":{"title_text":[{"title_l10n":"2. KQL filtering inside ES|QL queries","_metadata":{"uid":"csf75f6915464ea3eb"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKQL filtering, the Kibana Query Language, is integrated within ES|QL queries. This integration allows for the combination of KQL's expressive filtering capabilities with ES|QL's transformation features, resulting in faster query execution and improved precision.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9cb3e8be358f7fef"}}},{"title_text":{"title_text":[{"title_l10n":"3. Inference API, MATCH, and more","_metadata":{"uid":"cs656958a6422b6f49"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSemantic search is expanded with access to the Inference API, enabling more accurate AI-driven search experiences. The MATCH command now supports a wider range of field types, query parameters, and optimizations for enhanced accuracy.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa0a5cc27b8a5f203"}}},{"title_text":{"title_text":[{"title_l10n":"4. New functions and commands for statistical analysis","_metadata":{"uid":"cs7616a6944e26de2f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Standard Deviation function is natively available in ES|QL. A new categorization function automatically groups similar log messages to highlight patterns. Additionally, a failure store for debugging purposes is introduced to store query failures, facilitating pattern analysis and improved reliability.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdbe2378e29cd407c"}}},{"title_text":{"title_text":[{"title_l10n":"5. Performance enhancements","_metadata":{"uid":"csdb7ab52070b3ced6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL includes several internal improvements to enhance query performance: acceleration of case-insensitive matching using TO_UPPER/TO_LOWER pushdowns, smarter field capabilities detection for optimized query execution, and memory reductions for faster response times and lower resource usage.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor a complete list of features and changes, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elastic-stack/9.0/release-notes-elasticsearch-9.0.0.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003echeck out the release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(68, 68, 68);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1c209575299dfcd9"}}},{"title_text":{"title_text":[{"title_l10n":"Elastic Cloud Serverless: Technical preview on Microsoft Azure","_metadata":{"uid":"cs5daf835493cae403"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that Elastic Cloud Serverless has gone GA on AWS, we’re starting to expand to other cloud providers. The first one is\u003c/span\u003e\u003cspan style='color:rgb(68, 68, 68);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-microsoft-azure-tech-preview\"\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, where we have just added the first region as a technical preview.For an in-depth, external look at it, read Arnold Van Wijnbergen’s\u003c/span\u003e\u003cspan style='color:rgb(68, 68, 68);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://qensus.com/elastic/partner-news-evaluation-of-elastic-cloud-serverless-on-microsoft-azure-technical-preview/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluation of Elastic Cloud Serverless on Microsoft Azure (Technical Preview)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(68, 68, 68);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfbbe05f64f93324a"}}},{"title_text":{"title_text":[{"title_l10n":"Blogs, videos, and interesting links","_metadata":{"uid":"csd1230d88ce64022e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDeepSeek R1: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eLearn how to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/deepseek-rag-ollama-playground\"\u003e\u003cspan style='font-size: 12pt;'\u003erun a local instance of DeepSeek and connect to it from within Kibana\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with Dave Erickson and Jakob Reiter.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector search: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eValentin Crettaz provides a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/introduction-to-vector-search\"\u003e\u003cspan style='font-size: 12pt;'\u003equick introduction to vector search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, explains how to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vector-search-set-up-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eset up vector search in Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and shows how to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/hybrid-search-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003ecraft hybrid search queries\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearch relevance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePeter Straßer discusses the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/compound-word-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esearch challenges that come with compound words and how to address them\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpenTelemetry:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Follow Bahubali Shetti as he \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/openai-tracing-langtrace-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003etraces a RAG-based Chatbot with Elastic distributions of OpenTelemetry and Langtrace\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-detect-malicious-browser-extensions-using-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003eDetect malicious browser extensions using Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with Aaron Jewitt.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic APM: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eHaidar Braimaanie explains \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/opentelemetry-cpp-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003ehow to monitor your C++ applications with Elastic APM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCLIP: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eJeffrey Rengifo and Tomás Murúa explore \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/openai-clip-alternatives\"\u003e\u003cspan style='font-size: 12pt;'\u003eOpenAI CLIP (Contrastive Language–Image Pre-training) alternatives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFaceted search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/faceted-search-examples-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eUse facet search in Elasticsearch to narrow down options within categories\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with Andre Luiz.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCheck out these videos:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=oKDR90456SM\"\u003e\u003cspan style='font-size: 12pt;'\u003eBuilding AI search: Live insights from Elastic engineering\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/watch?v=CyNJScJA-ZY\u0026t=258s\"\u003e\u003cspan style='font-size: 12pt;'\u003eOTel for Python: Traces with custom spans — Daily Elastic Byte S06E04\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e by Jessica Garson\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.youtube.com/live/2hI9HjEKORg\"\u003e\u003cspan style='font-size: 12pt;'\u003eOTel for Java (Traces) — Daily Elastic Byte S06E05\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e by Piotr Przybyl\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFeatured blogs and projects from the community:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuild an \u003c/span\u003e\u003ca href=\"https://www.linkedin.com/pulse/building-ai-powered-search-system-using-rag-vh-chaudhary-veesf/?trackingId=bGxndRqyRLy2B9s1vPpIbA%3D%3D\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI-Powered Search System using RAG and Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with VH Chaudhary\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://medium.com/newsdatahub/from-redis-to-elasticsearch-when-simple-solutions-hit-their-limits-b7fa095b2232\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWhen Redis hit the wall: Scaling search from thousands to millions of articles\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e by Olga\u003c/span\u003e\u003ca href=\"https://medium.com/newsdatahub/from-redis-to-elasticsearch-when-simple-solutions-hit-their-limits-b7fa095b223\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://blog.telary.io/migrating-off-app-entreprise-search/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMigrating off AppSearch / EntrepriseSearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, where Constant Deschietere provides some tips for moving data and queries\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://github.com/githubesson/csves/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCSVES (CSV to Elasticsearch)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: A flexible tool for importing CSV data into Elasticsearch with automatic field detection and mapping\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs571230018608da7d"}}},{"title_text":{"title_text":[{"title_l10n":"Upcoming events ","_metadata":{"uid":"csd0ba4a9f3f8e2e83"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cs52eea8be94c41211"}}},{"title_text":{"title_text":[{"title_l10n":"Americas","_metadata":{"uid":"cs15c5f36f254268f5"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBoston: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elasticsearch-boston/events/306012449/?recId=4a63a4e6-36f0-4a3e-a97e-90a6e1ba65d1\u0026recSource=keyword_search\u0026searchId=2851a10a-81c9-423d-a80c-501c363adffb\u0026eventOrigin=find_page$all\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch, Vectors, and Hybrid: The new era of Search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 6\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSilicon Valley: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-silicon-valley-user-group/events/306124074/?eventOrigin=group_upcoming_events\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI: Agentic Workflows \u0026amp; LLMs + Research for Real-World Impact\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 6\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePhoenix: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-phoenix-user-group/events/306159187/?eventOrigin=group_upcoming_events\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eConfluent x Elastic joint meetup\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 6\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWashington DC:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/washington-dc-elastic-fantastics/events/306010528/?recSource=chapter-search\u0026recId=65d5ea73-ee6e-41c0-8dc9-f9e0a8b03f47\u0026searchId=884bc49f-e3fa-4070-88bd-e0d1a82eb5ec\u0026eventOrigin=group_upcoming_events\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eThe new era of Search, Search: a new era\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e —\u0026nbsp; March 12\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDurham:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://allthingsopen.ai/about\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAll Things Open AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — March 17–18\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDallas: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-dallas-user-group/events/306239185/?slug=elastic-dallas-user-group\u0026eventId=306239185\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch in a Digital Thread using eQube DaaS platform \u0026amp; Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — March 18\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLancaster:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/lancaster-elastic-user-group/events/pnqvjtyhcfbzb/?eventOrigin=find_page$all\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCommunity Monthly meetup\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e —\u0026nbsp; March 19\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eChicago:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-chicago-user-group/events/305542818/?eventOrigin=group_events_list\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic User Group Meetup\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 20\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSeattle:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/big-data-bellevue-bdb/events/305472422/?eventOrigin=group_upcoming_events\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic + Big Data Bellevue\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 20\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eToronto:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-toronto-user-group/events/306015499/?slug=elastic-toronto-user-group\u0026eventId=301883000\u0026isFirstPublish=true\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edo MORE with stateLESS Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp; March 20\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSanta Clara: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.usenix.org/conference/srecon25americas\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSRECon Americas\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e —\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 25–27\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVirtual Meetup:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-united-states-and-canada-virtual/events/305135329/?slug=elastic-united-states-and-canada-virtual\u0026eventId=305135329\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eReal-Time Log Monitoring and Visualization Using ELK and Kafka\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 27\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSeattle:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://lu.ma/seattle-startup-summit\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSeattle Startup Summit\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e March 28\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf6e54d5d6664c91f"}}},{"title_text":{"title_text":[{"title_l10n":"Europe, Middle East, and Africa","_metadata":{"uid":"cs729ad98a408ecf91"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eZurich: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://devopsdays.org/events/2025-zurich/welcome/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eDevOpsDays Zurich\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 12–13\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eParis: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elasticfr/events/303824144/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLa crème de la crème\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 13\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAmsterdam: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-nl/events/305919766\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Hopsworks meetup, LLM usage in building pipelines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 13\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStockholm: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/stockholm-elastic-fantastics/events/306131300\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTracking abuse using intelligence with Elastic \u0026amp; Tele2\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 13\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWroclaw:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://2025.boilingfrogs.pl\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eBoilingFrogs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAmsterdam:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://webdevcon.nl/session/observability-for-javascript-engineers/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWebdevcon\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 21\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFlorence: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://osday.dev/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eOpenSourceDay\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 21\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSaint-Herblain: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.lacantine.co/agenda/event/25-03-2025-enitechfest/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eENI Tech Fest Saint-Herblain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (France) \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 25\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTurin:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://2025.cloudconf.it/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud Conf\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 26\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLondon:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://sreday.com/2025-london-q1/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSREDay London\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 27–28\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs15b5c765139aeba8"}}},{"title_text":{"title_text":[{"title_l10n":"Asia-Pacific","_metadata":{"uid":"cs3638c1f212f00d57"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAhmedabad: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://laracon.in\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLaracon India\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMarch 8–9\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf3cdcb84cd214fe4"}}},{"title_text":{"title_text":[{"title_l10n":"ElasticON Tour","_metadata":{"uid":"cs6d08e5cf07764619"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's free, one-day conference series is coming to you. Join us to learn what's hot at Elastic right now, watch talks or demos, and visit the ask-me-anything booth. And we have a dedicated community track with talks from Elastic engineers and community members.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSydney:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/elasticon/sydney?utm_campaign=elasticon-tour-sydney\u0026utm_source=community\u0026utm_medium=email\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticON\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — March 6\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs61e6cb5925c4a8d9"}}},{"image":{"image":{"uid":"blt4c090d140106492a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-03-04T08:28:00.777Z","created_by":"blt96ac6007eba0a223","file_size":"259117","filename":"elastic_on.png","parent_uid":null,"tags":[],"title":"elastic on.png","updated_at":"2025-03-04T08:28:00.777Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2025-03-06T15:20:56.285Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4c090d140106492a/67c6b990938bf546e9f9e56e/elastic_on.png"},"_metadata":{"uid":"csc20cc2e05660b4ab"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csee6531edbcaf982f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJoin your \u003c/span\u003e\u003ca href=\"https://community.elastic.co/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003elocal Elastic User Group\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e chapter for the latest news on upcoming events! You can also find us on \u003c/span\u003e\u003ca href=\"https://www.meetup.com/pro/elastic/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup.com\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. If you’re interested in presenting at a meetup, send an email to \u003c/span\u003e\u003ca href=\"mailto:meetups@elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003emeetups@elastic.co\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs363275f6b3632329"}}}],"publish_date":"2025-03-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Community","label_l10n":"Community","keyword":"community","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt9c74c5bb18c95a80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-07-14T13:45:14.579Z","updated_at":"2020-07-14T13:45:14.579Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-07-14T13:45:14.579Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-13T15:01:07.164Z","user":"bltc87e8bcd2aefc255"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt696883955f9c5c66","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-04-18T15:45:26.219Z","created_by":"blt96ac6007eba0a223","file_size":"154834","filename":"community-blog-series-04_(1)_(1).png","parent_uid":null,"tags":[],"title":"community-blog-series-04_(1)_(1).png","updated_at":"2024-04-18T15:45:26.219Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2024-04-19T07:38:52.718Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt696883955f9c5c66/66214016b8b5ce078fdbef6e/community-blog-series-04_(1)_(1).png"},"title":"DevRel newsletter — March 2025","title_l10n":"DevRel newsletter — March 2025","updated_at":"2025-03-05T09:27:36.344Z","updated_by":"blt96ac6007eba0a223","url":"/blog/devrel-newsletter-march-2025","publish_details":{"time":"2025-03-06T15:20:56.205Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2423137547555089","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.\n","author":["blta248c27b7b7978db"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-03-04T17:20:58.101Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"Version 8.17.3 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.17.3 over the previous versions 8.17.2\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.17/new.html).","modular_blocks":[],"publish_date":"2025-03-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.17.3 released","title_l10n":"Elastic Stack 8.17.3 released ","updated_at":"2025-03-04T17:20:58.101Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-stack-8-17-3-released","publish_details":{"time":"2025-03-04T17:21:48.418Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt4289c9140f54be09","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.\n","author":["blta248c27b7b7978db"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-03-04T17:17:31.005Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"Version 8.16.5 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.5 over the previous version 8.16.4\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).","modular_blocks":[],"publish_date":"2025-03-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.16.5 released","title_l10n":"Elastic Stack 8.16.5 released ","updated_at":"2025-03-04T17:17:31.005Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-stack-8-16-5-released","publish_details":{"time":"2025-03-04T17:18:36.008Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9fbb0868540deae9","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Gain full visibility into your Elasticsearch Service costs with the Elasticsearch Service Billing integration. Learn how to deploy it, customize spending attribution per team, and get Kibana alerts to track budget thresholds and prevent overspending.","author":["blt60f0f6a133431d16"],"category":["blte5cc8450a098ce5e"],"created_at":"2025-03-04T01:58:06.925Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd177d569ddf5f1bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMonitoring and managing your Elasticsearch Service (ESS) usage and costs is crucial for efficient operations. The \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/ess_billing.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Service Billing integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e offers a streamlined approach to collect, visualize, and act upon your billing data. In this article, I'll guide you through deploying this integration, customizing it to align with your organizational structure, and setting up alerts to monitor team-specific expenditures.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Deploying the Elasticsearch Service Billing integration","_metadata":{"uid":"cs3b29037825d7ad64"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo begin, identify an Elasticsearch cluster with an attached Fleet-enabled Elastic Agent where the integration can be deployed. This agent will need internet access, as it will poll Elastic billing APIs and parse the resulting data, allowing you to leverage the preconfigured dashboards. Your monitoring cluster on Elastic Cloud Hosted could be a prime candidate for this.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Pre-flight checks","_metadata":{"uid":"cs2234101a0fa735e8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBefore installing the integration and adding it to an agent policy, you will need to retrieve some information for your organization:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe organization ID:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Navigate to your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/account/members\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud organization page\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to find your organization identifier.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eA billing API key:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e On the\u003c/span\u003e\u003ca href=\"https://cloud.elastic.co\"\u003e \u003cspan style=\"font-size: 12pt;\"\u003eAPI keys page\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, create an API key with the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eBilling admin\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e role.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Deploying the integration","_metadata":{"uid":"csc426bea22f6c744d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn the Integrations page in Kibana, search for the \"Elasticsearch Service Billing\" integration and click on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd Elasticsearch Service Billing\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2cb57eac585a7d69"}}},{"image":{"image":{"uid":"bltd26c5efc03001341","_version":1,"title":"elasticsearch-service-billing.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:07:55.796Z","updated_at":"2025-03-04T02:07:55.796Z","content_type":"image/png","file_size":"533305","filename":"elasticsearch-service-billing.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.042Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd26c5efc03001341/67c6607bc4605a465943ed3e/elasticsearch-service-billing.png"},"_metadata":{"uid":"csb32006cfb41aeb2e"},"caption_l10n":"","alt_text_l10n":"Elasticsearch service billing","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7fab27dfec50397c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFill in the requested information, which you collected in the previous step. You can also customize how far back the billing data should be collected during the first run (one year by default) and how often the collection should occur. Please note, however, that the billing data is collected with a daily granularity, so changing the default frequency of 24 hours will bring little benefit.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa517ee2e3428f626"}}},{"image":{"image":{"uid":"blt17e105d0c43911c4","_version":1,"title":"Elasticsearch-service-billing-metrics.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:09:11.447Z","updated_at":"2025-03-04T02:09:11.447Z","content_type":"image/png","file_size":"180854","filename":"Elasticsearch-service-billing-metrics.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:57.998Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17e105d0c43911c4/67c660c7c1fe96639d5515d3/Elasticsearch-service-billing-metrics.png"},"_metadata":{"uid":"cs48f8f0ca700fa72a"},"caption_l10n":"","alt_text_l10n":"Elasticsearch service billing metrics","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs60607a3fe4a306fa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlso note that the second dataset (Elasticsearch Service Credits) requires an active commercial commitment with Elastic to collect data properly.\u003cbr /\u003e\u003cbr /\u003eFinally, deploy the integration to the agent policy of your choice. With version 1.2.0 of the integration, and underlying stack version 8.17.0+, it is also possible to deploy this integration \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eagentless\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0698ea77ede6b5ff"}}},{"image":{"image":{"uid":"blt2ba776cdf96e2d20","_version":1,"title":"adding-intergration.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:10:02.415Z","updated_at":"2025-03-04T02:10:02.415Z","content_type":"image/png","file_size":"71553","filename":"adding-intergration.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.063Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2ba776cdf96e2d20/67c660fa1a2ab560ff1129ec/adding-intergration.png"},"_metadata":{"uid":"csfa400d723ad29d17"},"caption_l10n":"","alt_text_l10n":"Adding integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Visualizing ECU use","_metadata":{"uid":"cs59c88d1d20af3571"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce deployed, the integration will start polling Elastic billing APIs until your configured lookbehind period is fully onboarded. This can take a few minutes — be patient after the initial install, or change the time picker to whatever lookbehind value you used during install to see the progress in real time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdfc727ddf17f973f"}}},{"image":{"image":{"uid":"blt199cf393eaae1f12","_version":1,"title":"quarterly-cost-overview.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:10:57.105Z","updated_at":"2025-03-04T02:10:57.105Z","content_type":"image/png","file_size":"745596","filename":"quarterly-cost-overview.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:57.986Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt199cf393eaae1f12/67c661315108fbe44d36003d/quarterly-cost-overview.png"},"_metadata":{"uid":"csc35fd437558b1b94"},"caption_l10n":"","alt_text_l10n":"Quarterly cost overview","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Drilling down: Defining deployment ownership","_metadata":{"uid":"cs97b2a660caa3c1cc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that you are collecting billing information for the entire organization, you will want to attribute the costs related to specific deployments to the teams that own them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor this purpose, create an @custom pipeline for the integration, where you can define your logic.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor my example, I will use the following logic:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAll deployments with “test” in their name will be attributed to the QA team.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAll deployments with “security” in their name will be attributed to the Security team.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAll other deployments will be attributed to the Development team.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Creating the custom template and ingest pipeline","_metadata":{"uid":"cs74155f632567083c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing this logic requires declaring new fields in the custom template and then creating the ingest pipeline:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c8aa420aa0a4292"}}},{"code":{"code":"PUT /_component_template/metrics-ess_billing.billing@custom\n{\n \"template\": {\n \"mappings\": {\n \"properties\": {\n \"team\": {\n \"type\": \"keyword\"\n }\n }\n }\n }\n}\n\n\nPUT /_ingest/pipeline/metrics-ess_billing.billing@custom\n{\n \"processors\": [\n {\n \"set\": {\n \"field\": \"team\",\n \"value\": \"development\"\n }\n },\n {\n \"set\": {\n \"field\": \"team\",\n \"value\": \"security\",\n \"if\": \"ctx.ess.billing.deployment_name ==~ /.*security.*/\"\n }\n },\n {\n \"set\": {\n \"field\": \"team\",\n \"value\": \"QA\",\n \"if\": \"ctx.ess.billing.deployment_name ==~ /.*test.*/\"\n }\n }\n ]\n}\n","_metadata":{"uid":"cs6deefbdb32893fd7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfab9e3916407c6e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eYou could also use the \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eenrich processor\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e to create a “join” with a reference base, thereby linking each deployment to its owner.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Altering historical data","_metadata":{"uid":"cs9c620af9329e47ed"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is likely that you added the above ingest pipeline after the initial data pull, in which case a lot of the data is currently missing the newly defined field. You can “fix” your data by manually updating the mapping for the indices that already exist and performing an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-update-by-query.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eupdate by query\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse0dddcd19d60fa7f"}}},{"code":{"code":"PUT metrics-ess_billing.billing-*/_mapping\n{\n \"properties\": {\n \"team\": {\n \"type\": \"keyword\"\n }\n }\n}\n\n\nPOST /metrics-ess_billing.billing-*/_update_by_query?pipeline=metrics-ess_billing.billing@custom\u0026wait_for_completion=false","_metadata":{"uid":"cs4185baf562032378"}}},{"title_text":{"title_text":[{"title_l10n":"Viewing the results","_metadata":{"uid":"csfa3147532b9b0d4d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can now analyse the spending trends of your teams, thanks to this freshly created field. Let’s use some ES|QL for this purpose:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(0, 113, 194);font-size: 10.5pt;'\u003e\u003cstrong\u003eFROM\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e metrics-ess_billing.billing-*\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e| \u003c/span\u003e\u003cspan style='color:rgb(196, 64, 124);font-size: 10.5pt;'\u003e\u003cstrong\u003eSTATS\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e `Team spending`=\u003c/span\u003e\u003cspan style='color:rgb(0, 113, 194);font-size: 10.5pt;'\u003eSUM(\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003eess.billing.total_ecu\u003c/span\u003e\u003cspan style='color:rgb(0, 113, 194);font-size: 10.5pt;'\u003e)\u003c/span\u003e\u003cbr /\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cspan style='color:rgb(196, 64, 124);font-size: 10.5pt;'\u003e\u003cstrong\u003eBY\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(0, 113, 194);font-size: 10.5pt;'\u003eBUCKET(\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e@timestamp,\u003c/span\u003e\u003cspan style='color:rgb(0, 126, 119);font-size: 10.5pt;'\u003e\"1 month\"\u003c/span\u003e\u003cspan style='color:rgb(0, 113, 194);font-size: 10.5pt;'\u003e)\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10.5pt;'\u003e, team\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs05667aa497f1a976"}}},{"image":{"image":{"uid":"blt838771c1fc7ad544","_version":1,"title":"Analyze-spending-trends.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:16:27.851Z","updated_at":"2025-03-04T02:16:27.851Z","content_type":"image/png","file_size":"86399","filename":"Analyze-spending-trends.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.140Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt838771c1fc7ad544/67c6627b1a2ab5658f1129f9/Analyze-spending-trends.png"},"_metadata":{"uid":"cs9964c24f3a8d5666"},"caption_l10n":"","alt_text_l10n":"Analyze spending trends","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2f224e5a20ffd252"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt looks like the trend is fairly stable, except for this large bill in November. Maybe I should configure some alerting to identify the spending trend faster next time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5693bec99522d106"}}},{"title_text":{"title_text":[{"title_l10n":"Setting up alerts for team spending","_metadata":{"uid":"cs859bd1432bbdea84"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMonitoring team expenditures is vital for budget management. With Kibana's alerting features, you can configure notifications to alert you when a team's spending trend surpasses a predefined threshold — let’s prevent this November fluke from happening again.\u003cbr /\u003e\u003cbr /\u003eSince I already queried for the data and wrote the ES|QL query, most of the work is already done! I can simply click on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAlerts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e button at the top of my screen and change my configuration and threshold to match my goals.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs88f2472b1eb36486"}}},{"image":{"image":{"uid":"blt67dcf6d4e119f97e","_version":1,"title":"Setting-up-alerts.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:18:08.839Z","updated_at":"2025-03-04T02:18:08.839Z","content_type":"image/png","file_size":"350687","filename":"Setting-up-alerts.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.053Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67dcf6d4e119f97e/67c662e086795f05fa8e5050/Setting-up-alerts.png"},"_metadata":{"uid":"cs098e09c229c2c971"},"caption_l10n":"","alt_text_l10n":"Setting up alerts","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa70a78e09dc5dfbe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn my case, I will refine the granularity to daily spending and set a per-team budget of 1,000 ECUs:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs29e2ce0f94563427"}}},{"image":{"image":{"uid":"bltd44cf16bd5725ccb","_version":1,"title":"Elasticsearch-query.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:19:40.149Z","updated_at":"2025-03-04T02:19:40.149Z","content_type":"image/png","file_size":"255428","filename":"Elasticsearch-query.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.031Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd44cf16bd5725ccb/67c6633c54cf2f00de766719/Elasticsearch-query.png"},"_metadata":{"uid":"cs784e352f3e74cb02"},"caption_l10n":"","alt_text_l10n":"Elasticserach query","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2a066e85ea26091"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNotice how I can live-test my query and confirm that this would indeed have triggered in November, when my Development team blew the budget.\u003cbr /\u003e\u003cbr /\u003eThe final step is to configure the action you want Kibana to run on alert trigger. In my case, this will certainly be an email, but you can refer to the documentation for more details about all available \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/action-types.html\"\u003e\u003cspan style='font-size: 12pt;'\u003econnector types\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa952fee06a41e3a9"}}},{"image":{"image":{"uid":"blt8903cf9a6eb3f1ec","_version":1,"title":"Connector-types.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T02:21:17.625Z","updated_at":"2025-03-04T02:21:17.625Z","content_type":"image/png","file_size":"123902","filename":"Connector-types.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.073Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8903cf9a6eb3f1ec/67c6639dd1b1de5bfbca8184/Connector-types.png"},"_metadata":{"uid":"cs8577de5c38c4f6c8"},"caption_l10n":"","alt_text_l10n":"Connector types","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Take control of your Elasticsearch Service costs","_metadata":{"uid":"cs99b060f8f1a75da7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy integrating the Elasticsearch Service Billing data into your observability pipeline, you gain real-time visibility into your cloud spending, ensuring financial accountability across teams. With custom tagging and alerting in Kibana, you can track expenses, enforce budget policies, and prevent unexpected cost overruns.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReady to take control of your Elasticsearch Service costs? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/ess_billing.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eDeploy the integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e today, customize it to match your team structure, and set up alerts to stay ahead of budget surprises.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs4be85facdda0a3a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7fad702a8f9c7a91"}}}],"publish_date":"2025-03-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Track and control Elasticsearch Service costs with billing integration","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Track, customize, and alert on Elasticsearch Service expenses using Elasticsearch service billing integration.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}},{"title":"Optimizing","label_l10n":"Optimizing","keyword":"optimizing","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt7731091cfa6e23e8","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:15.070Z","updated_at":"2020-06-17T03:40:15.070Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:15.069Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:51.089Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1d8cc8db9be8d4d1","_version":1,"title":"-27-ridges.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-03-04T01:56:54.745Z","updated_at":"2025-03-04T01:56:54.745Z","content_type":"image/jpeg","file_size":"108901","filename":"-27-ridges.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-03-04T17:26:58.129Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1d8cc8db9be8d4d1/67c65de6d3f86d3f57ec5287/-27-ridges.jpg"},"title":"Monitor Elasticsearch Service costs with billing integration and alerts","title_l10n":"Monitor Elasticsearch Service costs with billing integration and alerts","updated_at":"2025-03-04T17:11:12.570Z","updated_by":"bltd9765be97bbed20c","url":"/blog/monitor-elasticsearch-costs-billing-integration","publish_details":{"time":"2025-03-04T17:26:57.482Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9ecc9aab330ebf84","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"GenAI has been a big win for security teams worldwide. While it’s unlikely to take cybersecurity jobs, it is bringing forth a powerful level of automation that uplevels the traditional day-to-day workload of practitioners. Learn how GenAI can help.","author":["blt1f84830916c3ddfe"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-18T21:44:19.247Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs73bcedf08f8b15c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI (GenAI)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is quickly becoming an essential part of everyday security workflows. So … is it a partner or competitor?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe wide-ranging implementation of GenAI technologies into virtually every aspect of the security stack has, on the whole, helped security teams work more efficiently to mitigate threats. GenAI is providing security practitioners access and analysis to data they otherwise would never have had — making their work even more impactful than it’s ever been.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the same time, GenAI has also expanded the attack surface — whether through adversaries’ abilities to scale production of malicious code, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/llm-safety-report?utm_source=releaseblog\"\u003e\u003cspan style='font-size: 12pt;'\u003erisks associated with employees’ use of large language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or increasingly sophisticated social engineering campaigns.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how does all this affect today’s security professionals?\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How GenAI is helping security professionals","_metadata":{"uid":"csb2253f02e20b1e4a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith GenAI on board, security practitioners’ daily scope of work is changing in real time. Here are some of the traditional tasks by role and how exactly GenAI is alleviating burdensome processes for each.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Security engineers and architects","_metadata":{"uid":"csdfd439a8af470d85"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Collect and normalize a new data source.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAutomating the development of custom data integrations; creating a fully fledged integration (pipeline, mappings, templates, and integration package)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Create or convert a detection rule.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Creating and converting detection rules; explaining alerts\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Security analysts","_metadata":{"uid":"cs72ca7cef262b0d38"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTask:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Triage alerts.\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGenAI helps by:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Automating triage by correlating related alerts into attack-level findings\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTask: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMonitor security alerts.\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGenAI helps by:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Automating alert triage by filtering out false positives and prioritizing genuine threats based on severity and potential impact\u003cbr /\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Investigate a threat.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Performing key investigation steps like providing a detailed description of the attack, summarizing hosts and users, displaying related \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMITRE ATT\u0026amp;CK®\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tactics, and more (Built-in AI assistants can also create step-by-step remediation plans and streamline ad-hoc analysis and enrichment by generating preferred program language queries.)\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Respond to an incident.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSuggesting remediation steps and helping document incidents\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SOC leaders","_metadata":{"uid":"cs8024226502658b37"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eManage\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eteam performance.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTracking and summarizing metrics on response time, alert volume per analyst, team fatigue levels, and more\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTask: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReport metrics and insights to executives.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI helps by: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAggregating and visualizing security metrics, generating concise summaries, and providing predictive insights to better communicate with stakeholders\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1fd6c06448c6cc0c"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs06f497f681166c49"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSee a detailed breakdown of how \u003c/span\u003e\u003ca href=\"https://www.elastic.co/lp/how-is-ai-changing-the-cybersecurity-landscape\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI is changing the cybersecurity landscape\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"AI-driven security analytics","_metadata":{"uid":"cs665bcd6846219de2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the help of GenAI, security teams can more easily prioritize critical incidents, reduce alert fatigue, and accelerate investigations through real-time integrated threat intelligence, automated triage, and LLM-enhanced workflows. AI-driven security analytics transform security operations into a more proactive, adaptive, and efficient function — allowing organizations to stay ahead of today’s threat actors (who themselves are also using GenAI) and respond with greater speed and accuracy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere are some estimates on how much time security teams can expect to save with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc00fc417352bd86e"}}},{"image":{"image":{"uid":"blta25f739e96047c29","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-18T21:43:53.661Z","created_by":"bltb6c155cd84fc0c1a","file_size":"295135","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2025-02-18T21:43:53.661Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-19T14:55:00.393Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta25f739e96047c29/67b4ff196e2f9543f50a89af/image2.png"},"_metadata":{"uid":"cs7b26335f98a09a46"},"caption_l10n":"","alt_text_l10n":"time savings of ai","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Today’s AI-equipped security professional","_metadata":{"uid":"cs5e116c6e5893a7a5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOK, so GenAI is elevating efficiency, productivity, and overall defense capabilities … but how might it help you in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eyour\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e role? Check out this resume from the perspective of a humble-yet-powerful AI assistant and see why \u003c/span\u003e\u003ca href=\"https://www.elastic.co/lp/security/ai-assistant-resume\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI is the newest team member you need\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbfee1b92d43f3fb4"}}},{"image":{"image":{"uid":"blt0990b67517845319","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-18T21:43:14.118Z","created_by":"bltb6c155cd84fc0c1a","file_size":"634871","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2025-02-18T21:43:14.118Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-19T14:55:00.491Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0990b67517845319/67b4fef284b0c2201fdea3a9/image1.png"},"_metadata":{"uid":"cs6a173e9b64400424"},"caption_l10n":"","alt_text_l10n":"security ai assistant resume","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs06e01840f3c6fc3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI has been a big win for security teams worldwide. While it’s unlikely to take cybersecurity professionals’ jobs, it is bringing forth a powerful level of automation that uplevels the traditional day-to-day workload of practitioners — shifting their role to adopt more strategic focus and creative problem-solving.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy automating away many of the time-intensive and mundane tasks that have burned out many security analysts and admins, security teams can now focus on the priorities that truly matter and further strengthen overall security posture.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCheck out our webinar on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/2025-cybersecurity-trends\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity trends for 2025\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to gain further insight into the relationship between practitioner and AI, and see how \u003c/span\u003e\u003ca href=\"https://www.elastic.co/lp/security/ai-assistant-resume\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI can help your team accomplish more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f506b6cf4ec5175"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a9d8da7f247fbf0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs345b75c8266ff5ce"}}}],"publish_date":"2025-03-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"No, but it’s fundamentally changing them.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3c3c124c70b20f1e","ACL":{},"created_at":"2023-11-06T20:47:25.066Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"predictive-analytics","label_l10n":"Predictive analytics","tags":[],"title":"Predictive analytics","updated_at":"2023-11-06T20:47:25.066Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:06.368Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte799688802bb242c","ACL":{},"created_at":"2023-11-06T21:32:44.031Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"soar","label_l10n":"SOAR","tags":[],"title":"SOAR","updated_at":"2023-11-06T21:32:44.031Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.584Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blta0522675d5f80636","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-18T21:29:34.454Z","created_by":"bltb6c155cd84fc0c1a","file_size":"156662","filename":"174118_-_Blog_header_image-_Will_AI_start_taking_cybersecurity_jobs_-1.jpg","parent_uid":null,"tags":[],"title":"174118 - Blog header image- Will AI start taking cybersecurity jobs?-1.jpg","updated_at":"2025-02-18T21:29:34.454Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-19T14:55:00.476Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta0522675d5f80636/67b4fbbec063ceb01d3c6413/174118_-_Blog_header_image-_Will_AI_start_taking_cybersecurity_jobs_-1.jpg"},"title":"Will AI start taking cybersecurity jobs?","title_l10n":"Will AI start taking cybersecurity jobs?","updated_at":"2025-03-03T20:23:00.301Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/will-ai-start-taking-cybersecurity-jobs","publish_details":{"time":"2025-03-03T20:26:23.880Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5030aa9a2be4a79c","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"US federal agencies have made progress in adhering to M-21-31’s cyber threat response requirements but lag in advanced event logging requirements. Learn how Elastic can help agencies overcome three major challenges slowing M-21-31 logging compliance.","author":["blte520dce49f64b517","blt7d037363482c18a8"],"category":["bltc17514bfdbc519df"],"created_at":"2023-12-19T15:33:29.201Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs890d8d71f916070c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor the past four years or so, US federal agencies have been working to comply with the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents. The memo outlined a logging maturity model with four tiers (E0-3) to guide agencies in their compliance process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn a December 2023 study, the US Government Accountability Office (GAO) found that most agencies were not on track to meet deadlines for advanced logging. The study highlighted \u003c/span\u003e\u003ca href=\"https://www.gao.gov/products/gao-24-105658\"\u003e\u003cspan style='font-size: 12pt;'\u003ethree challenges\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e agencies face as they work to meet M-21-31 event logging requirements: lack of staff, event logging technical challenges, and limitations in cyber event information sharing.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese challenges are still very much relevant in 2025. In addition, agencies are increasingly focused on cost efficiencies and interoperability. The good news, however, is that advancements in AI and logging have made M-21-31 compliance more achievable by US government agencies.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this post, we’ll walk through common M-21-31 logging compliance challenges and share how we’ve seen US federal customers address them using Elasticsearch.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Using Elasticsearch to solve M-21-31 challenges","_metadata":{"uid":"cs65e193f948d2e44b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSeveral federal agencies have been using Elastic’s Search AI Platform to meet M-21-31 requirements — taking a unified approach that includes both logging and threat response. Based on these agencies’ experience using Elastic for M-21-31, we recommend the following ways to overcome common M-21-31 challenges.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Limited budgets","_metadata":{"uid":"csebc04c95564b944a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs federal agencies prioritize cost savings and interoperability, there is increasing scrutiny toward technology investments and budgets. Since M-21-31 was introduced in 2021, Elastic continues to offer even more opportunity for agencies to save on costs and store data affordably.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAffordable data tiering model: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eElastic's data tiering approach optimizes data management by categorizing data into storage tiers based on access frequency and cost. For example, agencies can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-hosted-data-retention-government-compliance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estore longer term or historical data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e in Elastic’s frozen tier. Ideal for long-term retention, the frozen tier enables data to be stored in object storage for two years or longer.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eSearchable snapshots: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eThe unique searchable snapshots capability enables direct searches for data \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003ewithout any rehydration, maintaining fast search performance. (Elastic's cold and frozen tiers perform with search speeds that are comparable to our competitors' hot tiers.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch logsdb index mode: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-17-0#elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e is designed to significantly reduce data storage costs by efficiently storing and searching essential log data. Logsdb index mode can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecut data storage costs by up to 65%\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, making it an ideal choice for federal agencies aiming to optimize their data management budgets while complying with M-21-31.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"2. Skills gap and lack of staff","_metadata":{"uid":"csbdec99d84d5679b1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFederal agencies are leveraging the AI and machine learning (ML) capabilities built into the Elastic Search AI Platform to automate time-consuming tasks and uncover data insights in real time. Instead of hiring more employees or re-skilling existing teams, agencies are benefiting from Elastic’s democratized approach to insights and the accessible capabilities built into the platform. A few of the functionalities helping agencies address the skills gap include:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eConsolidated view into data: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlign teams and roles around common datasets, providing a unified view of infrastructure performance and enriched by threat intelligence. This consolidated access makes it easier and faster to consume and act on data, no matter where it’s located.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cstrong\u003eDrag-and-drop visualizations\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnalyze logging and cybersecurity data through Elasticsearch’s intuitive, visual \u003c/span\u003e\u003ca href=\"https://www.elastic.co/kibana\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edrag-and-drop dashboards\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. These dashboards surface insights generated from Elastic’s ML and AI capabilities, allowing everyone access to this information in real time — as opposed to having to wait on a data scientist with specialized knowledge or access.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAI capabilities: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLeverage the power of Elastic’s Search AI Platform to streamline tasks, reduce manual data correlation, and triage security alerts. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/ai-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e integrates generative AI to simplify tasks and help users find context and information for understanding anomalies and threats faster, speeding problem resolution. And Elastic’s Attack Discovery feature can automatically cut through hundreds of noisy alerts in order to surface the ones that matter most to your agency. As a result, your team can save time by quickly understanding the presented attacks, take immediate follow-up action, and more.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"3. Event logging technical challenges","_metadata":{"uid":"cs39a36f9257eae63b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of the roadblocks in logging compliance is not having access to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eall \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003elogging data. Without streamlined visibility into all data types and sources, the ability to accurately pinpoint threats and patterns is significantly limited. Many organizations are challenged with the high costs involved in managing and storing large quantities of disparate logging data. Elastic’s approach simplifies data ingest and analysis, while our resource-based pricing gives teams the flexibility to pay for what they need.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eStreamlined data ingest:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIngesting different types of data from different sources typically requires multiple tools and processes (and high costs). Using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-agent\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Agent\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to ingest all your logs, metrics, and traces can eliminate dependency on external plugins and integrations that may require you to give up control of sensitive data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUnified schema: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo organize and make sense of all types of ingested data, Elastic uses an open source, community-driven schema known as the\u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/common-schema\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Common Schema\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or ECS. This common data structure unifies all modes of analysis available in Elastic, including search, drill-down and pivoting, data visualization, ML-based anomaly detection, detection rules, and alerting. ECS is also part of OpenTelemetry, offering agencies yet more opportunity for building efficiencies and interoperability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"4. Limitations in cyber event information sharing","_metadata":{"uid":"csd072c5f9295dc277"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eM-21-31 called for agencies to share logging data with one another, “as needed and appropriate, to accelerate incident response efforts.” Traditionally, sharing data outside an agency introduced significant risk for already-sensitive data, as well as potential costs and time required to copy data or move it to a central source.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing Elasticsearch, however, agencies can securely share data across agencies, teams, and projects. In fact, federal agencies are probably already familiar with the cyber intelligence data provided by CISA; Elasticsearch \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/public-sector-cdms-data-strategy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epowers CISA’s CDM Dashboard\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, giving CISA centralized visibility into 100+ agencies’ cybersecurity data when needed. CISA, and other federal agencies, have been relying on Elasticsearch for its:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDistributed approach: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-enable-ccs.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic cross-cluster search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-enable-ccs.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e cross-cluster replication\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e capabilities, agencies can securely share their data outside their agency without moving it. In addition to reducing the risk, time, and costs involved with moving data, this approach enables each agency to retain control of their data in its original secure location.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eData privacy controls: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWorking hand in hand with cross-cluster search and replication, Elastic’s\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-security-role-based-access-control-rbac\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erole and attribute-based access control\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e (RBAC/ABAC) security lets you decide who at your agency can access what data — down to the document level. These security permissions are applied locally, where the data resides. This allows you to create secure dynamic data access policies for certain classification levels and functional areas.\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Get started: Accelerate M-21-31 compliance","_metadata":{"uid":"cs402abecd9bd6b72b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about how Elastic can provide integrated, cost-effective support for M-21-31 compliance, from log storage, management, and cybersecurity capabilities within our unified AI-powered platform:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhite paper: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industry-brief-the-executive-order-on-improving-the-nations-cybersecurity\"\u003e\u003cspan style='font-size: 12pt;'\u003eM-21-31 industry brief\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-hosted-data-retention-government-compliance\"\u003e\u003cspan style='font-size: 12pt;'\u003eOptimizing long-term storage costs for government compliance\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/its-time-for-government-to-move-beyond-monitoring-and-into-observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s time for government to move beyond monitoring and into observability\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/contact/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003eContact the Elastic federal team\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cse7011fc37f50ad22"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscfdde844049cd69f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOriginally published December 19, 2023; updated March 3, 2025.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csf771f8925b3f2d12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0cfb8ac7ab92dd1e"}}},{"image":{"image":null,"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null},"_metadata":{"uid":"cs0afbdfb4ff275f05"}}}],"publish_date":"2025-03-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"How US federal agencies can better meet advanced event logging requirements","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4eb0f5c53cfcb73a","ACL":{},"created_at":"2023-11-06T20:43:57.712Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-source-standards","label_l10n":"Open source/standards","tags":[],"title":"Open source/standards","updated_at":"2023-11-06T20:43:57.712Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:21.485Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"parent_uid":"blta8bbe6455dcfdb35","uid":"blt6380424f89934f96","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2023-05-30T20:13:32.007Z","updated_at":"2023-05-30T20:13:32.007Z","content_type":"image/jpeg","file_size":"167019","filename":"log-management-720x420_(2).jpeg","title":"log-management-720x420_(2).jpeg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-30T20:43:47.376Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6380424f89934f96/647658ecec2233010651bf95/log-management-720x420_(2).jpeg"},"title":"M-21-31 logging compliance: Where are we now?","title_l10n":"M-21-31 logging compliance: Where are we now?","updated_at":"2025-03-03T18:18:43.377Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/m-21-31-logging-compliance-challenges","publish_details":{"time":"2025-03-03T18:18:47.799Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt681b190feb3f4561","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"In an exciting update to our Operation Giving Back program, we are thrilled to share that Elastic is now offering one year of free virtual, on-demand training for all U.S. veterans and active duty military personnel.","author":["bltcfa45c6824a1e807"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2021-09-30T14:32:57.187Z","created_by":"blt1e57c6588ae1816e","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"cs178d2f61ff9b8f9e"},"paragraph_l10n":"","callout_reference":["blt47d0de7b45a59baa"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d7eaf768f1b02d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eIn an exciting update to our Operation Giving Back program, we are thrilled to share that Elastic is now offering one year of free virtual, on-demand training for all U.S. veterans and active duty military personnel. We are operationalizing the program in the U.S. \nfirst, but will be working on ways to expand it to other countries in \nthe future.\u003c/p\u003e\n\u003cp\u003eElastic skills are in high demand across public and private industries. We’re proud to be offering the individuals who have devoted themselves to their country with an opportunity to prepare for bright new futures, wherever life may take them. \u003c/p\u003e\n\u003cp\u003e“Veterans bring a wealth of knowledge and skills to the workforce,” says Hector Perez, Senior Director, CRM applications at Elastic. “With this no-cost training from Elastic, military veterans can open up new career paths for themselves in high-demand industries.” \u003c/p\u003e\n\u003cp\u003eYou can learn more about the program and sign up to access free training on our \u003ca href=\"http://elastic.co/veterans\"\u003eOperation Giving Back web page\u003c/a\u003e. \u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eMilitary roots at Elastic are at the heart of this program\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eProviding free training for veterans is particularly meaningful for me as a member of a military family. Both my dad and husband are veterans, so I was encouraged to see how Elastic was already supporting the Department of Defense (DOD) and their mission when I joined the company nearly four years ago. Meeting users in the DOD who embraced Elastic’s free and open roots and built a thriving community around them galvanized the team and I to start Operation Giving Back. Elastic’s \u003ca href=\"https://www.elastic.co/about/our-source-code\"\u003esource code\u003c/a\u003e values, including Space, Time and Progress, Simple Perfection, have been essential in giving us the time and encouragement to take an idea like this and build it into an entire program supporting a community that we’re passionate about. I’m hopeful that there will be much more to come for our military community members through this program.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eTraining, guidance, and support for our military users\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eFor our veterans and active duty military personnel who are interested in taking advantage of this program, getting started with your free Elastic training subscription is as simple as verifying your ID to begin one year of access.\u003c/p\u003e\n\u003cp\u003eWith Quick Start guides, training fundamentals, field guides, and our popular Data Analysis for Kibana course, this subscription provides everything veterans need to get started with the Elastic platform or to build on existing skills to achieve mastery. \u003c/p\u003e\n\u003cp\u003e“As a veteran who works with many veterans at Elastic, I am glad to see us make this commitment of time and resources to support veterans outside the company as well,” said Kevin Keeney, Army Mission Support at Elastic. “When they leave the service, veterans often need to retool their skills. This program gives them an easy path to develop an in-demand skill set for the global job market.”\u003c/p\u003e\n\u003cp\u003eAlong with access to the training, the Elastic team is providing support to new and existing users every step of the way. For new users, we’ll be in touch to share recommended course paths and additional resources for getting familiar with Elastic technology. And for our seasoned users looking to deepen their expertise, we will offer assistance with preparing for Elastic certification, mastering a new skill, or diving deeper into niche topics. \u003c/p\u003e\n\u003cp\u003eAs part of this program, we’re excited to continue partnering with organizations like \u003ca href=\"https://vetsintech.co/\"\u003eVetsinTech\u003c/a\u003e to offer training, mentorship, and professional development opportunities for personnel transitioning from military to civilian life. \u003c/p\u003e\n\u003cp\u003eWe’re honored and excited to be supporting the military community that’s been such a meaningful part of both the Elastic story and our personal stories. \u003c/p\u003eTo learn more about the program and sign up for access to free training, \u003ca href=\"http://elastic.co/veterans\"\u003evisit our veterans web page today\u003c/a\u003e."}],"_metadata":{"uid":"csa29ec3967f7ca372"}}}],"publish_date":"2021-09-30T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Free Elastic training for U.S. veterans and active duty military personnel","seo_description_l10n":"In an exciting update to our Operation Giving Back program, we are thrilled to share that Elastic is now offering one year of free virtual, on-demand training for all U.S. veterans and active duty military personnel.","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"},{"uid":"blt791379bc935f6af0","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt8ba81aec5f3106e1","created_by":"blt1e57c6588ae1816e","updated_by":"blt1e57c6588ae1816e","created_at":"2021-09-30T19:21:49.565Z","updated_at":"2021-09-30T19:21:49.565Z","content_type":"image/png","file_size":"36130","filename":"Blog_Thumbnail-training-for-vets-720x420.png","title":"Blog_Thumbnail-training-for-vets-720x420.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-30T19:22:03.810Z","user":"blt1e57c6588ae1816e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8ba81aec5f3106e1/61560e4d9c76234dd174b91b/Blog_Thumbnail-training-for-vets-720x420.png"},"title":"Free Elastic training for U.S. veterans and active duty military personnel","title_l10n":"Free Elastic training for U.S. veterans and active duty military personnel","updated_at":"2025-02-27T11:02:50.512Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/free-elastic-training-for-us-veterans-and-active-duty-military-personnel","publish_details":{"time":"2025-02-27T11:02:57.800Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltecfaf12e755817a4","_version":28,"locale":"en-us","ACL":{},"abstract_l10n":"Using named entity recognition (NER) as an example, this blog describes the process for getting up and running using deep learning models for natural language processing (NLP) in Elasticsearch.","author":["bltf5e67aa275b15da9"],"category":["blte5cc8450a098ce5e"],"created_at":"2022-04-06T19:46:08.011Z","created_by":"blt3044324473ef223b70bc674c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs32aec6d0f29fd880"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs part of our \u003ca href=\"/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_self\"\u003emulti-blog series on natural language processing (NLP)\u003c/a\u003e, we will walk through an example using a named entity recognition (NER) NLP model to locate and extract predefined categories of entities in unstructured text fields. Using a publicly available model, we will show you how to deploy that model to Elasticsearch, find named entities in text with the new _infer API, and use the NER model in an ingest pipeline to extract entities as documents are ingested into Elasticsearch.\u003c/p\u003e\u003cp\u003eNER models are useful for using natural language to extract entities like people, places, and organizations from full text fields.\u003c/p\u003e\u003cp\u003eIn this example we will run the paragraphs of the book \u003ca href=\"https://en.wikipedia.org/wiki/Les_Mis%C3%A9rables\" target=\"_self\"\u003eLes Misérables\u003c/a\u003e, through an NER model and use the model to extract the characters and locations from the text and visualize the relationships between them.\u003c/p\u003e"},{"title_l10n":"Deploying an NER model to Elasticsearch","_metadata":{"uid":"cs0481055660bb05a1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eFirst we need to select an NER model that can extract the names of the characters and locations from text fields. Fortunately there are a few NER models available on \u003ca href=\"http://huggingface.co\" target=\"_self\"\u003eHugging Face\u003c/a\u003e we can choose from, and checking the \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-model-ref.html#ml-nlp-model-ref-ner\" target=\"_self\"\u003eElastic documentation\u003c/a\u003e, we see one for an \u003ca href=\"https://huggingface.co/elastic/distilbert-base-uncased-finetuned-conll03-english\" target=\"_self\"\u003euncased NER model from Elastic\u003c/a\u003e to try out.\u003c/p\u003e\n\u003cp\u003eNow that we have selected the NER model to use, we can use Eland to install the model. In this example we will run the Eland command via a docker image, but first we must build the docker image by cloning the \u003ca href=\"https://github.com/elastic/eland\" target=\"_self\"\u003eEland\u003c/a\u003e GitHub repository and create a docker image of Eland on your client system:\u003c/p\u003e"}],"_metadata":{"uid":"cs3549522214587f08"}}},{"code":{"code":"git clone git@github.com:elastic/eland.git\ncd eland\ndocker build -t elastic/eland .\n","_metadata":{"uid":"cs0ce5d70cb5f00faf"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7917b287ef49f6ca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNow that our eland docker client is ready we can install the NER model by executing the \u003ccode\u003eeland_import_hub_model\u003c/code\u003e command in the new docker image with the following command:\u003c/p\u003e"}],"_metadata":{"uid":"csb4e9fd1e0c1fc658"}}},{"code":{"code":"docker run -it --rm elastic/eland \\\n eland_import_hub_model \\\n --url $ELASTICSEARCH_URL \\\n --hub-model-id elastic/distilbert-base-uncased-finetuned-conll03-english \\\n --task-type ner \\\n --start","_metadata":{"uid":"csabeea0ce3a0a42c6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csab2af550d25c5201"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eYou will need to replace the ELASTICSEACH_URL with the URL for your Elasticsearch cluster. For authentication purposes you will need to include an administrator username and password in the URL in the format \u003cem\u003ehttps://username:password@host:port\u003c/em\u003e. For Elasticsearch Service, use port 9243.\u003c/p\u003e\u003cp\u003eSince we used the --start option at the end of the eland import command, Elasticsearch will deploy the model to all available machine learning nodes and load the model in memory. If we had multiple models and wanted to select which model to deploy, we could use Kibana's Machine Learning \u0026gt; Model Management user interface to manage the start and stopping of models.\u003c/p\u003e"}],"_metadata":{"uid":"cs1ff6791663d0e058"}}},{"title_text":{"title_text":[{"title_l10n":"Testing out the NER model","_metadata":{"uid":"cs507a6d69b00b3268"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eDeployed models can be evaluated using the new \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.0/infer-trained-model-deployment.html\" target=\"_self\"\u003e_infer\u003c/a\u003e API. The input is the string we wish to analyze. In the request below, \u003ccode\u003etext_field\u003c/code\u003e is the field name where the model expects to find the input, as defined in the model configuration. By default, if the model was uploaded via Eland, the input field is \u003ccode\u003etext_field\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eTry this example in Kibana’s Dev Tools Console:\u003c/p\u003e"}],"_metadata":{"uid":"csafaa98927d865659"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_infer\n{\n \"docs\": [\n {\n \"text_field\": \"Hi my name is Josh and I live in Berlin\"\n }\n ]\n}\n","_metadata":{"uid":"cse3caaee9ae79f993"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs16f066a92308d1b6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe model found two entities: the person \"Josh\" and the location \"Berlin\".\u003c/p\u003e"}],"_metadata":{"uid":"cs97415c75f1abc018"}}},{"code":{"code":"{\n \"predicted_value\" : \"Hi my name is [Josh](PER\u0026Josh) and I live in [Berlin](LOC\u0026Berlin)\", \n \"entities\" : {\n \"entity\" : \"Josh\",\n \"class_name\" : \"PER\",\n \"class_probability\" : 0.9977303419824,\n \"start_pos\" : 14,\n \"end_pos\" : 18\n },\n {\n \"entity\" : \"Berlin\",\n \"class_name\" : \"LOC\",\n \"class_probability\" : 0.9992474323902818,\n \"start_pos\" : 33,\n \"end_pos\" : 39\n }\n ]\n}\n","_metadata":{"uid":"cs33282ab2267ddbfc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs158738286d63d50a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ccode\u003epredicted_value\u003c/code\u003e is the input string in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/plugins/8.0/mapper-annotated-text-usage.html\" target=\"_self\"\u003eAnnotated Text\u003c/a\u003e format, \u003ccode\u003eclass_name\u003c/code\u003e is the predicted class, and \u003ccode\u003eclass_probability\u003c/code\u003e indicates the level of confidence in the prediction. \u003ccode\u003estart_pos\u003c/code\u003e and \u003ccode\u003eend_pos\u003c/code\u003e are the starting and ending character positions of the identified entity.\u003c/p\u003e"}],"_metadata":{"uid":"cs74c241debfb81d93"}}},{"banner":{"reference":[{"uid":"blt05d957a5a4398c02","_content_type_uid":"banner"}],"_metadata":{"uid":"cs91c116cb56029163"}}},{"title_text":{"title_text":[{"title_l10n":"Adding the NER model to an inference ingest pipeline","_metadata":{"uid":"csc96185849a6877c7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe _infer API is a fun and easy way to get started, but it accepts only a single input and the detected entities are not stored in Elasticsearch. An alternative is to perform bulk inference on documents as they are ingested via an ingest pipeline with the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.0/inference-processor.html\"\u003eInference processor\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eYou can define an ingest pipeline in the \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-inference.html#ml-nlp-inference-processor\"\u003eStack Management UI\u003c/a\u003e or configure it in Kibana Console; this one contains multiple ingest processors:\u003c/p\u003e"}],"_metadata":{"uid":"csfbe817753f159ce1"}}},{"code":{"code":"PUT _ingest/pipeline/ner\n{\n \"description\": \"NER pipeline\",\n \"processors\": [\n {\n \"inference\": {\n \"model_id\": \"elastic__distilbert-base-uncased-finetuned-conll03-english\",\n \"target_field\": \"ml.ner\",\n \"field_map\": {\n \"paragraph\": \"text_field\"\n }\n }\n },\n {\n \"script\": {\n \"lang\": \"painless\",\n \"if\": \"return ctx['ml']['ner'].containsKey('entities')\",\n \"source\": \"Map tags = new HashMap(); for (item in ctx['ml']['ner']['entities']) { if (!tags.containsKey(item.class_name)) tags[item.class_name] = new HashSet(); tags[item.class_name].add(item.entity);} ctx['tags'] = tags;\"\n }\n }\n ],\n \"on_failure\": [\n {\n \"set\": {\n \"description\": \"Index document to 'failed-\u003cindex\u003e'\",\n \"field\": \"_index\",\n \"value\": \"failed-{{{ _index }}}\"\n }\n },\n {\n \"set\": {\n \"description\": \"Set error message\",\n \"field\": \"ingest.failure\",\n \"value\": \"{{_ingest.on_failure_message}}\"\n }\n }\n ]\n}\n","_metadata":{"uid":"cs033a734d1ec4b9bc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs71e2d762578a54fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eStarting with the \u003ccode\u003einference\u003c/code\u003e processor, the purpose of \u003ccode\u003efield_map\u003c/code\u003e is to map \u003ccode\u003eparagraph\u003c/code\u003e (the field to analyze in the source documents) to text_field (the name of the field the model is configured to use). \u003ccode\u003etarget_field\u003c/code\u003e is the name of the field to write the inference results to.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003escript\u003c/code\u003e processor pulls out the entities and groups them by type. The end result is lists of people, locations, and organizations detected in the input text. We are adding this painless script so that we can build visualizations from the fields that are created.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003eon_failure\u003c/code\u003e clause is there to catch errors. It defines two actions. First, it sets the \u003ccode\u003e_index\u003c/code\u003e meta field to a new value, and the document will now be stored there. Secondly, the error message is written to a new field: \u003ccode\u003eingest.failure\u003c/code\u003e. Inference can fail for a number of easily fixable reasons. Perhaps the model has not been deployed, or the input field is missing in some of the source documents. By redirecting the failed documents to another index and setting the error message, those failed inferences are not lost and can be reviewed later. Once the errors are fixed, reindex from the failed index to recover the unsuccessful requests.\u003c/p\u003e"}],"_metadata":{"uid":"cs002baa0982b6151d"}}},{"title_text":{"title_text":[{"title_l10n":"Selecting the text fields for Inference","_metadata":{"uid":"cscfd7e688e84d4733"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNER can be applied to many datasets. As an example I've picked Victor Hugo’s classic 1862 novel \u003ccite\u003eLes Misérables\u003c/cite\u003e. You can upload the \u003ccite\u003eLes Misérables\u003c/cite\u003e paragraphs of our \u003ca href=\"https://github.com/grabowskit/nlp-data/blob/main/les-miserables-nd.json\" target=\"_self\"\u003esample json file\u003c/a\u003e using \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/connect-to-elasticsearch.html#upload-data-kibana\" target=\"_self\"\u003eKibana's file upload\u003c/a\u003e feature. The text is split into 14,021 JSON documents each containing a single paragraph. Taking a random paragraph as an example:\u003c/p\u003e"}],"_metadata":{"uid":"cs3268ac2375d7ae1a"}}},{"code":{"code":"{\n \"paragraph\": \"Father Gillenormand did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"line\": 12700\n}\n","_metadata":{"uid":"cscf9f0db4ab10aabb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaa8ee285b75f143a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eOnce the paragraph is ingested through the NER pipeline, the resulting document stored in Elasticsearch is marked up with one identified person.\u003c/p\u003e"}],"_metadata":{"uid":"cs698a94af4898ab52"}}},{"code":{"code":"{\n \"paragraph\": \"Father Gillenormand did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"@timestamp\": \"2020-01-01T17:38:25\",\n \"line\": 12700,\n \"ml\": {\n \"ner\": {\n \"predicted_value\": \"Father [Gillenormand](PER\u0026Gillenormand) did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"entities\": [{\n \"entity\": \"Gillenormand\",\n \"class_name\": \"PER\",\n \"class_probability\": 0.9806354093873283,\n \"start_pos\": 7,\n \"end_pos\": 19\n }],\n \"model_id\": \"elastic__distilbert-base-cased-finetuned-conll03-english\"\n }\n },\n \"tags\": {\n \"PER\": [\n \"Gillenormand\"\n ]\n }\n}\n","_metadata":{"uid":"csd25e57523000555d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs530bdc4d73376955"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eA tag cloud is a visualization that scales words by the frequency at which they occur and is the perfect infographic for viewing the entities found in \u003ccite\u003eLes Misérables\u003c/cite\u003e. Open Kibana and create a new aggregation-based visualization and then pick Tag Cloud. Select the index containing the NER results and add a terms aggregation on the \u003ccode\u003etags.PER.keyword\u003c/code\u003e field.\u003c/p\u003e"}],"_metadata":{"uid":"cs760f9db0898253f4"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltc450643fc30ff5fc","ACL":{},"content_type":"image/png","created_at":"2022-04-06T19:42:58.855Z","created_by":"blt3044324473ef223b70bc674c","file_size":"263766","filename":"nlp-getting-started-part2-les-miserables-entities-tag-cloud.png","parent_uid":null,"tags":[],"title":"nlp-getting-started-part2-les-miserables-entities-tag-cloud.png","updated_at":"2022-04-06T19:42:58.855Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-10-27T17:50:49.658Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc450643fc30ff5fc/624ded42c674a505586e2cb2/nlp-getting-started-part2-les-miserables-entities-tag-cloud.png"},"_metadata":{"uid":"cs4e74a86778b545bb"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs09b081c69ba17508"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eIt is easy to see from the visualization that Cosette, Marius, and Jean Valjean are the most frequently mentioned characters in the book.\u003c/p\u003e"}],"_metadata":{"uid":"cs9374cec416bac5a5"}}},{"title_text":{"title_text":[{"title_l10n":"Tuning the deployment","_metadata":{"uid":"cs14827f6d31e6c027"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eReturning to the Model Management UI, under Deployment stats you will find the \u003cstrong\u003eAvg Inference Time\u003c/strong\u003e. This is the time measured by the native process to perform inference on a single request. When \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/start-trained-model-deployment.html\" target=\"_self\"\u003estarting a deployment\u003c/a\u003e there are two parameters that control how CPU resources are used: inference_threads and model_threads.\u003c/p\u003e\n\u003cp\u003einference_threads is the number of threads used to run the model per request. Increasing inference_threads directly reduces average inference time. The number of requests that are evaluated in parallel is controlled by model_threads. This setting will not reduce average inference time but increases throughput.\u003c/p\u003e\n\u003cp\u003eIn general, tune for latency by increasing the number of inference_threads and increase throughput by raising the number of model_threads. Both the settings default to one thread, so there is plenty of performance to be gained by modifying them. The effect is demonstrated using the NER model.\u003c/p\u003e\n\u003cp\u003eTo change one of the thread settings, the deployment must be stopped and restarted. The ?force=true parameter is passed to the stop API because the deployment is referenced by an ingest pipeline which would normally prevent stopping.\u003c/p\u003e"}],"_metadata":{"uid":"cs44c50808a177e085"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_stop?force=true\n","_metadata":{"uid":"cs3eaf78fee0cbc91b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs28b5484a9b123ba5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAnd restart with four inference threads. Average inference time is reset when the deployment is restarted.\u003c/p\u003e"}],"_metadata":{"uid":"cs764ab92f6b05d719"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_start?inference_threads=4","_metadata":{"uid":"csd6bd6c7bbf546205"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs38d28115a53b72b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhen processing the \u003ccite\u003eLes Misérables\u003c/cite\u003e paragraphs, average inference time falls to 55.84 milliseconds per request compared to 173.86 milliseconds for one thread.\u003c/p\u003e"}],"_metadata":{"uid":"cscf33055186b7a9cf"}}},{"title_text":{"title_text":[{"title_l10n":"Learning more and trying it out","_metadata":{"uid":"cs5ee1ce81e831dd28"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNER is just one of the NLP tasks ready to use now. Text classification, zero shot classification and text embeddings are also available. More examples can be found in the NLP \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/8.0/ml-nlp.html\" target=\"_self\"\u003edocumentation\u003c/a\u003e along with a by-no-means-exhaustive \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/8.0/ml-nlp-model-ref.html\" target=\"_self\"\u003elist of models\u003c/a\u003e deployable to the Elastic Stack.\u003c/p\u003e\u003cp\u003eNLP is a major new feature in the Elastic Stack for 8.0 with an exciting roadmap. Discover new features and keep up with the latest developments by building your cluster in Elastic Cloud. Sign up for a \u003ca href=\"https://cloud.elastic.co/registration\" target=\"_self\"\u003efree 14-day trial\u003c/a\u003e today and try the examples in this blog.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch4\u003eIf you want more NLP reads:\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-to-deploy-nlp-text-embeddings-and-vector-search\" target=\"_blank\"\u003eHow to deploy NLP text embeddings and vector search\u2028\u2028\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-nlp-sentiment-analysis-example\" target=\"_blank\"\u003eHow to deploy NLP sentiment analysis\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_blank\"\u003eHow to deploy natural language processing: Getting started\u2028\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs9cab90fbdd895489"}}}],"publish_date":"2022-05-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How to deploy NLP: Named entity recognition (NER) example","seo_description_l10n":"Using named entity recognition (NER) as an example, this blog describes the process for getting up and running using deep learning models for natural language processing (NLP) in Elasticsearch.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt03343e31035d9e73","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2023-05-11T16:19:15.142Z","updated_at":"2023-05-11T16:19:15.142Z","content_type":"image/png","file_size":"135153","filename":"illustration-campaign-ansof-1680x980.png","title":"illustration-campaign-ansof-1680x980.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-11T16:20:52.502Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt03343e31035d9e73/645d15830830e25a5ced06de/illustration-campaign-ansof-1680x980.png"},"title":"How to deploy NLP: Named entity recognition (NER) example","title_l10n":"How to deploy NLP: Named entity recognition (NER) example","updated_at":"2025-02-25T22:39:35.130Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-to-deploy-nlp-named-entity-recognition-ner-example","publish_details":{"time":"2025-02-25T22:48:05.589Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0882d1df226e052d","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"Get started with ES|QL and learn how to use it to analyze, visualize, and get insights from your data. ES|QL accelerates your workflows by allowing you to create visualizations, calculations, and aggregations directly from one screen.","author":["blt66fc5c9958656092"],"category":[],"created_at":"2023-10-31T15:26:03.809Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"What is ES|QL (Elasticsearch Query Language)?","_metadata":{"uid":"csb27621934e380759"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eES|QL (Elasticsearch Query Language) is Elastic®'s new innovative piped query language, designed to speed up your data analysis and investigation processes by offering powerful computing and aggregation capabilities.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eNavigate through the complexities of identifying unfolding cyber attacks or pinpointing production issues with enhanced ease and efficiency.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eES|QL not only simplifies searching, aggregating, and visualizing massive data sets but also empowers users with advanced features like lookups and real-time processing, all from a single screen in Discover.\u003c/p\u003e"},{"title_l10n":"ES|QL adds 3 powerful capabilities to the Elastic Stack","_metadata":{"uid":"cscf656d0444a5b7c7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\n\u003col\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eA new and fast Distributed \u0026amp; Dedicated Query Engine\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that powers \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e_query\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe new ES|QL query engine delivers advanced search capabilities with concurrent processing, improving speed and efficiency irrespective of data source and structure\u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe performance of the new engine is measured and is public. Follow along with performance benchmarking in \u003c/span\u003e\u003ca href=\"https://elasticsearch-benchmark-analytics.elastic.co/app/dashboards#/view/0f02d4a0-e02c-11ed-8269-e92d5d639852?_g=(refreshInterval%3A(pause%3A!t%2Cvalue%3A60000)%2Ctime%3A(from%3Anow-15d%2Cto%3Anow))\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethis public dashboard\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eA new and powerful piped language. \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL is Elastic’s new piped language that transforms, enriches, and simplifies data investigations. Learn more about ES|QL language’s capabilities in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eA new and unified data exploration/investigation experience\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that accelerates resolution by creating aggregations and visualizations from one screen delivering an uninterrupted workflow.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n\u003c/ol\u003e"}],"_metadata":{"uid":"cs7bbf072be2057d14"}}},{"title_text":{"title_text":[{"title_l10n":"Why did we invest time and effort into ES|QL?","_metadata":{"uid":"cs5d5dc5c2204537bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur users need agile tools that not only present data but also offer efficient methods to make sense of it, as well as the ability to act on insights in real time and post ingest data processing.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s commitment to enhancing users’ data exploration experience drove us to invest in ES|QL. It is designed to be accessible for beginners and powerful for experts. With ES|QL’s intuitive interface, users can start quickly and dive deep into their data without steep learning curves. The auto-complete and in-app documentation ensure that crafting advanced queries becomes a straightforward workflow.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMoreover, ES|QL doesn’t just show you numbers; it brings them to life. Contextual visualizations powered by Lens suggestion engine automatically adapt to the nature of your queries, providing a clear view of your insights.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditionally, a direct integration into Dashboards and Alerting functionalities reflects our vision of a cohesive, end-to-end experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn essence, our investment in ES|QL was a direct response to the evolving needs of our community — a step toward a more interconnected, insightful, and efficient workflow.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Delving deeper into security and observability use cases","_metadata":{"uid":"csc72121aab83371dd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur commitment to ES|QL also stems from a deep understanding of the challenges faced by our users (e.g., site reliability engineers (SREs), DevOps, and threat hunters).\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSREs\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eobservability is essential. Every second of downtime or glitch can have a cascading effect on user experience and, consequently, the bottom line. An example of that is ES|QL’s Alerting feature: with its emphasis on highlighting meaningful trends over isolated incidents, SREs can proactively pinpoint and address system inefficiencies or failures. This reduces the noise and ensures they are reacting to genuine threats to system stability, making their response more timely and effective.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDevOps\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e teams are consistently in a race against time, deploying multiple updates, patches, and new features. With ES|QL’s new and powerful data exploration and data visualization, they can quickly assess the impact of every deployment, monitor system health, and receive real-time feedback. This not only enhances the quality of deployments but also ensures rapid course correction, if needed.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ethreat hunters\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, the security landscape is constantly evolving and changing. An example of how ES|QL empowers them in this changing landscape is the ENRICH feature. This feature allows them to look up data across different data sets, thereby unveiling hidden patterns or anomalies that might indicate a security threat. Additionally, contextual visualizations mean they don’t just see raw data but get actionable insights, presented visually. This drastically reduces the time taken to discern potential threats, ensuring quicker reactions to vulnerabilities.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you’re an SRE trying to decipher a spike in server load, a DevOps professional assessing the impact of the latest release, or a threat hunter investigating a potential breach, ES|QL complements the user, rather than complicating the journey.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next sections of the blog post will help you get started with ES|QL and showcase some tangible examples of how powerful it is when exploring your data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How to get started with ES|QL in Kibana","_metadata":{"uid":"cs2d898b30d1237955"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo begin using ES|QL, navigate to Discover and simply select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTry ES|QL\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e from the data-view picker. It’s user-friendly and straightforward.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5a626c1b1cc5cf57"}}},{"image":{"image":{"uid":"bltf1ba0812b74b1ada","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:45:29.863Z","created_by":"bltb6c155cd84fc0c1a","file_size":"284665","filename":"elastic-blog-1-how-to-get-started.png","parent_uid":null,"tags":[],"title":"elastic-blog-1-how-to-get-started.png","updated_at":"2023-11-01T17:45:29.863Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.494Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf1ba0812b74b1ada/65428eb908cc0104077cd28a/elastic-blog-1-how-to-get-started.png"},"_metadata":{"uid":"cs947fc9a3938761a3"},"caption_l10n":"","alt_text_l10n":"1 - get started","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4ea73e103c0751e0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis will get you into ES|QL mode in Discover.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Efficient and easy query building","_metadata":{"uid":"cs6fc054d4aabc462c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL in Discover offers auto-complete and in-app documentation, making it easy to craft powerful queries right from the query bar.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs62b7285da6c176b6"}}},{"image":{"image":{"uid":"blt8aa55c995836851c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:45:50.201Z","created_by":"bltb6c155cd84fc0c1a","file_size":"108122","filename":"elastic-blog-2-efficient-and-easy-query.png","parent_uid":null,"tags":[],"title":"elastic-blog-2-efficient-and-easy-query.png","updated_at":"2023-11-01T17:45:50.201Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.567Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8aa55c995836851c/65428ecea67ffd001b94e2fa/elastic-blog-2-efficient-and-easy-query.png"},"_metadata":{"uid":"csa15e6d13e4a3a468"},"caption_l10n":"Auto-complete in the query bar to help you complete a query fast","alt_text_l10n":"2 - Auto-complete in the query bar to help you complete a query fast","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt2bdf80a2c1c06c70","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:45:58.900Z","created_by":"bltb6c155cd84fc0c1a","file_size":"352533","filename":"elastic-blog-3-in-app-documentation.png","parent_uid":null,"tags":[],"title":"elastic-blog-3-in-app-documentation.png","updated_at":"2023-11-01T17:45:58.900Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.702Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2bdf80a2c1c06c70/65428ed6d8b7e20407a868a8/elastic-blog-3-in-app-documentation.png"},"_metadata":{"uid":"cse36e7885e2d7ed20"},"caption_l10n":"In-app documentation, right there to help you learn ES|QL!","alt_text_l10n":"3 - In-app documentation, right there to help you learn ES|QL!","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"How to analyze and visualize data with ES|QL","_metadata":{"uid":"cs5e343587bc54d83d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith ES|QL, you can do comprehensive and powerful data exploration.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIt allows you to conduct ad-hoc data exploration within Discover, create aggregations, transform data, enrich data sets, and more, directly from the query builder. Results are presented in a tabular format or as visualizations — it depends on the query you are executing.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBelow you will find examples of ES|QL queries for observability and how the results are represented in both a tabular format and as a visual representation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eES|QL query with metrics use case:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a6acd462db4827d"}}},{"code":{"code":"from metrics* \n| stats max_cpu = max(kubernetes.pod.cpu.usage.node.pct), max_mem = max(kubernetes.pod.memory.usage.bytes) by kubernetes.pod.name \n| sort max_cpu desc \n| limit 10","_metadata":{"uid":"cs653da0eb40f35a66"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs93d2d5f30e1bd07a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe above query is showcasing how you can utilize following source command, aggregation functions, and processing commands:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003efrom \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003esource command (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-from\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003efrom metrics*: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis initiates a query from index patterns that match the pattern “metrics*.” The asterisk(*) acts as a wildcard, meaning it will select data from all index patterns whose names start with “metrics.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003estats…by \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eaggregations (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-stats-by\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003emax \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-agg-max\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), and \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003eby\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-stats-by\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis segment aggregates data based on specific statistics. It breaks down as follows:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003emax_cpu=max(kubernetes.pd.cpu.usage.node.pct): \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor each distinct “kubernetes.pod.name,” it finds the maximum CPU usage percentage and stores that value in a new column named “max_cpu.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003emax_mem = max(kubernettes.pod.memory.usage.bytes): For each distinct “kubernetes.pod.name,” it finds the maximum memory usage in bytes and stores that value in a new column named “avg_mem.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eProcessing commands (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003esort\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-sort\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003elimit\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-limit\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003esort max_cpu desc:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This sorts the resulting data rows by the “max_cpu” column in descending order. This means the row with the highest “max_cpu” value will be at the top.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003elimit 10: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis limits the output to the top 10 rows after sorting.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eIn summary, the query:\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGroups data from all metric indices using an index pattern\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAggregates the data to find the maximum CPU usage percentage and maximum memory usage for each distinct Kubernetes pod\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSorts the aggregated data by the maximum CPU usage in descending order\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOutputs only the top 10 rows with the highest CPU usage\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eContextual visualizations: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhen writing ES|QL queries in Discover, you’ll receive visual representations powered by the Lens suggestion engine. Your query’s nature determines the type of visualization you get, whether it’s a Metric, Histogram Heatmap, etc.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBelow is a visual representation in the form of a bar chart and a table representation of the above query with columns max_cpu, avg_mem, and kubernetes.pod.name:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs99cd46561258cd0c"}}},{"image":{"image":{"uid":"blt203fb89ae7c2c361","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:46:12.210Z","created_by":"bltb6c155cd84fc0c1a","file_size":"267601","filename":"elastic-blog-4-several-bar-graphs.png","parent_uid":null,"tags":[],"title":"elastic-blog-4-several-bar-graphs.png","updated_at":"2023-11-01T17:46:12.210Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.763Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt203fb89ae7c2c361/65428ee42149b10407ad85e5/elastic-blog-4-several-bar-graphs.png"},"_metadata":{"uid":"csd1315e5049e39ff0"},"caption_l10n":"","alt_text_l10n":"4 - several bar graphs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs08166c0097ed6ed7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExample of an ES|QL query with Observability and time-series data use case:\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6c9ec1513a98f0c4"}}},{"code":{"code":"from apache-logs |\nwhere url.original == \"/login\" |\neval time_buckets = auto_bucket(@timestamp, 50, \"2023-09-11T21:54:05.000Z\", \"2023-09-12T00:40:35.000Z\") |\nstats login_attempts = count(user.name) by time_buckets, user.name |\nsort login_attempts desc","_metadata":{"uid":"cs0169640615a6b10c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2ba8009cf89de7d2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe above query is showcasing how you can utilize the following source command, aggregation functions, processing commands, and functions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003efrom \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003esource command (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-from\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003efrom apache-logs: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis initiates a query from an index named “apache-logs.” This index contains log entries related to Apache web server traffic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003ewhere\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-where\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ewhere url.original==”/login”: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFilters the records to only those where the “url.original” field equals “/login.” This means we are only interested in log entries pertaining to login attempts or accesses to the login page.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003eeval\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-eval\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e) \u0026amp; \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003eauto_bucket\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-auto_bucket\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eeval time_buckets =... : \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis creates a new column named “time_buckets.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eauto_bucket” \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003efunction creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“@timestamp”\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is the field containing the timestamp of each log entry.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“50” \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eis the number of buckets.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“2023-09-11T21:54:05.000Z”: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart time for bucketing\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“2023-09-12T00:40:35.000Z”: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnd time for bucketing\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis means that log entries from “2023-09-11T21:54:05.000Z” to “2023-09-12T00:40:35.000Z” will be divided into 50 equally spaced intervals, and each entry will be associated with a specific interval based on its timestamp.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe goal isn’t to provide exactly the target number of buckets, it’s to pick a range that you are comfortable with that provides at most the target number of buckets. If you ask for more buckets, then \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eauto_bucket \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecan pick a smaller range.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003estats…by \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eaggregations (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-stats-by\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003ecount\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-agg-count\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), and \u003c/span\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003eby\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-stats-by\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003estats login_attempts = count(user.name) by time_buckets, user.name: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAggregates the data to calculate the number of login attempts. It does this by counting the occurrences of \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“user.name”\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (representing unique users attempting to log in).\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe count is grouped by both the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“time_buckets”\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (the time intervals we created) and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“user.name.” \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis means for each time bucket, we will see how many times each user attempted to log in.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(56, 118, 29);font-size: 12pt;\"\u003e\u003cstrong\u003esort\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-sort\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSort login_attempts desc: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFinally, the aggregated results are sorted by the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e“login_attempts” \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecolumn in descending order. This means the result will show the highest number of login attempts at the top.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eIn summary, the query:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSelects data from the “apache-logs” index\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFilters for log entries related to the login page\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBuckets these entries into specific time intervals\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCounts the number of login attempts for each user in each of those time intervals\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOutputs the results sorted by the highest number of login attempts first\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBelow is a visual representation in the form of a bar chart and a table representation of the above query with columns login_attempts, time_buckets, and user.name.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1cd6b02f09e41056"}}},{"image":{"image":{"uid":"blt350adfd5153b0e80","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:46:35.545Z","created_by":"bltb6c155cd84fc0c1a","file_size":"274873","filename":"elastic-blog-5-colored-graphs.png","parent_uid":null,"tags":[],"title":"elastic-blog-5-colored-graphs.png","updated_at":"2023-11-01T17:46:35.545Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.662Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt350adfd5153b0e80/65428efbaadaa1001b1093ac/elastic-blog-5-colored-graphs.png"},"_metadata":{"uid":"cs1b8c9cd929eaa429"},"caption_l10n":"","alt_text_l10n":"5 - color graphs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"In-line visualization editing in Discover \u0026 Dashboard","_metadata":{"uid":"cs8a782d27d042638a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEdit ES|QL visualizations directly within Discover and Dashboards. No need to navigate to Lens for quick edits; you can make changes seamlessly.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBelow you can see a video of an end-to-end workflow or read the step-by-step guide:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWriting an ES|QL query\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting contextual visualization based on the nature of the query\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn-line edit the visualization\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSave it to a Dashboard\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBe able to edit the visualization from a Dashboard\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs6cb01e38decde1c4"}}},{"video":{"vidyard_uuid":"MuuxB5dwHjcha9i4op3UmC","_metadata":{"uid":"cs59d3761ed45c302e"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb27e67bafa8bfb87"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eStep 1. Writing an ES|QL query.\u003c/strong\u003e\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003eQuery example that produces a metric visualization:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs260b224b6872c7c3"}}},{"code":{"code":"from apache-logs\n| stats avgbytes = avg(http.response.body.bytes)\n| eval roundbytes = round(avgbytes)\n| drop avgbytes","_metadata":{"uid":"cs80a1c8480a4ef96d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs393085e80555adb0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2. Getting contextual visualization (in this case a metric visualization) based on the nature of the query. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou can then select the pencil icon to go into in-line editing mode.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csba553e54dac00b43"}}},{"image":{"image":{"uid":"blt9ca9cef70e1f64e9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:46:55.646Z","created_by":"bltb6c155cd84fc0c1a","file_size":"120430","filename":"elastic-blog-6-15137.png","parent_uid":null,"tags":[],"title":"elastic-blog-6-15137.png","updated_at":"2023-11-01T17:46:55.646Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.508Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ca9cef70e1f64e9/65428f0f2797e3040709d23a/elastic-blog-6-15137.png"},"_metadata":{"uid":"csde3542a87f61cd22"},"caption_l10n":"","alt_text_l10n":"6","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6cd7c4d6dd99671f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3. Editing the visualization using in-line editing mode\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbe45d1c7833c3208"}}},{"image":{"image":{"uid":"blt61e365cece326df9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:47:04.565Z","created_by":"bltb6c155cd84fc0c1a","file_size":"244264","filename":"elastic-blog-7-15137.png","parent_uid":null,"tags":[],"title":"elastic-blog-7-15137.png","updated_at":"2023-11-01T17:47:04.565Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.582Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61e365cece326df9/65428f1808cc0104077cd292/elastic-blog-7-15137.png"},"_metadata":{"uid":"csb4a9363dce5e606f"},"caption_l10n":"","alt_text_l10n":"7","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs59269c985971ab90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the above case, we want the visualization to be in dynamic color mode, so we switch it to “Dynamic.”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7608b9d995bdeb71"}}},{"image":{"image":{"uid":"blt123edfb052aa943f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:47:16.700Z","created_by":"bltb6c155cd84fc0c1a","file_size":"233205","filename":"elastic-blog-8-gold-bar-graph.png","parent_uid":null,"tags":[],"title":"elastic-blog-8-gold-bar-graph.png","updated_at":"2023-11-01T17:47:16.700Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.715Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt123edfb052aa943f/65428f248b3f8e001b7aec04/elastic-blog-8-gold-bar-graph.png"},"_metadata":{"uid":"cs317c8983b1001dde"},"caption_l10n":"","alt_text_l10n":"8","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd4dadea5edbcd6e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also have the opportunity to define the color ranges we want to use:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7450af801932a573"}}},{"image":{"image":{"uid":"blt00874e115e7dd3c0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:47:27.862Z","created_by":"bltb6c155cd84fc0c1a","file_size":"224701","filename":"elastic-blog-9-gold-bar-graph.png","parent_uid":null,"tags":[],"title":"elastic-blog-9-gold-bar-graph.png","updated_at":"2023-11-01T17:47:27.862Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.777Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00874e115e7dd3c0/65428f2fa036750407c8314b/elastic-blog-9-gold-bar-graph.png"},"_metadata":{"uid":"csc2e517343cf3a00c"},"caption_l10n":"","alt_text_l10n":"9","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0aa8c06b2e6cdab2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 4. Saving to a Dashboard\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7761391b6ba5784b"}}},{"image":{"image":{"uid":"bltbe1422cdfcdbc953","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:47:38.504Z","created_by":"bltb6c155cd84fc0c1a","file_size":"116011","filename":"elastic-blog-10-bar-graph-saving-to-dashboard.png","parent_uid":null,"tags":[],"title":"elastic-blog-10-bar-graph-saving-to-dashboard.png","updated_at":"2023-11-01T17:47:38.504Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.676Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbe1422cdfcdbc953/65428f3a36795e040703dc94/elastic-blog-10-bar-graph-saving-to-dashboard.png"},"_metadata":{"uid":"cs5faac3e19486e755"},"caption_l10n":"","alt_text_l10n":"10","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"bltb970816bf07da660","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:47:49.185Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149813","filename":"elastic-blog-11-save-lens-vis.png","parent_uid":null,"tags":[],"title":"elastic-blog-11-save-lens-vis.png","updated_at":"2023-11-01T17:47:49.185Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.523Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb970816bf07da660/65428f4520567d001b0915c0/elastic-blog-11-save-lens-vis.png"},"_metadata":{"uid":"cs803166f525a91bf7"},"caption_l10n":"","alt_text_l10n":"11","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaf21b6aca8e16496"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 5. Be able to edit the visualization from a Dashboard\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8f1c91544a5e4b89"}}},{"image":{"image":{"uid":"blt1516bd02e3161f54","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:48:02.113Z","created_by":"bltb6c155cd84fc0c1a","file_size":"126764","filename":"elastic-blog-12-roundbytes.png","parent_uid":null,"tags":[],"title":"elastic-blog-12-roundbytes.png","updated_at":"2023-11-01T17:48:02.113Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.596Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1516bd02e3161f54/65428f52a036750407c83154/elastic-blog-12-roundbytes.png"},"_metadata":{"uid":"csa63f77c65311e359"},"caption_l10n":"","alt_text_l10n":"12 - roundbytes","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blta3517e76be216fdf","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:55:18.840Z","created_by":"bltb6c155cd84fc0c1a","file_size":"191503","filename":"elastic-blog-13-gold-roundbytes-15137.png","parent_uid":null,"tags":[],"title":"elastic-blog-13-gold-roundbytes-15137.png","updated_at":"2023-11-01T17:55:18.840Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.728Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta3517e76be216fdf/6542910662f244001b7d9e21/elastic-blog-13-gold-roundbytes-15137.png"},"_metadata":{"uid":"cs4cd591dd4bc7e547"},"caption_l10n":"","alt_text_l10n":"13","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Creating an ES|QL alert directly from Discover","_metadata":{"uid":"csf28dc732cd5df5a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can utilize ES|QL for observability and security alerts, setting aggregated values as thresholds. Enhance detection accuracy and receive actionable notifications by emphasizing meaningful trends over isolated incidents, reducing false positives.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBelow, we will focus on how to create an ES|QL alert rule type from Discover.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe new alert rule type is available under the existing Elasticsearch rule type. This rule type brings all the new functionalities that are available within ES|QL and unlocks new alerting use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the new type, users will be able to generate a single alert based on a defined ES|QL query and preview the query result before saving the rule. When the query returns an empty result, no alerts will be generated.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuery example for an alert:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a54f63e42d3eed0"}}},{"code":{"code":"from metrics-pods |\nstats max_cpu = max(kubernetes.pod.cpu.usage.node.pct) by kubernetes.pod.name|\nsort max_cpu desc | limit 10\n","_metadata":{"uid":"cs9634388fc4f721d7"}}},{"title_text":{"title_text":[{"title_l10n":"How to create an alert from Discover","_metadata":{"uid":"cs8d63d408c04e7e1a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 1. Click on “Alerts” and then “Create search threshold rule.” \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou can start creating your ES|QL alert rule type either after you have defined your ES|QL query in the query bar or before you have defined your ES|QL query. The benefit of doing it after you have defined it is that the query automatically gets pasted into the “Create Alert” flyout.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6cf014252e368654"}}},{"image":{"image":{"uid":"blt6960b893560a5546","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:55:31.409Z","created_by":"bltb6c155cd84fc0c1a","file_size":"125921","filename":"elastic-blog-14-red-box.png","parent_uid":null,"tags":[],"title":"elastic-blog-14-red-box.png","updated_at":"2023-11-01T17:55:31.409Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.791Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6960b893560a5546/65429113d822120407106f4d/elastic-blog-14-red-box.png"},"_metadata":{"uid":"cs80170ee3ff493bb5"},"caption_l10n":"","alt_text_l10n":"14","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs970a7faff8e2b1b3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2. Start defining your ES|QL alert rule type\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaf2893a301b6e821"}}},{"image":{"image":{"uid":"bltd27aa14576d2920b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:55:42.787Z","created_by":"bltb6c155cd84fc0c1a","file_size":"280925","filename":"elastic-blog-15-create-rule.png","parent_uid":null,"tags":[],"title":"elastic-blog-15-create-rule.png","updated_at":"2023-11-01T17:55:42.787Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.689Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd27aa14576d2920b/6542911eaadaa1001b1093db/elastic-blog-15-create-rule.png"},"_metadata":{"uid":"cse8f8e1a3b8ad6c1f"},"caption_l10n":"","alt_text_l10n":"15","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd7f947f222c6e2f5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3. Test your alert rule type query. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou can iterate on the ES|QL query that is pasted in and test it by clicking on “Test query.” This will give you a preview of the results in a table.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse40e7fed5f1ce948"}}},{"image":{"image":{"uid":"blt4634f9d751ed194f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:55:53.089Z","created_by":"bltb6c155cd84fc0c1a","file_size":"136219","filename":"elastic-blog-16-create-rule.png","parent_uid":null,"tags":[],"title":"elastic-blog-16-create-rule.png","updated_at":"2023-11-01T17:55:53.089Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.537Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4634f9d751ed194f/65429129d8b7e20407a868c8/elastic-blog-16-create-rule.png"},"_metadata":{"uid":"cs36228f1582ba4f64"},"caption_l10n":"","alt_text_l10n":"16 - create rule","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt13d79f3cafffd085","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:56:05.156Z","created_by":"bltb6c155cd84fc0c1a","file_size":"114790","filename":"elastic-blog-17-test-query.png","parent_uid":null,"tags":[],"title":"elastic-blog-17-test-query.png","updated_at":"2023-11-01T17:56:05.156Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.609Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt13d79f3cafffd085/6542913562f244001b7d9e26/elastic-blog-17-test-query.png"},"_metadata":{"uid":"csfade9f7dddab6e44"},"caption_l10n":"","alt_text_l10n":"17 - test query","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs58c067afd08fe7d0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 4. Set up your connector and “Save.” \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou have now successfully created an ES|QL alert rule type!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csea3680f34aac29c8"}}},{"image":{"image":{"uid":"blt6ba535d136bedd1f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:13:36.943Z","created_by":"bltb6c155cd84fc0c1a","file_size":"133346","filename":"Screenshot_2023-11-01_at_1.13.16_PM.png","parent_uid":null,"tags":[],"title":"Screenshot_2023-11-01_at_1.13.16_PM.png","updated_at":"2023-11-01T17:13:36.943Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.742Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ba535d136bedd1f/6542874008cc0104077cd248/Screenshot_2023-11-01_at_1.13.16_PM.png"},"_metadata":{"uid":"csbe63dc94341ff645"},"caption_l10n":"","alt_text_l10n":"18","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Enrich your query data set with fields from another data set","_metadata":{"uid":"cs2051f7413f99336c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou can use the enrich command (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-enrich\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e) to enhance your query data set with fields from another data set, complete with in-context suggestions for the selected policy (i.e., hinting the matching field and enriched columns).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eQuery example using \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eENRICH\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e,\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewhere a enrich policy :”servers-to-project” is being utilized via the query to enrich the data set with name, server_hostname, and cost:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdb6b937ea7227e53"}}},{"code":{"code":"from projects* | limit 10 |\nenrich servers-to-project on project_id with name, server_hostname, cost |\nstats num_of_servers = count(server_hostname), total_cost = sum(cost) by project_id |\nsort total_cost desc","_metadata":{"uid":"csa7fa961ae02d848a"}}},{"image":{"image":{"uid":"bltd237c9c2672c99c2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:56:48.525Z","created_by":"bltb6c155cd84fc0c1a","file_size":"157817","filename":"elastic-blog-20-bar-graphs.png","parent_uid":null,"tags":[],"title":"elastic-blog-20-bar-graphs.png","updated_at":"2023-11-01T17:56:48.525Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.803Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd237c9c2672c99c2/65429160a184e7001b4f9493/elastic-blog-20-bar-graphs.png"},"_metadata":{"uid":"csbd786bb2d0e98ece"},"caption_l10n":"Tabular results and visual representation of the query with ENRICH above","alt_text_l10n":"20","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs845ddc5ff1acdb9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe have also made it easy for users to create enrich policies by adding an overview and a wizard to create enrich policies.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo find an overview of enrich policies, navigate to Stack Management ⇒ Index Management, and there you will see a tab called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnrich Policies\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ace311b634c3be0"}}},{"image":{"image":{"uid":"bltd81a7d99b203e7e2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:57:03.631Z","created_by":"bltb6c155cd84fc0c1a","file_size":"266827","filename":"elastic-blog-21-index-mgmt.png","parent_uid":null,"tags":[],"title":"elastic-blog-21-index-mgmt.png","updated_at":"2023-11-01T17:57:03.631Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.816Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd81a7d99b203e7e2/6542916fa036750407c83169/elastic-blog-21-index-mgmt.png"},"_metadata":{"uid":"csbf5ef70b16bdef04"},"caption_l10n":"","alt_text_l10n":"21","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc4b2b98d7140dda5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHere is the enrich policy used in above query: “servers-to-project”:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs008f3dee16ce429d"}}},{"image":{"image":{"uid":"blt0acaf44bcd3aca75","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:57:16.139Z","created_by":"bltb6c155cd84fc0c1a","file_size":"247851","filename":"elastic-blog-22-servers-to-project.png","parent_uid":null,"tags":[],"title":"elastic-blog-22-servers-to-project.png","updated_at":"2023-11-01T17:57:16.139Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.551Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0acaf44bcd3aca75/6542917c0970dd001bd15e96/elastic-blog-22-servers-to-project.png"},"_metadata":{"uid":"cscbc29c74a5795029"},"caption_l10n":"","alt_text_l10n":"22","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csea34a40a5ba38020"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can easily start creating a new enrich policy by clicking on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate enrich policy\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. As soon as you have created and executed one, it can then be used in an ES|QL query in Discover.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs48bacf430a2ac714"}}},{"image":{"image":{"uid":"blt32012e4b1efbc1a9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-01T17:57:28.171Z","created_by":"bltb6c155cd84fc0c1a","file_size":"237767","filename":"elastic-blog-23-create-enrich-policy.png","parent_uid":null,"tags":[],"title":"elastic-blog-23-create-enrich-policy.png","updated_at":"2023-11-01T17:57:28.171Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.621Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt32012e4b1efbc1a9/654291880970dd001bd15e9a/elastic-blog-23-create-enrich-policy.png"},"_metadata":{"uid":"cs2cfdd6e676296f76"},"caption_l10n":"","alt_text_l10n":"23 - create enrich policy","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3cc77469d719bb3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more about enrich policies \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-enrich-data.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and about the ENRICH command in ES|QL \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-enrich\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elevating data exploration: The power and promise of ES|QL","_metadata":{"uid":"csa91525e0ccb594cc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL is Elastic’s latest innovation to advance data analysis and exploration. It’s not just about showing data; it’s about making it understandable, actionable, and visually appealing. Powered by a fast, distributed, and dedicated query engine, designed as a new piped language and wrapped in a unified data exploration experience, ES|QL meets the challenges of users such as site reliability engineers, DevOps, threat hunters, and other types of analysts.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL empowered SREs to tackle system inefficiencies effectively, aids DevOps in ensuring quality deployments, and provides threat hunters with tools to quickly discern potential security threats. Its direct integration into Dashboards, in-line visualization editing, alert functionalities, and abilities like enrich commands provide a seamless and efficient workflow. The ES|QL interface combines both power and user-friendliness, allowing users to dive deep into their data, making their analysis simpler and more insightful. The launch of ES|QL is just a continuation of Elastic’s journey around enhancing data exploration experiences and addressing the evolving needs of our user community.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can try all of the capabilities of ES|QL today! To do so, sign up for an \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic trial account\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or test it out on our \u003c/span\u003e\u003ca href=\"https://esql.demo.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003epublic demo environment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbdaf14a85f143def"}}}],"publish_date":"2023-11-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Shorten your time to insights by creating aggregations, visualizations, and alerts directly from Discover with ES|QL","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt4667af6ab5dfbc82","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-10-31T15:08:18.007Z","created_by":"bltb6c155cd84fc0c1a","file_size":"76555","filename":"ES_QL_blog-720x420-07.png","parent_uid":null,"tags":[],"title":"ES_QL_blog-720x420-07.png","updated_at":"2023-10-31T15:08:18.007Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:01.649Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4667af6ab5dfbc82/65411862c2b34d001be73bfa/ES_QL_blog-720x420-07.png"},"title":"Getting started with ES|QL (Elasticsearch Query Language)","title_l10n":"Getting started with ES|QL (Elasticsearch Query Language) ","updated_at":"2025-02-25T21:50:46.411Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/getting-started-elasticsearch-query-language","publish_details":{"time":"2025-02-25T21:50:56.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt60b7a8d9cb8c22b3","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Introducing ES|QL: Elastic's piped query language. Transform, enrich, and simplify data investigations with concurrent processing, efficient searches across data, and all-in-one screen aggregations and visualizations delivering iterative workflows.","author":["blt59e7f7049d793705","blt19aa6eaf05f480b6","blt91eeaf08ab3d1d6a"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2023-11-02T16:45:13.837Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs222fe93da4825778"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eToday, we are pleased to announce the technical preview of Elastic®’s new piped query language, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (Elasticsearch Query Language), which transforms, enriches, and simplifies data investigations. Powered by a new query engine, ES|QL delivers advanced search capabilities with concurrent processing, improving speed and efficiency irrespective of data source and structure. Quickly resolve issues by creating aggregations and visualizations all from a single screen for an iterative and smooth workflow.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9dffee14040495c6"}}},{"video":{"vidyard_uuid":"B7awk5TY43Dq9VpQxbvmxA","_metadata":{"uid":"cs009e76748c563af9"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Evolution in Elasticsearch","_metadata":{"uid":"cs197c429163a56ea5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOver the past 13 years, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch®\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e has significantly evolved, adapting to user needs and the shifting digital landscape. Originally for full-text search, Elasticsearch expanded to support a broader set of use cases based on user feedback. Throughout this journey, the Elasticsearch \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eQuery DSL\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, our first adopted search language, provided a rich set of queries for filters, aggregations, and other operations. This JSON-based DSL ultimately became the foundation of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.10/search-search.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e_search\u003c/span\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e API endpoint.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThrough the years and the diversification of needs, it became evident that users wanted more than what Query DSL provided. We began to adopt and weave in additional DSLs under our Query DSL for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-contexts.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003escripting\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-apis.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eevents\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in security investigations and much more. However, as versatile as these additions were, they didn't entirely cover some of the requirements of our users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsers wanted a query language that could:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSimplify threat and security investigations while observing and resolving production issues through a single query that delivers a comprehensive and iterative approach\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStreamline data investigations by searching, enriching, aggregating, and visualizing plus more, all from a single interface\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUse advanced search capabilities like lookups with concurrent processing improving speed and efficiency to query vast amounts of data irrespective of source and structure\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"From pipe dreams to reality — Introducing ES|QL","_metadata":{"uid":"cs739139b681a5e1c8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWe listened and are proud to introduce \u003ca href=\"https://www.elastic.co/blog/getting-started-elasticsearch-query-language\"\u003eElasticsearch Query Language (ES|QL)\u003c/a\u003e, our new innovative piped query language — a single unified method and language to interact with data in Elasticsearch while removing the costly need to transfer it to external systems for specialized processing. Unlike other languages Elastic has adopted over the years like Query DSL, ES|QL is designed and purpose built from the ground up to greatly simplify data investigations and be accessible for beginners while being powerful for experts.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cem\u003eES|QL example command:\u003c/em\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs04670210ba5e42cd"}}},{"code":{"code":"from logstash-*\n| stats avg_bytes = avg(bytes) by geo.src\n| eval avg_bytes_kb = round(avg_bytes/1024, 2)\n| enrich geo-data on geo.src with country, continent\n| keep avg_bytes_kb, geo.src, country, continent \n| limit 4","_metadata":{"uid":"cs834eb08b45840476"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1f7334849b863511"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eES|QL example output:\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eavg_bytes_kb\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003egeo.src\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecountry\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003econtinent\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e8.84\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBD\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBangladesh\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eAsia\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e6.92\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBR\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBrazil\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eAmericas\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e2.75\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eCI\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eCôte d'Ivoire\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eAfrica\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e4.55\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eCL\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eChile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eAmericas\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Streamlined simplicity: A UI tailored for enhanced and iterative workflows ","_metadata":{"uid":"cs632005fd40cdbacb"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eConnecting the dots of an unfolding attack or navigating through observability data requires you to filter, search, transform, and aggregate across an extraordinary amount of data. ES|QL delivers this functionality from a single query.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs31e57e44273c117b"}}},{"image":{"image":{"uid":"bltfa80b86cb375b9da","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-02T16:36:06.520Z","created_by":"bltb6c155cd84fc0c1a","file_size":"203328","filename":"elastic-esql-announcement.png","parent_uid":null,"tags":[],"title":"elastic-esql-announcement.png","updated_at":"2023-11-02T16:36:06.520Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:02.372Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfa80b86cb375b9da/6543cff6a036750407c83950/elastic-esql-announcement.png"},"_metadata":{"uid":"csfd05a4b557ba811a"},"caption_l10n":"","alt_text_l10n":"Streamlined simplicity","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1e125b8cf8146c20"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eContext switching or trying to find what you are looking for from many screens can slow you down and be frustrating. From a unified display, ES|QL provides autocomplete syntax, integrates product documentation, and visualizes search outcomes, ensuring an uninterrupted and efficient workflow for data inquiries. Whether for security, observability, or search, ES|QL enhances efficiency, speed, and the depth of data exploration.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ES|QL concurrency — Two threads are better than one","_metadata":{"uid":"cs38fa14a1aff22148"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePowered by a robust query engine, ES|QL offers advanced search capabilities with concurrent processing, enabling users to seamlessly query across diverse data sources and structure.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere is no translation or transpliations to Query DSL; instead, each query in ES|QL is initially broken down, interpreted for its meaning, validated for accuracy, and then enhanced for best performance. Then a process is laid out for executing the query across various nodes within the cluster. The target nodes handle the query, making on-the-fly adjustments to the execution plan using the framework provided by ES|QL. The result is lightning fast queries that you get out of the box. As an example, view \u003c/span\u003e\u003ca href=\"https://elasticsearch-benchmarks.elastic.co/#tracks/esql/nightly/default/30d\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe nightly benchmarks\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for comparison.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4447eafd0e1b6c8c"}}},{"banner":{"reference":[{"uid":"blt6d98a581fc6972d6","_content_type_uid":"banner"}],"_metadata":{"uid":"csbff4b0be769be0d1"}}},{"title_text":{"title_text":[{"title_l10n":"Platform innovation drives Elastic solutions benefits","_metadata":{"uid":"csa9673bb974a22aea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s solutions — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eObservability\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — all benefit from features and innovations that are delivered within Elasticsearch and Kibana®. ES|QL fundamentally changes the experience of using these solutions and provides a simple but powerful data investigation workflow.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ES|QL enhances Elastic Security","_metadata":{"uid":"cs0cc21de07179557b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL fundamentally changes how analysts pursue threats and strengthens detection. Built in answer to rich community input, it unleashes the power of piped queries at the speed of Elasticsearch, enhancing the SIEM, endpoint security, and cloud security capabilities of Elastic Security.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearch quickly and iteratively:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Following the breadcrumbs of an emerging threat requires quick action and a language that delivers an iterative workflow.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnrich results with context:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ES|QL enables analysts to correlate suspicious IP addresses with known threat intelligence databases, providing immediate clarity on potential threats.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTransform data:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ES|QL empowers users to manipulate their data by defining new fields or parsing non-normalized data, ensuring data clarity and relevance.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAggregate data:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Results can be consolidated and aggregated, paving the way for deeper analysis and insight extraction.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is the only search platform to pair the efficiency of a schema-on-write architecture with the iterative search experience of a schema-on-read piped query language. With incredibly fast search — and query output in full sight — analysts can draw closer to their target with each successive pipe.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL also enhances Elastic Security’s powerful detection engine. To reduce alarm fatigue, improve alert relevance, and provide another avenue for behavioral detection, organizations can incorporate aggregated values within detection rules. With inline evaluation, practitioners can iteratively develop and hone ES|QL-based rules. Queries are formatted in plaintext, simplifying collaboration and supporting detection-as-code.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ES|QL impacts Elastic Observability","_metadata":{"uid":"csb5a8ab761d6d8ece"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSREs using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/opentelemetry-kubernetes-esql\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Observability\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can leverage ES|QL to analyze logs, metrics, traces, and profiling data, enabling them to pinpoint performance bottlenecks and system issues with a single query. SREs gain the following advantages when managing high dimensionality and high cardinality data with ES|QL in Elastic Observability:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRemove signal noise:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e With ES|QL alerting, enhance detection precision by focusing on significant trends rather than individual incidents, minimizing false alarms, and delivering actionable notifications. SREs can manage these alerts through the Elastic API and integrate them into DevOps processes.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced analysis with insights:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e ES|QL can process diverse observability data, including application, infrastructure, business data, and more, regardless of the source and structure. ES|QL can easily enrich the data with additional fields and context, allowing the creation of visualizations for dashboards or issue analysis with a single query.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eReduced mean time to resolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e ES|QL, when combined with Elastic Observability's AIOps and AI Assistant, enhances detection accuracy by identifying trends, isolating incidents, and reducing false positives. This improvement in context facilitates troubleshooting and the quick pinpointing and resolution of issues.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL in Elastic Observability not only enhances an SRE's ability to manage the customer experience, an organization's revenue, and SLOs more effectively but also facilitates collaboration with developers and DevOps by providing contextualized aggregated data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ES|QL advances Elastic Search","_metadata":{"uid":"csb76831ef608b17a8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith ES|QL, you can retrieve, aggregate, calculate, and transform data in a single query. It boasts key features, such as the ability to define fields at the time of query, perform data enrichment lookups, and process queries concurrently. Understand and explore your data with ES|QL in various ways. From utilizing clients for direct API/code integration to visualizing results directly from one screen, ES|QL streamlines your data investigations, ensuring you get the most out of your data sets with ease and simplicity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL’s design focus is evident in its capability to reduce code complexity, ultimately leading to cost and time savings. By facilitating the reuse of query results in subsequent searches, ES|QL minimizes computational overhead, eliminating the need for convoluted scripts and redundant queries. ES|QL is not just an API but a simple and powerful way to transform your approach to search.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Embark on your ES|QL journey","_metadata":{"uid":"cs0f05f64d80a306a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe future of data exploration and manipulation is here. Elastic invites security analysts, SREs, and developers to experience this transformative language firsthand and unlock new horizons in their data tasks. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/piped-query-language\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about the possibilities with ES|QL\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003ca href=\"http://ela.st/startnow\"\u003e\u003cspan style='font-size: 12pt;'\u003estart your free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e now in technical preview.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs14331b010fbe896a"}}}],"publish_date":"2023-11-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Announcing Elastic’s piped query language, ES|QL","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltaa08115c1a4c99d9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-02T16:21:32.477Z","created_by":"bltb6c155cd84fc0c1a","file_size":"72479","filename":"ES_QL_blog-720x420-06.png","parent_uid":null,"tags":[],"title":"ES_QL_blog-720x420-06.png","updated_at":"2023-11-02T16:21:32.477Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-07T13:45:02.384Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa08115c1a4c99d9/6543cc8c36795e040703e45e/ES_QL_blog-720x420-06.png"},"title":"From pipe dreams to reality: Announcing Elastic’s piped query language, ES|QL","title_l10n":"From pipe dreams to reality: Announcing Elastic’s piped query language, ES|QL","updated_at":"2025-02-25T21:27:46.614Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/esql-elasticsearch-piped-query-language","publish_details":{"time":"2025-02-25T21:31:20.477Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb1ec879086c2333a","_version":18,"locale":"en-us","ACL":{},"abstract_l10n":"This blog provides tips and resources for troubleshooting Elasticsearch memory allocation. See the top allocation management theory links our Support team sends to users and where they direct users to resolve their resource allocation issues.","author":["bltddff0459e563bc78"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-09-30T23:55:13.531Z","created_by":"blt3044324473ef223b70bc674c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csddb37782b8c035d1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith Elastic Cloud delivering solutions like Observability, Security, and Search, we've broadened the users who use Elastic Cloud beyond full ops teams to include data engineers, security teams, and consultants. As an Elastic support representative, I’ve enjoyed engaging with a diverse range of users and use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith a wider audience, I’m seeing more questions about managing resource allocation, in particular troubleshooting allocation health and avoiding circuit breakers. I get it! When I started with Elasticsearch, I had the same questions. It was my first intro to managing Java heap and time series database shards and scaling my own infrastructure.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen I joined Elastic, I loved that on top of documentation, we had blogs and tutorials so I could onboard quickly. But then I struggled my first month to correlate my theoretical knowledge to the errors users would send through my ticket queue. Eventually I figured out, like other support reps, that a lot of the reported errors were just symptoms of allocation issues and the same seven-ish links would bring users up to speed to successfully manage their resource allocation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking as a support rep, I’m going to go over the top allocation management theory links we send users, the top symptoms we see, and where we direct users to update their configurations to resolve their resource allocation issues.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Theory","_metadata":{"uid":"cs96737da32e053960"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs a Java application, Elasticsearch requires some logical memory (heap) allocation from the system’s physical memory. This should be up to half of the physical RAM, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#compressed_oops\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecapping at 32GB\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Setting higher heap usage is usually \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-memory-pressure.html#ec-memory-pressure-causes\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ein response\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to expensive queries and larger data storage. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html#parent-circuit-breaker\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eParent circuit breaker\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e defaults to 95%, but we recommend scaling resources once consistently \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/found-understanding-memory-pressure-indicator#conclusion\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehitting 85%\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI highly recommend these overview articles for more info:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/a-heap-of-trouble\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA heap of trouble\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHeap: Sizing and swapping\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Configuration","_metadata":{"uid":"cs0a3c0dfb50f3d590"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOut of the box, Elasticsearch’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#setting-jvm-heap-size\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edefault settings\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e automatically size your JVM heap based on node role and total memory. However, as needed, you can configure it directly in the following three ways:\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. Directly in your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#setting-jvm-heap-size\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econfig \u0026gt; jvm.options\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file of your local Elasticsearch files:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7d32b0304fa4ceee"}}},{"code":{"code":"## JVM configuration\n\n################################################################\n## IMPORTANT: JVM heap size\n################################################################\n\n…\n\n# Xms represents the initial size of total heap space\n# Xmx represents the maximum size of total heap space\n\n-Xms4g\n-Xmx4g","_metadata":{"uid":"cs5e46cac24287aae6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs179308ec437fc051"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. As an Elasticsearch environment variable \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html#docker-cli-run-prod-mode\"\u003e\u003cspan style='font-size: 12pt;'\u003ein your docker-compose\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaa56425613c18df4"}}},{"code":{"code":"version: '2.2'\nservices:\n es01:\n\timage: docker.elastic.co/elasticsearch/elasticsearch:7.12.0\n\tenvironment:\n \t- node.name=es01\n \t- cluster.name=es\n \t- bootstrap.memory_lock=true\n \t- \"ES_JAVA_OPTS=-Xms4g -Xmx4g\"\n \t- discovery.type=single-node\n\tulimits:\n \tmemlock:\n \tsoft: -1\n \thard: -1\n\tports:\n \t- 9200:9200","_metadata":{"uid":"cs5b51e140ab5a3dc3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs04d10efb1f56f8ef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. Via our Elastic Cloud Hosted \u0026gt; Deployment \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-customize-deployment-components.html#ec-cluster-size\"\u003e\u003cspan style='font-size: 12pt;'\u003eEdit view\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e The drop down assigns physical memory and roughly half will be allotted to the heap.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs78e99b5fdadbfb62"}}},{"image":{"image":{"uid":"blt21fba1109675bda8","_version":1,"title":"blog-elasticsearch-hot-data-content-tier.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-04T16:39:06.647Z","updated_at":"2024-11-04T16:39:06.647Z","content_type":"image/png","file_size":"53163","filename":"blog-elasticsearch-hot-data-content-tier.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.566Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt21fba1109675bda8/6728f8aa9b78e715d553807f/blog-elasticsearch-hot-data-content-tier.png"},"_metadata":{"uid":"cs6e45ad401ec63e10"},"caption_l10n":"","alt_text_l10n":"elasticsearch hot data and content tier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Troubleshooting","_metadata":{"uid":"cs6c6ce5ece703a5af"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you’re currently experiencing performance issues with your cluster, it will most likely come down to the usual suspects:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfiguration issues:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Undersized master nodes, no \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle-management.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eILM\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e policy\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVolume induced:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e High request pace/load, overlapping expensive queries/writes\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAll following cURL/API requests can be made in the Elastic Cloud Hosted \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-api-console.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch API Console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, as a cURL to the Elasticsearch API, or under Kibana \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/console-kibana.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDev Tools\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e"},{"title_l10n":"Allocation health","_metadata":{"uid":"csf5a226700d58d1c6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData indices \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html\"\u003e\u003cspan style='font-size: 12pt;'\u003estore into sub-shards\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which use heap for maintenance and during search/write requests. Shard size should \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.16/size-your-shards.html#shard-size-recommendation\"\u003e\u003cspan style='font-size: 12pt;'\u003ebe no larger than 50GB\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;Taking the above Elastic Cloud Hosted example with 8GB of physical memory across two zones (which will allocate two nodes in total), let’s join this to an example:\u0026nbsp; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-allocation.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/allocation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csea592384116ee716"}}},{"code":{"code":"GET /_cat/allocation?v=true\u0026h=shards,node\nshards node\n 41 instance-0000000001\n 41 instance-0000000000","_metadata":{"uid":"cs7a4fc3e94009b7e8"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs13128b83dbcedffd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd to: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs10c4578db37a0e7a"}}},{"code":{"code":"GET /_cluster/health?filter_path=status,*_shards\n\n{\n \"status\": \"green\",\n \"unassigned_shards\": 0,\n \"initializing_shards\": 0,\n \"active_primary_shards\": 41,\n \"relocating_shards\": 0,\n \"active_shards\": 82,\n \"delayed_unassigned_shards\": 0\n}","_metadata":{"uid":"cs722f975aa1ac1b16"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs47238668db1c604d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf any shards report \u0026gt;0 outside \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eactive_shards\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eactive_primary_shards\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, you’ve pinpointed a cause for performance issues.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMost commonly if this reports an issue, it will be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eunassigned_shards\u0026gt;0\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If these shards are primary, your cluster will report as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:red\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and if only replicas, it will report as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:yellow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. (This is why \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html#dynamic-index-settings\"\u003e\u003cspan style='font-size: 12pt;'\u003esetting replicas on indices\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is important — if the cluster encounters an issue, it can recover rather than experience data loss.)Let’s pretend we have a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:yellow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a single unassigned shard. To investigate, we’d take a look at which index shard is having trouble via \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-shards.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/shards\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf67115e87eda65f"}}},{"code":{"code":"GET _cat/shards?v=true\u0026s=state\nindex \tshard prirep state \tdocs store ip \tnode\nlogs \t0 \tp \tSTARTED \t2 10.1kb 10.42.255.40 instance-0000000001\nlogs \t0 \tr \tUNASSIGNED\nkibana_sample_data_logs \t0 \tp \tSTARTED \t14074 10.6mb 10.42.255.40 instance-0000000001\n.kibana_1 \t0 \tp \tSTARTED \t2261 3.8mb 10.42.255.40 instance-0000000001","_metadata":{"uid":"cs84e42325ae42db40"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csca5d90f4a5828a1f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo this will be for our non-system index logs, which have an unassigned replica shard. Let’s see what’s giving it grief by running \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.12/cluster-allocation-explain.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/allocation/explain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. (Pro tip: When you escalate to support, this is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eexactly\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e what we do.)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e\u003cstrong\u003eGET _cluster/allocation/explain?pretty\u0026amp;filter_path=index,node_allocation_decisions.node_name,node_allocation_decisions.deciders.*\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65ac3aef7b729bff"}}},{"code":{"code":"{ \"index\": \"logs\",\n \"node_allocation_decisions\": [{\n \"node_name\": \"instance-0000000005\",\n \"deciders\": [{\n \"decider\": \"data_tier\",\n \"decision\": \"NO\",\n \"explanation\": \"node does not match any index setting [index.routing.allocation.include._tier] tier filters [data_hot]\"\n}]}]}","_metadata":{"uid":"cscd314239f3b38b03"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa11d35edc31eb51d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis error message points to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003edata_hot\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which is part of an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eindex lifecycle management\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (ILM) policy and indicates that our ILM policy is incongruent with our current index settings. In this case, the cause of this error is from setting up a hot-warm ILM policy without having designated hot-warm nodes. (I needed to guarantee something would fail, so this is me forcing error examples for y’all. For more information, see \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=5z3n2VgusLE\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis example troubleshooting video\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for resolution walkthrough.)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you run this command when you don’t have any unassigned shards, you’ll get a 400 error saying \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eunable to find any unassigned shards to explain\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e because nothing’s wrong to report on\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you get a non-logic cause (e.g., a temporary network error like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003enode left cluster during allocation\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e), then you can use Elastic’s handy-dandy \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-reroute.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/reroute\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4cd3226d26e7e91e"}}},{"code":{"code":"POST /_cluster/reroute","_metadata":{"uid":"cs5b9f4c3fa34d1459"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs99c4e50e27efe068"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis request without customizations starts an asynchronous background process that attempts to allocate all current \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estate:UNASSIGNED\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e shards. (Don’t be like me and not wait for it to finish before you contact dev, because I thought it would be instantaneous and coincidentally escalate just in time for them to say nothing’s wrong because nothing was anymore.) For more information, see this \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=v2mbeSd1vTQ\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003etroubleshooting video for monitoring Allocation Health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Circuit breakers","_metadata":{"uid":"csac7cc6875626f46c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaxing out your heap allocation can cause requests to your cluster to time out or error and frequently will cause your cluster to experience circuit breaker exceptions. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker-errors.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCircuit breaking errors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e causes elasticsearch.log events like:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa6123b2fe5541ffc"}}},{"code":{"code":"Caused by: org.elasticsearch.common.breaker.CircuitBreakingException: [parent] Data too large, data for [\u003ctransport_request\u003e] would be [num/numGB], which is larger than the limit of [num/numGB], usages [request=0/0b, fielddata=num/numKB, in_flight_requests=num/numGB, accounting=num/numGB]","_metadata":{"uid":"csf328c98fcbe15688"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9b748bf9e85a9c6a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo investigate, take a look at your \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eheap.percent\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, either by looking at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/nodes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc0ddb373e182df0d"}}},{"code":{"code":"GET /_cat/nodes?v=true\u0026h=name,node*,heap*\n# heap = JVM (logical memory reserved for heap)\n# ram = physical memory\n\nname node.role heap.current heap.percent heap.max\ntiebreaker-0000000002 mv 119.8mb 23 508mb\ninstance-0000000001 himrst 1.8gb 48 3.9gb\ninstance-0000000000 himrst 2.8gb 73 3.9gb","_metadata":{"uid":"cs9759079a5c9a1d05"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs43d6daa2b506e8ec"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOr if you’ve previously enabled it, navigate to Kibana \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eStack Monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse328c6f3be61bb8a"}}},{"image":{"image":{"uid":"bltaf9ad3a2547c12d3","_version":1,"title":"blog-elasticsearch-nodes.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-05T14:47:17.903Z","updated_at":"2024-11-05T14:47:17.903Z","content_type":"image/png","file_size":"235581","filename":"blog-elasticsearch-nodes.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.577Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaf9ad3a2547c12d3/672a2ff510ff855dc625ebea/blog-elasticsearch-nodes.png"},"_metadata":{"uid":"cs14509603c7e1b0b9"},"caption_l10n":"","alt_text_l10n":"elasticsearch nodes","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4e4577eca5d5bc3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eIf you've confirmed you're hitting your memory circuit breakers, you'll want to consider increasing heap temporarily to give yourself breathing room to investigate. When investigating root cause, look through your \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html\" target=\"_self\"\u003eaudit logging\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-slowlog.html\" target=\"_self\"\u003eslow logging\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html\" target=\"_self\"\u003eclusterlogs,\u003c/a\u003e or elasticsearch.log for the preceding consecutive events. You'll be looking for:\u003c/p\u003e\u003cul\u003e\u003cli\u003eExpensive queries, especially:\u003cul\u003e\u003cli\u003eHigh bucket aggregations\u003cul\u003e\u003cli\u003eI felt so silly when I found out that searches temporarily allocate a certain portion of your heap \u003cem\u003ebefore\u003c/em\u003e they run the query based on the search \u003cem\u003esize\u003c/em\u003e or bucket dimensions, so setting 10,000,000 really was giving my ops team heartburn.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003enon-optimized mappings\u003cul\u003e\u003cli\u003eThe second reason to feel silly was when I thought doing hierarchical reporting would search better than flattened out data (it does not).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eRequest volume/pace: Usually batch or async queries\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Time to scale","_metadata":{"uid":"cs72cf02f7ec1a4126"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf this isn’t your first time hitting circuit breakers or you suspect it’ll be an ongoing issue (e.g., consistently hitting 85%, so it’s time to look at scaling resources), you’ll want to take a closer look at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/found-understanding-memory-pressure-indicator\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe JVM Memory Pressure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as your long-term heap indicator. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-memory-pressure.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eYou can check this\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic Cloud Hosted \u0026gt; Deployment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7018b9cbeb694290"}}},{"image":{"image":{"uid":"bltec76d550fd75d35e","_version":1,"title":"blog-elasticsearch-instances.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-05T14:47:40.198Z","updated_at":"2024-11-05T14:47:40.198Z","content_type":"image/png","file_size":"216097","filename":"blog-elasticsearch-instances.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.556Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec76d550fd75d35e/672a300cec690346cf80e426/blog-elasticsearch-instances.png"},"_metadata":{"uid":"csb75de8bf4d1709e5"},"caption_l10n":"","alt_text_l10n":"elasticsearch instances","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf716fd6b8c98aa10"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOr you can calculate it from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-nodes-stats.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_nodes/stats\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc93cc273ccc95595"}}},{"code":{"code":"GET /_nodes/stats?filter_path=nodes.*.jvm.mem.pools.old\n\n{\"nodes\": { \"node_id\": { \"jvm\": { \"mem\": { \"pools\": { \"old\": {\n \"max_in_bytes\": 532676608,\n \"peak_max_in_bytes\": 532676608,\n \"peak_used_in_bytes\": 104465408,\n \"used_in_bytes\": 104465408\n}}}}}}}","_metadata":{"uid":"csb712d2db038a6552"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs545ca4bd1034b922"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhere:\u003c/p\u003e"}],"_metadata":{"uid":"cs642a356c6aa18794"}}},{"code":{"code":"JVM Memory Pressure = used_in_bytes / max_in_bytes","_metadata":{"uid":"csd2dd7d82cab97b76"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7a8edb0eb547da34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA potential symptom of this is high frequency and long duration from garbage collector (gc) events in your elasticsearch.log:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3e7a869654542ce1"}}},{"code":{"code":"[timestamp_short_interval_from_last][INFO ][o.e.m.j.JvmGcMonitorService] [node_id] [gc][number] overhead, spent [21s] collecting in the last [40s]","_metadata":{"uid":"cs645946facbfa844c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8c029cedd156f990"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you confirm this scenario, you’ll need to take a look either at scaling your cluster or at reducing the demands hitting it. You’ll want to investigate/consider:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIncreasing heap resources (heap/node; number of nodes)\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDecreasing shards (delete unnecessary/old data; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle-management.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003euse ILM\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to put data into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/hot-warm-architecture\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewarm/cold storage\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e so you can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-shrink.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eshrink it\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e; turn off replicas for data you don’t care if you lose)\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"We're here to help","_metadata":{"uid":"cs2c3078cac9273079"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWooh! From what I see in Elastic support, that’s the rundown of most common user tickets: unassigned shards, unbalanced shard-heap, circuit breakers, high garbage collection, and allocation errors. All are symptoms of the core resource allocation management conversation. Hopefully, you now know the theory and resolution steps, too.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt this point, though, if you’re stuck resolving an issue, feel free to reach out. We’re here and happy to help! Contact us:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"http://discuss.elastic.co/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElastic Discuss\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://join.slack.com/t/elasticstack/shared_invite/zt-o4sdlhb7-OGXEcy4iry_CsxVyJLGYag\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElastic community Slack\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/consulting\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic consulting\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/training\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic training\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheers to our ability to self-manage the Elastic Stack’s resource allocation as non-Ops (love Ops, too)!\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2b374506db2111d2"}}},{"callout":{"title_l10n":"Additional resources:","_metadata":{"uid":"cs8dad7e458d5e92c8"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDocs: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-monitoring-setup.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to set up monitoring\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-set-up-elastic-cloud-advice-from-elastic-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to set up Elastic Cloud: Advice from Elastic support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf3986fc457801d5d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cem\u003eOriginally published April 27, 2021; updated November 5, 2024.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb8fdc17e83ea105f"}}}],"publish_date":"2024-11-05T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltc65e91f68e28d7dc","_version":1,"title":"Office-building (4).jpg","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-04T16:58:32.748Z","updated_at":"2024-11-04T16:58:32.748Z","content_type":"image/jpeg","file_size":"127924","filename":"Office-building_(4).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.539Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc65e91f68e28d7dc/6728fd38e404ee40f9f6c79a/Office-building_(4).jpg"},"title":"Managing and troubleshooting Elasticsearch memory","title_l10n":"Managing and troubleshooting Elasticsearch memory","updated_at":"2025-02-25T21:20:26.966Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/managing-and-troubleshooting-elasticsearch-memory","publish_details":{"time":"2025-02-25T21:21:13.969Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt164cc603cf9b0288","_version":34,"locale":"en-us","ACL":{},"abstract_l10n":"In part one of this two-part series, we’ll dive into configuring the components of a standard Elastic Stack consisting of Elasticsearch, Logstash, Kibana, and Beats (ELK-B), on which we can immediately begin developing.","author":["blt096405e08d51c7ce"],"category":["bltb79594af7c5b4199"],"created_at":"2023-05-17T16:36:25.211Z","created_by":"blt92c74e5c4edca909","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csae476b8a58cdcb3a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs the Elastic Stack has grown over the years and the feature sets have increased, so has the complexity of getting started or attempting a proof-of-concept (POC) locally. And while \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is still the fastest and easiest way to get started with Elastic, the need for local development and testing is still widely abundant. As developers, we are drawn to quick setups and rapid development with low-effort results. Nothing screams fast setup and POC quite like Docker — which is what we’ll be focusing on to get started with an entire Elastic Stack build-out for your local enjoyment.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn part one of this two-part series, we’ll dive into configuring the components of a standard Elastic Stack consisting of Elasticsearch, Logstash, Kibana, and Beats (ELK-B), on which we can immediately begin developing.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn part two, we’ll enhance our base configuration and add many of the different features that power our evolving stack, such as APM, Agent, Fleet, Integrations, and Enterprise Search. We will also look at instrumenting these in our new local environment for development and POC purposes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor those who have been through some of this before, you're welcome to \u003c/span\u003e\u003ca href=\"https://github.com/elkninja/elastic-stack-docker-part-one\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTL;DR and head over to the repo to grab the files\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs a prerequisite, \u003c/span\u003e\u003ca href=\"https://docs.docker.com/get-docker/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDocker Desktop or Docker Engine\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with \u003c/span\u003e\u003ca href=\"https://docs.docker.com/get-started/08_using_compose/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDocker-Compose\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e will need to be installed and configured. For this tutorial, we will be using Docker Desktop.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur focus for these Docker containers will primarily be Elasticsearch and Kibana. However, we’ll be utilizing Metricbeat to give us some cluster insight as well as Filebeat and Logstash for some ingestion basics.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac231957c6be793b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs95ee301df3686e70"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eFile structure\u003c/h2\u003e\u003cp\u003eFirst, let's start by defining the outline of our file structure.\u003c/p\u003e\u003cp\u003e├── .env\u003c/p\u003e\u003cp\u003e├── docker-compose.yml\u003c/p\u003e\u003cp\u003e├── filebeat.yml\u003c/p\u003e\u003cp\u003e├── logstash.conf\u003c/p\u003e\u003cp\u003e└── metricbeat.yml\u003c/p\u003e\u003cp\u003eWe’ll keep it simple initially. Elasticsearch and Kibana will be able to start from the docker-compose file, while Filebeat, Metricbeat, and Logstash will all need additional configuration from yml files.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eEnvironment file\u003c/h2\u003e\u003cp\u003eNext, we’ll define variables to pass to the docker-compose via the .env file. These parameters will help us establish ports, memory limits, component versions, etc.\u003c/p\u003e\u003ch3\u003e.env\u003c/h3\u003e"}],"_metadata":{"uid":"cs8ee3cf303335b3cc"}}},{"code":{"code":"# Project namespace (defaults to the current folder name if not set)\n#COMPOSE_PROJECT_NAME=myproject\n\n\n# Password for the 'elastic' user (at least 6 characters)\nELASTIC_PASSWORD=changeme\n\n\n# Password for the 'kibana_system' user (at least 6 characters)\nKIBANA_PASSWORD=changeme\n\n\n# Version of Elastic products\nSTACK_VERSION=8.7.1\n\n\n# Set the cluster name\nCLUSTER_NAME=docker-cluster\n\n\n# Set to 'basic' or 'trial' to automatically start the 30-day trial\nLICENSE=basic\n#LICENSE=trial\n\n\n# Port to expose Elasticsearch HTTP API to the host\nES_PORT=9200\n\n\n# Port to expose Kibana to the host\nKIBANA_PORT=5601\n\n\n# Increase or decrease based on the available host memory (in bytes)\nES_MEM_LIMIT=1073741824\nKB_MEM_LIMIT=1073741824\nLS_MEM_LIMIT=1073741824\n\n\n# SAMPLE Predefined Key only to be used in POC environments\nENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2\n","_metadata":{"uid":"csf32f35554b3f4ad4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs196221e52072e89d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNote that the placeholder word “changeme” for all the passwords and the sample key are used for demonstration purposes only. These should be changed even for your local POC needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs you can see here, we specify ports 9200 and 5601 for Elasticsearch and Kibana respectively. This is also where you can change from “basic” to “trial” license type in order to test additional features.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe make use of the `STACK_VERSION' environment variable here in order to pass it to each of the services (containers) in our \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003edocker-compose.yml\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file. When using Docker, opting to hard-code the version number as opposed to using something like the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e:latest\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tag is a good way to maintain positive control over the environment. For components of the Elastic Stack, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e:latest\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tag is not supported and we require version numbers to pull the images.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eSetup and Elasticsearch node\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the first bits of trouble that's often run into when getting started is security configuration. As of 8.0, security is enabled by default. Therefore, we'll need to make sure we have the certificate CA setup correctly by utilizing a \"setup\" node to establish the certificates. Having \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity enabled is a recommended practice\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and should not be disabled, even in POC environments.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘setup’ container)\u003c/h3\u003e"}],"_metadata":{"uid":"cs6dfcfa17ebad19d9"}}},{"code":{"code":"version: \"3.8\"\n\n\nvolumes:\n certs:\n driver: local\n esdata01:\n driver: local\n kibanadata:\n driver: local\n metricbeatdata01:\n driver: local\n filebeatdata01:\n driver: local\n logstashdata01:\n driver: local\n\n\nnetworks:\n default:\n name: elastic\n external: false\n\n\nservices:\n setup:\n image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}\n volumes:\n - certs:/usr/share/elasticsearch/config/certs\n user: \"0\"\n command: \u003e\n bash -c '\n if [ x${ELASTIC_PASSWORD} == x ]; then\n echo \"Set the ELASTIC_PASSWORD environment variable in the .env file\";\n exit 1;\n elif [ x${KIBANA_PASSWORD} == x ]; then\n echo \"Set the KIBANA_PASSWORD environment variable in the .env file\";\n exit 1;\n fi;\n if [ ! -f config/certs/ca.zip ]; then\n echo \"Creating CA\";\n bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;\n unzip config/certs/ca.zip -d config/certs;\n fi;\n if [ ! -f config/certs/certs.zip ]; then\n echo \"Creating certs\";\n echo -ne \\\n \"instances:\\n\"\\\n \" - name: es01\\n\"\\\n \" dns:\\n\"\\\n \" - es01\\n\"\\\n \" - localhost\\n\"\\\n \" ip:\\n\"\\\n \" - 127.0.0.1\\n\"\\\n \" - name: kibana\\n\"\\\n \" dns:\\n\"\\\n \" - kibana\\n\"\\\n \" - localhost\\n\"\\\n \" ip:\\n\"\\\n \" - 127.0.0.1\\n\"\\\n \u003e config/certs/instances.yml;\n bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;\n unzip config/certs/certs.zip -d config/certs;\n fi;\n echo \"Setting file permissions\"\n chown -R root:root config/certs;\n find . -type d -exec chmod 750 \\{\\} \\;;\n find . -type f -exec chmod 640 \\{\\} \\;;\n echo \"Waiting for Elasticsearch availability\";\n until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q \"missing authentication credentials\"; do sleep 30; done;\n echo \"Setting kibana_system password\";\n until curl -s -X POST --cacert config/certs/ca/ca.crt -u \"elastic:${ELASTIC_PASSWORD}\" -H \"Content-Type: application/json\" https://es01:9200/_security/user/kibana_system/_password -d \"{\\\"password\\\":\\\"${KIBANA_PASSWORD}\\\"}\" | grep -q \"^{}\"; do sleep 10; done;\n echo \"All done!\";\n '\n healthcheck:\n test: [\"CMD-SHELL\", \"[ -f config/certs/es01/es01.crt ]\"]\n interval: 1s\n timeout: 5s\n retries: 120","_metadata":{"uid":"csb4db8250e54458ed"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4608293bd0fad237"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the top of the \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003edocker-compose.yml \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewe set the compose version, followed by the volumes and default networking configuration that will be used throughout our different containers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also see that we're standing up a container labeled “setup” with some bash magic to specify our cluster nodes. This allows us to call the elasticsearch-certutil, passing the server names in yml format in order to create the CA cert and node certs. If you wanted to have more than one Elasticsearch node in your stack, this is where you would add the server name to allow the cert creation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNote: In a future post, we’ll adopt the recommended method of using a keystore to keep secrets, but for now, this will allow us to get the cluster up and running.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis setup container will start up first, wait for the ES01 container to come online, and then use our environment variables to set up the passwords we want in our cluster. We’re also saving all certificates to the “certs” volume so that all other containers can have access to them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince the Setup container is dependent on the ES01 container, let's take a quick look at the next configuration so we can start them both up:\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘es01’ container)\u003c/h3\u003e"}],"_metadata":{"uid":"cs2decb3207302bae6"}}},{"code":{"code":" es01:\n depends_on:\n setup:\n condition: service_healthy\n image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}\n labels:\n co.elastic.logs/module: elasticsearch\n volumes:\n - certs:/usr/share/elasticsearch/config/certs\n - esdata01:/usr/share/elasticsearch/data\n ports:\n - ${ES_PORT}:9200\n environment:\n - node.name=es01\n - cluster.name=${CLUSTER_NAME}\n - discovery.type=single-node\n - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}\n - bootstrap.memory_lock=true\n - xpack.security.enabled=true\n - xpack.security.http.ssl.enabled=true\n - xpack.security.http.ssl.key=certs/es01/es01.key\n - xpack.security.http.ssl.certificate=certs/es01/es01.crt\n - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt\n - xpack.security.transport.ssl.enabled=true\n - xpack.security.transport.ssl.key=certs/es01/es01.key\n - xpack.security.transport.ssl.certificate=certs/es01/es01.crt\n - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt\n - xpack.security.transport.ssl.verification_mode=certificate\n - xpack.license.self_generated.type=${LICENSE}\n mem_limit: ${ES_MEM_LIMIT}\n ulimits:\n memlock:\n soft: -1\n hard: -1\n healthcheck:\n test:\n [\n \"CMD-SHELL\",\n \"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'\",\n ]\n interval: 10s\n timeout: 10s\n retries: 120","_metadata":{"uid":"csf52ff6b7e8999493"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs546bcd2e188d8706"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis will be the single-node cluster of Elasticsearch that we’re using for testing.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNotice we’ll be using the CA cert and node certificates that were generated.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou will also notice that we’re storing the Elasticsearch data in a volume outside of the container by specifying \u003cspan data-type='inlineCode'\u003e- esdata01:/usr/share/elasticsearch/data\u003c/span\u003e The two primary reasons for this are performance and data persistence. If we were to leave the data directory inside the container, we would see a significant degradation in the performance of our Elasticsearch node, as well as lose data anytime we needed to change the configuration of the container within our docker-compose file.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith both configurations in place, we can perform our first `docker-compose up` command.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs41df3dd83111d786"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92e73ae3933fdb6e"},"header_style":"H2","paragraph_l10n":"\u003ch3\u003eDocker Compose tips\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re new to Docker Compose or it’s been a while since you’ve had to \u003c/span\u003e\u003ca href=\"https://docs.docker.com/engine/reference/commandline/compose/#child-commands\"\u003e\u003cspan style='font-size: 12pt;'\u003eremember some of the commands\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, let’s quickly review the primary ones you will want to know for this adventure.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou will want to run all these commands in a terminal while in the same folder in which your \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003edocker-compose.yml\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file resides. My example folder:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs51829e3c5edff568"}}},{"image":{"image":{"uid":"blt18e2b714d1be05fb","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-31T19:53:57.140Z","updated_at":"2023-05-31T19:53:57.140Z","content_type":"image/png","file_size":"60880","filename":"Screenshot_2023-05-31_at_1.53.44_PM.png","title":"Screenshot_2023-05-31_at_1.53.44_PM.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-02T20:39:30.729Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt18e2b714d1be05fb/6477a5d514eef6dcbb88421e/Screenshot_2023-05-31_at_1.53.44_PM.png"},"_metadata":{"uid":"cs5f75b4defe8bf69b"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs059ff356d212aeda"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s take a look at those commands.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs227f3e3891a79aec"}}},{"image":{"image":{"uid":"blt82c0a221326eecf1","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-31T19:54:49.124Z","updated_at":"2023-05-31T19:54:49.124Z","content_type":"image/png","file_size":"158901","filename":"Screenshot_2023-05-31_at_1.54.32_PM.png","title":"Screenshot_2023-05-31_at_1.54.32_PM.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-02T20:39:30.752Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82c0a221326eecf1/6477a60904cf0c4308c497ab/Screenshot_2023-05-31_at_1.54.32_PM.png"},"_metadata":{"uid":"csd8b20894f19085cf"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscbf223a77b7de4f2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, lets run `docker-compose up`.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6b16557eab607b33"}}},{"image":{"image":{"uid":"blt828cbfd7ac8b0e37","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-31T19:55:54.839Z","updated_at":"2023-05-31T19:55:54.839Z","content_type":"image/png","file_size":"343198","filename":"Screenshot_2023-05-31_at_1.55.45_PM.png","title":"Screenshot_2023-05-31_at_1.55.45_PM.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-02T20:39:30.779Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt828cbfd7ac8b0e37/6477a64a43f559ac23b7d6dc/Screenshot_2023-05-31_at_1.55.45_PM.png"},"_metadata":{"uid":"cs285ac485d5f4be85"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs275a9cefc385331e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt this point, if the syntax is correct, Docker will begin to download all images and build the environment that is listed in the \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003edocker-compose.yml\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file. This may take a few minutes depending on the speed of your internet. If you want to see the images outside of Docker Desktop, you can always find them in the \u003c/span\u003e\u003ca href=\"https://www.docker.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003eofficial Elastic Docker Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7bc4db1d04a7061b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0688d3a7301619c9"},"header_style":"H2","paragraph_l10n":"\u003ch3\u003eTroubleshooting Virtual Memory misconfigurations\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen starting up the Elasticsearch node for the first time, many users get stuck on the Virtual Memory configuration and receive an error message such as:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1abf4dc2c0eafa0b"}}},{"code":{"code":"{\"@timestamp\":\"2023-04-14T13:16:22.148Z\", \"log.level\":\"ERROR\", \"message\":\"node validation exception\\n[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.\\nbootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]\", \"ecs.version\": \"1.2.0\",\"service.name\":\"ES_ECS\",\"event.dataset\":\"elasticsearch.server\",\"process.thread.name\":\"main\",\"log.logger\":\"org.elasticsearch.bootstrap.Elasticsearch\",\"elasticsearch.node.name\":\"es01\",\"elasticsearch.cluster.name\":\"docker-cluster\"}","_metadata":{"uid":"cs39409e43c91199d3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs59408e7a901f896c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe key takeaway here is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003emax virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]. \u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUltimately, the command \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esysctl -w vm.max_map_count=262144\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e needs to be run where the containers are being hosted.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the case of Mac, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_macos_with_docker_for_mac\"\u003e\u003cspan style='font-size: 12pt;'\u003echeck these instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Docker for Mac. Follow \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_and_macos_with_docker_desktop\"\u003e\u003cspan style='font-size: 12pt;'\u003ethese instructions for Docker Desktop\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For Linux users, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_linux\"\u003e\u003cspan style='font-size: 12pt;'\u003esee these instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Windows users, if you have Docker Desktop, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_and_macos_with_docker_desktop\"\u003e\u003cspan style='font-size: 12pt;'\u003eyou can try these instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. However, if you’re \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_with_docker_desktop_wsl_2_backend\"\u003e\u003cspan style='font-size: 12pt;'\u003eusing WSLv2 with Docker Desktop, take a look here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce complete, you can reboot Docker Desktop and retry your \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edocker-compose up\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e command.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5cf8b7cd48550683"}}},{"image":{"image":{"uid":"blt96b117aab6a0cde3","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:23:33.651Z","updated_at":"2023-05-17T16:23:33.651Z","content_type":"image/png","file_size":"111427","filename":"image7.png","title":"image7.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.528Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96b117aab6a0cde3/6464ff85e0f341103f57bda8/image7.png"},"_metadata":{"uid":"cs8e35cfbfe465b076"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc7dccca4872a9b3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRemember, the Setup container will exit on purpose after it has completed generating the certs and passwords.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSo far so good, but let's test.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe can use a command to copy the \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003eca.crt \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eout of the es01-1 container. Remember, the name of the set of containers is based on the folder from which the \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003edocker-compose.yml\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is running. For example, my directory is “elasticstack_docker” therefore, my command would look like this, based on the screenshot above:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003edocker cp \u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticstack_docker-es01-1:/usr/share/elasticsearch/config/certs/ca/ca.crt /tmp/.\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce the certificate is downloaded, run a curl command to query the Elasticsearch node:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003ecurl --cacert /tmp/ca.crt -u elastic:changeme https://localhost:9200\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc3d378497a9f85b2"}}},{"image":{"image":{"uid":"blt399aad04378e03f8","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:25:16.465Z","updated_at":"2023-05-17T16:25:16.465Z","content_type":"image/png","file_size":"44081","filename":"image4.png","title":"image4.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.553Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt399aad04378e03f8/6464ffec61e0446fcb14f9a6/image4.png"},"_metadata":{"uid":"cs51478baeb459f7d5"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfd806638460448ef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSuccess!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNotice that we’re accessing Elasticsearch using \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003elocalhost\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e:9200. This is thanks to the port, which has been specified via the \u003cspan data-type='inlineCode'\u003eports\u003c/span\u003e section of \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003edocker-compose.yml\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. This setting maps ports on the container to ports on the host and allows traffic to pass through your machine and into the docker container with that port specified.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7b7a70af80190eee"}}},{"banner":{"reference":[{"uid":"blt6d98a581fc6972d6","_content_type_uid":"banner"}],"_metadata":{"uid":"cs8f141e4d784cc4b5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs29723e1d07a50f8e"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eKibana\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor the Kibana config, we will utilize the certificate output from earlier. We will also specify that this node doesn't start until it sees that the Elasticsearch node above is up and running correctly.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘kibana’ container)\u003c/h3\u003e"}],"_metadata":{"uid":"cs849d255f0afec5b1"}}},{"code":{"code":"kibana:\n depends_on:\n es01:\n condition: service_healthy\n image: docker.elastic.co/kibana/kibana:${STACK_VERSION}\n labels:\n co.elastic.logs/module: kibana\n volumes:\n - certs:/usr/share/kibana/config/certs\n - kibanadata:/usr/share/kibana/data\n ports:\n - ${KIBANA_PORT}:5601\n environment:\n - SERVERNAME=kibana\n - ELASTICSEARCH_HOSTS=https://es01:9200\n - ELASTICSEARCH_USERNAME=kibana_system\n - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}\n - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt\n - XPACK_SECURITY_ENCRYPTIONKEY=${ENCRYPTION_KEY}\n - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=${ENCRYPTION_KEY}\n - XPACK_REPORTING_ENCRYPTIONKEY=${ENCRYPTION_KEY}\n mem_limit: ${KB_MEM_LIMIT}\n healthcheck:\n test:\n [\n \"CMD-SHELL\",\n \"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'\",\n ]\n interval: 10s\n timeout: 10s\n retries: 120","_metadata":{"uid":"cs10f472b15f9ae020"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbbc6218ede4fd378"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNotice in our `environment` section that we’re specifying \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eELASTICSEARCH_HOSTS=https://es01:9200\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e We’re able to specify the container name here for our ES01 Elasticsearch container since we’re utilizing the \u003c/span\u003e\u003ca href=\"https://docs.docker.com/compose/networking/\"\u003e\u003cspan style='font-size: 12pt;'\u003eDocker default networking\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. All containers that are using the “elastic” network that was specified at the beginning of our \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003edocker-compose.yml\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file will be able to properly resolve other container names and communicate with each other.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet's load up Kibana and see if we can access it.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs99369e2c38fd1f59"}}},{"image":{"image":{"uid":"blt61b57182e9ecb7ce","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:26:30.760Z","updated_at":"2023-05-17T16:26:30.760Z","content_type":"image/png","file_size":"146607","filename":"image5.png","title":"image5.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.576Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61b57182e9ecb7ce/64650036ce0b9185f3e81ca8/image5.png"},"_metadata":{"uid":"csfd63ea71af865d6d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs66bb15bd1f291224"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe containers are green. We should now be able to reach \u003c/span\u003e\u003ca href=\"http://localhost:5601\"\u003e\u003cspan style='font-size: 12pt;'\u003ehttp://localhost:5601\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs93c79b54df178639"}}},{"image":{"image":{"uid":"bltf990c5d8d32fd57e","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:27:09.977Z","updated_at":"2023-05-17T16:27:09.977Z","content_type":"image/png","file_size":"45007","filename":"image3.png","title":"image3.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.603Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf990c5d8d32fd57e/6465005d6ff7c0a9f72bce2f/image3.png"},"_metadata":{"uid":"cs20c8751bad739ee5"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csef885f2320fa0bc0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA quick login with the username and password that was specified should drop us right into a brand-new instance of Kibana. Excellent!\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eMetricbeat\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that we have Kibana and Elasticsearch up and running and communicating, let’s configure Metricbeat to help us keep an eye on things. This will require both configuration in our docker-compose file, and also in a standalone \u003c/span\u003e\u003cspan style='color:rgb(24, 128, 56);font-size: 12pt;'\u003emetricbeat.yml\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For Logstash, Filebeat, and Metricbeat, the configuration files are using \u003c/span\u003e\u003ca href=\"https://docs.docker.com/storage/bind-mounts/\"\u003e\u003cspan style='font-size: 12pt;'\u003ebind mounts\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Bind mounts for files will retain the same permissions and ownership within the container that they have on the host system. Be sure to set permissions such that the files will be readable and, ideally, not writeable by the container’s user. You will receive an error in the container otherwise. Removing the write permissions on your host may suffice.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘metricbeat01’ container)\u003c/h3\u003e"}],"_metadata":{"uid":"cs71d9afdb5fa66098"}}},{"code":{"code":" metricbeat01:\n depends_on:\n es01:\n condition: service_healthy\n kibana:\n condition: service_healthy\n image: docker.elastic.co/beats/metricbeat:${STACK_VERSION}\n user: root\n volumes:\n - certs:/usr/share/metricbeat/certs\n - metricbeatdata01:/usr/share/metricbeat/data\n - \"./metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro\"\n - \"/var/run/docker.sock:/var/run/docker.sock:ro\"\n - \"/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro\"\n - \"/proc:/hostfs/proc:ro\"\n - \"/:/hostfs:ro\"\n environment:\n - ELASTIC_USER=elastic\n - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}\n - ELASTIC_HOSTS=https://es01:9200\n - KIBANA_HOSTS=http://kibana:5601\n - LOGSTASH_HOSTS=http://logstash01:9600","_metadata":{"uid":"cs63a058952d67d141"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc8f94d53de267336"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere, we’re exposing host information regarding processes, filesystem, and the docker daemon to the Metricbeat container in a read-only fashion. This enables Metricbeat to collect the data to send to Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003emetricbeat.yml\u003c/h3\u003e"}],"_metadata":{"uid":"csb8c33c1668fc2089"}}},{"code":{"code":"metricbeat.config.modules:\n path: ${path.config}/modules.d/*.yml\n reload.enabled: false\n\n\nmetricbeat.modules:\n- module: elasticsearch\n xpack.enabled: true\n period: 10s\n hosts: ${ELASTIC_HOSTS}\n ssl.certificate_authorities: \"certs/ca/ca.crt\"\n ssl.certificate: \"certs/es01/es01.crt\"\n ssl.key: \"certs/es01/es01.key\"\n username: ${ELASTIC_USER}\n password: ${ELASTIC_PASSWORD}\n ssl.enabled: true\n\n\n- module: logstash\n xpack.enabled: true\n period: 10s\n hosts: ${LOGSTASH_HOSTS}\n\n\n- module: kibana\n metricsets:\n - stats\n period: 10s\n hosts: ${KIBANA_HOSTS}\n username: ${ELASTIC_USER}\n password: ${ELASTIC_PASSWORD}\n xpack.enabled: true\n\n\n- module: docker\n metricsets:\n - \"container\"\n - \"cpu\"\n - \"diskio\"\n - \"healthcheck\"\n - \"info\"\n #- \"image\"\n - \"memory\"\n - \"network\"\n hosts: [\"unix:///var/run/docker.sock\"]\n period: 10s\n enabled: true\n\n\nprocessors:\n - add_host_metadata: ~\n - add_docker_metadata: ~\n\n\noutput.elasticsearch:\n hosts: ${ELASTIC_HOSTS}\n username: ${ELASTIC_USER}\n password: ${ELASTIC_PASSWORD}\n ssl:\n certificate: \"certs/es01/es01.crt\"\n certificate_authorities: \"certs/ca/ca.crt\"\n key: \"certs/es01/es01.key\"","_metadata":{"uid":"cs1626f7dab4d34af4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc57538b5bbfe2661"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur Metricbeat is dependent on ES01 and Kibana nodes being healthy before starting. The notable configurations here are in the \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003emetricbeat.yml\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file. We have enabled four modules for gathering metrics including Elasticsearch, Kibana, Logstash, and Docker.\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003eThis means, once we verify Metricbeat is up, we can hop into Kibana and \u003c/span\u003e\u003ca href=\"http://localhost:5601/app/monitoring\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enavigate to “Stack Monitoring”\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to see how things look.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa276d47cb9ddfbdb"}}},{"image":{"image":{"uid":"bltd26e79829c568c13","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:28:38.740Z","updated_at":"2023-05-17T16:28:38.740Z","content_type":"image/png","file_size":"183573","filename":"image9.png","title":"image9.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.625Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd26e79829c568c13/646500b6bb5054db5d0ff13f/image9.png"},"_metadata":{"uid":"cs822800c302c1b9f5"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse328239b5a33edfb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDon't forget to set up your out-of-the-box rules!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs80378bb011e70f4c"}}},{"image":{"image":{"uid":"blt925df5f044d604de","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:29:17.985Z","updated_at":"2023-05-17T16:29:17.985Z","content_type":"image/png","file_size":"50902","filename":"image10.png","title":"image10.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.649Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt925df5f044d604de/646500dd01974d3ef9d68ba4/image10.png"},"_metadata":{"uid":"cs220b430fc7a1499e"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt92390cf6b273991b","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:29:48.455Z","updated_at":"2023-05-17T16:29:48.455Z","content_type":"image/png","file_size":"165054","filename":"image12.png","title":"image12.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.675Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt92390cf6b273991b/646500fc42f57a80484124f9/image12.png"},"_metadata":{"uid":"cs875178d687b7c95a"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc4e6c3927957dfb5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMetricbeat is also configured for monitoring the container’s host through \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/var/run/docker.sock\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Checking Elastic Observability allows you to see metrics coming in from your host.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3b089e2557ecca2e"}}},{"image":{"image":{"uid":"blt9ed46c43547b1d6c","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:30:44.653Z","updated_at":"2023-05-17T16:30:44.653Z","content_type":"image/png","file_size":"106267","filename":"image8.png","title":"image8.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.698Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ed46c43547b1d6c/64650134f21a355221cf6fd2/image8.png"},"_metadata":{"uid":"cs7df8de35fb1e00df"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs751c7c3eed1077c1"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eFilebeat\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that the cluster is stable and monitored with Metricbeat, let’s look at Filebeat for log ingestion. Here, our Filebeat will be utilized in two different ways:\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘filebeat01’ container)\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs03a0e171882c8e54"}}},{"code":{"code":" filebeat01:\n depends_on:\n es01:\n condition: service_healthy\n image: docker.elastic.co/beats/filebeat:${STACK_VERSION}\n user: root\n volumes:\n - certs:/usr/share/filebeat/certs\n - filebeatdata01:/usr/share/filebeat/data\n - \"./filebeat_ingest_data/:/usr/share/filebeat/ingest_data/\"\n - \"./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro\"\n - \"/var/lib/docker/containers:/var/lib/docker/containers:ro\"\n - \"/var/run/docker.sock:/var/run/docker.sock:ro\"\n environment:\n - ELASTIC_USER=elastic\n - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}\n - ELASTIC_HOSTS=https://es01:9200\n - KIBANA_HOSTS=http://kibana:5601\n - LOGSTASH_HOSTS=http://logstash01:9600","_metadata":{"uid":"csc36fcdeb37653474"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs282e96cd81520c3d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 14pt;'\u003efilebeat.yml\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs75638784e3d3b29b"}}},{"code":{"code":"filebeat.inputs:\n- type: filestream\n id: default-filestream\n paths:\n - ingest_data/*.log\n\n\nfilebeat.autodiscover:\n providers:\n - type: docker\n hints.enabled: true\n\n\nprocessors:\n- add_docker_metadata: ~\n\n\nsetup.kibana:\n host: ${KIBANA_HOSTS}\n username: ${ELASTIC_USER}\n password: ${ELASTIC_PASSWORD}\n\n\noutput.elasticsearch:\n hosts: ${ELASTIC_HOSTS}\n username: ${ELASTIC_USER}\n password: ${ELASTIC_PASSWORD}\n ssl.enabled: true\n ssl.certificate_authorities: \"certs/ca/ca.crt\"","_metadata":{"uid":"cs0e5d58b26a37a699"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2e0bbd938d70bafa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFirst, we set a bind mount to map the folder “filebeat_ingest_data” into the container. If this folder doesn't exist on your host, it will be created when the container spins up. If you’d like to test the \u003c/span\u003e\u003ca href=\"http://localhost:5601/app/logs/stream\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLogs Stream\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e viewer within Elastic Observability for your custom logs, you can easily drop any file with a \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e.log\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e extension into \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/filebeat_ingest_data/\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the logs will be read into the default Filebeat Datastream.\u003cbr/\u003e\u003c/span\u003e\u003cbr/\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlongside this, we also map in \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/var/lib/docker/containers\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/var/run/docker.sock\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e which, combined with the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003efilebeat.autodiscover\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e section and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/configuration-autodiscover-hints.html#_docker_3\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehints-based autodiscover\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, allows Filebeat to pull in the logs for all the containers. These logs will also be found in the Logs Stream viewer mentioned above.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb47185d5cf91d7ee"}}},{"image":{"image":{"uid":"blta02e6bd272df383d","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:32:45.966Z","updated_at":"2023-05-17T16:32:45.966Z","content_type":"image/png","file_size":"364589","filename":"image13.png","title":"image13.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.720Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta02e6bd272df383d/646501adf55683f99fe00dd4/image13.png"},"_metadata":{"uid":"cs1521e276ff693164"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3bb8f391d6ea189e"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eLogstash\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur final container to bring to life is none other than Logstash.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003edocker-compose.yml (‘logstash01’ container)\u003c/h3\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscf6031ad3ca1b1ca"}}},{"code":{"code":" logstash01:\n depends_on:\n es01:\n condition: service_healthy\n kibana:\n condition: service_healthy\n image: docker.elastic.co/logstash/logstash:${STACK_VERSION}\n labels:\n co.elastic.logs/module: logstash\n user: root\n volumes:\n - certs:/usr/share/logstash/certs\n - logstashdata01:/usr/share/logstash/data\n - \"./logstash_ingest_data/:/usr/share/logstash/ingest_data/\"\n - \"./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro\"\n environment:\n - xpack.monitoring.enabled=false\n - ELASTIC_USER=elastic\n - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}\n - ELASTIC_HOSTS=https://es01:9200","_metadata":{"uid":"cs0166b53afdcf90b4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3bb66012a7b688e0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 14pt;'\u003elogstash.conf\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb59c5db0006fd37b"}}},{"code":{"code":"input {\n file {\n #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html\n #default is TAIL which assumes more data will come into the file.\n #change to mode =\u003e \"read\" if the file is a compelte file. by default, the file will be removed once reading is complete -- backup your files if you need them.\n mode =\u003e \"tail\"\n path =\u003e \"/usr/share/logstash/ingest_data/*\"\n }\n}\n\n\nfilter {\n}\n\n\noutput {\n elasticsearch {\n index =\u003e \"logstash-%{+YYYY.MM.dd}\"\n hosts=\u003e \"${ELASTIC_HOSTS}\"\n user=\u003e \"${ELASTIC_USER}\"\n password=\u003e \"${ELASTIC_PASSWORD}\"\n cacert=\u003e \"certs/ca/ca.crt\"\n }\n}\n","_metadata":{"uid":"cse3767ab8fcc1bbce"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5c40ab49d8662a18"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Logstash configuration is very similar to the Filebeat configuration. Again we’re using a bind mount and mapping a folder called \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/logstash_ingest_data/\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from the host into the Logstash container. Here, you can test out some of the many \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/input-plugins.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003einput plugins\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/filter-plugins.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efilter plugins\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by modifying the \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003elogstash.yml\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file. Then drop your data into the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003e/logstash_ingest_data/\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e folder. You may need to restart your Logstash container after modifying the \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003elogstash.yml\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file.\u003cbr /\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNote, the Logstash output index name is \"logstash-%{+YYYY.MM.dd}\". To see the data, you will \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/data-views.html#settings-create-pattern\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eneed to create a Data View\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for the “logstash-*” pattern, as seen below.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfe5783e57ad22d85"}}},{"image":{"image":{"uid":"blt0fc9a442d3edc36d","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:34:22.481Z","updated_at":"2023-05-17T16:34:22.481Z","content_type":"image/png","file_size":"88489","filename":"image11.png","title":"image11.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.747Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0fc9a442d3edc36d/6465020e01974da3aed68ba8/image11.png"},"_metadata":{"uid":"cs6d4f444acc295452"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt1a274d4779996251","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:34:41.860Z","updated_at":"2023-05-17T16:34:41.860Z","content_type":"image/png","file_size":"369132","filename":"image14.png","title":"image14.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.767Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1a274d4779996251/646502216606ca504e95e905/image14.png"},"_metadata":{"uid":"csfd94f18d6bed8735"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs60fb56062a47e393"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, with Filebeat and Logstash both up and running, if you navigate back to Cluster Monitoring you will see Logstash being monitored, as well as some metrics and links for Elasticsearch Logs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs610e670a6d22b5cd"}}},{"image":{"image":{"uid":"blt965f471c668c7bf1","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:35:17.951Z","updated_at":"2023-05-17T16:35:17.951Z","content_type":"image/png","file_size":"189720","filename":"image6.png","title":"image6.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.789Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt965f471c668c7bf1/646502456606cad52295e909/image6.png"},"_metadata":{"uid":"cs22af6833a41959fe"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Conclusion","_metadata":{"uid":"cs96032cc843ab1e9f"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"csc5c9954357329b03"}}},{"image":{"image":{"uid":"blt9ef7719ea4353141","created_by":"blt92c74e5c4edca909","updated_by":"blt92c74e5c4edca909","created_at":"2023-05-17T16:35:52.841Z","updated_at":"2023-05-17T16:35:52.841Z","content_type":"image/png","file_size":"94379","filename":"image1.png","title":"image1.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-17T16:59:15.813Z","user":"blt92c74e5c4edca909"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ef7719ea4353141/646502689c40aa66a40754d1/image1.png"},"_metadata":{"uid":"csc1cc1d0159f2a613"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs14f9c4f431d888c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart one of this series has covered a full active cluster with monitoring and ingestion as the foundation of our stack. This will act as your local playground to test some of the features of the Elastic ecosystem.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to learn more? \u003ca href=\"https://www.elastic.co/blog/getting-started-with-the-elastic-stack-and-docker-compose-part-2\" target=\"_self\"\u003eCheck out part two\u003c/a\u003e! We dive into optimizing this foundation, along with setting up additional features such as APM Server, Elastic Agents, Elastic Integrations, and Elastic Search. We also deploy and test an application that you can instrument with some of these pieces.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAll files discussed here \u003c/span\u003e\u003ca href=\"https://github.com/elkninja/elastic-stack-docker-part-one\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eare available on GitHub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e along with some sample data to ingest for Filebeat and Logstash.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/webinars/introduction-elk-stack\" target=\"_self\"\u003e\u003cspan\u003eWatch the introduction to Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0da2ed3e0122b559"}}},{"callout":{"title_l10n":"Additional resources","_metadata":{"uid":"cs1d9c69d2e7d2113d"},"paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-compose-file\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRunning Elasticsearch on Docker\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/docker.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRunning Kibana on Docker\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRunning Metricbeat on Docker\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRunning Filebeat on Docker\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/docker-config.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRunning Logstash on Docker\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ol\u003e","callout_reference":[],"callout_type":"Information (info)"}}],"publish_date":"2023-05-17T13:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting started with the Elastic Stack and Docker-Compose","seo_description_l10n":"In part one of this two-part series, we’ll dive into configuring the components of a standard Elastic Stack consisting of Elasticsearch, Logstash, Kibana, and Beats (ELK-B), on which we can immediately begin developing.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt3a21a598b13dcba0","ACL":{},"content_type":"image/png","created_at":"2021-01-12T16:50:35.641Z","created_by":"bltf6ab93733e4e3a73","file_size":"50983","filename":"blog-thumb-charts-laptop.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-charts-laptop.png","updated_at":"2022-02-11T21:04:12.027Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:03.577Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3a21a598b13dcba0/5ffdd35b092adc41f184bad4/blog-thumb-charts-laptop.png"},"title":"Getting started with the Elastic Stack and Docker Compose: Part 1","title_l10n":"Getting started with the Elastic Stack and Docker Compose: Part 1","updated_at":"2025-02-25T20:49:53.016Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/getting-started-with-the-elastic-stack-and-docker-compose","publish_details":{"time":"2025-02-25T20:52:32.914Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5b91d5a19b0f708d","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blta248c27b7b7978db"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-25T18:58:20.860Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"Version 7.17.28 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 7.17.28 over the previous version 7.17.27\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/7.17/new.html).","modular_blocks":[],"publish_date":"2025-02-25","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 7.17.28 released","title_l10n":"Elastic Stack 7.17.28 released ","updated_at":"2025-02-25T18:58:20.860Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/elastic-stack-7-17-28-released","publish_details":{"time":"2025-02-25T22:09:11.745Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt12a751f492100461","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"The Logstash integration has incorporated data from new and improved reporting APIs into dashboards that make monitoring and troubleshooting your Logstash deployment simple and straightforward.","author":["blt80b226b35f93d8c4"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-25T17:43:20.282Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs032371abb893a03a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogstash is a powerful tool for ingesting, transforming, and shipping data from various sources. Visibility into Logstash is critical for optimizing performance and troubleshooting issues related to data ingestion. We’ve greatly improved the Logstash integration to display the status of your Logstash nodes and pipelines at a glance. The integration is now powered by Elastic Agent, which queries Logstash monitoring APIs for data that populates managed dashboards.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog will guide you through the visualizations available from the integration, how to configure and install them, and the underlying APIs that provide the data. See the health of your Logstash nodes at a glance with the updated integration.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Monitoring with the Logstash integration","_metadata":{"uid":"cs62a0ef67cfa231a0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe dashboards available through the integration completely break open the black box. Insights that would take extensive queries are available at your fingertips in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOverview\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e dashboard. Here, you can see what matters at a high level, the number of events Logstash has received, how many it has processed and sent, and how long it took.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs23e795b64e3a88c3"}}},{"image":{"image":{"uid":"blt7a22c155f8777943","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:46:51.637Z","updated_at":"2025-02-25T17:46:51.637Z","content_type":"image/png","file_size":"330989","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.109Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7a22c155f8777943/67be020b304ea9d77b82bf05/image1.png"},"_metadata":{"uid":"cs2c129bff5c9fb413"},"caption_l10n":"","alt_text_l10n":"overview","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d8297b0e9a5158d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor the performance of a single node, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNode Overview\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e dashboard provides details on system and process health. This helps to determine if an issue is localized to an individual host or if it is pervasive throughout a deployment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfef3f669564d5f62"}}},{"image":{"image":{"uid":"blte883f0223a220a45","_version":1,"title":"image15.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:46:41.214Z","updated_at":"2025-02-25T17:46:41.214Z","content_type":"image/png","file_size":"434575","filename":"image15.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.383Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte883f0223a220a45/67be0201cdb05afe2b5de90d/image15.png"},"_metadata":{"uid":"cs21ebad383ee5ea31"},"caption_l10n":"","alt_text_l10n":"node overview","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse50cc3502a504dba"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePipelines are where the work in Logstash really occurs, and we have no shortage of insights related to pipeline performance. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePipeline Overview\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e dashboard provides high-level details on pipeline activity across your entire deployment to quickly surface problems and assess performance. Broken down by pipeline, you can see the average time an event takes to process, which is how long it takes pushing to queue. Items that are outside the allotted tolerance are bolded in red to quickly attract attention and direct users to take action.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9f8010f25306673f"}}},{"image":{"image":{"uid":"bltb35edde2f3ab8b32","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:46:25.682Z","updated_at":"2025-02-25T17:46:25.682Z","content_type":"image/png","file_size":"278551","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.200Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb35edde2f3ab8b32/67be01f1c1fe9665f354cf18/image3.png"},"_metadata":{"uid":"cs22fe6dc66decef67"},"caption_l10n":"","alt_text_l10n":"pipeline overview","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb6469888dc36942f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs you drill down into individual pipelines, you’ll see details on worker utilization and processing over time. This is invaluable in determining the cause of problems. Isolating spikes in time makes it easier to correlate with configuration changes or external events.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9cd1be50602de922"}}},{"image":{"image":{"uid":"blte35852dc45b881b9","_version":1,"title":"image10.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:46:12.890Z","updated_at":"2025-02-25T17:46:12.890Z","content_type":"image/png","file_size":"173737","filename":"image10.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.312Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte35852dc45b881b9/67be01e4d1b1de0b10ca3c45/image10.png"},"_metadata":{"uid":"cs1bbdf7fd2891dc86"},"caption_l10n":"","alt_text_l10n":"blank graphs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs027ab0768a630f87"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut you shouldn’t stop at pipelines. A huge benefit of using Logstash is the vast ecosystem of plugins. That strength does introduce variability, which can make troubleshooting more difficult. Thankfully, the integration addresses that problem by providing plugin details by type, enabling users to drill down further.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf4c670adc3b36f5d"}}},{"image":{"image":{"uid":"blte33a19e9c0affcff","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:45:53.312Z","updated_at":"2025-02-25T17:45:53.312Z","content_type":"image/png","file_size":"193441","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.291Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte33a19e9c0affcff/67be01d1c660314b201ffbb7/image5.png"},"_metadata":{"uid":"cs5422c86f13b5a637"},"caption_l10n":"","alt_text_l10n":"1 - ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"bltd62af84e144458e3","_version":1,"title":"image11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:45:44.034Z","updated_at":"2025-02-25T17:45:44.034Z","content_type":"image/png","file_size":"366958","filename":"image11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.121Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd62af84e144458e3/67be01c85c5329184331644f/image11.png"},"_metadata":{"uid":"cseb123b629c2c0a65"},"caption_l10n":"","alt_text_l10n":"2 - ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt252f140bc88098e3","_version":1,"title":"image14.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:45:36.356Z","updated_at":"2025-02-25T17:45:36.356Z","content_type":"image/png","file_size":"251842","filename":"image14.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.393Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt252f140bc88098e3/67be01c0d1b1de841cca3c3f/image14.png"},"_metadata":{"uid":"cs9981d9168248ad5f"},"caption_l10n":"","alt_text_l10n":"3 - ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"See what’s new","_metadata":{"uid":"cs424f55154817eff6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe health report dashboards are the newest addition, and the amount of information they can quickly convey will make every Logstash operator’s life easier. One quick look is all you need to see if there are problems with your Logstash deployment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf93ec32bdd4af42b"}}},{"image":{"image":{"uid":"blta09f356567518bdb","_version":1,"title":"image13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:45:08.014Z","updated_at":"2025-02-25T17:45:08.014Z","content_type":"image/png","file_size":"177841","filename":"image13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.214Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta09f356567518bdb/67be01a4959e4e3c29e47109/image13.png"},"_metadata":{"uid":"cs21b8dc7cf8647d0f"},"caption_l10n":"","alt_text_l10n":"orange bar graph","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8b485d895e5ac4bd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePipeline health provides more detailed data as well as actionable insights on troubleshooting steps.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfbdee871df3f4cec"}}},{"image":{"image":{"uid":"bltcc8fc8badf48c124","_version":1,"title":"image12.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:44:59.950Z","updated_at":"2025-02-25T17:44:59.950Z","content_type":"image/png","file_size":"284375","filename":"image12.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.322Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcc8fc8badf48c124/67be019b959e4e6115e47105/image12.png"},"_metadata":{"uid":"csa519a52907ca0d91"},"caption_l10n":"","alt_text_l10n":"yellow, orange, green bar graph","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Logstash integration with Elastic Agent ","_metadata":{"uid":"cs8d791e6303db81a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInstalling the integration can be done in minutes, and the data you get will save you hours of troubleshooting. Here are the steps to install the integration and deploy agents to your Logstash instances that will collect and transform the data from Logstash monitoring APIs.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/dashboard-monitoring-with-elastic-agent.html#add-agent-to-fleet-ead\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd the Logstash integration to monitor your deployment\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eFrom the integrations page, search for Logstash. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd Logstash\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and you’ll be guided through the configuration options on how an Elastic Agent can collect monitoring data from your instance.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs746fd2a1cb0056b8"}}},{"image":{"image":{"uid":"bltbbce2bee42e31a9b","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:44:50.217Z","updated_at":"2025-02-25T17:44:50.217Z","content_type":"image/png","file_size":"215816","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.301Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbbce2bee42e31a9b/67be019262af0c0cd88a19be/image2.png"},"_metadata":{"uid":"cs496ec7972b745e0a"},"caption_l10n":"","alt_text_l10n":"logstash","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs52f77b6af0c205a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBe sure to select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMetrics (Elastic Agent)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to get the most data and our newest dashboards. You can specify what data to collect and the API polling intervals or stick with our defaults. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHealth Reporting\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is disabled by default, but you’ll want to enable it to get the most out of the integration. If you have modified your Logstash configuration to listen on a different port, specify it here.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs92a407c08e435f55"}}},{"image":{"image":{"uid":"bltb067333638b3bfc6","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:44:27.486Z","updated_at":"2025-02-25T17:44:27.486Z","content_type":"image/png","file_size":"242904","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.180Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb067333638b3bfc6/67be017b959e4e0e70e47101/image9.png"},"_metadata":{"uid":"cscd80dceb13f2ceeb"},"caption_l10n":"","alt_text_l10n":"add logstash integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse3353dc764e6b774"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/dashboard-monitoring-with-elastic-agent.html#add-agent-to-fleet-ead\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eConfigure and install Elastic Agents on Logstash nodes\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou will likely be deploying this to new agents. Create a name that is meaningful, and then save and continue. If you already have agents monitoring your Logstash deployment, you can add this policy to existing hosts.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csecfc974cc192b693"}}},{"image":{"image":{"uid":"bltcb8d8034fb84aa41","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:50:23.102Z","updated_at":"2025-02-25T17:50:23.102Z","content_type":"image/png","file_size":"98968","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.403Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcb8d8034fb84aa41/67be02df1a2ab55a0a10e325/image7.png"},"_metadata":{"uid":"cs74aeef1c2ca97552"},"caption_l10n":"","alt_text_l10n":"where to add this integration?","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ea9e9b4194209c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou will be prompted to add Elastic Agent to your Logstash nodes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs93c266910b723949"}}},{"image":{"image":{"uid":"blte9fc3e03f467a1b6","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:50:07.793Z","updated_at":"2025-02-25T17:50:07.793Z","content_type":"image/png","file_size":"71818","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.229Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte9fc3e03f467a1b6/67be02cf5ac38d956c8fef06/image8.png"},"_metadata":{"uid":"csf016ffa1184406a4"},"caption_l10n":"","alt_text_l10n":"logstash integration added","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5d44d20d4591835d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChoose \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd Elastic Agent to your hosts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and you’ll be guided through Fleet enrollment, agent installation, and verification.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf06d61544aeff175"}}},{"image":{"image":{"uid":"blte72b303e41565076","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:49:53.981Z","updated_at":"2025-02-25T17:49:53.981Z","content_type":"image/png","file_size":"256944","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.373Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte72b303e41565076/67be02c162af0c67cf8a19d0/image4.png"},"_metadata":{"uid":"cs478f7c7ea00e3bc1"},"caption_l10n":"","alt_text_l10n":"add agent","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscbeb301caaee4c50"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you’ve verified that agents are communicating with Fleet, the data will start flowing in and populate the dashboards.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data available through Logstash monitoring APIs","_metadata":{"uid":"cs458c9ec0f87fa481"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogstash exposes several monitoring APIs that give extensive visibility into single instances. The Logstash integration uses these APIs with the Elastic Agent to parse and deliver these data to your monitoring cluster. Customers that wish to create a custom integration for Logstash monitoring can query these APIs according to their requirements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/node-stats-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNode Stats\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eProvides detailed information at a node and pipeline level for a wide range of resources, events, and utilization. In version 8.5, we added an additional data type — Flow Stats — which includes derivative measures of performance, including throughput, backpressure, and worker concurrency.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/logstash/current/logstash-health-report-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHealth Report\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eNew in 8.16, the Logstash health report returns a color coded health status for your Logstash instance based on various indicators, such as pipeline status and worker utilization. The indicators include symptom details. You can also view unhealthy results, which include potential impacts, diagnoses, and suggested actions to address the problem.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Get started today","_metadata":{"uid":"cs75918543fb57c3e0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReady to get started? Explore now in a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree 14-day trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e on Elastic Cloud\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — the hosted Elasticsearch service that includes all of the latest features.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseeecea03a99193f1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5915fb0f37ebdb13"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs711ce6c0b39e35e5"}}}],"publish_date":"2025-02-25","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltb302c1813086b3cd","_version":1,"title":"158175 - Blog header image_Prancheta 1-04 (2).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-25T17:43:15.906Z","updated_at":"2025-02-25T17:43:15.906Z","content_type":"image/jpeg","file_size":"171236","filename":"158175_-_Blog_header_image_Prancheta_1-04_(2).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-25T17:51:06.281Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb302c1813086b3cd/67be01335ac38d53798feee3/158175_-_Blog_header_image_Prancheta_1-04_(2).jpg"},"title":"Easy, comprehensive Logstash monitoring with Elastic Agent","title_l10n":"Easy, comprehensive Logstash monitoring with Elastic Agent","updated_at":"2025-02-25T17:50:59.520Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/logstash-monitoring-elastic-agent","publish_details":{"time":"2025-02-25T17:51:05.608Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc08afab7cf86ee84","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is the best developer platform for building AI search and generative AI apps with expanded ecosystem partners, full document vector search, a proprietary ML model for semantic search now in GA, and a simple API-first developer experience. ","author":["blt6f8c1e29600b488b"],"category":[],"created_at":"2023-11-30T15:44:11.111Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9dc013da917071ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we want to share the investments that Elastic® is making to simplify your experience as you build AI applications. We know that developers have to stay nimble in today’s fast-evolving AI environment. Yet, common challenges make building generative AI applications needlessly rigid and complicated. To name just a few:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVectors — from how many to which ones you can use and how to chunk large passages of text\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluating, swapping, and managing large language models (LLMs)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSetting up effective semantic search (particularly if your development team has limited resources or skill gaps)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging existing investments and current architectures while balancing tech debt\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScaling from proof-of-concept to production\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaking sure that end-user applications are fast and cost-effective and reflect secure, up-to-date proprietary data in responses to queries\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFragmented and complex implementation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFlexible tools help you adapt quickly, respond to changes, and accelerate your projects. This is why Elastic is building on its foundation in Apache Lucene to offer the best open code vector database and search engine available. Elastic is also actively partnering across the ecosystem to expand support for transformer and foundation models.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMoreover, we’re making it easier to get highly relevant semantic search out of the box with Elastic’s proprietary Learned Sparse EncodeR model, ELSER — now in GA. We’re reducing the costs and processing time associated with retrieval augmented generation (RAG), the retrieval process that provides relevant responses to natural language queries from proprietary data sources to LLMs, for custom use cases. And, we’re streamlining the developer experience across Elasticsearch®, so that implementation is simple and straightforward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelopers are actively shaping the future of generative AI apps. Elastic’s ground-breaking investments (and many more to come) reflect why our AI-powered search analytics platform is the best choice for a new generation of search workloads.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"All in on Apache Lucene","_metadata":{"uid":"cs03d7b75b1a159737"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt all started with \u003c/span\u003e\u003ca href=\"/celebrating-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eApache Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, an open source search engine software library that has stood the test of time and provides the basis for Elasticsearch. While Elasticsearch has grown to be recognized as the most downloaded vector database with its innovations in vector search, scalability, and performance, the strength of our platform originates from the fact that Elastic and Lucene’s communities invest in these advancements in Apache Lucene first. In fact, Elastic has a history of enhancing Lucene’s capabilities, such as numeric and geospatial search capabilities, Weak AND support, and improved columnar storage. Advancing the Lucene community means everyone goes farther, faster. Being the driver for these investments means Elastic users receive the value first, tailored to their search needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we know that Lucene has potential beyond full-text search: developers need a full scope of features to build search apps and generative AI experiences including aggregations, filtering, faceting, etc. Ultimately we are on track to make Lucene the most leading-edge vector database in the world and to share its capabilities with millions of Elasticsearch users across the globe. That’s why Elastic’s developers regularly commit code to Lucene and leverage its foundational code for new projects, such as:\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\n \u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/lucene-bringing-maximum-inner-product-to-lucene\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBringing maximum-inner-product to Lucene\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003ca href=\"/blog/accelerating-vector-search-simd-instructions\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerating vector search with SIMD instructions\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/adding-passage-vector-search-to-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDelivering full document vector search for allowing documents to have multiple vectors within one field, ranked by the most similar vectors\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — handling the complexity of properly scoring vectors derived from long passages of text in order to address a common challenge — maintaining the overall context of large documents when using text embeddings\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/vector-similarity-computations-fma-style\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFused Multiply-Add (FMA) in Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince Elasticsearch is built on top of Lucene, when you \u003c/span\u003e\u003ca href=\"/blog/whats-new-elasticsearch-platform-8-11-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eupgrade to our latest release\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, you automatically benefit from all of the latest improvements. And we’ve already started to contribute the next foundational investments our customers will need by adding \u003c/span\u003e\u003ca href=\"/search-labs/blog/scalar-quantization-in-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003escalar quantization support to Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a key cost savings capability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Second to none in semantic search and RAG","_metadata":{"uid":"cscd3aae40d3f634a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevelopers are tasked with building search and generative AI applications that are relevant, performant, and cost-effective. Quite simply, you need to be able to retrieve data from all your proprietary data sources to build RAG to deliver the best, most pertinent results. To that end, we’ve added \u003ca href=\"/enterprise-search/data-ingestion\" target=\"_self\"\u003emore native connectors and connector clients\u003c/a\u003e for enterprise databases and popular productivity tools, and content sources like OneDrive, Google Drive, GitHub, ServiceNow, Sharepoint, Teams, Slack, and plenty of others.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEven more notably with \u003c/span\u003e\u003ca href=\"/blog/whats-new-elasticsearch-platform-8-11-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s 8.11 release\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, we’ve announced the general availability of Elastic Learned Sparse EncodeR (ELSER). It’s our proprietary AI model for delivering world-class semantic search. ELSER is a pre-trained, text retrieval model that provides highly relevant results across domains and lets you implement semantic search by \u003c/span\u003e\u003ca href=\"/getting-started/enterprise-search/build-a-semantic-search-experience\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efollowing a few simple steps\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Since \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/introducing-elasticsearch-relevance-engine-esre\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eits technical preview in May\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, ELSER has had wide adoption, allowing us to make improvements based on customer feedback. Our GA ELSER model brings increased relevance and reduced ingest and retrieval time. You can \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs/blob/bc36bfa5d1ce56dc1e7412bc8a91db5ba1c36751/notebooks/model-upgrades/upgrading-index-to-use-elser.ipynb\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eupgrade now\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to take advantage of these enhancements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnother obstacle that comes with generative AI territory: higher compute costs and slower response times. Generative LLM calls incur costs per token and require additional processing, which takes time. However, with the power of embeddings and fast k-Nearest Neighbors algorithms (kNN), Elastic can be used as a \u003c/span\u003e\u003ca href=\"https://elastic.co/search-labs/blog/elasticsearch-as-a-genai-caching-layer\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecaching layer for generative AI applications\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, readily identifying similar queries and responses and providing quicker, more cost-effective answers. With respect to cost efficiencies, \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eon AWS, we now also offer \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-default-aws-configurations.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ea vector search optimized Elastic Cloud hardware profile\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e with an optimal default RAM ratio for a price effective ability to store more vectors.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe better Elastic is at making semantic search and RAG simple to use together, the faster developers can make great generative AI experiences for end users. That’s why we’re laser-focused on making the technology easy and practical for developers to use.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Choice and flexibility across the ecosystem","_metadata":{"uid":"csfff1115bf6ca1b09"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHelping you respond to change quickly in the AI era with an open platform where you can use a variety of tools and consistent standards is key to accelerating generative AI projects. That’s why developers have flexibility to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-machine-learning-models\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003euse and host a variety of transformer models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e within Elasticsearch, including private and public \u003c/span\u003e\u003ca href=\"https://www.docker.elastic.co/r/eland/eland:latest\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHugging Face models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. You can also store vectors in Elasticsearch generated by third-party services like AWS SageMaker, Google Vertex AI, Cohere, OpenAI, and more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re also expanding our support for ecosystem tools so you can easily use Elasticsearch as your \u003c/span\u003e\u003ca href=\"https://integrations.langchain.com/vectorstores\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector database with LangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://gpt-index.readthedocs.io/en/stable/examples/vector_stores/ElasticsearchIndexDemo.html\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLlamaIndex\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn fact, we recently collaborated with the LangChain team on \u003c/span\u003e\u003ca href=\"/blog/elasticsearch-langchain-production-ready-rag-templates\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLangChain Templates\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to help developers build production-ready generative AI apps. Thanks to our community, Elastic is already one of the most popular vector stores on LangChain. Now with the new \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRAG template\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, you can create production-level capabilities with LangSmith and Elasticsearch.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A simple developer experience","_metadata":{"uid":"csc21a1d6dd4ca9322"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re dedicated to creating a simplified developer experience. We’re releasing streamlined commands that abstract away the complexity of inference and model management work streams that you can use behind one simple API. We’re improving default settings for dense vectors and providing automatic mappings too. With one call, you can summarize results or embed text as vectors from any model, reducing the time it takes for you to build and learn.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSoon, we’ll introduce \u003c/span\u003e\u003ca href=\"/blog/elastic-serverless-architecture\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s new serverless architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a new deployment option for developers who want to focus on creating innovative experiences, not managing their underlying infrastructure. We’re focused on giving you all of the tools you need, so we’re adding new language clients in our serverless architecture for Python, PHP, JavaScript, Ruby, Java, .Net, and Go.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re also well aware that it can be challenging to get started with fast-changing, new technologies, which is why we’re offering simple onboarding with inline guidance and code across every one of Elastic’s deployment options, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/examples\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereal-world examples\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to help you spin up new projects quickly.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere’s never been a better time to be an Elasticsearch developer. Our recent research and development efforts are making Lucene the best vector database in the world. We’re ensuring that semantic search and RAG are unparalleled when it comes to ease of use, relevance, speed, scale, and cost efficiency. And we’re putting ecosystem openness, flexibility, and simplicity at the heart of developer experience.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to start building next-generation search on Elasticsearch? Try the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/esre/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, our suite of developer tools for building AI search apps.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd79b48f52edf80b5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8fc82eec8399be72"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8fed689b9137958b"}}}],"publish_date":"2023-11-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic’s innovative investments to support an open ecosystem and a simpler developer experience","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt02ec7fa8864f17dd","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-11-30T16:18:30.450Z","updated_at":"2023-11-30T16:18:30.450Z","content_type":"image/png","file_size":"155558","filename":"elastic-de-135742-blogheader-pav_V1.png","title":"elastic-de-135742-blogheader-pav_V1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2023-11-30T20:27:48.736Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02ec7fa8864f17dd/6568b5d67c56dd34b8a618b4/elastic-de-135742-blogheader-pav_V1.png"},"title":"Paving the way for modern search workflows and generative AI apps","title_l10n":"Paving the way for modern search workflows and generative AI apps","updated_at":"2025-02-25T17:11:57.493Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/modern-search-workflows-generative-ai-apps","publish_details":{"time":"2025-02-25T17:12:01.366Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7aab1ff88e7ae0f5","_version":12,"locale":"en-us","ACL":{},"abstract_l10n":"The payments industry is changing. There are new apps and technologies being used to send money seemingly every day. But banks have advantages in scale and sophistication that they use to innovate and compete.","author":["blt9b0dc3587c08e259"],"category":[],"created_at":"2021-12-07T21:31:25.343Z","created_by":"blt4349d9729d06d101","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs76c2e4e54ec1c916"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe payments industry has evolved dramatically over the past decade. Traditional payment vehicles still make up the majority of transaction flows, but new apps and startups continue to grow in popularity, and billions of dollars move through their systems.\u003c/p\u003e\n\u003cp\u003eAccording to a recent \u003ca href=\"https://www.jpmorgan.com/solutions/treasury-payments/payments-are-eating-the-world\"\u003eJPMorgan study\u003c/a\u003e, of the $240 trillion in global payments in 2020, ~$54 trillion can be attributed to emerging mega-themes; that is, trends that are reshaping the way money changes hands. These themes include super apps, e-commerce, digital wallets, wearables, BNPL (buy now, pay later), connected cars, and other payment vehicles. This environment has generated a rush of excitement for customers. However, it has also created a significant level of complexity that the financial community and regulators are grappling with.\u003c/p\u003e\n\u003cp\u003eTo a great extent, fintech providers have proven to be the leaders of innovation in this space, jumping on emerging market needs and creating digital applications to meet customers where they are. Thus, while it is true that long gone are the days of banks being a one-stop shop for payments, banks still have a reason to try to remain competitive and innovative.\u003c/p\u003e\n\u003cp\u003eAccording to \u003ca href=\"https://www.ey.com/en_gl/banking-capital-markets/how-banks-can-win-at-payments\"\u003eEY\u003c/a\u003e, payments generate between 20% and 30% of the typical bank's profit directly or indirectly. It's therefore essential for banks to assert their expertise and history in this space. Possibly even more critical, transactions create key data points that enable banks to personalize other purchase experiences. With \u003ca href=\"https://www.bcg.com/publications/2019/what-does-personalization-banking-really-mean\"\u003eBCG\u003c/a\u003e finding that only 30% of customers think their bank is personalizing their service—there is a significant opportunity for expansion in this area.\u003c/p\u003e\n\u003cp\u003eBanks should create an environment that enables them to be the perfect source or partner for transactions. Here are a few things banks can do to support a winning payments experience.\u003c/p\u003e\n"},{"title_l10n":"Complete, Real-time search ","_metadata":{"uid":"cs23e21c0fe8ac72d7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eEnabling a \u003ca href=\"/blog/rabobank-enhancing-the-online-banking-experience-with-elasticsearch\"\u003ereal-time search experience\u003c/a\u003e across accounts and solutions types is still a struggle for many providers. Particularly in the institutional space, it can be difficult with multiple payment types (Wires, ACH, Same Day ACH, RTP) running on legacy systems and rails to deliver this holistic picture back to the client. This situation often feels frustrating for clients as they need to access multiple screens or run several reports across modules. This can also create downstream issues with servicing customers. According to \u003ca href=\"https://www.capgemini.com/wp-content/uploads/2021/04/World-Retail-Banking-Report-2021.pdf\" target=\"_self\"\u003eCapgemini\u003c/a\u003e, having a successful omnichannel experience is the most crucial component for banking customers. That starts with empowering employees with complete datasets and\u0026nbsp;enabling them to respond to customer inquiries quickly. For banks that are still struggling with this challenge, it is worth exploring tools to drive searchability and break down data silos to unlock a better experience.\u003c/p\u003e"},{"title_l10n":"Create a tech foundation for innovation","_metadata":{"uid":"cs2650742572895558"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe world of payments will continue to evolve. New foundational changes with the introduction of 5G coupled with advances in artificial intelligence (AI) algorithms, quantum computing, and blockchain will give life to advances in the payments space, according to \u003ca href=\"https://www.jpmorgan.com/solutions/treasury-payments/payments-are-eating-the-world\"\u003eJPM\u003c/a\u003e. It's therefore crucial that banks offer their developers the means to innovate. Faster application development can be achieved via \u003ca href=\"/observability\"\u003eunified visibility\u003c/a\u003e across time series data and with tools that have built-in machine learning. Exploring new ways to streamline IT (e.g., mainframe offloading, application consolidation) helps reduce costs and enables banks to reinvest in digital transformation.\u003c/p\u003e"},{"title_l10n":"Harness data to lead the way in fraud detection","_metadata":{"uid":"cs023d85edfb1248fc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eBanks have a clear advantage over fintech and niche payment providers when it comes to their potential to address fraud proactively. Traditional banks sit on a wealth of real-time information about customers, enabling them to paint a more holistic picture of their profiles. Understanding customer habits to accurately detect potential fraud events \u0026amp; protect their assets. While also not creating roadblocks for legitimate transactions. Search platforms can empower Fraud teams with unified data sets, enabling \u003ca href=\"/customers/pscu\" target=\"_blank\"\u003equick decisioning \u003c/a\u003efor the end customer \u0026amp; merchants. By deploying machine learning and alerting features, fraud teams can proactively detect and stamp out financial fraud before it impacts accounts.\u003c/p\u003e\u003cp\u003eEven as the payments space becomes more fragmented, there is still an opportunity for banks to be the trusted partner for clients to get their most important answers. Elastic is the leading platform for search-powered solutions, delivering powerful insights across financial services. We help organizations search, solve, and succeed — no matter the mission.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRead more stories about how our financial services customers use Elastic\u003c/strong\u003e \u003ca href=\"/industries/financial-services\"\u003ehere\u003c/a\u003e.\u003c/p\u003e"}],"_metadata":{"uid":"cs69153ba70ba07637"}}}],"publish_date":"2021-12-09T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Elastic can help banks compete in the booming payments industry","seo_description_l10n":"The payments industry is changing. There are new apps and technologies being used to send money seemingly every day. But banks have advantages in scale and sophistication that they use to innovate and compete.","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt86414c2c190e35ba","created_by":"blt4349d9729d06d101","updated_by":"blt4349d9729d06d101","created_at":"2021-12-07T21:35:36.573Z","updated_at":"2021-12-07T21:35:36.573Z","content_type":"image/png","file_size":"25937","filename":"4d7d178b.png","title":"4d7d178b.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-09T19:26:23.969Z","user":"blt4349d9729d06d101"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86414c2c190e35ba/61afd3a81a1be33b1b23fe22/4d7d178b.png"},"title":"How Elastic can help banks compete in the booming payments industry","title_l10n":"How Elastic can help banks compete in the booming payments industry","updated_at":"2025-02-25T15:39:52.426Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-elastic-can-help-banks-compete-payment-experience-payments-industry","publish_details":{"time":"2025-02-25T15:43:14.735Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1b2760ff8d03ddff","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"In a recently concluded third-party survey managed and analyzed by Socratic Technologies, over 1,400 Elastic customers shared their observability experiences. Take a look at the key takeaways from the survey.","author":["bltac4c94c5765cc633"],"category":["bltc17514bfdbc519df"],"created_at":"2022-07-08T19:40:10.144Z","created_by":"blt36060ca1dddf191e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs088d80ab7d830612"},"header_style":"H2","paragraph_l10n":"\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eCorrelating\u0026nbsp;data across multiple silos and applications to derive meaningful and actionable insights is an ongoing struggle. These challenges are only set to increase as high-speed connectivity becomes more ubiquitous and enables data-heavy, digital experiences.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eIn a recent third-party survey managed and analyzed by Socratic Technologies, \u003c/span\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eover 1,400 Elastic customers shared their observability experiences, revealing quantifiable benefits that directly contributed to business outcomes. \u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eElastic Observability is the world’s most widely deployed \u003ca href=\"https://www.elastic.co/observability\" target=\"_self\"\u003eobservability platform\u003c/a\u003e, built on the proven Elastic Stack — to break down silos and enable near real-time actionable insights.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e[\u003c/span\u003e\u003ca href=\"/explore/devops-observability/forrester-total-economic-impact-observability\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003eDownload the complete report for Elastic Observability\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e.]\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e66% improved MTTx metrics brought by unified visibility\u003c/span\u003e\u003c/h2\u003e\n\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eCustomer experiences are directly tied to reduced application downtime, minimized friction across touchpoints, and improved service resilience. Organizations across industries strive to achieve these capabilities. Elastic Observability empowers them with end-to-end visibility into applications, systems, and infrastructure improving application and service resilience as measured by MTTx metrics.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eOur customers reduced the number of incidents by 61%, which, in turn, reduced revenue loss due to downtime by 62%. At the same time, unified visibility can facilitate better collaboration across teams to prevent issues from occurring in the first place, building more resilient applications and services. All of these factors helped to improve MTTx KPIs and drove customer satisfaction higher for Elastic Observability users.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs617e5f105e6cfcc5"}}},{"quotes":{"quote_l10n":"With the Elastic solutions, we have implemented an observability platform to measure technical efficiency and enrich business dashboards. We also plan to integrate it with our Security solution (SOC).","_metadata":{"uid":"cs12c3c192c45be7d3"},"quote_author_l10n":"Elastic Observability customer | Industry - Telecommunications","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2801fc48b0c6b313"},"header_style":"H2","paragraph_l10n":"\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style='color:rgb(0, 0, 0);font-size: undefined;'\u003eDriving faster innovations with actionable insights\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: undefined;'\u003eLack of skilled labor is a growing concern across most industries. Organizations are constantly seeking ways to enhance efficiency. Survey respondents shared how Elastic helps them improve efficiency and minimize time to market for new products and features.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: undefined;'\u003eWith unified visibility, distributed systems and applications can be designed to be more resilient, reducing the number of incidents and allowing more time for developers and IT staff to focus on building new products and adding capabilities. Improved resilience not only improved efficiency but also helped build customer stickiness, and survey respondents reported seeing reduced customer churn up to 90%. Not surprisingly, customers cited Elastic Observability for driving operational efficiency and its ease of use.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse3a8dac85765f040"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csdc66c6b6794b7971"},"paragraph_l10n":"\u003ch3\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003eUp to \u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003e\u003cstrong\u003e88%\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);\"\u003e acceleration in time-to-market of new products and features\u003c/span\u003e\u003c/h3\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d157d3716753add"},"header_style":"H2","paragraph_l10n":"\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);font-size: undefined;\"\u003eEnsuring business critical services operate seamlessly, at scale\u0026nbsp;\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003eWe know how technology advancements in connectivity, cloud and data analytics, AI, and machine learning are redefining industries and changing how they do business. At Elastic, we are committed to building new capabilities that can help our customers position themselves well for the challenges of today and for the future.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003eWith organizational efficiency being top of mind for businesses and organizations, the majority of respondents to the survey cited \u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e\u003cstrong\u003elog analytic capabilities and near real-time actionable insights \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003eas critical in improving developer and operational efficiency\u003c/span\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e\u003cstrong\u003e.\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e[Related article: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/driving-quantified-success-with-elastic-enterprise-search\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);font-size: undefined;\"\u003e\u003cu\u003eDriving quantified success with Elastic Enterprise Search\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e]\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);font-size: undefined;\"\u003eAccelerate business results with Elastic across any cloud\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003eA common theme that stood out from the survey was that deploying Elastic on the cloud provided an accelerated path to realizing business objectives. In fact, 95%of Elastic Cloud customers affirmed that they would use as much or more Elastic Cloud in the coming year.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003eThey cited ease of use and impact on cost as the most common reasons to deploy Elastic Cloud. For our customers, Elastic Cloud simplified their solution management and accelerated their time to market with improved operational efficiency while also reducing risks and overhead costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e[Related article: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/nucleus-research-elastic-data-management-observability-cloud\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);font-size: undefined;\"\u003e\u003cu\u003eLeveraging Elastic to improve data management and observability in the cloud\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: undefined;\"\u003e]\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);font-size: undefined;\"\u003eDownload the full report\u0026nbsp;\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(0, 0, 0);font-size: undefined;\"\u003eIn this blog post, we captured the highlights of the survey for Elastic Observability. Download the \u003c/span\u003e\u003ca href=\"/explore/devops-observability/forrester-total-economic-impact-observability\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);font-size: undefined;\"\u003e\u003cu\u003efull report\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);font-size: undefined;\"\u003e for a closer look at the quantified benefits across solutions and we encourage you to share with your team.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5bced0d1dd7b01d7"}}}],"publish_date":"2022-07-12","sanity_migration_complete":false,"seo":{"noindex":false,"canonical_tag":"","seo_description_l10n":"In a recently concluded third-party survey managed and analyzed by Socratic Technologies, over 1,400 Elastic customers shared their observability experiences. Take a look at the key takeaways from the survey.","seo_image":null,"seo_title_l10n":"Building resilience for applications and services with Elastic Observability"},"subtitle_l10n":"Insights from the 2022 Results That Matter study","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt17abd238870bda42","ACL":{},"content_type":"image/png","created_at":"2022-05-17T00:36:34.268Z","created_by":"blt1e57c6588ae1816e","file_size":"179861","filename":"illustration-machine-learning-anomaly-1680x980.png","parent_uid":null,"tags":[],"title":"illustration-machine-learning-anomaly-1680x980.png","updated_at":"2022-05-17T00:36:34.268Z","updated_by":"blt1e57c6588ae1816e","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-18T13:00:00.071Z","user":"blt1e57c6588ae1816e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17abd238870bda42/6282ee123b9b8554904a04f2/illustration-machine-learning-anomaly-1680x980.png"},"title":"Building resilience for applications and services with Elastic Observability","title_l10n":"Building resilience for applications and services with Elastic Observability","updated_at":"2025-02-24T22:35:24.441Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/building-resilience-for-applications-and-services-with-elastic-observability","publish_details":{"time":"2025-02-24T22:35:28.543Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt842663de774fde04","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"The observability experts at Elastic predict and review industry trends for this fast-evolving DevOps discipline. From kubernetes to CI/CD pipelines and TCO, these 12 trends are likely to impact your future observability strategy and deployment.","author":["bltde0a0be05534cebf"],"category":["bltc17514bfdbc519df"],"created_at":"2022-02-04T23:38:25.414Z","created_by":"blt3044324473ef223b70bc674c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9ef37bd9bbb1204d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs businesses accelerate digital transformations and cloud adoption to better serve customers and employees in the face of the global pandemic, operational complexity has also mounted. To untangle these complexities and enable executive visibility into IT ecosystem , business leaders are increasingly looking to observability solutions as a strategic investment. \u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs3b6237dbd3b369bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThroughout this unprecedented time, \u003ca href=\"/blog/look-back-at-elastic-observability-in-2021\"\u003eElastic has been uniquely positioned\u003c/a\u003e to help our customers succeed in their digital transformation journeys, and drive their observability initiatives. We’ve been part of thousands of customer conversations and efforts to manage digital transformation. Here’s what we’ve learned and predict for the years ahead.\u003c/p\u003e"}],"_metadata":{"uid":"csb7456926d028e2d6"}}},{"title_text":{"title_text":[{"title_l10n":"1. Observability is a critical business initiative","_metadata":{"uid":"cs6cf5ea9685ea9c2b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWith customers and employees increasingly going digital, businesses need to innovate faster with increased adoption of cloud and cloud-native technologies. Keeping cloud applications running effectively has also become significantly more difficult. Organizations continue to struggle with a lot of data, but few are able to extract actionable insights. Observability connects the dots in your telemetry data, provides visibility into application performance, and enables accelerated digital transformation.\u003c/p\u003e\u003cp\u003eAs a result, the criticality of full-stack observability efforts to accelerate digital transformation has now been deemed a strategic initiative for the C-suite. Observability is moving from being a buzzword to becoming mainstream. Executives will continue to expect observability solutions to increasingly connect business and operational KPIs. \u003ca href=\"/observability/ema-allstar-award-ai-assisted-observability\" target=\"_self\"\u003eAccording to EMA Research\u003c/a\u003e, microservices, containerization, public cloud, and application transformation has lifted observability to the top of enterprise priorities and is the #1 challenge for DevOps teams.\u003c/p\u003e"}],"_metadata":{"uid":"cs9fc32ca7cd99280a"}}},{"title_text":{"title_text":[{"title_l10n":"2. Kubernetes visibility and the emergence of eBPF","_metadata":{"uid":"cs69728501aeb90520"},"header_style":"H2","paragraph_l10n":"Container and kubernetes-led adoption continues to grow rapidly. However, the newer, ephemeral, cloud technologies have also introduced several operational and visibility challenges. As the number of kubernetes clusters increase, so does the management complexity related to scaling and monitoring. Emerging technologies such as \u003ca href=\"/blog/elastic-and-cmd-join-forces-to-help-you-take-command-of-your-cloud-workloads\"\u003eeBPF\u003c/a\u003e represent a big leap forward to provide visibility into complex Kubernetes environments with minimal overhead. eBPF also delivers the ability to provide visibility from the infrastructure to the application without the complexity and overhead of service meshes and will continue to see increased adoption. Expect increased focus on managing Kubernetes as well as the adoption of eBPF."}],"_metadata":{"uid":"cs7a9da73bdb2a7b0d"}}},{"title_text":{"title_text":[{"title_l10n":"3. Increasing need for visibility across hybrid and multi-cloud environments","_metadata":{"uid":"csb70dca3fbb3bfcc9"},"header_style":"H2","paragraph_l10n":"As organizations continue to rapidly evolve in their digital transformation journey, the adoption of the public cloud is a critical component. To facilitate and accelerate digital transformation, teams need visibility across hybrid and multi-cloud environments which are becoming increasingly complex. \u003ca href=\"/virtual-events/cloud-trends-and-observability\"\u003eAccording to 451 Research\u003c/a\u003e, over 70% of respondents say that the public cloud has increased complexity in their IT organization. Observability solutions that can provide visibility across hybrid and multi-cloud environments will be the solution of choice as organizations look for unified and comprehensive visibility across legacy technology as well as modern cloud environments."}],"_metadata":{"uid":"cs99df1591dedd5d83"}}},{"title_text":{"title_text":[{"title_l10n":"4. Machine learning will improve and deliver actionable insights","_metadata":{"uid":"csf474e4fb16dea2c8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWith the amount of observability data exponentially growing, it’s harder for teams to manually sift and sort through the data to detect outliers and trends. In fact, infrequently occurring anomalies can be quite disruptive to the business but can be difficult to detect. According to \u003ca href=\"/observability/ema-allstar-award-ai-assisted-observability\" target=\"_self\"\u003eEMA Research\u003c/a\u003e, 45% of SRE time is spent on searching for actionable data. Operations and development teams are looking for ways in which machine learning can help identify anomalies as well as any outlier trends and patterns to accelerate root cause analysis and reduce downtime.\u003c/p\u003e"}],"_metadata":{"uid":"csf23637a4759f1a55"}}},{"title_text":{"title_text":[{"title_l10n":"5. Ad hoc analytics and data visualization in observability","_metadata":{"uid":"cs42d4d8a1f59d96a3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhile machine learning and automated troubleshooting will continue to improve, DevOps and SRE teams will still need the ability to analyze and segment their observability data to answer the unknown unknowns. Ad hoc analytics along with data visualization enables collaboration between teams as they seek answers to trends and understand patterns to isolate application issues, along with the resulting business impact. These advanced capabilities will require observability solutions that can store large amounts of data with custom metrics and contextual data from a variety of sources and treat all data as a first class citizen. Observability is all about the data and storing it at the granularity needed for true insights.\u003c/p\u003e\n\u003cp\u003eExpect customers to increasingly focus on these advanced observability requirements as they continue to tie operational performance to business impact. \u003c/p\u003e"}],"_metadata":{"uid":"cs63842c34bde33ed3"}}},{"title_text":{"title_text":[{"title_l10n":"6. Increasing adoption and reliance on open standards","_metadata":{"uid":"cs581184d0d159c580"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs the observability technology ecosystem gets more complex, DevOps teams continue to converge on technologies based upon open standards. Adopting open standards help organizations avoid vendor lock-in while also unlocking community-driven innovation. We will continue to see the evolution of OpenTelemetry standards support for traces, metrics, and logs. Increased adoption of Prometheus for metrics and Apache Kafka for data streaming. DevOps teams are increasingly choosing observability solutions that support these open standards to provide organizations the ability to integrate and observe their heterogeneous application ecosystems.\u003c/p\u003e"}],"_metadata":{"uid":"csa7a49d1486cecbec"}}},{"title_text":{"title_text":[{"title_l10n":"7. Simple, transparent, consumption-based pricing","_metadata":{"uid":"cs923405b9f4f61a12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs observability has continued to evolve and broaden its capabilities along with supporting more data types, observability pricing models have gotten increasingly complex. Each vendor offers multiple pricing levels along with a lot of fine print making observability deployments and their budgets, difficult to predict. Organizations will favor observability solutions that deliver value with costs based on consumption, providing teams the flexibility to adopt a model that works for them financially. Consumption-based pricing models that don’t artificially constrain customers from monitoring different environments, offer data retention and storage flexibility while still maintaining performance will be commonplace.\u003c/p\u003e"}],"_metadata":{"uid":"cs357b0276b011ca40"}}},{"title_text":{"title_text":[{"title_l10n":"8. A focus on observability TCO for the long-term","_metadata":{"uid":"cs125db05916c4e40b"},"header_style":"H2","paragraph_l10n":"With the exponential growth in operational complexity, organizations are increasingly faced with choosing between improved TCO vs. best of breed solutions. Too many solutions lead to tool sprawl resulting in fragmentation and data silos impacting operational visibility and hampering the ability to correlate data. According to \u003ca href=\"/virtual-events/cloud-trends-and-observability\"\u003e451 Research\u003c/a\u003e, 76% of organizations use more than one cloud provider. With over 800 services now being offered between AWS, Google Cloud, and Azure (according to EMA research), tool sprawl and complexity rises exponentially. Piecing together diagnostic information from multiple tools (otherwise known as the swivel chair effect) leads to increased time to root cause, reduced productivity, and slower innovation. Organizations will continue to consolidate multiple tools on a single platform that offers the best TCO for today and for tomorrow."}],"_metadata":{"uid":"csb693778b451a71f6"}}},{"title_text":{"title_text":[{"title_l10n":"9. A holistic approach requiring the right skills, processes, and technology","_metadata":{"uid":"cs3914ba615ef9f4fe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eObservability is not just about tools. Proper observability requires building the right skillset and mindset in an organization. A team that is well versed in modern software development processes, as well as operating in a cloud environment. A team that follows observability best practices, right from the start of the development process: adding informative tags to packages, adding logging to their code, and enabling instrumentation for traces. Observability best practices need to be embedded in the development process from start to finish, not an afterthought.\u003c/p\u003e"}],"_metadata":{"uid":"csab2988b28a2281b9"}}},{"title_text":{"title_text":[{"title_l10n":"10. Tighter collaboration between operations and development teams","_metadata":{"uid":"cs12cc9f501987e3b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eOrganizations continue to adopt DevOps practices as the rate of software development accelerates. To be effective, there needs to be increased collaboration between development and operations teams. All teams need to be analyzing the same data to be able to effectively collaborate and resolve problems quickly. In addition, besides adopting multiple tools within production environments, teams are also forced to adopt different tools used in their dev and stage environments, mostly due to cost constraints. Tool silos in different stages present a fragmented view of the entire pipeline. Organizations will continue to integrate their entire development environment on a single, \u003ca href=\"https://www.elastic.co/observability\" target=\"_self\"\u003eobservability platform\u003c/a\u003e to improve collaboration across teams, each analyzing the same data to reduce downtime.\u003c/p\u003e"}],"_metadata":{"uid":"cs9b2d93f7e7970ecc"}}},{"title_text":{"title_text":[{"title_l10n":"11. The rise of CI/CD observability","_metadata":{"uid":"csb6e17556525eaab5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eBuild tools are critical to ensuring the delivery of software from development to production and are often extremely complex. To get insights and visibility into this pipeline, the CI/CD community has leveraged OpenTelemetry to start instrumenting build tools (e.g. Jenkins, Maven, JUnit, Ansible, etc). These initiatives went beyond the expectations of troubleshooting CI/CD platforms and has also helped accelerate software deployment. 2022 will continue to see the rise of an ecosystem of OpenTelemetry, native devops tools transforming CI/CD pipelines into gold mines of metrics on the software delivery lifecycle. Critical information that will support an ever growing range of use cases from troubleshooting and optimizing CI/CD pipelines, to test optimization, cost accounting, engineering process monitoring, and much more.\u003c/p\u003e"}],"_metadata":{"uid":"cs0bbd15496564ef54"}}},{"title_text":{"title_text":[{"title_l10n":"12. Observability and security working together more closely","_metadata":{"uid":"csd9e50bff717658f4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs the application development process accelerates with enterprises deploying code multiple times a day or week, it’s important to ensure the security of the application as well as the infrastructure. CIOs and CISOs are looking to embed security and observability teams together so they can ensure that security isn’t compromised while delivering innovation for their customers. Recent \u003ca href=\"/blog/cios-are-changing-who-is-responsible-for-cybersecurity-devsecops-observability-securitytools\"\u003esurvey data from 451 Research\u003c/a\u003e shows a major shift in who is using application security tools, suggesting that DevSecOps is not just an idea, but a growing reality. IT decision-makers allocated application security tools to 48% of development teams in 2020, compared to just 29% in 2015, a significant leap forward.\u003c/p\u003e\n\u003cp\u003eAccording to the report, “Opportunities abound for security to become more directly integrated into DevOps efforts, with CIOs leading the charge.” The report continues to say: “Security teams must become better versed in DevOps practices and tools, while DevOps pros must increasingly embrace the integration of security practices and technology.” Expect increased requirements from enterprises for solutions that allow observability and security teams to collaborate on the same platform.\u003c/p\u003e"}],"_metadata":{"uid":"cs1fe235807c486a71"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1bcd81ebfa13c63a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhile there has been a lot of hype around observability, organizations are starting to understand the criticality of it to ensure successful digitization and cloud adoption. These changes are driving significant and rapid business and operational needs. As you move from traditional monitoring to observability, the end goal of a great, reliable digital experience is what full-stack observability will ultimately bring about. Which is why an observability initiative is an important journey to embark on in 2022.\u003c/p\u003e\n\u003cp\u003eTo learn more and discuss these future observability trends, join us for a virtual event on March 22, 2022 - \u003ca href=\"https://www.elastic.co/virtual-events/observability-trends-2022\"\u003e\u003cstrong\u003eObservability trends for 2022: A look into the future! \u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8f99d5f6aa5d44f9"}}}],"publish_date":"2022-02-04T23:42:52.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"From eBPF to CI/CD: 12 emerging trends in observability","seo_description_l10n":"The observability experts at Elastic predict and review industry trends for this fast-evolving DevOps discipline. From kubernetes to CI/CD pipelines and TCO, these 12 trends are likely to impact your future observability strategy and deployment.","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9e37344acd64cf5a","ACL":{},"created_at":"2023-11-06T20:38:34.272Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ebpf","label_l10n":"eBPF","tags":[],"title":"eBPF","updated_at":"2023-11-06T20:38:34.272Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.250Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt048e5e01aa446692","ACL":{},"created_at":"2023-11-06T20:38:02.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"devsecops","label_l10n":"DevSecOps","tags":[],"title":"DevSecOps","updated_at":"2023-11-06T20:38:02.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.187Z","user":"blt4b2e1169881270a8"}},{"title":"DevOps","label_l10n":"DevOps","keyword":"devops","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd2296d539450bf20","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:41.888Z","updated_at":"2021-12-16T22:34:41.888Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.169Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4732ba20ad170771","ACL":{},"created_at":"2023-11-06T20:48:01.608Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"public-multi-hybrid-cloud","label_l10n":"Public, multi \u0026 hybrid cloud","tags":[],"title":"Public, multi \u0026 hybrid cloud","updated_at":"2023-11-06T20:48:01.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:51.878Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdd4b5182721ccd42","ACL":{},"created_at":"2023-11-06T20:38:13.883Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"digital-experience","label_l10n":"Digital experience","tags":[],"title":"Digital experience","updated_at":"2023-11-06T20:38:13.883Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.180Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt5f2c0926801ce9c6","ACL":{},"created_at":"2023-11-06T21:28:52.513Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kubernetes","label_l10n":"Kubernetes","tags":[],"title":"Kubernetes","updated_at":"2023-11-06T21:28:54.645Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.349Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"OpenTelemetry","label_l10n":"Open source/standards","keyword":"opentelemetry","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt069bd34528952802","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:44:13.512Z","updated_at":"2023-11-06T20:44:13.512Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.903Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltd44d2f0e1f4f4b7d","ACL":{},"content_type":"image/png","created_at":"2020-02-14T21:07:01.894Z","created_by":"bltc87e8bcd2aefc255","description":"","file_size":"37777","filename":"blog-thumb-elastic-on-elastic.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-elastic-on-elastic.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.343Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd44d2f0e1f4f4b7d/5ffe0f637c627d662d7fd996/blog-thumb-elastic-on-elastic.png"},"title":"From eBPF to CI/CD: 12 emerging trends in observability","title_l10n":"From eBPF to CI/CD: 12 emerging trends in observability","updated_at":"2025-02-24T22:33:44.330Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/from-ebpf-to-ci-cd-12-emerging-trends-in-observability","publish_details":{"time":"2025-02-24T22:33:49.858Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0807a52ad0dfe8c3","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is excited to announce the technical preview of Elastic Cloud Serverless on Microsoft Azure. Built on the industry-first Search AI Lake architecture, it combines vast storage, low-latency querying, and advanced AI capabilities. ","author":["bltf6c23ea28fef643d"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-30T23:42:54.691Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d316df54c520e38"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are excited to announce the technical preview of Elastic Cloud Serverless on Microsoft Azure — now available in the EastUS region. Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions without managing infrastructure. Built on the industry-first \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — which relies on Azure Blob Storage — it combines vast storage, separate storage and compute, low-latency querying, and advanced AI capabilities to deliver uncompromising speed and scale.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start and scale quickly with Elastic Cloud Serverless on Azure","_metadata":{"uid":"cs9f69a50150392887"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNo compromise on speed or scale:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elasticsearch Serverless dynamically scales to accommodate your workload, handling unpredictable traffic and data spikes automatically — all while offering low-latency search on boundless object storage.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHassle-free operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Say goodbye to managing clusters, provisioning nodes, or fine-tuning performance. Free your team from operational tasks — no need to manage infrastructure, do capacity planning, upgrade, or scale data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePurpose-built product experience:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless provides a new, streamlined workflow to help you create projects tailored to your unique use cases in search, observability, and security. With guided onboarding, you can use in-product resources and tools that guide you every step of the way, accelerating time to value.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSimplified pricing model: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless offers a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-pricing-packaging\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eflexible, usage-based pricing model\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that scales with your needs. The solution-specific pricing aligns costs with actual usage, offering greater flexibility and cost predictability. Pay only for what you use — whether it’s for data ingested and retained in Elastic Security and Observability products or for compute resources in Elasticsearch.\u003c/span\u003e\u003c/p\u003e\n \u003c/li\u003e\n \n\u003c/ul\u003e"},{"title_l10n":"Getting started with Elastic Cloud Serverless on Azure","_metadata":{"uid":"cs08f7968de3c2001d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen you \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003esign up\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003elog in\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to the Elastic Cloud console, you can create a serverless project by specifying the type of project you want (Elasticsearch, Elastic Observability, or Elastic Security). If you choose an Observability or Security project, select Azure as the cloud provider and EastUS as the region. For an Elasticsearch project, choose the use case (“General Purpose” or “Optimized for Vectors”), and then select Azure as the cloud provider and EastUS as the region. After clicking \"Create project,\" your Elastic Cloud Serverless project will be provisioned within minutes.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVisit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"csbe77f81968acc0a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are just getting started. As we continue enhancing Elastic Cloud Serverless on Azure, we plan to expand its availability across additional Azure regions and introduce new features to further enhance performance and usability. Stay tuned for exciting updates as we bring the full power of Elastic’s solutions to Azure users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe future of search, security, and observability is here without compromise on speed, scale, or cost. Experience Elastic Cloud Serverless and Search AI Lake to unlock new opportunities with your data. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e about the possibilities of serverless or start your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree trial now\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on Azure in technical preview.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs32cc9d79f383ad21"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs87cfb40e0240d8de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb9d44b0601af6280"}}}],"publish_date":"2025-02-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Announcing the technical preview of Elastic Cloud Serverless on Azure","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions — without managing infrastructure.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte5366a60bd5ae8af","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-06T01:25:19.754Z","created_by":"bltb6c155cd84fc0c1a","file_size":"33874","filename":"blog-serverless-azure-tech-preview_1-blog_header.jpg","parent_uid":null,"tags":[],"title":"blog-serverless-azure-tech-preview_1-blog header.jpg","updated_at":"2025-02-06T01:25:19.754Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T10:55:01.030Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte5366a60bd5ae8af/67a40f7fc0a3735f7f40ada6/blog-serverless-azure-tech-preview_1-blog_header.jpg"},"title":"Elastic Cloud Serverless now available in technical preview on Microsoft Azure","title_l10n":"Elastic Cloud Serverless now available in technical preview on Microsoft Azure","updated_at":"2025-02-24T18:16:52.529Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-cloud-serverless-microsoft-azure-tech-preview","publish_details":{"time":"2025-02-24T18:16:56.361Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5e74a3e65d6b8255","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"For US organizations that need to comply with CMMC, Elastic’s Search AI Platform can help. With its comprehensive security, observability, and search capabilities, Elastic gives a foundation to help achieve and maintain CMMC compliance efficiently.","author":["blt08b4b5ab12c65210"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-24T16:31:35.591Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7a6e45f84ecd45cd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Cybersecurity Maturity Model Certification (CMMC) is a framework established by the US Department of Defense (DoD) to ensure that organizations handling Controlled Unclassified Information (CUI) implement robust cybersecurity measures. As CMMC becomes a key requirement for defense contractors, higher education institutions engaged in research or contracts with the DoD must also comply with its standards.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s Search AI Platform — with its comprehensive security, observability, and search capabilities — provides a powerful foundation to help organizations achieve and maintain CMMC compliance efficiently.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Understanding CMMC requirements","_metadata":{"uid":"cs37eea3afcec3c8fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC 2.0 consists of three levels with each increasing in complexity and security controls:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLevel 1:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Foundational cybersecurity practices, including basic safeguarding of Federal Contract Information (FCI)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLevel 2:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Advanced security controls aligned with NIST 800-171, required for organizations handling CUI\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLevel 3:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Expert-level cybersecurity measures that align with NIST 800-172 and are necessary for highly sensitive operations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach level mandates stringent monitoring, logging, and threat detection, which Elastic can help automate and streamline.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How Elastic enables CMMC compliance","_metadata":{"uid":"cs01f48ef8b1d59e3f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic provides a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003emodern platform with security and observability solutions\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e that aligns with CMMC’s core requirements, helping organizations efficiently \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ecollect, analyze, and act on security-relevant data\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in real time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Centralized log management and SIEM","_metadata":{"uid":"cs7cac5d8e96ea1184"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC mandates \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eaudit logging, continuous monitoring, and incident response\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e capabilities. Elastic Security provides a security information and event management (SIEM) solution that enables organizations to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIngest and centralize logs\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e from multiple sources (endpoints, networks, applications, and cloud services).\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMonitor system and user activities\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to detect unauthorized access and potential threats.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMeet retention requirements\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e by securely and affordably storing logs long term for forensic investigations.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"2. Continuous threat detection and response","_metadata":{"uid":"cs6e228429aaa90ab8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC requires proactive threat hunting and anomaly detection to ensure network security. Elastic’s machine learning-based detection capabilities empower security teams to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIdentify\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e anomalous user behavior and insider threats.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomate \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ereal-time threat detection with prebuilt security rules and MITRE ATT\u0026amp;CK coverage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRespond swiftly \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewith\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ecase management and automated remediation workflows.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"3. Endpoint security and Zero Trust implementation","_metadata":{"uid":"cs6e87cf7424628fe4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs organizations implement Zero Trust architectures, organizations must secure their endpoints and networks as well as ensure that they can see across the entire security ecosystem. Elastic can provide:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA unified data layer to connect Zero Trust pillars and systems, enabling end-to-end visibility\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBehavioral and signature-based malware prevention\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdvanced endpoint detection and response (EDR) to stop threats before they escalate\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegration with Zero Trust frameworks by enabling continuous monitoring and identity-based access controls\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"4. Data protection and integrity monitoring","_metadata":{"uid":"cs145ce7c79fd95711"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC emphasizes data protection through encryption, access controls, and integrity monitoring. Elastic helps enforce data security with:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRole-based access controls (RBAC)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to restrict unauthorized access to logs and sensitive data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFile integrity monitoring (FIM)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to detect unauthorized changes to critical files\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEncryption at rest and in transit\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to ensure compliance with data protection requirements\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"5. Cloud security and compliance automation","_metadata":{"uid":"cs97f631c29a402ab1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHigher education institutions and defense contractors often use cloud-based environments. Elastic enables cloud-native security by:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProviding real-time monitoring for AWS, Azure, and Google Cloud environments\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupporting FedRAMP and CMMC-aligned security benchmarks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomating compliance audits through Kibana dashboards and reporting features\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":" Why choose Elastic for CMMC compliance?","_metadata":{"uid":"cse1e873e38d4fb901"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e \u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost-effective compliance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic’s affordable data tiering provides powerful capabilities for cost-conscious organizations.\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability and performance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic is built to handle massive volumes of security data while maintaining high-speed search and analytics.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFlexibility:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic supports on-prem, hybrid, and cloud deployments, giving organizations the flexibility to meet compliance without vendor lock-in.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpen and extensible:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic’s open-source technology integrates with existing security tools and frameworks, enhancing security operations center (SOC) capabilities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Next steps","_metadata":{"uid":"cs5bf1bc6e838809dd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCMMC compliance is critical for organizations working with the DoD, including universities engaged in defense research. Using Elastic’s Search AI Platform, organizations can efficiently meet CMMC’s rigorous security and monitoring requirements while enhancing overall cyber resilience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy using Elastic’s centralized logging, real-time threat detection, and cloud security capabilities, organizations can simplify compliance efforts and focus on their core mission while ensuring data protection and operational security.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you're looking to streamline CMMC compliance, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003econtact us to learn more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e about implementing a tailored solution for your organization.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbe1764eb20ced264"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs6671dc91d014bb80"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/zero-trust-requires-unified-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eZero Trust requires unified data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEbook: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/public-sector/security-in-action-in-public-sector\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security: Public sector success stories\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9216b84fb4398318"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc5a408d112010966"}}}],"publish_date":"2025-02-24","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt811c827f06179c84","_version":1,"title":"Elastic Banner_6 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-24T16:31:33.206Z","updated_at":"2025-02-24T16:31:33.206Z","content_type":"image/jpeg","file_size":"158056","filename":"Elastic_Banner_6_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-24T16:45:09.054Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt811c827f06179c84/67bc9ee570e1ff66d373fe02/Elastic_Banner_6_(1).jpg"},"title":"How Elastic can help organizations achieve CMMC compliance","title_l10n":"How Elastic can help organizations achieve CMMC compliance","updated_at":"2025-02-24T16:31:59.527Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cmmc-compliance","publish_details":{"time":"2025-02-24T16:45:08.641Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt172264fcf45db151","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Generative AI is all the buzz, but what’s actually possible with this emerging technology? We’ll dive into 15 generative AI use cases to show what’s possible today — and provide inspiration to get you started with your own generative AI use cases.","author":["blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-06-24T01:51:36.498Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs62ce1898ad8c29c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eThere’s a lot of chatter about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e and what it can (and can’t) do. Generative AI, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language models (LLMs\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e), creates original content by utilizing the patterns and structures it learned from extensive training data without storing the data itself. That includes creating things like text, software code, and art. While it can create content, it won’t be \u003c/span\u003e\u003ca href=\"https://www.fastcompany.com/91140608/the-next-phase-of-generative-ai-presents-a-golden-opportunity-for-businesses\"\u003e\u003cspan style='font-size: 12pt;'\u003ereplacing humans\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e any time soon.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eStill, it is reshaping the landscape of industries worldwide from enhancing cybersecurity defenses to personalizing customer experiences. In fact, 99% of surveyed organizations say that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI has the potential to drive change\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e in their organization.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet's delve into ways \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/unlock-business-growth-data-driven-insights\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI unlocks new possibilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and transforms everyday business operations by assisting the humans who use it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cimg alt=\"15 generative AI use cases for the enterprise\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbeb7982f65e90086/669a8ba21e4e7e5aeab6a7ab/15-gen-ai.png\" height=\"auto\"/\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI bolsters cybersecurity defenses","_metadata":{"uid":"csa8a303cc63c2141d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI acts as a force multiplier for cybersecurity teams. It makes advanced security measures more accessible to junior analysts through intuitive natural language interfaces, allowing them to learn and apply complex security concepts without needing to be an expert in code or mathematics. And it helps senior analysts combat the ever-growing threat landscape that is being \u003c/span\u003e\u003ca href=\"https://www.fastcompany.com/91125893/generative-ai-for-cybersecurity-is-it-right-for-your-organization\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efueled by generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eHere are some ways generative AI is transforming cybersecurity in threat detection, investigation, and response (TDIR):\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eThreat hunting: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eSay an analyst is trying to traverse through hundreds of alerts. What alerts are actual threats that need to be addressed? With generative AI, a security analyst can use the click of a button to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003etriage hundreds of alerts\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e down to a few attacks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced detection: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eAI models enhance the detection of anomalous behaviors through pattern recognition, behavioral analysis, and more. Using natural language, an analyst can ask if there are unusual login attempts, irregular file access, or other indicators of malicious activity.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePredictive analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e AI-driven systems can predict and identify potential vulnerabilities, suggesting proactive defenses before threats have a chance to make it through to your systems.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eAutomated reporting:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e In the event of a security incident, generative AI can automatically compile incident reports, including the nature of the incident, affected systems, potential impact, and recommended remediation steps. This empowers security analysts to take appropriate next steps.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eDeep dive into AI for SecOps\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI improves operational resilience","_metadata":{"uid":"csbe9538683c3ac780"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can also enhance how businesses monitor and understand their operational data through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/aiops\"\u003e\u003cspan style='font-size: 12pt;'\u003eAIOps\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e — using AI to automate and streamline IT operations. Generative AI translates complex data sets into understandable insights through natural language, making it easier for non-experts and experts to make informed decisions, conduct root cause analysis, and limit downtime. Some key applications include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eExplainability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e For those needing domain-specific knowledge quickly, generative AI with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e capabilities can explain functions, logs, or traces in simple terms.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csc0d932609284fd73"}}},{"image":{"image":{"uid":"blt3e42c95c7b008b10","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-06-24T01:50:34.233Z","created_by":"bltb6c155cd84fc0c1a","file_size":"628980","filename":"rag.png","parent_uid":null,"tags":[],"title":"rag.png","updated_at":"2024-06-24T01:50:34.233Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-06-27T13:00:00.915Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e42c95c7b008b10/6678d0eab00d391b53e040c1/rag.png"},"_metadata":{"uid":"cscc69d66a8bd00ea3"},"caption_l10n":"","alt_text_l10n":"How retrieval augmented generation works","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse67c0430a4cc9df3"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e\u003cstrong\u003ePredictive maintenance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e In industries like automotive manufacturing, AI-driven predictive maintenance tools can help foresee and address system issues. Before a machine malfunctions, AI can predict and alert workers to address the problem before it affects the manufacturing process.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e\u003cstrong\u003eData synthesis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e Data indicating application issues can come from many sources. Site reliability engineers can use AI tools to help synthesize information from various sources into actionable reports, streamlining data and root cause analysis.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGet the steps to implement generative AI at your organization\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI enhances customer experiences","_metadata":{"uid":"csdb8288bd93d56a0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI is revolutionizing customer experiences by personalizing interactions and simplifying customers' information discovery process. Here are some ways generative AI is impacting the user experience:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced search tools:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI search tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e help users quickly find precise information, whether they are customers seeking product recommendations or service reps needing protocol guidelines to help a customer. When users can find what they’re looking for, satisfaction increases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eInteractive digital manuals: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eFor industries like consumer products (say, a video doorbell), AI chatbots can provide real-time, interactive guidance on product features and troubleshooting. This can improve user satisfaction and reduce support calls.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePersonalized recommendation systems:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Generative AI can tailor product recommendations based on individual customer queries, enhancing personalization and satisfaction. In fact, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/personalizations-critical-role-in-converting-ecommerce-searches-into-sales\"\u003e\u003cspan style='font-size: 12pt;'\u003e88% of online shoppers\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e are more likely to continue shopping on a retailer website that offers a personalized experience, including 96%of Gen Zers and 97% of millennials.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/learn/transform-customer-support-with-ai-powered-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eTransform customer support with AI-powered search\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI use cases in action","_metadata":{"uid":"cs60b0829f733bdff1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eOrganizations across industries are already benefiting from generative AI:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eRetail: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eCustomers can type a project they’re working on like “building a cat tree” into a home improvement site’s search bar and receive a complete list of necessary supplies — getting expert recommendations while streamlining their buying experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eTelecom:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Generative AI can proactively recommend and remediate network issues. Site reliability engineers can ask questions about network health and get answers in real time. This will reduce network downtime and emergency repair costs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eFinancial services:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Institutions can improve the accuracy and speed of fraud detection while reducing costs through task automation. By learning what behavior patterns to look out for, generative AI tools can help detect fraud while it’s happening in real time and suggest a next best action to the analyst to remediate.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eTech: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can accelerate product prototyping and design by augmenting the brainpower of humans to come up with more ideas, faster. This can help when creating new products, expanding services, and solving problems. Sales teams can use generative AI to create emails, summarize prospect interactions, and more. AI-assisted coding can help detect bugs in real time to lessen time to production.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePublic sector: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can significantly accelerate mission outcomes, improve citizen services, and better connect government analysts and security professionals to the right data at the right time by securely connecting generative AI with agency data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn how Cisco creates AI-powered search experiences with Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e is not about replacing human capabilities but enhancing and extending them. By improving processes across cybersecurity, observability, and customer experience, generative AI allows organizations in any industry to operate more efficiently, proactively, and responsively. As these technologies continue to evolve, the potential for transformative applications across industries seems boundless.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eMake these use cases a reality. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet the steps to implement generative AI at your organization\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscbdd94d5d20c231d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2cf89efc63bfc739"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse68124c9f2d33d8f"}}}],"publish_date":"2024-06-27","sanity_migration_complete":false,"seo":{"seo_title_l10n":"15 enterprise generative AI use cases","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt8c57bf8be43a8f34","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-06-24T01:51:34.908Z","created_by":"bltb6c155cd84fc0c1a","file_size":"148715","filename":"Office-building.jpg","parent_uid":null,"tags":[],"title":"Office-building.jpg","updated_at":"2024-06-24T01:51:34.908Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-06-27T13:00:00.928Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c57bf8be43a8f34/6678d1263641c75d8a13a193/Office-building.jpg"},"title":"15 generative AI use cases for the enterprise","title_l10n":"15 generative AI use cases for the enterprise","updated_at":"2025-02-23T01:57:42.820Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/15-generative-ai-use-cases-enterprise","publish_details":{"time":"2025-02-23T01:57:48.246Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte31dda2d51acc398","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"The secret to sustainable business growth? Data-driven insights. We interviewed and surveyed 1,005 IT leaders to discover what it takes to continue to grow your business with the help of your data and AI strategy. ","author":["blt14f762eec103604e","blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-30T13:16:47.984Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc9d5a64db7f665ed"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaintaining a competitive edge can feel like a constant struggle as \u003c/span\u003e\u003ca href=\"https://docs.google.com/document/d/13TwXg33ekjP2-qekJfqBh5fSabF6Sb_6FKCT6hdgP7U/edit?tab=t.0\"\u003e\u003cspan style='font-size: 12pt;'\u003eIT leaders race to adopt artificial intelligence (AI)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to solve their IT challenges and drive innovation. But with the right tools, processes, and strategies, your organization can make the most of your proprietary data and harness the power of data-driven insights and AI to accelerate your business forward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing your data in real time at scale is key to driving business value. More than 80% of C-suite executives expect data and AI to improve productivity and revenue. But to get to those results, it is critical to invest in a strong data foundation that can manage exponentially growing data volumes and uncover insights on your customers, operations, products, and services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI (GenAI) can be used to optimize your systems and experiences. But before reaching these next-generation technologies, you should focus on getting access to relevant real-time insights at scale to guide your decision-making.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut don’t just take it from us. Here are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003efive lessons from 1,005 IT leaders\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on how to unlock business growth with data and AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 1: Prioritize data-driven insights to accelerate business innovation","_metadata":{"uid":"cs286709b0b73862db"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYour business runs on vast amounts of data. Everything in your operational environment continuously consumes and creates data from various sources: your applications, systems, services, and infrastructure. A data-driven approach is crucial for solving key business challenges and driving innovation — you can’t create exceptional customer experiences without understanding what your customers expect and want.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo outmaneuver competitors and truly accelerate business innovation, you need to understand your current state of operations and promising growth opportunities. This is achieved by not only collecting and analyzing your relevant data but also deriving data-driven insights from it. These \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e help you improve resilience, increase your productivity, and ultimately accelerate innovation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor example, you might get insight into customers abandoning their carts when they add a certain product. You can look into this and discover that the product listing had a bug and wasn’t allowing people to checkout.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnless you analyze it, all this useful information can get lost in storage, often leading to lost revenue opportunities or high operational costs. Creating a culture of data-driven, strategic decision-making needs to happen across the organization from every step of the process to uncover and solve existing business challenges and uncover value-creation opportunities that enable new revenue streams, enhance competitive advantage, and boost business growth. “Problems with \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereal-time, scalable data utilization\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e impact business efficiency,” explains one technology decision-maker.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdopting a strategy to prioritize a culture of using data-driven insights across your organization lays the foundation for innovation.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Transforming your data into actionable insights starts with reducing data silos and enabling data accessibility, which can lead to faster decision-making, increased productivity, and the edge to outperform your competitors.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 2: Make sure you’re satisfied with your data insights","_metadata":{"uid":"cs6b9e29189d8e8d32"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, you may be getting insights from your data, but are you satisfied with those insights? Three out of five C-suite executives and decision-makers are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunsatisfied with the data insights available to them\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Delivering meaningful and actionable data analytics comes down to defining clear objectives and managing data volume. Too much data results in noise, but not enough data stretched across multiple silos makes \u003c/span\u003e\u003ca href=\"https://www.fastcompany.com/91140608/the-next-phase-of-generative-ai-presents-a-golden-opportunity-for-businesses\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003econnecting the dots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e very difficult.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfca5e94b76e4b148"}}},{"quotes":{"quote_l10n":"If data cannot be processed and analyzed quickly, it can lead to delayed decision-making, affecting critical aspects like customer service, product development, and marketing strategies.","_metadata":{"uid":"cs71d7bd83aa99f6b0"},"quote_author_l10n":"C-suite tech executive","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7e2f32c45222a64e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do you make sure you’re satisfied with your data insights? Identify the areas of your organization where you would most benefit from having accurate, real-time insights. Focus first on solving any \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunderlying data challenges\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in these impact-making areas and then work on refining those insights with accuracy top of mind. The more accurate these insights are, the more helpful and valuable in a business context. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved data insights can enhance decision-making, reduce risks, and increase operational efficiency.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 3: Take time to evaluate and enhance your data maturity","_metadata":{"uid":"csb7b14893672a150a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe hard truth is that 78% of C-suite leaders and IT decision-makers believe their organization is \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003emore advanced in data analytics and intelligence than their peers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. In reality, there is a significant disconnect between the perceived and actual data maturity levels across organizations. Data maturity — how well an organization leverages data for business — can be broken down into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/where-are-you-on-your-data-maturity-journey\"\u003e\u003cspan style='font-size: 12pt;'\u003efour stages\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: capture, analyze, automate, and transform. By identifying where your organization stands in the data maturity framework, you can uncover the best ways to use your data and technology to achieve your business goals.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2e82e6195a88d716"}}},{"quotes":{"quote_l10n":"We have data silos where different parts of the organization store data separately. This makes it hard to access and use data across departments.","_metadata":{"uid":"csec6ab1da9fcaacfb"},"quote_author_l10n":"Technology decision-maker in the public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6b8b417559b7289a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you’re facing a similar challenge, it’s likely your organization hasn’t reached the more advanced stages of the data maturity journey. And even if you have, the journey doesn’t end. It’s a constant quest to continuously innovate and operationalize with the power of your data. To begin your organization’s data maturity assessment, look to your data challenges: Are you dealing with excessive or insufficient volumes of data? Is it difficult to find information within your organization? Is your data taxonomy working for you?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBy \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/advance-data-maturity-journey\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eevaluating and advancing through your data maturity\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e journey, you’re building a robust data foundation that aligns with your business goals.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Aligning to business objectives is crucial to enable more informed and strategic decision-making and \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003euncover opportunities to use AI\u003c/a\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 4: Understand that GenAI comes second to good data practices","_metadata":{"uid":"csfdaf57cb496f3185"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e comes with the potential to unlock new automation capabilities, enhance your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/search-applications\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearch applications\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, improve your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomer experience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and give your employees time back to focus on strategic activities. It’s impressive and impossible to ignore — so, you’re probably under pressure from your board or leadership to implement new generative AI applications as soon as possible.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut getting value out of GenAI starts with quality data practices. Your GenAI outputs are dependent upon the data you input. Quality in, quality out. Without the right data and without robust data practices, GenAI won’t help you move the needle, and you won’t see the benefits. The opposite is also true. With rich data inputs and streamlined organizational processes, you’ll glean equally rich insights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eObtaining quality data begins with making use of your data — across environments, no matter the type of data (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estructured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eunstructured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data#difference-between-structured-semistructured-and-unstructured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esemi-structured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e). Building on a foundation of solid data practices, look for a solution that can process all your types of data from across your distributed architecture. Remember: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ewith better data, you will get better AI outputs\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 5: Embrace GenAI for a competitive advantage","_metadata":{"uid":"cs3f301e348cc16286"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“AI is the future. Without it, we are dinosaurs. GenAI will allow our company to make smarter and more efficient decisions without having to sacrifice anything. GenAI is smart, constantly learning and evolving, and it can tell us what we are missing, where to look, and what to do,” says a technology decision-maker in the manufacturing industry. Recent developments in GenAI have added a whole new wave of dizzying GenAI-powered possibilities, and those who are able to embrace it will gain a host of advantages.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations worldwide feel it: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003e93% of C-suite executives plan to invest or have already invested in\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e GenAI to improve productivity, operational resilience, customer experience and more.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEarly (relatively speaking) adoption of GenAI can position your business ahead of competitors by creating new opportunities and driving innovation. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo stay ahead of the adoption curve you first must have good data ready to go. Then, identify a high-impact use case that can benefit from the value of a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/open-source-llms-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language model (LLM)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting the best results securely requires feeding your proprietary data to a generative AI algorithm using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e). This technique contextualizes the output of your organization, resulting in more accurate and relevant results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key takeaways from IT leaders","_metadata":{"uid":"cs1e32c57d6dbe12ee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo compete, grow, and innovate, organizations need a solid data foundation to accelerate the adoption of GenAI technologies. Your data and GenAI strategy should empower your customers and employees to make informed, data-driven decisions confidently.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn what other IT leaders have had to say about their data and AI strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcf950764c1273b3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd1686a36a9234b2f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs76d0228983d2b772"}}}],"publish_date":"2024-10-09","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt2b0f2e0f79bee06a","_version":1,"title":"161778 - 2 Blog header images IT Wrapped Report blogs D2 copy_Option 5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-09T13:52:26.075Z","updated_at":"2024-10-09T13:52:26.075Z","content_type":"image/png","file_size":"202006","filename":"161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_D2_copy_Option_5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-10-09T16:30:40.711Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2b0f2e0f79bee06a/67068a9af2fbee375fe60337/161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_D2_copy_Option_5.png"},"title":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","title_l10n":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","updated_at":"2025-02-23T01:51:22.736Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/unlock-business-growth-data-driven-insights","publish_details":{"time":"2025-02-23T01:51:28.390Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt05d717ba5c495082","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"CIOs face mounting IT challenges like data silos and manual processes, hindering business growth. GenAI and data-driven solutions offer relief, but leaders must address their data management issues to unlock GenAI's full potential for innovation.","author":["blt14f762eec103604e","blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-10-08T02:22:35.913Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbc8734cb465d8215"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAmid budget constraints, labor shortages, and the need to do “more with less,” CIOs and IT leaders are facing common IT problems that transcend industries. From poor data accessibility to changing customer expectations, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-adoption-lessons-from-it-leaders\"\u003e\u003cspan style='font-size: 12pt;'\u003eIT leaders are turning to generative AI (GenAI)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as an answer to their problems.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eContinuous investments in GenAI promise companies new ways to solve key business problems and build revenue-generating streams. But for most, the key to reaping the benefits of GenAI is hidden in plain sight: data. Data is at the heart of IT innovation, but most businesses today aren’t using their data to its full potential. Investing in a robust data foundation is critical to leverage GenAI to optimize business workflows and innovate. Read on to discover what other challenges IT leaders are facing.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Difficulty getting insights from data","_metadata":{"uid":"cs2ccc9ca2d5c159e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA substantial 69% of C-suite executives and decision-makers cite the \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003einability to use data continuously\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — in real time and at scale — as a significant hurdle contributing to their company’s business challenges. The result is a lack of real-time insights that forces leaders to rely on their intuitions rather than evidence. This hinders decision-making and stifles growth and efficiency. Operationalizing data isn’t a one-time job. You need tools that can grow as your data does while giving you visibility into your systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“We have data silos across the business and are not able to consolidate [them to] have a single pane of glass to make decisions,” explains a \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003etelecommunications C-suite executive\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe feeling is supported by data: 60% of organizations are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunsatisfied with the data insights they have today\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with only 35% leveraging data insights daily for business decisions. The inability to make real-time, data-driven business decisions is due to underlying data challenges, with 98% of leaders struggling with some combination of data problems. Notably, 67% of organizations are struggling with separate data solutions for different environments, and in most cases, this is due to inefficient data management. This is partly caused by a lack of adequate tools to manage disparate systems and software — another challenge IT leaders face today.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eGetting insights from data is resource-intensive. It requires time, expertise, and clear objectives and must be integrated into IT development processes. Once you’ve collected relevant data, it takes data analytics and analysis, often with GenAI, to get \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Actionable insights offer specific measures and steps that can help you achieve a goal by telling you what to do based on your data. With the precision of search and the intelligence of AI —\u0026nbsp; including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003emachine learning (ML)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing#:~:text=NLP%20techniques%20help%20computers%20analyze,a%20subspecialty%20of%20computational%20linguistics.\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — you can transform raw proprietary data into actionable insights to accelerate your business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"2. Lack of adequate tools","_metadata":{"uid":"cs5c04fdcdfbac300c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTraditionally, organizations have continued to invest in tools that serve a specific purpose based on the needs of the business. However, this conventional technical investment process leads to unplanned isolation and/or duplication of data, information, work, and costs. The result of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/tool-consolidation\"\u003e\u003cspan style='font-size: 12pt;'\u003etool sprawl\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e further inhibits cross-functional collaboration, disables end-to-end visibility of your current environment, and overall creates organizational silos.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLegacy systems can also play a part in tool sprawl. Organizations must balance the cost of phasing these systems out with the cost of keeping them active. And because phasing them out can prove much more expensive, companies remain reliant on legacy systems. As a result, their teams might get stuck with tools that aren’t the most performant and useful for their use cases today. This may mean that all the tools don’t “connect” and speak to each other, ultimately hindering access to real-time, relevant information and digital transformation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the case of observability and security — practices that share data — redundant work and disparate tools can be detrimental to operations, compromising productivity and security while negatively impacting revenue.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBottom line: inefficient tools and processes create bottlenecks, leading to slower workflows, wasted resources, and increased operational costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eIn response to this challenge, 56% of C-suite executives \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eprioritize investment in data tools and technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as a top solution. More specifically, you have everything to gain from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/tool-consolidation\"\u003e\u003cspan style='font-size: 12pt;'\u003econsolidating your tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and investing in ones that can democratize access to data from multiple environments across organizational silos.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Too much time spent on manual work and analysis","_metadata":{"uid":"csda9d7ff280b3d50c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“If data cannot be processed and analyzed quickly, it can lead to delayed decision-making, affecting critical aspects like customer service, product development, and marketing strategies,” explains a technology company C-suite executive. Inefficiencies hinder productivity and even slow down innovation while IT departments bear the brunt of tool sprawl and data silos.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWithout the right easy-to-use tools and processes, teams often spend a lot of time on excessive manual work and analysis to get the output they need. Not only does this stifle efficiency and productivity, but it also often hinders innovation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou hire the best people — why keep them stuck doing inefficient tasks instead of innovating? If teams had the right tools, they could save time on manual routine tasks and instead focus on more value-added activities that drive business growth. Repetition and inefficiencies can often lead to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/interactive/cybersecurity-analyst-burnout-quiz\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eburnout\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and can exacerbate valuable talent. Building solutions and tools that allow teams to quickly approach laborious tasks and integrate with existing workflows can lead to better employee satisfaction,\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e retention, and business efficiency. Using tools that do not support your teams can lead to a loss of productivity, reputation, and revenue.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003cstrong\u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTaking a people, processes, and technology (PPT) approach to investing in technology and tools can help you build better workflows that prioritize automating repetitive tasks, ultimately leading to increased efficiency, cost savings, and a more agile, innovative organization. By analyzing and redesigning workflows, organizations can identify bottlenecks and inefficiencies, creating streamlined processes that are documented and standardized for consistency.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSelecting the right tools that integrate seamlessly with existing systems and leveraging advanced technologies like GenAI and machine learning further optimize automation capabilities. This approach not only improves accuracy and reduces costs but also enhances organizational agility and employee satisfaction, ultimately providing a competitive advantage in the market.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"4. Lack of operational resilience","_metadata":{"uid":"csdf275f59a3a93542"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOutages are a business's worst nightmare — especially considering the average cost of downtime can be as high as $9,000 a minute.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/operational-resilience\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOperational resilience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e helps businesses weather disruptions by minimizing downtime and preventing potential crises. Resilient companies adapt faster to market changes and outperform competitors during and after a crisis.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In other words, operational resilience is good for business.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSuccessful data management and practices are at the heart of operational resilience, yet establishing it is a challenge for many businesses. Without the proper tools, practices, and experts, business data is a burdensome anchor rather than a sail. As a result, organizations are vulnerable to frequent disruptions, delays, and downtime, which impact resilience, increase business risk, reduce productivity, and drive up costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003cstrong\u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWithout the ability to proactively get ahead of disruptions and outages, organizations are locked in a reactive stance and forced to play catch-up. AI can put you ahead of the game with predictive resilience models. By analyzing trends in your data, it can spot potential issues before they occur. Putting out fires big and small ultimately affects end-user productivity and revenue from customer-facing services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAchieving operational resilience begins with a robust data foundation rather than a disparate collection of fragmented tools and systems. By prioritizing data infrastructure, you can empower your teams with actionable, real-time insights to take on a proactive approach that drives business growth and ensures that your revenue-generating applications are up and running.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Not able to effectively mitigate cybersecurity threats","_metadata":{"uid":"cs5353daa763534bd2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI has many potential advantages, but it has also fostered the rise of a new generation of cyber threats. The use of GenAI in both official and unofficial capacities has also intensified and fueled these \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cyber-threat-research\"\u003e\u003cspan style='font-size: 12pt;'\u003ecybersecurity threats\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Often understaffed in the security domain or underskilled in the face of rapidly evolving AI technologies, organizations see negative business impacts: reactive measures lead to high-risk exposure, financial loss, legal issues, reputational damage, and lost customer trust.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEffectively mitigating these cybersecurity threats requires specialized skills that are in high demand and very difficult to come by. Organizations must also update security monitoring practices to reach across data silos and offer security teams a 360° view into their systems and operations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3f583fd508cadc0d"}}},{"quotes":{"quote_l10n":"Market is trending, technology is dynamic, and it gives rise to new-gen digital crimes. We want [to] be up to the mark per industry standards by equipping ourselves with the latest cybersecurity knowledge and implementations.","_metadata":{"uid":"cs6516caba71853163"},"quote_author_l10n":"C-suite executive, technology industry","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92347fdcd431911c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eSo, while GenAI may be exacerbating the challenge of keeping up with new threats, it may also be the solution to mitigating them more effectively. More than half (59%) of leaders have already invested in \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI and ML-driven security automation technologies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and 96% believe that using GenAI security assistants that can proactively detect and remediate network issues and threats will drive value to their organizations. Generative AI has the potential to help close the expertise gap in the security sector and fill security roles when applied to a robust data infrastructure.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUltimately, it all comes down to data. Leaders are dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003edata challenges\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — from sprawl and silos to a lack of adequate tools and an insufficient workforce — which compound observability, security, and resilience challenges. It’s no wonder then that C-suite executives and leaders are prioritizing GenAI solutions and data analytics tools as their top technology investments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Take the data and AI assessment","_metadata":{"uid":"cs76ccb25e6aa2537b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeaders across many organizations struggle with similar business and data challenges, all while looking to AI and GenAI for new opportunities. To identify areas of improvement and investment, reflecting on existing challenges and understanding your competitors is the best place to start to develop a strategic plan to stay competitive.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/interactive/data-and-ai-strategy-assessment\"\u003e\u003cspan style='font-size: 12pt;'\u003eSee how you stack up against your peers in AI investments, business challenges, and opportunities\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(37, 99, 235);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs76a74120492272e6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs503ef0b072aeb72b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cem\u003eOriginally published on October 8, 2024; Updated on December 12, 2024.\u003c/em\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs15423df415b4bf9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e*\u003ca href=\"https://www.salesforce.com/blog/automation-trend-employee-experience/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e89% Of Your Employees Could Benefit With This One Change\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, Salesforce. 2022.\u003cbr /\u003e\u003c/span\u003e*\u003ca href=\"https://www.forbes.com/councils/forbestechcouncil/2024/04/10/the-true-cost-of-downtime-and-how-to-avoid-it/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe true cost of downtime (and how to avoid it)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, Forbes. 2024.\u003cbr /\u003e\u003c/span\u003e*\u003ca href=\"https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/resilience-for-sustainable-inclusive-growth\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eResilience for sustainable, inclusive growth\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, McKinsey. 2022.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ae42d25568a3208"}}}],"publish_date":"2024-12-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt4b8871540ff04df3","_version":1,"title":"161778 - 2 Blog header images_ IT Wrapped Report blogs 2.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-08T01:34:02.761Z","updated_at":"2024-10-08T01:34:02.761Z","content_type":"image/jpeg","file_size":"161652","filename":"161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_2.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-12T18:54:58.555Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4b8871540ff04df3/67048c0a5ff78d32dc8f0977/161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_2.jpg"},"title":"Top 5 IT challenges leaders are facing (and solutions to them)","title_l10n":"Top 5 IT challenges leaders are facing (and solutions to them)","updated_at":"2025-02-23T01:47:26.428Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/top-5-it-challenges-leaders-face-solutions","publish_details":{"time":"2025-02-23T01:47:31.355Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8fe894b6a0645be6","_version":18,"locale":"en-us","ACL":{},"abstract_l10n":"If you aren’t able to replace your existing SIEM outright, that doesn’t mean you can’t supplement its capabilities with a more performant solution. Elastic allows all users to try out a new, powerful SIEM with little to no upfront cost.","author":["blt1f84830916c3ddfe"],"category":["bltc17514bfdbc519df"],"created_at":"2022-10-12T21:04:03.885Z","created_by":"bltc87e8bcd2aefc255","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc6feb1ba5f37d50d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eSecurity teams with an existing security information and event management (SIEM) investment may find themselves having to pay more to their vendor in order to ingest and index more of their data. In fact, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/security-without-limits/cybersecurity-solutions-riskier-world\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enearly half\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e (44%) of organizations want to augment or replace their current SIEM solution.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eIt may be time to replace your SIEM.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eFortunately, Elastic allows all users to try out a new, powerful SIEM with little to no upfront cost. The solution takes an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/why-the-best-kind-of-cybersecurity-is-open-security\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eopen approach\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, and data is free to ingest — empowering teams to experience what it feels like to gather unlimited data under a single solution.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eAnd with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/ai-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, security practitioners of every skill level benefit from automated threat protection, alert investigation, incident response, and more. It also makes the SIEM migration process much easier for teams to execute.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eSo do you need to replace? Here we establish five pain points that may confirm your need for SIEM replacement.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e1. Ingesting and storing data is cost-prohibitive\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eIf your current SIEM vendor is charging you for data storage, you’re likely leaving a lot of vital contextual data untapped for the sake of budget. Unfortunately, without fast access to activity data and context, your team’s ability to properly protect your organization is limited.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e2. Investigations are running slow\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eIf your team’s queries are taking hours, it’s time to consider a more modern tool to help get the answers you need in real-time. Thanks to the rapid advancement of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003elarge language models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, the rest of the world is able to summon responses to queries for just about any request in seconds. You should expect a SIEM solution that does the same for your investigations.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e3. Stagnant platform\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eMany legacy SIEMs weren’t built to adjust to your team’s specific style of work and have a hard time adapting to the latest breed of threat types. While the flexibility to build custom integrations, dashboards, and workflows for a variety of outcomes is a strong plus, the need to defend against a new landscape of AI-intensified threats is essential. Rather than resting on past laurels, be sure your SIEM vendor is dedicated to constant innovation in an environment of quick change.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e4. On-prem only\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eIf your current SIEM solution can’t keep pace with a multi-cloud world, you’ll need a complementary tool to help you achieve the scalability and automation that only a modern SIEM can provide.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003e5. Limited user community\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eWithout an open approach to security, your vendor may not be integrating input from the broader user community. This inhibits contributions and feedback that would otherwise ensure the SIEM is continuously innovating to meet an ever-evolving landscape of cyber threats.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eLegacy SIEMs just don’t cut it\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eMany of the challenges teams are experiencing with their current SIEM offerings stem from the foundational infrastructure those SIEMs were built upon. The requirements of SIEM have vastly outgrown the traditionally static collection, storage, and analysis of security data. Organizations need dynamic and actionable insights into that data, environment-wide correlations, integrated threat intelligence, and real-time investigative capabilities to drill down into areas of concern.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eWith teams continuously integrating cloud services, the attack vector further expands. Now, monitoring across users, apps, behavior, and much more is all part of practitioners’ daily routine.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e“As workloads migrate to the cloud, monitoring cloud deployments becomes essential to the business,” said Mandy Andress, CISO at Elastic. “Some older SIEMs needed a lot of care and feeding. Today's IT environments provide a firehose of data. While traditional SIEMs can ingest a lot of data, they don't embed analytics; it could take hours or days to analyze that data, which impacts the ability to quickly investigate suspicious activity.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eMoving forward with replacement\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eOnce you’ve decided to replace your SIEM, the natural next step is to find a highly scalable and flexible platform with which to collect, visualize, and analyze all security-related event logs. This new solution also has to have the ability to selectively forward the raw and/or converted logs back to your existing SIEM in order to satisfy compliance requirements.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eThe replacement approach does not immediately eliminate the need for your original SIEM, as it still provides the complex correlation rules, case workflow and incident response management, and compliance reporting capabilities you’ve established over months or years of fine-tuning.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith Elastic \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003ealongside your existing SIEM, \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eyour team can modernize security operations — harnessing data at cloud speed and scale to effectively detect, investigate, and respond to evolving threats. With Elastic’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/philosophy\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eresource-based pricing philosophy\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, users don’t need to pay for ingesting data, thereby lowering the barrier to entry for teams looking to feel out the solution before investing further resources.\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch2\u003eReal-world use case\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eUSAA augmented its SIEM using Elastic and immediately started noticing results. USAA’s first quick win occurred during an interactive investigation wherein the team was analyzing web proxy bandwidth consumers. They quickly noticed excessive bandwidth consumption and, within a couple minutes, identified the source of network misuse.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eUSAA’s second quick win came from near-real-time investigation afforded by the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/elk-stack\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003espeed Elastic is renowned for\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e. The team detected a customer-facing app that was being scanned over the network and identified the source of port scanning activity within 2–3 minutes. The existing SIEM, by comparison, was only 2% complete with the initial search within the same timeframe.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eFrom this shift in passive data gathering to active investigation, USAA transformed its team from security “gatherers” to “hunters” by using Elastic. Advance your own team’s security maturity on a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/siem/\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eunified, open platform for SIEM\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e and \u003ca href=\"https://www.elastic.co/security/siem\" target=\"_self\"\u003esecurity analytics\u003c/a\u003e.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eLet’s get you up to speed\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eSIEM replacement is a process, and our security experts are here to see you through it and help you achieve the results you’re hoping for.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003ca href=\"https://www.elastic.co/blog/how-elastic-security-drive-value-organization\" target=\"_self\"\u003eLearn how Elastic Security delivers business impact.\u003c/a\u003e \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cem\u003eOriginally published October 19, 2022; updated February 22, 2025.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1fe59011ff839cdc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs401ec3be09eccdcb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd9173c02a3841f03"}}}],"publish_date":"2024-01-16T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How to replace your SIEM","seo_description_l10n":"If you aren’t able to replace your existing SIEM outright, that doesn’t mean you can’t supplement its capabilities with a more performant solution. Elastic allows all users to try out a new, powerful SIEM with little to no upfront cost.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}},{"title":"SIEM","label_l10n":"SIEM","keyword":"siem","hidden_value":false,"tags":[],"locale":"en-us","uid":"blta7a92715fa2dc7aa","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-07-12T21:52:53.275Z","updated_at":"2021-07-12T21:52:53.275Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-10-07T18:59:30.492Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt020047acd65b5e53","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-02-01T15:28:08.204Z","updated_at":"2024-02-01T15:28:08.204Z","content_type":"image/png","file_size":"116720","filename":"elastic_de_140615_blogheaderimage_isittimetoreplaceyoursiem_D1_V1.png","title":"elastic_de_140615_blogheaderimage_isittimetoreplaceyoursiem_D1_V1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-01T15:28:15.675Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt020047acd65b5e53/65bbb8885cdaec00163b9e6d/elastic_de_140615_blogheaderimage_isittimetoreplaceyoursiem_D1_V1.png"},"title":"Is it time to replace your SIEM?","title_l10n":"Is it time to replace your SIEM?","updated_at":"2025-02-23T01:14:38.915Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/five-signs-you-need-to-replace-your-siem","publish_details":{"time":"2025-02-23T01:14:45.211Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfd16d81e69072c5e","_version":19,"locale":"en-us","ACL":{},"abstract_l10n":"With our new Elastic Security Value Calculator, you can easily estimate how Elastic can drive financial gains for your organization. Based on your results, you’ll know how Elastic Security creates efficiencies for you.","author":["blteeaceaae851afa34","blt8f7db4157fab33b3","blt14f762eec103604e"],"category":["bltc17514bfdbc519df"],"created_at":"2023-06-29T17:40:37.694Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs98ca95e1bd689c01"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is used by more than 50% of Fortune 500 companies, minimizes TCO, and delivers a modern approach to detection, investigation, and response to increase security team efficiency. For organizations looking to strengthen defenses by getting access to real-time insights, Elastic Security, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003ebuilt on a Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, offers visibility across the entire attack surface to help you meet your business objectives.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How Elastic leverages Elastic Security","_metadata":{"uid":"cs5b35d6838f065c52"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore explaining the value drivers, let's hear from our Elastic CISO Mandy Andress.\u0026nbsp; Mandy compares her viewpoint and experiences consolidating tech stacks for a Fortune 100 firm and Elastic with an 87.5% faster time-to-market.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4627103be9ba622d"}}},{"video":{"vidyard_uuid":"SEZoJSYdjsqg5mNSYnMyWb","_metadata":{"uid":"cs2f68aaee064f2c58"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"code":{"code":"Video transcript:\n\nHi, all. I'm Mandy, Elastic’s CISO. Before I compare the above outcomes, let me first share my perspective for context. Fundamentally, I see security as a data problem, and I'm often asked, what keeps you up at night? I always give the same answer: what do I not know? There are so many things changing and happening in the global threat environments and our overall environment that I'm always concerned about what we are missing. What actions should we be taking that we don't have the visibility or are just not looking at with the correct perspective? With that in mind, I try to build a diverse team that brings different skills and different perspectives and stays really connected with the community.\n\nBut there will always be things that we don't know. And how do we learn that? How do we apply Elastic and the power of the ELK stack to provide us that visibility? Elastic helps our organization uncover some of those unknown unknowns with data. There are so many great stories I can tell you about how Elastic enables organizations to do that. But fundamentally, it's a mindset shift. How do you transition from focusing on discrete activities that you don't want to see happening in your environment to really understanding the baseline of how your environment should be behaving and what anomalous activities are occurring that you should investigate? With today's scale and overall significant amounts of data. Elastic provides the ability to quickly process significant amounts of data at scale. That speed, combined with our machine learning and generative AI capabilities, means we don't have to do it the same way. When you replace the tech stack for your SOC. These combined capabilities are some of the most powerful I have seen and some of the easiest to configure just out of the box, turning on machine learning rules. We gain significantly more insight than organizations can achieve with the traditional SIEM. We're all awaiting the addition of Elastic Security Assistant that utilizes generative AI to shorten the learning curve of analysts.\n\nBefore Elastic, I was working at a Fortune 100 firm. We wanted to completely rebuild our SOC and expand to provide global 24x7 support. We were ingesting daily about five terabytes of data with 50,000 events per second. Additionally, we had daily bursts, occasionally reaching 100,000 events per second. We knew we wanted detection and analysis with some behavioral analytics. We wanted to start moving into anomalous behavior. Understanding what was suspicious about our environment, whether it was a user or a machine. Getting all of that stood up took us three tools, 24 months, millions of dollars in licenses, and even millions of dollars more in services. And after 24 months, we were functional, but we still had a lot of work to do to get us to our desired end state. \n\nWhen I started at Elastic, I was looking to achieve the same thing, and we were able to do that with one product and one license, Elastic. We’re known to Elasticians as customer zero. We start testing and consuming capabilities as soon as possible. In that first three months, we were ingesting about 32 terabytes of data daily, 350,000 events per second. And we only had four SOC analysts distributed across the globe. From an information security perspective, we were up and running in three months versus 24. Not to mention that our current architecture is ingesting daily 200 terabytes of data, but this story doesn't tell us the rest of the power across the environment. Utilizing cross-cluster search on petabytes of data across multi-cloud and on-prem environments, searching many, many petabytes of data in just under 30 seconds. \n\nThis provides insights allowing us to respond to real-time events like Log4j and helps us provide data analysis to answer some of those questions to help ensure that we're knowing what's happening in our environment and identifying, as best we can, those unknown unknowns. With elastic security, we've seen clear productivity gains, risk reductions, and cost savings, and we look forward to continuing on this journey to improve the security of elastic. I encourage you to evaluate the gains your organization can achieve using elastic. Thank you.","_metadata":{"uid":"cs8bdf533f21337cdf"}}},{"title_text":{"title_text":[{"title_l10n":"Video transcript:","_metadata":{"uid":"cs63681349deefa00d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eHi, all. I'm Mandy, Elastic’s CISO. Before I compare the above outcomes, let me first share my perspective for context. Fundamentally, I see security as a data problem, and I'm often asked, what keeps you up at night? I always give the same answer: what do I not know? There are so many things changing and happening in the global threat environments and our overall environment that I'm always concerned about what we are missing. What actions should we be taking that we don't have the visibility or are just not looking at with the correct perspective? With that in mind, I try to build a diverse team that brings different skills and different perspectives and stays really connected with the community.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eBut there will always be things that we don't know. And how do we learn that? How do we apply Elastic and the power of the ELK stack to provide us that visibility? Elastic helps our organization uncover some of those unknown unknowns with data. There are so many great stories I can tell you about how Elastic enables organizations to do that. But fundamentally, it's a mindset shift.\u0026nbsp; How do you transition from focusing on discrete activities that you don't want to see happening in your environment to really understanding the baseline of how your environment should be behaving and what anomalous activities are occurring that you should investigate? With today's scale and overall significant amounts of data. Elastic provides the ability to quickly process significant amounts of data at scale. That speed, combined with our \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003emachine learning\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e and \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003egenerative AI\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e capabilities, means we don't have to do it the same way. When you replace the tech stack for your SOC. These combined capabilities are some of the most powerful I have seen and some of the easiest to configure just out of the box, turning on machine learning rules. \u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/security-teams-prebuilt-protections\" target=\"_self\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eWe gain significantly more insight\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e than organizations can achieve with the traditional SIEM. We're all awaiting the addition of \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eElastic Security Assistant\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e that utilizes generative AI to shorten the learning curve of analysts.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eBefore Elastic, I was working at a Fortune 100 firm. We wanted to completely rebuild our SOC and expand to provide global 24x7 support. We were ingesting daily about five terabytes of data with 50,000 events per second. Additionally, we had daily bursts, occasionally reaching 100,000 events per second. We knew we wanted detection and analysis with some behavioral analytics. We wanted to start moving into anomalous behavior. Understanding what was suspicious about our environment, whether it was a user or a machine. Getting all of that stood up took us \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003ethree tools\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e, \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003e24 months\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e, \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003emillions of dollars in licenses\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e, and even \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003emillions of dollars more in services\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e. And after 24 months, we were functional, but we still had a lot of work to do to get us to our desired end state.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eWhen I started at Elastic, I was looking to achieve the same thing, and we were able to do that with one product and one license, Elastic. We’re known to Elasticians as customer zero. We start testing and consuming capabilities as soon as possible. In that first three months, we were ingesting about \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003e32\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e terabytes\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eof data daily, \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003e350,000\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003eevents per second\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e. And we only had \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003efour SOC analysts\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e distributed across the globe. From an information security perspective, we were up and running in \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003ethree months\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e versus 24. Not to mention that our current architecture is ingesting daily \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003e200 terabytes\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e of data, but this story doesn't tell us the rest of the power across the environment. Utilizing \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003ecross-cluster search\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e on petabytes of data across multi-cloud and on-prem environments, searching many, many petabytes of data in just under 30 seconds.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eThis provides insights allowing us to respond to real-time events like Log4j and helps us provide data analysis to answer some of those questions to help ensure that we're knowing what's happening in our environment and identifying, as best we can, those unknown unknowns. With elastic security, we've seen clear productivity gains, risk reductions, and cost savings, and we look forward to continuing on this journey to improve the security of elastic. I encourage you to evaluate the gains your organization can achieve using elastic. Thank you.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs60439709366aea45"}}},{"image":{"image":{"uid":"blt918f8a12fe2e4b13","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-06-29T17:08:28.171Z","updated_at":"2023-06-29T17:08:28.171Z","content_type":"image/png","file_size":"198437","filename":"elastic-blog-24-3-months.png","title":"elastic-blog-24-3-months.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-29T19:52:44.659Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt918f8a12fe2e4b13/649dba8c4a3adf2f8b0532ec/elastic-blog-24-3-months.png"},"_metadata":{"uid":"cs95f9028f8f215450"},"caption_l10n":"","alt_text_l10n":"24 months 3 months chart","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs39807285793f8f2f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eCurious to see how your team compares?\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/value-calculator\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eTry out our interactive value calculator\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1f6e870dc4778bc1"}}},{"title_text":{"title_text":[{"title_l10n":"Value drivers for security teams","_metadata":{"uid":"cs5937075ed2bcc2ae"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eModern security solutions typically drive values in these four primary areas:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCosts savings:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This includes any monetary savings from reducing the total cost of ownership of technology that directly impacts the bottom line.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRisk reduction:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Here, we quantify the value of reducing the likelihood and severity of security incidents with Elastic. Elastic looks to identify potential risks before they occur, allowing your organization to uncover any additional financial benefits that allow you to retain losses.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eProductivity gains:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic boosts productivity by accelerating analysis, facilitating collaboration, and automating key steps. These gains improve efficiency, accelerate decision-making, and allow organizations to redistribute resources to new projects.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRevenue recovery: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eService downtime and customer experience issues can impact revenue and customer retention. This area reflects the bottom-line value of reducing these risks.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Value drivers of Elastic Security","_metadata":{"uid":"cs668cce5848b2c14e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor Elastic Security specifically, we define value in the following categories:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Security team efficiency improvement","_metadata":{"uid":"csb3895eafd8ded3c1"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security drives productivity gains across security analysts, engineers, and management personnel from a business analysis perspective. We begin by accounting for the economic value of improving the productivity of every SOC’s most valuable resource: its skilled practitioners. If time is money, how much can your team expect to save by automating threat detection and streamlining investigation and incident response?\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy centralizing data, security teams can analyze information faster and accelerate response with embedded case management and automated actions. This allows teams to quickly determine root cause and reduce escalations. By improving mean time to investigate, detect, and respond (MTTX) and reducing false-positive alerts and escalations, teams can reduce their overall cost per incident.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"2. Security technology consolidation and optimization","_metadata":{"uid":"cs324d7a36d155bcb2"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security unifies several vital technologies — SIEM, endpoint, and cloud security — on a single platform. In this calculation, we estimate the value of lowering licensing and infrastructure costs, reducing technical overhead, and simplifying the implementation of new use cases.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"3. Business disruption risk reduction","_metadata":{"uid":"cs30ae1d9495d57155"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAny disruption to your business by security incidents — whether internal or external — can cost your organization. Elastic Security allows you to improve visibility, eliminate blind spots, increase automation, and reduce the number of incidents. In this calculation, we consider downtime associated with internal and customer-facing services and applications. This can bring productivity gains for employees and recover revenue previously lost to downtime, SLA violations, and customer churn.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"4. Incident risk reduction","_metadata":{"uid":"cs96ffc5e8779d6d62"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith robust \u003ca href=\"https://www.elastic.co/security/endpoint-security\" target=\"_self\"\u003eendpoint security solutions\u003c/a\u003e and capabilities, Elastic Security prevents and detects ransomware, malware, phishing, and other attacks, and enables automated response environment-wide. Here, we measure the impact of reducing these risks and measure potential financial savings based on IBM’s \u003c/span\u003e\u003ca href=\"https://www.ibm.com/downloads/cas/3R8N1DZJ\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCost of a Data Breach Report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"5. Incident cost avoidance","_metadata":{"uid":"cs2a5dfb64de0336f3"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security modernizes SecOps, equipping practitioners to protect, detect, and respond to complex attacks. With an open and transparent platform — and an agent that stops ransomware and advanced threats alike — it helps organizations reduce risk, advance SecOps maturity, and harden DevSecOps processes. Here we take into account post-incident cost savings, including system reimaging and hours spent by an external incident response firm.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic AI Assistant","_metadata":{"uid":"cs62a5581a7542a530"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese calculations don’t reflect the value delivered in the recently introduced \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for Elastic Security. AI helps practitioners harness the rapidly shifting LLM landscape to address various security use cases. It provides guidance on topics as varied as alert summarization, triage steps, query conversion, and custom data ingestion. These capabilities streamline analyst workflows, reducing mean time to investigate, detect, and respond.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How does Elastic Security drive value for our customers?","_metadata":{"uid":"cs30dbf5d0c6fc8501"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSee how \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/transforming-cybersecurity-elastic-search-ai-proficio\"\u003e\u003cspan style='font-size: 12pt;'\u003eProficio\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e turned to Elastic Security and used Elastic AI Assistant to reduce investigation time by 34% and project cost savings.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8f1fc5fd631b3025"}}}],"publish_date":"2023-06-29","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb1d5b7df835c3535","ACL":{},"created_at":"2023-11-06T21:38:33.456Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"continuous-monitoring","label_l10n":"Continuous monitoring","tags":[],"title":"Continuous monitoring","updated_at":"2023-11-06T21:38:33.456Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.388Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"AIOps","label_l10n":"AIOps","keyword":"aiops","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2690a3f48e0fb443","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:07:47.588Z","updated_at":"2023-11-06T20:07:47.588Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.779Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt539f8b977e5a814a","ACL":{},"content_type":"image/png","created_at":"2022-06-01T19:17:49.043Z","created_by":"blt3044324473ef223b70bc674c","file_size":"108540","filename":"illustration-currency-value-scale-1680x980-white.png","parent_uid":"bltbe197e1b26d08536","tags":[],"title":"illustration-currency-value-scale-1680x980-white.png","updated_at":"2022-06-01T19:17:49.043Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-10-10T08:10:49.241Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt539f8b977e5a814a/6297bb5dbf05100f50a8c01f/illustration-currency-value-scale-1680x980-white.png"},"title":"How does Elastic Security drive value to your organization?","title_l10n":"How does Elastic Security drive value to your organization?","updated_at":"2025-02-23T01:00:40.300Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-elastic-security-drive-value-organization","publish_details":{"time":"2025-02-23T01:00:45.607Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfb553706e865e56d","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Procurement and finance teams have already decided that systems are moving to cloud, often ahead of IT or Security teams that want to maintain on-prem servers. ITDMs need to enable these business requirements for their leadership teams.","author":["blt3a940aeb34c1a4eb"],"category":["bltc17514bfdbc519df"],"created_at":"2022-07-19T20:20:18.777Z","created_by":"blt36060ca1dddf191e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs743550bb07827e51"},"header_style":"H2","paragraph_l10n":"\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eWhat’s the potential business value of moving to the cloud? According to \u003c/span\u003e\u003ca href=\"https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/clouds-trillion-dollar-prize-is-up-for-grabs\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003eMcKinsey\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e, it’s a cool $1 trillion that’s up for grabs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eIt’s such a huge number that it may seem like pie in the sky. But companies are already positioning themselves to grab a piece of that pie for themselves. The most recent example is \u003c/span\u003e\u003ca href=\"https://www.techspot.com/news/95189-fedex-close-all-data-centers-transition-cloud-within.html\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003eFedEx\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e, which made headlines earlier this month when it announced that it plans to move entirely to cloud-native structures within two years. The shipping giant estimates that it will save about $400 million annually.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eCFOs may be excited about the cost-benefit analysis, but IT teams have a lot to gain, too. From operational efficiencies to innovation, CFOs and CIOs should be building this plan together.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eWhy early adopters win big — and how you can be one of them\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eRemember that whopping $1 trillion we mentioned above? It’s actually a conservative figure. McKinsey was unable to forecast the value generated by “pioneer” companies working in emerging technologies because the potential for future innovation is impossible to quantify. Rather, the $1 trillion encompasses the possible run rate for Fortune 500 companies in 2030, assuming they “aggressively pursue the cloud opportunity.” McKinsey also notes that early adopters will “capture a disproportionate share of the total value.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003cstrong\u003eAlso read: \u003c/strong\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/ensure-your-move-to-the-cloud-leads-to-results-that-matter\" target=\"_self\"\u003e\u003cem\u003e\u003cstrong\u003eEnsure your move to the cloud leads to results that matter\u003c/strong\u003e\u003c/em\u003e\u003c/a\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eThe key to capturing that market share is ensuring that your cloud investments focus on the six “pools of value” below.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e1. Take the opportunity to reduce inefficiencies\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e\u003ca href=\"https://www.elastic.co/observability/cloud-migration\" target=\"_self\"\u003eCloud migration\u003c/a\u003e shouldn’t be a matter of “lift and shift.” Rather, it should be an opportunity to reduce inefficiencies and manual processes that create lag time in legacy systems. Developing new systems or remediating existing ones not only increases productivity, it helps ensure that you’re not needlessly running up consumption costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003eThe McKinsey report includes compelling data showing that this investment is well worth it. The report states:\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003c/p\u003e\u003cul\u003e\u003cli style=\"color: rgb(34, 34, 34);\"\u003eDevelopers spend measurably less time on infrastructure and production support and more on business requirements and development when companies move to public cloud providers.\u003c/li\u003e\u003cli style=\"color: rgb(34, 34, 34);\"\u003eEffective cloud usage can improve application development and maintenance productivity by 38% and infrastructure cost efficiency by 29% for migrated applications.\u003c/li\u003e\u003cli style=\"color: rgb(34, 34, 34);\"\u003eIncreasing the share of apps in the cloud from 10% to 60% would yield benefits of $56 million in application development and maintenance and $12 billion in infrastructure cost efficiency by 29% for migrated applications.\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e2. Prioritize security to reduce downtime\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eDo you know the cost of one minute of downtime? According to a \u003c/span\u003e\u003ca href=\"https://www.ibm.com/downloads/cas/DV0XZV6R\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(17, 85, 204);\"\u003e\u003cu\u003ereport\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e from the Information Technology Intelligence Consulting Corp. (ITIC), the cost could be $167 to $166,667 \u003c/span\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003cem\u003eper server\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e, depending on the size of your organization.\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003c/p\u003e\u003cp style=\"color: rgb(0, 0, 0);\"\u003e\u003c/p\u003e\u003cp style=\"color: rgb(0, 0, 0);\"\u003ePrioritizing security operations in the cloud is an opportunity to harness automated, embedded security processes, such as DevSecOps, that allow you to identify and resolve breaches faster. McKinsey states that moving to the cloud could reduce the cost of security breaches by about 26% for migrated applications, resulting in about 57% less downtime.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e3. Optimize manual and digital processes\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eDigital transformation is on the lips of every organization these days. Business units that are able to take advantage of advanced analytics or efficient work-management systems are often able to free up staffers to work on higher-value tasks, rather than spending time on processes that can be automated.\u003c/span\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003c/p\u003e\u003cp style=\"color: rgb(0, 0, 0);\"\u003e\u003c/p\u003e\u003cp style=\"color: rgb(0, 0, 0);\"\u003eWith cloud migration, IT teams can help unlock or accelerate digitization throughout the business. This strategy can provide additional value if an organization makes the investment in training and reskilling workers so they’re able to take full advantage of the powerful technology available to them.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e4. Power experimentation that leads to growth\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eEmbracing the cloud means teams can “fail faster” with less up-front investment. With the freedom to experiment against a backdrop of decreased risk, companies can expand into new areas or grow existing ones. The cloud can also provide visibility into market trends that allow organizations to plan more efficiently toward future states.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e5. Accelerate product development\u003c/span\u003e\u003c/h2\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eConfiguring solutions in the cloud is faster than on-prem. That kind of speed can unleash more innovation in less time with reduced research and development investments, allowing organizations to respond to market trends quickly and keep pace with the speed of business.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eThe cloud also opens up a world of integrations with advanced tools and solutions that can dramatically reduce time to market.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2 style=\"text-align: left;\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e6. Scale faster\u003c/span\u003e\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eThe cloud provides access to customer bases beyond your established regions and markets. With the added ability to instantly increase computing and storage power, the ability to expand your selling power is virtually limitless.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/value-calculator?rogue=blogs\u0026elektra=why-its-time-to-move-critical-databases-to-cloud\" target=\"_self\"\u003e\u003cspan style=\"color: rgb(0, 119, 204);\"\u003e\u003cu\u003e\u003cstrong\u003eWhat’s the real business value of moving your organization to the cloud? Read the blog to find out.\u003c/strong\u003e\u003c/u\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs96a266fa5d8b0f33"}}}],"publish_date":"2022-07-19","sanity_migration_complete":false,"seo":{"noindex":false,"canonical_tag":"","seo_description_l10n":"","seo_image":null,"seo_title_l10n":""},"subtitle_l10n":"Early adopters will have a lasting financial advantage — and unlock new opportunities for digital transformation","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte0256e5390d036ed","ACL":{},"created_at":"2023-11-06T20:25:43.573Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-migration","label_l10n":"Cloud migration","tags":[],"title":"Cloud migration","updated_at":"2023-11-06T20:25:43.573Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:27.667Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt048e5e01aa446692","ACL":{},"created_at":"2023-11-06T20:38:02.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"devsecops","label_l10n":"DevSecOps","tags":[],"title":"DevSecOps","updated_at":"2023-11-06T20:38:02.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.187Z","user":"blt4b2e1169881270a8"}},{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcb20a4dd932293de","created_by":"bltac225ac457fe0293","updated_by":"bltac225ac457fe0293","created_at":"2022-07-20T05:16:04.355Z","updated_at":"2022-07-20T05:16:04.355Z","content_type":"image/jpeg","file_size":"166146","filename":"blog-p2-selects-720x420-01rowing.jpg","title":"blog-p2-selects-720x420-01rowing.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-20T05:33:15.733Z","user":"bltac225ac457fe0293"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcb20a4dd932293de/62d78f946dcb57349d32fe4e/blog-p2-selects-720x420-01rowing.jpg"},"title":"CFOs and CIOs have a trillion reasons to team up to win the race to the cloud","title_l10n":"CFOs and CIOs have a trillion reasons to team up to win the race to the cloud","updated_at":"2025-02-23T00:58:03.096Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/the-trillion-dollar-reason-cfos-and-cios-should-work-together-to-drive-the-move-to-the-cloud","publish_details":{"time":"2025-02-23T00:58:08.514Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt26e38561370d05ee","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic customers have seen a 5% revenue improvement within three years, among other benefits, according to a study conducted by Forrester Consulting, commissioned by Elastic. Learn how in this blog post.","author":["blt14f762eec103604e","blt70c76c99e0846d48"],"category":["bltc17514bfdbc519df"],"created_at":"2023-06-02T00:54:43.885Z","created_by":"bltd9765be97bbed20c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfc892f5896cf77ba"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eElastic customers have seen a 5% revenue improvement within three years, among other benefits.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eHow? Using Elasticsearch, developers can ingest and connect various data sources to provide their companies, employees, customers, and/or public access to information and tune results for faster, more precise answers. Elasticsearch \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/generative-ai\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI/ML powered search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e is designed to maximize performance and compute resources to deliver applications that can scale as businesses grow. Improving customer and employee experiences with search applications can allow organizations to reap profitability and productivity gains.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eElastic recently commissioned Forrester to conduct a Total Economic Impact (TEI) study of Elasticsearch in order to help budgetary decision-makers fully understand the impact of partnering with Elastic to optimize their business. The TEI examines the return on investment organizations realized by deploying Elasticsearch to expand their existing solutions and develop new ones.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eThe study showcases the value that Elastic customers are achieving and provides guidance to help you consider the costs, benefits, risks, flexibility and business impact Elasticsearch can bring to every \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/succeed-with-the-power-of-elastic/strategic-guide-to-putting-your-data-to-work\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edata driven organization\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eKey results\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eThe TEI study examines how Elastic customers have benefited from using Elasticsearch. Key results from this investment include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e5% revenue improvement by year three\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e90% productivity improvement in IT labor savings\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e25% reduction in licensing costs\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e293% ROI\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e$16 million in quantified benefits across five different benefit value categories\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eMore than $12 million in net benefits (after costs) across those same benefit categories\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eLess than a six-month payback period of the initial investment\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs83ae5172b2e1a303"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt264e306e4b6c91fb","ACL":{},"content_type":"image/png","created_at":"2023-06-05T20:46:35.122Z","created_by":"bltd9765be97bbed20c","file_size":"401695","filename":"blog-elastic-three-year-benefits.png","parent_uid":null,"tags":[],"title":"blog-elastic-three-year-benefits.png","updated_at":"2023-06-05T20:46:35.122Z","updated_by":"bltd9765be97bbed20c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-06T12:30:00.045Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt264e306e4b6c91fb/647e49ab322bcdc52609b3bf/blog-elastic-three-year-benefits.png"},"_metadata":{"uid":"cs83b3fd0de9d8e171"},"caption_l10n":"","alt_text_l10n":"three year benefits","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs862e11752ea2aa52"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCustomers' interviews noted that before using Elasticsearch, their organizations had issues with response times, user scalability, data source scalability, stability, functionality, and flexibility. Failure to resolve the previous performance and capabilities led to high costs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter investing in Elasticsearch, customers could easily expand and enhance their existing solutions, adding new users and solutions seamlessly. Because of this, customers saw increased revenue from search-assisted solutions, cost reductions, improved labor productivity, and reduced search team turnover.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eIncreasing profitability\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe study revealed that organizations saw revenue improvements for direct revenue generation solutions by improving customer satisfaction and search capabilities for internal sales assistance.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd7ba183ed040fd9c"}}},{"quotes":{"quote_l10n":"In one application we were able to quickly scale up from 1,000 clients to 9,000 clients.","_metadata":{"uid":"cs7f7e0abe1ef35554"},"quote_author_l10n":"Global head of sales management platform, financial services","quote_details_l10n":""}},{"quotes":{"quote_l10n":"Elasticsearch improved performance by four times, even with a larger database. We were able to onboard larger customers. We now have 10 times the volume with no concerns about performance.","_metadata":{"uid":"csb70516607eed9d5f"},"quote_author_l10n":"Director of data analytics and engineering R\u0026D, networking products","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbbc4d1b3e5584d10"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eBoosting employee labor productivity\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition, employees in various roles were more productive using solutions with Elasticsearch internally due to speed in obtaining results, increased breadth of information from data consolidation, and built-in analytics, resulting in front-line workers saving two hours per month.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbc1195157f103d4d"}}},{"quotes":{"quote_l10n":"With [Elasticsearch] we are now more effective at supplying our retail employees with what they are looking for with minimal effort. They get more, better, faster, and simpler. The time savings have been fairly significant.","_metadata":{"uid":"csae6c9c831c1dc46a"},"quote_author_l10n":"Digital workplace technical product manager, retail","quote_details_l10n":""}},{"quotes":{"quote_l10n":"With our prior solution a developer error could lock up a database for hours, [which would bring] down the whole application. With [Elasticsearch], only a fraction of the application would be affected, and one developer would fix it in 30 minutes.","_metadata":{"uid":"csaf256edaffc8537b"},"quote_author_l10n":"Global head of sales management platform, financial services","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs70bb78869ee7170a"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eLearn how Elastic can improve your organization\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe study contains numerous quotes and details about additional business value uncovered with Elasticsearch. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/improving-digital-customer-experiences/forrester-total-economic-impact-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eRead the full study\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get a deeper understanding of all benefits our customers have achieved. In addition, Elastic asked Forrester to provide a spotlight into the impact of Elasticsearch on development teams. Read \u003c/span\u003e\u003ca href=\"https://www.elastic.co/improving-digital-customer-experiences/forrester-total-economic-impact-spotlight-report-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis focused study\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more about the results developers have experienced working with Elasticsearch.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eElevate search with AI\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition to the benefits identified by Forrester, Elasticsearch continues to empower organizations to build new search experiences that bring value to organizations. Recently, Elastic announced the Elasticsearch Relevance Engine™ (ESRE), which allows customers to bring a new wave of AI innovation to the forefront of their business. The Elasticsearch Relevance Engine combines the best of machine learning with Elasticsearch to give developers the ability to integrate with large language models (LLMs) like ChatGPT. Learn how Elastic can bring the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\"\u003e\u003cspan style='font-size: 12pt;'\u003epower of AI innovation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to your business.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs41ce9f6939aac969"}}},{"quotes":{"quote_l10n":"Elastic enables everyone to find the answers that matter. From all data. In real-time. At scale.","_metadata":{"uid":"cs42d4a0dc93d1fe38"},"quote_author_l10n":"Ash Kulkarni, CEO, Elastic","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs7cbc2b89cc5da99d"}}],"_metadata":{"uid":"csd31fa8a96d5f343c"}}}],"publish_date":"2023-06-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt540a0685025a17e0","ACL":{},"created_at":"2021-07-12T21:52:31.396Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace Search","tags":[],"title":"Workplace Search","updated_at":"2021-07-12T21:52:31.396Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.010Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte6358c0a4368f192","ACL":{},"created_at":"2023-11-06T20:39:12.952Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"end-user-experience","label_l10n":"End user experience","tags":[],"title":"End user experience","updated_at":"2023-11-06T20:39:12.952Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:48.382Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt734e4f62049e4dc6","ACL":{},"content_type":"image/png","created_at":"2022-06-01T19:17:49.015Z","created_by":"blt3044324473ef223b70bc674c","file_size":"122810","filename":"illustration-cloud-costs-down-1680x980.png","parent_uid":"bltbe197e1b26d08536","tags":[],"title":"illustration-cloud-costs-down-1680x980.png","updated_at":"2022-06-01T19:17:49.015Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-10T09:12:51.938Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt734e4f62049e4dc6/6297bb5da3e9730f695cfa59/illustration-cloud-costs-down-1680x980.png"},"title":"Total Economic Impact of Elasticsearch: Elastic delivers a 293% ROI and drives revenue improvement for customers","title_l10n":"Total Economic Impact of Elasticsearch: Elastic delivers a 293% ROI and drives revenue improvement for customers","updated_at":"2025-02-23T00:53:58.725Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/total-economic-impact-elasticsearch","publish_details":{"time":"2025-02-23T00:54:04.945Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7cf919b788191f65","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Organizations are relying more heavily on products like Elastic's to manage, analyze, and visualize vast amounts of data. As the complexity and criticality of these systems increases, so does the need for robust support services.","author":["bltce74db0137ff1184"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-20T19:15:20.028Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdb7fefcbeddd32b3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWould you like a closer relationship with Elastic's expert troubleshooters, helping to resolve your most critical issues faster, amplifying your use of Elastic products? Enter Elastic’s Designated Support Engineer (DSE) service — a specialized offering tailored to elevate your experience with Elastic solutions. In this blog, we'll delve into the unique features and advantages of the Elastic DSE service by shedding light on how it can enhance your organization's operational efficiency and data management capabilities.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Personalize your support experience","_metadata":{"uid":"csf9860631eb3aa4e4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Designated Support Engineer service is a premium support offering that provides your business with a personalized support experience. Unlike traditional support, where customers interact with different support engineers for each issue, a designated support engineer offers a single point of contact with knowledge of your business, your use case, and your technical environment. This service is especially beneficial for organizations with mission-critical systems, complex software integrations, or unique technical requirements.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Advantages of the Elastic DSE service","_metadata":{"uid":"csa5842a70e84c8c14"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe key features and benefits of the service include:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePersonalized assistance\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDSEs are assigned to only a few customers, allowing them the time and space to develop a deep understanding of your infrastructure, business goals, and operational challenges.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis personalized approach enables DSEs to provide assistance relevant to your use case, saving time and minimizing disruptions to your operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProactive problem solving\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDSEs take a proactive stance by identifying potential issues before they escalate.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThrough continuous monitoring and analysis, DSEs can anticipate problems, suggest preventive measures, and ensure system stability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRapid issue resolution\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou will benefit from expedited issue resolution due to the engineer's familiarity with your system.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe quick response time minimizes downtime, ensuring that your business can maintain operational continuity.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKnowledge transfer\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDSEs are available to your team for Q\u0026amp;A sessions to help impart valuable knowledge and insights.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThey share best practices with your team, empowering them to handle common issues independently.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCross-functional coordination\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn complex technical environments, issues often require collaboration between multiple internal teams.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe DSE facilitates communication and coordination with your account team across multiple teams within Development, Product Management, and Customer Success, ensuring a unified and efficient approach to solving problems.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFeedback loop\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe DSE acts as a customer ambassador within Elastic to ensure your feedback and insights reach the right teams quickly.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis continuous feedback helps improve products, services, and internal processes that lead to a more responsive and customer-centric approach.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Adding value to both sides","_metadata":{"uid":"cs65840f71db5c1b06"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHear what one of our customers has to say:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7cee7a43ea5bb612"}}},{"quotes":{"quote_l10n":"Having an assigned designated support engineer on our account has allowed us to receive quicker solutions, as the support agent has learned our environment. We are able to send errors over, and as they are familiar with our layout, we do not have to troubleshoot basic issues. Instead, we can start narrowing down the problem and find a solution within a few messages back and forth. This has enabled faster triage and quicker resolution of issues when they occur. Using a DSE also provides the benefit of having someone who knows our environment and can offer suggestions on how to improve our resource usage in a preemptive manner.","_metadata":{"uid":"csd59f29dd0cb88fa9"},"quote_author_l10n":"Zach Kinkelaar, Detection Engineer, AHEAD","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csee6695603bd860ed"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHear what one of our DSEs has to say:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse302f4f4a0c0dda6"}}},{"quotes":{"quote_l10n":"Becoming a DSE has brought about a revolutionary change in the scope and quality of my work. With focus, I am able to deliver a service to my enterprise customer that far exceeds what I was capable of before. Instead of playing catchup, I’m now able to anticipate their needs and deliver solutions more quickly to a wider range of problems. I also have time to build strong relationships with their engineers, gain deeper knowledge of their use cases, and become an advocate for their goals within the wider Elastic organization. Bugs get fixed faster, enhancements added sooner, and roadmap decisions better informed. It really is a win-win for both partners as well as for me personally because the work is more fulfilling.","_metadata":{"uid":"cse0a003810f5effa8"},"quote_author_l10n":"Nicholas Bellerophon, Senior Principal Support Engineer, Elastic","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Learn more","_metadata":{"uid":"cs0d4d5dfd803e4e41"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about this service and get in touch with our team, visit our dedicated \u003c/span\u003e\u003ca href=\"https://www.elastic.co/support/designated-support-engineer\"\u003e\u003cspan style='font-size: 12pt;'\u003eDesignated Support Engineer service page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs68274541c0619baa"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9aad1dbaffe9745b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs833b9f7139d8e55b"}}}],"publish_date":"2025-02-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt5de02dd36531d45d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-20T19:28:51.405Z","created_by":"bltb6c155cd84fc0c1a","file_size":"93557","filename":"observability-digital-transformation-3_(1).jpg","parent_uid":null,"tags":[],"title":"observability-digital-transformation-3 (1).jpg","updated_at":"2025-02-20T19:28:51.405Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-21T13:55:00.313Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5de02dd36531d45d/67b78273309a921b6eaedf7a/observability-digital-transformation-3_(1).jpg"},"title":"Transform your support experience with Elastic","title_l10n":"Transform your support experience with Elastic","updated_at":"2025-02-21T14:39:50.691Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/transform-your-support-experience-with-elastic","publish_details":{"time":"2025-02-21T14:39:55.812Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt67aa2bc30cb775aa","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic has earned the AWS Government ISV Partner Competency. This recognition validates Elastic's expertise in delivering Search AI solutions that help government agencies modernize operations, enhance security, and improve citizen services on AWS. ","author":["blt5913558de3429222","blt39dee51344f15656","bltf2d54a79f5176e9a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-21T14:00:15.230Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd1c7db965b962d49"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re thrilled to share that Elastic has achieved the \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/government-education/partner-solutions/?blog-posts-cards.sort-by=item.additionalFields.createdDate\u0026blog-posts-cards.sort-order=desc\u0026partner-case-studies-cards.sort-by=item.additionalFields.sortDate\u0026partner-case-studies-cards.sort-order=desc\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Government ISV Partner Competency\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This prestigious designation recognizes Elastic as an Amazon Web Services (AWS) partner that has proven expertise in delivering high-quality solutions that help government agencies meet mandates, reduce costs, drive efficiencies, and boost innovation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieving the AWS Government ISV Partner Competency underscores Elastic's commitment to excellence and reliability in the public sector. As a recognized partner, Elastic is proven to support a wide range of government organizations around the world, including civilian agencies, national defense and intelligence communities, and state and local governments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Public sector challenges","_metadata":{"uid":"csb4292799faaa98cf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you’re providing critical services, strengthening operational resilience, or protecting data and systems, you need the ability to extract value from the right data at the right time. Government agencies manage massive amounts of sensitive data across disparate sources from IoT devices to citizen records. Information silos and data gaps can introduce considerable friction when serving the public. You need secure, efficient ways to extract value from this data while maintaining compliance and driving innovation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Solutions for government agencies","_metadata":{"uid":"cs30ba93e686e80160"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e transforms endless data into endless potential. It enables public sector organizations to accelerate mission outcomes through the combination of powerful search and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3b487ac2cbd12d6d"}}},{"image":{"image":{"uid":"bltc1768aaad3619c7d","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-21T14:12:31.829Z","updated_at":"2025-02-21T14:12:31.829Z","content_type":"image/png","file_size":"683819","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-21T14:16:18.906Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1768aaad3619c7d/67b889cf70e1ff02ce73ea09/image2.png"},"_metadata":{"uid":"cs37bbfecb5943691b"},"caption_l10n":"","alt_text_l10n":"the power of generative ai for public sector","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d84d442804bffab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhy are government, education, and healthcare organizations around the world choosing the Elastic Search AI Platform to power their mission?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSpeed: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFind critical data faster with searchable snapshots, using data tiering to store and search your data within milliseconds at lower costs and access historical data in minutes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScale: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAsk a single query across regions and environments, whether cloud or on-prem, using distributed data design with cross-cluster search — enabling data to stay where it's generated but be accessible globally.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRelevance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Gain AI-powered mission insights with the Elasticsearch Relevance Engine (ESRE), integrating your private data with large language models for superior context, relevance, and data security.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Protect at scale by modernizing your security operations to detect, investigate, and respond to threats before damage is done using security capabilities, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/solutions/case-studies/elastic-case-study/\"\u003e\u003cspan style='font-size: 12pt;'\u003eAmazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Unlocking mission value for public sector","_metadata":{"uid":"csc16f5cdb5f0200a3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eGovernment agencies can now accelerate their digital transformation with validated expertise in the following areas:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eModernizing citizen services\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eStrengthening operational resilience\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eEnhancing security operations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eDriving cost efficiencies\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy attaining the AWS Government ISV Partner Competency, Elastic has demonstrated its ability to deliver best-in-class solutions on AWS that can help organizations build next-generation search experiences. It attests to Elastic’s deep technical knowledge and proven success in aiding government agencies like yours to drive innovation and unlock greater mission value.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCompetency benefits to government agencies include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTrusted expertise:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic possesses the technical capabilities and industry experience to handle your complex public sector needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAccelerated innovation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic can help government agencies like yours to quickly innovate by using advanced technologies like AI, machine learning, and security and data analytics.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRegulatory compliance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic understands your regulatory landscape and offers solutions that comply with regional, federal, and state regulations, including FedRAMP and GDPR.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability and security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic provides secure, scalable solutions that are agile enough to change with your agency priorities while maintaining the highest security standards — critical in the public sector.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeading government organizations \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003ehave benefited from running Elastic on their AWS environments — and you can, too.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Competency collection","_metadata":{"uid":"cs3446fd6c64205bcd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we recognize that the technology landscape is always evolving. To ensure our customers stay ahead, we are constantly striving to help you build transformative applications, proactively resolve observability issues, and address complex security threats — all with the power of Search AI.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs67142ec130559f78"}}},{"image":{"image":{"uid":"blt59040724fa5f42d0","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-21T14:12:40.371Z","updated_at":"2025-02-21T14:12:40.371Z","content_type":"image/png","file_size":"6725","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-21T14:16:18.919Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt59040724fa5f42d0/67b889d8110c18f67d599422/image4.png"},"_metadata":{"uid":"cs7533a91e4d02791e"},"caption_l10n":"","alt_text_l10n":"aws partner government software competency","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-small: 25%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa3a8dfe2de67c844"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis dedication has resulted in a stream of competency designations from AWS:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-competency-financial-services\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Financial Services\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eEvidence of Elastic’s ability to assist you with the technology and regulatory nuances of banking, capital markets, and insurance use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-generative-ai-competency\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Generative AI Competency\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Recognition of Elastic's expertise in building secure, scalable AI solutions that deliver documented partner success\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-securing-the-cloud-together\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Security Competency\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Verification of Elastic’s ability to help you protect your most sensitive data and applications in the cloud with a specialization in threat detection and response (SIEM, SOAR, and XDR)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-and-aws-get-the-most-value-from-your-data-sets\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Data and Analytics Competency\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eValidation of Elastic’s expertise to guide you on how to collect, store, govern, and analyze your data at any scale\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs7506165e2a5fb1e9"}}},{"image":{"image":{"uid":"bltd0aa2a4e2735598e","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-21T14:12:48.577Z","updated_at":"2025-02-21T14:12:48.577Z","content_type":"image/png","file_size":"46626","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-21T14:16:18.978Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd0aa2a4e2735598e/67b889e0bda0b2328b5aa3d1/image3.png"},"_metadata":{"uid":"cs530a3ba2cee31a22"},"caption_l10n":"","alt_text_l10n":"aws partner list","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Transform your data capabilities","_metadata":{"uid":"cs1a2b99fd8c019420"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eReady to transform your agency's data capabilities? The Elastic Search AI Platform is available both on \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/prodview-voru33wi6xs7k\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Marketplace\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e for a 7-day free trial and on AWS Marketplace for the US Intelligence Community (ICMP) — a curated digital catalog that makes it easy to discover, purchase, and deploy specialized government solutions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNeed some inspiration? Check out the synergies of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/aws\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs83a0895706693102"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfde7c2ae07d1a685"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third-party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third-party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86cc89807acb1c17"}}}],"publish_date":"2025-02-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic earns fifth AWS Competency as a Government ISV Partner ","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Advancing digital transformation in government through Search AI and cloud innovation","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd6680e0300eee933","ACL":{},"created_at":"2023-11-06T20:37:41.282Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"defense","label_l10n":"Defense","tags":[],"title":"Defense","updated_at":"2023-11-06T20:37:41.282Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.232Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb2519aa4ed213854","ACL":{},"created_at":"2023-11-06T20:39:02.976Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education","label_l10n":"Education","tags":[],"title":"Education","updated_at":"2023-11-06T20:39:02.976Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.189Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}},{"title":"Scaling","label_l10n":"Scaling","keyword":"scaling","hidden_value":true,"tags":[],"locale":"en-us","uid":"bltbafe1bd178271a4e","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:27.127Z","updated_at":"2020-06-17T03:40:27.127Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:27.127Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-23T10:32:18.015Z","user":"blt3e52848e0cb3c394"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6dc21e2c5b850ae4","_version":1,"title":"image1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-21T14:12:55.913Z","updated_at":"2025-02-21T14:12:55.913Z","content_type":"image/jpeg","file_size":"76288","filename":"image1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-21T14:16:18.930Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6dc21e2c5b850ae4/67b889e70c09654c4fe1d112/image1.jpg"},"title":"Elastic achieves AWS Government ISV Partner Competency, strengthening public sector solutions portfolio","title_l10n":"Elastic achieves AWS Government ISV Partner Competency, strengthening public sector solutions portfolio","updated_at":"2025-02-21T14:16:11.348Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-aws-competency-government","publish_details":{"time":"2025-02-21T14:16:18.316Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8b728b5654abe297","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Learn why US government and defense agencies should build their Zero Trust architectures based on a partner ecosystem and how Elastic can help connect Zero Trust systems and data.","author":["blt7992533fcbfb77f7","blt955f7347bfbfd34d"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-21T03:10:22.274Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbd6d3807926649a5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs US government agencies work to implement \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/zero-trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eZero Trust architectures\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to meet the 2027 mandate, taking a collaborative approach is essential. No technology vendor can meet all 152 of the DoD’s controls for both “target” and “advanced” compliance levels on its own. Instead, public and private organizations need to partner in order to break down silos, deliver all the necessary capabilities, and build a strong, resilient defense against sophisticated cybersecurity threats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s open source platform is purpose-built for collaboration and serves as an essential element in a Zero Trust architecture. In fact, \u003c/span\u003e\u003ca href=\"https://dodcio.defense.gov/Portals/0/Documents/Library/ZeroTrustOverlays.pdf\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe DoD CIO recommended the Elastic Common Schema\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as part of their preferred approach to Zero Trust interoperability.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition to supporting the DoD’s five Zero Trust pillars through its security technology, Elastic’s ability to ingest all data types — across systems, clouds, and regions — serves as a connective function between disparate systems that weren’t originally designed for Zero Trust. Elastic does this by focusing on data; the only commonality that exists between Zero Trust systems is the data that they produce. Once data is ingested, Elastic acts as a unifying data layer that enables agencies to see across the entire architecture, analyze data, and create visual dashboards at the speed of search.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"An agile proof of concept for collaborative Zero Trust","_metadata":{"uid":"cs553ab6e5e8c66d5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt a previous DoDIIS event, the industry was challenged by DoD leadership to not only collaborate but also modernize their messaging at industry events around Zero Trust. They urged vendors to demonstrate clear paths toward delivering a Zero Trust framework.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn response, Elastic joined forces with Vectra, Gigamon, and CrowdStrike as well as the Technology Advancement Center (TAC) as a facilitator. This collaboration allowed us to build a Zero Trust proof of concept (POC) by combining each vendor’s capabilities and forging an integrated, agile approach to Zero Trust.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs989a414ef0a5e032"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3979c77aa5bb3abb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ciframe src=\"https://www.youtube.com/embed/Ww5ehTOddS4?si=T6sJftX8-2Gbxcli\" width=\"560\" height=\"315\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen=\"\"\u003e\u003c/iframe\u003e"}],"_metadata":{"uid":"cs2e4eda59eb300cd4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf73b961713e98c61"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTogether, we devised a fictional agency with simulated users, virtualized workstations, infrastructure, and workloads to represent typical operations — all hosted in the TAC’s AWS cloud infrastructure and demonstrated in the video above.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis POC used CrowdStrike for endpoint protection, Elastic for data analytics, Gigamon for network visibility, and Vectra for AI-driven network detections. This multi-vendor architecture combined forces to create a robust cybersecurity defense.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThrough the use of existing Elastic APIs and integrations, all components of the architecture flow together — gathering data, evaluating the network and endpoints, and taking preemptive action. The POC focused on network, endpoint, data visibility, orchestration, response, and logging. With this came recognition that there are additional capabilities and vendors needed in other areas, such as privileged access management, data tagging, and data loss prevention. Throughout the process, the TAC tested the solutions against real-world simulations in order to validate outcomes.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Outcomes and next steps","_metadata":{"uid":"cs329e8f95874f778a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs noted by the TAC, “this end-to-end testing in a controlled, yet realistic, environment provides a clear path for US government agencies to deploy Zero Trust solutions at scale.” While the TAC is vendor-agnostic and does not recommend specific companies or technology, the group emphasizes the importance of private-public partnerships when implementing Zero Trust strategies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGoing forward, it’s clear that a Zero Trust architecture cannot rely on just one vendor or solution provider. A strategic, collaborative, and vendor-agnostic approach can provide end-to-end security defenses — but only if agencies have a way to see across their entire environment holistically.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis is the value of Elastic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith our extensive ecosystem of partners and integrations, we can easily unify your existing technology and systems. No matter where data comes from, what format it’s in, or what Zero Trust pillar it supports, Elastic can connect it all so that agencies have a single source of information and ensure there are no gaps where threats can go undetected.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003eContact us\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more about how Elastic can serve as a unifying data layer across your existing Zero Trust architecture\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9f138f7619a012da"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csf13b6ff136cf7c97"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResources:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWhite paper: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/does-your-zero-trust-strategy-have-a-unified-data-access-layer\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDoes your Zero Trust strategy have a unified data access layer?\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/zero-trust-requires-unified-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eZero Trust requires unified data\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOn-demand webinar:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/missing-piece-zero-trust-strategy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe missing piece of your Zero Trust strategy\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs478bf6fc83fc093f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs072724b1996becf0"}}}],"publish_date":"2025-02-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd6680e0300eee933","ACL":{},"created_at":"2023-11-06T20:37:41.282Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"defense","label_l10n":"Defense","tags":[],"title":"Defense","updated_at":"2023-11-06T20:37:41.282Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.232Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4eb0f5c53cfcb73a","ACL":{},"created_at":"2023-11-06T20:43:57.712Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-source-standards","label_l10n":"Open source/standards","tags":[],"title":"Open source/standards","updated_at":"2023-11-06T20:43:57.712Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:21.485Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt7b419569c39c34d7","ACL":{},"created_at":"2023-11-06T21:35:29.711Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vendor-agnostic-data-analytics","label_l10n":"Vendor-agnostic data analytics","tags":[],"title":"Vendor-agnostic data analytics","updated_at":"2023-11-06T21:35:29.711Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.492Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt533cc8f455700d2d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-21T03:06:34.344Z","created_by":"bltb6c155cd84fc0c1a","file_size":"87610","filename":"collaborative-approach.jpg","parent_uid":null,"tags":[],"title":"collaborative-approach.jpg","updated_at":"2025-02-21T03:06:34.344Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-21T14:55:00.329Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt533cc8f455700d2d/67b7edba5dcb779687dcf98c/collaborative-approach.jpg"},"title":"Zero Trust: The benefits of a collaborative multi-vendor approach","title_l10n":"Zero Trust: The benefits of a collaborative multi-vendor approach","updated_at":"2025-02-21T03:14:17.951Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/zero-trust-collaborative-approach","publish_details":{"time":"2025-02-21T14:55:00.244Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt53f201d9c121c319","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"AI adoption is top of mind for 92% of IT leaders. Three IT CxOs share what they’ve learned on their AI adoption journeys, how they tackled challenges, and how they’re leading their organizations in this new era.","author":["blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-18T18:17:52.654Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf0c9303380b95265"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eAn impressive 92% of organizations plan to invest or have already \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003einvested in artificial intelligence (AI)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e. With so many organizations on their AI adoption journeys at varying levels of AI maturity, we can learn from those who led the charge on these initiatives. From identifying use cases and integrating AI into your architecture to getting your employees on board and measuring your success, the IT leaders at these organizations have been through it all — and they have a lot of wisdom to share.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is AI adoption?","_metadata":{"uid":"cs61e6ea1a5252dd95"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eFirst, some background. Researchers from the National Bureau of Economic Research define AI adoption\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e as using AI for production — that is, using AI to get work done within the organization. This would include \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-customer-support-elastic-support-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003esupport engineers\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e using an AI-powered tool to find the information they need to help customers with their requests, or a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/jaguar-land-rover\"\u003e\u003cspan style='font-size: 12pt;'\u003ecar manufacturer\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e using AI-powered predictive analytics to analyze sensor data from machines to predict failures and maintenance requirements.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The progression of AI adoption: Key statistics and trends","_metadata":{"uid":"cs4838c0fc15bb6004"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the past year, we saw a surge in AI adoption across the globe. A 2024 survey found that 72% of organizations\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e integrate AI into at least one business function — this is a huge leap from the 55% in 2023. Still, large companies are taking the lead on AI adoption. Half of organizations with more than 5,000 employees\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e use AI. And 60% of companies with more than 10,000 employees use AI. As for industries, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/jaguar-land-rover\"\u003e\u003cspan style='font-size: 12pt;'\u003emanufacturing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/lgcns\"\u003e\u003cspan style='font-size: 12pt;'\u003einformation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and — perhaps surprisingly — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/nhs\"\u003e\u003cspan style='font-size: 12pt;'\u003ehealthcare\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e industries are the leaders in AI adoption, while finance, insurance, and real estate have lower adoption rates.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this widespread AI adoption, the reality is that not all projects are successful. In fact, 70% of CIOs\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e reported a 90% failure rate for their custom-built AI applications. But, it’s not all bad news! The Boston Consulting Group found that the companies that have adopted AI early claim 1.5x higher revenue growth than other companies. In addition, 74% of enterprises\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e using generative AI (GenAI) are seeing a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/maximize-roi-generative-ai-strategy\"\u003e\u003cspan style='font-size: 12pt;'\u003ereturn on investment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Not all projects will be successful — and the ones that aren’t, you can learn from. The successful ones will help you stay competitive, bolster your revenue, and advance your AI maturity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo help you on your AI adoption journey, we talked to three IT CxOs who are early adopters of AI to gain insight into their own journeys. We talked about where they’ve faced challenges, how they’ve harnessed opportunities, any best practices they’ve uncovered, and what AI endeavors have been successful.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What IT leaders have learned on their journey to AI adoption","_metadata":{"uid":"csec658482dd62fb90"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"1. Start with the problem","_metadata":{"uid":"csde434ecc9c869e74"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe best way to incorporate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e into your organization is to start with a high-value problem you’re trying to solve. Rick Rioboli, EVP and CTO at Comcast Connectivity and Platform says, “Forget about AI, what is your biggest problem?” Focus on problems that, when solved, will have a dramatic impact on business. There are a variety of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/15-generative-ai-use-cases-enterprise\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI use cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that organizations are already exploring that you could take inspiration from. Once you’ve identified your problem, start thinking about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\"\u003e\u003cspan style='font-size: 12pt;'\u003ewhat data you’ll need to feed your AI model\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to address this problem.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6f77fb3f8cbe49d5"}}},{"image":{"image":{"uid":"blt884b38eb0cfee62a","_version":1,"title":"blog-7-lessons-AI-journey.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-18T18:12:23.462Z","updated_at":"2025-02-18T18:12:23.462Z","content_type":"image/png","file_size":"81321","filename":"blog-7-lessons-AI-journey.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T18:32:56.859Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt884b38eb0cfee62a/67b4cd879e98d9a675bea05e/blog-7-lessons-AI-journey.png"},"_metadata":{"uid":"cs5d52ffded949511c"},"caption_l10n":"","alt_text_l10n":"7 lessons from IT leaders on their AI adoption journeys from Elastic. 1. Start with the problem. 2. Embrace experimentation. 3. Use the right data. 4. Quantify impact. 5. Avoid technical debt. 6. Use AI to predict and decide. 7. Implement guardrails","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"2. Embrace experimentation ","_metadata":{"uid":"cs4a4600f8514b3c87"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCynthia Stoddard, SVP and CIO at Adobe, encourages her employees to get creative. Stoddard says, “We’ve created an innovation hub that allows employees to understand what tools and Adobe products they can use to experiment with and solve real business problems.” This not only empowers employees to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style='font-size: 12pt;'\u003etry new technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and create new solutions but also aids in the cultural transformation that comes with such a dramatic organizational change.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Use the right data","_metadata":{"uid":"cs4b97eeef4d148fa7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd make sure it’s quality data. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai#what-are-popular-generative-ai-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI models\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are trained on massive amounts of data from the public internet, but they don’t have \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecurrent\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data and wouldn’t have been trained on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eyour\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data. To get the most value out of AI, you need to be able to pass your proprietary data to the generative AI model, which is done through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. On top of having the right data, you need to make sure that it’s quality data and will give you relevant, accurate answers. Poor quality, inaccurate data will provide misleading results. Matt Minetola, CIO at Elastic, says, “Having a solid data strategy is essential. Without unified and accessible data, even the most advanced generative AI initiatives will struggle to deliver real value.”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs44f2e2771187f8ba"}}},{"banner":{"reference":[{"uid":"blt48ad60890a06be7c","_content_type_uid":"banner"}],"_metadata":{"uid":"csfc5e5650a1a9b91b"}}},{"title_text":{"title_text":[{"title_l10n":"4. Quantify impact","_metadata":{"uid":"csb4063265c9cfc6bd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you identify your ideal outcome and confirm you have the right data, you need to continuously quantify what success looks like — from your MVP to your ideal solution. Whether that’s an increase in your net promoter score (NPS) to signify an improvement in customer experience or a decrease in the mean time to respond to show efficiency gains, make sure you can quantifiably show that the initiative was successful. Stoddard says by keeping an eye on performance, you’re able to determine if projects need to be tuned or, in some cases, dropped because you’re not getting the results you were expecting. And while monitoring business impact, you should also be monitoring the health and performance of your AI systems. This includes user satisfaction with the experience and accuracy of the outputs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Avoid AI sprawl and technical debt","_metadata":{"uid":"cs210759299b760b91"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations may be tempted to use different point solutions for different problems to try to get applications stood up quickly. Minetola warns that “the businesses who solved in pockets are starting to see the long-term cost. If they’ve done five to six different solutions with five to six different vendors and have to glue that together, the cost of that will be huge.” The technical debt —\u0026nbsp;the implied cost of the future work required to revise a project because speed was valued over long-term usability — and the data silos and compliance mess will make future AI endeavors a challenge. Stoddard says that all AI initiatives go through an architecture review to ensure they will fit into existing infrastructure.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"6. Use AI to predict and decide","_metadata":{"uid":"cscf712a048a550d68"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI is an incredible tool when it’s used in employee- and customer-facing products. It’s also a powerful tool when used to make predictions and business decisions. “We look at using AI in our profitability and precision in how products are going to be used. We try to predict if we will get the usability out of our products that we thought we would,” Stoddard says. On \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eusing data and AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to make business decisions, Minetola adds, “You can think of this as the multiplier effect that can truly take your organization to the next level by making every decision count.” When each decision is backed by (accurate and contextual) data, you can ensure it’s the most optimal one.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"7. Implement guardrails","_metadata":{"uid":"cs65f341042e0f900d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGovernance and risk management are essential parts of your AI journey and must be prioritized. Stoddard says for AI at Adobe, the team relies on governance and examination of potential risks to “make sure it's safe, we’re using the right data, and we’re doing the right things for our customers.” Compliance is only going to become a bigger issue across markets as more laws around AI technologies are put in place. “You’re going to have multiple compliance issues if you don’t understand how the \u003c/span\u003e\u003ca href=\"https://partners.wsj.com/elastic/the-power-of-search-ai/moving-from-ideation-to-implementation-with-ai/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edata for your AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e was generated,” adds Minetola.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Future-proof your AI adoption strategy","_metadata":{"uid":"cs2b3053271add5ce1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen it comes to scaling your strategy and making it work in the long-term, ensure that you’re not operating in silos. AI shouldn’t be thought of as individual solutions but an interconnected ecosystem that you’ll be able to grow as your use cases expand. Your data is your most valuable commodity. Avoiding silos and having the ability to access data no matter the environment will help as you scale and need to comply with new laws and regulations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe AI adoption journey is not a race; it’s a marathon. Start with a strong data foundation and a solid use case to expand from there. If you haven’t started with AI yet, you haven’t missed the boat! There’s still time to future-proof your organization and stay competitive. You have an excellent opportunity to create an AI program that is scalable and transparent and that works for your needs. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/future-proof-your-business-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eCheck out this webinar in partnership with Fast Company\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for additional insights from these CxOs to help you along your AI adoption journey.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs73e870b5337d08df"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e1 \u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003eMIT Sloan, \u003c/span\u003e\u003ca href=\"https://mitsloan.mit.edu/ideas-made-to-matter/who-what-and-where-ai-adoption-america\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe who, what, and where of AI adoption in America\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;Statistica, \u003c/span\u003e\u003ca href=\"https://www.statista.com/statistics/1545783/ai-adoption-among-organizations-worldwide/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAdoption of artificial intelligence among organizations worldwide from 2017 to 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;IDC, \u003c/span\u003e\u003ca href=\"https://www.idc.com/getdoc.jsp?containerId=US52703024\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eIDC Executive CIO QuickPoll Series: Operationalizing AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Google, \u003c/span\u003e\u003ca href=\"https://cloud.google.com/transform/survey-generating-value-from-generative-ai-roi-study\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eGlobal survey: How leaders are generating value from generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1f6361ed83b576ef"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdeef83021f77c456"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse49202453e6306c2"}}}],"publish_date":"2025-02-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt71ff43ee43da8e0e","_version":1,"title":"173911 - Blog header image - Elastic_V1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-18T18:06:57.004Z","updated_at":"2025-02-18T18:06:57.004Z","content_type":"image/jpeg","file_size":"157564","filename":"173911_-_Blog_header_image_-_Elastic_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T18:32:56.847Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71ff43ee43da8e0e/67b4cc415dcb77d788dcd4c9/173911_-_Blog_header_image_-_Elastic_V1.jpg"},"title":"7 lessons from IT leaders on their AI adoption journeys","title_l10n":"7 lessons from IT leaders on their AI adoption journeys","updated_at":"2025-02-18T18:32:51.428Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/ai-adoption-lessons-from-it-leaders","publish_details":{"time":"2025-02-18T18:32:56.516Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt408e66147d1079fb","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic Cloud and Elasticsearch logsdb index mode help financial institutions optimize data retention, ensure compliance with regulations, and reduce costs with efficient storage solutions.","author":["bltce462b8f0bc7868a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-02-14T17:21:40.679Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa371f9cbefd2425b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the amount of data being created and stored worldwide is increasing rapidly, financial institutions are tasked more with managing vast volumes of data while ensuring compliance with stringent regulatory requirements. These regulations, such as GDPR, MiFID II, PCI DSS, and SOX, can vary significantly depending on jurisdiction and often require the retention of data for extended periods — sometimes ranging from \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ethree to ten years\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The data that falls under these regulations is vast, covering transaction data, communication data, audit logs, and more. And this is not just a legal obligation but also a critical component of maintaining high customer service standards and operational integrity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs every attorney in the securities industry knows, the first order of business in any case is to make a motion to preserve and retain all forms of communications. That could be text messages, emails, or messages that were transmitted through any kind of electronic communication like social media apps or messaging apps. As it turns out, managing to retain and produce this data across electronic communications can be a challenging task for financial services companies. This \u003c/span\u003e\u003ca href=\"https://www.reuters.com/legal/transactional/save-your-messages-secs-focus-document-retention-continues-into-2024-2024-02-20/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eReuters article\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e outlines the complexities of data management and highlights the cost associated for being in violation of SEC recordkeeping requirements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud offers robust solutions to help financial services companies meet their compliance requirements efficiently and cost-effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lowering data storage costs with Elasticsearch logsdb index mode","_metadata":{"uid":"cscfae3a2159a77b12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-17-0#elasticsearch-logsdb-index-mode\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can significantly reduce data storage costs by efficiently storing and searching essential log data. Logsdb index mode can cut data storage costs by up to 65%, making it a strategic choice for financial services companies looking to optimize their data management budgets. By using logsdb index mode, financial services companies can maintain comprehensive log data for compliance and auditing purposes without running up excessive costs. This capability ensures that critical log data remains accessible and manageable, supporting long-term data retention strategies while adhering to budget constraints.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Optimized and cost-effective data tiers","_metadata":{"uid":"cs2261fa87c16493d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnlike other data platform leaders, Elastic's data tiering approach optimizes data management by categorizing data into storage tiers based on access frequency and cost:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Designed for frequently accessed, critical data that you need to analyze quickly. Data in the hot tier is typically retained for one to seven days for immediate analysis.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Suitable for infrequently accessed, read-only data and uses low-cost object storage like AWS S3. It balances cost and performance through caching and partial restores.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFrozen tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ideal for long-term retention, storing data entirely in object storage for up to two years or longer. Elasticsearch's unique \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003e\u003cspan style='font-size: 12pt;'\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e capability enables direct searches without any rehydration and maintains efficient search performance. Most Elastic customers adopt a hot-frozen architecture, where data is stored for one to three days in the hot tier and the rest are in the frozen tier. This approach significantly reduces costs while retaining high levels of search performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's cold and frozen tiers perform with search speeds comparable to competitors' hot tiers, often eliminating the need for a warm tier. This approach allows storage of up to 20 times more read-only data at the same cost — reducing total ownership costs and enhancing data availability, compliance, and business outcomes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9074252c00b47449"}}},{"image":{"image":{"uid":"blt61a4862da1fc1924","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-14T17:22:54.572Z","updated_at":"2025-02-14T17:22:54.572Z","content_type":"image/png","file_size":"433561","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-14T17:24:16.419Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61a4862da1fc1924/67af7bee2cc2e385575e0d8f/image1.png"},"_metadata":{"uid":"cs989ebd2f95b217e5"},"caption_l10n":"","alt_text_l10n":"elastic searchable snapshots","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Adding value through searchable snapshots","_metadata":{"uid":"cs06673d4963033db2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSearchable snapshots allow you to retain data in low-cost object storage that’s managed through Elastic and to search without rehydration — avoiding delays, transit costs, and potential data residency issues. This is particularly beneficial for data in the frozen tier, where the cost of storage is minimized. However, the data remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSnapshot creation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Data from the Elastic cluster is periodically captured and stored as snapshots in the chosen object storage repository. These snapshots are point-in-time copies of indices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearchability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Unlike traditional snapshots that require rehydration before querying, searchable snapshots enable direct querying of data stored in object storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost efficiency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e By storing data in object storage through Elastic, financial services companies benefit from the lower costs associated with these services compared to traditional block storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFast performance via cache:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic uses cache for frequently used searches, which speeds up queries. If a search requires data that is not in the cache, Elasticsearch fetches the missing data from the snapshot repository. Searches that require these fetches are slower, but the fetched data is stored in the cache so that similar searches can be served more quickly in the future. Elasticsearch will evict infrequently used data from the cache to free up space. The cache is cleared when a node is restarted.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis approach significantly reduces the total cost of ownership, making it an ideal choice for financial services companies focused on cost containment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Using a snapshot repository to offload longer-term data","_metadata":{"uid":"cse6c3272c4198b017"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integrates with multiple object storage solutions, allowing financial institutions to offload data to a repository of their choice, such as AWS, Azure Blob Storage, or Google Cloud Platform. \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eElasticsearch also offers the option to store data locally for use cases that require regulation or data sovereignty.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere’s how it works:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSet up repository:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In Elastic Cloud, configure a snapshot repository using your preferred cloud storage service. This involves setting up the necessary credentials and permissions to allow Elastic to store and retrieve data from your chosen storage solution.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCreate searchable snapshots:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Once the repository is configured, create searchable snapshots of your indices. These snapshots are stored in the configured repository and can be queried directly without needing to restore them to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOptimize costs and flexibility:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e By using your own storage accounts, you maintain control over your data and can optimize costs based on specific performance needs and retention requirements. Searchable snapshots provide a cost-effective way to retain long-term data while ensuring it remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more about snapshot repositories\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A scalable solution for data growth","_metadata":{"uid":"cs76abb06f21c7dae0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s data tiering strategy — from hot to frozen — provides financial services companies with a powerful, cost-effective solution for managing long-term data retention and compliance. By using advanced features, such as searchable snapshots and tiered storage, financial organizations can ensure regulatory compliance, optimize operational efficiency, and maintain customer trust — all while controlling costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs financial services continue to navigate the explosion of data (often in a legacy systems environment), tools like Elastic Cloud will be indispensable in enabling smarter, more agile data management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more detailed guidance on setting up searchable snapshots and integrating with cloud storage, see Elastic’s documentation guides or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services/contact\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereach out to us directly\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9fdd7618ba19e9b2"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csbfb48effbd38600c"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLive log and prosper: Elasticsearch newly specialized logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-do-incremental-snapshots-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow do Elasticsearch snapshots work?\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-splunk-data-tiers-differences\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat’s the difference? Elastic and Splunk data tiers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/searchable-snapshots-benchmark\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIce, Ice, Maybe: Measuring Searchable Snapshots Performance\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2b0fcc54aca7acf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs766517b7ded98c1c"}}}],"publish_date":"2025-02-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Optimize financial data retention and compliance with Elastic Cloud solutions","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic Cloud empowers financial institutions to optimize data retention, ensure compliance with regulations like GDPR and PCI DSS, and contain costs with advanced tiering and searchable snapshots.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blta7d499adb075787c","_version":1,"title":"Clouds over the city.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-14T17:21:38.910Z","updated_at":"2025-02-14T17:21:38.910Z","content_type":"image/jpeg","file_size":"164789","filename":"Clouds_over_the_city.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-14T17:24:16.404Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta7d499adb075787c/67af7ba2cb5ff171cc0624ea/Clouds_over_the_city.jpg"},"title":"Logging compliance and cost containment in financial services","title_l10n":"Logging compliance and cost containment in financial services ","updated_at":"2025-02-14T17:47:19.870Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/logging-compliance-and-cost-containment-in-financial-services","publish_details":{"time":"2025-02-14T17:47:25.537Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt59a8d562bb2359bd","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"This article deciphers the data storage tiers of Elastic and Amazon OpenSearch Service, explaining their distinctions and functionalities to ensure effective and cost-efficient data management. ","author":["blta7f0603fbcf41094"],"category":["bltb79594af7c5b4199"],"created_at":"2024-01-17T18:33:58.136Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse3e7b6d350920a0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the realm of data management, terms like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e get tossed around frequently when discussing how data should be made available and/or retained given different performance requirements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen comparing Elastic®’s data tiers to Amazon OpenSearch Service tiers, there’s yet another challenge — the same terms don't mean the same thing. Through this explanation, we seek to clear up any misconceptions around similar data tier terminology between Elastic and Amazon OpenSearch Service. With the insights provided here, you'll be in a prime position to strategically manage your data, maximizing performance while minimizing costs. This chart is a handy summary:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs33abd3673656e3a4"}}},{"image":{"image":{"uid":"blt78ace15a436b98a3","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:15.564Z","updated_at":"2024-02-27T16:27:15.564Z","content_type":"image/png","file_size":"1004948","filename":"imagen.png","title":"imagen.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.937Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt78ace15a436b98a3/65de0d63c7f05b89a38674f7/imagen.png"},"_metadata":{"uid":"cs1f810bcfc0470222"},"caption_l10n":"","alt_text_l10n":"hot cold","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9e7d0becdc314412"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWhat are data tiers?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e At a fundamental level, data tiers are distinct storage levels that classify data based on criteria like access frequency, cost efficiency, and performance needs. They allow for optimized data organization and can help reduce costs by aligning storage expenses with the value of the information over time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What a difference a tier makes","_metadata":{"uid":"cs03032a6e06f29c9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe concept of data tiers is present in most data platforms, especially in those that deal with observability and/or security tools. The volume of data collected by these tools is usually very high, with thousands/millions of events per second being processed and made available for searching, dashboarding, and alerting. Observability and security also have a shared characteristic: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ethe most recent data is also the most valuable\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, as teams administering these tools rely on the signals being collected to take immediate action in case of problems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo it makes sense for data to be ingested and stored with the fastest possible hardware and moved “down” to cheaper, less powerful hardware as time passes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data journey in Elastic","_metadata":{"uid":"cs23ddf8a9db9b4f1a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic has five tiers, which can be independently or collectively utilized depending on your specific use case:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHot:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Your data always arrives here first, and it’s highly-available in real time, scalable, and offers the best possible performance (assuming best practices are adhered to). This is where you keep data that you need to access and manipulate frequently.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWarm:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This tier allows for more cost-effective hardware utilization, where data that isn’t in immediate demand (but still relatively important) can reside. You can move data to this tier and optimize it (by\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-forcemerge.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e force-merging the segments\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for instance), so searches are as fast as possible. Data in this tier is still scalable with replicas, just like in the Hot tier so as to meet search demands if needed.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Here it ensures at least one copy of the data will always be allocated to the node and searchable at any given moment. The Cold tier uses object storage to aid in data restoration should there be a failure or a need to alter the topology of the cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In this tier, data is less frequently accessed and allows for cost savings as it leverages the lowest cost storage and reduces compute resources. Data is searchable, but it must be restored back into a searchable state, which is done automatically and transparently with Elasticsearch®’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSnapshots:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Snapshots are essentially data backups — point-in-time copies of your indices. These can be used for various purposes, such as data recovery in case of a loss, creating clones of indices for testing or staging environments, or for migrating data between clusters. Snapshots are stored in a repository, which could be on different storage systems like a local filesystem or object storage (e.g., GCS, S3) and must be manually restored for data to be searchable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs47dff46a7437679b"}}},{"callout":{"title_l10n":"Wait, what is a “shard”?","_metadata":{"uid":"cs5763fa8e53550292"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elasticsearch (and therefore also OpenSearch), a “shard” is essentially a self-contained index that holds a portion of your data, enabling the distribution of large data sets across multiple nodes (servers) for improved performance and scalability.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are two types of shards: primary shards and replica shards. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePrimary shards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are the main containers where data is first stored; each record is stored in only one primary shard. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReplica shards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are copies of the primary shards that provide redundancy in case of a failure and also allows the system to handle more read requests by load balancing search queries across the replicas. To a newcomer, you can think of shards as individual chapters of a book; while each chapter (shard) contains a different section of the story (data), multiple printed copies (replicas) ensure that even if one gets lost, the story can still be fully read.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Data journey in Amazon OpenSearch Service","_metadata":{"uid":"cs6848e1af963b8c49"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAmazon OpenSearch Service has four tiers:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHot:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Your data always arrives here first, and it’s highly-available in real time, scalable, and offers the best possible performance, assuming best practices are adhered to.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOR1:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Data is both readable and writable,\u003c/span\u003e\u003ca href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/or1.html\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as OR1\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e has compute power permanently attached to it, but there are no replicas. Data is restored from object storage in case of failure.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This tier is designed for cost-effective storage and querying large data volumes that are accessed less frequently. UltraWarm nodes in Amazon OpenSearch Service provide a secondary storage tier that keeps data queryable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Data in OpenSearch’s Cold tier typically incurs lower storage costs, but it’s not directly searchable. Accessing Cold data generally involves manually restoring the data to a warmer tier, which is then made searchable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Side-by-side comparison","_metadata":{"uid":"csdb53928da220e13a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow we can compare the tiers in terms of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003edata access\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e capabilities: can data be read and written or is it read-only? Does it need to be manually restored or is the “thawing” process automatic? Here’s what each “band” represents:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Read + Write","_metadata":{"uid":"csd11fb6012e099a0a"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"cs4eddcd9177338b94"}}},{"image":{"image":{"uid":"blt67de1fb5c56e10c8","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:40.120Z","updated_at":"2024-02-27T16:27:40.120Z","content_type":"image/png","file_size":"411158","filename":"imagen_(1).png","title":"imagen_(1).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.915Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67de1fb5c56e10c8/65de0d7cd781fe36a9e73690/imagen_(1).png"},"_metadata":{"uid":"cs1aa00b0869931add"},"caption_l10n":"","alt_text_l10n":"Read + Write","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5a35e385038d0c04"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis band considers \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in both Elastic and OpenSearch as their fastest tier. Since they are supposed to be equivalent, we compared their performance \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-opensearch-performance-gap\"\u003e\u003cspan style='font-size: 12pt;'\u003ein this blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next tier, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOR1\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Amazon OpenSearch Service both allow data to be updated but have differences in terms of scalability — while Elastic's \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e allows for replicas and lets you scale to meet search demands, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOR1\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e does not, since only the primary shards are allowed to be used.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Read-Only","_metadata":{"uid":"csd71e7b3a05979a18"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"cse8d14754f3f4b41b"}}},{"image":{"image":{"uid":"blt8225c4329e53a027","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:53.082Z","updated_at":"2024-02-27T16:27:53.082Z","content_type":"image/png","file_size":"535430","filename":"imagen_(2).png","title":"imagen_(2).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.896Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8225c4329e53a027/65de0d89d85aff56b647bd11/imagen_(2).png"},"_metadata":{"uid":"cs7dc9fe8f78b6cc35"},"caption_l10n":"","alt_text_l10n":"Read-Only","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2835f6e9b4906345"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis band does not allow for data to be updated (written); it only allows for data to be migrated from other tiers. All tiers in this group have object storage backup and no replicas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBoth \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tier in Elastic and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in Amazon OpenSearch Service store the data in object storage as snapshots and retrieve this data if a search is issued in any of the involved indices. Only then the data is made available and then cached for subsequent searches. However \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003enodes come in only \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/opensearch-service/pricing/#UltraWarm_and_cold_storage_pricing\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etwo configurations currently\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: either one that can address 1.5TB of snapshot data or another that can address 20TB of snapshot data. This means that if we wanted to store 100TB worth of data, we would need 5 UltraWarm nodes in Amazon OpenSearch Service but only 2 Frozen nodes in Elastic, which has different \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-default-aws-configurations.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehardware profiles\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with different combinations of vCPU, RAM, and NVMe storage.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFurthermore in Elastic, both \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e rely on the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/searchable-snapshots.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e feature, which allows snapshots as old as 5.0 (released way back in 2016!) to be searched \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/archive-indices.html#archive-indices-supported-field-types\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewithout the need to be restored to an active cluster\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — this is very useful for governance and compliance, security investigations, and historical lookbacks regardless of what Elasticsearch version you are on.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Archive","_metadata":{"uid":"cs442e531a438e5d88"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"csdb58c4d1b9f5067a"}}},{"image":{"image":{"uid":"bltd30965f59bde3d8f","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:28:27.944Z","updated_at":"2024-02-27T16:28:27.944Z","content_type":"image/png","file_size":"229040","filename":"imagen_(3).png","title":"imagen_(3).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.873Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd30965f59bde3d8f/65de0dabffa94a7c493d379a/imagen_(3).png"},"_metadata":{"uid":"cs1e200f95f4298898"},"caption_l10n":"","alt_text_l10n":"archive","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5319d5c37b44d008"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSnapshots are stored in a repository, which could be on different storage systems like a local filesystem or object storage (e.g., GCS, S3) and must be manually restored for data to be searchable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hardware profiles","_metadata":{"uid":"csae056debc837f8ef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother important aspect to consider is the instance types used in each tier. It’s also important to note Elastic Cloud supports three major cloud providers (AWS, Google Cloud, and Microsoft Azure) with different hardware profiles on each. Amazon OpenSearch Service’s approach designates specific instances (like OR1 and Im4gn) to its service with particular software version requirements and restrictions on EBS volume support.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth Amazon OpenSearch Service and Elastic Cloud on AWS utilize Graviton2 based instances, indicating a shared preference for the performance gains and cost efficiencies of AWS’s ARM-based chipsets. Elastic Cloud on AWS is less prescriptive about the exact use-cases for its instances, providing a selection that includes high compute with fast storage (Graviton2 instances) and a variety of more traditional choices (like C5d, M5d, etc.).\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why does this matter?","_metadata":{"uid":"csba53991159edd02f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNaming conventions can be misleading, causing understandable confusion when trying to align business needs to data storage options among providers. Having a grasp on the actual capabilities of these tiers can help you make more informed and cost-effective decisions regarding data management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis breakdown is meant to dispel misconceptions brought about by the naming overlap in data tiers between \u003c/span\u003e\u003ca href=\"https://www.elastic.co/amazon-opensearch-service\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Amazon OpenSearch Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. With this description of data tiers, you’ll be better positioned to organize your data strategically for performance and cost benefits. It’s critical to move beyond the names and understand the underlying mechanics of each tier to ensure your data strategy is both robust and efficient.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePlease also see the following studies: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/learn/search/elasticsearch-opensearch-roi-infographic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch surpasses OpenSearch in cost efficiency\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e along with how \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/elastic-elasticsearch-outperforms-opensearch-while-using-fewer-resources.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch outperforms OpenSearch while using fewer resources\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8d0893217e804749"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs999b0c5accf08a5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55c9c7bf8c04e1f3"}}}],"publish_date":"2024-01-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Discover the key differences between Elastic and Amazon OpenSearch Service data tiers for smarter, cost-effective data management","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt5869984fd229aa07","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-01-17T21:09:45.364Z","created_by":"bltb6c155cd84fc0c1a","file_size":"93010","filename":"140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg","parent_uid":null,"tags":[],"title":"140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg","updated_at":"2024-01-17T21:09:45.364Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-01-18T15:00:00.879Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5869984fd229aa07/65a84219bad37d91a59dfb87/140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg"},"title":"What’s the difference? Elastic data tiers and Amazon OpenSearch Service tiers","title_l10n":"What’s the difference? Elastic data tiers and Amazon OpenSearch Service tiers","updated_at":"2025-02-13T18:40:21.613Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-data-tiers-amazon-opensearch-service-tiers-differences","publish_details":{"time":"2025-02-13T18:40:27.769Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbdbbd1a4bbc35973","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Take a deeper look into our new Dev Tools Console with Monaco-powered editing, improved UI, and new features like multilanguage request copying.","author":["bltdd1d8738e939ec45"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-13T14:12:44.977Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa33756e0494003f9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Dev Tools Console in Kibana has been an important feature for developers and operators who interact with Elasticsearch. In Kibana 8.16, we’re excited to unveil a major upgrade to the Console, bringing you a more modern and user-friendly experience. This update is a result of extensive user feedback, a vision to provide a seamless development environment, and the fact that Console has not been updated since its initial implementation — so it was time for a fresh, new look. Let’s dive into what’s new!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs40c6abbd33b3cca8"}}},{"image":{"image":{"uid":"blte384265353f4c32c","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:13:11.242Z","updated_at":"2025-02-13T14:13:11.242Z","content_type":"image/png","file_size":"314382","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.763Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte384265353f4c32c/67adfdf7286df0705bf37640/image4.png"},"_metadata":{"uid":"cs9c026fbbae128381"},"caption_l10n":"","alt_text_l10n":"Dev Tools Console in Kibana","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"A 2-phase transformation","_metadata":{"uid":"cs59fabe0de96f6978"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Phase 1: Migrating to the Monaco editor","_metadata":{"uid":"cscc9d25930fc1153a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the most notable changes in this release is the migration of the Console’s editor — for both input and output — from the Ace editor to the Monaco editor. If you’re familiar with VS Code, Monaco is the editor behind its success. This change was driven by Monaco's status as a modern, well-maintained editor. And it aligns with the broader effort to migrate all editors in Kibana from Ace to Monaco, ensuring consistency and a unified user experience across the platform.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Phase 2: UI enhancements","_metadata":{"uid":"csd05fc6b42befd2f2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo complement the power of the Monaco editor, we revamped the Console’s UI to make it cleaner, more intuitive, and packed with new capabilities. Here are some key improvements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCopy requests in multiple languages:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Previously, Console only supported copying requests as cURL. Now, you can also copy requests in JavaScript and Python, enabling smoother integration with your preferred development environment.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs818fd3d61d5c4afc"}}},{"image":{"image":{"uid":"blt751068855135f031","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:13:21.569Z","updated_at":"2025-02-13T14:13:21.569Z","content_type":"image/png","file_size":"349148","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.774Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt751068855135f031/67adfe01d91e1b0b40007f24/image6.png"},"_metadata":{"uid":"cseb4a2e0658dc6af3"},"caption_l10n":"","alt_text_l10n":"select a language","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs12d3d5910cfc2eec"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRedesigned toolbar:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The toolbar now features clearer icons and tooltips alongside new functionalities, such as exporting requests to a file or importing files directly into the input editor.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csd378c1ce3c53f2ed"}}},{"image":{"image":{"uid":"blt9e07094aae89e6ff","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:14:57.706Z","updated_at":"2025-02-13T14:14:57.706Z","content_type":"image/png","file_size":"31052","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.848Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9e07094aae89e6ff/67adfe6124d331316a7480c7/image1.png"},"_metadata":{"uid":"cs0d220c95cc608384"},"caption_l10n":"","alt_text_l10n":"toolbar","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2d28b8d139648d27"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced panels:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The input and output panels have been refreshed with a modern design and include additional buttons to clear the input and output effortlessly, streamlining your workflow.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSimplified configurations: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccess and adjust Console settings and variables more easily through an improved \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfigurations\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tab, requiring fewer clicks to make changes.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs0d7841a450713e73"}}},{"image":{"image":{"uid":"blt0a4dd4da8cb97026","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:09.893Z","updated_at":"2025-02-13T14:15:09.893Z","content_type":"image/png","file_size":"225356","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.858Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0a4dd4da8cb97026/67adfe6d2cc2e35bd05dfd0d/image5.png"},"_metadata":{"uid":"csb2d5a2c850bdd8e0"},"caption_l10n":"","alt_text_l10n":"console settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3aa05a14c1a354ca"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved history: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe History tab has a new and improved design with a Monaco output editor and the capability to directly add and run a request in the Console shell.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs784e7942a810dbbc"}}},{"image":{"image":{"uid":"bltb8dc701be078faef","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:22.951Z","updated_at":"2025-02-13T14:15:22.951Z","content_type":"image/png","file_size":"95105","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.794Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb8dc701be078faef/67adfe7a4808981324cb79a2/image3.png"},"_metadata":{"uid":"cs23db483f1bd51128"},"caption_l10n":"","alt_text_l10n":"history","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3e661f4a45c80fb0"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved responsiveness: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eConsole now dynamically adjusts to smaller screen sizes by switching from a horizontal to a vertical layout.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs907c25865ef183c9"}}},{"image":{"image":{"uid":"blt4269b43a009f42cb","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:35.020Z","updated_at":"2025-02-13T14:15:35.020Z","content_type":"image/png","file_size":"193933","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.868Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4269b43a009f42cb/67adfe87286df09911f3764a/image2.png"},"_metadata":{"uid":"cs8592f7174f0a986d"},"caption_l10n":"","alt_text_l10n":"enter a new request","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Why the updates matter","_metadata":{"uid":"csdc74f9252f961eac"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese updates are more than just cosmetic; they’re also designed to enhance productivity, eliminate inefficiencies, and make the Dev Tools Console more enjoyable to use. Whether you’re crafting complex queries, debugging responses, or exploring Elasticsearch APIs, the new Console equips you with the tools to get the job done faster and with greater precision.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"cs40d995cef63cfd21"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re always listening to your feedback and exploring ways to make the Console even better. If you haven’t already, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/upgrade.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to Kibana 8.16+\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and experience the new Dev Tools Console firsthand. We’d love to hear your thoughts as we continue to iterate and improve.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting updates. And as always, happy querying!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs194c9b4dc68aff21"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs85f0d34d6746fe66"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1c991043c532e101"}}}],"publish_date":"2025-02-13","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8d4cb8d29127f92e","_version":1,"title":"139686 - Elastic - Headers - V1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:12:43.045Z","updated_at":"2025-02-13T14:12:43.045Z","content_type":"image/jpeg","file_size":"180673","filename":"139686_-_Elastic_-_Headers_-_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.783Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d4cb8d29127f92e/67adfddbd5c33d2e2bf0bae1/139686_-_Elastic_-_Headers_-_V1.jpg"},"title":"Introducing the new Dev Tools Console in Kibana","title_l10n":"Introducing the new Dev Tools Console in Kibana","updated_at":"2025-02-13T14:18:37.359Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/dev-tools-console-kibana","publish_details":{"time":"2025-02-13T14:19:49.450Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt80888c2d5367714f","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"We asked Elastic recruiters for their best tips on how to stand out in the application and interview process — and what they advise their candidates. Here’s what they had to say.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2025-01-16T02:07:16.989Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs03541018322bbb8f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNew year, new job. If you’re hoping to land a new role in 2025, January and February is the prime time to polish your resume and hone your interviewing skills.\u003cbr /\u003e\u003cbr /\u003eWe asked Elastic recruiters for their best tips on how to stand out in the application and interview process — and what they advise their candidates. Here’s what they had to say.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCreate a detailed resume\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDedicate time to creating a resume that is detailed without being lengthy.\u0026nbsp; Add bullet points for each job that you’ve had, highlighting your day-to-day experiences and your accomplishments, like quota achievements or impacts on a project — with numbers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s also important to tailor your resume for the specific job you’re applying for, says Charlie White, senior recruiter.\u003cbr /\u003e\u003cbr /\u003eCharlie recommends analyzing the job description before you apply to see if there are any key skills, tools, or experiences that are a requirement for the job. More often than not, there will be, so add those to your resume.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“To go a step further, if you have the direct tool or experience they are looking for, be sure to add a specific bullet point on how you used/implemented it in your experience,” Charlie says. “Don’t just add it to your skills section. You want to showcase your abilities to give you the best chance possible of being shortlisted or picked for an interview.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003ePrepare an elevator pitch\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHave an elevator pitch or compelling story of your background ready to share with a recruiter or hiring manager.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIsam Nouidei, recruiter, field ops AMER, shares an example.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“A strong candidate for a sales position can effectively convey their motivation by discussing what they admire about the company’s solutions and referencing specific use cases that align with their career aspirations. They should prepare examples from their past experiences, highlighting challenges they faced, the strategies they employed to overcome them, and the measurable results achieved against targets.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePreparing an elevator pitch will not only help you home in on the story you want to tell, but it also allows you to practice talking about yourself, your interests, and your achievements. Put together a few versions and share them with mentors, trusted coworkers, or friends for their feedback. When it’s finalized, practice saying it out loud so that when it comes time to talk to a recruiter or hiring manager, you’re confident and comfortable.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCome with a positive attitude\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCandidates who stand out typically possess relevant experience, a positive attitude, and effective communication skills throughout the interview process, says Isam.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Showcasing a positive attitude is crucial; candidates can illustrate how they handle objections or navigate situations requiring them to learn new skills or turn a business around,” he says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare stories of resilience and grit, Isam recommends, such as successfully addressing client concerns or adapting to market changes. These types of stories demonstrate determination and ability to thrive in challenging environments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Aim to communicate clearly and concisely while demonstrating motivation and genuine interest.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eSend a thank you note\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe thank you note isn’t dead. In fact, sending a thank you note to your hiring team still goes a long way and sets you apart.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou would be amazed at how many candidates never follow up after an interview, Charlie\u0026nbsp; says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Sending a personalized thank you to each interviewer and highlighting the aspects of the job that excite you the most not only reconfirms your interest in the role but also shows a great passion to join the team as well as displays a collaborative nature about you,” he says.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eGet started on your 2025 job search. \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBrowse open roles.\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0a3ce885a387dcea"}}}],"publish_date":"2025-01-16","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt976458d281b37c84","_version":1,"title":"173436 - Recruiting tips D3 - 1.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-02-12T19:18:27.548Z","updated_at":"2025-02-12T19:18:27.548Z","content_type":"image/jpeg","file_size":"166302","filename":"173436_-_Recruiting_tips_D3_-_1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-12T19:21:15.571Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt976458d281b37c84/67acf403a40f6603c2b31c28/173436_-_Recruiting_tips_D3_-_1.jpg"},"title":"Elastic recruiters reveal how to stand out in your job search","title_l10n":"Elastic recruiters reveal how to stand out in your job search","updated_at":"2025-02-12T19:20:06.678Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-elastic-recruiters-reveal-how-to-stand-out-job-search","publish_details":{"time":"2025-02-12T19:21:15.413Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt382f640fe21e7f94","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltd4bc376d489a0c78"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-10T23:37:27.775Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.16.4 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.4 over the previous versions 8.16.3\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).\n","modular_blocks":[],"publish_date":"2025-02-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.16.4 released","title_l10n":"Elastic Stack 8.16.4 released ","updated_at":"2025-02-10T23:38:02.395Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-4-released","publish_details":{"time":"2025-02-11T13:56:41.798Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltaeea7bf7876a2185","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.\n","author":["blta248c27b7b7978db"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-10T23:06:59.147Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.17.2 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.17.2 over the previous versions 8.17.1\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.17/new.html).","modular_blocks":[],"publish_date":"2025-02-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.17.2 released","title_l10n":"Elastic Stack 8.17.2 released ","updated_at":"2025-02-10T23:06:59.147Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-17-2-released","publish_details":{"time":"2025-02-11T13:56:21.841Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt68b2e9dbf6597c14","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how the Elastic Infosec team created a full inventory of all browser extensions using osquery and Elastic Security with examples on building detections to alert the security team when a known bad browser extension is installed on a workstation.","author":["blt06048a64b0c2b959"],"category":["blte5cc8450a098ce5e"],"created_at":"2025-02-06T04:20:35.256Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs52b52feb2544624d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting. This blog post explores how the Elastic Infosec team uses \u003c/span\u003e\u003ca href=\"https://www.osquery.io/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eosquery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the Elastic Stack to create a real-time inventory of all browser extensions and detection rules as well as how to notify the team if a workstation has a known compromised browser extension. This solution is built entirely using osquery, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/endpoint.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Defend integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/siem\"\u003e\u003cspan style='font-size: 12pt;'\u003eSIEM capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Threat actors targeting browser extensions","_metadata":{"uid":"csd04f4503e06b28af"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere has been an increased focus from threat actors in targeting browser extensions as a way to steal information or compromise users — and even some \u003c/span\u003e\u003ca href=\"https://secureannex.com/blog/cyberhaven-extension-compromise/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat actors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://cybernews.com/security/25-chrome-extensions-breached-hackers-are-after-user-data/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edirectly target\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e the developers of legitimate extensions with the goal of adding malicious code.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith enough permissions, a browser extension has the ability to view or change any information on any website you visit with your browser and collect sensitive information passed to the websites, such as the usernames, passwords, or bank account information. Extensions could access and steal any website’s stored authentication tokens. They can even change the content of a website to socially engineer a user into downloading malware onto their workstation like changing the destination of a link, for example.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enterprise challenges","_metadata":{"uid":"cs88dc1cd4016ed760"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eManaging browser extensions in an enterprise poses some complex challenges.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExtensions are installed per profile within the browser.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach user account on a workstation can have multiple different profiles within each of their browsers, such as a personal profile and a work profile.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is common to see workstations with five or more different user profiles — each with their own set of installed extensions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are some options, such as managed browsers that can control the installed extensions for the corporate profiles by creating \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eallow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eblock\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e lists for extensions, but these solutions don’t manage noncorporate profiles on those workstations. The personal browser extensions on corporate workstations still represent a risk to your company if the user logs into work systems from their personal profile. Another risk scenario is that the personal extension could dynamically change the destination of a clicked link, causing a user to download a malicious file to their work system.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Deploy and manage osquery within Kibana","_metadata":{"uid":"cs92c686e1cb3f8fc1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eosquery is an open source agent that works on almost all modern operating systems (OS). It treats each OS like a relational database with tables that you can query to gather information about the current state of the system. You can query the 200+ tables in the\u003c/span\u003e\u003cspan style='color:rgb(64, 64, 64);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eschema\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(64, 64, 64);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efor information, such as running processes; installed browser extensions; Python libraries; loaded docker containers; loaded kernel modules; open network connections; connected USB devices; and many more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we protect all of our workstations with our own \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/xdr\"\u003e\u003cspan style='font-size: 12pt;'\u003eXDR capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which includes deploying Elastic Agent to all of our workstations for distributed protection and response. One of the great features of Elastic Security is the ability to easily deploy and manage osquery to your endpoints using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/osquery_manager.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eOsquery Manager integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within Kibana. The osquery integration is included in the Basic license — there are no additional licensing costs to deploy it within your fleet of agents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Advantages of using osquery with Elastic","_metadata":{"uid":"cs01d4274ba84de101"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Defend and other endpoint detection and response (EDR) agents can stream real-time process, network, and file logs from a workstation. But these audit logs can’t tell you all of the information about the state of the OS,such as installed browser extensions. This is where osquery comes in. It lets us capture a snapshot of the current state of a workstation so that we know which \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extensions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eChrome extensions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e users have.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith a few \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/manage-osquery-integration.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eclicks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Kibana, you can deploy osquery to all of your workstations and manage and view your queries directly within the Elastic Stack — no extra infrastructure is required when you manage osquery with Kibana. Another advantage of using osquery with Elastic is that the results of all queries are immediately ingested into an Elasticsearch index and available for all of the various use cases. Ingesting the results into your Elastic Stack also provides you with a historic timeline of your queries, which you can use to see when hardware and software changes were made to a system over time.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eFor more information about using osquery in Elastic, check out the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/osquery.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eosquery documentation guide\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Using osquery in Elastic","_metadata":{"uid":"cs8f1acc290c507fb4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWithin osquery, there are two ways to run a query — immediately as a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003elive query\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or as part of a regularly scheduled group of queries that osquery refers to as a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003equery pack\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Live query","_metadata":{"uid":"cs56fb8e90e81dceff"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA live query will run a single query against one or more hosts. Live queries are a good way to build and refine your queries during testing or to hunt for specific indicators during an investigation. When selecting the hosts to run a live query in Elastic, you can select hosts individually, all hosts in a fleet policy, or by operating system. If an agent is offline when you run the live query, it will stay queued if the agent comes online within the next 60 minutes; otherwise, it will be cleared. A feature in the Elastic version of osquery are \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003esaved queries\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This feature makes it easy to preconfigure commonly used complex queries that can then be used by other team members.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Query pack","_metadata":{"uid":"cs8206af5e1f023964"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA query pack is a collection of preconfigured queries that are scheduled to run at different intervals. Each query in the pack can specify which OS platform it will run on, so a single pack can be used safely on a policy with multiple OS. A query pack can be exported and imported as a .json file to allow you to quickly add a pack in Kibana. osqery provides some \u003c/span\u003e\u003ca href=\"https://github.com/osquery/osquery/tree/master/packs\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esample packs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get started, or you can try out the \u003c/span\u003e\u003ca href=\"https://github.com/aarju/osquery-packs-and-dashboards/blob/main/osquery%20packs/browser_monitoring.conf\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebrowser_monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e pack we use to inventory our browser extensions.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Creating an inventory of all extensions with osquery","_metadata":{"uid":"csd3982fc5193526d0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Infosec team has configured the \u003c/span\u003e\u003ca href=\"https://github.com/aarju/osquery-packs-and-dashboards/blob/main/osquery%20packs/browser_monitoring.conf\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebrowser_monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e pack to run every six hours on all of our workstations to create an inventory of all browser extensions. We run the queries every six hours because Elastic is a globally distributed company, and we can’t predict the working hours of our users.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ad6623fffa998b7"}}},{"image":{"image":{"uid":"blt246e4e2e025155b6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:19.151Z","created_by":"bltb6c155cd84fc0c1a","file_size":"120021","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2025-02-06T04:06:19.151Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.689Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt246e4e2e025155b6/67a4353b4405de67c64b213b/image1.png"},"_metadata":{"uid":"csd34a149f7eb147b5"},"caption_l10n":"browser_monitoring query pack ","alt_text_l10n":"browser_monitoring query pack ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7975ce5909eda685"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBecause of the complexity that comes with multiple user profiles, the queries to collect browser extension information require a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eJOIN\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e operator to join the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eusers\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e table to the extension table. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eJOIN\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e operator will combine two tables together using a common field that exists in both tables. In this case, it is the user ID \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003euid\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa198e868a14c4941"}}},{"code":{"code":"SELECT * FROM users JOIN chrome_extensions USING (uid)\n","_metadata":{"uid":"csa99de922f0a5d837"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3936c2fdd773bc0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe results from the pack queries can also be seen directly in the osquery UI with links to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/security-examine-osquery-results.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eopen the results\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of each query in Kibana Discover or Lens.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs864b475af6a12bba"}}},{"image":{"image":{"uid":"bltc86339f0b6ec6495","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:33.774Z","created_by":"bltb6c155cd84fc0c1a","file_size":"266047","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2025-02-06T04:06:33.774Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.678Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc86339f0b6ec6495/67a435498de79c12eab8f8d9/image4.png"},"_metadata":{"uid":"csa1990a75937f4bad"},"caption_l10n":"browser_monitoring results view ","alt_text_l10n":"browser_monitoring results view ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs888169e767f5fab3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe results from all queries are stored directly into the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elogs-osquery_manager.result*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e index pattern. The results from a scheduled pack query can be found using the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaction.id\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field. For pack results, this field follows the naming convention of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epack_{pack_name}_{query_name}\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. We are using a pack named \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebrowser-monitoring\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a query named \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echrome_extensions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. To view the results of this query, you can query for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaction_id: \"pack_browser-monitoring_chrome_extensions\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen viewing the results of the osquery in Discover you will see that each of the fields from the osquery schema \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extensions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003etable\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are indexed with the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field name. When viewing information about Chrome extensions, the fields we use most often are the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.identifier\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.permissions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.profile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.version\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseadc59470eb22437"}}},{"image":{"image":{"uid":"blted71ebe6a4477742","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:44.332Z","created_by":"bltb6c155cd84fc0c1a","file_size":"135104","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2025-02-06T04:06:44.332Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.710Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted71ebe6a4477742/67a435548de79c69c2b8f8dd/image2.png"},"_metadata":{"uid":"csf70faaf6a9bd6f2c"},"caption_l10n":"Example query results ","alt_text_l10n":"Example query results ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs07feba166651e2e8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere is a full list of the fields available in the chrome_extension query response:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.identifier\u003c/span\u003e is the unique identifier of each extension. With this identifier, you can find the extension on the Google Chrome Web Store, or look up the reputation score of the extension using a service, such as \u003c/span\u003e\u003ca href=\"http://secureannex.com\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eSecure Annex\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003ca href=\"http://crxaminer.tech\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003ecrxaminer.tech\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.name\u003c/span\u003e is the name of the extension as displayed in the Chrome Web Store and in your browser.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.profile\u003c/span\u003e is the Google Chrome profile that the extension is installed in. It is very common for a user to have multiple different Chrome profiles in a single-user account.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.permissions\u003c/span\u003e are the permissions granted to the extension. This field can be used to filter for extensions that are granted dangerous permissions, such as permissions to view or modify requests to every website. Pay close attention to any extensions that have permissions, such as \u003cspan data-type='inlineCode'\u003ehttps://*/*\u003c/span\u003e , which grants the extension access to every \u003cspan data-type='inlineCode'\u003ehttps\u003c/span\u003e website that you access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.version\u003c/span\u003e is the installed version of the extension. In some cases, an extension could have one compromised version, which you want to remove.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.update_url\u003c/span\u003e is the url that the extension uses to check for any updates. If this value is anything other than the standard update path of \u003cspan data-type='inlineCode'\u003ehttps://clients2.google.com/service/update2/crx\u003c/span\u003e, then the extension has been ‘sideloaded’ or installed in some way other than the standard web store and should be investigated.\u0026nbsp;\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother very important osquery table is the \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extension_content_scripts\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003echrome_extension_content_scripts\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This table contains information about each of the javascript files being used by the extensions. If you find that there is a compromised extension on a host, you can use the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.path\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.match\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.script\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e fields from this table to find the full path of each script run by the extension. With this information you can use Elastic Defend’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/response-actions.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eresponse action\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e capabilities to download those files for offline analysis.\u0026nbsp;\u003c/span\u003e \u003c/p\u003e\u003c/p\u003e"},{"title_l10n":"Creating detection rules for bad extensions","_metadata":{"uid":"cse50b852c1738a0ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that you have a live inventory of all browser extensions you can build detections. The most straightforward detection to build is one for known bad extensions. The known bad extension list will likely come from a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/threat-intelligence-intro.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat intelligence\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e report containing known identifiers and versions. For this example, we are going to use the threat intel from the recently reported \u003c/span\u003e\u003ca href=\"https://secureannex.com/blog/cyberhaven-extension-compromise/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCyberhaven extension compromise\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e campaign. At the bottom of the report is a link to a collection of IOCs that contain the name, ID, and version of known malicious extensions.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csb57e78e31581daad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eName\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eID\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVPNCity\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ennpnnpemnckcfdebeekibpiijlicmpom\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.0.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eParrot Talks\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ekkodiihpgodmdankclfibbiphjkfdenh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.16.2\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eUvoice\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eoaikpkmjciadfpddlpjjdapglcihgdle\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.12\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eInternxt VPN\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003edpggmcodlahmljkhlmpgpdcffdaoccni\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eBookmark Favicon Changer\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eacmfnomgphggonodopogfbmkneepfgnh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e4.00\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eCastorus\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003emnhffkhmpnefgklngfmlndmkimimbphc\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e4.40\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eWayin AI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ecedgndijpacnfbdggppddacngjfdkaca\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e0.0.11\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eSearch Copilot AI Assistant for Chrome\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebbdnohkpnbkdkmnkddobeafboooinpla\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVidHelper - Video Downloader\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eegmennebgadmncfjafcemlecimkepcle\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.2.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eAI Assistant - ChatGPT and Gemini for Chrome\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebibjgkidgpfbblifamdlkdlhgihmfohh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e0.1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eTinaMind - The GPT-4o-powered AI Assistant!\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebefflofjcniongenjmbkgkoljhgliihe\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.13.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eBard AI chat\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003epkgciiiancapdlpcbppfkmeaieppikkk\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eReader Mode\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ellimhhconnjiflfimocjggfjdlmlhblm\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.5.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ePrimus (prev. PADO)\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eoeiomhmbaapihbilkfkhmlajkeegnjhe\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.18.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eTackker - online keylogger tool\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eekpkdmohpdnebfedjjfklhpefgpgaaji\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eAI Shop Buddy\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eepikoohpebngmakjinphfiagogjcnddm\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.7.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eSort by Oldest\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003emiglaibdlgminlepgeifekifakochlka\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4.5\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eRewards Search Automator\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eeanofdhdfbcalhflpbdipkjjkoimeeod\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4.9\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eEarny - Up to 20% Cash Back\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eogbhbgkiojdollpjbhbamafmedkeockb\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.8.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eChatGPT Assistant - Smart Search\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebgejafhieobnfpjlpcjjggoboebonfcg\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eKeyboard History Recorder\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eigbodamhgjohafcenbcljfegbipdfjpk\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eEmail Hunter\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003embindhfolmpijhodmgkloeeppmkhpmhc\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.44\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVisual Effects for Google Meet\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehodiladlefdpcbemnbbcpclbmknkiaem\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eCyberhaven security extension V3\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003epajkjnmeojmbapicmbpliphjmcekeaac\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e24.10.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGraphQL Network Inspector\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003endlbedplllcgconngcnfmkadhokfaaln\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.22.6\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGPT 4 Summary with OpenAI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eepdjhgbipjpbbhoccdeipghoihibnfja\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVidnoz Flex - Video recorder \u0026amp; Video share\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ecplhlgabfijoiabgkigdafklbhhdkahj\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.161\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eYesCaptcha assistant\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ejiofmdifioeejeilfkpegipdjiopiekl\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.61\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eProxy SwitchyOmega (V3)\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehihblcmlaaademjlakdpicchbjnnnkbo\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.0.2\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eChatGPT App\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003elbneaaedflankmgmfbmaplggbmjjmbae\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3.8\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eWeb Mirror\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eeaijffijbobmnonfhilihbejadplhddo\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eHi AI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehmiaoahjllhfgebflooeeefeiafpkfde\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csea90c2e5c770e6c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing this list of IOCs, there are two different ways to build a detection. The simplest way is to use these ID and version values to build a single, large Elasticsearch query looking at osquery data for any of these extension identifiers and versions chained together with an \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eOR\u003c/span\u003e operator. For example:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs098c2e3938fd029d"}}},{"code":{"code":"action_id: pack_browser-monitoring_chrome_extensions AND (\n (osquery.identifier: \"nnpnnpemnckcfdebeekibpiijlicmpom\" AND osquery.version:\t\"2.0.1\") \nOR\n (osquery.identifier: \"kkodiihpgodmdankclfibbiphjkfdenh\" AND osquery.version:\t\"1.16.2\") \nOR\n (osquery.identifier: \"oaikpkmjciadfpddlpjjdapglcihgdle\" AND osquery.version:\t\"1.0.12\")\n)","_metadata":{"uid":"cs130b283c758e25cd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf6c75b208da847d7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you are ingesting threat intel feeds to your Elastic Stack using one of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/threat-intelligence-intro.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat intelligence integrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, you can create a more dynamic version of this rule using an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-indicator-rule\"\u003e\u003cspan style='font-size: 12pt;'\u003eindicator match rule type\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. An indicator match rule compares fields in two different index patterns and will trigger an alert when those fields match. If your threat feed supports Google Chrome extension IDs and versions, you can create an indicator match rule that will alert you when an installed chrome extension ID and version matches a known bad extension.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere is an example configuration of an indicator match rule. The indicator index field names will change depending on the threat intel platform being used.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd9ef06a04864b17a"}}},{"image":{"image":{"uid":"bltce37b5fcc1e0fbae","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:59.725Z","created_by":"bltb6c155cd84fc0c1a","file_size":"267621","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2025-02-06T04:06:59.725Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.721Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltce37b5fcc1e0fbae/67a43563ecc9d749ce415095/image3.png"},"_metadata":{"uid":"cs53a4826de528b247"},"caption_l10n":"Example indicator match rule configuration ","alt_text_l10n":"Example indicator match rule configuration ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csecef68ac66c5a793"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe advantage with this method is that there is no need to manually update the detection rule each time a new list of known bad extensions is released or updated. You will immediately be alerted as soon as a new indicator is added to your threat intel index.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"csba92b4cb0ba845f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThreat actors are going to continue to use Chrome extensions as a way to steal valuable information and target systems. If you don’t have visibility of the extensions installed on your workstations, you won’t be able to protect your users from this attack vector. With osquery and Elastic, you can manage and reduce the overall risk to your enterprise with visibility and alerting of browser extensions at no additional licensing costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTry it out for yourself with a 14 day free trial of \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e787c451bedb4fd"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs90e55db2cda9afdb"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor an example of how browser extensions can be used in real-world attacks, check out \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/beyond-the-wail\"\u003e\u003cspan style='font-size: 12pt;'\u003eBeyond the wail: deconstructing the BANSHEE infostealer\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs06aeece9997d7600"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9400e43d6b9602b5"}}}],"publish_date":"2025-02-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6df834d6b3085b00","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-06T04:20:33.199Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149679","filename":"Elastic_Banner_11_(2).jpg","parent_uid":null,"tags":[],"title":"Elastic Banner_11 (2).jpg","updated_at":"2025-02-06T04:20:33.199Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.700Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6df834d6b3085b00/67a438914bee0bea57186ac9/Elastic_Banner_11_(2).jpg"},"title":"How to detect malicious browser extensions using Elastic","title_l10n":"How to detect malicious browser extensions using Elastic","updated_at":"2025-02-06T04:24:47.726Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-to-detect-malicious-browser-extensions-using-elastic","publish_details":{"time":"2025-02-06T07:30:00.652Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5a0c23382fc05857","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Generative AI has already delivered efficiency gains and promises impressive use cases, but IT leaders need it to deliver sustainable value. Discover three ways Elastic’s CIO integrates GenAI strategy into our overall business strategy to drive ROI.","author":["blt91aefbbce7bce7d9"],"category":["bltc17514bfdbc519df"],"created_at":"2024-10-11T02:44:32.654Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf189d17f7e0157b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a CIO, I’m constantly seeking ways to balance cost efficiency with transformative technology. Generative AI (GenAI) promises \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/15-generative-ai-use-cases-enterprise\"\u003e\u003cspan style='font-size: 12pt;'\u003eimpressive use cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, but as the owner of Elastic’s data, information, and technology risk, I need to ensure it delivers real, measurable value to my organization that is sustainable. We’re moving beyond the hype and ensuring our generative AI strategy is not only integrated into the fabric of our business, but drives measurable ROI.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do you do that? To start, you’ll need to shift your perspective of generative AI. It’s not just a one-and-done project, but rather a fundamental part of your business strategy. You’ll want to go from one-off generative AI projects to having a holistic generative AI strategy that produces sustainable business impact. This takes shape in multiple ways across your business.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1af36aa1838b2fea"}}},{"image":{"image":{"uid":"bltaec06456cfc0e460","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-10-11T02:39:54.350Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149130","filename":"Gartner_blog_post-720x420-ok.png","parent_uid":null,"tags":[],"title":"Gartner blog post-720x420-ok.png","updated_at":"2024-10-11T02:39:54.350Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-10-14T14:00:00.577Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaec06456cfc0e460/67088ffa3104e8e6cf90f209/Gartner_blog_post-720x420-ok.png"},"_metadata":{"uid":"cs3723f9aa65a98511"},"caption_l10n":"","alt_text_l10n":"Ways to maximize the ROI on your generative AI strategy","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"1. Integrate GenAI across your business strategy","_metadata":{"uid":"cs92275dec7b46cdc6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvery single company should be exploring and putting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ein its products and services. Whether you’re a telecommunications provider using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/understanding-ai-customer-support\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI to enhance customer support experiences\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eor a retailer using generative AI to help your customers find products faster, you should be exploring ways that it can help your business and your customers. However, as you do this, you will need to ensure that what you do is not only differentiated but is accurate, is consistent, scales, performs, and is measurable. This means choosing the right tools to build into this fabric are just as critical as the experiences they will provide. How are you going to operate and maintain them? What are other factors you should think about?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, ensuring that any products or services we offer are generative AI-enabled is crucial. This isn’t just about adding generative AI and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efeatures — it’s about rethinking how we deliver value to our customers and staying ahead of the competition. We happen to have a great foundation for generative AI —\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eour Search AI technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e— which is a common fabric upon which we build \u003c/span\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003einto our different products and solutions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, we have not only put the\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/ai-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003einto our Observability solution, we also have it in our Security solution, and soon it will be available in our Search solution. We’re able to do this because they share the same underlying platform. And moreover, it’s not just AI assistants — we’re also reimagining the users’ workflow and using generative AI in the background to completely change what the user experiences. For instance, we’re reimagining a security analyst’s experience through\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which again, is built on top of our common Search AI Platform. You can think of putting GenAI in your products and services as the numerator in our equation — a driver for top-line growth.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"2. Maximize productivity and efficiency with GenAI ","_metadata":{"uid":"csc212256fead1e476"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI also allows us to drive efficiency, extend our reach, and simplify operations across the organization when we use the right data. This isn’t just cost-saving — it enables our teams to do more and improves overall productivity. For example, my team, among other teams at my company, is putting generative AI models and our proprietary data to work. From augmenting sales teams with a SalesGPT to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estreamlining customer support\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to helping write marketing emails and more, we’re continuing to \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003ehone our strategy and our use cases\u003c/a\u003e to help our teams now and create a competitive advantage. Cisco has done something similar by using our Search AI technology to help its support engineers search for similar cases in real time to solve customers’ problems. The new search capabilities have enabled \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco to save 5,000 hours\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eper month of support engineer time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut these internal use cases should not be viewed as independent projects. It’s easy for individual teams and departments to dive head first into generative AI projects, buy things off the shelf, and build their own solution, but the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/tool-consolidation#:~:text=Tool%20sprawl%20refers%20to%20the%20creeping%20expansion%20of%20monitoring%20tools%20within%20an%20organization.%20It%20can%20be%20problematic%20because%20it%20leads%20to%20a%20technology%20environment%20with%20data%20silos%20making%20it%20hard%20to%20identify%20and%20troubleshoot%20issues.\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etech sprawl\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill quickly grow out of control. Again, you need to think about the fundamentals: Start with identifying the data you want to use, find the commonality between all these different use cases, and come up with a plan that could scale and be sustainable to operate and maintain.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy adopting generative AI to automate routine tasks, generate insights, and support our teams in real time, we’ve been able to unlock significant productivity gains and reduce operational costs, ultimately boosting the ROI on our generative AI initiative. And at this stage, it’s hard to even call it a “generative AI initiative.” It’s really part of the foundation of our business strategy. It’s completely embedded into everything we do. This phase of optimization is the denominator in our equation — enabling us to reduce costs while enhancing output.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs986c32cb57d0c965"}}},{"banner":{"reference":[{"uid":"blt8389a9fc0b484850","_content_type_uid":"banner"}],"_metadata":{"uid":"cs14b1d48d685cfeaf"}}},{"title_text":{"title_text":[{"title_l10n":"3. Make data-backed, informed decisions with GenAI","_metadata":{"uid":"cse6fc83fc8b22e527"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the near future, I believe generative AI will empower us to make better, faster, and more informed decisions that impact critical business outcomes. You can think of this as the multiplier effect that can truly take your organization to the next level by making every decision count. In this step, we focus on what to buy, build, sell, and invest in.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor instance, your company might employ generative AI models to rapidly generate and analyze different product concepts based on customer preferences, market trends, and competitor data. This would allow your business to quickly decide which product to build and allocate resources to. You’d save time on manual analysis while ensuring that each decision is backed by data-driven, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother example, imagine you’re contemplating buying another company. With a generative AI model that is fed your proprietary data including financial information, company goals, and external market conditions, you can ask the generative AI model if buying the company is the right investment at this time. With the power of your proprietary data, your model will have the data it needs to propose a data-backed, informed decision. By leveraging generative AI in this way, your company can reduce risks, prioritize high-impact projects, and accelerate time-to-market, ultimately boosting ROI.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn order to do this, you need to make sure you have the right data to feed your\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the right technology to facilitate this. At Elastic, we combine the precision that search technology brings to the table with the intelligence of AI to facilitate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieving\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e the data that is best fit for the job to the LLM.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What to avoid to maximize ROI on your generative AI strategy","_metadata":{"uid":"csf7fbdf8c5354a55d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo ensure a strong ROI from your generative AI initiative, avoid jumping into implementation without a clear business problem or objective. Many businesses make the mistake of treating generative AI as a trend rather than a tool with specific use cases that can span your entire organization. Avoid looking at your generative AI project as a one-and-done.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you create a messy ecosystem of one-off apps, everything will be decentralized. And when it comes to compliance, you will struggle. Laws about generative AI are coming. If you can’t tell your customers how generative AI touches their experience, you’re going to be paying hefty fines and/or a lot of money to untangle your web.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How to get started with GenAI","_metadata":{"uid":"cs4424dc860989e78e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRemember, these aren’t separate efforts — they all come together to form one unified approach. Success in AI requires that these pillars work in harmony, reinforcing each other to deliver sustainable impact. With the goal to just get pilots off the ground, you’ll be left with many independent projects and programs. True success is when everything is working together.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo optimize generative AI applications for real-world scenarios and growth, we should focus our efforts on the fundamentals — data. Because if you think about it, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/succeed-with-the-power-of-elastic/strategic-guide-to-putting-your-data-to-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecentral to all generative AI projects is data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e— bringing it together and making it accessible when and where it’s needed. Having a solid data strategy is essential. Without unified and accessible data, even the most advanced generative AI initiatives will struggle to deliver real value. At the end of the day, data accessibility is the key to turning generative AI initiatives into sustainable impact.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we’re here to help you bring your generative AI initiative from pilot to sustainable business impact.\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003eDownload the ebook to get started\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b632ba4be6822da"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9af0c2c9135e56b5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb992be1dcf61644f"}}}],"publish_date":"2024-10-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"3 ways to maximize the ROI on your generative AI strategy","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt725ea60213cae5c5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-10-11T02:36:19.358Z","created_by":"bltb6c155cd84fc0c1a","file_size":"24382","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg","parent_uid":null,"tags":[],"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg","updated_at":"2024-10-11T02:36:19.358Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-10-14T14:00:00.597Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt725ea60213cae5c5/67088f238676eef4436f59d9/144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg"},"title":"3 ways to maximize the ROI on your generative AI strategy","title_l10n":"3 ways to maximize the ROI on your generative AI strategy","updated_at":"2025-02-06T02:48:32.259Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/maximize-roi-generative-ai-strategy","publish_details":{"time":"2025-02-06T02:48:50.895Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf24a9852d31eb97c","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Retailers can differentiate themselves by offering next-generation experiences through apps that use Elastic's NLP for product selection. Learn how GAI elevates shopping and how retailers use models within Elasticsearch for enhanced functionality.","author":["blt35b5af4306be8a95"],"category":["bltc17514bfdbc519df"],"created_at":"2023-06-29T19:45:01.797Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf2e6f111f8a6c65c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe retail and consumer packaged goods (CPG) industry has undergone significant transformations due to advancements in technology. Technological innovations have reshaped various aspects of the industry, including customer engagement, inventory optimization, and supply chain management. These innovations have helped drive digital transformation, improve operational efficiency, enhance the customer experience, and promote sustainability. Retailers and CPG companies that embrace and leverage technology effectively are better positioned to thrive in an increasingly competitive and rapidly evolving market. And as we are all well aware, \u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\" target=\"_self\"\u003egenerative AI\u003c/a\u003e is poised to usher in a new era of enhanced productivity. The retail \u0026amp; CPG industry, being no stranger to reaping such benefits, stands to gain significantly from its adoption.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccording to a recent report from McKinsey,* 63 use cases for generative AI have been identified across 16 business functions. These use cases have the potential to generate economic benefits ranging from US$2.6 trillion to US$4.4 trillion annually when implemented across various industries. Furthermore, per analysis by McKinsey, generative AI could have an impact on most business functions; however, a few stand out when measured by the technology’s impact as a share of functional cost (Exhibit 3). Out of the 16 business functions identified, four functions — customer operations, marketing and sales, software engineering, and research and development — account for approximately 75% of the total annual value from generative AI use cases.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseceacd9c946b6a09"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltf4c6dd6df221b0d9","ACL":{},"content_type":"image/png","created_at":"2023-06-29T19:04:00.177Z","created_by":"bltb6c155cd84fc0c1a","file_size":"132451","filename":"elastic-blog-impact-chart.png","parent_uid":null,"tags":[],"title":"elastic-blog-impact-chart.png","updated_at":"2023-06-29T19:04:00.177Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.213Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf4c6dd6df221b0d9/649dd5a01fa6aa6d70adfff1/elastic-blog-impact-chart.png"},"_metadata":{"uid":"cs2e8333e1d63941d7"},"caption_l10n":"","alt_text_l10n":"impact dot chart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf927ca27f836c798"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy leveraging the power of generative AI, companies can gain a competitive edge, meet changing consumer demands, and stay ahead in an increasingly digital and data-driven marketplace. In the retail \u0026amp; CPG industry, per McKinsey estimates, generative AI could contribute roughly US$310 billion in additional value by boosting performance in functions such as marketing and customer interactions. The bulk of potential value in high tech comes from generative AI’s ability to increase the speed and efficiency of software development (Exhibit 5).\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7f78a6d21ae97240"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt2066df376a82e741","ACL":{},"content_type":"image/png","created_at":"2023-06-29T19:04:43.230Z","created_by":"bltb6c155cd84fc0c1a","file_size":"225278","filename":"elastic-blog-GAI-industries.png","parent_uid":null,"tags":[],"title":"elastic-blog-GAI-industries.png","updated_at":"2023-06-29T19:04:43.230Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.304Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2066df376a82e741/649dd5cbb7024265aecac673/elastic-blog-GAI-industries.png"},"_metadata":{"uid":"cs61815cf5bca4e493"},"caption_l10n":"","alt_text_l10n":"GAI industries","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf78d4825f8a9f88d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo successfully adapt to this transformation, it is vital to tap into the knowledge and capabilities of organizations leading the way in this technological advancement, utilizing their expertise to harness the full potential of Gen AI. One such organization is Elastic\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. After I joined Elastic, one of the things that I really enjoy doing is coding and developing tools using Elastic. I am so excited to see how different industries can leverage Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to unlock value using the immense potential of generative AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Shift in customer interaction paradigm","_metadata":{"uid":"cs1f8a9df890752670"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetailers are presented with a big opportunity to differentiate themselves by creating applications that provide customers with a next-generation experience, thereby gaining a competitive advantage. We have entered into an era wherein users interact with a natural language processing (NLP) interface to aid them in product selection. \u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\" target=\"_self\"\u003eGenerative AI\u003c/a\u003e can significantly improve the process of product discovery and ordering, elevating the overall shopping experience. There is also a huge opportunity to elevate customer value by delivering personalized experiences that leverage chatbots to emulate human-like conversations about products in ways that can increase customer satisfaction, traffic, and brand loyalty.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNLP enables chatbots to process the user's language, identifies the intent behind their message, and extracts relevant information from it. For example, the goal of NLP is to enable algorithms to process human language and perform tasks that historically only humans were capable of, such as finding relevant passages among large amounts of text, summarizing text, and generating new, original content. These advanced NLP capabilities are built upon a technology known as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Elastic has native support for vector search, performing exact and approximate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/knn-search.html#knn-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ek-nearest neighbor (kNN) search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and for NLP, enabling the use of custom or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-model-ref.html#ml-nlp-model-ref\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethird-party models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e directly in Elasticsearch.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnother significant opportunity for the retail industry to deliver a personalized shopping experience through generative AI is the utilization of visual search. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/overview-image-similarity-search-in-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImage similarity search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e technology, also known as reverse image search, empowers customers to find products effortlessly by uploading or capturing an image. By leveraging generative AI algorithms, retailers can improve the accuracy and relevance of visual search results. This allows customers to easily find similar products, accessories, or even visually complementary items, facilitating a more seamless and personalized shopping experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImagine a customer visiting your site, and they are able to mimic a celebrity’s look with just a screenshot. This experience helps create a highly intuitive search experience for customers, where they can effortlessly find what they are looking for with just an image.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVector search leverages \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/elasticsearch-machine-learning\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (ML) to capture the meaning and context of unstructured data. Vector search finds similar data using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-approximate-nearest-neighbor-search-in-elasticsearch-8-0\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eapproximate nearing neighbor (ANN)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e algorithms. Compared to traditional text search (in Elastic, based on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/practical-bm25-part-2-the-bm25-algorithm-and-its-variables\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBM25 scoring\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), vector search yields more relevant results and executes faster (without the need for extreme search engine optimizations). This approach works not only with text data but also images and other types of unstructured data for which generic embedding models are available. In the case of text data, it is commonly referred to as semantic search, while similarity search is often used in the context of images and audio.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbf1fb3ea2935ba15"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltdb8c8db9977e23b3","ACL":{},"content_type":"image/png","created_at":"2023-06-30T01:39:25.557Z","created_by":"bltb6c155cd84fc0c1a","file_size":"290703","filename":"elastic-blog-democratizing-ai-v2.png","parent_uid":null,"tags":[],"title":"elastic-blog-democratizing-ai-v2.png","updated_at":"2023-06-30T01:39:25.557Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.437Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb8c8db9977e23b3/649e324d63cca65a2ed29bd2/elastic-blog-democratizing-ai-v2.png"},"_metadata":{"uid":"cs6e8998dbbf23e4d3"},"caption_l10n":"","alt_text_l10n":"democratizing ai","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-x-large: 100%"}}},{"title_text":{"title_text":[{"title_l10n":"Mitigating the business risks of generative AI","_metadata":{"uid":"csb0fb6773cf6a0c17"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile the enthusiasm surrounding this technology is tangible, it also carries inherent risks. Business leaders face the challenge of identifying the necessary skills and capabilities for their workforce and rethinking core business processes like retraining and skill development. Additionally, they must address a variety of potential security vulnerabilities and privacy risks.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s launch of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™ (ESRE™)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e helps solve many of the challenges mentioned above. ESRE offers new capabilities for creating highly relevant AI search applications and combines the best of AI with Elastic’s text search to make \u003ca href=\"https://www.elastic.co/enterprise-search/generative-ai\" target=\"_self\"\u003egenerative AI search engines\u003c/a\u003e. ESRE gives developers a full suite of sophisticated retrieval algorithms and the ability to integrate with large language models (LLMs). Even better, it’s accessible via a simple, unified API that Elastic’s community already trusts, so developers around the world can start using it immediately to elevate search relevance. ESRE also lets developers manage and use their own transformer models in Elastic for business specific context and also bring in third-party transformer models such as OpenAI’s GPT-3 and GPT-4 via API to retrieve intuitive summarization of content based on the customer’s data stores consolidated within Elasticsearch deployments.\u0026nbsp;\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnsuring data privacy is a key consideration for enterprises when securely transmitting proprietary data across networks and components, particularly in the context of developing innovative search experiences. Elastic includes native support for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/authorization.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erole-based and attribute-based access control\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to ensure that only those roles with access to data can see it. By leveraging Elasticsearch, your organization can effectively meet the requirement of granting access to privileged individuals for specific documents. This ensures that your organization maintains comprehensive privacy and access controls across all its search applications. Ensuring the highest level of privacy is crucial, making it imperative to keep all data within your organization's network. This not only becomes a top priority but also an obligation. ESRE offers the necessary tools to support your organization in implementing deployments within an air-gapped environment and facilitating secure network access, enabling you to safeguard your data effectively.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa73fa880a75ecedb"}}},{"video":{"vidyard_uuid":"JbViktqzsHKA3ezJoh3Y8w","_metadata":{"uid":"cs2e415be87a3bd425"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"Stay up to date on all things generative AI","_metadata":{"uid":"csaf4fc5c9a2007104"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith the \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003emyriad of possibilities illuminated by generative AI\u003c/a\u003e, Elastic can significantly enhance the speed and efficiency of your adoption in this new era, allowing you to fully capitalize on and leverage the associated benefits. Stay informed on all things related to AI by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esigning up\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to receive exclusive news, Elastic product updates, AI trends, hands-on demos, and more!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdca1eabffc86ecc9"}}},{"callout":{"title_l10n":"Additional resources:","_metadata":{"uid":"csd2a2a3770d81f5a8"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/chatgpt-elasticsearch-openai-meets-private-data\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChatGPT and Elasticsearch: OpenAI meets private data\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/enhancing-chatbot-capabilities-with-nlp-and-vector-search-in-elasticsearch\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnhancing chatbot capabilities with NLP and vector search in Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/overview-image-similarity-search-in-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOverview of image similarity search in Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic introduces Elastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntroducing Elasticsearch Relevance Engine™ — Advanced search for the AI revolution\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/5-technical-components-image-similarity-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5 technical components of image similarity search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to deploy natural language processing (NLP): Getting started\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/monitor-openai-api-gpt-models-opentelemetry-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMonitor OpenAI API and GPT models with OpenTelemetry and Elastic\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs63aa013b454b3174"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e*Source: \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier#introduction\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003ehttps://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier#introduction\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbbf401d70827329a"}}}],"publish_date":"2023-06-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt371b46b1f7be39e3","ACL":{},"created_at":"2020-06-17T03:24:44.114Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retail","label_l10n":"Retail","tags":[],"title":"Retail","updated_at":"2020-07-06T22:17:35.972Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.835Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"bltafa0e0e69618e170","ACL":{},"content_type":"image/png","created_at":"2023-06-29T18:56:42.997Z","created_by":"bltb6c155cd84fc0c1a","file_size":"168980","filename":"elastic-blog-header-image-gai.png","parent_uid":null,"tags":[],"title":"elastic-blog-header-image-gai.png","updated_at":"2023-06-29T18:56:42.997Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.572Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafa0e0e69618e170/649dd3ebb93cad2886a70ada/elastic-blog-header-image-gai.png"},"title":"The power of generative AI for retail and CPG","title_l10n":"The power of generative AI for retail and CPG","updated_at":"2025-02-06T02:43:31.626Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-retail-cpg","publish_details":{"time":"2025-02-06T02:43:36.951Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt44baa28a6d15a8dd","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"We are excited to announce the release of The Elastic Generative AI Report, which reveals the expectations and challenges of early generative AI implementation worldwide.","author":["blt5c86d49ed98f9f2d"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-03-26T16:20:12.220Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82d15111d6f77d9a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe are excited to announce the release of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Elastic Generative AI Report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which reveals the expectations and challenges of early \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003egenerative AI implementation\u003c/a\u003e worldwide. The report, produced in collaboration with Vanson Bourne, compiles data points and industry insights of 3,200 decision-makers and influencers working in IT, analytics, and data across 10 countries.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe sought to understand how organizations are currently approaching generative AI, what challenges they’re facing, the strategies they’re using, and what opportunities they’ve identified. The survey included responses from the US, UK, France, Germany, Singapore, India, Australia, Spain, Netherlands, and Japan.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNot surprisingly, the survey shows that generative AI is at the forefront of organizational plans to innovate, grow, and improve operational efficiencies. However, it also reveals deep concerns around the security and privacy of generative AI technologies, ensuring data quality to feed the models is available, the growing disparate AI regulation globally, and the need for more specialized in-house AI skills.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e[\u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGET THE FULL REPORT\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e]\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"99% of respondents said generative AI would drive transformational change in their organization","_metadata":{"uid":"csbee3a97b2b35d2a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;The potential benefits cited by respondents for using generative AI were primarily:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved resource use — such as employee time and workload — operational efficiency, and increased employee productivity\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe opportunity to provide more engaging, personalized customer experiences\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, organizations are at all ends of the spectrum when it comes to adopting generative AI technology — some have fully embraced it, others are in the trial phase, and some are just starting.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe survey indicates that India is the furthest ahead in implementing generative AI. India’s large services industry and the need for real-time, actionable insights could explain the high adoption numbers — 81% of respondents in the country cited generative AI was used in some way. Singapore is a close second in terms of adoption numbers (63%), with Spain not far behind (57%). Australia also signaled strong interest in rapidly adopting generative AI tools, reporting the highest number of organizations that are still trialing generative AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI’s data problem","_metadata":{"uid":"cs05fe897ac7a394cc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne primary concern is data quality. Generative AI models rely on the data that feeds them. Organizations must have sufficient quality data to train the models, and many do not.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn part, this is down to the need for access controls and data being stored across multiple systems for security purposes, which keeps the data siloed. Nearly 75% of those surveyed reported that viewing data across all environments is a key difficulty for their organization. This slows data-based insights and doesn’t allow organizations to use their data wisely — or in generative AI models.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c97af01b5048d0f"}}},{"quotes":{"quote_l10n":"But the quality of the data is critically important because […] if the quality of the data is no good, [GenAI models] are not going to give you the right outcome. And so, having good quality data that is easily accessible is critically important. Not something that many organizations have.","_metadata":{"uid":"csb955c0ec5c29859a"},"quote_author_l10n":"COO of a financial services firm in Australia","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf9bda098eafc6275"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith search powered AI, organizations can overcome many of the challenges they face with data silos. Pairing search with generative AI can result in high-quality search results that are accurate, current, relevant, and derived from real-time data. It also ensures results and information are presented with business context, in simple language for users and customers. The combination allows organizations to make sense of their data and ultimately make better-informed decisions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut many organizations lack the search capabilities to gather actionable insights effectively. Whether they struggle to use their search results or their current search engine is unable to cover multiple data sources, organizations are now eyeing a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/retail-elasticsearch-relevance-engine-google-cloud-generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econversational search experience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e powered by generative AI and natural language processing. Almost half of respondents believe their organization could save at least two days per week per employee if they could conversationally search their organizational data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAre organizations working toward a search powered AI solution? How are they overcoming the other challenges of adopting generative AI? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead the entire report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, full of insights into how global organizations view generative AI, address security concerns, and adapt to new search and AI technologies.\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eDownload \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eThe Elastic Generative AI Report\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e, and \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform/generative-ai-adoption-survey\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003etake the quiz\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e to see where you are in your generative AI adoption journey.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csff37cbf9962c09e7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs45b820733c7a279d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5f6431609cb5e277"}}}],"publish_date":"2024-03-26T16:14:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"The Elastic Generative AI Report looks at how organizations are adopting generative AI.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt1718ed27c03cc3fc","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-03-26T16:15:44.284Z","updated_at":"2024-03-26T16:15:44.284Z","content_type":"image/jpeg","file_size":"23969","filename":"Maze_entryway.jpg","title":"Maze_entryway.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-03-26T16:32:32.195Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1718ed27c03cc3fc/6602f4b0db68ba8af639eb00/Maze_entryway.jpg"},"title":"The state of generative AI: Our global survey of over 3,000 tech leaders","title_l10n":"The state of generative AI: Our global survey of over 3,000 tech leaders","updated_at":"2025-02-06T02:37:19.747Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-adoption-survey","publish_details":{"time":"2025-02-06T02:39:00.476Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9f77a777ea0b81d9","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Explore how Elastic's easy-to-use machine learning model ELSER, now generally available, and capabilities like scalar quantization and the Inference API simplify model selection and scale production-ready search experiences. ","author":["blt6f8c1e29600b488b"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-03-21T19:08:26.519Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ef44f6e2064db67"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDaily breakthroughs in large language models (LLMs) and generative AI have put developers at the forefront of the movement, influencing its direction and \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003epossibilities\u003c/a\u003e. In this blog, I’ll share how Elastic's search customers are using Elastic's vector database and open platform for search powered AI and developer tools to accelerate and scale generative AI experiences, giving them new avenues for growth.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResults from a recent developer survey conducted by Dimensional Research and supported by Elastic indicate that \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e87% of developers already have a use case for generative AI — whether it’s data analysis, \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ecustomer support\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e, workplace search, or \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/chatleap\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003echatbots\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. But only 11% have successfully implemented these use cases into production environments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere are several factors getting in their way:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eModel deployment and management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Choosing the right model requires experimentation and rapid iteration. Deploying LLMs for generative AI applications is time-consuming and complex with a steep learning curve for many organizations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLegal and compliance concerns:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e These concerns are especially important when dealing with sensitive data and can be a barrier to model adoption.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScaling:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Domain specific data is crucial for LLMs to understand context and generate accurate outputs. Retrieving that as your data scales requires equally scalable support for the workloads that generate vector embeddings, increasing the demand for memory and computational resources rapidly. With vast data sets, context windows are large and costly to pass to an LLM, and more context does not necessarily mean more relevance. Only a robust platform of tools can shape the context and balance the tradeoffs between relevance and scale to achieve a viable future proof architecture for innovation.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs46a7b662fbc0b8e7"}}},{"image":{"image":{"uid":"bltf9cb2e300af8acc0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:39.137Z","created_by":"bltb6c155cd84fc0c1a","file_size":"94301","filename":"survey-1.png","parent_uid":null,"tags":[],"title":"survey-1.png","updated_at":"2024-03-21T19:08:39.137Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.575Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf9cb2e300af8acc0/65fc85b7d4e0c00c8f294a26/survey-1.png"},"_metadata":{"uid":"cs2c8029a1e9a40861"},"caption_l10n":"Chart: Where does your organization expect to spend the most time and resources when building generative AI use cases?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs926bd6a6dee10f1d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelopers seek a reliable, scalable, and cost-effective way to build generative AI applications and a platform that simplifies implementation and the LLM selection process.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55a28420b1569886"}}},{"image":{"image":{"uid":"blt25be443f3858d9e9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:47.856Z","created_by":"bltb6c155cd84fc0c1a","file_size":"71042","filename":"survey-2.png","parent_uid":null,"tags":[],"title":"survey-2.png","updated_at":"2024-03-21T19:08:47.856Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.979Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt25be443f3858d9e9/65fc85bf039fdd73a9339eb7/survey-2.png"},"_metadata":{"uid":"cs3edd89a6de3727d0"},"caption_l10n":"Chart: What are your organization’s top considerations when selecting a vector search engine?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ae51fb18f77c0b6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is consistently delivering solutions to these developer concerns with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/modern-search-workflows-generative-ai-apps\"\u003e\u003cspan style='font-size: 12pt;'\u003erapid pace of innovation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to support generative AI use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Roll out generative AI experiences fast and at scale","_metadata":{"uid":"cs1e52bc949ac25459"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch is the most downloaded vector database in the market, and Elastic’s deep association with the Lucene community has enabled us to design and deliver search innovations to our customers faster. Elasticsearch is now powered by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-13-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLucene 9.10\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, helping customers achieve speed and scale with generative AI. With 9.10, among other speed boosts, users are seeing significant \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/multi-graph-vector-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003equery latency improvements\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e on multi-segment indices. And that’s just the start, there’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/vector-similarity-computations-ludicrous-speed\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emore speed\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to come.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1f51878406532a4d"}}},{"quotes":{"quote_l10n":"We’re using Elastic as a vector database because of its inherent flexibility, scalability, and reliability. Elastic continually elevates the game by rapidly delivering new features that support Machine Learning and generative AI.","_metadata":{"uid":"cs3d08600b168345f3"},"quote_author_l10n":"Peter O'Connor, Engineering Manager of Platform Engineering, Stack Overflow","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs77ee4ae8bd540302"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo quickly implement and scale RAG workloads, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Learned Sparse EncodeR (ELSER)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — generally available — is an easy to deploy, optimized, late interaction machine learning (ML) model for semantic search. ELSER delivers contextually relevant search results without requiring fine tuning and offers developers a built-in trusted solution, saving you the time and complexity of model selection, deployment, and management.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eELSER elevates search relevance without a cost to speed — when Consensus upgraded its \u003c/span\u003e\u003ca href=\"https://consensus.app/home/blog/introducing-consensus-2-0/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eacademic research platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e powered by Elastic, using ELSER, it \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003ecut search latency by 75%\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with improved accuracy.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen you pair ELSER with the E5 embedding model, you can easily apply multilingual vector search. Our \u003c/span\u003e\u003ca href=\"https://huggingface.co/elastic/multilingual-e5-small-optimized\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eoptimized artifact of E5\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is tailored specifically for Elasticsearch deployments. Multilingual search is also available by uploading multilingual models or integrating with Elastic’s Inference API (for example, Cohere's multilingual model embeddings). These advancements accelerate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/retrieval-augmented-generation-rag\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e further, making Elastic critical infrastructure for scaling the innovative generative AI experiences you build.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is also focused on scaling these experiences efficiently. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/scalar-quantization-101\"\u003e\u003cspan style='font-size: 12pt;'\u003eScalar quantization\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which came with our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.12/release-highlights.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e8.12 release\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, is a game-changer for vector storage. Large vector expansions can lead to slower searches. But this compression technique dramatically \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/scalar-quantization-in-lucene\"\u003e\u003cspan style='font-size: 12pt;'\u003eslashes memory requirements by fourfold\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and helps pack in more vectors, and at higher scales, has a negligible impact on recall. It doubles vector search speeds used in RAG without sacrificing accuracy. The result? A leaner, faster system that trims infrastructure costs at scale.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs19c6af71ba446ff0"}}},{"quotes":{"quote_l10n":"Search is critical for elevating Udemy’s user experience — matching users to relevant educational content, which is why Elastic has been a long-term partner of ours. We’ve used Elastic as our vector database since upgrading to Elastic Cloud last year, and it has opened up new opportunities for our business. We’ve seen increased query speed and resource efficiency as we’ve scaled vector search across our innovative education solutions.","_metadata":{"uid":"csd47037313ac2d778"},"quote_author_l10n":"Software Engineering Team, Udemy","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"The most relevant search engine for RAG","_metadata":{"uid":"cs07129d42d21b8c5d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRelevance is the key to the best generative AI experiences. Using ELSER for semantic search and BM25 for textual search are excellent first steps for retrieving relevant documents as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/market-research\"\u003e\u003cspan style='font-size: 12pt;'\u003econtext for LLMs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Large context windows can be further refined using reranking tools that are now part of the Elastic Stack. Rerankers apply powerful ML models to fine-tune your search results and bring the most relevant results to the top based on user preferences and signals. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.13/learning-to-rank.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearning to Rank (LTR)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is also now native to the Elasticsearch Platform. This is powerful for RAG use cases, which rely on feeding the most relevant results to an LLM as context.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementation is further simplified through the Inference API and third-party providers like Cohere. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eUpgrade to our latest release\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to test the impact that rerankers can have on relevance.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese approaches not only enhance search accuracy (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003eby 30%, in the case of Consensus\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e), but also help you achieve quick results, refining relevance for RAG and efficiently managing ML workstreams.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Making model selection and swapping simple","_metadata":{"uid":"cscff10ea20d9f8c10"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eModel\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e selection can feel like searching for a needle in a haystack. In fact, our developer survey highlighted that one of the top five generative AI efforts across organizations is integrating with LLMs. This dilemma goes beyond choosing open versus closed source LLMs for a use case — it extends to accuracy, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/data-security\"\u003e\u003cspan style='font-size: 12pt;'\u003edata security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/domain-specific-generative-ai-pre-training-fine-tuning-rag\"\u003e\u003cspan style='font-size: 12pt;'\u003edomain-specificity\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and quickly adapting to the changing LLM ecosystem. Developers need a straightforward workflow for trying new models and swapping them in and out.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports transformer and foundational models through its open platform, vector database, and search engine. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-11-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Learned Sparse EncodeR (ELSER)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a reliable starting point for accelerating RAG implementations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditionally, Elastic’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/semantic-search-inference.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eInference API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e streamlines code and multi-cloud inference management for developers. Whether you use ELSER or embeddings from OpenAI (the most evaluated and used model among developers), Hugging Face, Cohere, or others for RAG workloads, one API call ensures clean code for managing hybrid inference deployment. With the Inference API, a wide range of models is easily accessible, so you can find the right fit. Easy integration with domain-specific natural language processing (NLP) and generative AI models streamlines model management, freeing up your time to focus on AI innovation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs85387d36553987b0"}}},{"image":{"image":{"uid":"bltc230cc34dd0c7d3d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:54.627Z","created_by":"bltb6c155cd84fc0c1a","file_size":"102789","filename":"survey-3.png","parent_uid":null,"tags":[],"title":"survey-3.png","updated_at":"2024-03-21T19:08:54.627Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.788Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc230cc34dd0c7d3d/65fc85c6fc8631fba0d73547/survey-3.png"},"_metadata":{"uid":"cs0f74b48455aeb28d"},"caption_l10n":"Chart: What of these embedding models has your organization used, evaluated, or has plans to evaluate?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt5b691e69ae49066b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:09:01.064Z","created_by":"bltb6c155cd84fc0c1a","file_size":"70800","filename":"survey-4.png","parent_uid":null,"tags":[],"title":"survey-4.png","updated_at":"2024-03-21T19:09:01.064Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.532Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5b691e69ae49066b/65fc85cd5caa4b32c360da98/survey-4.png"},"_metadata":{"uid":"cs843d12679aace1a5"},"caption_l10n":"Chart: What types of models does your organization use or expect to use in the future?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Stronger together: A great experience with integrations","_metadata":{"uid":"cs1ec67ff10f76db0a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevelopers can also host diverse transformer models, including \u003c/span\u003e\u003ca href=\"https://www.docker.elastic.co/r/eland/eland:latest\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epublic and private Hugging Face models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. While Elasticsearch serves as a versatile vector database for the entire ecosystem, developers who prefer tools like \u003c/span\u003e\u003ca href=\"https://integrations.langchain.com/vectorstores\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://gpt-index.readthedocs.io/en/stable/examples/vector_stores/ElasticsearchIndexDemo.html\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLlamaIndex\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can use our integrations to quickly spin up production-ready generative AI apps using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-langchain-production-ready-rag-templates\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLangChain Templates\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Elastic's open platform sets you up to quickly adapt, experiment, and accelerate generative AI projects. Elastic was also recently added as a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/azure-openai-on-your-data-elasticsearch-vector-database\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethird party vector database for On Your Data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a new service to build conversational copilots. Another good example is Elastic’s collaboration with the Cohere team behind the scenes to make Elastic a great vector database for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-cohere-embeddings-support\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCohere embeddings\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI is reshaping every organization, and Elastic is here to support the transformation. For developers, the keys to successful generative AI implementations are continuous learning (have you seen \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e yet?) and rapidly adapting to the changing AI landscape.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6329f9946c0ece7b"}}},{"quotes":{"quote_l10n":"When you combine the accuracy and speed of Elastic, and the power of Google Cloud, you can build a very stable and cost-efficient search platform that also delivers a delightful experience for the user.","_metadata":{"uid":"cs0c8e19331c9d7598"},"quote_author_l10n":"Sujith Joseph, Principal Enterprise Search \u0026 Cloud Architect, \u003ca href=\"https://www.elastic.co/customers/cisco\"\u003eCisco Systems\u003c/a\u003e","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Try it out!","_metadata":{"uid":"csc84666d22cea54ba"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead about these capabilities and more in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Not using Elastic Cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTry the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/esre/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, our suite of developer tools for building AI search apps.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"","_metadata":{"uid":"cs4bae50d0d4b3c165"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs094dfa2711635206"}}}],"publish_date":"2024-04-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Search powered AI and developer tools built for speed and scale","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcae229c3da82fe5e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-03-21T18:46:01.840Z","created_by":"bltb6c155cd84fc0c1a","file_size":"65949","filename":"gen-ai-launch-blog-720x420.jpg","parent_uid":null,"tags":[],"title":"gen-ai-launch-blog-720x420.jpg","updated_at":"2024-03-21T18:46:01.840Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.992Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcae229c3da82fe5e/65fc8069edb2c74f0537400f/gen-ai-launch-blog-720x420.jpg"},"title":"Accelerating generative AI experiences","title_l10n":"Accelerating generative AI experiences","updated_at":"2025-02-06T02:35:48.613Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-generative-ai-experiences","publish_details":{"time":"2025-02-06T02:35:57.620Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfe1c32c3e3a33cf6","_version":12,"locale":"en-us","ACL":{},"abstract_l10n":"With ESRE, retailers can enhance their search capabilities to deliver more accurate and relevant results to their customers and employees, while ensuring sensitive data remains protected.","author":["blt9b0dc3587c08e259"],"category":["bltc17514bfdbc519df"],"created_at":"2023-07-07T14:34:16.562Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa7aee2ed4fbb6cf7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\" target=\"_self\"\u003eGenerative AI (GAI)\u003c/a\u003e, powered by models like OpenAI’s ChatGPT, is rapidly gaining attention in the retail industry for its potential to revolutionize customer experience and drive innovation. The technology has the ability to improve every corner of the retail industry, from tailored \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/ecommerce\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eecommerce search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e and modernized \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomer support\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e to omnichannel marketing and even predictive maintenance in supply chains. In fact, the many promising retail use cases for generative AI, which executives previously predicted would take years to achieve, might ultimately be delivered in the very near future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eHowever, retailers are understandably cautious in their approach to this technology due to the notable limitations of GAI. In a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eprevious blog post\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e, we discussed both the benefits and the risks retailers are presented with when considering implementing GAI technology in their organizations, as well as how the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™ (ESRE™)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e can help overcome challenges and create new opportunities. With its flexible suite of tools, ESRE lets businesses build AI-powered search applications, merging the capabilities of machine learning with text search. ESRE also empowers ecommerce developers to enhance search applications by employing sophisticated algorithms that integrate with large language models. Furthermore, ESRE effectively addresses challenges of GAI related to privacy, scalability, and cost, thereby enabling retailers to create search experiences that build on user intent to deliver improved customer experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eIn this blog post, we’ll explore \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003epossible use cases for GAI\u003c/a\u003e in retail and how ESRE can be applied to help organizations create the ultimate user experience in their applications.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0b410f38aa5b9af2"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt6d4e040eb1e62e14","ACL":{},"content_type":"image/png","created_at":"2023-07-07T14:40:17.376Z","created_by":"bltb6c155cd84fc0c1a","file_size":"250954","filename":"elastic-blog-2-bridge-data-gai.png","parent_uid":null,"tags":[],"title":"elastic-blog-2-bridge-data-gai.png","updated_at":"2023-07-07T14:40:17.376Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-12T15:00:00.519Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6d4e040eb1e62e14/64a823d1ee0ad390bfbeb318/elastic-blog-2-bridge-data-gai.png"},"_metadata":{"uid":"csc0c0225e32c640db"},"caption_l10n":"","alt_text_l10n":"bridge data generative AI ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Retail use cases for generative AI and ESRE","_metadata":{"uid":"csc18bbdb13b6573ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere has already been plenty of discussion around the seemingly infinite number of GAI use cases in retail. But as retailers start exploring the potential of this technology, a number of those use cases stand out:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Personalized search experiences","_metadata":{"uid":"csad0cf02d37d0e62c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003ePersonalization enables organizations to offer highly tailored experiences that appeal more directly to the specific interests or pain points of a customer or employee. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-personalize-search-experiences-using-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e is already powering the personalized digital experiences that customers experience everyday. In fact, 88% of online shoppers are more likely to continue to shop on websites that offer a personalized experience, according to a study by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/personalizations-critical-role-in-converting-ecommerce-searches-into-sales?cee-gic\u0026elektra=ecommerce-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003eWakefield Research\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eESRE provides robust search capabilities, allowing retailers to build fast, highly relevant search experiences for their online stores. When combined with the generative capabilities of large language models, customers can get results tailored to their location, demographic, or preference — leading to improved customer satisfaction and conversion rates. Precision context windows with Elastic also help reduce data footprint and expenses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhanced customer service","_metadata":{"uid":"csfb2568f9a8b92559"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eOutstanding support starts with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003egetting answers for your customers\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e. \u003ca href=\"https://www.elastic.co/what-is/generative-ai\" target=\"_self\"\u003eGenerative AI\u003c/a\u003e can analyze and learn from historical customer data including customer support interactions, from emails and chat logs to support tickets. It can generate automated responses based on this data, providing quick and accurate answers to frequently asked questions or common issues. This saves time for both customers and support agents, streamlines self-service support, and allows agents to focus on more complex or personalized inquiries.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eESRE serves as the perfect backbone for this use case, helping customers find information quickly and easily with semantic search. The Elasticsearch Relevance Engine includes a proprietary out-of-the-box semantic search model as well as a production grade vector database and hybrid search ranking. It gives developers a flexible foundation on which to build rich semantic search, vector search, and hybrid search applications, which can be used by service agents. Elastic also includes native support for role-based and attribute-based access control, so customers and agents only see information they have access to.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Sophisticated fraud detection","_metadata":{"uid":"cs888f8420ea594ac8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eGAI holds immense potential for the retail industry by aiding in the identification of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/accelerate-fraud-detection-and-prevention-with-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003efraudulent activities\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e and the detection of anomalies. Through the process of pattern learning from existing data, generative models can predict new data points that align with the learned patterns. Retailers can leverage these capabilities in combination with Elastic to compare real-time customer interactions and transactions with predicted patterns. This integrated approach helps retailers proactively identify uncommon or fraudulent behavior that may otherwise elude detection through conventional rule-based systems alone.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Modernized brick-and-mortar","_metadata":{"uid":"cse53b34df1150c519"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eNew technology that enables a guided shopping experience is becoming more prevalent. Retailers can now imitate the online shopping experience by pairing real-time demographic information with potential purchase preferences. This information is then correlated, in real time, with in-store video screens — such as smart shelves — which aim to deliver this information as part of the interactive experience of choosing a product. This amounts to dynamically combining data across disparate sources and presenting it together with a unified experience. Generative AI coupled with ESRE makes this task easier with a single platform to consume data and insights. This is done while enabling privacy and security via Elastic’s native support for role-based and attribute-based access controls.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Predictive maintenance","_metadata":{"uid":"cs996279ecf44dd878"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eRetailers can collect data from various sources, such as sensors, equipment logs, and historical maintenance records, to build a comprehensive data set. With Elastic, powered by ESRE, retailers can activate this information to automate monitoring, accelerate root cause analysis, and \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=twkEYj7HGDE\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eoptimize operations by applying machine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e. This helps drive increased productivity, faster innovation, and more trustworthy customer experiences. Retailer supply chain and operations teams can continuously monitor this data in real time to identify patterns and anomalies that may indicate potential inventory issues or equipment failures.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdc65d9ce748af856"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltab22a7c47e075364","ACL":{},"content_type":"image/png","created_at":"2023-07-07T14:44:10.057Z","created_by":"bltb6c155cd84fc0c1a","file_size":"221890","filename":"elastic-blog-3-search-very-soon.png","parent_uid":null,"tags":[],"title":"elastic-blog-3-search-very-soon.png","updated_at":"2023-07-07T14:44:10.057Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-12T15:00:00.338Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltab22a7c47e075364/64a824bacef8c5deff7049e7/elastic-blog-3-search-very-soon.png"},"_metadata":{"uid":"cs72ea8f1259f6bfa6"},"caption_l10n":"Elasticsearch + GAI can bring greater context to search, enabling more personalized results for users","alt_text_l10n":"Search very soon","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdcc50b5e5d549b2f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eIn an industry where competition is sky-high and differentiation is key, retailers must constantly innovate to remain relevant in the market. With ESRE, retailers can enhance their search capabilities to deliver more accurate and relevant results to their customers and employees, while ensuring sensitive data remains protected. By combining GAI with the powerful capabilities of Elastic, retailers can better understand their customers, adapt to market changes, and deliver exceptional experiences.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8501180579c128c3"}}},{"video":{"vidyard_uuid":"JbViktqzsHKA3ezJoh3Y8w","_metadata":{"uid":"cs240fa6016b72e9ee"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"callout":{"title_l10n":"Learn more: ","_metadata":{"uid":"cs46bf7ed16ce5944a"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntroducing Elasticsearch Relevance Engine™ — Advanced search for the AI revolution\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://build.microsoft.com/en-US/sessions/058e20eb-5607-4180-9915-7572ef591c40\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eMicrosoft Build Interview: Power the future of AI with Elasticsearch\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/ecommerce\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Ecommerce Search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/industries/retail-ecommerce\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic for retailers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/improving-digital-customer-experiences/forrester-total-economic-impact-elasticsearch\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Total Economic Impact™ of Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csea9bfb40a7cd0d9f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs034294d3209d32ce"}}}],"publish_date":"2023-07-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt371b46b1f7be39e3","ACL":{},"created_at":"2020-06-17T03:24:44.114Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retail","label_l10n":"Retail","tags":[],"title":"Retail","updated_at":"2020-07-06T22:17:35.972Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.835Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt226f04bb0dd0936b","ACL":{},"created_at":"2023-11-06T20:46:35.144Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"personalization","label_l10n":"Personalization","tags":[],"title":"Personalization","updated_at":"2023-11-06T20:46:35.144Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:12.713Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3c3c124c70b20f1e","ACL":{},"created_at":"2023-11-06T20:47:25.066Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"predictive-analytics","label_l10n":"Predictive analytics","tags":[],"title":"Predictive analytics","updated_at":"2023-11-06T20:47:25.066Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:06.368Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltedaba1c436cb0ded","ACL":{},"created_at":"2023-11-06T20:40:47.717Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"information-retrieval","label_l10n":"Information retrieval","tags":[],"title":"Information retrieval","updated_at":"2023-11-06T20:40:47.717Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:37.018Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt4dfe5f7864870ffc","created_by":"bltac225ac457fe0293","updated_by":"bltac225ac457fe0293","created_at":"2022-09-21T01:08:46.813Z","updated_at":"2022-09-21T01:08:46.813Z","content_type":"image/jpeg","file_size":"179223","filename":"01-shopping-bag.jpg","title":"01-shopping-bag.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-21T01:09:38.776Z","user":"bltac225ac457fe0293"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4dfe5f7864870ffc/632a641e72f6ac30ff64bc27/01-shopping-bag.jpg"},"title":"5 stand-out retail use cases for generative AI + Elasticsearch","title_l10n":"5 stand-out retail use cases for generative AI + Elasticsearch","updated_at":"2025-02-06T02:33:52.985Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/retail-use-cases-generative-ai-elasticsearch","publish_details":{"time":"2025-02-06T02:34:04.321Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0947dcf4c9567504","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"See how Elastic Security builds and evaluates GenAI features such as AI Assistant and Attack Discovery, leveraging LLMs and tools like LangGraph for agents and LangSmith for tracing.","author":["blt142ea9eec72c5509","blt7c263b5710eeb974"],"category":["bltb79594af7c5b4199"],"created_at":"2025-02-03T16:04:08.825Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs39f48e22c36057dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic has long been developing machine learning (ML) and AI-powered \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity detections\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We constantly bring in new technologies when available to help make our users’ lives easier. So, with the rise of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (GenAI), we have developed even more Elastic Security features to use this powerful, new technology. Among those are:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic AI Assistant for Security\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our chatbot is built to answer questions about Elastic Security, help generate or translate natural language queries to ES|QL, provide context on alerts, and integrate with custom knowledge sources for bespoke organizational questions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attack-discovery.html\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAttack Discovery (AD)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This feature reviews alerts and discovers any active attacks, prioritizing and summarizing them for the user.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomatic Import\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This feature creates custom integrations based on a few sample log lines, alleviating the burden of creating parsing logic and normalization pipelines.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those familiar with GenAI development, the area is rapidly growing. At Elastic, we are in a unique position in that we have real and proven GenAI-powered products that are serving users \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eat scale\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — not just tinkering or as proof-of-concepts. This unique position is two-fold — we closely partner with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eand\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e use leading GenAI development frameworks. In fact, we were named \u003c/span\u003e\u003ca href=\"https://blog.langchain.dev/top-5-langgraph-agents-in-production-2024\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e#2 in the Top 5 LangGraph Agents in Production 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e by LangChain. We were also named \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/blogs/apn/announcing-the-2024-geo-and-global-aws-partners-of-the-year\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI Infrastructure and Data Partner of the Year \u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003eby Amazon Web Services.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Driving GenAI development","_metadata":{"uid":"cs05b8b1408a2b3137"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is also a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecreator \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eof GenAI development tools, which not only enables our products but also those built by users of the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We are the world’s most \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003ewidely downloaded vector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, supporting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eRAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e applications around the world. Due to this combination, we have a driver’s seat view of GenAI development, which we’re aiming to share more with those interested in building a production-grade GenAI system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ll share the behind the scenes of how our Security GenAI team and Security ML team develop and improve these GenAI features. How are we quantitatively ensuring that each improvement is really \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ebetter\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e? Given that we are in production and serving enterprise users at scale, we needed a robust and reproducible way of prompt tuning and evaluating various large language model (LLM) providers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Constant improvements: Making security analysts’ lives easier","_metadata":{"uid":"cs27bed8c7269975bd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003erelease\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of Elastic AI Assistant in June 2023, delivering high-quality results to our users has been a top priority. Fast forward to 2025, we've not only rolled out numerous enhancements to the AI Assistant but also introduced groundbreaking features, such as Attack Discovery and Automatic Import. Throughout the development of these features and enhancements, we meticulously evaluated the quality of the outputs generated by various LLMs, continuously refining prompts and underlying code to meet our high standards.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic AI Assistant for Security","_metadata":{"uid":"cs65b2529f0831511c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne notable example is AI Assistant’s natural language-to-ES|QL generation functionality. To ensure AI Assistant returned valid ES|QL queries from natural language inputs, we started with a hands-on and largely manual approach. We created a spreadsheet filled with realistic queries that an analyst might use in a security operations center (SOC). Each query was manually put into the AI Assistant with responses recorded and compared to expected outputs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile effective, this process was time-intensive. When \u003c/span\u003e\u003ca href=\"https://www.langchain.com/langsmith\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangSmith\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e became available, we quickly integrated it into our workflow, enabling us to trace and debug with greater efficiency. LangSmith’s evaluation capabilities also allowed us to build the first iteration of our internal evaluation framework. This framework supports automated evaluations based on a set of parameters, including a list of LLMs and input datasets. With these tools, we successfully transitioned from manual to automated evaluations, significantly improving our workflow.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Attack Discovery","_metadata":{"uid":"cs2cbfc1f857a8b21f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluating Attack Discovery presented a more complex challenge for two key reasons.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAD’s input consists of sets of alerts representing one or more malicious attack scenarios. Creating realistic input alerts was essential to assess AD’s performance effectively.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDetermining the ideal output required expertise in cybersecurity. AD’s goal is to explain malicious attacks chronologically and in a narrative style that can be easily understood by security analysts of all levels. This need for expert judgment meant that early evaluations relied heavily on manual review from Elastic’s security experts, who also provided the engineering team with realistic alert sets for testing.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOver time, our evaluation process has evolved into a robust framework designed to ensure that our GenAI features deliver tangible value to our security customers. In the sections that follow, we’ll dive deeper into the latest state of this framework and explore how we use it to ensure the quality and reliability of our AI-powered solutions.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs13736be6e40ddc19"}}},{"image":{"image":{"uid":"blt3f6a65ac4d2b5fc7","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:55:17.178Z","updated_at":"2025-02-03T15:55:17.178Z","content_type":"image/png","file_size":"521389","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.857Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f6a65ac4d2b5fc7/67a0e6e504d53f473041abbd/image2.png"},"_metadata":{"uid":"cs46af7a47a9f2e75d"},"caption_l10n":"Early version of our evaluation framework UI in 8.11","alt_text_l10n":"Early version of our evaluation framework UI in 8.11","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"GenAI evaluation framework: Knowing — not guessing — that each improvement is better","_metadata":{"uid":"csdb838c6011e38a5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs mentioned in the previous section, we started using LangSmith and \u003c/span\u003e\u003ca href=\"https://www.langchain.com/langgraph\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangGraph\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e together, enabling us to capture traces of each LLM call. On top of that, we developed a tailored evaluation framework, which became an essential tool in our development process. As we developed more improvements, there was more to consider. For example, which LLM model should we pick? We have a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/security-llm-performance-matrix.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erecommended LLM matrix\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as an outcome of those tests. And which prompts and variations perform the best?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere are the components of the evaluation framework (which we will walk through in detail in following sections):\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTest scenarios:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Diverse scenarios that the user may come across and each with its own gold standard examples\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCurated test dataset:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e An accumulation of gold standard examples covering various test scenarios\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTracing:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Capturing the AI Agent execution graph as well as LLM calls and run metadata\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEvaluation rubrics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Various behavior rubrics; for example, does this response seem like a hallucination? Does this response capture all the known user IDs in the query?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScoring mechanism:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A mathematical way to calculate final scores based on business requirements or desired heuristics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, we’ll go through the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003etest scenarios\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ecurated test dataset\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, as well as how we easily created and tracked them with LangSmith.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Test scenarios and curated test datasets","_metadata":{"uid":"csa61607f593a395a8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince Attack Discovery helps Elastic Security users find attacks from alerts, we needed to consider various attack types. We initially validated across datasets from detonated malware samples hosted and shared on Elastician James Spiteri’s \u003c/span\u003e\u003ca href=\"http://ohmymalware.com\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eohmymalware.com\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e project, but have since come up with many new attack \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, covering for example, living-off-the-cloud attack, various advanced persistent threats, and well-known vulnerabilities like the Log4j vulnerability (2021). Credit also goes to the incredible \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e team — one of such evaluation scenarios came from work presented at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-reinvent-2024\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS re:Invent 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor each \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenario\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we created a few expected responses. For some use cases, this might involve human-written outputs to compare with GenAI responses. But for our use case, we were able to run the scenarios through any LLM with a human-in-the-loop to decide if the result was good enough based on our criteria. For example, was the output clear to read from a user standpoint? And was the LLM summary accurate enough?\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa7a6943c14da561b"}}},{"image":{"image":{"uid":"blt3f591f3f5a357f33","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:57:00.024Z","updated_at":"2025-02-03T15:57:00.024Z","content_type":"image/png","file_size":"451358","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.815Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f591f3f5a357f33/67a0e74ce729226e57538386/image1.png"},"_metadata":{"uid":"cs4e795a294d4d8c49"},"caption_l10n":"Example of an expected response on Attack Discovery based on Episode 4 of ohmymalware.com","alt_text_l10n":"Example of an expected response on Attack Discovery based on Episode 4 of ohmymalware.com","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cseaf8bf92d1bd7441"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf the output is qualitatively good enough, we add it to our \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecurated test dataset.\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Since we are using LangGraph and \u003c/span\u003e\u003ca href=\"https://blog.langchain.dev/langchain-partners-with-elastic-to-launch-the-elastic-ai-assistant/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangSmith\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, adding an example to a dataset is further simplified as the LangSmith UI has ways to add an existing output to a dataset.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdd2a7c62cdf81776"}}},{"image":{"image":{"uid":"blta47ad6c26dd7906f","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:57:26.770Z","updated_at":"2025-02-03T15:57:26.770Z","content_type":"image/png","file_size":"366147","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.919Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta47ad6c26dd7906f/67a0e766956a022356ba41dc/image9.png"},"_metadata":{"uid":"cs3ce366deacca269a"},"caption_l10n":"Easily add an output in a trace to a dataset","alt_text_l10n":"Easily add an output in a trace to a dataset","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc423942bdc57b25c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is important to have the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003etest datasets\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in order to have a baseline of “goodness” of GenAI outputs. But we didn’t immediately get to this point; the initial effort of creating scenarios can be time-consuming, and since LLM outputs can have a high variance, some of the selection of curated examples can be difficult.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, this was a well-invested effort on an ongoing basis in order to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eknow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e if our improvements are actually making the product better. This also enabled us to run automated LLM evaluations (“\u003c/span\u003e\u003ca href=\"https://docs.smith.langchain.com/evaluation/concepts\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLLM-as-judge\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e”) and experiment whenever we deploy a new change. The prompts used for LLM-as-judge can also be tuned. For simplicity, we will refer to both the prompts used to generate outputs as well as the “judge” outputs as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eprompts\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in this article.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0f668d6ea01f2464"}}},{"image":{"image":{"uid":"blt7dd4e02083c453b0","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:58:05.468Z","updated_at":"2025-02-03T15:58:05.468Z","content_type":"image/png","file_size":"174580","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.938Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7dd4e02083c453b0/67a0e78d60be650253c996be/image4.png"},"_metadata":{"uid":"cs5f9f024eaf7c852c"},"caption_l10n":"Creating a curated test dataset","alt_text_l10n":"Creating a curated test dataset","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Tracing","_metadata":{"uid":"cs84e8fe4a18abf767"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, we’ll touch on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003etracing\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e components. As mentioned above, we use LangGraph to design and run our AI Agent workflows behind the scenes, while LangSmith provides the tracing capabilities as well as streamlined tools for us to create test datasets and run evaluations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor completeness, the following image illustrates the high-level workflow of how the Elastic Security AI Agents work — from when it gets a user request to when it generates the response. We use Elasticsearch as a vector database to power retrieval augmented generation (RAG) functionality.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs341a4a46cf9be980"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cscd8a54f9fd753f31"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFor users to enable AI Assistant and Attack Discovery, an LLM connector is required. We support all major providers — see our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/llm-connector-guides.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for an up-to-date list.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"image":{"image":{"uid":"blta26147381c7a0791","_version":1,"title":"image10.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:59:33.998Z","updated_at":"2025-02-03T15:59:33.998Z","content_type":"image/png","file_size":"225169","filename":"image10.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.846Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta26147381c7a0791/67a0e7e6ecc9d77b63412c09/image10.png"},"_metadata":{"uid":"cs4e2aa46b0a976b82"},"caption_l10n":"High-level diagram on our AI Agent workflows and tracing","alt_text_l10n":"High-level diagram on our AI Agent workflows and tracing","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Evaluation rubrics and scoring mechanism","_metadata":{"uid":"cs3861cd040b85545b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRubrics are a way of evaluating a defined “desired behavior” of the LLM outputs and can contain many \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eitems \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e— each responsible for checking a subset of desired behaviors. For instance, this could include the desired behavior of “the LLM should respond with plain language” and the evaluation rubric including the item “is the response written in plain language?”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor Elastic Security, this is an example of our rubric prompts and contains many evaluation items:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e5. Evaluate the value of the \"summaryMarkdown\" field of all the \"attackDiscoveries\" in the submission JSON. Are the values of \"summaryMarkdown\" in the \"submission\" at least partially similar to that of the \"expected response\", regardless of the order in which they appear, and summarize the same incident(s)? Summarize each summary, and explain your answer with lettered steps.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e6. Evaluate the value of the \"title\" field of all the \"attackDiscoveries\" in the submission json. Are the \"title\" values in the submission at least partially similar to the title(s) of the \"expected response\", regardless of the order in which they appear, and mention the same incident(s)?\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this rubric, we then use an LLM evaluator to check if the responses satisfy the rubric as illustrated in the image below. This is done directly in the flow between when a user submits their query and when the response is displayed. The rubric prompt checks in real time if the LLM output is good enough; if not, it will go back to the initial generator LLM to regenerate a response. \u003c/span\u003e\u003ca href=\"https://smith.langchain.com/public/b424f40e-e457-4a31-8b43-9f059e1ea99e/r\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSee an example LangSmith trace\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7c618eb49b94ca0b"}}},{"image":{"image":{"uid":"blt5985eeafe32138fe","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:01:27.129Z","updated_at":"2025-02-03T16:01:27.129Z","content_type":"image/png","file_size":"153186","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.867Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5985eeafe32138fe/67a0e8574bee0b4f951845d3/image7.png"},"_metadata":{"uid":"cs051126ba82a042f7"},"caption_l10n":"Using an LLM evaluator to determine if responses satisfy the rubric","alt_text_l10n":"Using an LLM evaluator to determine if responses satisfy the rubric","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs99063ab7601f03bd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor your use case, you may want to compare a few LLMs to determine which ones work the best for you. In our case, with this framework, we can evaluate an “evaluator” LLM as well as rubric prompts quantitatively as well.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc8bcf773b9d4d5d5"}}},{"image":{"image":{"uid":"blt8b7037832306d0cb","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:01:59.425Z","updated_at":"2025-02-03T16:01:59.425Z","content_type":"image/png","file_size":"189221","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.827Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8b7037832306d0cb/67a0e877956a026e68ba41ea/image5.png"},"_metadata":{"uid":"csc2f63c611062917b"},"caption_l10n":"Example of a pairwise evaluation with the dataset (simplified for understanding)","alt_text_l10n":"Example of a pairwise evaluation with the dataset (simplified for understanding)","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs882984b2b1100a6c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLastly, the scoring mechanism can create a final score based on your defined behaviors. For example, if you want to weigh a certain rubric higher, then you can multiply that score by a weight. In our case, we wanted to have a threshold of accuracy, so we would drop a prompt if the accuracy was lower than 85%. This is doable with your program of choice.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs56d9884c9e2d6453"}}},{"image":{"image":{"uid":"blt2f413e1056484a7c","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:02:24.362Z","updated_at":"2025-02-03T16:02:24.362Z","content_type":"image/png","file_size":"164195","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.928Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f413e1056484a7c/67a0e89031e919652aa5b0ab/image8.png"},"_metadata":{"uid":"csafbdac78a3714549"},"caption_l10n":"Using Seaborn (Python) to generate a heatmap of the prompt evaluation results","alt_text_l10n":"Using Seaborn (Python) to generate a heatmap of the prompt evaluation results","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf9732ff2ad7302cb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePutting it all together, you’d have an easily understandable results table — and you’d be able to see at a glance:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIs this new prompt doing better? Is it doing better on certain rubric items or not?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRubrics themselves can also be treated as prompts to improve on! For example, we tightened up the wording of the rubrics in one improvement, and when we reran this framework, it confirmed that they performed better.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhich LLM was best at a specific task?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhich LLM has that highest score per our scoring mechanism?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re troubleshooting or tweaking the scoring mechanism, setting the results table up this way helps to easily find what might have gone wrong.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csbc27fb9c72839ad1"}}},{"image":{"image":{"uid":"blt55dd4033e3928809","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:02:59.163Z","updated_at":"2025-02-03T16:02:59.163Z","content_type":"image/png","file_size":"191130","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.947Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt55dd4033e3928809/67a0e8b33064aa75905449ae/image3.png"},"_metadata":{"uid":"cs76f85c8e84a49a60"},"caption_l10n":"A summarized results table","alt_text_l10n":"A summarized results table","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Looking ahead","_metadata":{"uid":"cs7617a46e822788bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ve walked through our GenAI development process — particularly how we can improve prompts and compare different configurations like selecting different LLMs, which is extensible to comparing and selecting all components, such as vector databases. This is the backing behind future improvements to Attack Discovery, Elastic AI Assistant, and more.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re a user of Attack Discovery or Elastic AI Assistant for Security, thank you for using our tools. We look forward to your feedback! If you’re interested in learning more and using AI to speed up attack triage, check out the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attack-discovery.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e page and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e articles.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLastly, if you’re a GenAI developer, we hope that this article can help you with structuring an evaluation workflow. We’re also continuously improving on our GenAI development systems and looking forward to sharing more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re interested in learning more about how Elastic enables and powers GenAI tools around the world, check out our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e articles.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs302085dd8d58c8eb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdaef8f09e35cc705"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbee702536c420464"}}}],"publish_date":"2025-02-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"A quantitative approach to prompt tuning and LLM evaluation","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Knowledge base search","label_l10n":"Knowledge base search","keyword":"knowledge-base-search","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2c020c0c24ae64ef","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:41:47.026Z","updated_at":"2023-11-06T20:41:47.026Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.958Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt15602a635f8a9720","_version":1,"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:18:13.780Z","updated_at":"2025-02-03T16:18:13.780Z","content_type":"image/jpeg","file_size":"25569","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.836Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt15602a635f8a9720/67a0ec45956a02253fba4223/144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg"},"title":"Behind the scenes of Elastic Security’s generative AI features","title_l10n":"Behind the scenes of Elastic Security’s generative AI features","updated_at":"2025-02-03T16:18:16.324Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-generative-ai-features","publish_details":{"time":"2025-02-03T16:19:03.302Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt20ea384e2467574e","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how OpenTelemetry is revolutionizing enterprise observability by breaking down tool silos, reducing costs, and improving operational efficiency. Learn how standardized telemetry data collection can drive better business outcomes.","author":["bltd516a87082210f90"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-30T16:36:00.872Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscfecb980c75496b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eModern organizations face an unprecedented observability challenge. As systems grow more complex and distributed, traditional monitoring approaches are struggling to keep pace. With data volumes doubling every two years and systems spanning multiple clouds and technologies, organizations need a new approach to maintain visibility into their operations. The challenge isn't just about collecting more data — it's also about making that data actionable and valuable across the organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The cost of tool silos and fragmented observability","_metadata":{"uid":"cs30a6cba83ef0d0d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe hidden costs of fragmented observability extend far beyond tool licenses and infrastructure expenses. Organizations are grappling with a complex web of monitoring tools — each with its own agents, dashboards, and data formats. This fragmentation creates significant operational overhead with teams spending valuable time maintaining and correlating data across different systems instead of driving innovation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eConsider this typical enterprise scenario: When an incident occurs, teams must navigate through multiple tools to piece together what happened. One team checks application performance metrics in their \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/application-performance-monitoring\"\u003e\u003cspan style='font-size: 12pt;'\u003eapplication performance monitoring (APM) tool\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e; another team examines infrastructure metrics in a different system; and others dig through logs in yet another platform. This fragmentation not only slows down incident response but also makes it harder to prevent issues in the first place.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe impact on team productivity is substantial. Engineers often need to context-switch between multiple tools to troubleshoot issues, leading to longer resolution times and increased operational costs. Moreover, the lack of standardized data makes it difficult to correlate information across systems, creating blind spots that can lead to service disruptions and customer dissatisfaction.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why OpenTelemetry and open standards change everything","_metadata":{"uid":"cs535997dae36f66ab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOpenTelemetry (OTel) represents a fundamental shift in how organizations approach observability. As the second most active Cloud Native Computing Foundation project after Kubernetes, OTel is breaking down the vendor lock-in barrier that has long plagued observability solutions. By providing a standardized way to collect and transmit telemetry data, OTel enables organizations to choose the best tools for their needs without being constrained by proprietary formats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis standardization acts as a catalyst for innovation. When teams no longer need to worry about the underlying instrumentation mechanics, they can focus on extracting meaningful insights from their data. The power of community-driven standards ensures that OTel continues to evolve with industry needs and is supported by major contributors, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/opentelemetry\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Microsoft, and Google.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe project's impressive growth tells its own story. With over 9,160 contributors, 55,640+ code commits, and 1,100+ contributing companies, OpenTelemetry has become the de facto standard for observability instrumentation. This broad adoption ensures long-term sustainability and continuous innovation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real business outcomes with OpenTelemetry","_metadata":{"uid":"csff19d84f5617ca9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations adopting OpenTelemetry are seeing tangible benefits across their operations. Cost reduction comes through consolidated tooling and simplified maintenance, while standardized data collection leads to faster problem resolution and improved service reliability. Teams can collaborate more effectively when everyone speaks the same observability language, leading to faster feature delivery and better customer experiences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's what this looks like in practice.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFinancial impact:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced tooling costs through consolidation of monitoring solutions\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLower training and onboarding costs with standardized practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDecreased infrastructure costs through better resource utilization (fewer agents running)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOperational efficiency:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e40%–60% reduction in mean time to resolution (MTTR)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimplified deployment and configuration management\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced alert noise and false positives\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInnovation acceleration:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFaster feature deployment with built-in observability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved experimentation capabilities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBetter decision-making through comprehensive data analysis\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eResource allocation becomes more efficient as organizations gain clear visibility into their entire technology stack. This comprehensive view enables better capacity planning and more informed investment decisions, ultimately driving better business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The path to OpenTelemetry success","_metadata":{"uid":"cs0aa96b3c567a60b1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSuccessful OpenTelemetry adoption starts with a focused approach. Begin with a pilot project that demonstrates value quickly, whether it's instrumenting a critical service or solving a specific observability challenge. Building internal champions is also crucial — identify team members who understand both the technical and business benefits of standardized observability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key milestones in the adoption journey","_metadata":{"uid":"cs01747e38dc76a8d4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Assessment phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluate current observability costs and pain points\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIdentify high-value initial use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSet clear success metrics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Pilot implementation:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSelect a bounded context for initial deployment\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplement basic instrumentation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMeasure and document early results\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Expansion phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScale successful patterns across teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelop internal best practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuild automated deployment processes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Optimization phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFine-tune data collection and sampling\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplement advanced use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare success stories and lessons learned\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Future-proofing your observability strategy","_metadata":{"uid":"csfbf7300ee5f16d4e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe future of observability is being shaped by increasing system complexity and data volume. Open standards like OpenTelemetry ensure that organizations can adapt to these changes without being locked into specific vendor solutions. Elastic's commitment to the OpenTelemetry ecosystem — demonstrated by its position as a top three contributor and donations, including the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ecs-elastic-common-schema-otel-opentelemetry-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Common Schema\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-profiling-agent-acceptance-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUniversal Profiling\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — helps ensure that organizations have the tools they need to succeed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEmerging trends that OpenTelemetry is well-positioned to address:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEdge computing and IoT observability requirements\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI/machine learning (ML) system monitoring needs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCross-cloud service mesh observability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity telemetry integration\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Taking the next step","_metadata":{"uid":"cs87fcf5fe599c211b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart by evaluating how accessible your current observability practices are across your organization \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eby considering:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow many different teams need to understand your telemetry data?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat expertise barriers exist for teams trying to use observability data?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow unified are your current data collection pipelines?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat's the total effort required to maintain your current observability tooling?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMeasure your progress through:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIncreased accessibility of observability data across teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReduction in time spent maintaining multiple collection mechanisms\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImproved correlation between different types of telemetry data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFaster onboarding of new teams to observability practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReduced complexity in telemetry pipelines\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe transition to OpenTelemetry isn't just about better tooling — it's also about making observability accessible and valuable for everyone in your organization. By embracing open standards and simplified pipelines now, you position your teams to focus on what matters most: building and improving your applications. Start your journey today and join the growing community of organizations making observability work for everyone.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to make observability more accessible? Visit elastic.co/observability to discover how Elastic and OpenTelemetry can simplify your observability practice.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc5cf78dc1ef8c97e"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs8c471d5483083b61"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResources to support your journey:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-distributions-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFind out about Elastic Distributions of OpenTelemetry (EDOT)\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/virtual-events/benefits-of-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheck out this virtual event on the benefits of OpenTelemetry\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eConnect with our community of OpenTelemetry practitioners\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7fa74d08893954f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf37db6abb6f2f87a"}}}],"publish_date":"2025-01-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"OpenTelemetry: The key to modern enterprise observability | Elastic","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Transform your organization's observability strategy with open standards and simplified data collection","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt85414c8cbf30b724","ACL":{},"created_at":"2023-11-06T21:52:01.987Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"universal-profiling","label_l10n":"Universal profiling","tags":[],"title":"Universal profiling","updated_at":"2023-11-06T21:52:01.987Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.852Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt47e752b219d104d3","ACL":{},"created_at":"2021-07-12T21:53:40.554Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2021-07-12T21:53:40.554Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.103Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt07f982aff596b895","_version":1,"title":"Office-building (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-30T16:47:10.831Z","updated_at":"2025-01-30T16:47:10.831Z","content_type":"image/jpeg","file_size":"127924","filename":"Office-building_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-30T17:00:18.920Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt07f982aff596b895/679bad0e025d43258b731030/Office-building_(1).jpg"},"title":"Realizing the business value of OpenTelemetry-native observability","title_l10n":"Realizing the business value of OpenTelemetry-native observability","updated_at":"2025-01-30T16:47:51.017Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/opentelemetry-native-observability-business-value","publish_details":{"time":"2025-01-30T17:00:18.306Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt843656697b4bc8bf","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"GenAI and RAG are transforming financial services by enhancing security, detecting fraud, and improving observability. These AI tools enable real-time insights, proactive defenses, and better decision-making to stay innovative and competitive.","author":["bltce462b8f0bc7868a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-01-27T18:45:11.477Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"GenAI is not magic","_metadata":{"uid":"csa0012d526d875e73"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI attended ElasticON recently \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003ewhere we spent the day with our NYC Elastic community, talking about the combined value of vector databases using retrieval augmented generation (RAG) to feed large language models (LLMs) for next-level generative AI (GenAI) results.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003eElastic’s CTO and Founder \u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/leadership\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShay Banon\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e kicked off his \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/elasticon/archive\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekeynote\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e with an important message: \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI is not magic\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003eShay explained that AI is a step function change in how organizations maximize unstructured data. With AI, all of an organization’s data is now worth \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e\u003cstrong\u003e10x\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e more than before AI if it’s used properly. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt may not be magic, but 10x value on data is intriguing — especially if you’re a financial services company swimming in structured and unstructured data that you don’t know what to do with. You might be spending a lot of money to store that data. Digging deeper into how to get to that 10x isn’t that complicated.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How are AI and generative AI different?","_metadata":{"uid":"cs67df67ef407bf099"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMany people ask what the difference is between AI and GenAI as they seem to be used interchangeably. The best way to describe it is: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003etraditional AI systems are rigid and struggle to adapt to new, unforeseen situations without manual intervention. Generative AI is more flexible and capable of learning from large and diverse datasets and adapting to novel scenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI needs data to perform. Vector databases are able to house a tremendous amount of structured and unstructured data. With vector databases, you have the base foundation of data to begin your GenAI journey.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLLMs like OpenAI, Gemini, and Perplexity are fed a steady diet of data from the internet. That’s like eating junk food every day while training for the AI Olympics.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Making the most of GenAI with RAG","_metadata":{"uid":"cs654dbdd397d892aa"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you want GenAI outputs with enhanced relevance and far fewer hallucinations (errors), you will need to use the RAG method. It’s a method used by developers to connect LLMs with external data sources from vector databases, such as a company’s private information, so that it can provide more personalized, accurate, and relevant responses. The RAG technique enables an AI model to reference any data stored in a vector database, which can include a company’s emails, documents and PDFs, spreadsheets and databases, and images and audio files.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThat’s how you create next-level AI outputs in data-heavy financial services companies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this in mind, my takeaways from the discussion at ElasticON made me think about operational transformation in financial services. Like many customer-facing industries, the financial services sector is on the brink of major operational transformation, driven by the integration of GenAI. It’s reshaping how financial services companies approach security, fraud prevention, and observability — delivering operational efficiencies while tackling evolving threats. For financial services companies, understanding how to deploy GenAI most effectively is essential to staying secure and operational in an increasingly threatening and highly regulated environment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Revolutionizing security with GenAI","_metadata":{"uid":"cs2d0dc043da18614e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe financial services industry faces escalating cybersecurity threats as attacks grow in both scale and sophistication. GenAI is transforming security measures by analyzing massive datasets to detect vulnerabilities and predict emerging threats with exceptional accuracy. By using adaptive learning, GenAI can identify anomalies in real time, enabling proactive defenses that traditional tools often miss.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, cybersecurity platforms can integrate GenAI to simulate potential cyber attacks and stress-test the resilience of financial networks. By mimicking real-world attack patterns, these tools can identify weak points and recommend strategic improvements before breaches occur.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is emerging as a breakthrough innovation for business applications and workflows. By combining real-time data retrieval with AI analysis, RAG can deliver contextual threat intelligence. For instance, during a live attack attempt, RAG could pull historical data on similar breaches to provide actionable insights, enabling faster response times and minimizing damage.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Advancing fraud detection and prevention","_metadata":{"uid":"cse138dc2bd4aeae4d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe financial sector faces a growing challenge: AI-generated fraud. Criminals are using advanced technologies to create synthetic identities and bypass traditional safeguards. GenAI offers a countermeasure by analyzing behavioral patterns and transaction anomalies to identify fraudulent activities with unmatched precision.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, a credit card company can integrate AI into its fraud-prediction systems. By analyzing transaction data in real time, these systems can detect and replace compromised cards before misuse occurs. Generative AI enhances these capabilities by synthesizing past fraud patterns to predict future threats more effectively.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is emerging as a game-changer in this space by providing contextual insights that enable faster fraud detection and prevention. For instance, RAG could pull historical data on similar fraud cases to inform live decision-making, reducing false positives and improving accuracy.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhancing observability for operational excellence","_metadata":{"uid":"csaeec6e7f12ba7a5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eObservability — the ability to monitor, analyze, and improve system performance — is critical for maintaining the trust of customers and regulators. GenAI contributes significantly to observability by processing unstructured data and offering real-time insights into complex systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA large percentage of financial services organizations are already using Elastic for observability. By implementing Elastic's AI-driven observability solutions, companies are monitoring systems proactively, identifying bottlenecks, and ensuring regulatory compliance. These tools enable a granular understanding of operational processes, enhancing reliability and customer satisfaction.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFurthermore, GenAI-driven observability enhances the ability to handle unexpected events. For example, during periods of high volatility, AI models can adjust monitoring priorities — ensuring that critical functions remain uninterrupted.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Strategic imperatives for C-level FSI executives","_metadata":{"uid":"cs3f7b25124714a3aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo fully use GenAI and its applications in security, fraud prevention, and observability, C-level financial services leaders should prioritize the following strategies:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInvest in AI talent:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Build internal expertise by hiring and upskilling professionals adept in machine learning (ML) and AI technologies.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdopt ethical AI practices:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Implement clear governance frameworks to address biases, ensure transparency, and safeguard data privacy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse partnerships:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Collaborate with technology providers like Elastic to deploy cutting-edge solutions tailored to industry needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntegrate RAG capabilities:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Enhance AI decision-making and limit AI hallucinations by incorporating retrieval augmented generation into critical workflows.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"The road ahead in 2025","_metadata":{"uid":"csf15a798598b62f01"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs Shay closed out ElasticON NYC, he commented that he hadn’t been this excited about technology since the launch of the internet with regard to the potential of AI.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe integration of GenAI into financial services is not just a technological upgrade; it’s also a strategic imperative. By using these tools, institutions can enhance their defenses against cyber threats, outsmart fraudsters, and optimize operations with unparalleled precision. As the sector continues to evolve, C-level leaders who embrace AI innovations will be well positioned to lead their organizations into a secure and efficient future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more insights on how to integrate AI into your organization, explore what’s possible with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic financial services\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://youtu.be/M7Pla2pIosg?feature=shared\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e about how Elastic is empowering our customers to maximize their AI investments by extracting data in a meaningful way with RAG from our CEO Ashutosh Kulkarni.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJoin us for \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/fsi-summit-2025\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Financial Services Summit\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e on February 20, 2025, where leaders from Swift, Société Générale, BBVA, Payplug, Allianz Technology, and more will tackle the most critical challenges shaping the future of financial services including AI advancements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9c7f31a9b88bf8dd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs210c5517671ad49c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf479e83daaa80e82"}}}],"publish_date":"2025-01-27","sanity_migration_complete":false,"seo":{"seo_title_l10n":"GenAI and RAG: Transforming security, fraud detection, and observability","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcc47211deeca9178","_version":1,"title":"data-logging-IT-executives-A (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-27T18:45:08.502Z","updated_at":"2025-01-27T18:45:08.502Z","content_type":"image/jpeg","file_size":"144911","filename":"data-logging-IT-executives-A_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-27T18:47:15.550Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcc47211deeca9178/6797d434cef122977c277316/data-logging-IT-executives-A_(1).jpg"},"title":"Getting it right with GenAI in financial services: Where to focus in 2025","title_l10n":"Getting it right with GenAI in financial services: Where to focus in 2025","updated_at":"2025-01-27T18:47:09.012Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-financial-services","publish_details":{"time":"2025-01-27T18:47:14.778Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5750a232d9d4807d","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic uses AI and ML to revolutionize fraud detection in financial services. From real-time anomaly detection to predictive analytics, learn how institutions can combat fraud, ensure compliance, and enhance trust with our solutions.","author":["bltce462b8f0bc7868a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-24T11:43:00.368Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0012969d4305b2b1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFraud in financial services is becoming more sophisticated, costing the industry billions annually and eroding customer trust. Recently, Deloitte published an \u003c/span\u003e\u003ca href=\"https://www2.deloitte.com/us/en/insights/industry/financial-services/financial-services-industry-predictions/2024/deepfake-banking-fraud-risk-on-the-rise.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003earticle\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e highlighting the risk AI brings in the form of fraudsters to the financial services industry: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e“Fake content has never been easier to create — or harder to catch. As threats grow, banks can invest in AI and other technologies to help detect fraud and prevent losses.”\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe article reports an incident in\u003c/span\u003e\u003cspan style='color:rgb(31, 31, 31);font-size: 12pt;'\u003e January 2024 where an employee at a Hong Kong-based firm sent $25 million to fraudsters after being instructed to do so by her CFO on a video call that also included other colleagues. It turned out, however, that she wasn’t on a call with any of these people. Instead, fraudsters created a deepfake that replicated their likenesses to trick her into sending the money.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIronically, as much as AI can bring risk, it can also be used to combat fraud — fighting fire with fire. At Elastic, we are already working with our financial services clients and offering them our robust Search AI Platform to detect, prevent, and mitigate fraud effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The role of AI in financial fraud detection","_metadata":{"uid":"cs7044a1c1f0d899a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI introduces unprecedented precision and scalability in fraud detection by analyzing vast datasets in real time. It excels in identifying subtle patterns that traditional rule-based systems might miss, such as:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnomalous transaction patterns:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI and machine learning (ML) models detect irregularities in transaction volumes, values, or geographies — flagging potential fraud attempts like money laundering or anomalous fund transfers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBehavioral analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI-powered tools identify deviations in user behavior, such as unusual login attempts or account activity, to combat account takeover (ATO) techniques.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePredictive analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ML models predict potential fraud scenarios, enabling preemptive actions rather than reactive responses.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic: A unified approach to fraud detection","_metadata":{"uid":"csac5513fc30fdb533"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic enhances fraud detection through a distributed \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-ai-security-analytics-solution\"\u003e\u003cspan style='font-size: 12pt;'\u003edata mesh architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and AI-driven analytics. By integrating machine learning, Elastic automates the identification of unknown anomalies while reducing false positives. Key features include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReal-time alerts: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eHigh-fidelity alerts are generated from AI-driven rules and ML algorithms.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThreat intelligence integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Custom and prebuilt integrations enrich data with actionable insights.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable data processing: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Search AI Platform processes massive data volumes across hybrid, on-premises, or cloud environments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Real-world use cases","_metadata":{"uid":"cs4b99079a88fd4f00"},"header_style":"H2","paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAccount takeovers (ATO):\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic detects brute force attacks, password spraying, and enumeration activities, empowering analysts to act swiftly.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTransaction stacking:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e AI identifies suspicious sequences, such as deposits and withdrawals in rapid succession or amounts just below regulatory thresholds.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFraudulent account detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e AI algorithms pinpoint unusual patterns in account creation or funding, flagging potentially fraudulent activities.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"The future of fraud detection with AI","_metadata":{"uid":"cs107b75380486c7ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs financial fraud continues to evolve, institutions need proactive solutions to stay ahead. The Elastic Search AI Platform exemplifies how AI and machine learning can revolutionize fraud detection — ensuring compliance, reducing operational costs, and restoring customer confidence.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about how Elastic uses AI to combat fraud, download \u003c/span\u003e\u003ca href=\"https://www.elastic.co/accelerate-fraud-detection-and-prevention-with-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eDetecting Financial Fraud with Elastic Security\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs80a554a0193ce2f8"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs1ab532b291405dd1"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-global-data-mesh-security-governance-policy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Using Elastic as a global data mesh: Unify data access with security, governance, and policy\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/financial-services-fraud-generative-ai-attack-surface\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFraud in financial services: Leaning on generative AI to protect a rapidly expanding attack surface\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9baa5b1b01a58603"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa959fce40e983fb5"}}}],"publish_date":"2025-01-24","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Transforming fraud detection: AI and Elastic Security in financial services","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt99c7954938807ad0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-01-24T11:42:58.412Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161053","filename":"158175_-_Blog_header_image_3_(1).jpg","parent_uid":null,"tags":[],"title":"158175 - Blog header image_3 (1).jpg","updated_at":"2025-01-24T11:42:58.412Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-01-24T13:55:03.125Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt99c7954938807ad0/67937cc29d626e57a411f53d/158175_-_Blog_header_image_3_(1).jpg"},"title":"AI-powered fraud detection: Protecting financial services with Elastic","title_l10n":"AI-powered fraud detection: Protecting financial services with Elastic","updated_at":"2025-01-24T11:45:03.726Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-fraud-detection-financial-services","publish_details":{"time":"2025-01-24T13:55:03.020Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta1c85c7f4825febb","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Government organizations are required to meet strict standards for log storage and cybersecurity compliance. The Elasticsearch logsdb index mode enables government agencies to meet these requirements while reducing data storage costs. ","author":["blt102f294afc79629a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-23T14:56:05.137Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6016bb3446a9bc3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the digital era, state and local governments are increasingly tasked with managing vast volumes of data while ensuring compliance with stringent regulatory requirements. These regulations, which can vary significantly depending on jurisdiction, often require the retention of data for extended periods — sometimes ranging from one to seven years. Compliance with standards, such as Criminal Justice Information Services (CJIS), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), is not just a legal obligation but also a critical component of maintaining public trust and operational integrity. Elastic Cloud offers robust solutions to help government entities meet these compliance needs efficiently and cost-effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Reducing data storage costs with Elasticsearch logsdb index mode","_metadata":{"uid":"cs9532e1ce70c11ce4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe recently introduced \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-17-0#elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is designed to significantly reduce data storage costs by efficiently storing and searching essential log data. Logsdb index mode can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecut data storage costs by up to 65%\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, making it an ideal choice for public sector organizations aiming to optimize their data management budgets. By using logsdb index mode, government agencies can maintain comprehensive log data for compliance and auditing purposes without incurring prohibitive costs. This capability ensures that critical log data remains accessible and manageable, supporting long-term data retention strategies while adhering to budget constraints.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic's data tiering strategy: Ingest and search/archive","_metadata":{"uid":"cs6b75d8c43e2a9aa4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnlike other vendors, Elastic's data tiering approach optimizes data management by categorizing data into storage tiers based on access frequency and cost:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Designed for frequently accessed, critical data that you need to analyze quickly. Data in the hot tier is typically retained for one to seven days for immediate analysis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Suitable for infrequently accessed, read-only data, using low-cost object storage like AWS S3. It balances cost and performance through caching and partial restores.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFrozen tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ideal for long-term retention, storing data entirely in object storage for up to two years or longer. Elastic's unique searchable snapshots capability enables direct searches without any rehydration, maintaining efficient search performance. Most Elastic customers have been adopting a hot-frozen architecture, where data is stored for one to three days in the hot tier, and the rest are in the frozen tier. This approach significantly reduces costs while retaining high levels of search performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's cold and frozen tiers perform with search speeds comparable to competitors' hot tiers, often eliminating the need for a warm tier. This approach allows storage of up to 20 times more read-only data at the same cost, reducing total ownership costs and enhancing data availability, compliance, and business outcomes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csec65e5bf9c322602"}}},{"image":{"image":{"uid":"bltcd612566899a1c1e","_version":1,"title":"elastic searchable snapshots.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-23T14:48:50.873Z","updated_at":"2025-01-23T14:48:50.873Z","content_type":"image/png","file_size":"393569","filename":"elastic_searchable_snapshots.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-23T15:02:08.455Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd612566899a1c1e/679256d2e92e09ae76c65f92/elastic_searchable_snapshots.png"},"_metadata":{"uid":"csc8d6a8540fb442e9"},"caption_l10n":"","alt_text_l10n":"elastic searchable snapshots","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"How do searchable snapshots work?","_metadata":{"uid":"cs7408009795539cf4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearchable snapshots allow you to retain data in low-cost object storage, managed through Elastic, and search without rehydration —\u0026nbsp;avoiding delays, transit costs, and potential data residency issues. This is particularly beneficial for data in the frozen tier, where the cost of storage is minimized, but the data remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSnapshot creation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eData from the Elastic cluster is periodically captured and stored as snapshots in the chosen object storage repository. These snapshots are point-in-time copies of indices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSearchability: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnlike traditional snapshots that require rehydration before querying, searchable snapshots enable direct querying of data stored in object storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCost efficiency: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy storing data in object storage through Elastic, organizations benefit from the lower costs associated with these services compared to traditional block storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFast performance via cache: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic uses cache for frequently used searches, which speeds up queries. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf a search requires data that is not in the cache, Elasticsearch fetches the missing data from the snapshot repository. Searches that require these fetches are slower, but the fetched data is stored in the cache so that similar searches can be served more quickly in the future. Elasticsearch will evict infrequently used data from the cache to free up space. The cache is cleared when a node is restarted.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis approach significantly reduces the total cost of ownership, making it an ideal choice for government entities with tight budgets.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Offloading longer-term data by setting up a snapshot repository","_metadata":{"uid":"cs5cb1a353cbb51a16"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic integrates with multiple object storage solutions, allowing government agencies to offload data to a repository of their choice, such as AWS, Azure Blob Storage, or Google Cloud Platform. Elasticsearch also offers the option to store data locally for use cases that require regulation or data sovereignty.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's how it works:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRepository setup: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elastic Cloud, configure a snapshot repository using your preferred cloud storage service. This involves setting up the necessary credentials and permissions to allow Elastic to store and retrieve data from your chosen storage solution.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearchable snapshots: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the repository is configured, create searchable snapshots of your indices. These snapshots are stored in the configured repository and can be queried directly without needing to restore them to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost efficiency and flexibility:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e By using your own storage accounts, you maintain control over your data and can optimize costs based on specific performance needs and retention requirements. Searchable snapshots provide a cost-effective way to retain long-term data while ensuring it remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about snapshot repositories\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A scalable option for data growth","_metadata":{"uid":"cs3a4f9725dca6b7e0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's data tiering strategy — from hot to frozen — provides government agencies with a powerful tool for managing long-term data retention in the cloud. By using searchable snapshots and logsdb index mode, agencies can achieve cost savings, scalability, and compliance — all while maintaining the ability to search and analyze data efficiently. As data continues to grow, Elastic offers a sustainable solution for managing and using this valuable resource.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e00103137afb100"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csbef4a7d4ad096fbf"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor more detailed guidance on setting up searchable snapshots and integrating with cloud storage, join us for a workshop on long-term data retention for public sector on March 12, 2025. \u003c/span\u003e\u003ca href=\"https://events.elastic.co/optomizedataretention\"\u003e\u003cspan style='font-size: 12pt;'\u003eRegister here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs1b976ea14ee9c6e5"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLive log and prosper: Elasticsearch newly specialized logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-do-incremental-snapshots-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow do Elastic search snapshots work?\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-splunk-data-tiers-differences\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat’s the difference? Elastic and Splunk data tiers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://search-labs/blog/searchable-snapshots-benchmark\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIce, Ice, Maybe: Measuring Searchable Snapshots Performance\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWhite paper:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/accelerate-mission-elastic-global-data-mesh\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerate your mission with Elastic as a data mesh\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs765ced605c031aa0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs24771663ecdc80d0"}}}],"publish_date":"2025-01-23","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf22b73c2722d69f5","_version":1,"title":"Elastic Banner_5 (2).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-23T15:01:31.873Z","updated_at":"2025-01-23T15:01:31.873Z","content_type":"image/jpeg","file_size":"165629","filename":"Elastic_Banner_5_(2).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-23T15:02:08.471Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf22b73c2722d69f5/679259cbee8f389564aa558b/Elastic_Banner_5_(2).jpg"},"title":"Optimizing long-term data retention with Elastic Cloud Hosted: Ensuring compliance and efficiency for government","title_l10n":"Optimizing long-term data retention with Elastic Cloud Hosted: Ensuring compliance and efficiency for government","updated_at":"2025-01-23T15:02:02.360Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-hosted-data-retention-government-compliance","publish_details":{"time":"2025-01-23T15:02:07.750Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta4a6a868001023af","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Kibana alerting has been around for a while, but there's more in the works to provide better views into what each alert is doing and where it’s spending its time. Learn how we worked to improve the insights you can gather with APM in Kibana.","author":["bltfb64482fc825a009","blt42598b0c9e2fb1a3"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-07-14T17:32:19.734Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"cs62bb069b96d1b0fa"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d06c1616a4de534"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKibana alerting has been around for quite some time, and major work is going on to give you better views into what each rule is doing and where it’s spending its time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, there are always questions left, where you just want more. Maybe you are an SRE at a company and need to look over hundreds of clusters. Our built-in dashboards might not suffice, as you need a more granular approach.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGood news! We have been working internally to improve the insights you can gather with APM in Kibana\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Simply activate APM for Kibana with a few configuration steps. This will enable Kibana Real User Monitoring (RUM) and Kibana itself. Additionally, you can opt-in to activate Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e instrumentation and get a deeper understanding of where Elasticsearch is spending its time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you're interested in gathering usage data from your Kibana users, we have a blog post that can provide helpful tips. Check out our article on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/3-tips-to-identify-kibana-optimizing-potential\"\u003e\u003cspan style='font-size: 12pt;'\u003eidentifying Kibana optimizing potential\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Activating internal APM","_metadata":{"uid":"cs594c6ac3b4e0be95"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore starting, you need your own APM server. That can either be a standalone APM server or the APM integration using Fleet. Activating the Kibana instrumentalization is relatively easy. You must add those three config lines to your Kibana.yml or Cloud console. If you want further information, take a look at the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/kibana-debugging.html#_instrumenting_with_elastic_apm\"\u003e\u003cspan style='font-size: 12pt;'\u003edocs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa6c9d14dbd38356b"}}},{"code":{"code":"elastic.apm.active: true\nelastic.apm.serverUrl: url of the APM server\nelastic.apm.secretToken: Token that the APM server exposes","_metadata":{"uid":"csec963893d4f689c7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdfda7843aa254e5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt will restart Kibana, and after that, you should see multiple services popping up. One is called \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana-frontend\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the other one \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eActivating tracing in Elasticsearch is done with static settings (configured in the \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e command, where one of those dynamic settings is the sampling rate. Some settings, like the sampling rate, can be toggled during the runtime. In the \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 9.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3adc8ab4f38d762d"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cse074ecdc43722d4b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0aa74e2f104326a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 7.x and 8.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7506a961227e98bc"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs7c828543d9805344"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2e851e6e416db9c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e using the following command for version 7.x and 8.x.:\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e. For version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. After that, you need to restart Elasticsearch. More information on tracing can be found in our\u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e tracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAfter that, we should see three services \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana-frontend\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0e10c9b7bf8774ce"}}},{"image":{"image":{"uid":"blt8d3f35dad2b09721","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T16:56:41.701Z","updated_at":"2023-07-17T16:56:41.701Z","content_type":"image/png","file_size":"117803","filename":"elastic-blog-1-three-services.png","title":"elastic-blog-1-three-services.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.653Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d3f35dad2b09721/64b572c9fae2ac02f6baf983/elastic-blog-1-three-services.png"},"_metadata":{"uid":"cs82579d2a55ed8efd"},"caption_l10n":"","alt_text_l10n":"three services","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"First steps","_metadata":{"uid":"cs6f45d6f196402fc2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe want to analyze what is happening behind the scenes when Kibana executes a rule. Click on Kibana and change the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It is usually set to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003erequest\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and can be found in the top left corner. All tasks, such as alerting rules, are under this \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e type. There are many different transactions, so it’s best to explore them. Click on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eview transactions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to see a list of all transactions. The name of each transaction is stored in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You should immediately recognize that the tasks have distinguishable names such as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eExecute Alerting Rule: “Disk Usage”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The transaction name derives from the following: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eExecute Alerting Rule: “Rule Name”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are quite a lot in my cluster. You will see the name, and the latency (avg.) tells you the average latency of the entire rule when the rule is started by Kibana, doing all searches, processing the data and creating, if necessary, an alert as well. The throughput is determined mostly by the interval of the rule. If it runs every second, I would expect it to be at 60 transactions per minute. The failed transaction rate showcases all rules that have had any failures. It could be due to various issues — maybe the index does not exist, you don’t have enough permissions to query the index, and many more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s look at the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eStrava No New Activities\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb62aa3052a88cc83"}}},{"image":{"image":{"uid":"blt81f21bbe1d743d38","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:03:13.642Z","updated_at":"2023-07-17T17:03:13.642Z","content_type":"image/png","file_size":"357758","filename":"elastic-blog-2-strava.png","title":"elastic-blog-2-strava.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.679Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt81f21bbe1d743d38/64b574511511872a5f0393bd/elastic-blog-2-strava.png"},"_metadata":{"uid":"csf34ef6a785ef1aa8"},"caption_l10n":"","alt_text_l10n":"strava","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Going in depth","_metadata":{"uid":"cs43c398da66b61206"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eStrava No New Activities\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is a simple ES Query style Kibana Rule. It is configured inside the Strava space, and it runs every minute and checks whether there is more than one new document inside the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estrava*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e index for the last 72 hours. If that is not the case, it will send me an email telling me to work out more. If you are interested in why I picked Strava for this and what it is, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-import-strava-data-elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003echeckout my blog post series\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKibana and Elasticsearch instrumentation results in a comprehensive waterfall chart, showcasing each step chronologically. Leveraging distributed tracing technology, we can combine the different transactions into one view. Let’s delve into the waterfall graph together. I collapsed everything except the one interesting call.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs22f2c7e4b572cad2"}}},{"image":{"image":{"uid":"bltbb349e24bb3f25a9","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:05:02.005Z","updated_at":"2023-07-17T17:05:02.005Z","content_type":"image/png","file_size":"675168","filename":"elastic-blog-waterfall-graph.png","title":"elastic-blog-waterfall-graph.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.703Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbb349e24bb3f25a9/64b574be78402d5eebc2865e/elastic-blog-waterfall-graph.png"},"_metadata":{"uid":"cs4a1cbaab81552bdb"},"caption_l10n":"","alt_text_l10n":"waterfall graph","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0de95e60d4d22958"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the top of the waterfall is a bar that stretches over the entire duration. In this case, we can see that the execution of the rule took a total of 598 milliseconds. Dissecting it, we first have a few internal calls, where Kibana checks if a rule is ready to be run and which task it should fulfill. That’s what's happening in those \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e.kibana_alerting_cases\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Then it grabs its config and looks up a few more things. At some point further down, all preparation is done and we see something called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST /strava*/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. That is the most fascinating bit.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst off, we see that the entire search on Elasticsearch took 6.4 milliseconds to complete. The overhead for network connectivity, sending the json, and parsing the answer is 3.6 milliseconds. You can get to that by subtracting the total of the first blue bar (6.4 milliseconds) from the total green bar (10 milliseconds). The green bar represents the call that Kibana executed. The blue bar is just what Elasticsearch is doing, from grabbing the data from the disk, to analyzing and preparing the response, to sending it.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, the real magic comes from when we click on the green bar \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eElasticsearch: POST /strava*/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You are presented with a flyout that shows you all sorts of additional information that is collected from different labels, such as deployment name to subscription level. We will rely on those labels to create custom dashboards. The great part is that we capture the query sent to Elasticsearch in a field \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003espan.db.statement\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If you cannot find it, that’s normal; it’s not mapped, so it’s unsearchable. You can view it in Discover and APM.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs998e802f98623344"}}},{"image":{"image":{"uid":"blt6dea966129203d2c","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:06:06.386Z","updated_at":"2023-07-17T17:06:06.386Z","content_type":"image/png","file_size":"263867","filename":"elastic-blog-4-discover-apm.png","title":"elastic-blog-4-discover-apm.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.727Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6dea966129203d2c/64b574fed3591c6a040e9074/elastic-blog-4-discover-apm.png"},"_metadata":{"uid":"cs5bcbf03b36075a12"},"caption_l10n":"","alt_text_l10n":"discover apm","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbd258d3a7a913919"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that I know the query, I could investigate why it’s slow if somebody built something super advanced that just takes a huge amount of processing time. All of it without relying on slow logs or audit logs to identify this.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Dashboarding time","_metadata":{"uid":"cs3c34db95dab8b448"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExamining a single rule at a specific time can be interesting to really dig into what is going on and understand the underlying fundamentals. Having a generalized view will help identify issues at scale. We will build this generalized view together.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd8aae91b100d7bca"}}},{"image":{"image":{"uid":"blt806c891fd4d9b5d3","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:06:51.944Z","updated_at":"2023-07-17T17:06:51.944Z","content_type":"image/png","file_size":"4289385","filename":"elastic-blog-5-graphs.png","title":"elastic-blog-5-graphs.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.752Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt806c891fd4d9b5d3/64b5752bdb581dd8b1060038/elastic-blog-5-graphs.png"},"_metadata":{"uid":"csfabcd3ab3a50ae00"},"caption_l10n":"","alt_text_l10n":"different graph views","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdfa35b8c816c48b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom the top left to the bottom right, we have a unique and summarized view of what is going on. The first chart I recommend building is a simple success versus failure over time. Assuming you have a data view that catches all the APM data (traces-apm*, metrics-apm.*, logs-apm.*), we can speed up certain visualizations by leveraging the constant_keyword feature for the data_stream. Most of the visualizations are built on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etraces-apm*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, so the first part of the KQL filter is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edata_stream.type: traces\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The second part is the transaction.type, as we selected in the UI \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e at the beginning. We need to append this to the KQL as well, so it’s already \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edata_stream.type: “traces” AND transaction.type: “task-run”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. In KQL, there is no need to write the boolean operators such as AND and OR in capital letters. It’s my preference when quickly scanning longer KQLs to see what is searched on. The last one, and here is where the labels come in, is the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elabels.alerting_rule_consumer: “*”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Many different things also happen under the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and we focus on alerting rules in this blog post. Therefore our full KQL is this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd505160d7fffc742"}}},{"code":{"code":"data_stream.type: \"traces\" AND transaction.type: \"task-run\" AND labels.alerting_rule_consumer: \"*\" ","_metadata":{"uid":"cs8fe324bef4f6d593"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs65ecd6ed62a291c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThen we add a simple date_histogram for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e@timestamp\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, a count of records, and a breakdown using filters with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.outcome: “success”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e for ok and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.outcome: (“failure” OR “unknown”)\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You might wonder where the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eunknown\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e comes from — it’s part of the Elastic Common Schema (ECS) definition for this \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-outcome.html\"\u003e\u003cspan style='font-size: 12pt;'\u003efield\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs72ed54344fb697d7"}}},{"image":{"image":{"uid":"blt41695e0492537642","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:09:20.272Z","updated_at":"2023-07-17T17:09:20.272Z","content_type":"image/png","file_size":"494196","filename":"elastic-blog-6-ecs.png","title":"elastic-blog-6-ecs.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.776Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41695e0492537642/64b575c03d598ced49044fff/elastic-blog-6-ecs.png"},"_metadata":{"uid":"cs44a89fb7e45dcbb8"},"caption_l10n":"","alt_text_l10n":"ecs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs32b4c3e0d4c68350"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe rest is iterating over different fields. The most important ones are:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTransaction.duration.us map in the data view using the formatter as duration using the Microseconds. This will then always turn it into human-readable numbers such as seconds, minutes, hours, and so on.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLabels.alerting_rule_type_id explains what kind of rule. Threshold, Geo Containment, ES Query, etc.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eService.version represents the version of the service. If you use service.name as a filter, you can grab what versions of Kibana you are running. This can be useful when debugging slow alerts.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHttp.response.status_code represents the status code reported by Elasticsearch to Kibana. Anything that is not 2xx does not automatically mean that the rule run resulted in a failure because there are multiple retry mechanisms configured.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003elabels.deploymentName carries the name of the deployment you are observing. This is quite useful to identify if certain deployments have more alerting rules than others.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLabels.alerting_rule_space_id represents the space in which the rule is running. This is quite useful in identifying usage patterns. Some teams might be using rules more heavily than others.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eError.exception.type contains a summarized view of the error message. Attention: this is now inside the logs-apm.error* datastream. The KQL looks slightly different: \u003cspan data-type='inlineCode'\u003edata_stream.type: \"logs\" AND data_stream.dataset: \"apm.error\" and service.name: \"kibana\" AND transaction.type: \"task-run\"\u003c/span\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Summary","_metadata":{"uid":"cs0bdcc71b0a80362b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn this blog, we went through a journey to identify and deal with the intricacies of Kibana Alerting. The dashboards are available \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/kibana-alerts\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003cbr/\u003e\u003c/span\u003e\u003cbr/\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to get started? Begin a \u003c/span\u003e\u003ca href=\"http://cloud.elastic.co/registration\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree 14-day trial of Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Or\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe self-managed version of the Elastic Stack for free.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs6508459b286809ae"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f1160c63d3724aa"}}}],"publish_date":"2023-07-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt90cabe73a33ae01c","ACL":{},"content_type":"image/png","created_at":"2020-06-29T22:11:27.126Z","created_by":"bltf6ab93733e4e3a73","file_size":"32746","filename":"blog-thumb-search-results-dark-blue.png","tags":[],"title":"blog-thumb-search-results-dark-blue.png","updated_at":"2020-06-29T22:11:27.126Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-20T18:32:38.373Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90cabe73a33ae01c/5efa670fbc5b9a33310a9d69/blog-thumb-search-results-dark-blue.png"},"title":"How to activate APM in Kibana and Elasticsearch to gain next-level alerting insights","title_l10n":"How to activate APM in Kibana and Elasticsearch to gain next-level alerting insights","updated_at":"2025-01-21T22:43:11.265Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/apm-kibana-elasticsearch-alerting-insights","publish_details":{"time":"2025-01-21T22:43:17.232Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7a102ec77fde3f81","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Uncover the power of Elasticsearch tracing and optimize your APM with insights into query times, bulk indexing, and machine learning impacts. Master semantic search and enhance performance for data-driven decisions.","author":["bltfb64482fc825a009"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-08-09T13:06:04.413Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"csda9466377363c0af"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csce4670b5a95f908a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA while ago, we introduced instrumentation inside Elasticsearch\u003c/span\u003e\u003cspan style=\"font-size: 0.6em;\"\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, allowing you to identify what it’s doing under the hood. By tracing in Elasticsearch, we get never-before-seen insights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog walks you through the various APIs and transactions when we want to leverage the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-sparse-encoder-ai-model\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Learned Sparse EncodeR (ELSER) model\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;for semantic search. This blog itself can be applied to any machine learning model running inside of Elasticsearch — you just need to alter the commands and searches accordingly. The instructions in this guide use our sparse encoder model (see \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-search-elser.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e page).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor the following tests, our data corpus is the \u003c/span\u003e\u003ca href=\"https://paperswithcode.com/dataset/openwebtext\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOpenWebText\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides roughly 40GB of pure text and roughly 8 million individual documents. This setup runs locally on a M1 Max Macbook with 32GB RAM. Any of the following transaction durations, query times, and other parameters are only applicable to this blog post. No inferences should be drawn to production usage or your installation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Getting started","_metadata":{"uid":"cs3ba2367f46073797"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eActivating tracing in Elasticsearch is done with static settings (configured in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e command (one of those dynamic settings is the sampling rate). Some settings can be toggled during the runtime like the sampling rate. In the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e, we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eVersion 9.x\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs42f4d34f74311ecc"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs2018e8050f226381"}}},{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eVersion 7.x and 8.x\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs44cbe509e2a0e0cb"}}],"_metadata":{"uid":"cs6e13d5f20d37b667"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs48e9523e88d17d03"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31d2f4312c68b488"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e using the following command for Version 7.x and 8.x:\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eFor version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eAfter that, you need to restart your Elasticsearch. More information on tracing can be found in our \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce this is activated, we can look in our APM view where we can see that Elasticsearch captures various API endpoints automatically. GET, POST, PUT, DELETE calls. With that sorted out, let us create the index:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs544f1ce3084b5d5c"}}},{"code":{"code":"PUT openwebtext-analyzed\n{\n \"settings\": {\n \"number_of_replicas\": 0,\n \"number_of_shards\": 1,\n \"index\": {\n \"default_pipeline\": \"openwebtext\"\n }\n },\n \"mappings\": {\n \"properties\": {\n \"ml.tokens\": {\n \"type\": \"rank_features\"\n },\n \"text\": {\n \"type\": \"text\",\n \"analyzer\": \"english\"\n }\n }\n }\n}","_metadata":{"uid":"csd7a70ce53679c7b3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs22ae94e1523fd32b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis should give us a single transaction called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT /{index}\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. As we can see, a lot is happening when we create an index. We have the create call, we need to publish it to the cluster state and start the shard.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1b2d3b923c429ef7"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt90d953314a6f99ad","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:21:37.590Z","created_by":"bltb6c155cd84fc0c1a","file_size":"288053","filename":"elastic-blog-1-trace-sample.png","parent_uid":null,"tags":[],"title":"elastic-blog-1-trace-sample.png","updated_at":"2023-08-09T15:21:37.590Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.057Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90d953314a6f99ad/64d3af01759deec847e00c1f/elastic-blog-1-trace-sample.png"},"_metadata":{"uid":"csf71e3d3abb78fe98"},"caption_l10n":"","alt_text_l10n":"trace sample","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9a10a57c4616a898"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next thing we need to do is create an ingest pipeline — we call it \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eopenwebtext\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The pipeline name must be referenced in the index creation call above since we are setting it as the default pipeline. This ensures that every document sent against the index will automatically run through this pipeline if no other pipeline is specified in the request.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs87407b5fdb0b9e28"}}},{"code":{"code":"PUT _ingest/pipeline/openwebtext\n{\n \"description\": \"Elser\",\n \"processors\": [\n {\n \"inference\": {\n \"model_id\": \".elser_model_1\",\n \"target_field\": \"ml\",\n \"field_map\": {\n \"text\": \"text_field\"\n },\n \"inference_config\": {\n \"text_expansion\": {\n \"results_field\": \"tokens\"\n }\n }\n }\n }\n ]\n}","_metadata":{"uid":"csfd6ebae1fc26e713"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd6b7eb0fe060f070"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe get a \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT /_ingest/pipeline/{id}\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e transaction. We see the cluster state update and some internal calls. With this, all the preparation is done, and we can start running the bulk indexing with the openwebtext data set.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd16a96c79e1d82d3"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt120cf85d4a8ea142","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:21:52.204Z","created_by":"bltb6c155cd84fc0c1a","file_size":"351545","filename":"elastic-blog-2-timeline-view.png","parent_uid":null,"tags":[],"title":"elastic-blog-2-timeline-view.png","updated_at":"2023-08-09T15:21:52.204Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.073Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt120cf85d4a8ea142/64d3af100a8e993ff40e8ac8/elastic-blog-2-timeline-view.png"},"_metadata":{"uid":"csf2caf3e579f40ee0"},"caption_l10n":"","alt_text_l10n":"timeline view","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaab6ebf16b4ec8a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore we start the bulk ingest, we need to start the ELSER model. Go to Machine Learning, Trained Models, and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eplay\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Here you can choose the number of allocations and threads.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe model starts is captured as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST /_ml/trained_models/{model_id}/deployment/_start\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It contains some internal calls and might be less interesting than the other transactions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs78af9c0d5e9adc77"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltb4d674e87e89f29f","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:04.015Z","created_by":"bltb6c155cd84fc0c1a","file_size":"175365","filename":"elastic-blog-3-tracesample2.png","parent_uid":null,"tags":[],"title":"elastic-blog-3-tracesample2.png","updated_at":"2023-08-09T15:22:04.015Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.057Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb4d674e87e89f29f/64d3af1c7c819b125770c4b0/elastic-blog-3-tracesample2.png"},"_metadata":{"uid":"cs88f617c159e29d2a"},"caption_l10n":"","alt_text_l10n":"trace sample 2","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8a27de04685929e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, we want to verify that everything works by running the following. Kibana Dev Tools have a cool little trick, you can use triple quotes, as in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e”””\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e at the start and the end of a text, to tell Kibana\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to treat it as a string and escape if necessary. No more manual escaping of JSONs or dealing with line breaks. Just drop in your text. This should return a text and a ml.tokens field showing all the tokens.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8d325cf6fc1f6d31"}}},{"code":{"code":"POST _ingest/pipeline/openwebtext/_simulate\n{\n \"docs\": [\n {\n \"_source\": {\n \"text\": \"\"\"This is a sample text\"\"\"\n }\n }\n ]\n}","_metadata":{"uid":"cs765422fd8d6aa7fd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1531454d5ba95337"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis call is also captured as a transaction \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST _ingest/pipeline/{id}/_simulate\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The interesting thing here is we see that the inference call took 338ms. This is the time needed by the model to create the vectors.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs932d6a3b01d7b164"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt00098ddb92150285","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:16.552Z","created_by":"bltb6c155cd84fc0c1a","file_size":"223601","filename":"elastic-blog-4-timeline-type.png","parent_uid":null,"tags":[],"title":"elastic-blog-4-timeline-type.png","updated_at":"2023-08-09T15:22:16.552Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.082Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00098ddb92150285/64d3af28d94c62772d4be78d/elastic-blog-4-timeline-type.png"},"_metadata":{"uid":"cs1e68ed68ba38b90c"},"caption_l10n":"","alt_text_l10n":"timeline type","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Bulk ingest","_metadata":{"uid":"cs9ea08edbacff572a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe openwebtext data set has a single text file representing a single document in Elasticsearch. This rather hack-ish Python code reads all the files and sends them to Elasticsearch using the simple bulk helper. Note that you would not want to use this in production, as it is relatively slow since it runs in serialization. We have parallel bulk helpers allowing you to run multiple bulk requests at a time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa56b31a0ca625ac6"}}},{"code":{"code":"import os\nfrom elasticsearch import Elasticsearch, helpers\n\n# Elasticsearch connection settings\nES_HOST = 'https://localhost:9200' # Replace with your Elasticsearch host\nES_INDEX = 'openwebtext-analyzed' # Replace with the desired Elasticsearch index name\n\n# Path to the folder containing your text files\nTEXT_FILES_FOLDER = 'openwebtext'\n\n# Elasticsearch client\nes = Elasticsearch(hosts=ES_HOST, basic_auth=('elastic', 'password'))\n\ndef read_text_files(folder_path):\n for root, _, files in os.walk(folder_path):\n for filename in files:\n if filename.endswith('.txt'):\n file_path = os.path.join(root, filename)\n with open(file_path, 'r', encoding='utf-8') as file:\n content = file.read()\n yield {\n '_index': ES_INDEX,\n '_source': {\n 'text': content,\n }\n }\n\ndef index_to_elasticsearch():\n try:\n helpers.bulk(es, read_text_files(TEXT_FILES_FOLDER), chunk_size=25)\n print(\"Indexing to Elasticsearch completed successfully.\")\n except Exception as e:\n print(f\"Error occurred while indexing to Elasticsearch: {e}\")\n\nif __name__ == \"__main__\":\n index_to_elasticsearch()","_metadata":{"uid":"csaafce9a31b446df7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs553088a499bab3b5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat is key information is that we are using a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echunk_size\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of 25, meaning that we are sending 25 documents in a single bulk request. Let’s start this Python script. The Python \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ehelpers.bulk\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e send a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT /_bulk\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e request. We can see the transaction. Every transaction represents a single bulk that contains 25 documents.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9460b9e3675de343"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt1291cd0d901e0daa","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:30.420Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161504","filename":"elastic-blog-5-key-info.png","parent_uid":null,"tags":[],"title":"elastic-blog-5-key-info.png","updated_at":"2023-08-09T15:22:30.420Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.080Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1291cd0d901e0daa/64d3af362c43eedb9a1d1598/elastic-blog-5-key-info.png"},"_metadata":{"uid":"cs3e6aa345680b1bb3"},"caption_l10n":"","alt_text_l10n":"key info","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc2352c284c9655ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe see that these 25 documents took 11 seconds to be indexed. Every time the ingest pipeline calls the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einference\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e processor — and therefore, the machine learning model — we see how long this particular processor takes. In this case, it’s roughly 500 milliseconds — 25 docs, each ~500 ms processing ~= 12,5 seconds. Generally speaking, this is an interesting view, as a longer document might impose a higher tax because there is more to analyze than a shorter one. Overall, the entire bulk request duration also includes the answer back to the Python agent with the ok for the indexing. Now, we can create a dashboard and calculate the average bulk request duration. We’ll do a little trick inside Lens to calculate the average time per doc. I’ll show you how.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, there is an interesting metadata captured inside the transaction — the field is called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elabels.http_request_headers_content_length\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This field may be mapped as a keyword and therefore does not allow us to run mathematical operations like sum, average, and division. But thanks to runtime fields, we don’t mind that. We can just cast it as a Double. In Kibana, go to your data view that contains the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etraces-apm\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data stream and do the following as a value:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9bee4d43156aebdf"}}},{"code":{"code":"emit(Double.parseDouble($('labels.http_request_headers_content_length','0.0')))","_metadata":{"uid":"cs011050272e1af50a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc8e7d69e4746eebe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis emits the existing value as a Double if that field is non-existent and/or missing, and it will report as 0.0. Furthermore, set the Format to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBytes\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This will make it automatically prettified! It should look like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0da91d98e6ef3cad"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt755d4f3893af1c0e","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:41.683Z","created_by":"bltb6c155cd84fc0c1a","file_size":"458242","filename":"elastic-blog-6-create-field.png","parent_uid":null,"tags":[],"title":"elastic-blog-6-create-field.png","updated_at":"2023-08-09T15:22:41.683Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.072Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt755d4f3893af1c0e/64d3af410bd73be8d9e91135/elastic-blog-6-create-field.png"},"_metadata":{"uid":"cs01fb6e04d232453b"},"caption_l10n":"","alt_text_l10n":"create field","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaf7edcfbe0c5b15d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCreate a new dashboard, and start with a new visualization. We want to select the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003emetric\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e visualization and use this KQL filter: \u003cspan data-type='inlineCode'\u003edata_stream.type: \"traces\" AND service.name: \"elasticsearch\" AND transaction.name: \"PUT /_bulk\"\u003c/span\u003e. In data view, select the one that includes \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etraces-apm\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, basically the same as where we added the field from above. Click on \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eprimary metric\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eformula\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs836f8c97f8a0b235"}}},{"code":{"code":"sum(labels.http_request_headers_content_length_double)/(count()*25)","_metadata":{"uid":"cs0096e296a8528e4a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs001997b51c6169f1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince we know that every bulk request contains 25 documents, we can just multiply the count of records (number of transactions) by 25 and divide the total sum of bytes to identify how large a single document was. But there are a few caveats — first, a bulk request includes an overhead. A bulk looks like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc8fc2de3398ecd42"}}},{"code":{"code":"{ \"index\": { \"_index\": \"openwebtext\" }\n{ \"_source\": { \"text\": \"this is a sample\" } }","_metadata":{"uid":"cs27b10d0f93b4782f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse096187d5ab8e5ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor every document you want to index, you get a second line in JSON that contributes to the overall size. More importantly, the second caveat is compression. When using any compression, we can only say “the documents in this bulk, where of size x” because the compression will work differently depending on the bulk content. When using a high compression value, we might end up with the same size when sending 500 documents compared to the 25 we do now. Nonetheless, it is an interesting metric.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs27a5997e9d566227"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt15b50b71c67d185e","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:01.590Z","created_by":"bltb6c155cd84fc0c1a","file_size":"210390","filename":"elastic-blog-7-metric.png","parent_uid":null,"tags":[],"title":"elastic-blog-7-metric.png","updated_at":"2023-08-09T15:23:01.590Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.042Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt15b50b71c67d185e/64d3af55455bf61148f9b9c4/elastic-blog-7-metric.png"},"_metadata":{"uid":"csa39df38bf0229f07"},"caption_l10n":"","alt_text_l10n":"metric","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5efd790a39b80bdc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe can use the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tip! Change the format in the Kibana Data View to Duration and select microseconds, ensuring it’s rendered nicely. Quickly, we can see that, on average, the bulk request is ~125kb in size, ~5kb per doc, and 9.6 seconds, with 95% of all bulk requests finishing below 11.8 seconds.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs71187b57989184c7"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt228e7b3fe3203f10","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:11.427Z","created_by":"bltb6c155cd84fc0c1a","file_size":"53662","filename":"elastic-blog-8-avg-numbers.png","parent_uid":null,"tags":[],"title":"elastic-blog-8-avg-numbers.png","updated_at":"2023-08-09T15:23:11.427Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.073Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt228e7b3fe3203f10/64d3af5f4d5a848d298d5ee6/elastic-blog-8-avg-numbers.png"},"_metadata":{"uid":"cs5039c773b3c4d9df"},"caption_l10n":"","alt_text_l10n":"average numbers","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Query time!","_metadata":{"uid":"csb9905b28d34903f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, we have indexed many documents and are finally ready to query it. Let’s do the following query:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c515d758c42fb5f"}}},{"code":{"code":"GET /openwebtext/_search\n{\n \"query\":{\n \"text_expansion\":{\n \"ml.tokens\":{\n \"model_id\":\".elser_model_1\",\n \"model_text\":\"How can I give my cat medication?\"\n }\n }\n }\n}","_metadata":{"uid":"csd9b9deb983db4b9e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs880c4642c4b277e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI am asking the openwebtext data set on articles about feeding my cat medication. My REST client tells me that the entire search, from start to parsing the response, took: 94.4 milliseconds. The took statement inside the response is 91 milliseconds, meaning that the search took 91 milliseconds on Elasticsearch, excluding a few things. Let’s now look into our \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eGET /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e transaction.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs12cc8724d1d35e76"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt82e48c3940f880b8","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:24.657Z","created_by":"bltb6c155cd84fc0c1a","file_size":"176085","filename":"elastic-blog-9-openwebtext-dataset.png","parent_uid":null,"tags":[],"title":"elastic-blog-9-openwebtext-dataset.png","updated_at":"2023-08-09T15:23:24.657Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.078Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82e48c3940f880b8/64d3af6cf06c9078eb537d5e/elastic-blog-9-openwebtext-dataset.png"},"_metadata":{"uid":"cs4860a17807f94b41"},"caption_l10n":"","alt_text_l10n":"openwebtext dataset","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf20a8b6878469614"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe can identify that the impact of the machine learning, basically creating the tokens on the fly, is 74 milliseconds out of the total request. Yes, this takes up roughly ¾ of the entire transaction duration. With this information, we can make informed decisions on how to scale the machine learning nodes to bring down the query time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Conclusion","_metadata":{"uid":"cs64dd743b00d530de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog post showed you how important it is to have Elasticsearch as an instrumented application and identify bottlenecks much more easily. Also, you can use the transaction duration as a metric for anomaly detection, do A/B testing for your application, and never wonder again if Elasticsearch feels faster now. You got data to back this up. Furthermore, this is extensively looking at the machine learning side of things. Checkout the general slow log query investigation \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/troubleshoot-slow-Elasticsearch-queries\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog post\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for more ideas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe dashboard and data view can be imported from my \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/mlops-elser\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub repository.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7673527ef8e82bed"}}},{"callout":{"title_l10n":"Warning","_metadata":{"uid":"cs73072cb8c2e9a880"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is an issue with the spans inside Elasticsearch. This is \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/98113\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efixed\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in the upcoming release of 8.9.1. Until then, the transactions use the wrong clock, which disturbs the overall duration.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc6a1942c182ec372"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs63bceb5caabd40c3"}}}],"publish_date":"2023-08-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltd0a6414db19c04af","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-14T04:11:00.160Z","updated_at":"2023-08-14T04:11:00.160Z","content_type":"image/jpeg","file_size":"120139","filename":"19-feather.jpeg","title":"19-feather.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-14T04:11:10.324Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd0a6414db19c04af/64d9a954ba11e76c2c18bb72/19-feather.jpeg"},"title":"Identify slow queries in generative AI search experiences","title_l10n":"Identify slow queries in generative AI search experiences","updated_at":"2025-01-21T22:32:13.580Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/slow-queries-generative-ai-search-experiences","publish_details":{"time":"2025-01-21T22:32:21.167Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2999c96d6bf0cc4d","_version":19,"locale":"en-us","ACL":{},"abstract_l10n":"Master the art of troubleshooting slow Elasticsearch queries for better user experience, and learn how to optimize query performance by using APM insights and Lens charts.","author":["bltfb64482fc825a009"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-08-03T16:40:30.797Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"cs72ece05bf0deedf1"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2752936498222897"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor anyone using Elasticsearch®\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as their search engine, identifying and troubleshooting queries is a crucial skill to master. Be it ecommerce, observability, or workplace-oriented search solutions, a slow Elasticsearch will negatively impact your user’s experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo pinpoint slow Elasticsearch queries, you can use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-slowlog.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eslow log\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which captures the query run at a certain threshold. Setting the slow log threshold correctly is a challenge in and of itself. For example, a query that takes 500 milliseconds under full load might be acceptable, but the same query under low load might be unacceptable. The slow log does not differentiate and logs everything above 500 milliseconds. Slow log does its job very well, so you can capture different levels of granularity depending on the threshold value. Tracing, instead, can look at all queries, identifying how many of your queries are within certain thresholds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eApplication performance monitoring (APM) is no longer confined to just your application. Using instrumentation in Elasticsearch, we can now add Elasticsearch as a fully fledged service rather than a dependency on your application stack. This way, we get a more nuanced view of performance than the slow log can provide.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor the following example, our data corpus is the \u003c/span\u003e\u003ca href=\"https://paperswithcode.com/dataset/openwebtext\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOpenWebText\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides roughly 40GB of pure text and roughly 8 million individual documents that run locally on an M1 Max Macbook with 32GB RAM.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Getting started","_metadata":{"uid":"cs06f95e7b21cb8089"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eActivating tracing in Elasticsearch is done with static settings (configured in the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e command, where one of those dynamic settings is the sampling rate. Some settings, like the sampling rate, can be toggled during the runtime. In the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 9.x\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b0d1a2b7ca7139b"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"csff35af0b1c5f68d4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfb8bf5049802bbb8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 7.x and 8.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csae42418053e46201"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs670836919bdada06"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92d6e6e2dac9306b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e using the following command for version 7.x and 8.x \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eFor version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eAfter that, you need to restart Elasticsearch. More information on tracing can be found in our \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce APM is active we can look at the APM view in Kibana and see that Elasticsearch captures various REST API endpoints automatically. Here, we focus mainly on the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePOST /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e calls and see what we can gain from it.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd0fdd009e2f6c3a5"}}},{"image":{"image":{"uid":"bltfa39389057047940","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:03:25.663Z","updated_at":"2023-08-03T17:03:25.663Z","content_type":"image/png","file_size":"292255","filename":"elastic-blog-1-elasticsearch.png","title":"elastic-blog-1-elasticsearch.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.898Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfa39389057047940/64cbdddde237e92994f7cf14/elastic-blog-1-elasticsearch.png"},"_metadata":{"uid":"cs764e3595dd185b5f"},"caption_l10n":"","alt_text_l10n":"elasticsearch screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs948eb722e77065b7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy examining a simple query directly on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eGET /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e box, we see the following waterfall breakdown. This contains internal spans that provide deeper insights into what Elasticsearch is doing under the hood. And we see the overall duration of this search (86 milliseconds).\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csab19a9deb53e133b"}}},{"image":{"image":{"uid":"blt80bd48de316a2c2a","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:03:44.652Z","updated_at":"2023-08-03T17:03:44.652Z","content_type":"image/png","file_size":"105820","filename":"elastic-blog-2-trace-sample.png","title":"elastic-blog-2-trace-sample.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.924Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80bd48de316a2c2a/64cbddf0c5b4be1719a6e5d9/elastic-blog-2-trace-sample.png"},"_metadata":{"uid":"cse69537eba6ee95ec"},"caption_l10n":"","alt_text_l10n":"trace sample","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs407d1c4554234bf6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe metadata accompanying the query includes extensive information around the HTTP header, user agent, Elasticsearch node location (cloud provider metadata, hostname, container info), some system information, and URL details. Using some basic transaction information, we can create a Lens chart that plots the average transaction duration and allows us to see if there is an upward or downward trend.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Our search application","_metadata":{"uid":"cs313060e955231133"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is nice not needing to use slow logs anymore! I can determine the transaction duration and identify how many searches are answered beneath any threshold. However, there is one setback — Elasticsearch does not capture the query sent, so we know that a query took a long time, but we don’t know what the query was.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s instrument a sample search application. In this case, we will use a simple Flask app with two routes, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_single\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which will represent a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e query in Elasticsearch. For example, we could use the following queries:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d99e68f5dba0eb2"}}},{"code":{"code":"{\n \"query\": {\n \"match\": {\n \"content\": \"support\"\n }\n }\n}\nAnd\n{\n \"query\": {\n \"match_phrase\": {\n \"content\": \"support protest\"\n }\n }\n}","_metadata":{"uid":"cs55b6e5a01a86319c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5300ced56aacc400"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe following Flask code implements the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_single\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e route. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is very similar, except it uses \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e instead of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a862f5950e1dd07"}}},{"code":{"code":"@app.route(\"/search_single\", methods=[\"GET\"])\ndef search_single():\n query = request.args.get(\"q\", \"\")\n if not query.strip():\n return jsonify({\"error\": \"No search query provided\"}), 400\n try:\n result = es.search(\n index=ES_INDEX, query={\"match\": {\"content\": query}}\n )\n\n hits = result[\"hits\"][\"hits\"]\n response = []\n for hit in hits:\n response.append(\n {\n \"score\": hit[\"_score\"],\n \"content\": hit[\"_source\"][\"content\"],\n }\n )\n \n return jsonify(response)","_metadata":{"uid":"cs0aa31682dee15097"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbf3311542a84c697"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith all that prepared, I can now call \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecurl -XGET \"http://localhost:5000/search_single?q='microphone'\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to search for the term \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003emicrophone\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe mainly add APM to our search application to observe, but our APM agents capture outgoing requests and enrich them with metadata information. In our case, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003espan.db.statement\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e contains the Elasticsearch query. And in this case below, someone searched for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ewindow\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs547c9dc1a3252df5"}}},{"image":{"image":{"uid":"blt4ee78bc9ef844d1d","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:06:21.240Z","updated_at":"2023-08-03T17:06:21.240Z","content_type":"image/png","file_size":"97453","filename":"elastic-blog-3-span-details.png","title":"elastic-blog-3-span-details.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.950Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ee78bc9ef844d1d/64cbde8dcc97f6d00e6e5d3b/elastic-blog-3-span-details.png"},"_metadata":{"uid":"csc48c49ba93aa7b91"},"caption_l10n":"","alt_text_l10n":"span details","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Piecing it all together","_metadata":{"uid":"cs4ae59d077ea5d0f3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn my Flask service, I set the query size to 5,000, meaning that Elasticsearch should give me up to 5,000 matching documents in a single JSON response. That is a large number, and much of the time is spent retrieving that amount of documents from the disk. After changing it to the top 100 documents, I can quickly identify what happened in my dashboard by comparing it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking at a transaction in the APM view and activating the labs function for the critical path creates an overlay, showing us where our application is spending its time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs16f1ae09dedbd07c"}}},{"image":{"image":{"uid":"blt9dfc2f0f88c50a6a","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:06:59.950Z","updated_at":"2023-08-03T17:06:59.950Z","content_type":"image/png","file_size":"106819","filename":"elastic-blog-4-apm-view.png","title":"elastic-blog-4-apm-view.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.978Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9dfc2f0f88c50a6a/64cbdeb3ddc0266c4c80763e/elastic-blog-4-apm-view.png"},"_metadata":{"uid":"cs48121274a61bdf51"},"caption_l10n":"","alt_text_l10n":"apm view timeline","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa42d0c24467c14a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter that, I created a dashboard using the fields \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ees_query_took\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. General KQL filters contain \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eservice.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eprocessor.event: transaction\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name: POST /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSide tip:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e go to data view management \u0026gt; select your data view containing the APM data streams \u0026gt; select the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field \u0026gt; and change the format to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eduration\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It will automatically render it now in human-readable output instead of microseconds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging the Lens annotation feature, we can see in the middle Lens that the change to 100 docs brought down the average search transaction by a lot. Not only that, look at the overall count of records in the top right corner. Since we can search faster, we have a higher throughput! I really enjoy histograms, so I created one in the middle in the top row, where I have the transaction duration on the X-axis and the count of records on the Y-axis. Furthermore, APM delivers metrics, so we can identify how much CPU% usage is occurring at any time as well as JVM heap, non-heap usage, thread count, and more useful information.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs32802cb82a155940"}}},{"image":{"image":{"uid":"blt26b693f12ad19c7b","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:07:27.640Z","updated_at":"2023-08-03T17:07:27.640Z","content_type":"image/png","file_size":"390775","filename":"elastic-blog-5-graphs-charts.png","title":"elastic-blog-5-graphs-charts.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:23.003Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt26b693f12ad19c7b/64cbdecf5de99c810668d188/elastic-blog-5-graphs-charts.png"},"_metadata":{"uid":"cs98c81971192a3214"},"caption_l10n":"","alt_text_l10n":"graphs and charts","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Conclusion","_metadata":{"uid":"cs488137586b5bf4a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog post showed you how important it is to have Elasticsearch as an instrumented application and identify bottlenecks much more easily. Also, you can use the transaction duration as a metric for anomaly detection, do A/B testing for your application, and never wonder again if Elasticsearch feels faster since you now have data to answer that question. Furthermore, all the metadata that is collected from user agents to queries help you to troubleshoot.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe dashboards and data view can be imported from \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/elasticsearch-slow-queries\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs37963415983a3cf9"}}},{"callout":{"title_l10n":"Warning","_metadata":{"uid":"csb4bc93b1ceb365be"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is an issue with the duration of transactions inside Elasticsearch. This is \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/98113\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efixed\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in the upcoming release of 8.9.1. Until then, the transactions use the wrong clock, which disturbs the overall duration.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csccd5fb516f817174"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs091436563fe104f6"}}}],"publish_date":"2023-08-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt540a0685025a17e0","ACL":{},"created_at":"2021-07-12T21:52:31.396Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace Search","tags":[],"title":"Workplace Search","updated_at":"2021-07-12T21:52:31.396Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.010Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcd40f41ea1d31bf8","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T16:53:50.628Z","updated_at":"2023-08-03T16:53:50.628Z","content_type":"image/png","file_size":"156167","filename":"libraries-enterprise-search-site-search-dark-1680x980.png","title":"libraries-enterprise-search-site-search-dark-1680x980.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:23.025Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd40f41ea1d31bf8/64cbdb9e5de99c3e5968d173/libraries-enterprise-search-site-search-dark-1680x980.png"},"title":"How to troubleshoot slow Elasticsearch queries for better user experience","title_l10n":"How to troubleshoot slow Elasticsearch queries for better user experience","updated_at":"2025-01-21T22:28:38.473Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/troubleshoot-slow-Elasticsearch-queries","publish_details":{"time":"2025-01-21T22:28:44.120Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt87499c7e1dc96796","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is automating SIEM data onboarding with Automatic Import. This feature — the only one of its kind — automates the development of custom data integrations. Elastic now adds custom data sources faster than any competing solution.","author":["blt2c6750b198c527ec","blt91eeaf08ab3d1d6a"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-08-05T15:22:16.181Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a17d79d125e5942"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic is accelerating the adoption of \u003c/span\u003e\u003ca href=\"http://www.elastic.co/security/ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by automating SIEM data onboarding with Automatic Import. This new feature — the only one of its kind for a security analytics or SIEM solution —\u0026nbsp;automates the development of custom data integrations. Elastic Security now adds custom data sources faster than any competing security analytics solution, facilitating broader visibility and easier SIEM implementation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEstablishing visibility across an enterprise IT environment is inherently difficult, but no matter how the attack surface changes — applications created, systems added, infrastructure moved to the cloud — security teams can’t afford to fly blind. Unfortunately, onboarding custom data has remained costly and complex — until now.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAutomatic Import automates the development of custom data integrations with generative AI, cutting the effort needed to create and validate custom integrations —\u0026nbsp;from up to several days to less than 10 minutes —\u0026nbsp;and significantly lowering the learning curve for onboarding data. The feature is powered by the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides model-agnostic access to harness the knowledge from large language models (LLMs) and the ability to ground answers in proprietary data using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/retrieval-augmented-generation-rag\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. It is also made possible by our rich expertise in enabling security teams to leverage data of any kind and the flexibility of our \u003c/span\u003e\u003ca href=\"/cloud/serverless/search-ai-lake\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs91ab0e81f511dcd6"}}},{"image":{"image":{"uid":"blt56ec9ce154b2a05b","_version":1,"title":"Auto Import Screenshot.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T21:29:52.188Z","updated_at":"2025-01-21T21:29:52.188Z","content_type":"image/png","file_size":"188306","filename":"Auto_Import_Screenshot.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:48:31.764Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt56ec9ce154b2a05b/679011d0bc1349569ed5b95f/Auto_Import_Screenshot.png"},"_metadata":{"uid":"cs7948fd2d7cc38581"},"caption_l10n":"","alt_text_l10n":"create new integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0a72bf99e04a118d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import arrives at a critical moment as organizations explore replacement options for their legacy SIEM tools. Collecting and normalizing data is among the first phases of any migration plan, starting with leveraging prebuilt data integrations. Technologies that require custom connectors typically come next, but the manual nature of building each such integration can slow adoption of the new SIEM and retirement of the old solution. Automatic Import addresses these challenges.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The impact of Automatic Import","_metadata":{"uid":"csfdb1f132774f43b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"http://www.elastic.co/security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e extends our leadership in applying generative AI to expedite labor-intensive SecOps tasks by automating the creation of custom data integrations. This release builds on our previous AI-driven security analytics innovations, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which automates alert triage, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which answers security questions and guides practitioner workflows.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn May, we released Attack Discovery to reduce the toil of triaging hundreds of security alerts every day. Elastic is uniquely positioned to mitigate the security challenges intrinsic to fast-changing environments and messy data due to our ability to handle unstructured data at scale and our strategy of drawing relevant insights via LLMs and RAG.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic is complementing these AI-driven product capabilities with \u003c/span\u003e\u003ca href=\"https://elastic.co/blog/elastic-express-migration-program\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Express Migration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a commercial incentive program to address migration inertia associated with companies’ existing deployments and contracts and to provide an accelerated adoption path for customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of Elastic’s largest security customers recently migrated nearly 200 data sources, including many custom technologies. Future customers of this scale will save hundreds of hours of consulting time and save weeks to months of implementation time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs71f37f800b013129"}}},{"quotes":{"quote_l10n":"Automatic Import addresses one of the biggest headaches of switching SIEMs: onboarding custom data sources. The feature automates the development of new data integrations, reducing the cost, complexity, and stress of migration.","_metadata":{"uid":"cs31d5da6cc2b6cdf8"},"quote_author_l10n":"Michelle Abraham, Research Director, Security and Trust at IDC","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4f6775b00c51f327"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic ships with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003e400+ prebuilt data integrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;and counting, and Automatic Import makes it practical to extend visibility beyond these to an evolving array of security-relevant technologies and applications. These integrations normalize data to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ecs-elastic-common-schema-otel-opentelemetry-faq\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Common Schema (ECS)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, enabling uniform analysis with dashboards, search, alerting, machine learning, and more. Public LLMs can readily process and analyze data in ECS format because it is a popular open source data specification.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4bfe471d53f3058e"}}},{"quotes":{"quote_l10n":"Automatic Import makes building and testing custom data integrations easier, helping us quickly enhance visibility throughout our environment.","_metadata":{"uid":"cs0a8d0fe962a0fa7a"},"quote_author_l10n":"Nate Thompson, Senior Manager, Cybersecurity Analytics \u0026 Automation, Dana Inc.","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"How it works","_metadata":{"uid":"cs754d5f153eeda5c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import is easy to use and available to everyone with an Enterprise license. The user specifies some settings and uploads sample data from which the feature will extrapolate what to expect from the data source. These log samples are paired with LLM prompts that have been honed by Elastic engineers to reliably produce conformant Elasticsearch ingest pipelines. Automatic Import then iteratively builds, tests, and tweaks a custom ingest pipeline until it meets Elastic integration requirements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65a565dd36035bcc"}}},{"image":{"image":{"uid":"bltf608b373edd29cfd","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:53:28.406Z","created_by":"bltb6c155cd84fc0c1a","file_size":"159988","filename":"image7.png","parent_uid":null,"tags":[],"title":"image7.png","updated_at":"2024-08-05T14:53:28.406Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.750Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf608b373edd29cfd/66b0e768eead60d63b895b31/image7.png"},"_metadata":{"uid":"cs69aeb44ba6a2930e"},"caption_l10n":"Automatic Import powered by the Elastic Search AI Platform","alt_text_l10n":"Automatic Import powered by the Elastic Search AI Platform","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb737665cf3cf790c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn just minutes, the feature generates and validates a custom integration that accurately maps raw data into ECS and custom fields, populates contextual information (such as \u003cspan data-type='inlineCode'\u003erelated.*\u003c/span\u003e fields), and categorizes events.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Automatic Import supports a variety of structured and unstructured log formats, including JSON, NDJSON, Syslog, and CSV. Popular large language model (LLM) providers, such as Amazon Bedrock, Google Gemini, and OpenAI, are supported by Automatic Import for integration generation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automatic Import in action","_metadata":{"uid":"cs021f97e9c4694201"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s say you want to onboard audit events from Teleport, a tool for securing access to infrastructure and web applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStart by navigating to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eIntegrations -\u0026gt; Create new integration\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa3e86a5036a299fe"}}},{"image":{"image":{"uid":"bltc2d2dad96582dff8","_version":1,"title":"Auto Import Screenshot (1).png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T21:47:06.919Z","updated_at":"2025-01-21T21:47:06.919Z","content_type":"image/png","file_size":"188306","filename":"Auto_Import_Screenshot_(1).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:48:31.852Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc2d2dad96582dff8/679015dae6989878d828373a/Auto_Import_Screenshot_(1).png"},"_metadata":{"uid":"cs8d42a790f5190645"},"caption_l10n":"","alt_text_l10n":"create new integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse4443fec95f90824"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProvide a name and description for the new data source.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs95eaa601e616e069"}}},{"image":{"image":{"uid":"blt9ef7b781b4c303f1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:55:38.267Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149863","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-08-05T14:55:38.267Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.517Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ef7b781b4c303f1/66b0e7ea792c8e1f9847d65a/image5.png"},"_metadata":{"uid":"cs8a334024d4820796"},"caption_l10n":"","alt_text_l10n":"integration details","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs100a328031bb1fdd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, fill in other details and provide some sample data, anonymized as you see fit.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs84afaaa1ccd0973f"}}},{"image":{"image":{"uid":"blt2f24cc02bde01155","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:56:09.588Z","created_by":"bltb6c155cd84fc0c1a","file_size":"169295","filename":"image8.png","parent_uid":null,"tags":[],"title":"image8.png","updated_at":"2024-08-05T14:56:09.588Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.389Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f24cc02bde01155/66b0e80992f8d0ed68087455/image8.png"},"_metadata":{"uid":"csac644cba75730c09"},"caption_l10n":"","alt_text_l10n":"define data stream and upload logs screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc45bd25d425f5e35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClick “Analyze logs” to submit integration details, sample logs, and expert-written instructions from Elastic to the specified LLM, which builds the integration package using generative AI. Automatic Import then fine-tunes the integration in an automated feedback loop until it is validated to meet Elastic requirements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb1996225abc1ad84"}}},{"image":{"image":{"uid":"blt0e8a1ceef586519a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:56:36.522Z","created_by":"bltb6c155cd84fc0c1a","file_size":"159377","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-08-05T14:56:36.522Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.740Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0e8a1ceef586519a/66b0e82492f8d043cd08745b/image1.png"},"_metadata":{"uid":"cs6632d632b449f776"},"caption_l10n":"","alt_text_l10n":"analyzing","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs24f9db3857ae9a50"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import presents recommended mappings to ECS fields and custom fields. You can easily adjust these settings if necessary.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs66542a247c2d7de1"}}},{"image":{"image":{"uid":"blt09d6e79dc9b67cb1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:01.925Z","created_by":"bltb6c155cd84fc0c1a","file_size":"175050","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-08-05T14:57:01.925Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.759Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09d6e79dc9b67cb1/66b0e83d792c8ec6b947d66b/image6.png"},"_metadata":{"uid":"cs894505833ff54b74"},"caption_l10n":"","alt_text_l10n":"review results","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs543e0f7dd825d547"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter finalizing the integration, add it to Elastic Agent or view it in Kibana. It is now available alongside your other integrations and follows the same workflows as prebuilt integrations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf83d99ee0bf94ec3"}}},{"image":{"image":{"uid":"blt51104670f1db5617","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:30.933Z","created_by":"bltb6c155cd84fc0c1a","file_size":"95882","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2024-08-05T14:57:30.933Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.368Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt51104670f1db5617/66b0e85a0efc69f290886720/image3.png"},"_metadata":{"uid":"cs390b2d5b17ae9489"},"caption_l10n":"","alt_text_l10n":"success","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7c686967014a652e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUpon deployment, you can begin analyzing newly ingested data immediately.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65d75b9aebb8d69f"}}},{"image":{"image":{"uid":"blt079ce0a6ead2ae96","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:52.934Z","created_by":"bltb6c155cd84fc0c1a","file_size":"284647","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-08-05T14:57:52.934Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.719Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt079ce0a6ead2ae96/66b0e870ae971f286cf0f0de/image2.png"},"_metadata":{"uid":"csed0279ef39256896"},"caption_l10n":"","alt_text_l10n":"users","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Fast-track your move to AI-driven security analytics","_metadata":{"uid":"csbe7863e4292c473f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import lowers the time required to build and test custom data integrations from days to minutes, accelerating the switch to \u003c/span\u003e\u003ca href=\"http://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. The feature arrives during a time of change in the SIEM market with many longtime customers of legacy SIEMs now migrating to modern technologies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic pairs the unique power of Automatic Import with Elastic’s deep library of prebuilt data integrations, enabling wider visibility and fast data onboarding. In conjunction with Elastic AI Assistant for rule conversion, the feature substantially simplifies SIEM migration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInterested in our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/splunk-replacement\"\u003e\u003cspan style='font-size: 12pt;'\u003eExpress Migration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e program to level up to Elastic? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/splunk-interest?elektra=organic\u0026storm=CLP\u0026rogue=splunkobs-gic\"\u003e\u003cspan style='font-size: 12pt;'\u003eContact Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs286c5062c3044946"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd5d8322e1ca4950b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse1d8cd277af80d33"}}}],"publish_date":"2024-08-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Migrate your SIEM to AI-driven security analytics in record time by automating custom data integrations","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}},{"title":"SIEM","label_l10n":"SIEM","keyword":"siem","hidden_value":false,"tags":[],"locale":"en-us","uid":"blta7a92715fa2dc7aa","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-07-12T21:52:53.275Z","updated_at":"2021-07-12T21:52:53.275Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-10-07T18:59:30.492Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte0256e5390d036ed","ACL":{},"created_at":"2023-11-06T20:25:43.573Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-migration","label_l10n":"Cloud migration","tags":[],"title":"Cloud migration","updated_at":"2023-11-06T20:25:43.573Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:27.667Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"title":"Migrating","label_l10n":"Migrating","keyword":"migrating","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt065c9f1028ecc8ce","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:53.971Z","updated_at":"2020-06-17T03:39:53.971Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:53.971Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-18T20:57:42.628Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt40e02d1553cb4861","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-08-05T14:37:45.050Z","created_by":"bltb6c155cd84fc0c1a","file_size":"169575","filename":"Opt1_V1.jpg","parent_uid":null,"tags":[],"title":"Opt1_V1.jpg","updated_at":"2024-08-05T14:37:45.050Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.378Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt40e02d1553cb4861/66b0e3b949df09abf05ce3fc/Opt1_V1.jpg"},"title":"Elastic accelerates SIEM data onboarding with Automatic Import powered by Search AI","title_l10n":"Elastic accelerates SIEM data onboarding with Automatic Import powered by Search AI","updated_at":"2025-01-21T21:48:25.532Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/automatic-import-ai-data-integration-builder","publish_details":{"time":"2025-01-21T21:48:31.253Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc00a0dffdc08b4b6","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"We've reached a significant achievement in expanding support for Australian public sector and critical infrastructure customers by completing our assessment against the Information Security Registered Assessors Program (IRAP) at the Protected Level! ","author":["blta886ef48812ea839"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-21T20:45:38.857Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd814380bb6334af1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic consistently delivers secure, reliable, and compliant solutions. Today, we are thrilled to announce that we have reached a significant achievement in expanding support for our Australian public sector and critical infrastructure customers: We have completed our assessment against the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInformation Security Registered Assessors Program (IRAP) \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eat the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProtected Level\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is IRAP? ","_metadata":{"uid":"cs8b74f8297e17a69e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIRAP helps Australian government and public sector and critical infrastructure organizations validate that sufficient controls are in place for their cloud service providers. IRAP is a rigorous assessment framework developed by the Australian Cyber Security Centre (ACSC). It ensures that cloud services meet stringent government security requirements, especially for handling sensitive data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieving the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProtected Level\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e means our platform can securely manage sensitive information, including data that is critical to government agencies.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd4783a33ed42780b"}}},{"image":{"image":{"uid":"blted59f255acc65dfd","_version":1,"title":"irap logo.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T20:40:24.994Z","updated_at":"2025-01-21T20:40:24.994Z","content_type":"image/png","file_size":"102335","filename":"irap_logo.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:00:42.394Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted59f255acc65dfd/67900639a5499b4bc114c614/irap_logo.png"},"_metadata":{"uid":"cse41fd5837ca3afc8"},"caption_l10n":"","alt_text_l10n":"IRAP logo","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-small: 25%"}}},{"title_text":{"title_text":[{"title_l10n":"Why we pursued IRAP assessment","_metadata":{"uid":"cs8bc59e2f0d02b102"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor us, pursuing IRAP wasn’t just about compliance; it was also about reinforcing our commitment to building trust with our customers. With cybersecurity threats evolving daily, we recognize that robust security is not just a feature — it’s a responsibility.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy attaining IRAP certification, we’re proving to organizations in Australia and beyond that our platform meets the highest standards for protecting sensitive information. Whether you’re a government agency, a private enterprise, or a small business with strict security requirements, you can count on us to deliver solutions that prioritize your data’s safety.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What this means for our customers","_metadata":{"uid":"cs19b7d38b44ece07a"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced security assurance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e IRAP guarantees that Elastic Cloud has undergone rigorous assessments by qualified experts and meets stringent security controls.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSupport for government workloads:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Our platform is now validated to support workloads at the Protected Level, opening new opportunities for collaboration with government agencies.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOngoing commitment:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e IRAP isn’t a “set it and forget it” milestone. Maintaining compliance requires continuous monitoring, updates, and alignment with evolving security standards.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"What’s the scope of our assessment?","_metadata":{"uid":"csc4af96ae95bacf34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe assessed all three available cloud service providers — AWS, GCP, and Azure — for the Elastic Cloud to continue to provide flexibility of cloud hosting choice for our customers. Currently, the following regions for Elastic Cloud Hosted are in scope:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGCP:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e gcp-australia-southeast1\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAzure:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e azure-australiaeast\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ap-southeast-2\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the Elastic Cloud Hosted and Serverless presence in Australia expands, we intend to include those regions within the scope of our IRAP assessment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs658f24af7ea8d3d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs exciting as this milestone is, it’s just the beginning. Security and compliance are ongoing commitments, and we’re always looking for ways to enhance our capabilities and deliver even greater value to our customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about our full portfolio of compliance certifications, visit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eTrust Center\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. If you’re curious about how Elastic Cloud can support your organization’s needs, please \u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003econtact us\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e today.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfc188e573a72d666"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9dccb1fdf758d472"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc7ac25794ea11e87"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltc4cf7960c3103ef2","_version":1,"title":"irap.jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T20:45:37.416Z","updated_at":"2025-01-21T20:45:37.416Z","content_type":"image/jpeg","file_size":"184642","filename":"irap.jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:00:42.460Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc4cf7960c3103ef2/67900771e92e09422fc648d0/irap.jpeg"},"title":"Building trust through compliance: Achieving IRAP Protected Level assessment for Elastic Cloud","title_l10n":"Building trust through compliance: Achieving IRAP Protected Level assessment for Elastic Cloud ","updated_at":"2025-01-21T21:00:36.645Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/achieving-irap-protected-level-assessment-elastic-cloud","publish_details":{"time":"2025-01-21T21:00:42.143Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfbb95403ca3b54c1","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"Hello from the Elastic DevRel team! In this newsletter, you’ll find information on upcoming Elastic meetups and events in your region, catch up on product updates and content, and stay up-to-date with everything Elastic-related.","author":["blt45e4796f6aeab23a"],"category":["bltc17514bfdbc519df"],"created_at":"2024-05-09T15:53:03.710Z","created_by":"blt96ac6007eba0a223","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs10b9a7bfaac3db23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHello from the Elastic DevRel team! Welcome to our latest newsletter blog edition, where you'll find information on upcoming events in your region, catch up on content, and stay up to date with product updates.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this edition, we dive into the latest enhancements and optimizations that boost vector search performance in Elasticsearch and Apache Lucene, making it up to 8x faster and 32x more efficient. We also explore the new Elastic Cloud Vector Search optimized hardware profile that is now available for Elastic Cloud users on GCP.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86a026d8df08c386"}}},{"title_text":{"title_text":[{"title_l10n":"What’s new?","_metadata":{"uid":"cs065e956dbc7d71ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch and Lucene\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are getting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-lucene-vector-database-gains\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eup to 8x faster and 32x more efficient\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with their recent improvements for vector search.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eArchitecture:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene organizes data into segments — immutable units that undergo periodic merging. This structure allows for efficient management of inverted indices that are essential for text search. With vector search, Lucene extends its capabilities to handle multi-dimensional points, employing the hierarchical navigable small world (HNSW) algorithm to index vectors. This approach facilitates scalability, enabling data sets to exceed available RAM size while maintaining performance. Additionally, Lucene's segment-based approach offers lock-free search operations, supporting incremental changes and ensuring visibility consistency across various data structures.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe integration, however, comes with its own challenges. Merging segments requires recomputing HNSW graphs, which incurs index-time overhead. Searches must cover multiple segments, leading to possible latency overhead. Moreover, optimal performance requires scaling RAM as data grows, which may raise resource management concerns.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-threaded search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e But Lucene's segmented architecture also enables the implementation of multi-threaded search. Elasticsearch’s performance gains come from efficiently searching multiple segments simultaneously. Latency of individual searches is significantly reduced by using the processing power of all available CPU cores. This optimization is particularly beneficial for Hierarchical Navigable Small World (HNSW) searches.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-graph vector search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In multi-graph search scenarios, the challenge lies in efficiently navigating individual graphs, while ensuring comprehensive exploration to avoid local minima. To mitigate this, we devised a strategy to intelligently share state between searches, enabling informed traversal decisions based on global and local competitive thresholds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy synchronizing information exchange and adjusting search strategies accordingly, we achieve significant improvements in search latency while preserving recall rates comparable to single-graph searches. In concurrent search and indexing scenarios, we notice up to 60% reduction in query latencies with this change alone!\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eJava's advancements:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene's vector search implementation relies on fundamental operations like dot product, square, and cosine distance, both in floating point and binary variants. Traditionally, these operations were backed by scalar implementations, leaving performance enhancements to the JIT compiler. However, recent advancements introduce a paradigm shift with the Panama Vector API that interfaces with Single Instruction Multiple Data (SIMD) instructions, enabling developers to express these operations explicitly for optimal performance — with Lucene and Elasticsearch making excellent use of them.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScalar quantization:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Memory consumption has long been a concern for efficient vector database operations. By embracing byte quantization, Lucene slashes memory usage by approximately 75%, offering a viable solution to the memory-intensive nature of vector search operations. Lucene’s implementation uses scalar quantization, a lossy compression technique that transforms raw data into a compressed form, sacrificing some information for space efficiency. It achieves remarkable space savings with minimal impact on recall, making it an ideal solution for memory-constrained environments.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo make compression even better, we aimed to reduce each dimension from seven bits to just four bits. Our main goal was to compress data further while still keeping search results accurate. By making some improvements, we managed to compress data by a factor of eight without making search results worse by adding a smart error correction system.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-vector integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene's \"join\" functionality — integral to Elasticsearch's nested field type — enables multiple nested documents within a top-level document, allowing searches across nested documents and subsequent joins with their parent documents. Instead of having a single piece of metadata indicating, for example, a book's chapter, you now have to index that information data for every sentence.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector database optimized instance on Google Cloud:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e To be most performant, HNSW requires the vectors to be cached in the node's off-heap memory. With this in mind, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-gcp\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Vector Search optimized hardware profile\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is configured with a smaller than standard Elasticsearch JVM heap and disk setting. This provides more RAM for caching vectors on a node, allowing you to provision fewer nodes for your vector search use cases.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd7b70f2d06f1b2ed"}}},{"image":{"image":{"uid":"blt5ffbe53fb6d1e81f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-09T15:36:26.404Z","created_by":"blt96ac6007eba0a223","file_size":"206311","filename":"image_newsletter_may.png","parent_uid":null,"tags":[],"title":"image_newsletter_may.png","updated_at":"2024-05-09T15:36:26.404Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2024-05-10T20:21:26.770Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5ffbe53fb6d1e81f/663ced7af8baf0ad6aa765d0/image_newsletter_may.png"},"_metadata":{"uid":"csbba24da9fb93d864"},"caption_l10n":"","alt_text_l10n":"Vector database optimized instance on Google Cloud.","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Blogs, videos, and interesting links","_metadata":{"uid":"cs2eecc070cb6d6a45"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScalar quantization in Lucene:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Benjamin Trent and Thomas Veasey share their in-depth two-part series about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/int4-scalar-quantization-in-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInt4: more scalar quantization in Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vector-db-optimized-scalar-quantization\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003escalar quantization optimized for vector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and how to use byte or half-byte sized integers instead of floats (4 bytes) per vector dimension.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic web crawler:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e If you’re looking for a concrete example of how to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-web-crawler-add-search-website\"\u003e\u003cspan style='font-size: 12pt;'\u003euse the Elastic web crawler\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Lionel Palacin demonstrates it with a website where we want to add search.\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e.NET client:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Learn about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/net-client-evolution\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe evolution of the Elasticsearch .NET client\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and how it will gradually phase out the old NEST library with Florian Bernd.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ekNN search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Panagiotis Bailis explains the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/simplifying-knn-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esimplification of kNN search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003cspan data-type='inlineCode'\u003ek\u003c/span\u003e and \u003cspan data-type='inlineCode'\u003enum_candidates\u003c/span\u003e are now optional. But picking good default values for them was a tricky undertaking and the blog post shows how we got there.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUniversal profiling agent:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The Elastic Universal Profiling agent is now open source and in the process of being donated to OpenTelemetry. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-universal-profiling-agent-open-source\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more about it\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with Israel Ogbole and Christos Kalkanis. Luca Wintergerst and Tim Rühsen explore \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-universal-profiling-performance-improvements-reduced-costs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehow Elastic’s Universal Profiling can improve performance and reduce costs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by fixing issues in Logstash.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eChatGPT and Elasticsearch:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Follow Sandra Gonzales to learn \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/chatgpt-elasticsearch-creating-custom-gpts-with-elastic-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehow to develop a custom GPT\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e step by step. It’s your own version of ChatGPT that retrieves custom data from Elasticsearch, which can add both current and proprietary context.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic Contributor Program:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Explore three reasons why you should become an Elastic community ambassador \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eand \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003echeck out the winners of the 2024 cycle in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/3-reasons-why-you-should-become-an-elastic-community-ambassador\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUlly Sampaio’s blog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc0956c27a0e99b50"}}},{"title_text":{"title_text":[{"title_l10n":"Featured blogs from the community","_metadata":{"uid":"cs81fa3f7f5b5edb57"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eLearn how to do \u003ca href=\"https://netflixtechblog.com/reverse-searching-netflixs-federated-graph-222ac5d23576\" target=\"_blank\"\u003ereverse search within Netflix’s federated graph\u003c/a\u003e with Ricky Gardiner, Alex Hutter, and Katie Lefevre.\u003c/li\u003e\u003cli\u003eHugo Chargois demonstrates how to \u003ca href=\"https://medium.com/synthesio-engineering/how-we-reclaimed-100-tb-of-storage-with-a-single-elasticsearch-api-call-c563387ae7fb\" target=\"_blank\"\u003ereclaim 100 TB+ of storage\u003c/a\u003e with better tuned Elasticsearch mappings.\u003c/li\u003e\u003cli\u003eGet an overview of \u003ca href=\"https://lazypro.medium.com/elasticsearch-index-lifecycle-management-in-a-nutshell-278072a9aab6\" target=\"_blank\"\u003eElasticsearch’s Index Lifecycle Management\u003c/a\u003e from Chunting Wu.\u003c/li\u003e\u003cli\u003eSagar Gangurde explains \u003ca href=\"https://medium.com/bigdata-blog/how-to-use-elasticsearch-as-vector-database-5f1768f7d46a\" target=\"_blank\"\u003ehow to use Elasticsearch as a vector database\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs7b74b26c9c96247a"}}},{"title_text":{"title_text":[{"title_l10n":"Upcoming events and meetups","_metadata":{"uid":"cs4e47dab5d9713863"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cse733a06e918cfc40"}}},{"title_text":{"title_text":[{"title_l10n":"Americas","_metadata":{"uid":"cs4af7710e1eb1160c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-united-states-and-canada-virtual/events/300034648/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eVirtual Meetup:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Aggregations, the Elasticsearch Group By — May 15\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-silicon-valley-user-group/events/300190108/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Silicon Valley:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e OTel Collector for log collection + Elasticsearch in the United States House — May 15\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/lancaster-elastic-user-group/events/pnqvjtygchbtb/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Lancaster:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Monthly Meetup — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/goiania-elastic-fantastics/events/300658181/?isFirstPublish=true\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Goiânia:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Esquenta para o Cloud Summit Cerrado 2024 — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.cloudsummitcerrado.com.br/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud Summit Cerrado 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Goiânia — \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMay 15–16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://us.pycon.org/2024/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ePyCon US\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e, Pittsburgh — \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMay 15–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://devopsdays.org/events/2024-sao-paulo/welcome/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eDevOpsDays São Paulo 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e May 18\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-seattle-user-group/events/300613417/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Seattle:\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e Streamlining Generative AI with Elastic \u0026amp; Azure's OpenAI Integration \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 20\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-dallas-user-group/events/300615326/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Dallas:\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e do MORE with stateLESS —\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e May 21\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://build.microsoft.com/en-US/home\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft Build: How will AI shape your future?\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eSeattle and online — May 21–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-austin-user-group/events/300478141/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Austin:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePutting Insights into Motion with Elastic \u0026amp; Tines + do MORE with stateLESS \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 22\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-st-louis-user-group/events/300034564/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in St. Louis:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Transforming Underutilized Media Assets into Valuable Resources\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 23\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://devopsdays.org/events/2024-montreal/welcome/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eDevOpsDays Montréal\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e — May 27-28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/belo-horizonte-elastic-fantastics/events/300787918/?isFirstPublish=true\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Belo Horizonte\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: 2° Meetup Elastic \u0026amp; Dito em BH — May 28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-quebec-city-user-group/events/300596644/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Québec\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: GenAI à travers la sécurité et l'observabilité — May 30\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.opensourcenorth.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eOpen Source North\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e, Minnesota — June 5\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/minneapolis-elastic-user-group/events/300353306\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Minneapolis:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Elasticsearch \u0026amp; GitLab's AI-Powered DevSecOps Platform — June 6\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-cleveland-user-group/events/300437771/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWorkshop in Pennsylvania\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: Elastic \u0026amp; Federal Resources Corporation: Elastic Security Analyst Workshop — June 6\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-silicon-valley-user-group/events/300578728/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Silicon Valley:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Better Together: Elasticsearch and the Dremio Lakehouse — June 6\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscbabe71e5e9ab2a1"}}},{"title_text":{"title_text":[{"title_l10n":"Europe, Middle East, and Africa","_metadata":{"uid":"cs320a2a34097cc43e"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://2024.europe.jcon.one\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJCON Europe\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Cologne — May 13–16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-portugal/events/300448282\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Lisbon\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Optimize Your Operations with PagerDuty Elastic Integration with Elastic and PagerDuty\u0026nbsp; — May 14\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-switzerland/events/299954908/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Zurich:\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Scaling Threat Detection for Migros with Efficient Network Flow Data Storage — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://2024.geecon.org\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGeecon 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Krakow — May 15–17\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://lu.ma/mlops-london-may-16\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMLOps Community London\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: — May 16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://2024.phpday.it\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePHPday 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Verona — May 16–17\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/alpesjug/events/299609510/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlpes JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Meylan —\u0026nbsp; May 14\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://genevajug.ch/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGeneva JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/lyonjug/events/300674391/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLyon JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.eventbrite.fr/e/billets-tadx-elasticsearch-query-language-esql-898049850277\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTADx\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elasticsearch Query Language: ES|QL, Tours (FR) — May 21\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://community.codemotion.com/codemotion-espana/meetups/codemotion-conference-madrid\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCodemotion Madrid\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 21–22\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://brussels.voxxeddays.com\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVoxxed Days Brussels\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 21–22\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://infoshare.pl\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInfoshare 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Gdańsk\u0026nbsp; — May 22–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.meetup.com/goteborg-elastic-fantastics/events/300284109\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Göteborg\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Exploring Vector Search \u0026amp; AI Ops in Elastic Observability — May 23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-nl/events/300284428/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Amsterdam\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic \u0026amp; AWS — May 23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elasticsearch-bulgaria-user-group/events/299653357/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Sofia:\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Vector Search \u0026amp; ES|QL @ FFW — May 28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://jprime.io/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJPrime\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Sofia — May 28–29\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/helsinki-elastic-fantastics/events/300467308/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Helsinki\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elasticsearch Piped Query Language (ES|QL) with Elastic and Nordicmind — May 30\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://coter-numerique.org/congres-2024/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCoTeR numériqu\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, La Rochelle — June 4–5\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/morning-talks/events/299907521/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI and Elasticsearch: Entering a New Era with Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Prague — June 5\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-belgium-user-group/events/300858722\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Brussels\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: GenAI with Elastic and Microsoft — June 6\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003ca href=\"https://devfest.gdglille.org/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevFest Lille\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — June 6–7\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs58521f0d616c2113"}}},{"title_text":{"title_text":[{"title_l10n":"Asia-Pacific","_metadata":{"uid":"cs15beec6af5457b04"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.meetup.com/Mumbai-Elastic-Fantastics/events/300724013\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Mumbai\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic Observability Day — May 18\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003ca href=\"https://elastic.huodongxing.com/event/4752749041100?qd=8839540364256\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Shanghai\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: Elasticsearch new piped query language (ES|QL) — May 25\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJoin your local \u003c/span\u003e\u003ca href=\"http://meetup.com/pro/elastic/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic meetup group\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for the latest news on upcoming events. If you’re interested in presenting at a meetup, send an email to \u003c/span\u003e\u003ca href=\"mailto:meetups@elastic.co\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emeetups@elastic.co\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcbc5155c4eee868"}}}],"publish_date":"2024-05-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Community","label_l10n":"Community","keyword":"community","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt9c74c5bb18c95a80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-07-14T13:45:14.579Z","updated_at":"2020-07-14T13:45:14.579Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-07-14T13:45:14.579Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-13T15:01:07.164Z","user":"bltc87e8bcd2aefc255"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt696883955f9c5c66","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-04-18T15:45:26.219Z","created_by":"blt96ac6007eba0a223","file_size":"154834","filename":"community-blog-series-04_(1)_(1).png","parent_uid":null,"tags":[],"title":"community-blog-series-04_(1)_(1).png","updated_at":"2024-04-18T15:45:26.219Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2024-04-19T07:38:52.718Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt696883955f9c5c66/66214016b8b5ce078fdbef6e/community-blog-series-04_(1)_(1).png"},"title":"DevRel newsletter — May 10, 2024","title_l10n":"DevRel newsletter — May 10, 2024","updated_at":"2025-01-21T18:34:00.991Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/devrel-newsletter-may-10-2024","publish_details":{"time":"2025-01-21T18:34:04.719Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9c54c72d0fade9a3","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt469efe6417174bf5"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-21T16:56:12.160Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaa0b53b86ffe3ef7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVersion 8.17.1 of the Elastic Stack was released today. We recommend you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to this latest version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We recommend 8.17.1 over the previous version 8.17.0.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.17/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse3bc2e15c7a02055"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.17.1 released","title_l10n":"Elastic Stack 8.17.1 released","updated_at":"2025-01-21T16:57:08.052Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-17-1-released","publish_details":{"time":"2025-01-21T17:06:49.148Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt583875f91d5b120c","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt469efe6417174bf5"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-21T16:53:30.596Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVersion 8.16.3 of the Elastic Stack was released today. We recommend you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to this latest version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We recommend 8.16.3 over the previous version 8.16.2.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs34d4273f8daab25d"}}],"_metadata":{"uid":"cs00de9eb1e4491b11"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.16.3 released","title_l10n":"Elastic Stack 8.16.3 released","updated_at":"2025-01-21T16:53:30.596Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-3-released","publish_details":{"time":"2025-01-21T17:07:00.209Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltac740155cb532e03","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Platform 8.14 includes ES|QL GA, the use of AI for pattern recognition in logs, API key based security model for remote clusters, encryption at rest with KMS keys, retrievers, several vector optimizations, and vector quantization by default.","author":["bltb072e15a3a1f5460","bltd5cf63a83ace2eb7","bltd40b1c822e24d3a9","blt80b226b35f93d8c4","blt66fc5c9958656092","blt175bbd896586795b","bltccf9c2c3a662296d"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-05-30T17:48:44.251Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs915819442c878d4b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Platform 8.14 delivers the general availability (GA) of Elasticsearch Query Language (ES|QL) — the future of data exploration and manipulation in Elastic. It also includes the GA release of several other new features: Logstash on ECK, API key-based security model for remote clusters, AIOps log pattern analysis, built-in data stream lifecycle settings for retention and downsampling, dashboard links panels, and more. Also with 8.14, the Elastic Cloud platform makes encryption of data and snapshots at rest using customer-managed keys from AWS Key Management Service (AWS KMS) generally available.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn the relevance ranking front, Elasticsearch 8.14 introduces optimizations to vector search for improved performance, makes scalar quantization of vectors the default option, and introduces the concept of retrievers to simplify queries and allow more flexibility in query construction.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese new features allow customers to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCompose powerful queries to expose data insights in new ways\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieve regulatory compliance and enhanced security with encryption at rest using their AWS KMS keys\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEasily manage retention and downsampling for time series data using data streams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatically manage Logstash pods in Kubernetes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFind patterns in unstructured log messages to quicken RCA and reduce MTTR\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic 8.14 is \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-7-13-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003eavailable now on Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\"\u003e\u003cspan style='font-size: 12pt;'\u003edownload the Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and our cloud orchestration products — Elastic Cloud Enterprise and Elastic Cloud for Kubernetes — for a self-managed experience.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic’s piped query language, ES|QL, is now generally available","_metadata":{"uid":"csdf45bbbcf1120c93"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL offers a streamlined way to filter, transform, and analyze data in Elasticsearch. Its intuitive design, utilizing \"pipes\" (|) for step-by-step data exploration, enables you to easily compose powerful queries for detailed analysis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhether you're a developer, SRE, or security analyst, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/esql-piped-query-language-goes-ga\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL empowers you\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to uncover specific events, perform robust statistical analyses, and create compelling visualizations. As we move from technical preview to general availability, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/esql-elasticsearch-piped-query-language\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ediscover the enhanced capabilities of ES|QL\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and elevate your data operations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL enables complex multi-step analysis to be performed all in one query. This could be things that would have taken huge search queries before, or might not have even been possible in a search.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor example, this query identifies hosts that have the highest number of outbound connections:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbd777e1382ad5901"}}},{"code":{"code":"FROM logs-*\n| WHERE NOT CIDR_MATCH(destination.ip, \"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\")\n| STATS destcount = COUNT(destination.ip) BY user.name, host.name\n| ENRICH ldap_lookup_new ON user.name\n| WHERE group.name IS NOT NULL\n| EVAL follow_up = CASE(destcount \u003e= 100, \"true\",\"false\")\n| SORT destcount DESC\n| KEEP destcount, host.name, user.name, group.name, follow_up","_metadata":{"uid":"cs3ab53f6c855a90e7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2c29b577284befaa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNote how this query includes not only filters and aggregations, but a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-case\"\u003e\u003cspan style='font-size: 12pt;'\u003eCASE\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e statement and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-enrich-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eenriching\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e based on a lookup into an enrich policy - previously only possible within ingest pipelines.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWant more ES|QL?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eIf you don’t have your own environment you can also try ES|QL with some sample data instantly in our \u003c/span\u003e\u003ca href=\"http://esql.demo.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL Demo environment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eHead over to Search Labs for a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/esql-piped-query-language-goes-ga\"\u003e\u003cspan style='font-size: 12pt;'\u003ecomprehensive overview of E|QL features and future plans\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Encrypt data and snapshots at rest with customer-managed keys","_metadata":{"uid":"cs9d27b4c096b607c6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eElastic Cloud now supports \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-encrypt-with-cmek.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegration with AWS KMS\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e, enabling the use of customer-managed keys for \u003c/span\u003e\u003ca href=\"http://www.elastic.co/blog/encryption-at-rest-elastic-cloud-enterprise-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eencrypting deployment data and snapshots at rest\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e. With this feature, customers can:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eLeverage filesystem-level encryption for deployment data at rest using their own AWS KMS keys.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eEmploy the AWS-native mechanism for snapshot encryption in S3.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eRotate their keys used in Elastic Cloud, providing an additional security measure to prevent key compromise. This can be done manually directly from AWS KMS or automatically from Elastic Cloud.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eRevoke their keys used in Elastic Cloud, serving as a break-glass operation in case of emergency with the ability to revert the action. This can be done directly from AWS KMS.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eThis addition expands the existing encryption at rest capability with Elastic-managed keys. The primary benefits of using customer-managed keys include regulatory compliance and reduction of risks associated with data storage.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Retrievers (standard, kNN, and RRF)","_metadata":{"uid":"cs46348b6d7ece6186"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/retriever.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetrievers\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are a new type of abstraction in the _search API that describes how to retrieve a set of top documents. Retrievers are designed to be nested in a tree structure so that any retriever can have child retrievers. Retrievers are a standard, more general and simpler API that replaces other various _search elements like kNN and query. In 8.14 we introduce support for three types of retrievers:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStandard — providing standard query functionality\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekNN — enabling HNSW-based dense vector search\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/rrf.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRRF\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — merging various dense and sparse vector-ranking result set into a single blended and ranked result set using the reciprocal rank fusion algorithm\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere are two main benefits to the retrievers approach:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetrievers are all structured in the same way, so they are easier to learn, write, and maintain.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBeing designed to be combined together in a tree structure provides more flexibility to design queries that could not be defined before — for example, not having kNN or RRF as a top-level element.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe introduction of retrievers is yet another step in our move to simplify the use of search in general and of vector search in particular. This theme includes enhancements like \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/99445\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eautomatic vector normalization for a more performant cosine similarity\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the introduction of RRF so that there is no need for tuning to achieve a high-quality blended set. We continue to invest heavily in that and plan to introduce relevance ranking through our new ES|QL language in the future.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d7d02e2054df139"}}},{"image":{"image":{"uid":"blt6edf5ac4b2264ed6","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:25.533Z","updated_at":"2024-05-30T18:01:25.533Z","content_type":"image/png","file_size":"102143","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.066Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6edf5ac4b2264ed6/6658bef528642a108c4373eb/1.png"},"_metadata":{"uid":"cse905c78a21bebe9c"},"caption_l10n":"","alt_text_l10n":"1 - code snippet","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6aa60e2e4df01a58"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSee \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/retro-relevance-balancing-keyword-semantic-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethis blog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for additional examples for the use of RRF with retrievers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector distance function optimized with SIMD (Neon) for int8 vectors","_metadata":{"uid":"cscff96ac0cef91c62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch now uses native code for vector comparison using SIMD (Neon) for improved performance on ARM AArch64 architecture processors. The details of this enhancement are discussed in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vector-similarity-computations-ludicrous-speed\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eVector Similarity Computations - ludicrous speed\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The bottom line is that segment merging of int8 vectors has become several times faster than it was on these processors (typically 3\u003c/span\u003e\u003cspan style=\"color: rgb(33, 33, 33);font-size: 12pt;\"\u003e–\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e6 times faster). This improvement frees up resources for other tasks and speeds up the segment size optimization process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis is yet another step in a series of vector similarity performance improvements. In the future, we intend to use this kind of optimization in other contexts, such as improving query latency.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Int8 quantization by default for dense vector fields","_metadata":{"uid":"cs261f80d03f02444f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany models produce vectors with float32 elements. However, when examining real-life scenarios, it quickly becomes apparent that int8 elements provide a better compromise with a significantly smaller index (lower cost), improved ingest performance, and improved query latency. All of that is achieved with hardly any impact on ranking quality. The little impact that can sometimes be spotted in ranking quality metrics, such as NDCG or recall, can be easily mitigated by increasing the number of candidates that are being considered. But even without that, the change is typically not noticeable for end users, nor from a business perspective.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith that in mind, we \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-12-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eintroduced scalar quantization to int8 in 8.12\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. After examining the production use of this functionality, we decided to make it the default behavior for new indices. Providing sensible defaults like that makes it easier for users that make their first steps toward vector search.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"General availability of Logstash on ECK","_metadata":{"uid":"cs0c52224b26c3b468"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogstash on ECK is now the easiest way to install and manage Logstash deployments and offers seamless operation with the management of other Elastic Stack components. With just a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/logstash-eck-technical-preview\"\u003e\u003cspan style='font-size: 12pt;'\u003efew lines of code\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, users can deploy and configure Logstash pods on Kubernetes. Existing Logstash pipeline definitions just work when Logstash is deployed on ECK, making it easy for users to take advantage of the flexibility and scalability of Kubernetes. Logstash on ECK is available under Elastic’s Basic and Enterprise licenses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"API key-based security model for remote clusters is now GA","_metadata":{"uid":"csc9b5b9303f822041"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRemote cluster connections are the foundation of all \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/modules-cross-cluster-search.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCCS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/xpack-ccr.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCCR\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e operations: they must ensure high-grade security while staying flexible and easy to use for users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters-api-key.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAPI key-based security model\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, administrators can grant fine-grained access to their data and cover modern scenarios that don’t reflect the assumptions of the previous model.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn a modern world, remote clusters are often not fully trusted and administrators need to have full control over their data and who can access them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe new security model introduces two key assumptions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe trust relationship is unidirectional:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e If ClusterA configured ClusterB as its remote, ClusterB cannot automatically “call back” ClusterA.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRemote administrators are not trusted by design:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The remote cluster holding data can restrict access to just a given subset of its indices, and no one — including superusers on the other cluster — can access anything else.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe core of the authentication and authorization flow are cross-cluster API keys — a new dedicated type that is scoped for this specific task only. API keys can be created via Elasticsearch API or using Kibana, and they define CCS and CCR indices in the same way we’re used to. They can also be easily updated in case requirements change over time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs52158ad2139fee2e"}}},{"image":{"image":{"uid":"blt3e4d7ab877dce33b","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:31.468Z","updated_at":"2024-05-30T18:01:31.468Z","content_type":"image/png","file_size":"181636","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.012Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e4d7ab877dce33b/6658befb73e8305c0b3145eb/2.png"},"_metadata":{"uid":"csa34f8abada762c79"},"caption_l10n":"","alt_text_l10n":"2 - create API key","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2806bd2257bb821"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe API key-based security model \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eis now GA\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Elasticsearch 8.14, and it can be used on Elastic Cloud, Elastic Cloud Enterprise, and standalone deployments. This is now our recommended option for all remote clusters that support it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"AIOps log pattern analysis is generally available","_metadata":{"uid":"cs25c2552551312a07"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.14, log pattern analysis becomes GA. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/run-pattern-analysis-discover.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLog pattern analysis\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e enables faster and smarter investigation across thousands of log messages in order to analyze, troubleshoot, and identify the root cause of an incident. Combine it with anomaly detection and our other AIOps features to drastically reduce the MTTR.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7a3b3674f17d7c33"}}},{"image":{"image":{"uid":"bltfb0021e13d721764","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:36.992Z","updated_at":"2024-05-30T18:01:36.992Z","content_type":"image/png","file_size":"443893","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.023Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb0021e13d721764/6658bf01bee7ba773abcde6d/3.png"},"_metadata":{"uid":"cs2984717dcd47b283"},"caption_l10n":"","alt_text_l10n":"3 - pattern analysis of message","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Data stream lifecycle settings now GA","_metadata":{"uid":"cs59cecf2ff6d9dd7a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.11, we \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-11-0#introducing-data-stream-lifecycle-(tech-preview)\"\u003e\u003cspan style='font-size: 12pt;'\u003eintroduced\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e new lifecycle settings built-in to data streams as an easy, new way to configure retention or downsampling without needing to use index lifecycle management (ILM). This new lifecycle capability in data streams also takes care of housekeeping for you, managing rollover and force merging automatically. And now it’s GA in 8.14.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s really easy to use. You can set the retention for a data stream in Kibana’s Index Management page under Data Streams:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5549af2476affbbe"}}},{"image":{"image":{"uid":"blt4665f5cd27fe5f17","_version":1,"title":"4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:43.406Z","updated_at":"2024-05-30T18:01:43.406Z","content_type":"image/png","file_size":"61956","filename":"4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.000Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4665f5cd27fe5f17/6658bf07e4a7321dee978e9f/4.png"},"_metadata":{"uid":"cs5ca2793065eb66f1"},"caption_l10n":"","alt_text_l10n":"4 - edit data retention","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa2cffa5689632c44"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eOr via the _data_stream API:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf6ce7d8827c2677"}}},{"code":{"code":"PUT _data_stream/my-data-stream/_lifecycle \n{\n \"data_retention\": \"90d\"\n}","_metadata":{"uid":"csfff4ee987d82e442"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb98f8680787920ed"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-manage-existing-data-stream.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eupdate an existing data stream\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to use these settings, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-manage-new-data-stream.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ecreate a new data stream using this\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-migrate-data-stream-from-ilm-to-dsl.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emigrate a data stream from ILM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This is also being used automatically by some of the system indices like ilm-history and slm-history.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe lifecycle setting for data streams only works on data streams, not regular indices. It also doesn’t have any support for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-data-lifecycle-management-with-data-tiers\"\u003e\u003cspan style='font-size: 12pt;'\u003emoving data to different tiers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — if you need that, stick with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for now.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat if you start using the lifecycle setting on a data stream for its ease, and then realize you need ILM instead for some advanced functionality like data tiers? We have you covered: data streams can be switched to and from ILM as needed. Just configure ILM, which takes precedence over any data stream lifecycle configuration.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Document comparison mode in Discover and ES|QL","_metadata":{"uid":"csc087f29fd8bca6c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are enabling users to select and compare documents or fields. This functionality will be a game-changer for tasks like debugging, allowing you to perform detailed comparisons, such as diffing SIP messages of a certain ID across multiple documents in Elasticsearch. This will streamline your analysis and troubleshooting processes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csec5d743e1527a50e"}}},{"video":{"vidyard_uuid":"vezKG4zqYrFccatCVnbCaE","_metadata":{"uid":"cs5f4becfea11ec774"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Links panel is GA","_metadata":{"uid":"cs4d532aacf18ae01b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can now easily navigate from one dashboard to another using the links panel. Organize your dashboards better and make them more performant by chunking them in multiple dashboards with fewer visualizations and linking them together. You can carry over your filters, query, and time range when navigating to other related dashboards. Display your links horizontally or vertically as it better suits your dashboard layout. You can also use the links panel to include external links in your dashboards like to your wiki page or other applications. And decide whether you want to open the links in the same browser tab or in a new one.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0c69d00f2aa67488"}}},{"video":{"vidyard_uuid":"WQSDeZazNFd27rHob7LTcf","_metadata":{"uid":"cs0f2eaa1ddca1d5de"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Region map goes GA","_metadata":{"uid":"cs90009686126e27cd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsers don’t need to navigate the complexity of the Elastic Maps app (meant to be used by more advanced geo users) to build a simple map. They can now do it easily from the Lens editor.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ddfb77f67388043"}}},{"image":{"image":{"uid":"blt79449003d56ed925","_version":1,"title":"5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:53.669Z","updated_at":"2024-05-30T18:01:53.669Z","content_type":"image/png","file_size":"503824","filename":"5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.034Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt79449003d56ed925/6658bf11b4796f71a0a2f2a7/5.png"},"_metadata":{"uid":"cs9b03904db11d9d11"},"caption_l10n":"","alt_text_l10n":"5 - Region map goes GA","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":" New Spanish plural stemmer","_metadata":{"uid":"csf67fbc63eba10f45"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.14, we are adding support for a Spanish stemmer in addition to the Spanish stemmer we already offer and will continue to support. This new stemmer transforms plural to singular but does not alter gender, so it is suitable for particular use cases.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Use MaxMind Enterprise and Anonymous IP files with ingest GeoIP processors","_metadata":{"uid":"cs563f1e22da839491"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur customers rely on GeoIP enrichment to help them locate customer problems, screen transactions for fraud, identify security threats and suspicious activity, and more. You can use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/geoip-processor.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP enrich ingest processor\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to add information about the location of an IP address to an incoming document, such as a log entry or security event. We automatically download the latest free \u003c/span\u003e\u003ca href=\"https://dev.maxmind.com/geoip/geolite2-free-geolocation-data\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMaxMind GeoLite2 databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to ensure they are up to date (as required by MaxMind’s EULA) and distribute them throughout the cluster to be used by ingest processing.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis is convenient and satisfies many customers and use cases. However, some enterprises need the additional accuracy and fields that are offered by the paid GeoIP files, such as the \u003c/span\u003e\u003ca href=\"https://www.maxmind.com/en/solutions/geoip2-enterprise-product-suite/enterprise-database\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP2 Enterprise Database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the \u003c/span\u003e\u003ca href=\"https://www.maxmind.com/en/solutions/geoip2-enterprise-product-suite/anonymous-ip-database\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP2 Anonymous IP Database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This enables them to have more confidence in the decisions they make based on the geolocation data, such as blocking potentially fraudulent transactions or denying access to services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch 8.14 adds support for using those two paid geo databases with the GeoIP ingest processor in technical preview. In 8.14, you will have to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/geoip-processor.html#manage-geoip-database-updates\"\u003e\u003cspan style='font-size: 12pt;'\u003emanage the download and deployment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of the files. We’re working to add automatic downloading of these files to a future release to make it more seamless to keep them updated.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enrich policies can target data streams","_metadata":{"uid":"csf21ed8df18b8dd59"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of enrichment, it’s now easier to use a data stream as the source of reference data for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eenrich policies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Previously, if a data stream was targeted by an enrich policy like the following . . .\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs840bd6a3da870162"}}},{"code":{"code":"PUT /_enrich/policy/my-policy\n{\n \"match\": {\n \"indices\": [\"data_stream\"],\n \"match_field\": \"fieldA\",\n \"enrich_fields\": [\"fieldB\", \"fieldC\"]\n }\n}","_metadata":{"uid":"csad14382526ccfc53"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0435cd68968f9920"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e. . . then an \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindex_not_found_exception\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e error was returned. Elasticsearch 8.14 now supports specifying a data stream as the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindices\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e source, so you can benefit from the time series management features of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edata streams\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and use them for enrichment at the same time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Write to an index after ILM shrink","_metadata":{"uid":"cs094dbfde8f756791"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou might be using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-shrink.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM shrink action\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to reduce the number of primary shards in an index once it no longer needs extra-high write parallelism for indexing throughput. A source index must be read only during the shrink processing, so ILM sets them to read-only. Historically, ILM would also leave the new (shrunken) index read-only, blocking writes.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe heard from users who need to be able to write to the shrunken index as updates arrive for older documents, so we added an option (\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eallow_write_after_shrink\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e) to remove the write block after shrinking. For backward compatibility, this configuration parameter defaults to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efalse\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, thus keeping the target index read-only.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"User information in the slow log","_metadata":{"uid":"cs6a77e9e835c597e1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/index-modules-slowlog.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eslow log\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is one of the main troubleshooting resources to identify and fix problematic queries that don’t perform well and that may affect the entire system. One of the main hurdles was to identify the user that performed the query since it’s not always clear to figure it out looking at the query itself.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elasticsearch 8.14, it’s now possible to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/index-modules-slowlog.html#_identifying_search_slow_log_origin\"\u003e\u003cspan style='font-size: 12pt;'\u003etrack the calling user information\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e directly in the slow log so that administrators can solve problems more efficiently.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can enable it for both index and search log entries by calling the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/indices-update-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eUpdate index settings API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4877b81c7a6fe9c9"}}},{"code":{"code":"PUT /my-index-000001/_settings\n{\n \"index.indexing.slowlog.include.user\": true,\n \"index.search.slowlog.include.user\": true\n}","_metadata":{"uid":"csd857eed69570c233"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs80f86ff75dba7581"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter that, the output will report user information:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs584146eb3a6a9cc7"}}},{"code":{"code":"…\n \"auth.type\": \"REALM\",\n \"auth.name\": \"elastic\",\n \"auth.realm\": \"reserved\"\n…","_metadata":{"uid":"cs2b96c9afa5280942"}}},{"title_text":{"title_text":[{"title_l10n":"Try it out","_metadata":{"uid":"csc1f645097fcba573"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead about these capabilities and more i\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003en the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erelease notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Not taking advantage of Elastic on cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7e24f1feb5b2adfe"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs901ad4a9b45b8adb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa372174167c68e3a"}}}],"publish_date":"2024-06-05","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Platform 8.14: ES|QL GA, encryption at rest \u0026 vector search optimizations","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt51b1e697c0c14e97","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-01-11T17:28:41.590Z","updated_at":"2024-01-11T17:28:41.590Z","content_type":"image/jpeg","file_size":"160216","filename":"platform-release-blog.jpg","title":"platform-release-blog.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-01-17T19:00:25.386Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt51b1e697c0c14e97/65a02549d6cafb1e25f75010/platform-release-blog.jpg"},"title":"Elastic Platform 8.14: ES|QL GA, encryption at rest, and vector search optimizations","title_l10n":"Elastic Platform 8.14: ES|QL GA, encryption at rest, and vector search optimizations","updated_at":"2025-01-17T22:05:20.982Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/whats-new-elasticsearch-platform-8-14-0","publish_details":{"time":"2025-01-17T22:05:27.366Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt85800e7ffc9d81e6","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"We are excited to announce the launch of Elastic's Support Assistant. This blog takes you through a tour of our latest generative AI tool and some common scenarios where it can help with your own use of Elastic technology. ","author":["blt57f0334083eb9790","blt99432b7452d0b36f"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-04T14:46:01.173Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs809b5451c07cc829"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are excited to announce the launch of Elastic's Support Assistant. This blog takes you through a tour of our latest generative AI tool and some common scenarios where it can help with your own use of Elastic technology.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Support Assistant is now available on the Support Hub ","_metadata":{"uid":"cse70cfbb8e3340fd5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eToday we announce the general availability of the Elastic Support Assistant for all customers and trial users with a support account, accessible through the \u003c/span\u003e\u003ca href=\"https://support.elastic.co\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSupport Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The Support Assistant is a generative AI powered chat experience designed to answer a wide range of product questions across all Elastic products. We have documented the build through a series of technical blogs highlighting interesting steps along the way. Read more:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 1: Building our proof of concept\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 2: Building a Knowledge Library\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 3: Designing a chat interface for chatbots... for humans\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elser-rag-search-for-relevance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 4: Tuning RAG Search For Relevance\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Overview: AI Assistants at Elastic","_metadata":{"uid":"csf8da4795024d62b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJust as generative AI has moved faster than anyone could have expected, Elastic has moved fast and developed assistants aimed at solving different use cases for our customers. Here is a quick overview of the assistants that are available to customers today:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/observability/current/obs-ai-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eObservability AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProvides insights and chat support for observability data analysis and issue remediation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegrates with external AI models for contextual assistance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRequires an Enterprise subscription and Elastic Stack 8.9 or later\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAids in cybersecurity tasks like alert investigation and incident response\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUses generative AI to interact and generate queries in natural language\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRequires an Enterprise subscription and is available from Elastic Stack 8.8.1 onward\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport Assistant (this product launch)\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChat experience providing general support across all Elastic products, informed by all of our available context (product documentation, blogs, Knowledge Base, etc.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUses generative AI and a retrieval augmented architecture to summarize content to answer specific questions\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNot dependent on deployment version or subscription level\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"How to access the Support Assistant","_metadata":{"uid":"csec62f9a095f1676d"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cs6e0b72e513322f3b"}}},{"video":{"vidyard_uuid":"LtopfhYfiJgK3DHSw8XxGm","_metadata":{"uid":"cs2c5e3c1f2778d842"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf809ee9d2f7e4279"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Support Assistant is now available in the \u003c/span\u003e\u003ca href=\"https://support.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003eSupport Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for all Elastic customers with either a trial or an active subscription. Once logged in, the Support Assistant can be found in the lower right corner. From there, you can start your first conversation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is designed to help with technical insights into Elastic technology and has access to the entirety of Elastic’s blogs, product docs for 114 major/minor versions of Elastic, technical support articles, and onboarding guides. While it does not have access to any deployment health information or your data, the Support Assistant is deeply knowledgeable about Elastic across a wide span of use cases. Over 200 of our own Elasticians use it daily, and we’re excited to expand use to Elastic customers as well.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Ways to leverage the Support Assistant for your deployments","_metadata":{"uid":"cs465a46af6b662511"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is designed to enhance our customers' Elastic technical product knowledge, and its accuracy is continually being refined. However, as with all AI tools, users should exercise caution, as responses may vary. It is recommended to verify the information provided with source documentation to ensure accuracy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Troubleshooting configurations\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you encounter issues during deployment or configuration, the Support Assistant can provide guidance tailored to the specific versions of Elastic that you explicitly mention. For example, if you're setting up a new 8.14 cluster and run into errors, the Assistant can help diagnose the problem by cross-referencing your issue with related documentation and known issues from the Elastic product docs and knowledge base.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis can be particularly helpful when you aren’t sure where to find a specific error. Instead of searching the Kibana docs for an error that is actually for Elasticsearch, the Assistant can save time by figuring out the appropriate context for you.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Performance tuning\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eYou can query the Support Assistant for best practices on optimizing the performance of your Elasticsearch clusters. Whether you're dealing with slow queries or need advice on resource allocation, the Assistant can suggest configuration changes, shard management strategies, and other performance-enhancing techniques based on your deployment's specifics.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Upgrades\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePlanning to upgrade to a newer version of Elastic? The Support Assistant can find the needed steps to guide you through the upgrade process, highlighting potential breaking changes and offering recommendations for a smoother experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Security and compliance\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Assistant can offer guidance on securing your Elastic deployment, from setting up \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.15/authorization.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erole-based access control\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (RBAC) to configuring \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/security-settings.html#ssl-tls-settings\"\u003e\u003cspan style='font-size: 12pt;'\u003eencryption\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/auditing.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eaudit logging\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For customers in regulated industries, it can also provide information on how Elastic's security features align with compliance requirements like GDPR or HIPAA.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e5. Monitoring and alerting\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant can help with providing steps for setting up monitoring for your deployment. Whether you need to configure Kibana dashboards or set up alerting for specific events, the Assistant can walk you through the necessary steps, ensuring your deployment remains healthy and issues are flagged promptly.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you’re up and running with your monitoring and alerting, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/observability/8.15/obs-ai-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eObservability AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help to answer any questions you have about the data you collect.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e6. Custom use cases and integrations\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you're looking to extend Elastic's capabilities by integrating it with other tools or building custom applications, the Support Assistant can provide code snippets, integration guides, and examples relevant to your specific needs. It can help you troubleshoot issues with Logstash pipelines, Kibana visualizations, or Beats configurations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What do Elasticians ask the Support Assistant?","_metadata":{"uid":"cs6563a2c8dd674020"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur internal teams rely on the Support Assistant in their daily workflows. Here are a few examples they found useful, which might offer ideas on how you can make use of it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Synthesizing answers across multiple documents","_metadata":{"uid":"cs31053b19d2c3e8c9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuestion:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Explain the difference between query_string and query terms in Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupport Assistant’s answer:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8e9d177ffb5f69f1"}}},{"code":{"code":"In Elasticsearch, `query_string` and `terms` queries serve different purposes and have distinct behaviors:\n\n1. `query_string` Query:\nThe `query_string` query is a powerful query that allows you to execute complex searches using a query string syntax. It can parse and split the provided query string based on operators such as AND, OR, NOT, and more. The `query_string` query supports field-specific queries, wildcards, regular expressions, fuzziness, proximity searches, and range queries. It is very flexible but also strict; if the query string contains any invalid syntax, it will return an error. Due to its complexity and strictness, it is not recommended for direct use in search boxes where users can enter free-form text.\nHere is an example of a `query_string` query:\n```json\nGET /_search\n{\n \"query\": {\n \"query_string\": {\n \"query\": \"(new york city) OR (big apple)\",\n \"default_field\": \"content\"\n }\n }\n}\n```\n2. `terms` Query:\nThe `terms` query is used for filtering documents based on an exact match with one or more values specified in an array. It is much simpler than the `query_string` query and is used for structured searches where you know the exact values to look for. The `terms` query does not analyze the search terms, so it will look for exact matches in the inverted index. It is commonly used for filtering on keyword fields, IDs, tags, and other structured data.\nHere is an example of a `terms` query:\n```json\nGET /_search\n{\n \"query\": {\n \"terms\": {\n \"user.id\": [\"kimchy\", \"elkbee\"]\n }\n }\n}\n```\nIn summary, the `query_string` query is used for complex, full-text searches with a rich query syntax, while the `terms` query is used for simple, exact-match filtering on specific values. The choice between the two depends on the use case and the nature of the search you want to perform.\n\nReferences:\n- [Query string query](https://www.elastic.co/guide/en/elasticsearch/reference/8.14/query-dsl-query-string-query.html)\n- [Terms query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-query.html) (not directly provided in the context, but relevant for the explanation)","_metadata":{"uid":"csf20ee32db7b696ce"}}},{"title_text":{"title_text":[{"title_l10n":"Step-by-step help","_metadata":{"uid":"cs73d635ec51952a36"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuestion: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eHow can I list tasks running when high CPU is seen in the Kibana stack monitoring metrics view?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupport Assistant’s answer:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs030476822bc7b7cc"}}},{"code":{"code":"To list tasks running when high CPU usage is detected in the Kibana Stack Monitoring metrics view, you would typically follow these steps:\n1. **Access Kibana**: Open Kibana in your web browser and log in if necessary.\n2. **Navigate to Stack Monitoring**: Click on the \"Stack Monitoring\" link in the main menu to access the monitoring features of your Elastic Stack.\n3. **Identify the Node with High CPU Usage**: In the Stack Monitoring section, you should be able to see an overview of your Elasticsearch cluster, including CPU usage metrics. Identify the node or nodes that are experiencing high CPU usage.\n4. **View Node Details**: Click on the node with high CPU usage to get more detailed metrics. This will take you to a page with more in-depth information about that particular node.\n5. **Access the Elasticsearch API**: To list the tasks running on the node, you will need to use the Elasticsearch `_tasks` API. You can do this directly through the Dev Tools console in Kibana or by using a tool like `curl`.\n6. **Use the `_tasks` API**: In the Dev Tools console, you can run the following command to list the tasks on the node with high CPU usage:\n ```\n GET /_tasks?nodes=\u003cnode_id\u003e\u0026detailed=true\u0026actions=*search*\n ```\n Replace `\u003cnode_id\u003e` with the actual ID of the node you're investigating. This command will list all the detailed tasks related to search actions, which are often a common cause of high CPU usage. You can adjust the `actions` parameter to filter for different types of tasks if necessary.\n7. **Analyze the Task List**: The output will show you a list of tasks currently running on the node, including their IDs, types, start times, running times, and other relevant information. This can help you identify which tasks are consuming the most CPU resources.\n8. **Take Action**: Depending on what you find, you may need to optimize your queries, scale your cluster, or take other actions to address the high CPU usage.\nPlease note that the `_tasks` API can provide a lot of information, and you might need to filter the results to find the relevant tasks. Additionally, if you have ongoing performance issues, you might want to set up more detailed monitoring or alerting to catch these issues proactively.\nThe context provided does not include specific instructions for listing tasks using the Kibana UI, but the general approach outlined above is how you would typically investigate high CPU usage in an Elasticsearch cluster using Kibana and Elasticsearch APIs.\n\nFor more detailed information on the `_tasks` API, you can refer to the Elasticsearch documentation:\nhttps://www.elastic.co/guide/en/elasticsearch/reference/current/tasks.html","_metadata":{"uid":"cs387f71b62e322403"}}},{"title_text":{"title_text":[{"title_l10n":"Building your own Elastic-powered Support Assistant ","_metadata":{"uid":"cs4add5f4eaa8f1568"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInternal to Elastic, the Field Technology team builds tools for Elastic employees. We use our own technologies heavily and are often customer zero for our Search and Observability solutions. The image below shows our architecture at the time of this release.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs25c0d1e5c3864e95"}}},{"image":{"image":{"uid":"blt579f79c30b074b29","_version":1,"title":"support assistant blog.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-09-04T15:00:41.707Z","updated_at":"2024-09-04T15:00:41.707Z","content_type":"image/png","file_size":"149910","filename":"support_assistant_blog.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-09-04T15:01:52.288Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt579f79c30b074b29/66d876198f798d5c42dfaa84/support_assistant_blog.png"},"_metadata":{"uid":"cscda09e2d1879c0c5"},"caption_l10n":"","alt_text_l10n":"user flowchart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd650344110f247c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith so many architecture and software options available, finding the right approach can be difficult. If you're interested in building a chatbot, our related blog, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/chatbot-tutorial/welcome\"\u003e\u003cspan style='font-size: 12pt;'\u003echatbot-tutorial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, provides a step-by-step guide to help you get started. As documented in this blog series, we found that a RAG architecture powered by Elasticsearch delivered the best results for our users and provided a platform for future generative AI solutions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo fully harness the power of search and drive GenAI innovation across your enterprise, we highly recommend partnering with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/consulting/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Consulting\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Whether you're developing highly personalized ecommerce experiences or implementing interactive chatbots, our consultants have the technical expertise to design and deploy GenAI solutions tailored to your unique business needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Experience the Elastic-powered Support Assistant ","_metadata":{"uid":"cs5fad09769d0a5893"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is the latest enhancement to the \u003c/span\u003e\u003ca href=\"https://support.elastic.co/home\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Support Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, reflecting our ongoing commitment to empowering our customers through self-service knowledge discovery and agent-driven support cases. Accuracy has always been a priority for us, beginning nearly a year ago with our transition to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-support-hub-moves-to-semantic-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and the addition of the Support Assistant is no exception. We will continue to monitor and improve response accuracy over time.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGive the Support Assistant a try and let us know your thoughts — your feedback will shape its future improvements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csad56d7a3a2c8cf1d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5e518b53e6eda27d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6c6510ae3eac0943"}}}],"publish_date":"2024-09-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6b8e22aaf03191f2","_version":1,"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_07 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-09-04T14:45:59.331Z","updated_at":"2024-09-04T14:45:59.331Z","content_type":"image/jpeg","file_size":"33885","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_07_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-09-04T15:01:52.303Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6b8e22aaf03191f2/66d872a7661b34e612b3696a/144760---2nd-Batch-of-10-GAI-blog-header-images_07_(1).jpg"},"title":"GenAI for customer support: Explore the Elastic Support Assistant","title_l10n":"GenAI for customer support: Explore the Elastic Support Assistant","updated_at":"2025-01-17T22:03:30.256Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/generative-ai-customer-support-elastic-support-assistant","publish_details":{"time":"2025-01-17T22:03:36.172Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta39f52d65b4364a8","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Discover the differences and similarities between knowledge graph and vector databases in this comprehensive guide. Explore their definitions and ideal use cases, and make an informed decision on which one to choose.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-04-11T14:11:29.188Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs658553cdfd346e5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBig data management isn’t just about storing as much data as possible. It’s about being able to identify meaningful insights, discover hidden patterns, and make informed decisions. This quest for advanced analytics has been the driving force behind innovations in data modeling and storage solutions, way beyond traditional relational databases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTwo of these innovations are vector databases and graph databases. Both are significant advancements in managing data, providing unique data structures with their own distinct strengths. But you need to have an understanding of how they work and how they are different before you can effectively choose which one is best for your project or goals.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog post will be your guide — outlining how they work, how they’re similar, and how they’re also \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003every\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e different. We’ll explore the contrasting data structures, explore their ideal use cases, and help you to choose between the two of them. To make this easier, we’ve broken it down into a few sections:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector database definition and concepts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are graph databases?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eComparing vector and graph databases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector and graph databases use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChoosing between vector and graph databases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy the end of this article, you’ll have all the information you need to make an informed decision, so you can get the most out of your data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector database definition and concepts","_metadata":{"uid":"csfa9018af1b491012"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInstead of rows and columns, a vector database organizes data as points in a vast, multi-dimensional space. Each point represents a piece of data, and the location reflects its characteristics relative to other pieces of data. Think of it like a universe where every planet is a piece of data, and they’re organized to be closer to similar planets and further away from planets with fewer similarities.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt achieves this by storing the data as high-dimensional vectors, which are numerical representations of the data features. These vectors capture the essence of the data they represent, which is how they can be encoded and organized within the multi-dimensional space. And the closer two points are in the multi-dimensional space, the more similar their underlying data is.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis is why vector databases excel at similarity search. Because the vectors are structured based on similarity, you can quickly identify data points that are closest to your query vector. This makes them ideal for a number of important applications:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eImage and document retrieval:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Find similar images based on content, not just keywords.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePersonalized recommendations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Recommend products or content similar to what a user has interacted with before.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAnomaly detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Identify unusual data points that deviate from the norm, potentially indicating fraud or system errors.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMachine learning:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Efficiently process and analyze high-dimensional data for tasks like text analysis, image classification, and natural language processing.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eWant a more detailed guide? Read \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eWhat is a vector database?\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e for a full walk-through.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What are graph databases?","_metadata":{"uid":"cs506e9fcc65feaef0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlthough they may look similar at a glance, graph databases organize data in an entirely different way. Instead of using rigid tables like a relational database, or organizing the data by similarity like vector databases, they store data in a graph structure. Entities are represented by nodes on the graph, and relationships are represented by edges. Think of it like a mindmap, where each node is a circle representing people, places, or things, and the lines between them (edges) show how they’re connected.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd79528df74cb9edf"}}},{"image":{"image":{"uid":"bltf3f405db5ec62c16","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-11T14:14:12.471Z","updated_at":"2024-04-11T14:14:12.471Z","content_type":"image/png","file_size":"292238","filename":"diagram.png","title":"diagram.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-11T14:23:42.888Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf3f405db5ec62c16/6617f034d742b60520d9d90d/diagram.png"},"_metadata":{"uid":"cs1b66e58fae43c122"},"caption_l10n":"","alt_text_l10n":"1 - Diagram representing graph databases as circles (nodes) spread out, connected by lines (edges) to represent the different relationships","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs514a2270817bffaa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the advantages of this kind of structure is that it’s a more natural representation of complex relationships. This makes it easier to interpret the connections compared to other types of databases. The schema-less structure of graph databases also means you can easily add new nodes and edges as your data grows, making it both flexible and scalable. This makes graph databases ideal for many applications:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReal-time analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Analyze streaming data, predict future outcomes, and optimize dynamic systems in real time with graph databases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMaster data management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Create a unified view of entities, resolve ambiguity, and track entity evolution within a single interconnected graph.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNetwork discovery:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Uncover hidden connections, identify anomalies, and predict cascading failures by analyzing relationships within networks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKnowledge graph construction:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Build intelligent knowledge bases, answer complex questions, and power intelligent applications through interconnected entities and concepts.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Comparing vector and graph databases","_metadata":{"uid":"csfa24a899e4472456"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou should now understand what each type of database is and how it structures data. But it’s also crucial to understand the nuanced differences between vector and graph databases. The easiest way to do this is with a side-by-side comparison:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs76c8d8326e300cd6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector database\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGraph database\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData representation\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eData is structured as points in a vast, multi-dimensional space. Points closer together represent similar content. Ideal for capturing inherent similarities within data itself, regardless of connections or relationships.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eData is structured as a web of interconnected nodes (entities) linked by edges (relationships). Focuses on representing the connections and hierarchies between data points, offering valuable insights into how entities relate to each other.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuerying and retrieval\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eExcel at similarity search, efficiently finding data points similar to a query vector. Ideal for tasks like image/document retrieval, where understanding content similarity is crucial.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ePowerful for navigating relationships and connections. Enable efficient traversal of network structures, perfect for social network analysis, recommendation systems, and exploring knowledge graphs.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance and scalability\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGenerally scales well with large data sets due to optimized similarity search algorithms. However, schema changes might require data re-embeddings, impacting performance.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eHighly flexible due to schema-less nature, allowing for easy data addition and modification. However, complex queries or large networks can strain performance, requiring careful optimization.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Use cases","_metadata":{"uid":"cs26fb08b862fe68d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo better understand the differences between vector and graph databases, let’s compare how each one can be used within the same sector. This not only shows the contrasts but also how they could potentially be used together to achieve great results:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Fraud detection","_metadata":{"uid":"cs6696cb58098e8022"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Identify fraudulent transactions by analyzing transaction patterns and user information. Detect anomalies in spending habits, purchase locations, or device fingerprints based on learned similarity profiles.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Uncover suspicious networks of connected individuals or transactions. Identify fraudulent activity by analyzing relationships between entities involved in potential fraud attempts.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Scientific research","_metadata":{"uid":"cs70df960096a75860"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze complex data structures like protein sequences, gene expressions, or chemical compounds. Compare diverse data sets and identify similarities based on multi-dimensional features, leading to new scientific discoveries.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Model biological pathways or molecular interactions. Explore intricate relationships between entities and visualize complex systems, leading to a deeper understanding of biological processes.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Ecommerce","_metadata":{"uid":"csb1a992aa81050bb4"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze product attributes like images, text descriptions, and technical specifications. Recommend similar products based on content similarity, leading to more relevant and engaging suggestions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Capture user-product interactions like purchases, browsing history, and wish lists. Recommend products based on users' similarities to others with similar taste, creating a more personalized shopping experience.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Media and entertainment","_metadata":{"uid":"cscefde7decc457d1b"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze content features like music genres, article topics, or movie themes. Recommend similar songs, movies, or articles based on inherent content similarity, catering to individual preferences.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Explore user-content relationships like watch history, reading lists, or social media shares. Recommend content based on connections between users with similar interests, fostering engagement and discovery.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Choosing between vector and graph databases","_metadata":{"uid":"cs1f8f7c4f76e57194"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEven with the information we’ve been through in this article, selecting the right database can still be a daunting task. To make this process simpler, here’s a framework you can follow to help you make the best decision to achieve your goal.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 1. Understand your data","_metadata":{"uid":"cs0681227aedf43615"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe first part of this process is to look at the complexity of your data. Is it primarily structured or unstructured? Does it involve intricate relationships or independent entities?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou also need to consider your data volume and how quickly you expect it to grow. Then you need to decide what specific features or attributes define your data points — and whether these are numerical or categorical.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 2. Identify your primary use cases","_metadata":{"uid":"csb818db3fd8294b32"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn simple terms, what insights are you hoping to glean from your data analysis? Are you trying to find similar data points based on content or explore intricate connections between entities? What kind of queries will you be performing frequently?\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 3. Performance and scalability needs","_metadata":{"uid":"cs1e889665df3f52ab"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe third step is to think about how important speed and scalability are to your goal. How critical are real-time responses for your application? How large are your data sets, and how complex are your anticipated queries? You also need to consider your budget constraints and resource limitations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 4. Evaluate the specific advantages of each technology","_metadata":{"uid":"cscd8fa41db15956d7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach of these database types has its own strengths and weaknesses. Vector databases are ideal for similarity search, are efficient with high-dimensional data, and handle large data sets well. Graph databases excel at navigating relationships, are powerful for complex network analysis, and have highly flexible schema.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Unlock the full potential of your data","_metadata":{"uid":"cscf4e58af4f7cfb70"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNavigating the big data landscape demands powerful tools, and vector and graph databases stand as innovative players in this information space. But selecting the right model for your needs can be daunting.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCarefully evaluate the factors above and understand the distinct strengths of each technology. You’ll end up with a list of factors that will inform your decision, helping you choose the right database model to unlock the full potential of your data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What you should do next","_metadata":{"uid":"csd1308aa62de6f58d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhenever you're ready, here are four ways we can help you bring better search experiences to your business:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand see how Elastic can help your business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eTour our solutions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to see how the Elasticsearch Platform works and how our solutions will fit your needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn how vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare this article with someone you know who'd enjoy reading it via email, LinkedIn, Twitter, or Facebook.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs884800be8109c820"}}},{"callout":{"title_l10n":"Explore more data analytics and database resources:","_metadata":{"uid":"cs512f5ef3207faa9b"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore the world's most downloaded vector database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/categories/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElasticsearch Labs: Use Elastic for vector search\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/explore/succeed-with-the-power-of-elastic/strategic-guide-to-putting-your-data-to-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReal-world problems require real-time data: A strategic guide to putting your data to work\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1077b37ad73ca528"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20ee86ce88a5507a"}}}],"publish_date":"2024-04-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blta80f5b054d6a2b37","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-11T14:23:17.644Z","updated_at":"2024-04-11T14:23:17.644Z","content_type":"image/jpeg","file_size":"64460","filename":"Fast_moving_walkway.jpg","title":"Fast_moving_walkway.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-11T14:23:42.902Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta80f5b054d6a2b37/6617f2559df77edb47de3520/Fast_moving_walkway.jpg"},"title":"Vector database vs. graph database: Understanding the differences","title_l10n":"Vector database vs. graph database: Understanding the differences","updated_at":"2025-01-17T19:20:22.797Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/vector-database-vs-graph-database","publish_details":{"time":"2025-01-17T19:22:41.129Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt57569d4353dd5dea","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Explore the different types of vector databases available and discover the key factors to consider when choosing the right one.","author":["blt6705dad0ae6f1419"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-07-15T13:52:58.224Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1c67fece42688cca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe world of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a rapidly evolving field that's transforming the way we manage and search data. Unlike traditional databases, vector databases store and manage data as vectors. This unique approach allows for more precise and relevant searches and allows the use of machine learning in retrieval, making vector databases an invaluable tool.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the volume of data we generate continues to grow, the role of vector databases in data management and search is becoming increasingly important. That's because of the relevancy of results and being able to work with unstructured data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChoosing the right vector database can make a huge difference for your application, but it's not always an easy task. There are many factors to consider, from the database's performance and scalability to its compatibility with your existing systems. This guide aims to help you navigate these considerations and make an informed decision. These are the questions we'll be answering:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow are vector databases different from traditional databases?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat types of vector databases are available?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are the key features?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat factors are important when choosing a vector database?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy the end of this article, you'll have a solid understanding of vector databases and how to choose the right one for your team.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How are vector databases different from traditional databases?","_metadata":{"uid":"cs105520333ee61749"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTraditional databases, such as relational databases, store data with rows and columns inside tables. Each row represents a record, and each column represents a field of that record. This setup works well for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003estructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, but it can be limiting when dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003eunstructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003eVector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, on the other hand, transform this unstructured data into vectors, which are essentially machine learning representations that portray complex data in a simplified form. These vectors can then be compared and searched, making vector databases particularly useful for handling large data sets and improving the performance of data-driven applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe key difference between vector databases and traditional databases lies in their approach to data management. While traditional databases focus on storing data in a structured format, vector databases prioritize the efficient representation and retrieval of vector data. This makes vector databases useful with modern technology, where the ability to quickly access and analyze relevant information can provide a significant competitive advantage. This includes things like AI and large language models (LLMs), where finding the most relevant data can be the difference between an app making the right or wrong choice.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Types of vector database","_metadata":{"uid":"cs3b6b76151d7406d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLike most types of tech, vector databases come in various flavors — each one with its own unique strengths, weaknesses, and use cases. Let's explore some popular types.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Graph-based vector databases","_metadata":{"uid":"cs498665c6dd1bef79"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGraph-based vector databases are designed to efficiently handle complex, interconnected data. They represent data as nodes (or vertices) and edges: nodes represent entities, and edges represent relationships between entities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe main advantage of this design is the ability to efficiently handle complex, interconnected data. They excel at analyzing connections and relationships between data points, which can be crucial in certain applications. They can be less intuitive for simple similarity searches, though. This is because they are designed to handle complex relationships, which can make simple searches more complicated than necessary.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGraph-based databases excel in scenarios where the relationships between data points are as important as the data points themselves. This includes things like social network analysis and knowledge graphs, where the relationships between different pieces of information are key.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrated or point solution ","_metadata":{"uid":"csac5a3d87e4c709c7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector databases are available in two different forms: integrated into a more full-featured product or as a point solution.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn integrated vector database combines the capabilities of vector data with the functions you’d expect from a traditional database into a single platform. This means you can store, manage, and query your data both as structured business data and as unstructured vector data within the same system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, a point solution is a specialized, bespoke system designed specifically for storing, managing, and querying vector data. The focus of point solutions is on optimizing vector operations and similarity search, so they can perform well on vector-specific tasks. They’re usually standalone systems that need to be integrated into your existing applications and architectures.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key features of vector databases","_metadata":{"uid":"csc6cf5cb12eb39185"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen choosing a vector database, thoroughly evaluate the product’s feature set and how it addresses your specific use case and requirements. These features can significantly impact the database's performance, usability, and compatibility with your existing systems. Let's delve into some of these essential features:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector dimensions: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis refers to the number of numerical elements each vector embedding contains. Each dimension corresponds to a specific feature or property of the data object, and the dimensionality of vectors will have a direct impact on both the accuracy and efficiency of the vector search.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAlgorithms: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eA vector database has algorithms that calculate vector similarity. These are essentially mathematical equations used to calculate how close or related different vector embeddings are to each other.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNative integration: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo get the benefits, you need your vector database to be able to seamlessly integrate with your existing databases and systems. This means you can perform combined queries that use both the vector similarity search and conventional SQL operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStorage and retrieval: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe efficiency of a vector database in storing and retrieving data is crucial. This performance can impact the speed of your applications and the overall user experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe performance of a vector database is determined by how quickly it can execute operations like searches, updates, and deletions. High-performance vector databases can handle large data sets and provide quick, accurate results.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearching, sorting, and filtering:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A robust vector database should offer powerful search capabilities, including the ability to sort and filter results. This can help you quickly find relevant information in large data sets. This is especially important as vector databases are often used to “prompt” LLMs. High-quality prompts can only be retrieved through high-relevance search.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManagement and maintenance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eConsider how easy it is to manage and maintain the database. This includes tasks like adding new data, updating existing data, and ensuring the database remains secure and reliable.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cse2ee12581f4c0d50"}}},{"banner":{"reference":[{"uid":"blt847c8045ef98f7d0","_content_type_uid":"banner"}],"_metadata":{"uid":"cse020c681fdf4a08f"}}},{"title_text":{"title_text":[{"title_l10n":"Factors to consider when choosing a vector database","_metadata":{"uid":"cs5af523bf815b263a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen selecting a vector database, evaluate these key factors to ensure it aligns with your specific needs and project requirements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearch accuracy:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The database should provide accurate search results. This is particularly important for applications where precision is crucial.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocumentation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou need to have comprehensive documentation, so you have essential guidance to follow as you set up your implementation. The documentation should also include troubleshooting and optimization instructions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLanguage clients: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThese are language-specific libraries, provided to help developers interact with the database. You want to look for one that is both intuitive and efficient to simplify the integration process.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Consider the database's ability to handle growth. As your data grows, the database should be able to grow with you without losing performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Evaluate the speed and efficiency of the database. This includes the speed of data storage, retrieval, and search operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData type support:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensure the database supports the types of data you'll be working with. Some databases are better suited for certain data types than others.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSystem integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Consider how well the database integrates with your existing systems. A seamless integration can save time and resources.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProject requirements:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Your specific project requirements should guide your choice. Consider factors like the size of your data set, the complexity of your data, and the specific tasks you need to perform.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Benefits of Elastic as your vector database","_metadata":{"uid":"cs09311b7dc684466d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere's plenty to consider when choosing your vector database, but that doesn't mean some options aren't easier than others.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we've created a flexible and adaptable vector database solution out of the box. Our support for machine learning models gives you advanced analytics and predictive capabilities, so you can uncover valuable insights and make data-driven decisions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of our most important features is the Hierarchical Navigable Small Worlds (HNSW) storage. This graph-based algorithm means Elastic can handle large data sets and deliver quick, accurate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/category/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e results. Coupled with robust search capabilities, including filtering and sorting, Elastic makes it easy to find relevant information in your data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe also prioritize security, offering advanced features, such as role-based access control and document- and field-level security. These ensure that your data remains secure and that only authorized users can access sensitive information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What you should do next","_metadata":{"uid":"cs4c9e8a62f8406f06"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhenever you're ready, here are four ways we can help you harness insights from your data:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand see how Elastic can help your business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eTour our solutions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to see how the Elastic Search AI Platform works and how our solutions will fit your needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eExplore how vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare this article with someone you know who'd enjoy reading it via email, LinkedIn, X, or Facebook.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs26de9e0f2661edfe"}}},{"callout":{"title_l10n":"Explore more vector database resources:","_metadata":{"uid":"cs190158c3b4a5046f"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat is a vector database?\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/vector-database-vs-graph-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVector database vs. graph database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWorld's most used vector database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/lexical-ai-powered-search-elastic-vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to get the best of lexical and AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a947ee574edc0bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ad872fed8004a27"}}}],"publish_date":"2024-07-15","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How to choose a vector database","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt07abc70739e66bac","_version":1,"title":"Trees and mountains.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-07-15T14:00:21.265Z","updated_at":"2024-07-15T14:00:21.265Z","content_type":"image/jpeg","file_size":"178438","filename":"Trees_and_mountains.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-07-15T14:02:24.875Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt07abc70739e66bac/66952b7554407586bafea0e5/Trees_and_mountains.jpg"},"title":"How to choose a vector database","title_l10n":"How to choose a vector database","updated_at":"2025-01-17T19:19:35.123Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-to-choose-a-vector-database","publish_details":{"time":"2025-01-17T19:19:39.141Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt30a3f6bd380b89a4","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":" Explore the role of AI in customer support, from chatbots to virtual assistants, enhancing user experiences and increasing satisfaction without replacing human agents.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-25T16:38:28.484Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4ff02e8c9c9f3130"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’ve all experienced it: walking into the store and seeing a line at the in-person checkout stations while all the self-checkout stations are free. This is what happens when convenience tools aren’t all that convenient. For a while, that was the case with many customer service “solutions.” Remember early chatbots like Ikea’s \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eAnna\u003c/em\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and Alaska Airlines’ \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eAsk Jenn\u003c/em\u003e\u003c/span\u003e\u003csup\u003e2\u003c/sup\u003e\u003cspan style=\"font-size: 12pt;\"\u003e? When tech is more clunky than useful, customers bypass it altogether.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYet, 90% of customers expect an immediate response to customer service issues.\u003csup\u003e3\u003c/sup\u003e Enter artificial intelligence (AI) customer support tools, which have become game changers for businesses hoping to streamline their customer service systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI integrations in customer support have become essential and expected by customers. Gartner has forecasted that generative AI (GenAI) will power 80% of customer service and support operations by 2028.\u003csup\u003e4\u003c/sup\u003e And it’s not all about customer-facing interactions — AI can assist human agents by providing them with insights to help them give customers a top-notch experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs AI is increasingly normalized for customer support systems, businesses need to understand how to implement the best tools for the most value. Personalization is the key to effective customer support. By personalizing solutions to your business and your customers, you can anticipate their needs — which is at the core of any good customer experience.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is AI in customer support?","_metadata":{"uid":"cs87312efbee26bbf6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI is used in customer support to create smoother, more personalized interactions while lightening the load for human customer service reps. Most commonly, AI is used in chatbots that use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emachine learning (ML)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to mimic human speech and resolve customer issues. But AI in customer support doesn’t begin and end with chatbots. From virtual assistants to AI-powered search, companies can integrate AI into almost every facet of the user experience to support their customer service teams. The goal isn’t to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003ereplace\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e customer support but to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eenhance\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhen used to its fullest potential, AI can help customer support teams boost productivity, increase customer satisfaction, and bolster their bottom line. Long-term customers are more profitable and cheaper to retain, and they talk up their favorite brands to peers. Good customer service can turn tentative customers into brand loyalists. But customer expectations are also rising. Users expect frictionless experiences that resolve their issues faster and better than before. And 80% of customers claim that the experience that a company provides is as important as its product and services.\u003csup\u003e5\u003c/sup\u003e So, being behind the curve might mean losing them. Therefore, it’s no surprise that businesses are scrambling to implement AI tools for customer service.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere’s how to do it right to satisfy customers and streamline customer success operations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Diverse AI technologies in customer support","_metadata":{"uid":"cs5002aa63b567fa90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI has significantly expanded what can be automated in customer service. While chatbots are still the most common and most accessible AI tool for customer support, they might not be the best fit for your business. Familiarizing yourself with the landscape can help you decide which AI tool will best serve your teams and your customers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Chatbots","_metadata":{"uid":"cse9f3d9dcd77182d1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/enhancing-chatbot-capabilities-with-nlp-and-vector-search-in-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eChatbots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are automated systems that can tackle basic questions and routine tasks, giving customers quick answers and easing the load on human agents. They’re built to handle tons of interactions at once and are a staple for any high-traffic support system.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Virtual assistants","_metadata":{"uid":"cs5335d752664e9a34"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVirtual assistants can manage more sophisticated queries than chatbots and give customer interactions a more personalized touch. They’re a better option than chatbots if a user needs to be guided through a complex process.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector search","_metadata":{"uid":"csebd98115906827ca"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen customers are searching for something but aren’t using the exact keywords, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\"\u003e\u003cspan style='font-size: 12pt;'\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help. Through embeddings — numerical representations of data that capture its context — vector search can identify information that’s conceptually like the search term even when exact matches of keywords aren’t being used.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hybrid search","_metadata":{"uid":"csd1d96334b2f549d2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHybrid search combines different search techniques like vector and keyword search to deliver better \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/search-relevance\"\u003e\u003cspan style='font-size: 12pt;'\u003erelevance\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. It blends dense and sparse embeddings to fine-tune the balance between understanding context and matching specific terms.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Natural language processing (NLP)","_metadata":{"uid":"cs02688aae7eba45d0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003eNLP\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is used to interpret and respond to human language with nuanced understanding. It lets chatbots and virtual assistants grasp what a customer is saying and respond in a way that makes sense and feels like a natural conversation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Machine learning algorithms","_metadata":{"uid":"csc2412e1d62147885"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003eMachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e algorithms are at the heart of AI’s continuous improvement. By analyzing vast amounts of data from previous interactions, machine learning helps AI systems refine and improve their future responses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automated response systems (ARS)","_metadata":{"uid":"csc0a949b1beb61cae"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese systems are designed to handle large volumes of customer queries. They automate responses to common questions and issues so that human agents don’t get overwhelmed and can focus on more complex customer issues instead.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"AI-powered analytics","_metadata":{"uid":"cs3e3534e86a5d40d2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith AI-powered analytics, you can dive deep into customer data and find insights that help you predict what customers want. It also helps you make informed decisions about the best ways to tailor your support strategies in the future.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Implementing AI in customer support","_metadata":{"uid":"cscf67455e62ddad77"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA roadblock for many businesses that want to experiment with AI is the implementation process. Integrating AI into your existing systems doesn’t have to be intimidating. The right tools and the right partners make adding AI integrations intuitive. But to find the right tools, the first step is to establish exactly what your goals are. Only by knowing what your business — and your customers — really need can you make significant improvements to your customer support systems. Here’s how to implement AI in customer support.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 1: Understand your customers well ","_metadata":{"uid":"csd812cbbe6949c555"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are their demographics and interests? What are their pain points? Do they respond more positively to voice or digital interactions? By understanding the customer, you can tailor your solutions to proactively address their needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 2: Determine if you want AI to improve your self-service tools or support your human agents (chances are you’ll want to do a little of both)","_metadata":{"uid":"cs8ed8973fc478182f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSelf-service\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e provides your customers with tools that’ll help them serve themselves. Virtual agents or chatbots are usually a good choice here. Normally this process requires analyzing customer queries, understanding their intent, and then having a customer service expert create dialogue flows to help the customer get where they need to be. These flows were often time-consuming to create — a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eChoose Your Own Adventure\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e-style of writing that could easily go off course if the customer sends it a curveball. Fortunately, generative AI has made the process a lot simpler. Not only does it make building the flows easier, but it’s also more resilient to digressions and variations during customer interactions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupporting your human agents with AI\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is another approach you can take. A new call center agent might be spending a lot of time searching knowledge bases, documentation, and case histories to get the right answer for a customer. GenAI can retrieve information faster and summarize it quickly, cutting down customer wait times in the process. If you’ve ever been on hold for a long time, you know how much this can improve the customer experience. Another way GenAI can help is by automatically drafting responses to customer emails based on what they’re asking and any context available. The customer service rep can then review the email before it’s sent to make sure it makes sense and appropriately handles the query.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 3: Determine what experience you want to create ","_metadata":{"uid":"csc78b4754d098cbb5"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou know your audience, and you have a general idea of the ways you’d like to serve them. It’s time to map out your end-to-end customer journeys (chances are you’ll have at least a few) and then look at the best tools to support them. Don’t limit yourself to budget concerns as you brainstorm these journeys — go big. You can rein things in during the next step.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 4: Think about your budget and ROI ","_metadata":{"uid":"cs90bbd6b8e73f074f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, calculate the cost of different AI tools and technologies — and remember to factor in both your upfront investment \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eand\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ongoing expenses, maintenance, and updates.\u0026nbsp; When you have all that assessed, consider your ROI. Using the in-house data you have, think about the different ways your plan will improve customer satisfaction and how that will affect your bottom line.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 5: Design the customer experience end to end ","_metadata":{"uid":"cs20a2d9e20b7dc6e6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s time to look back at Step 3 with Step 4’s budget in mind. Choose your tools and design strategies that serve both your customers and agents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 6: Train your customer service team ","_metadata":{"uid":"cs18ff159a0d7ac2f9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCan your customer service reps seamlessly pick up a conversation if a chatbot passes one to them? Do they understand when and where to intervene if a customer is having a poor experience that the AI tools can’t solve? Do they have a basic understanding of how to use the technology correctly during interactions and gather insights from it later? By training your customer service team, you can still succeed in giving customers a personalized experience when AI struggles to provide answers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 7: Review data and iterate ","_metadata":{"uid":"cs5c6c35681e1301c3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI makes this process easier, too. For example, a big chunk of a call center’s job is documenting conversations. GenAI can make transcripts of every call, which gives time back to the operators. It can also use these transcripts to come up with insights as to why certain calls are taking longer or if certain products or services are having issues that need to be reported to the product and marketing departments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Challenges of AI in customer support","_metadata":{"uid":"cs61ba2fe25ec12902"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing a new technology comes with its challenges. And despite the potential of AI, some customers — and some teams — might be skeptical. With the right AI tool and the right implementation process, you can get past most of the common obstacles. Here are some of the potential challenges of AI in customer support and how to solve them.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Managing customer expectations","_metadata":{"uid":"cs643fbc4e34421cb3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccording to a recent Gartner study, some customers may worry that GenAI will just add another barrier between them and a real agent. Others are concerned it’ll provide the wrong answers or possibly even be biased against certain customers.\u003csup\u003e6\u003c/sup\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e It will be up to your business to communicate to customers how AI can make the service experience better. Be upfront: Let customers know when they’re interacting with AI. And never hesitate to escalate complex cases to human agents when AI falls short.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Privacy and security concerns","_metadata":{"uid":"cs11d84693eabd59cd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAny system that handles customer data is a prime target for hackers, and AI is no exception. These systems often need to process large amounts of personal information, so privacy and security can’t just be an afterthought.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You’ll need to stay on top of data protection laws and regularly update your security measures to keep up with new threats — it’s crucial for maintaining customer trust.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Technical integration issues","_metadata":{"uid":"csa1bae6e9996b4adf"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany companies still rely on older systems that weren’t built with AI in mind. This can mean upgrades — often expensive and time-consuming ones.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Start with a thorough assessment of your current systems, looking for areas where AI can fit in smoothly and where upgrades are necessary. Phased rollouts can help minimize disruptions, allowing you to iron out issues before scaling up.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Resistance from support teams","_metadata":{"uid":"cs57ea96ad1f0e9540"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport teams might push back against AI integration because they’re resistant to a new way of doing things, or they’re worried that automation will replace them.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The key here is to involve the team from the start, offer plenty of training, and show them how AI can make their jobs easier, not take them away.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Continuous updates and maintenance","_metadata":{"uid":"cs30ec0a4b9e644fca"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI systems need regular updates to keep up with changing customer needs and new tech developments. If companies don’t keep up, they risk their AI falling behind and becoming more of a liability than an asset.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You’ll want to establish a schedule for regular system reviews and updates as well as invest in ongoing learning for your AI systems by feeding them fresh data and refining their algorithms.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key benefits of AI in customer support","_metadata":{"uid":"cse3ee6a0075ed8d26"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you’ve pushed through the challenges, you get to reap the benefits of AI in customer support. Here are some of the ways AI in customer support can transform your business:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e24/7 availability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Customers will have access to assistance around the clock, regardless of time zones or business hours.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstant response:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI delivers immediate answers and solutions and keeps the customer experience smooth and frustration-free.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePersonalized service:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Customer data helps AI tailor its responses and recommendations. This helps it make each customer experience feel personable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced efficiency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI streamlines support operations by automating routine tasks and inquiries. This lets human agents focus on more complex and nuanced issues.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReduced costs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Automating processes means less money spent on manual tasks and more streamlined operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved data collection and analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI digs into every customer interaction to gather valuable insights, helping you understand trends and improve your support strategy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability of support operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI handles increasing volumes easily so that your business can expand without growing pains.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Case study: How Cisco transformed its support experience","_metadata":{"uid":"cs021533698dadff23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFounded in 1984, Cisco is the backbone of the global network economy, serving more than 87% of Fortune 500 companies. But with millions of service requests and countless documents to sift through, it faced a real challenge: how to deliver quick and accurate support with such substantial volume.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe solution was an overhaul of Cisco’s search capabilities powered by AI. To do this, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco partnered with Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to revamp its customer support system. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, running on\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-cloud-kubernetes\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud on Kubernetes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, is now the engine at the center of Cisco’s new enterprise search architecture. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis new tool, c\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003ealled \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRe-imagined Topic Search, saves Cisco’s support engineers 5,000 hours a month. Now, engineers can quickly pull up relevant documents and similar cases whether they're helping customers over the phone or online.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Feedback from our engineers is extremely positive,” says Sujith Joseph, principal enterprise search and cloud architect at Cisco Systems. “They now use Topic Search to solve 90% of service requests. They can deliver a better customer experience by easily finding on-target information and fixing issues much faster than before.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco.com also got a major AI upgrade. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt’s now powered by the Re-imagined Search Platform, an\u0026nbsp;AI\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearch solution\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ebuilt on\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/google-cloud\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGoogle Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eservices and Elasticsearch\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. This overhaul has slashed search response times by 73% and boosted user engagement while reducing operational costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince rolling out Re-imagined Search across customer support and Cisco.com, Cisco’s search team has also integrated it into more than 50 internal and external apps, including the Cisco intranet.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Today, people expect instant search access to the information they need,” Joseph adds. “Keeping customers and potential customers aligned with relevant content about our solutions and services is fundamental to these relationships.”\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Harness AI for customer support with Elastic","_metadata":{"uid":"cs8169bf822615fd01"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e combines generative AI with powerful search technology to boost self-service support and streamline agent workflows. It taps into your organization’s own data, knowledge base, and process docs to deliver precise answers and smart recommendations, all while keeping document security tight and costs low.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b7ea6bba111f2e0"}}},{"callout":{"title_l10n":"AI for customer support resources","_metadata":{"uid":"csdec2749ecaeaf1f6"},"paragraph_l10n":"\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/learn/transform-customer-support-with-ai-powered-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTransform customer support with AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore generative AI in a free trial\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 1: Building our proof of concept\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 2: Building a knowledge library\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 3: Designing a chat interface for chatbots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/customer-service-government-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhy customer service matters for government — and how AI will help\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/implementing-search-for-your-knowledge-base\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImplementing search and generative AI for your knowledge base\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs959ec36bfa49385a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003csup\u003e1\u003c/sup\u003e \u003ca href=\"https://www.chatbots.org/virtual_assistant/anna3/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChatbot Anna\u003c/span\u003e\u003c/a\u003e\u003csup\u003e\u003cbr superscript=\"[object Object]\"/\u003e\u003c/sup\u003e\u003csup\u003e2\u003c/sup\u003e \u003ca href=\"https://www.chatbots.org/virtual_assistant/jenn/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChatbot Jenn\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003cbr superscript=\"[object Object]\"/\u003e\u003c/sup\u003e\u003c/span\u003e\u003csup\u003e3\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Hubspot \u003c/span\u003e\u003ca href=\"https://www.hubspot.com/hubfs/assets/flywheel%20campaigns/HubSpot%20Annual%20State%20of%20Service%20Report%20-%202022.pdf\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAnnual State of Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2022\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e4\u003c/sup\u003e \u003ca href=\"https://www.gartner.com/en/newsroom/press-releases/2023-08-30-gartner-reveals-three-technologies-that-will-transform-customer-service-and-support-by-2028\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eGartner Hype Cycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2023\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e5\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Salesforce, \u003c/span\u003e\u003ca href=\"https://www.salesforce.com/resources/research-reports/state-of-the-connected-customer/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eState of the Connected Customer\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 6th Edition\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003c/sup\u003e\u003c/span\u003e\u003csup\u003e6\u003c/sup\u003e \u003cspan style=\"font-size: 10pt;\"\u003eGartner, \u003c/span\u003e\u003ca href=\"https://www.gartner.com/en/webinar/631278/1394124\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e4 Key Customer Insights to Guide Your Service CX Strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs82a3c290a844431d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3daa4f9981cbcd4e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2ee0b2a5531ff0d8"}}}],"publish_date":"2024-09-26","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Understanding AI for customer support guide | Elastic","seo_description_l10n":"Explore the role of AI in customer support, from chatbots to virtual assistants, enhancing user experiences and increasing satisfaction without replacing human agents.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf04b065d79bd1a12","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-09-25T17:21:40.204Z","created_by":"bltb6c155cd84fc0c1a","file_size":"193635","filename":"elastic-de-142343-blogheader.V2_V1.jpg","parent_uid":null,"tags":[],"title":"elastic-de-142343-blogheader.V2_V1.jpg","updated_at":"2024-09-25T17:21:40.204Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-09-26T14:00:00.249Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf04b065d79bd1a12/66f446a4f9cb26549f43e479/elastic-de-142343-blogheader.V2_V1.jpg"},"title":"Understanding AI for customer support: How AI is transforming customer service","title_l10n":"Understanding AI for customer support: How AI is transforming customer service","updated_at":"2025-01-17T19:18:53.958Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/understanding-ai-customer-support","publish_details":{"time":"2025-01-17T19:18:58.121Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0a0abff5c686aaea","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"Explore advanced strategies for AI applications in retrieval augmented generation (RAG). Learn from experts on enhancing LLMs with effective data integration techniques.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-08-12T17:03:46.426Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs366feaedda6623a0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eOur recent \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/beyond-rag-basics\"\u003e\u003cspan style='font-size: 12pt;'\u003evirtual event with Cohere\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e dove deep into the world of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e, focusing on the critical considerations for building RAG applications beyond the proof-of-concept stage. Our speakers, Lily Adler, principal solutions architect at Elastic, and Maxime Voisin, senior product manager at Cohere, shared valuable insights on the challenges, solutions, and best practices in this evolving field of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs836462e6f2b4192d"}}},{"image":{"image":{"uid":"blt1496b19e4c6f9e66","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-08-12T17:06:50.571Z","created_by":"bltb6c155cd84fc0c1a","file_size":"90413","filename":"rag-in-action.jpeg","parent_uid":null,"tags":[],"title":"rag-in-action.jpeg","updated_at":"2024-08-12T17:06:50.571Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-13T04:00:00.469Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1496b19e4c6f9e66/66ba412a46b3f4241b969f48/rag-in-action.jpeg"},"_metadata":{"uid":"csc7900d40206449ee"},"caption_l10n":"","alt_text_l10n":"Retrieval augmented generation (RAG) in action","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Why build a stack of solutions to complement large language models?","_metadata":{"uid":"cs511a30e81090626f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eLarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e are powerful but far from perfect. They often make absurd mistakes like suggesting putting glue on pizza or eating rocks — errors stemming from their training data without an inherent layer of logic. This is where RAG comes in, adding a crucial layer of control and context to help ground responses from the LLM. RAG is all about integrating relevant information retrieval systems with LLMs to enhance text generations. By grounding LLMs in contextually relevant data, RAG not only boosts response accuracy but also offers significant advantages in cost reduction and overall control. It helps in leveraging external knowledge sources, making the AI outputs more reliable and relevant.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55072b03936721dc"}}},{"quotes":{"quote_l10n":"Your RAG is only as good as your retrieval engine. And there's no magic bullet to make it perfect. But there are a few best practices.","_metadata":{"uid":"cs597081834c230074"},"quote_author_l10n":"Maxime Voisin, Senior Product Manager (RAG) at Cohere","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Understanding RAG architecture","_metadata":{"uid":"cs1a48e4fa5c131350"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eA basic RAG architecture begins with user questions, using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e to retrieve relevant data, such as documents, images, and audio. This data then provides essential context for the LLM to generate a more accurate response.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eHowever, an advanced RAG setup involves several layers with each playing a pivotal role:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Determines the type (structured or unstructured) and storage of information. Effective data management is crucial for high-quality information retrieval.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eModel layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Incorporates foundational LLMs and embedding models. Fine-tuning these models is essential for handling specific tasks and improving performance in text generations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eApplication layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Manages retrieval, prompts, and application logic, ensuring seamless integration of relevant documents into the workflow.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnalysis and deployment layers:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensure the solution is fit for purpose and efficiently deployed. Continuous analysis helps in refining model performance and adapting to new data.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs6a6acca8e81f7071"}}},{"image":{"image":{"uid":"blt1963fc39739bb5e0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-12T17:08:27.199Z","created_by":"bltb6c155cd84fc0c1a","file_size":"74719","filename":"rag-llmops.png","parent_uid":null,"tags":[],"title":"rag-llmops.png","updated_at":"2024-08-12T17:08:27.199Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-13T04:00:00.582Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1963fc39739bb5e0/66ba418b473507b4cc090f07/rag-llmops.png"},"_metadata":{"uid":"cs7fd5431033d44566"},"caption_l10n":"","alt_text_l10n":"Production RAG LLMOps stack","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Strategic data layer management","_metadata":{"uid":"cs91261b864ec4a221"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eEffective RAG solutions begin with a thorough understanding of the data landscape. When dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003eunstructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e like images or documents or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003estructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e, such as databases, a robust chunking strategy is indispensable:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLarge vs. small chunks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Balancing context richness with precision. Large chunks provide more context but may reduce precision while small chunks are more precise but may lack complete information.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eToken overlapping:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring continuous context across chunks, which helps in maintaining coherence in the retrieved information.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollapsing relevant chunks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Maintaining precision while always referencing the source for validation, ensuring the reliability of the information provided.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity and legal considerations are also paramount. Access control mechanisms (LDAP, Active Directory) and privacy concerns, such as redacting sensitive information using named entity recognition, must be carefully managed to ensure compliance and user trust. These measures are essential to prevent data spills and unauthorized access to sensitive information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Evaluating the model layer","_metadata":{"uid":"csc11d388dc5cb2594"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing human-labeled data sets and appropriate metric choices (recall vs. precision) are fundamental for effective information retrieval. Additionally, cost and speed are critical factors, necessitating trade-offs among these elements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRecall:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring all relevant documents are retrieved. High recall is crucial in legal or compliance scenarios where missing relevant information can have significant consequences.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePrecision:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring the retrieved documents are highly relevant to the query. High precision is important in consumer applications to avoid user frustration.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEffective fine-tuning of the LLMs is critical for optimizing these metrics and improving the overall performance of the RAG system.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Addressing challenges in generative models","_metadata":{"uid":"cs0071cc51fe8ea6c8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo increase verifiability and reduce hallucinations in generative models, use models that provide citations, choose those with lower hallucination rates, and improve context window utilization. This will enhance coherence in the generated text. Additionally, models trained specifically for RAG applications can significantly reduce the likelihood of inaccuracies and improve the overall reliability of the system.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs62c85b1a86d20a15"}}},{"quotes":{"quote_l10n":"LLMs make mistakes, humans make mistakes as well, although LLMs make mistakes that are a bit more silly because there's not that layer of logic for LLM.","_metadata":{"uid":"cs2d4887bb087b4cfa"},"quote_author_l10n":"Lily Alder, Principal Solutions Architect at Elastic","quote_details_l10n":""}},{"banner":{"reference":[{"uid":"blt002516fdeca7bc32","_content_type_uid":"banner"}],"_metadata":{"uid":"csd299126cde3ac2bf"}}},{"title_text":{"title_text":[{"title_l10n":"Advanced RAG techniques","_metadata":{"uid":"cs543cdcdd239ede8b"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eParallel queries:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Handling multipart questions with parallel search queries significantly improves response accuracy in RAG systems, making them adept at tackling complex user requests. This technique enables the system to break down and address different parts of a query simultaneously, ensuring a comprehensive and accurate response.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRAG with tools:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Extending RAG capabilities by integrating tools to handle complex data types (such as spreadsheets and SaaS apps) opens new possibilities for AI applications like workplace assistants. This incorporation allows RAG systems to interact with external knowledge sources, providing more comprehensive answers. For example, querying a database or a spreadsheet to provide data-driven responses can enhance the utility of the system in business and productivity applications.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAgentic RAG:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Equipping RAG systems with agentic capabilities allows for sequential reasoning and dynamic planning, making them robust against more complex queries. Agentic RAG systems can utilize multiple tools and adjust their plans based on the results they gather. This flexibility allows for more sophisticated problem-solving abilities and can handle intricate tasks that require multiple steps and logical reasoning.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Deploying retrieval augmented generation at scale","_metadata":{"uid":"cs1422e3bc7a0edabb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScaling RAG solutions involves addressing three main areas:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Choose efficient models and optimize \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\"\u003e\u003cspan style='font-size: 12pt;'\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e databases to control costs effectively. Cost analysis and regular monitoring can help in identifying areas for optimization, ensuring the solution remains cost-effective.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity and reliability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Implement disaster recovery, service level objectives, and adopt a site reliability engineering (SRE) approach to ensure robust infrastructure. These measures help in maintaining uptime and reliability, which is critical for production environments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContinuous analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Utilize observability tools to monitor and evaluate LLM responses over time, adapting to changes and ensuring consistent performance. Continuous evaluation helps in maintaining the quality of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/information-retrieval\"\u003e\u003cspan style='font-size: 12pt;'\u003einformation retrieva\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003el and adjusting to any evolving requirements.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Practical implementation strategies","_metadata":{"uid":"csb22c308243cccb23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSeveral tools and frameworks, such as LangChain, LlamaIndex, Autogen, and Cohere's API, offer out-of-the-box solutions to implement advanced RAG systems efficiently. Leveraging these tools can help you avoid starting from scratch, accelerating deployment and reducing overhead. They provide prebuilt components for information retrieval and natural language processing tasks, enabling faster and more reliable implementations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/langchain-tutorial\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help in building complex workflows by chaining different processes while LlamaIndex offers efficient indexing solutions for fast retrieval. Autogen, on the other hand, simplifies the generation of responses by providing a range of preconfigured settings and templates.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Collaborations and resources","_metadata":{"uid":"cs2f5a48ff2d2e6cc9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Cohere have been at the forefront of information retrieval and RAG research and development. Here’s how you can dive deeper into RAG:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eWatch the full webinar: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/beyond-rag-basics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBeyond RAG basics: Strategies and best practices for implementing RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eTest the latest AI search capabilities with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e, a free hands-on lab covering how to build RAG systems.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eFor further reading and hands-on workshops, visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e. This resource offers valuable information, tutorials, and code samples pertinent to various RAG use cases, including tutorials for using Elastic with Cohere.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to get started building apps with search AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy understanding the intricacies of RAG and implementing best practices in natural language processing, you can build robust AI applications that leverage external knowledge sources for more accurate and reliable responses. Whether you are focusing on simple RAG systems or more advanced implementations, the goal is to create solutions that are scalable, cost-effective, and provide value through precise information retrieval and text generations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elastic AI Ecosystem","_metadata":{"uid":"cs9f23d88fa3a6055b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCohere is a valued partner in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/ai-ecosystem\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Ecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e which offers developers pre-built Elasticsearch vector database \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from a trusted network of industry-leading AI companies to deliver seamless access to the critical components of GenAI applications across AI models, cloud infrastructure, MLOps frameworks, data prep and ingestion platforms, and AI security \u0026amp; operations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e help developers:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDeliver more relevant experiences through RAG\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrepare and ingest data from multiple sources\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExperiment with and evaluate AI models\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeverage GenAI development frameworks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eObserve and securely deploy AI applications\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs43c6139598e71719"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdc1393240cf3b9a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003eOriginally published on August 13, 2024; Updated December 17, 2024.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs26749fc1600a2a40"}}}],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Beyond RAG Basics: Advanced strategies for AI applications","seo_description_l10n":"Explore advanced strategies for AI applications in retrieval augmented generation (RAG). Learn from experts on enhancing LLMs with effective data integration techniques.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte429185b1884064a","_version":1,"title":"search-campaign-blog-banner-3_720x420.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-16T21:29:00.712Z","updated_at":"2024-12-16T21:29:00.712Z","content_type":"image/jpeg","file_size":"77895","filename":"search-campaign-blog-banner-3_720x420.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-16T21:29:26.075Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte429185b1884064a/67609b9ccbd7d67d0315d1a1/search-campaign-blog-banner-3_720x420.jpg"},"title":"Beyond RAG basics: Advanced strategies for AI applications","title_l10n":"Beyond RAG basics: Advanced strategies for AI applications","updated_at":"2025-01-17T19:17:21.686Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/beyond-rag-basics","publish_details":{"time":"2025-01-17T19:17:26.537Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltebe8e6aae26ab934","_version":16,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Cloud Serverless is the easiest way to start and scale your capabilities in search, observability and security. Built on a reimagined Elasticsearch architecture, it ensures low-latency querying across data without compromise on scalability.","author":["blt0896400660d3af74"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-25T17:13:36.098Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfcab443262d1470d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are pleased to announce the general availability (GA) of Elastic Cloud Serverless on AWS. Elastic Cloud Serverless is the fastest way to start and scale security, observability, and search hassle-free. It’s powered by a re-architectured Elasticsearch that is built on an industry-first Search AI Lake optimized for real-time applications. It combines vast storage with low-latency querying and all of the strengths of Elasticsearch’s AI and search capabilities.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elasticsearch everyone loves, reimagined for the cloud","_metadata":{"uid":"cs0c9d915508067cea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor over a decade, Elasticsearch has redefined search for complex, unstructured data — becoming a key pillar in the AI stack and the go-to solution to make data rapidly searchable at scale. Developers, SREs, and security analysts rely on Elasticsearch for its speed, scalability, and ability to analyze messy, evolving data sets. It runs a range of applications from log analytics to SIEM to AI-driven search. But as data volumes grow and workloads become more complex from retrieval augmented generation (RAG) to threat detection, applications demand even lower latency on ever-growing data sets.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch's new Search AI Lake architecture tackles this head-on with a reimagined stateless architecture. By decoupling compute from storage and indexing from search, the architecture scales seamlessly. What's crucial is that it uses cost-effective cloud-native object storage while retaining Elasticsearch’s fast, low-latency querying and AI relevance capabilities. Enhanced caching and parallelized query processing allow massive data handling with minimal lag, making real-time applications practical and performant. It delivers the storage capacity of a data lake with the responsiveness of Elasticsearch without operational overhead. No need to manage clusters or tune infrastructure — Elastic Cloud Serverless effortlessly handles scaling, storage, and speed automatically. With this architecture, Elasticsearch combines scalability, speed, and simplicity for next-generation, search-powered applications without scale or performance trade-offs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd3acebd47adbb3fe"}}},{"quotes":{"quote_l10n":"What has stood out to our team with Elasticsearch Serverless is its ease of use. It’s simple to use as a fully managed service, and it takes virtually no time to set up a new project. We’ve also been impressed with how well Elastic delivers on its autoscaling capabilities.","_metadata":{"uid":"cs66d16b971dd85cac"},"quote_author_l10n":"Marcel Matus, Development Manager, SAP Concur","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs816501abf5dd1984"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany architectural features and innovations were developed to enable low-latency search, efficient data retention, and automatic scalability. For a deeper technical exploration, visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/category/elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Terabytes an hour gives results power","_metadata":{"uid":"cs083a46be4f8ef2d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless is engineered to tackle high-volume and high-performance workloads. \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eToday, serverless \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003escales to rapidly i\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003engest and efficiently retain petabytes of data with \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003efast indexing, search, and aggregation. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOver the past six months since the public preview, thousands of active serverless projects have been provisioned and scaled with customers. \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eElastic Cloud Serverless recent performance benchmarks demonstrate rapid ingest, high scalability, and fast querying.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs13b7ee0f6cc6047d"}}},{"quotes":{"quote_l10n":"Setup is extremely easy. We provisioned a new project without needing technical expertise. Ingesting data and querying the cluster showed nearly zero latency.","_metadata":{"uid":"csf0aee5b5e78c3b24"},"quote_author_l10n":"Madison Bahmer, Senior Principal Enterprise Architect, Two Six Technologies","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb65ce32916181049"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRapidly and predictably ingest hundreds of terabytes a day:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e As a baseline given ~450K docs/s rate with 3,000 clients, a serverless project can ingest 7.5 terabytes of data per hour to a data stream or over 180 terabytes daily. Ingest rates can be accelerated and optimized further through additional settings. Unlike other platforms, where ingest rates tend to slow down as data volumes grow, Elastic Cloud Serverless provides consistent scaling in both data volume and ingestion speed — even as data sets continue to expand.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs59e0c1f065254c81"}}},{"image":{"image":{"uid":"blta45d317e71491ee6","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-25T17:14:35.609Z","updated_at":"2024-11-25T17:14:35.609Z","content_type":"image/png","file_size":"168376","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:38.610Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta45d317e71491ee6/6744b07b4b0ed11a62e1bf16/image1.png"},"_metadata":{"uid":"csbcfd6bba5dc22387"},"caption_l10n":"","alt_text_l10n":"Rapidly and predictably ingest hundreds of terabytes a day","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6cc6d36b04e60dc9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe flexibility to be fast, high concurrency querying at scale: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServerless delivers stable and fast query response time. Executing over 3,000 concurrent complex aggregations and queries on 5 terabytes of data delivered consistently low-milliseconds response times.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eActual volume\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDuration\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAverage search rate (req/s)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMax search rate (req/s)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResponse time (P50)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResponse time (P99)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLoad handling search pods\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePod memory\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5.84 TB\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e120 minutes\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e891\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3,158\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e36 ms\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e316 ms\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e24\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1.2 TB\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cbr /\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/serverless-performance-testing\"\u003e\u003cspan style='font-size: 12pt;'\u003eExplore more details into these and other benchmarks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hassle-free operations: The simplest way to start and grow","_metadata":{"uid":"csf8b75f8cb7b32513"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eElastic Cloud Serverless is designed from the ground up to be the easiest way to start and scale with a simplified user experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eNo nodes, no shards, no stress:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eNo need to manage backend infrastructure, do capacity planning, upgrade, or scale data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eFast configuration:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eStart a new fully configured serverless project in a snap.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eGuided onboarding: \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eGet a step-by-step process that guides you with in-product resources and tools to get results faster and skip the learning curve.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eProject-based:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eExplore a new product experience to easily create projects optimized to the unique needs of each use case.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csbaf8004e30f910a1"}}},{"banner":{"reference":[{"uid":"blt8832b7dff87aef1d","_content_type_uid":"banner"}],"_metadata":{"uid":"cs327aea1c00468a18"}}},{"title_text":{"title_text":[{"title_l10n":"Growing global coverage with AWS regions and upcoming Azure and Google Cloud instances","_metadata":{"uid":"cs9237c648e493fabc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are pleased to announce broader geographical availability expanding support for multiple AWS regions from AWS US-East-1 (N. Virginia) to include AWS EU-West-1 (Ireland), AWS AP-Southeast-1 (Singapore), and AWS US-West-2 (Oregon). These regions allow you to run workloads closer to end users, reducing latency and improving overall performance — particularly for search and observability applications. We will continually expand regional support, delivering the flexibility to deploy workloads that meet regional data residency requirements, improve response times, and ensure compliance for data localization.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are also excited to announce upcoming support for Azure instances. This opens Elastic Cloud Serverless to Microsoft's growing cloud ecosystem for seamless integration with Azure services like Blob Storage, Event Hubs, and Azure Active Directory among many others to streamline workflows. Users can benefit from built-in, enterprise-grade security features to encrypt, secure, and stay compliant while using Azure's global infrastructure. Support for Google Cloud instances will also be available early 2025. Elastic Cloud Serverless multi-cloud strategy will continue to expand flexibility in choosing the best cloud provider based on your requirements and existing cloud deployments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also believe in transparency with Elastic engineering by sharing an ambitious roadmap for Elastic Cloud Serverless development. We’ve created a new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/serverless/roadmap\"\u003e\u003cspan style='font-size: 12pt;'\u003eroadmap page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that helps you keep track and see plans for both short- and long-term development.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Streamlined solutions that start fast and search faster","_metadata":{"uid":"cs497a8437ae2bec9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless offers both streamlined solutions and pricing. The new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esolution-specific pricing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e aligns costs with actual usage tailored to the different needs of security, observability, and search — offering greater flexibility and predictability. This means pricing for log analytics or security events is based on the volume of data ingested and retained, whereas search applications depend on the amount of compute power and storage that is used.\u003c/span\u003e\u003cspan style='color:rgb(68, 71, 70);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBy focusing on resource-based metrics like data ingestion, storage, and compute units, Elastic makes it easier for customers to manage budgets and scale as needed — enabling more control to manage workloads across different applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re also happy to introduce new volume pricing for security and observability data, using a tiered pricing model. This approach simplifies scaling by reducing costs per unit as data usage increases. Pricing decreases with higher data volumes and is divided into tiers based on data ingested and retained.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFor instance, the first 10 terabytes (TB) of data retention is priced higher per terabyte than the next 10 TB with lower pricing for volumes exceeding 20 TB.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt's also easy to get started with optimized serverless experiences for search, observability, and security.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch Serverless","_metadata":{"uid":"cs996682a41d3d91b9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Serverless\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003elets developers rapidly build AI-powered search applications with the latest features, save time managing infrastructure, and scale up or down to meet their needs. With optimized instances you can quickly build generative AI (GenAI) applications using both lexical and semantic search that are guided by inline documentation and code samples. Cluster management, scaling, and configurations are all automated and transparent. Users can accelerate development of GenAI applications with access to Elasticsearch’s latest AI capabilities, like vector search and Better Binary Quantization (BBQ), and streamline inference using various built-in or custom models. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-serverless-now-ga\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to dive deep into Elasticsearch Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Observability Serverless","_metadata":{"uid":"cs185ec6c95e74a072"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability Serverless enables a hassle-free experience without the overhead of managing the Elastic Stack or manually scaling capacity. Streamlined workflows, guided onboarding, and out-of-the-box dashboards and analysis minimize time to insight with crucial context. With over 350+ integrations and an OpenTelemetry-first approach, getting your observability data into Elastic is simpler than ever before. Store both short- and long-term data efficiently without the need for rehydration or data moving across data tiers. This allows quicker than ever analytics with fast queries, RAG-based AI analysis, and machine learning jobs that deliver insights in minutes even on petabytes of data. Analyze all your business and operational data to detect issues proactively, accelerate problem resolution, and deliver on business outcomes. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-observability-serverless\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to dive deep into Elastic Observability Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Security Serverless","_metadata":{"uid":"csff9daf452372d53f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security Serverless provides security analysts with a new cloud deployment option for their security analytics and SIEM use cases. This new and fully managed cloud offering delivers a curated security solution that can be put to work quickly. Using Elastic Security Serverless eliminates the overhead of managing cloud and SIEM infrastructure and allows security teams to focus on protecting, investigating, and responding to threats within their organizations. The Search AI Lake architecture offers efficient and fast storage for both short- and long-term data without rehydration or data moving across data tiers. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-on-cloud-serverless\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to dive deep into Elastic Security Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Explore all the power of search and AI, hassle-free","_metadata":{"uid":"cs6f91c320bc810544"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe future of search, security, and observability is here without compromise on speed, scale, or spend. Elastic invites security analysts, SREs, and developers to experience serverless. Learn more about the possibilities of \u003c/span\u003e\u003ca href=\"/cloud/serverless\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eserverless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or start your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree trial now\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs42f172f136aa73a1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ca3bca17299e801"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs83bd614490a36f2d"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt736c21c9cc3bed67","ACL":{},"created_at":"2023-11-06T20:35:30.489Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-regions","label_l10n":"Cloud regions","tags":[],"title":"Cloud regions","updated_at":"2023-11-06T20:35:30.489Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.290Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf9e60b72b67d3eca","_version":1,"title":"serverless-cloud-blog (2).png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-25T17:12:04.879Z","updated_at":"2024-11-25T17:12:04.879Z","content_type":"image/png","file_size":"87889","filename":"serverless-cloud-blog_(2).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:38.628Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf9e60b72b67d3eca/6744afe45a3b4339a435bb76/serverless-cloud-blog_(2).png"},"title":"Do less with serverless: Elastic Cloud Serverless — Now GA","title_l10n":"Do less with serverless: Elastic Cloud Serverless — Now GA","updated_at":"2025-01-16T23:50:20.749Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-cloud-serverless","publish_details":{"time":"2025-01-16T23:55:15.411Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbaa25e325a2b74b8","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"President Biden issued his Cybersecurity Executive Order in the final days of his administration, outlining a number of measures to enhance national cybersecurity with an emphasis on CISA and safeguarding federal systems and critical infrastructure.","author":["blt4912a365604f6024"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2025-01-16T19:22:32.538Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs37a2038c146703c7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePresident Biden has issued his long-awaited \u003c/span\u003e\u003ca href=\"https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCybersecurity Executive Order\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This directive comes in the final days of the administration and outlines a number of measures to enhance national cybersecurity — placing a strong emphasis on the Cybersecurity and Infrastructure Security Agency (CISA) and its important role in safeguarding federal systems and critical infrastructure. The lengthy order also emphasizes the importance of securing critical services and capabilities essential to the digital domain, including efforts to enhance the security of the software supply chain and federal systems, which are increasingly targeted by \u003c/span\u003e\u003ca href=\"https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esophisticated cyber attacks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Securing the software supply chain","_metadata":{"uid":"csc3df91d50be109b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo address vulnerabilities in software development and deployment, the order offers several measures:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCompliance and transparency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Software providers to the government must submit written attestations and artifacts that demonstrate their software development practices were secure.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGuidance development:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A consortium will be established to provide comprehensive guidance for implementing secure software practices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUpdated standards:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The National Institute of Standards and Technology (NIST) will update its guidance on secure software development, including patch deployment and supply chain risk management.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpen source security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The order addresses the use of open source software in federal information systems, ensuring its security and reliability.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Enhancing security of federal systems","_metadata":{"uid":"cs3e0f9b83cb204c2e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA central feature of the Executive Order is the modernization of federal cybersecurity practices with a close focus on strengthening CISA’s capabilities. In an era of growing threats, including ransomware attacks on critical infrastructure and espionage targeting federal systems, these enhancements aim to position CISA to be a more proactive defender of federal agencies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKey initiatives include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExpanded threat-hunting capabilities:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The order mandates that CISA gain timely access to data from endpoint detection and response (EDR) solutions and security operation centers across federal agencies. This will improve its ability to detect and mitigate threats like advanced persistent threats (APTs) and nation-state cyber intrusions, such as the recent Volt Typhoon campaign.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTechnical capability development:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Within 180 days, CISA must develop the technical capability to access data from agencies’ EDR solutions in coordination with the Federal CIO and CISO Councils.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOperational frameworks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e CISA will draft a comprehensive concept of operations to streamline data access and threat response, outlining requirements for data provision, notification procedures, and specific use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollaboration with providers:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e CISA will establish working groups to develop technical controls in partnership with EDR solution providers to ensure seamless implementation in Federal Civilian Executive Branch (FCEB) deployments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy enhancing its threat-hunting capabilities, CISA will be better equipped to counter evolving cyber risks.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Modernized security practices","_metadata":{"uid":"cs2b48d2b12c84df83"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditional directives for federal agencies include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdopting phishing-resistant authentication measures\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnhancing cloud security through updated FedRAMP policies\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStrengthening cybersecurity for space systems and infrastructure\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Securing federal communications","_metadata":{"uid":"cs50223d8ca1b7870a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe order emphasizes robust measures to secure communications systems, including:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInternet routing security: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing technologies like Route Origin Authorizations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEncrypted traffic protection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Mandating encrypted DNS traffic and secure email transport while encouraging end-to-end encryption\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecure digital communication:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Advancing the security of internet-based voice, video conferencing, and instant messaging\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePost-quantum cryptography: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePreparing for the transition to post-quantum cryptographic standards and securing cryptographic key management\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Combating cybercrime and fraud","_metadata":{"uid":"csc9b87f340693bb18"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Executive Order addresses the growing threat of cybercrime by:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePromoting the acceptance of digital identity documents in public benefits programs with an emphasis on privacy and security\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDeveloping a pilot program to notify individuals of potential identity fraud\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEncouraging the use of “Yes/No” validation services for identity verification\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Using AI for cybersecurity","_metadata":{"uid":"cse978b365a4b8724b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRecognizing the transformative potential of artificial intelligence, the order highlights:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLaunching a pilot program to apply AI in defending critical infrastructure, particularly in the energy sector\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing programs to use AI models for advanced cyber defense\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrioritizing funding for AI research in cybersecurity and supporting the development of large-scale datasets for research purposes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Strengthening cybersecurity policy","_metadata":{"uid":"cs9d8e2985b2337814"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Executive Order directs the modernization of IT infrastructure and alignment of policies to improve network security. Key actions include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIssuing updated Office of Management and Budget (OMB) guidance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing minimum cybersecurity practices for government contractors\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Countering malicious cyber activities","_metadata":{"uid":"cs26c9e571705cdd84"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilding on previous directives, the order expands the criteria for sanctions against individuals involved in significant cyber-enabled activities, such as ransomware attacks and unauthorized access to critical infrastructure. The updated criteria will empower the Treasury Department to designate and impose sanctions to help deter cyber threats.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s to come","_metadata":{"uid":"cs1b06570af882b513"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePresident Biden’s Cybersecurity Executive Order marks a significant development in addressing the increasing complexities of the cyber threat landscape. By emphasizing CISA’s expanded role and modernizing federal cybersecurity practices, the order seeks to mitigate risks and enhance resilience. While the long-term impact remains to be seen, this comprehensive order represents a substantial effort to protect the nation’s digital infrastructure and critical systems against evolving threats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the coming years, Elastic remains committed to partnering with public sector organizations to facilitate secure AI implementation as well as to provide technology solutions that strengthen the security of critical data and systems. Our ongoing collaboration with CISA and the Continuous Diagnostics and Monitoring (CDM) program continues to provide visibility and security across US federal agencies, and we look forward to continuing to enhance this protection in accordance with this Executive Order.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs713ff2d5f8c6037d"}}},{"callout":{"title_l10n":"Related resources:","_metadata":{"uid":"csfb35215d212d8910"},"paragraph_l10n":"\u003cul\u003e\n \u003cli\u003e\n \u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/public-sector-cdms-data-strategy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat the public sector can learn from CDM’s data strategy\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWebinar: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/microsoft-artificial-intelligence\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResponsible AI adoption: AI and the regulatory environment\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31f97b0274ea2b19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc357012fadf2b0a9"}}}],"publish_date":"2025-01-16","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt77841d6b4501e415","_version":1,"title":"Elastic Banner_7.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-16T19:17:20.299Z","updated_at":"2025-01-16T19:17:20.299Z","content_type":"image/jpeg","file_size":"127175","filename":"Elastic_Banner_7.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-16T19:24:20.241Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77841d6b4501e415/67895b4034a94339f9795195/Elastic_Banner_7.jpg"},"title":"Biden's new Cybersecurity Executive Order: What you need to know","title_l10n":"Biden's new Cybersecurity Executive Order: What you need to know","updated_at":"2025-01-16T19:24:10.257Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/biden-cybersecurity-executive-order","publish_details":{"time":"2025-01-16T19:24:19.687Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2c25f10b097486bd","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Before coming to Elastic, Almudena Sanz Olivé was the only woman on her team at her first data science job.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2025-01-10T05:52:34.549Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs95ccc8ba906a649c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore coming to Elastic, Almudena Sanz Olivé was the only woman on her team at her first data science job.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I joined with a group of people and some people treated me a bit differently. It was the first time I was like, ‘Hey, what’s happening?,’” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile she’d been the minority before, this was the first time it was noticeable, Almudena says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“This has never happened to me again. When I’ve had to hire people, I see more and more CVs from women.”\u003cbr /\u003e\u003cbr /\u003eAlmudena grew up around female role models who worked in tech or tech-adjacent fields. Her mom is a civil engineer and many of her aunts and uncles are also in engineering. So, Almudena was used to seeing women in tech roles.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt seven years old, Almudena built her first website with her dad’s help. She would also regularly go to her grandparents house and rebuild electronics in their garage. On top of that, her dad was a math teacher and gave her math problems to solve.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I feel like it came naturally to me to solve these problems and think about things this way,” she says. “You see patterns, and you come up with ways to solve them.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThat way of thinking would come in handy later in her career as a data scientist. But Almudena first went to school for electronics engineering, which she describes as a mix of electric engineering and computer science.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“When I had to choose a degree, my family asked me what I was thinking of pursuing. They asked if I had considered engineering because I’m good at cracking problems, and I like tech a lot,” Almudena says. “[My family] gave me the idea to go into engineering. When someone tells you it’s a possibility, it’s easier to consider it.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDuring her junior year, she studied abroad in California and took an artificial intelligence course.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I thought that [AI] was interesting as well,” Almudena says. “It gave me a foundation. I studied a lot of stats, math, and data.”\u003cbr /\u003e\u003cbr /\u003eNow, Almudena is a principal data scientist working on Elastic’s observability analytics team.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“We make sense of the telemetry data that our customers use,” she says. “We collect that, and we use data engineering processes to shape it into a way that we can use it and make sense from it.”\u003cbr /\u003e\u003cbr /\u003eThis includes building dashboards for models and working with internal stakeholders to understand how the product is being used.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“A big part of data science is explaining complex things,” Almudena says. “You have to be able to communicate well — that’s one of the most critical skills. You have to be able to explain things and be a teacher. I really enjoy that part of it.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlmudena has also had the opportunity to work with the AI assistant team to build a framework to understand how Elastic customers are using AI assistants and evaluate the quality and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-problem-solving-skills-gen-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eaccuracy of AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I love tools that help people understand their data. We use [machine learning] and AI in the background, so people can better understand their data.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlmudena found the part of tech she really loved. For others interested in joining the tech industry, she recommends finding what motivates you.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Tech is just a tool. It’s the means to an end. Figure out what motivates you to find answers for people. Find what gives you energy and take that path,” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are many ways to get to what motivates you, she says. Almudena’s first jobs weren’t in data science — she moved into the field later in her career because it’s what interested her the most. And she encourages other women to do what feels natural to them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“There are many ways to add value,” she says. “Do what feels natural to you. I’m a bit more observant — I like to observe and then add more once I see the dynamics. You don’t have to be anyone else. Just be yourself.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShe also recommends finding mentors like she had growing up. “Find people that you relate to. Find a mentor and a support system.”\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eInterested in a career in tech? \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://jobs.elastic.co/jobs/department/engineering?\u0026utm_source=http://elastic.co/\u0026utm_medium=referral\u0026utm_campaign=eb-wit\u0026utm_content=almudena-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCheck out open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 8pt;'\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa9f4463fda612849"}}}],"publish_date":"2025-01-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"bltb45e90791ca95e3b","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt86490f3c4998e0e8","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-01-10T05:49:34.017Z","created_by":"blte369ea3bcd6ac892","file_size":"54671","filename":"170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png","parent_uid":null,"tags":[],"title":"170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png","updated_at":"2025-01-10T05:49:34.017Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-01-10T15:00:00.346Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86490f3c4998e0e8/6780b4ee532fd6be605a169d/170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png"},"title":"Almudena Sanz Olivé’s advice for women in tech? Find what motivates you","title_l10n":"Almudena Sanz Olivé’s advice for women in tech? Find what motivates you","updated_at":"2025-01-16T01:50:36.120Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-advice-for-women-in-tech","publish_details":{"time":"2025-01-16T01:51:58.107Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt081b198b853d2a47","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltf544c5b3b4e14aa0"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-14T17:17:25.897Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 7.17.27 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 7.17.27 over the previous versions of 7.17.\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/7.17/new.html).","modular_blocks":[],"publish_date":"2025-01-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 7.17.27 released","title_l10n":"Elastic Stack 7.17.27 released","updated_at":"2025-01-14T19:52:10.413Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-7-17-27-released","publish_details":{"time":"2025-01-14T19:52:15.314Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt75e75d9afe1a4bef","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"The secret to solving business challenges in financial services? Data-fueled AI. We interviewed and surveyed 158 financial services IT leaders to discover what it takes to drive an intelligent AI strategy. ","author":["bltce462b8f0bc7868a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-01-08T15:35:30.865Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs559eae5502fa38f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe financial services industry (FSI) has faced \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003emounting challenges in recent years \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003efrom navigating the rapid acceleration of digital transformation during the COVID-19 pandemic to managing the fallout of economic downturns. These pressures have forced leaders to rethink traditional approaches and find ways to do more with less. A common strategy is the consolidation of tools and investment in technology designed to foster agility and data-driven decision-making. However, despite these efforts, over \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e70% of leaders still struggle to use data in real time and at scale\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs AI and generative AI (GenAI) continue to evolve, they offer new opportunities to unlock the value of data — provided organizations can establish robust data foundations. So, how are today’s financial services leaders rising to these challenges and using next-generation AI to drive their data maturity?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe surveyed 1,005 C-suite, business, and technology leaders on the current state of their business with data and results specifically from 158 financial services leaders. The research reveals five key insights about their business challenges, underlying data problems, and investment priorities (AI, GenAI, and automation) as they catapult their organizations to the next level in the next 12 months and beyond.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere are \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efive lessons\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from financial services leaders on how to solve business challenges with data and AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 1: Accelerate business innovation by prioritizing data","_metadata":{"uid":"csfa6ea9977b502827"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Data is the new currency” refers to the opportunity banks have to use customer data beyond traditional transactions to enhance services and customer engagement. Financial services companies maintain a lot of data, and much of it languishes in disparate legacy systems that go unleveraged. We know that a data-driven approach is also crucial for solving key business challenges and driving innovation — you can’t solve business challenges without the data needed for informed decision-making.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eToday, many C-suite and IT leaders share similar challenges. Chief among them is the inability to harness data continuously in real time and at scale. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResearch reveals\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that 70% of financial services executives identify this as a key hurdle driving their business challenges. Unsurprisingly, 61% have made investing in data tools and technology a top priority in overcoming these issues.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 2: There’s little satisfaction with data insights","_metadata":{"uid":"cs98581cb11cbc1672"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo lead effectively in an increasingly digital world, you must provide technology that delivers the right information to the right people at the right time. Yet, with data spread across diverse environments, formats, and locations, extracting actionable insights is a major challenge. In the financial services sector, 63% of executives are dissatisfied with the insights they have, while 98% face significant data management hurdles. These challenges limit real-time decision-making — increasing reliance on intuition — and lead to costly consequences like revenue loss, reduced productivity, and higher operational risks.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn response, leaders are prioritizing investments in data tools with 69% focusing on data analytics and science solutions to improve insights. However, fragmented systems aren’t enough; building a unified, agile data foundation is essential. By investing in scalable infrastructure, you can empower teams with real-time insights to address challenges, enhance customer experiences, and drive growth.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7af682a5b9e09509"}}},{"quotes":{"quote_l10n":"We are a large bank, and we have hundreds of apps all using the same data but copies of the data. We need a large scale data repository geared up to allow all apps to access the data store in real time.","_metadata":{"uid":"csdeb03b0fe7a59c8d"},"quote_author_l10n":"Financial services industry leader","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Lesson 3: Organizations are less (data) mature than they think","_metadata":{"uid":"csbe5be1ca8c7d26c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIn financial services, \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e77% of C-suite leaders and decision-makers believe that their organization is more advanced in data analytics and intelligence than their peers’\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This heightened self-confidence can happen when leaders overestimate their progress in their data maturity journey.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscrepancies between self-perceived versus actual data maturity:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e69%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe that they were at level 3 or level 4 data maturity have not completed all of the level 1 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e61%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe they are at level 4 maturity have only completed about half of the level 2 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e66%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe they are at level 4 maturity have not completed all level 3 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA data maturity framework offers an objective way to assess your organization’s current capabilities, identify weaknesses, and create a roadmap for aligning data strategies with business goals. Advancing through each level of data maturity is essential, as foundational milestones enable the adoption of advanced technologies like AI and GenAI. Without a robust data foundation, poor data quality can lead to flawed insights and hinder innovation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6103d2e08b3f7683"}}},{"quotes":{"quote_l10n":"To address problems with data utilization, companies can implement a data governance framework that establishes clear guidelines, policies, and procedures for data collection, storage, and usage to ensure data quality, security, and compliance with regulations.","_metadata":{"uid":"csbee51eec552549b0"},"quote_author_l10n":"Financial services technology decision-maker","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Lesson 4: Together, data and AI will increase revenue (and that’s not all!)","_metadata":{"uid":"cs1f85b4e8913f3e6c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInvesting in data technology and AI has become a game-changer for businesses, offering more than just operational improvements. While automating tasks and streamlining workflows enhances productivity and reduces costs, the true potential lies in creating new revenue streams. \u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\" target=\"_self\"\u003eOver 75% of financial services leaders agree\u003c/a\u003e that using real-time data ingestion and AI-driven insights can significantly boost revenue, underscoring the critical role of these technologies for business. This consensus highlights the critical importance of data and AI in contributing to the bottom line.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe benefits extend beyond efficiency. FSI leaders highlight improved employee and customer experiences as top outcomes from data and AI investments. By combining robust infrastructure with advanced analytics, organizations can empower teams to make informed decisions, uncover new opportunities, and deliver exceptional experiences. Embracing AI as a core capability not only addresses current challenges but also positions your business for sustainable growth and long-term leadership in the industry.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 5: Organizations have already deployed generative AI. Have you?","_metadata":{"uid":"cs57beadb78052b0c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI is reshaping industries, revolutionizing problem-solving and innovation. Nearly half of financial services leaders view it as key to addressing challenges with 91% investing or planning to invest. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services#the-power-of-generative-ai-for-financial-services\"\u003e\u003cspan style='font-size: 12pt;'\u003eUse cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in financial services like chat bots, transaction analyzers, and security improvements deliver immediate value. So it’s not surprising that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e91% of FSI C-suite executives and decision-makers plan to invest in or have already invested in generative AI\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. And those who have yet to invest are waiting for generative AI to mature.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8bc75c1b1eabef5e"}}},{"quotes":{"quote_l10n":"It’s simply the way the market is progressing. Not investing [in AI] would leave us behind.","_metadata":{"uid":"cs7fd3348cb39101ca"},"quote_author_l10n":"Business decision-maker in the financial services industry","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1f2ca3a602131c5e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo remain competitive, financial services leaders are integrating AI, automation, and analytics into a cohesive strategy. This approach enhances decision-making, streamlines operations, and drives innovation. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003eWith almost 90% of leaders prioritizing these technologies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, adopting generative AI is essential for sustainable growth and success.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInformed adoption of GenAI can position you ahead of competitors by creating new opportunities and driving innovation.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo stay ahead of the adoption curve, you must first have good data ready to go. Then, identify a high-impact use case that can benefit from the value of a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/open-source-llms-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language model (LLM)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting the best results securely requires feeding your proprietary data to a GenAI algorithm using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e). This technique contextualizes the output of your organization, resulting in more accurate and relevant results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key takeaways from financial services IT leaders","_metadata":{"uid":"csd6d1a24bd8a24553"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe AI revolution is reshaping industries, and financial services leaders are beginning to harness its transformative potential. From accelerating innovation to driving revenue growth, AI and generative AI offer unparalleled opportunities for competitive advantage. However, many organizations struggle to fully capitalize on these technologies — with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e70% of FSI leaders citing difficulties in utilizing data continuously in real time and at scale.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis challenge highlights the need for a fundamental shift in how financial services organizations approach data. By combining the precision of search with the intelligence of AI, you can gain instant, accurate, and actionable insights — empowering confident, data-driven decisions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow is the time to embrace the power of data and AI to overcome challenges, unlock new opportunities, and lead your organization into the future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about what financial services IT leaders had to say about their data and AI strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbf887fc9f63ffa10"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs10e4314d050fa67e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csae80e895bec79c2b"}}}],"publish_date":"2025-01-08","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How banks can use existing data with AI to solve business challenges","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt4691d606956f3926","_version":1,"title":"D4-03_V1 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-07T14:25:27.594Z","updated_at":"2025-01-07T14:25:27.594Z","content_type":"image/jpeg","file_size":"143204","filename":"D4-03_V1_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-08T15:39:30.093Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4691d606956f3926/677d395734b6b68cfebb3e78/D4-03_V1_(1).jpg"},"title":"Transform financial services with AI: Unlock growth, innovation, and insights","title_l10n":"Transform financial services with AI: Unlock growth, innovation, and insights","updated_at":"2025-01-08T15:38:29.813Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-banks-use-existing-data-ai-business-challenges","publish_details":{"time":"2025-01-08T15:39:29.568Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd517d60d08c56c0e","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"How will AI and generative AI shape the future of data in the public sector? See the five key insights garnered from nearly 200 public sector leaders about their underlying data problems, operational challenges, and technology investment priorities.","author":["blt6d82d216763f3c7c"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-12-18T15:14:30.532Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf2d6559636a900fb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDespite the best intentions of many public sector leaders to build data-driven organizations, the reality is that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e65% of public sector leaders still struggle to use data continuously\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in real time and at scale. The upside? Many leaders are taking advantage of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to tackle this critical need. But to reach that level of advanced data maturity and harness the power of these technologies, public sector teams need to manage and analyze exponentially growing data volumes — all while dealing with complex mission challenges.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe partnered with Socratic Technologies to dig deeper into the state of data in the public sector — the data behind the data, if you will. Over 1,000 C-suite, business, and technology leaders from around the world were surveyed on the current state of their organizations. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWith data and results from nearly 200 leaders in the \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003epublic sector\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e the research reveals five key insights about their operational challenges, underlying data problems, and investment priorities (AI, GenAI, and automation).\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Here’s a sneak peek at the results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Extracting maximum value from data is a priority . . .","_metadata":{"uid":"csc18656f0c8810714"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations everywhere want to center their decision-making around data. But that’s easier said than done. Leaders cited that the lack of adequate tools and automation\u0026nbsp; made it difficult to gather informed insights from their wealth of data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBased on these widely cited data-wrangling difficulties, it’s easy to see how AI and generative AI will play a key role going forward.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8dfeed8b8388c012"}}},{"quotes":{"quote_l10n":"It’s taking us longer to do our job, which is not good since most of our work is done in an emergency situation. We need to be able to get information as soon as possible.","_metadata":{"uid":"cs2da38c6dd4ef0013"},"quote_author_l10n":"Nontechnical decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":". . . but there’s little satisfaction with data insights","_metadata":{"uid":"csa40408577f4eb50c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBased on the research, only 32% of public sector leaders use data insights for daily decisions. So, even when most organizations have no shortage of data, they continue to struggle with drawing strategic insights from it. Some challenges include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTeams struggling to adopt data tools and products\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInability to monitor data and use insights in real time\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDifficulty with efficient use of AI to analyze data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTough to analyze data at scale\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData silos and sprawl\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Organizations aren’t quite as (data) mature as they think","_metadata":{"uid":"cs91eeb29be2cc5be3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe report analyzes organizations’ data maturity frameworks using the following levels to assess how far along they are in their strategic data journey:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 1: Consume and capture\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 2: Analyze and action\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 3: Explore and automate\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 4: Collaborate and transform\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile 76% of leaders in the public sector believe that their organization is more advanced in data analytics and intelligence than their peers’, their answers to the data maturity assessment revealed otherwise. They often had a lot of room for improved data management, analysis, and data-driven decision-making and efficiency.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0d5fad277812a425"}}},{"quotes":{"quote_l10n":"Data is very siloed right now. Different systems exist, and they don't communicate with one another. Each team is wary of giving up what they're familiar with or pushing for change. We need an aggregator that streamlines everything.","_metadata":{"uid":"cs310f96fee50c1f5c"},"quote_author_l10n":"Technology decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Can AI and generative AI come to the rescue?","_metadata":{"uid":"cs823527f75ec27b51"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI are already proving to be a powerful tool in driving better operational outcomes. Nearly all the survey respondents were excited and optimistic about the possibilities of using data and AI to increase productivity, citing the following as just a few of the potential benefits:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved productivity (through a unified data view)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBetter operational resilience\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnhanced customer experiences\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced disruption and risk\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLower costs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs42cc2acbfb534f6f"}}},{"quotes":{"quote_l10n":"To stay current in the public sector, we’re using AI. All competition is already using it or will be soon — you can't be left behind.","_metadata":{"uid":"cs9998ea0098f28071"},"quote_author_l10n":"Technology decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Many organizations are making the leap into generative AI — are you? ","_metadata":{"uid":"cs10f164efb226d0e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis next-generation technology is changing how we cultivate ideas, solutions, and insights — unlocking unprecedented opportunities for innovation, productivity, and efficiency. Though the public sector is more cautious around AI adoption primarily due to government regulations and data privacy, nearly all the participants identified these top use cases where they’ll lean into AI:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomation of manual processes and workflows based on line of business requirements, such as customer support, research and development, and procurement\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData ingestion and augmentation\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI assistants that can help with information retrieval and summarization for day-to-day tasks\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData summarization and analysis\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"cs47a8b5f97d40361d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe referenced just a small sampling of survey data points and findings. But you can dig into 40+ pages of findings on how public sector organizations are making better use of their data and using (or planning to use) AI to drive efficiency and productivity, enhancing team and customer experiences.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"http://elastic.co/industries/public-sector/5-generative-ai-insights-for-leaders\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet the full report\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs92ca744cd8bc0a84"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d7d0fc4fe947507"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse4757459c27b20c3"}}}],"publish_date":"2025-01-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}},{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt9bb0140feaab7f35","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T15:14:27.837Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161963","filename":"Elastic_Banner_8_(1).jpg","parent_uid":null,"tags":[],"title":"Elastic Banner_8 (1).jpg","updated_at":"2024-12-18T15:14:27.837Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-01-07T14:00:00.944Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9bb0140feaab7f35/6762e6d34657c8bcc0d212ca/Elastic_Banner_8_(1).jpg"},"title":"5 insights from public sector leaders: Solving organizational challenges with data and AI","title_l10n":"5 insights from public sector leaders: Solving organizational challenges with data and AI ","updated_at":"2025-01-06T16:29:54.188Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/public-sector-leaders-insights-ai","publish_details":{"time":"2025-01-07T14:00:00.921Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt579720ad0039428f","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Interested in becoming a site reliability engineer (SRE)? Find out how practitioners feel about this role and what types of skills and responsibilities are needed in today’s world of modern observability. ","author":["bltd516a87082210f90"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-19T20:16:58.863Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs69cf7751421c64da"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImagine the CTO walks into your team meeting and drops a bombshell: \"We need to cut our cloud costs by 30% this quarter.\" As the lead SRE, this might cause a strong reaction — isn’t your job about ensuring reliability? When did you become responsible for the company's cloud bill?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you've had a similar experience, you're not alone. The role of site reliability engineers (SREs) is evolving fast. A recent \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003esurvey of observability practitioners\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e sheds light on this transformation, revealing both challenges and opportunities for those of us in the SRE trenches.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Most SREs love their jobs ","_metadata":{"uid":"cs92579f0e364c56e8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA whopping 94% of SREs surveyed said they would recommend the role to a colleague. That's a ringing endorsement if I've ever heard one.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscc9e3b681bfc3816"}}},{"image":{"image":{"uid":"bltbcf4aa924993e96a","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:00:42.305Z","updated_at":"2024-12-19T20:00:42.305Z","content_type":"image/png","file_size":"372862","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.573Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbcf4aa924993e96a/67647b6a08d14f4b64da5253/image1.png"},"_metadata":{"uid":"cs7582a2ff69e6f15d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd7fdc193fd4925c2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut why do SREs love it so much? The survey offers some clues:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e90% of SREs agree that the job is interesting and offers opportunities to learn about both business and technology.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe role requires a diverse skill set, keeping things challenging and engaging.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSREs often have a bird's-eye view of the entire system, allowing for strategic thinking and impactful improvements.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"SREs learn about business and technology","_metadata":{"uid":"csd96f742bb9a35617"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe foundation of this high job satisfaction appears to stem from the unique blend of challenges and opportunities that define the SRE role. While many technical positions might focus on specific aspects of technology or business operations, SREs get to experience both worlds simultaneously. Most SREs report finding their work intellectually stimulating, specifically citing the dynamic interplay between business and technology as a key driver of their job satisfaction.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs are challenged by their diverse skill set","_metadata":{"uid":"cs5b182143b33506f9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat makes the SRE role particularly engaging is its demand for a diverse skill set. These professionals might spend one day optimizing cloud infrastructure; the next day collaborating with product teams to improve service level objectives (SLOs); and another day designing automated incident response systems. The emergence of generative AI (GenAI) has also opened up a Pandora's box of new possibilities and techniques for SREs to use. This variety isn't just about keeping things interesting. It also represents continuous opportunities for professional growth and skill development.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs get to have a bird’s-eye view","_metadata":{"uid":"cs88a3ae3315391cbc"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the most distinctive aspects of the SRE role is the unique vantage point it provides within an organization. SREs maintain a comprehensive view of systems — from infrastructure foundations to high-level business objectives. This panoramic perspective enables them to identify patterns and opportunities that might go unnoticed by teams with narrower focus areas. With this broad view, they're uniquely positioned to drive measurable improvements that impact both technical metrics and business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs: The Swiss Army knives of tech","_metadata":{"uid":"cs25d1f561d65cc8c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe strategic nature of the role places SREs at the forefront of technological innovation. As systems become increasingly complex and distributed, their role in balancing reliability with rapid innovation becomes ever more crucial. Rather than simply maintaining existing systems, these professionals actively shape how modern technology organizations operate and scale.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBeyond technical challenges, there's a deeper satisfaction in the core mission of the role. SREs serve as both architects and guardians of critical systems that power modern businesses. They're the professionals who ensure smooth operations, step in during crises to restore stability, and implement preventive measures before problems occur.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe SRE community is also known for its strong emphasis on knowledge sharing and collaborative growth. This creates a positive environment where professionals consistently learn from each other's experiences and innovations. Such collaborative spirit has helped establish SRE as not just a job but also a community of practice.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese high satisfaction rates send a compelling message to those considering entering the field. Despite the inherent challenges and complexities of the role, the rewards — both personal and professional — appear to make it worthwhile. And if current satisfaction levels are any indication, it’s potentially even more rewarding.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The expanding SRE toolkit","_metadata":{"uid":"csf10673971071fdc6"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cse1852ee582069772"}}},{"image":{"image":{"uid":"bltaa8a35e8dfb0bb4e","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:01:55.301Z","updated_at":"2024-12-19T20:01:55.301Z","content_type":"image/png","file_size":"334110","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.474Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa8a35e8dfb0bb4e/67647bb3776bc019f327a53c/image3.png"},"_metadata":{"uid":"cs73091e1fb09a4d51"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3b8690af2bc3ddd4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of diverse skill sets, the survey highlighted some key areas of expertise for modern SREs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Monitoring and observability (80%)","_metadata":{"uid":"cs47507000f96808bd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the core of the SRE skill set lies monitoring and observability expertise with four out of five professionals citing it as essential to their role. This comes as no surprise. In today's complex distributed systems, the ability to gain meaningful insights from system behavior isn't just useful; it's fundamental. Modern SREs need to navigate through seas of telemetry data, identifying patterns and anomalies that could impact service reliability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automation and scripting (75%)","_metadata":{"uid":"csba35c7a45944ec78"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHand in hand with observability comes the art of automation and scripting, endorsed by three-quarters of surveyed SREs. This emphasis on automation reflects a core principle of the role: eliminating repetitive tasks to focus on more strategic work. Whether it's deploying infrastructure as code, automating incident response, or creating self-healing systems, the ability to write efficient automation solutions has become invaluable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Performance tuning and optimization (68%)","_metadata":{"uid":"csa882567615c6aa0a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePerformance tuning and optimization represents another crucial skill area with more than two-thirds of SREs highlighting its importance. In an era where milliseconds can mean the difference between user satisfaction and frustration, the ability to identify and resolve performance bottlenecks has grown critical. This isn't just about making systems faster; it's also about understanding the delicate balance between performance, reliability, and cost.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Incident response and postmortem analysis (60%)","_metadata":{"uid":"cs951e5057095b546a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe importance of incident response and postmortem analysis skills — cited by 60% of SREs — reflects the profession's emphasis on learning and continuous improvement. When incidents occur, the ability to respond effectively and then extract meaningful lessons from the experience can mean the difference between recurring issues and systemic improvements. This involves not only technical expertise but also the soft skills needed to facilitate blameless postmortems and drive organizational learning to improve workflows.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Distributed systems design (40%)","_metadata":{"uid":"cs67d65872f7405089"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs systems grow more distributed and complex, expertise in distributed system design has become increasingly valuable with two out of five SREs identifying it as a key skill. Understanding how to build and maintain reliable systems across multiple regions, clouds, and technologies has become crucial as organizations expand their digital footprint.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The emergence of cost management skills","_metadata":{"uid":"cs5a6c5f1364005f38"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut perhaps the most interesting trend emerging from recent surveys is the growing importance of cost management skills. In an era of increasing cloud complexity and rising infrastructure costs, SREs are increasingly being called upon to balance reliability with financial efficiency. This new dimension adds another layer of complexity to the role, requiring SREs to consider the cost implications of their architectural decisions and optimization strategies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolving skill set reflects broader changes in the technology landscape. As organizations continue their digital transformation journeys, the role of the SRE has expanded beyond traditional operational concerns to encompass a wider range of business-critical competencies. The modern SRE needs to be part systems engineer, part business analyst, and part strategic advisor.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those considering a career in SRE or looking to evolve their existing role, understanding these key skills provides a valuable roadmap for professional development. The diversity of required skills also highlights why the role remains so engaging and challenging — there's always something new to learn and master in the pursuit of system reliability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The new frontier: Cost optimization","_metadata":{"uid":"csa76037048b3d70dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's where things get interesting. The survey revealed that 85% of observability practitioners have some responsibility for cost management. For 31%, it's a formal part of their job evaluation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis trend isn't emerging in isolation. As organizations continue their cloud migration journeys and expand their digital footprints, many are experiencing the sticker shock of rapidly escalating cloud costs. The days of treating cloud resources as an unlimited utility are waning and being replaced by a more nuanced approach that balances technical requirements with financial sustainability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat makes this shift particularly fascinating is how naturally it aligns with the core competencies of observability practitioners and SREs. These professionals already possess deep insights into system behavior, resource utilization, and performance patterns. They understand which services are essential, which are over-provisioned, and where optimization opportunities lie. In many ways, they're ideally positioned to lead cost optimization initiatives while maintaining service reliability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe incorporation of cost management into observability practices is transforming how teams approach system design and optimization. Decisions about data retention, sampling rates, and instrumentation density now carry financial implications that must be carefully weighed. The question is no longer just \"can we collect this data?\" but also \"should we collect this data and at what granularity?\"\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The approach to observability tooling and infrastructure is changing","_metadata":{"uid":"csbcab88362a11c65f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolution is also changing how organizations approach observability tooling and infrastructure. Teams are looking for solutions that provide both technical insights and cost visibility. The ability to understand the financial impact of observability decisions — from logging volumes to metric collection frequencies — has become crucial for making informed architectural choices.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe formal integration of cost management into job evaluations for 31% of practitioners signals a maturation in how organizations view the relationship between technical operations and business outcomes. It recognizes that effective system reliability isn't just about maintaining uptime and performance — it's about doing so in a cost-effective manner that supports business sustainability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis shift also presents new opportunities for observability practitioners to demonstrate their value to organizations. By combining their technical expertise with cost optimization skills, these professionals can drive improvements that impact both system reliability and the bottom line. The ability to speak both languages — technical and financial — is becoming an increasingly valuable skill in the modern technology landscape.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking ahead, this trend suggests that the future of observability will be more intertwined with financial operations (FinOps) practices. The most successful practitioners will be those who can navigate this intersection effectively, making informed decisions that balance technical needs with financial constraints. As cloud costs continue to gain more attention in boardrooms, the role of observability practitioners in managing these costs will likely only grow in importance.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor professionals in the field, this evolution presents both challenges and opportunities. Developing skills in cost optimization and financial analysis may require stepping out of traditional technical comfort zones. However, the ability to drive both technical excellence and financial efficiency positions observability practitioners as key strategic partners in their organizations' success.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Balancing act: Reliability vs. cost vs. innovation","_metadata":{"uid":"cs6cd036c43ee39cee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do we balance these competing priorities? Here are some strategies I've found effective:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTreat cost as a reliability concern: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eJust as we set SLOs for uptime or latency, consider setting objectives for cost efficiency. This mindset can help align cost management with our core mission of reliability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse observability for cost insights:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Use your observability tools to gain visibility into cost drivers. Many platforms, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, now offer features to correlate performance metrics with cost data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomate cost optimization:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Apply your automation skills to cost management. Set up alerts for unusual spending spikes, automate resource scaling based on demand, and create self-service tools for developers to understand the cost implications of their design choices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollaborate across teams:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Work closely with development teams to build cost-awareness into the development process. This could involve creating cost-based architectural decision trees or including cost considerations in code reviews.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInvest in FinOps knowledge:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Familiarize yourself with FinOps principles and tools. This emerging practice bridges the gap between finance, technology, and business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse AI/machine learning (ML) for predictive cost management: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAs the survey showed, AI/ML is becoming increasingly important in observability. Look for ways to apply these technologies to predict and optimize costs proactively.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"The role of AI/ML in the evolving SRE landscape","_metadata":{"uid":"cs3ee0cd9c76f59065"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of AI/ML, the survey had some interesting findings in this area:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e72% of teams are already using AI/ML for observability use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe top use case is correlating logs, metrics, and traces for troubleshooting.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile only 13% say they're getting high value from AI/ML today, 39% expect high value in the future.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe numbers tell an intriguing story: Nearly three-quarters of teams have already incorporated AI/ML capabilities into their observability practices, marking a significant shift in how modern organizations approach system monitoring and troubleshooting.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday's primary challenge for AI in observability is focused on one of the field's most persistent challenges: correlating different types of telemetry data. The ability to automatically connect logs, metrics, and traces for troubleshooting has emerged as the leading use case — addressing a pain point that has long plagued observability practitioners. This application of AI helps cut through the complexity of modern distributed systems, potentially reducing investigation times from hours to minutes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, the current state of AI in observability presents an interesting paradox. While adoption is high, only 13% of teams report achieving high value from these technologies today. This gap between adoption and satisfaction suggests we're in a transitional period, where organizations are actively experimenting with AI capabilities but haven't yet fully optimized their implementation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut the optimism about future value is striking with nearly 40% of teams expecting to derive high value from AI/ML in their observability practices in the coming years. This confidence indicates that while teams may be struggling with current implementations, they see clear potential for these technologies to transform their operations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs87e3d7d8f901aa1c"}}},{"image":{"image":{"uid":"blt3f3ba3e3048fb0f8","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:05:24.351Z","updated_at":"2024-12-19T20:05:24.351Z","content_type":"image/png","file_size":"163987","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.587Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f3ba3e3048fb0f8/67647c845c0f674f8d8190b2/image4.png"},"_metadata":{"uid":"csf35b9b970b605a7b"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs945de078d6de321e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe evolution of AI in observability mirrors a broader pattern we've seen with many technological transformations: early adoption focused on automating existing processes followed by more transformative applications that fundamentally change how we work — essentially, leaping across the chasm as seen in the technology adoption lifecycle model above. Current AI implementations often focus on augmenting traditional observability practices — making existing workflows more efficient. The real transformation will likely come as these technologies mature and enable entirely new approaches to understanding and maintaining complex systems.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs14a273cbc4b834bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe potential applications of AI in observability extend far beyond correlation and troubleshooting. Imagine systems that can predict potential failures before they occur, automatically adjust their own monitoring parameters based on changing conditions, or provide natural language interfaces for complex system queries. These capabilities, while still emerging, could fundamentally change how teams approach system reliability and performance optimization.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe survey data also suggests an important shift in how organizations view the relationship between AI and human expertise. Rather than replacing human judgment, AI is increasingly seen as a tool for augmenting human capabilities — helping practitioners handle the growing scale and complexity of modern systems while freeing them to focus on more strategic work.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolution in AI capabilities could also help address the growing cost management responsibilities many teams face. Advanced AI systems could help optimize resource utilization, suggest cost-saving measures, and balance performance requirements with budget constraints — all while maintaining required reliability levels.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor organizations considering or currently implementing AI-enabled observability solutions, these findings suggest a measured approach: Embrace the technology's current capabilities while preparing for its evolution. Focus on use cases with proven value like telemetry correlation while building the foundational knowledge and infrastructure needed to take advantage of more advanced capabilities as they mature.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe gap between current and expected value from AI/ML in observability represents both a challenge and an opportunity. While teams may need to temper their expectations for immediate transformative results, the potential for these technologies to revolutionize observability practices remains strong. As AI capabilities and teams continue to mature, organizations will become more sophisticated in their implementations. We're also likely to see that value gap close, ushering in a new era of intelligent observability practices, including cost controls.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Embracing the evolution of an SRE","_metadata":{"uid":"csac739709a3fc7a33"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe expanding role of SREs brings both challenges and opportunities. Yes, we're being asked to wear more hats than ever before. But this also means we have more opportunities to drive strategic value for our organizations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy embracing these new responsibilities, particularly around cost optimization and AI, we can elevate our role from \"keeping the lights on\" to driving business success. And isn't that why many of us got into this field in the first place — to make a real, tangible impact on our companies and the users we serve?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, if your CTO drops a cost-cutting bombshell in your lap, try not to let your stomach drop. Instead, see it as an opportunity to flex your SRE muscles (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003edetails in this recent survey\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e) and use your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/devops-observability/understanding-aiops-for-observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in new and impactful ways. After all, in the world of SRE, change is the only constant — and that's exactly what makes this job so exciting.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20180d3b50841a8e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd1326a6b67243aa1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs69c0fdd4c7435d7c"}}}],"publish_date":"2024-12-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"A look at the expanding roles of SREs and the new skills needed: cost management and AI","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt3e8a34e1dd0a5be5","_version":1,"title":"elastic-de_149846_720x420_05-B.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:16:57.039Z","updated_at":"2024-12-19T20:16:57.039Z","content_type":"image/jpeg","file_size":"112572","filename":"elastic-de_149846_720x420_05-B.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.555Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e8a34e1dd0a5be5/67647f39294a2b6e823af634/elastic-de_149846_720x420_05-B.jpg"},"title":"The evolving role of SREs: Balancing reliability, cost, and innovation","title_l10n":"The evolving role of SREs: Balancing reliability, cost, and innovation","updated_at":"2024-12-19T20:19:03.208Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/site-reliability-engineer-role-evolution","publish_details":{"time":"2024-12-19T20:19:08.238Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfa63352747c41493","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Significantly reduce CVEs in Elastic container images by switching to using Chainguard minimal base images in our Elastic products and optimizing our workflows for a scalable vulnerability management program.","author":["blt04e7376a7e72786f"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-19T18:17:36.431Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9457d7027b8ce4e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog post, we will discuss our journey to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003esignificantly\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ereduce Common Vulnerabilities and Exposures (CVEs) in Elastic container images \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eby switching to a minimal base image in our Elastic products and optimizing our workflows for a scalable vulnerability management program.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Stack based on Chainguard images","_metadata":{"uid":"csd13bf1fb3abe3910"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.chainguard.dev/chainguard-images\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eChainguard images\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are a collection of container images that meet the requirements of the secure software supply chain, including verifiable signatures, provenance, software bills of materials (SBOM), few CVEs, and small image sizes. The images are built on top of the \u003c/span\u003e\u003ca href=\"https://github.com/wolfi-dev\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWolfi project\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which aims to provide a secure and minimal base image for containerized applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStarting with version 8.16, Elastic provides a variant of the Elastic Stack containers based on Chainguard images. The Chainguard variant of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.16/docker.html#docker-wolfi-hardened-image\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch 8.16\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e was released a few days ago with a lower count of CVEs compared to previous versions, and the in-progress 8.17 development version is already down to only 1 low CVE.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa35a6223b9db9336"}}},{"code":{"code":"$ snyk container test docker.elastic.co/elasticsearch/elasticsearch-wolfi:8.17.1-SNAPSHOT\n\nPackage manager: apk\n✔ Tested 58 dependencies for known issues, no vulnerable paths found.\n...\nTested 108 projects, 1 contained vulnerable paths.","_metadata":{"uid":"csb9ed52e96b17e545"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb74d9e4ad4355afc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUse the following commands to pull the Elastic Stack images based on Wolfi as mentioned on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-wolfi-hardened-image\"\u003e\u003cspan style='font-size: 12pt;'\u003eeach product documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e page:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs38918e7643204fa8"}}},{"code":{"code":"docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/kibana/kibana-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/logstash/logstash-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/apm/apm-server-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/elastic-agent/elastic-agent-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/beats/filebeat-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/beats/metricbeat-wolfi:\u003cVERSION\u003e","_metadata":{"uid":"cs81334bc5f23f8990"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs79ce13cf842776c4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Wolfi-based images are not the default ones for several reasons:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo avoid breaking customer workloads that rely on Ubuntu packages\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo ensure non-Elastic users can keep building default images from the source code\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo maintain the same user experience when pulling the default Elasticsearch images from Docker Official, Docker Hub, AWS ECR, and the Elastic container registry\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs25de5fdfd5e7ef79"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs37003f9389cbf78e"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eNote on the compatibility with Docker versions 20.10.10 or higher\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eFor users relying on Docker as their container engine, deploying Elastic Stack images based on Wolfi requires Docker version 20.10.10 (which is end of life as of December 10, 2023) or higher. The incompatibility is due to recent images using a version of glibc newer than 2.34. glibc 2.34+ defaults to using a new clone3 syscall. For backward compatibility, glibc attempts to fall back to clone when encountering the ENOSYS error. However, the default seccomp filter in Docker 20.10.9 and lower versions causes an EPERM error, which is treated as a fatal error by glibc and prevents the fallback from occurring. A fix has been backported to \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://docs.docker.com/engine/release-notes/20.10/#runtime\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eDocker version 20.10.10 and above\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e, addressing the compatibility issue. \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eECE customers running Elastic Stack 8.16+ require a Docker version 20.10.10 or higher.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Approach to addressing vulnerabilities","_metadata":{"uid":"cs75edf9325e3e5cd8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEngineering and information security teams worked on addressing vulnerability management challenges to achieve multiple goals: to provide hardened containers to our customers; to help with compliance regulations; to improve our supply chain security posture; and to reduce the burden of addressing and triaging CVEs on our customers, engineering, security, and support teams. The impact spans across Elastic products, including Elastic Self-Managed offerings (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), Elastic Cloud on Kubernetes (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-overview.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eECK\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), and Elastic Cloud (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServerless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHosted\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt a high level, the first step was to define how teams within the organization would comply with the vulnerability management program and the associated service level objective (SLO) used to measure compliance. Next, we focused on deploying tools and processes to ensure that engineering teams are proactively notified, enabling them to efficiently manage their projects in order to meet these objectives and respond appropriately when these SLOs are breached. This initiative was founded on the following principles:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(1) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEstablish a secure foundation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e By building on top of the \u003c/span\u003e\u003ca href=\"https://www.chainguard.dev/chainguard-images\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChainguard images\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, we set up a foundation for success to build securely by default across the organization — providing automatic and fast vulnerability remediation without adding burden to our engineers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(2) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOptimize for container workload:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Every component included in the container image must be required and optimized for the targeted runtime environment.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(3) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eContinuous code analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Software composition analysis (SCA) tooling runs continuously to build a comprehensive inventory of open source third-party components in Elastic products and proactively identify and mitigate issues that may impact our products because of their use.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(4) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCVE SLO quality gates:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Enable enforcement of CVE SLO checks before a container image is released or deployed to production.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(5) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eContinuous monitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Teams are automatically notified when their products running in production are not compliant anymore as new vulnerabilities are frequently discovered, including impact container images that were free of vulnerabilities by the time of their deployment to production.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(*) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrequent updates:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Critical to the success of this initiative, the efforts in (1) to (5) are useless without deploying frequently. Processes are in place to ensure the events triggered by (1), (3), or (5) lead to notifications for a new deployment.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Establish a secure foundation with automated updates","_metadata":{"uid":"cs8c8eaf10c3290859"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe workflow that ensures a smooth experience for engineers at Elastic in using secure-based images for their container products and keeping them up to date is built upon the Chainguard images product, the Renovate project, and best practices in supply chain security.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic uses a mix of Chainguard developer and production images that are regularly synchronized to the Elastic container registry with their signatures and SBOMs. Prior to being synchronized, each image signature is verified using \u003c/span\u003e\u003ca href=\"https://docs.sigstore.dev/cosign/verifying/verify/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ecosign\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Storing these images in the Elastic registry provides the optimal developer experience for Elastic engineers, mitigates the risk of incidents arising from third-party systems, and ensures control over the source from which our containers are pulled in production.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe provide documentation to engineers that outlines several key practices. First, it emphasizes the importance of referencing a tag and a digest for each base image used — pinning a container image to a digest ensures maximal build reproducibility, and while image tags are mutable, digests are not. Additionally, engineers are encouraged to use Docker multistage builds by combining a fully featured image at build time with a distroless image at runtime. Distroless images significantly reduce the attack surface of a container by containing only the application and its runtime dependencies, thereby minimizing the risk of vulnerabilities associated with the base image.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.renovatebot.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eRenovate\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is an open source tool to automate the maintenance of software dependencies. It’s configured to improve developer experience for updating Chainguard images used in the Elastic GitHub repositories by automatically raising pull requests to modify the base images digest as soon as new ones are available. As shown below, Renovate is configured in the Elasticsearch repository to ensure the \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/118901\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebase image digests get automatically updated\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on the releasable git branches when Chainguard provides a new version:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs785b44a98a8fb019"}}},{"image":{"image":{"uid":"blta329ea8f1397c2d8","_version":1,"title":"image-update-docker.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T18:07:15.631Z","updated_at":"2024-12-19T18:07:15.631Z","content_type":"image/png","file_size":"408463","filename":"image-update-docker.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T18:24:06.464Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta329ea8f1397c2d8/676460d3294a2b15c13af4ee/image-update-docker.png"},"_metadata":{"uid":"cs388f751deb18bf85"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"ECK 2.16 released with 0 CVE","_metadata":{"uid":"cs831129e4716b4c04"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt on the Kubernetes Operator pattern, ECK extends the basic Kubernetes orchestration capabilities to support the setup and management of the Elastic Stack. On December 18, 2024, ECK 2.16.0 was released with\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e 0 CVE!\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs212b5177774b6eb9"}}},{"code":{"code":"$ snyk container test docker.elastic.co/eck/eck-operator:2.16.0\n\n✔ Tested 3 dependencies for known issues, no vulnerable paths found.\n...\n✔ Tested 707 dependencies for known issues, no vulnerable paths found.\n\nTested 2 projects, no vulnerable paths were found.","_metadata":{"uid":"csd7413819de8e5391"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf6391da37322361f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking at the \u003c/span\u003e\u003ca href=\"https://github.com/elastic/cloud-on-k8s/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eECK repository codebase\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and especially the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eDockerfile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, it illustrates the best practices mentioned above:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA multistage build phase using the Chainguard Go image to build the binary from the Elastic container registry that is referenced via the tags and digest values to ensure build reproducibility and automated updates:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs0488c7d4542ce272"}}},{"code":{"code":"# Build the operator binary\nFROM docker.elastic.co/wolfi/go:1.23.4@sha256:0c563962687ca1d5677b810d2fcb6c1dcb7bd650c822999c715ad715590f14bb AS builder\n...\n# Build\nRUN --mount=type=cache,mode=0755,target=/go/pkg/mod \\\n CGO_ENABLED=0 GOOS=linux LICENSE_PUBKEY=/$LICENSE_PUBKEY make go-build","_metadata":{"uid":"cse2b0726704b96e2f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs56f8d9dbfde7c9e7"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eA multistage runtime phase using a distroless image to reduce the attack surface that is always referenced by a tag+digest value:\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs087f4cb17bd6dd00"}}},{"code":{"code":"FROM docker.elastic.co/wolfi/static:latest@sha256:5ff428f8a48241b93a4174dbbc135a4ffb2381a9e10bdbbc5b9db145645886d5\n...\nCOPY --from=builder /go/src/github.com/elastic/cloud-on-k8s/elastic-operator /elastic-operator\n...\nENTRYPOINT [\"/elastic-operator\"]\nCMD [\"manager\"]","_metadata":{"uid":"cs72b9dc022bc52ccc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs08640f4fb0466cdc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs94199e924f2aff36"}}}],"publish_date":"2024-12-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8adcbb1adf4f30dc","ACL":{},"created_at":"2020-06-17T03:37:36.199Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack-security","label_l10n":"Stack security","tags":[],"title":"Stack security","updated_at":"2020-06-17T03:37:36.199Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-07T20:06:58.974Z","user":"blt36e890d06c5ec32c"},"_content_type_uid":"tags_topic"}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt49d4b623ebdfdd90","ACL":{},"created_at":"2022-09-13T16:43:19.010Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2022-09-13T16:43:19.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.239Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt35c347a18686f701","_version":1,"title":"05-station (1).jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T18:17:35.347Z","updated_at":"2024-12-19T18:17:35.347Z","content_type":"image/jpeg","file_size":"33369","filename":"05-station_(1).jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T18:24:06.446Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt35c347a18686f701/6764633f943056583a42ac11/05-station_(1).jpeg"},"title":"Reducing CVEs in Elastic container images","title_l10n":"Reducing CVEs in Elastic container images","updated_at":"2024-12-19T18:23:16.518Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/reducing-cves-in-elastic-container-images","publish_details":{"time":"2024-12-19T18:24:05.829Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt884fd002e22c74f2","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"As governments and regulatory bodies try to catch up to the rapid pace of AI's evolution, we explore the current state of AI regulation in Asia and its varying approaches.","author":["bltac8c8d1e2a12565e","blt4912a365604f6024"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T19:06:40.690Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs60f2f1a13dc0d2ca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArtificial intelligence (AI) is rapidly transforming the world — revolutionizing industries and reshaping the way we work and live. As AI advances, governments across Asia are grappling with the challenge of regulating this complex technology. While the concept of AI is not new, its development has been increasing at such a rapid rate that the law is playing catch-up.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis article explores the evolution of AI regulation in Asia, which is taking place in three primary ways:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eChina has enacted specific AI regulations. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBut these regulations are vague and could complicate compliance.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSingapore and the ASEAN region have taken a soft, non-binding, and voluntary approach\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with the aim of driving AI growth and innovation. However, it is unclear if governments can quickly identify and mitigate emerging risks.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSouth Korea, with its proposed AI Basic Law\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eaims to draw a distinction between high-impact AI applications where more guardrails may be required and low-risk areas where a more relaxed approach may make better sense. Japan and Australia, which are currently adopting a similar approach to Singapore, have discussions drawing similar distinctions between high-impact AI and low-risk areas (though the specific distinctions might differ).\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"China: Enacting specific AI regulations","_metadata":{"uid":"cs223c4924bfff7811"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn 2017, China issued a comprehensive three-step strategy, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eNew Generation Artificial Intelligence Development Plan\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, with the intent to propel China to the forefront of AI innovation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince then, China has enacted a series of AI-specific legislations, such as:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdministrative Provisions on Recommendation Algorithms in Internet-based Information Services\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. 2022), which “contain several mandatory requirements for providers of the [algorithm recommendation services]”\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdministrative Provisions on Deep Synthesis in Internet-based Information Services\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. since 2023), which seeks to strengthen the integrated management of the internet information services\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eInterim Measures for the Management of Generative Artificial Intelligence Services (“GAI Measures”)\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. since 2023), which sets out the rules to regulate those who provide generative AI capabilities to the public within Mainland China\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScientific and Technological Ethics Review Regulation (Trial)\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. 2023), which requires entities engaging in scientific research activities in life sciences, medicine, or AI to establish an ethics committee\u003csup\u003e3\u003c/sup\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHowever, these AI regulations themselves do not impose penalties. Instead, penalties can be incurred under existing laws, such as the cybersecurity law, the data security law, the Personal Information Protection Law (PIPL), China’s Civil Code, and criminal law.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOn the face of it, China is taking a “hard law” approach, implementing regulations that outline liability provisions for violations and noncompliance. This could attract both civil and criminal penalties and even possible business cessation under existing laws.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese regulations are vague (quite unlike the approach taken by the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/eu-ai-act\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEU AI Act\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e) as they do not have a clear definition of AI or generative AI. This makes implementation, compliance, and enforcement difficult for both government and potentially affected organizations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Singapore, the ASEAN region, Japan, and Australia: A soft, voluntary approach","_metadata":{"uid":"csfdd9940880331f20"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn the other end of the spectrum, several countries are taking a more voluntary approach.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Singapore","_metadata":{"uid":"cs6f4f9b96b8414c7f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSingapore has taken the lead in the voluntary approach space with the release of its nonbinding framework and strategy:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe Model AI Governance Framework in 2019\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (updated in 2020) sought to provide “detailed and readily-implementable guidance to private sector organizations to address key ethical and governance issues when deploying AI solutions.”\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe Model AI Governance Framework for Generative AI\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (published in 2024) was built on the aforementioned Model AI Governance Framework and pertains to generative AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe National Artificial Intelligence Strategy 2.0 to Uplift Singapore’s Social and Economic Potential\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (released in 2023) “outlines [Singapore’s] ambition and commitment to building a trusted and responsible AI ecosystem, driving innovation and growth through AI, and empowering [the people of Singapore] and businesses to understand and engage with AI.”\u003csup\u003e5\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFurther, Singapore’s AI Verify Foundation was established with the aim of “harness[ing] the collective power and contributions of the global open-source community to develop AI testing tools to enable responsible AI.”\u003csup\u003e6\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese are nonbinding and seek only to provide guidance. Liability for any related violations would be governed by the current existing laws, such as the Personal Data Protection Act, the Copyright Act, and the Computer Misuse Act. It remains to be seen whether the government can quickly identify and mitigate emerging risks under such a framework.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ASEAN","_metadata":{"uid":"cs7a2f2bbe9ee6c3d0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eASEAN released a guide on AI Governance and Ethics in February 2024, which is a nonbinding practical guide for companies in ASEAN that “focuses on encouraging alignment within ASEAN and fostering the interoperability of AI frameworks across jurisdictions.”\u003csup\u003e7\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt bears noting that a large section of the guide sets out examples from Singapore, suggesting a softer and more voluntary approach toward AI regulation within the region. It is not yet known if this will be adopted in other ASEAN countries.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Japan","_metadata":{"uid":"cs4517c41878c491fd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJapan has taken a gradual approach and has relied on nonbinding guidance, such as the AI Guidelines for Business Version 1.0 (published in April 2024), which sets out “unified guiding principles in AI governance in Japan to promote the safe and secure use of AI.”\u003csup\u003e8\u003c/sup\u003e As it is nonbinding, it requires voluntary efforts and support from the community. Liability for any related violations would be governed by the current existing laws, such as the civil code, Product Liability Act, and the penal code.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJapan also launched the Hiroshima AI Process Comprehensive Policy Framework in May 2023, which was endorsed by the other G7 countries. This Hiroshima framework sets out the “principles that should be applied to all actors across the AI lifecycle […]\u0026nbsp; such as publicly reporting advanced AI systems’ capabilities and domains of inappropriate use and protecting intellectual property.”\u003csup\u003e9\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt bears noting that in January 2023, a draft bill \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBasic Law for Promoting Responsible AI\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e was submitted with the aim of regulating developers to a certain scale.\u003csup\u003e10\u003c/sup\u003e The draft bill also seeks to include regular reporting, violations of which may result in fines or criminal penalties.\u003csup\u003e11\u003c/sup\u003e It does, however, seek to differentiate between conducting safety verification for AI in “high-risk areas”\u003csup\u003e12\u003c/sup\u003e and those that are not in those areas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf the draft AI bill is adopted, it will represent a shift from a soft, voluntary, nonbinding approach to a more “hard law” stance. It is not yet known if such a stance would result in a stricter regulation like the EU AI Act or remain vague in terms of AI definitions as per China’s AI legislations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Australia","_metadata":{"uid":"cs4758a69ed1b42428"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLike Japan, Australia has adopted a voluntary nonbinding approach. It has not enacted any specific statutes or regulations directly regulating AI. Similarly, liability for any related violations would be governed by the current existing laws, such as the Online Safety Act 2021, Privacy Act 1988, and Australian Consumer Law.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInstead, Australia published a series of guidelines and consultation papers focusing on AI:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe AI Ethics Principles published in 2019 sets out eight voluntary principles for responsible design and the development and implementation of AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Australian government published its interim response in January 2024 to the June 2023 consultation conducted by the Commonwealth Department of Industry, Science and Resources: Safe and responsible AI in Australia.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn yet another similarity, the Australian government’s interim response recognizes that the “current regulatory frameworks do not fully address the risks of AI.”\u003csup\u003e13\u003c/sup\u003e The Australian government wants the “design, development and deployment of AI in legitimate high-risk settings to be safe and reliable… [however] it aims to ensure that AI can continue being used in low-risk settings largely unimpeded.”\u003csup\u003e14\u003c/sup\u003e The Australian government indicates that it intends to achieve this by “clarifying and strengthening laws to safeguard citizens” and “using testing, transparency and accountability measures to prevent harms from occurring in high-risk settings.”\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e15\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt is not yet known if any future AI regulations developed by the Australian government would be strict or remain vague on AI definitions, which may make them difficult to enforce.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"South Korea: Focusing on high-impact AI and GenAI","_metadata":{"uid":"cs3aff634e7e3d7fee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSouth Korea’s AI law, the draft Basic Law on the Development of Artificial Intelligence and Creation and Creation of Trust Base has been passed by the South Korean National Assembly’s Legislative and Judiciary Committee. The AI Basic Law (once passed) will differentiate between “high-impact AI” (i.e., those that have a significant impact on public health, safety, and fundamental rights) and other AI applications that do not fall within this category. The AI Basic Law will mirror the EU AI Act’s risk management obligations particularly for “high-impact AI.”\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e16\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBusinesses providing high-impact AI products or services would have to assess the impact on fundamental rights, and notification requirements are imposed for high-impact AI or GenAI with clear labels distinguishing AI-generated content. Foreign AI businesses meeting certain thresholds as set out in the AI Basic Law may have to appoint domestic agents in Korea to handle such compliance and reporting obligations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is likely that the draft AI Basic Law may be passed by the end of 2024.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cse64fb85a991bfc81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe rapid evolution of AI brings both unparalleled opportunities and significant challenges. While AI has the potential to revolutionize industries like healthcare, education, and public services, it also raises critical concerns, such as bias, data privacy, and the ethical implications. Striking the right balance between fostering innovation and ensuring ethical responsibility is imperative.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCollaboration among governments, software developers, industry leaders, and academic institutions is essential to developing thoughtful and effective AI regulations. Initiatives, such as regulatory sandboxes, independent algorithm audits, and the adoption of responsible design principles, can help create an environment where AI is developed and deployed safely. Such measures ensure that AI enhances human potential while mitigating risks.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2cedfd5324aeddd2"}}},{"callout":{"title_l10n":"Related resources:","_metadata":{"uid":"cs97cb7fdc0bebe014"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/united-states-senate-ai-roadmap\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnpacking the US Senate’s new AI roadmap\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEbook: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/how-search-ai-transforms-call-centers-citizen-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow Search AI is transforming citizen support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/eu-ai-act\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe EU AI Act: What you need to know\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbde9a8a62a2f111e"},"header_style":"H2","paragraph_l10n":"\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.lexology.com/library/detail.aspx?g=08867c3e-7ded-43d2-af2b-8f09878ef7a6#:~:text=The%20Provisions%20contain%20several%20mandatory,establish%20and%20improve%20the%20feature\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eProvisions on the Administration of Algorithm Recommendation of Internet Information Services in China, Lexology, March 20, 2022\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003c/span\u003e \u003cbr /\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.gov.cn/zhengce/zhengceku/2022-12/12/content_5731431.htm\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eCyberspace Administration of China Ministry of Industry and Information Technology of the People’s Republic of China Order No. 12\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.hankunlaw.com/en/portal/article/index/cid/8/id/13701.html\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChina Released New Ethics Rules Requiring Company’s Internal EC, Han Kun Law Offices\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.pdpc.gov.sg/help-and-resources/2020/01/model-ai-governance-framework\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eSingapore’s Approach to AI Governance, Personal Data Protection Commission of Singapore\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e5\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.smartnation.gov.sg/media-hub/press-releases/04122023/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eNational Artificial Intelligence Strategy 2.0 to Uplift Singapore’s Social and Economic Potential\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e6\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://aiverifyfoundation.sg/ai-verify-foundation/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAI Verify Foundation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e7\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 6.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e8\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/pdf/20240419_9.pdf\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eProvisional Translation of the AI Guidelines for Business Version 1.0\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e9\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.japan.go.jp/kizuna/2024/02/hiroshima_ai_process.html#:~:text=The%20framework%20presents%20a%20set,of%20principles%20that%20should%20be\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe Hiroshima AI Process: Leading the Global Challenge to Shape Inclusive Governance for Generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e10\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;Publishing of a working draft of a “Basic Law for Promoting Responsible AI” submitted to a project team of the Liberal Democratic Party of jap.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e11\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 10\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e12\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 10\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e13\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.industry.gov.au/news/australian-governments-interim-response-safe-and-responsible-ai-consultation\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe Australian Government’s Interim Response to Safe and Responsible AI Consultation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e14\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 13.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e15\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 13.\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e16\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://babl.ai/south-korea-unveils-unified-ai-act/#:~:text=The%20South%20Korean%20AI%20Basic,for%20oversight%20and%20policy%20guidance\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eSouth Korea Unveils Unified AI Act\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003c/span\u003e"}],"_metadata":{"uid":"csdfae5354b1236322"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8793831e77c43808"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse1edc4c2d41ebf2e"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt95f623e7d7b95b00","_version":1,"title":"Elastic Banner_4.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-18T19:18:23.682Z","updated_at":"2024-12-18T19:18:23.682Z","content_type":"image/jpeg","file_size":"129530","filename":"Elastic_Banner_4.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-18T21:57:17.756Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt95f623e7d7b95b00/67631fff21e0668234413416/Elastic_Banner_4.jpg"},"title":"The evolution of AI regulation in Asia: A comparative analysis","title_l10n":"The evolution of AI regulation in Asia: A comparative analysis","updated_at":"2024-12-18T21:57:08.406Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/artificial-intelligence-regulation-asia-comparative-analysis","publish_details":{"time":"2024-12-18T21:57:17.366Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc7ff7c90901091b5","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"View highlights of our collaboration with Google Cloud to better serve customers in 2024. Receiving the Google Cloud Partner of the Year Award for Technology: Marketplace – Data \u0026 Analytics is a testament to our strong technological partnership. ","author":["blt39dee51344f15656","blt3d2f00b7dc02254f","blt386c5e3797d5d0e4","blte8301cde5091dc88"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T15:41:31.851Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs44109f0ccc8c47d6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Google Cloud create a powerhouse of AI-driven insights, providing an end-to-end search, observability, and security journey to our joint customers. We continue to partner on many opportunities for success, especially around generative AI (GenAI), and have made further progress this year in empowering customers throughout their business transformation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog highlights our top moments from Google Cloud Next ‘24 and our collaboration with Google Cloud to better serve customers in 2024.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Delivering synergistic results","_metadata":{"uid":"cse7194ecd412fec00"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Google Cloud have partnered to create production-ready GenAI solutions for you. Read further to see what we’ve been working on this year to help you expand your capabilities as an organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch and Gemini","_metadata":{"uid":"csc89d3cd74666ac14"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is pleased to be the first and only ISV to be integrated directly into Vertex AI’s UI and SDK — allowing for seamless, grounded Gemini prompts and agents by using our vector search features. We also integrate with Google Cloud’s embedding, reranking, and completion models to create and rank vectors with a unified experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports multiple data formats and models, making it an ideal companion for Gemini, particularly in developing multimodal retrieval augmented generation (RAG) apps.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe use Gemini not only for building AI apps but also to empower IT operations, such as in the \u003c/span\u003e\u003ca href=\"https://elasticnv2022rd.q4web.com/news/news-details/2024/Elastic-Attack-Discovery-and-AI-Assistant-for-Security-Now-Support-Google-Cloud-Vertex-AI/default.aspx\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistants\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, reducing daily effort for security analysts and SREs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe further extended our capabilities this year with the ability to monitor Google Cloud’s AI services and models to extract insights on their usage and performance. Our product partnership allows automating daily data analysis tasks on Elastic through agent assistants and AI-driven features powered by Gemini. It reduces manual efforts, allowing teams to focus on innovation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector database","_metadata":{"uid":"cs94cc153f6f0f3438"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe world’s most widely deployed vector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — provides powerful search and analytics features by allowing the storage, indexing, and querying of vector representations of data. These vectors can represent complex data types, such as text embeddings, image features, or other multidimensional data, enabling highly efficient similarity searches and nearest neighbor queries.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports vector creation both at the ingest and query phases via Vertex (and Google AI Studio) embeddings and reranking models. Configurable with just a few clicks as inference services within Elastic’s platform and APIs, it drives the adoption and consumption of Google’s GenAI models and tools.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is the perfect vector database for multiple data formats and multimodal interaction, making it the best companion of Gemini’s various interactive experiences. Gemini is also integrated in Elasticsearch’s Playground feature, allowing the prototyping, testing, and deploying of RAG-based GenAI applications on top of Elastic’s vector database.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real-time analytics search layer","_metadata":{"uid":"cs597e7d761b5c84c4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic empowers you to extract actionable insights from your data, driving business transformation through our robust search and analytics engine. Elastic acts as a search layer on top of Google Cloud’s data and analytics suite and uses dedicated integrations for both consumer (Gmail and Google Drive) and enterprise (Pub/Sub, CE, GKE, and Vertex) services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 2024, customers used our native Dataflow templates. The ease-of-use benefits are a significant driver in the adoption of Elastic on Google Cloud. With BigQuery, we see our joint customers adopting Elastic as a real-time analytics speed layer on top of their data lake. With Pub/Sub integration, we enable the collection of events, logs, and metrics to provide full visibility of the Google Cloud landscape.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Google Cloud Next ‘24 highlights","_metadata":{"uid":"cs233a3ad03d389d51"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Key moments","_metadata":{"uid":"csece4173ab66b6660"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePartner of the year award\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFollowing our 2023 Google Cloud Technology Partner of the Year Award, we were pleased to announce that we were again chosen for the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-wins-google-cloud-partner-of-the-year\"\u003e\u003cspan style='font-size: 12pt;'\u003e2024 Google Cloud Partner of the Year Award for Technology: Marketplace – Data \u0026amp; Analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This award recognizes one partner with a data and analytics product in Google Cloud Marketplace who helped mutual customers achieve outstanding business outcomes with Google Cloud.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe fact that Elastic has won a Google Cloud Partner of the Year Award four times is a testament to our strategic partnership and technological collaboration.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86377b1d19fba605"}}},{"image":{"image":{"uid":"blt9d3d89108475d152","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:43:35.739Z","created_by":"bltb6c155cd84fc0c1a","file_size":"3909099","filename":"Screenshot_2024-12-18_at_10.43.22_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.43.22 AM.png","updated_at":"2024-12-18T15:43:35.739Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.924Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d3d89108475d152/6762eda79c8b726005bb93f8/Screenshot_2024-12-18_at_10.43.22_AM.png"},"_metadata":{"uid":"csb37abf1d4fb436c4"},"caption_l10n":"","alt_text_l10n":"Partner of the year award","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3eaf612fa5988407"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCloud talk\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKathleen Walker, senior director of Search product marketing, took the stage for a Cloud Talk on better AI decision-making with Elastic on Google Cloud.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd416cb66cf256ed3"}}},{"image":{"image":{"uid":"blt4de8afc89a303b2b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:42:45.672Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1342510","filename":"Screenshot_2024-12-18_at_10.42.37_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.42.37 AM.png","updated_at":"2024-12-18T15:42:45.672Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:01.008Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4de8afc89a303b2b/6762ed754e7675dbf0ef3169/Screenshot_2024-12-18_at_10.42.37_AM.png"},"_metadata":{"uid":"cs0fd06f03abd4bbbe"},"caption_l10n":"","alt_text_l10n":"Cloud talk","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf326785c61a2d6aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLightning talks\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur booth was packed for more than 20 lightning talks with Elastic experts presenting on topics like the Elastic AI Assistant, Elasticsearch Relevance Engine (ESRE), RAG, Elastic and Vertex AI, and more.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa819eabbbbee0479"}}},{"image":{"image":{"uid":"blt269bd2dc097800ff","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:44:03.123Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1767888","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-12-18T15:44:03.123Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.943Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt269bd2dc097800ff/6762edc3af051b78d213fc9f/image2.png"},"_metadata":{"uid":"cs09449afbcf9d9f08"},"caption_l10n":"","alt_text_l10n":"Lightning talks","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt31b498c98ee37e67","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:44:50.369Z","created_by":"bltb6c155cd84fc0c1a","file_size":"945892","filename":"Screenshot_2024-12-18_at_10.44.38_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.44.38 AM.png","updated_at":"2024-12-18T15:44:50.369Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.960Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt31b498c98ee37e67/6762edf21cd21e80aac278cf/Screenshot_2024-12-18_at_10.44.38_AM.png"},"_metadata":{"uid":"cs2f7c85b981f222b2"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs71e553c4ef4f1da4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKathleen Walker also shared more insights on GenAI during \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=iMOr5FfGLbM\u0026authuser=0\"\u003e\u003cspan style='font-size: 12pt;'\u003ean interview with theCUBE\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs38f4b629d4456cae"}}},{"image":{"image":{"uid":"blt7eb5dd1aaba59b46","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:45:05.563Z","created_by":"bltb6c155cd84fc0c1a","file_size":"3450487","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-12-18T15:45:05.563Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.992Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7eb5dd1aaba59b46/6762ee01ad0534b7682c1ff5/image4.png"},"_metadata":{"uid":"cs71201bd9d6e4b4cc"},"caption_l10n":"","alt_text_l10n":"Kathleen Walker interview with theCUBE","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse0e47fa8290ea6bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBe sure to visit the Elastic booth at Google Cloud NEXT '25!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building momentum together: 2024 recap","_metadata":{"uid":"cs020a4d1823f90ba5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership momentum with Google Cloud has continued to grow substantially throughout 2024. Below is a recap of our joint efforts over the past year to help you address your evolving use cases and derive the most value possible from Elastic on Google Cloud.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrations","_metadata":{"uid":"csbfb296061448e9fb"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs we mentioned at the beginning of this blog, Elastic and Google Cloud have collaborated on a number of AI integrations that you can reference below. All of these are intended to help with your most prevalent GenAI challenges.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI — Embeddings models in Inference API:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Integrates usage of VertexAI embeddings models in Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI Rerank in Inference API: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntegrates with Vertex AI Agent Builder — rerank feature — and callable from Inference API endpoint to rerank documents for RAG.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGoogle AI Studio — Embeddings models in Inference API: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntegrates embeddings creations from Google AI Studio into Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGoogle AI Studio — Completion models in Inference API:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Integrates completion models from Google AI Studio into Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePlayground with Gemini:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Includes Gemini as a large language model (LLM) in the new Elasticsearch feature, Playground.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic AI Assistant for Security and Observability with Gemini: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAllows Gemini to be used as an LLM for the Elastic AI Assistant for Observability. Gemini offers a much bigger context tokens amount, which is perfect for investigating a high number of alerts combined.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAttack Discovery with Gemini: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAllows Gemini to be used as an LLM for the Attack Discovery feature.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI observability monitoring: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMonitors Vertex AI built-in and custom-deployed models usage like token usage, response time, resource consumption, and audit logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI — Elasticsearch for built-in grounding:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Gemini can natively be grounded via Google Cloud console, APIs, and Vertex SDK with Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Press releases","_metadata":{"uid":"csb29f1e2f9b5e5122"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elastic-Announces-AI-Ecosystem-to-Accelerate-GenAI-Application-Development/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Announces AI Ecosystem to Accelerate GenAI Application Development\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elasticsearch-Open-Inference-API-now-Supports-Google-AI-Studio/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Open Inference API now Supports Google AI Studio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elasticsearch-Open-Inference-API-and-Playground-Support-Google-Clouds-Vertex-AI-Platform/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Open Inference API and Playground Support Google Cloud’s Vertex AI Platform\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Blogs","_metadata":{"uid":"csfed09114acf931f1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe blogs below provide deeper information and tutorials on how to best use Elastic solutions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/unlock-power-of-data-with-rag-vertex-ai-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eUnlock the Power of Your Data with RAG using Vertex AI and Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vertex-ai-elasticsearch-open-inference-api\"\u003e\u003cspan style='font-size: 12pt;'\u003eVertex AI integration with Elasticsearch open inference API brings reranking to your RAG applications\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vertex-ai-elasticsearch-playground-fast-rag-apps\"\u003e\u003cspan style='font-size: 12pt;'\u003eQuickly create RAG apps with Vertex AI Gemini models and Elasticsearch playground\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/google-ai-studio-elasticsearch-open-inference-api\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch open inference API adds support for Google AI Studio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-google-cloud\"\u003e\u003cspan style='font-size: 12pt;'\u003eEncryption at rest in Elastic Cloud: Bring your own key with Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-google-vertex-ai-integration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant and Attack Discovery integrate with Google Vertex AI to help drive further AI adoption\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-google-cloud-security-data-ingestion-incident-response\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Google Cloud: Enhancing security analytics from data ingestion to incident response\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/sap-observability-elastic-google-kyndryl\"\u003e\u003cspan style='font-size: 12pt;'\u003eEnd-to-end SAP Observability with Elastic, Google Cloud, and Kyndryl: A deep dive\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-gcp\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud adds Elasticsearch Vector Database optimized instance to Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-on-google-distributed-cloud-hosted\"\u003e\u003cspan style='font-size: 12pt;'\u003eSovereign solutions for sensitive workloads: Elastic on Google Distributed Cloud Hosted\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/keeping-your-elasticsearch-index-current-with-python-and-google-cloud-platform-functions\"\u003e\u003cspan style='font-size: 12pt;'\u003eKeeping your Elasticsearch index current with Python and Google Cloud Platform Functions\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/migration-elastic-stack-to-elastic-cloud-snapshot-and-restore-google-cloud-storage\"\u003e\u003cspan style='font-size: 12pt;'\u003eMigrating from self-managed Elastic Stack to Elastic Cloud using snapshot and restore with Google Cloud Storage\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Key joint GenAI in-person events and roadshows","_metadata":{"uid":"cs2a1389b250df11ef"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAMER: San Francisco, Seattle\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAPJ: Taiwan, Korea, India, NZ\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEMEA: London\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLATAM: Chile, Brazil, Colombia\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Customer case studies","_metadata":{"uid":"cs4b8aea4a72057860"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping our customers address challenges and realize opportunities using Elastic solutions on Google Cloud fuels our strategic collaboration. Below are a handful of these examples over the past year.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/apna\"\u003e\u003cspan style='font-size: 12pt;'\u003eApna puts Elasticsearch on Google Cloud at the heart of its billion-dollar growth strategy to drive revenue and improve productivity\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/n11\"\u003e\u003cspan style='font-size: 12pt;'\u003eTurkish ecommerce giant, N11, migrates to Elastic Security in just two weeks\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/japanese-gaming\"\u003e\u003cspan style='font-size: 12pt;'\u003eJapanese gaming giant launches revolutionary online game where Elastic protects collectible digital artwork and NFTs\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/flockx\"\u003e\u003cspan style='font-size: 12pt;'\u003eFlockx AI is on a mission to lift people out of loneliness with help from Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003eConsensus upgrades academic research platform with advanced semantic search and AI tools from Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/global-rideshare-company\"\u003e\u003cspan style='font-size: 12pt;'\u003eGlobal Rideshare Company improves detection of cyber threats to business data by 300% using Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/wepay\"\u003e\u003cspan style='font-size: 12pt;'\u003ePayments innovator uses Elastic Observability and Google Cloud to cut issue detection time, improving application performance for customers and accelerating new products\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs3ef45dcdd5409a85"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership with Google Cloud is founded on a shared vision of empowering organizations to maximize the potential of their data. As we look into the future, we are excited to innovate and deliver solutions that help customers take advantage of the cloud and GenAI capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting advancements from Elastic and Google Cloud in 2025 as we continue to innovate and expand upon our joint successes!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs75d713d6ecbacc5b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a25ffa4ee53210e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2819072a02f2f79a"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt4dcd56f8b3372448","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9d86cc82dbfbaee3","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T15:41:28.897Z","created_by":"bltb6c155cd84fc0c1a","file_size":"179703","filename":"149841_-_Elastic_-_Blog_Image_1.jpg","parent_uid":null,"tags":[],"title":"149841 - Elastic - Blog Image_1.jpg","updated_at":"2024-12-18T15:41:28.897Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.976Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d86cc82dbfbaee3/6762ed28cbd7d6d90d15e3ec/149841_-_Elastic_-_Blog_Image_1.jpg"},"title":"Elastic and Google Cloud in 2024: Celebrating innovation and progress","title_l10n":"Elastic and Google Cloud in 2024: Celebrating innovation and progress","updated_at":"2024-12-18T15:49:22.063Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-google-cloud-2024","publish_details":{"time":"2024-12-18T16:00:00.900Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb5599649f06d52d1","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"View our top moments at AWS re:Invent and our collaboration with AWS to better serve customers in 2024. Receiving the AWS Partners Global Generative AI Infrastructure and Data Partner of the Year award is a testament to our symbiotic relationship. ","author":["blt39dee51344f15656","blt2700f2cd4144f608","blt5913558de3429222","bltaa54ae292cfe6daa"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T14:41:34.740Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs93b3b0e1757ccf7d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLast week, more than 60,000 AWS enthusiasts, experts, and practitioners attended the weeklong AWS re:Invent conference in Las Vegas while exploring the latest innovations, networking, and learning from 2,000+ sessions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS re:Invent is the tech world's blockbuster event. As a Diamond Sponsor, Elastic was pumped to dive in and connect with IT leaders, customers, and the AWS partner ecosystem.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur booth was buzzing with incredible energy, drawing massive crowds of AWS re:Invent attendees eager to learn more about our solutions and engage with our team — maybe you were one of them! This provided ample opportunity to showcase how our users can build transformative applications, proactively resolve observability issues, and address complex security threats — all with the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/aws\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search AI Platform on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog highlights our top moments at AWS re:Invent and our collaboration with AWS to better serve customers in 2024.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs05b2004be82bf029"}}},{"image":{"image":{"uid":"blt60c0a82158165c81","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T14:33:52.401Z","created_by":"bltb6c155cd84fc0c1a","file_size":"488097","filename":"image7.jpg","parent_uid":null,"tags":[],"title":"image7.jpg","updated_at":"2024-12-18T14:33:52.401Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.641Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt60c0a82158165c81/6762dd50cbd7d6ff9e15e318/image7.jpg"},"_metadata":{"uid":"cs748b54753dad122e"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Elastic at AWS re:Invent 2024","_metadata":{"uid":"cse9a05e2d2ae4c3fa"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Key moments","_metadata":{"uid":"csbcf4b6a80dd492df"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Partners Global Generative AI Infrastructure and Data Partner of the Year: A testament to our symbiotic relationship\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic was grateful to receive the \u003c/span\u003e\u003ca href=\"https://www.businesswire.com/news/home/20241203160358/en/Elastic-Awarded-a-2024-AWS-Partner-Award\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Global Generative AI Infrastructure and Data Partner of the Year Award\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This award recognizes top technology partners with the Generative AI Competency that support vector embeddings data storage and management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the award winner, it was the perfect opportunity to celebrate the culmination of our joint investment, innovation, and co-engineering with AWS and how our collaboration helps customers develop and scale their generative AI (GenAI) capabilities.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f080175a4119530"}}},{"image":{"image":{"uid":"bltc1cbfb6d03e8ae01","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:09.246Z","created_by":"bltb6c155cd84fc0c1a","file_size":"832590","filename":"image8.png","parent_uid":null,"tags":[],"title":"image8.png","updated_at":"2024-12-18T14:34:09.246Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.716Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1cbfb6d03e8ae01/6762dd61ad0534d8f92c1f0d/image8.png"},"_metadata":{"uid":"csc4dd65382fd44c1d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Announcements","_metadata":{"uid":"cs79b5106756f10d54"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGeneral availability of Elastic Cloud Serverless on AWS\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOur most exciting announcement at the event was the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003egeneral availability of Elastic Cloud Serverless on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Powered by a rearchitectured Elasticsearch that is built on an industry-first Search AI Lake optimized for real-time applications, it combines vast storage with low-latency querying and all of the strengths of Elasticsearch’s AI and search capabilities. It’s also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-new-aws-regions\"\u003e\u003cspan style='font-size: 12pt;'\u003eavailable in four different AWS regions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBlogs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-serverless-now-ga\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — built on a new stateless architecture — is fully managed so that you can get projects started quickly without operations or upgrades. It also gives you access to the latest vector search and generative AI capabilities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-on-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security on Elastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e empowers security teams to get up and running quickly, complementing existing options for on-premises, hybrid cloud, and multicloud infrastructures. This unmatched versatility ensures that your strategy can adapt with evolving business needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-observability-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability on Elastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e enables site reliability engineers (SREs) to monitor and optimize their environments with ease. Our Search AI Lake — with its cloud-native architecture — separates compute and storage allowing SREs to scale telemetry ingest, optimize storage, and use advanced AI for actionable insights.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/hybrid-geospatial-rag-application-elastic-amazon-bedrock\"\u003e\u003cspan style='font-size: 12pt;'\u003eCrafting a hybrid geospatial RAG application with Elastic and Amazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: With Elasticsearch and its vector database, you can build configurable search and trusted GenAI experiences that scale from prototype to production fast. This blog post explores how to build a powerful retrieval augmented generation (RAG) system that incorporates geospatial data using Elasticsearch, Amazon Bedrock, and LangChain.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-amazon-cloudwatch-metric-streams\"\u003e\u003cspan style='font-size: 12pt;'\u003eStream AWS metrics to Elastic using Amazon CloudWatch Metric Streams\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: When you need to extend your monitoring and analytics beyond CloudWatch, integrating CloudWatch with Elastic can be a game changer. This integration offers real-time data streaming to enable faster detection of anomalies, more granular insights, and better operational visibility.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic breakout sessions at AWS re:Invent 2024\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYaru Lin and William Easton presented \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eElastic Cloud Serverless: A New Stateless Architecture for Speed, Scale, and Cost-Efficiency\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003ca href=\"https://youtu.be/SvfO2NaYfF4?si=7CDuL2i-7AaBJR19\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc505ad2d5c70fdcc"}}},{"image":{"image":{"uid":"blt0b1774e65188aba6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:20.737Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2164475","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-12-18T14:34:20.737Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.685Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0b1774e65188aba6/6762dd6c21e066f9f5413067/image1.png"},"_metadata":{"uid":"csbdc2e57d9b00e0be"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2564c169af52eab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJeff Vestal, Uday Thiepireddy, and Ayan Ray presented \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eBuilding RAG Applications with open source Elasticsearch and Amazon Bedrock\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003ca href=\"https://youtu.be/2Qa7PWTrjdY?si=o9GjHm4rRRkVD5O4\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4d9d3912736fbf63"}}},{"image":{"image":{"uid":"blte6d4f85ef5a78705","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:29.761Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2149998","filename":"image9.png","parent_uid":null,"tags":[],"title":"image9.png","updated_at":"2024-12-18T14:34:29.761Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.625Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6d4f85ef5a78705/6762dd753f552a3c23e4246d/image9.png"},"_metadata":{"uid":"csd5805d1f5c355303"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5cb8b8ed8df30a90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInterviews\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic CEO Ashutosh Kulkarni sat down with SiliconANGLE and theCUBE for an interview on AI-powered search, governance, large language model (LLM) security, and more. \u003c/span\u003e\u003ca href=\"https://go.es.io/41gxsbV\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9800a002c1914487"}}},{"image":{"image":{"uid":"blt4dc716b16ade5719","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:37.543Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2849619","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-12-18T14:34:37.543Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.771Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4dc716b16ade5719/6762dd7dfbbc1d3adc0981d5/image6.png"},"_metadata":{"uid":"cs13b2315606567d26"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs80076616de9a6115"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAjay Nair, general manager of platform, joined GenAI LIVE! The AWS generative AI partners show streamed live on YouTube straight from the show floor. \u003c/span\u003e\u003ca href=\"https://www.youtube.com/live/8mOp9GMw5hs?si=Va3ZbVZtVH3XAF9A\u0026t=14944\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf0132e92d5c83a33"}}},{"image":{"image":{"uid":"bltccb6682dc90c5e5d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:57.175Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1780623","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-12-18T14:34:57.175Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.658Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltccb6682dc90c5e5d/6762dd91cc57be57c203a10d/image5.png"},"_metadata":{"uid":"cs1cc350fa40efe295"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs257fc6d960ad91fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiversity, Equity, and Inclusion (DEI)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eTo champion the empowerment of women in the technology sector, Alyssa Fitzpatrick, global VP of partner sales, spoke at the Women in Tech roundtable sponsored by Kyndryl. The session featured diverse perspectives on the unique obstacles women encounter in tech, such as breaking into leadership, combating gender bias, and finding balance between professional and personal life.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcd4c9c49fb8fd74"}}},{"image":{"image":{"uid":"blt168cfd5fb8efb62a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:35:04.340Z","created_by":"bltb6c155cd84fc0c1a","file_size":"664350","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-12-18T14:35:04.340Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.732Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt168cfd5fb8efb62a/6762dd983f552a0355e42471/image2.png"},"_metadata":{"uid":"csd38fe578a6d0c5ce"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa8d3d67d508f48d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVarious Elastic experts also presented 29 lightning talks across a wide variety of Elastic use cases. These short yet deep technical overviews garnered the attention of over 1,200 attendees across all industries and technical specializations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8bfca9bcf6b91b86"}}},{"image":{"image":{"uid":"bltee77cba8c5bfd9c5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:35:16.065Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1763000","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-12-18T14:35:16.065Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.702Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltee77cba8c5bfd9c5/6762dda4f0d612e665b09e99/image4.png"},"_metadata":{"uid":"cs42f0f9266b7f320f"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Building momentum together: 2024 recap","_metadata":{"uid":"cs2280dd05dbd87d90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership momentum with AWS has continued to grow substantially throughout 2024. Below is a recap of our joint efforts over the past year to help you address your evolving use cases and derive the most value possible from Elastic on AWS.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Competencies","_metadata":{"uid":"cs84b44bfc9cccf407"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-competency-financial-services\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic achieves fourth AWS Competency — this time in Financial Services\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: This distinction is given by AWS to partners with comprehensive cloud solutions that help financial sector companies realize gains in business efficiency, productivity, and innovation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-generative-ai-competency\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic part of a select group with AWS Generative AI Competency\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: This distinction is given by AWS to partners that have created cutting-edge generative AI solutions and helped customers realize significant gains in business efficiency, creativity, and productivity.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Integrations","_metadata":{"uid":"csc414cbd8e50d8c4d"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/aws-data-firehose-onboarding\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne-Step Ingest for CloudWatch Logs and Metrics into Elastic Observability with Amazon Data Firehose\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: AWS users can use the new guided onboarding workflow to ingest CloudWatch logs and metrics in Elastic Cloud and explore the usage and performance of over 20 AWS services within minutes using the provided CloudFormation template.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.businesswire.com/news/home/20241125938547/en/Elastic-Now-Collaborates-With-AWS-to-Leverage-Generative-AI-Capabilities\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Now Collaborates With AWS to Leverage Generative AI Capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic offers LLM observability support for Amazon Bedrock in Elastic Observability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-integrates-leading-cloud-security-vendors\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA unified protection approach: Elastic integrates across leading cloud security vendors\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic’s integration with AWS Security Hub enhances threat detection and response for a unified approach to the complex cloud security landscape.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-automatic-import-logs-genai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerate log analytics in Elastic Observability with Automatic Import powered by Search AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Automatic Import currently supports Anthropic models via Elastic’s connector for Amazon Bedrock.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-deliver-ai-driven-security-analytics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and AWS deliver on AI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Amazon Bedrock and Elastic’s Attack Discovery automate security analyst workflows.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-ai-assistant-observability-amazon-bedrock\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGetting started with the Elastic AI Assistant for Observability and Amazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic version 8.13 includes the general availability of Amazon Bedrock integration for the Elastic AI Assistant for Observability.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Other announcements","_metadata":{"uid":"cs9192a01920e03d3f"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elastic-Listed-in-AWS-ICMP-for-the-US-Federal-Government/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Listed in AWS “ICMP” for the US Federal Government\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: The Elastic Search AI Platform is available to US government customers in ICMP.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn how to ingest data from AWS S3 into Elastic Cloud using tutorials \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/ingest-aws-s3-data-elastic-cloud-elastic-serverless-forwarder#options-comparison\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epart one\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/ingest-aws-s3-data-elastic-cloud-elastic-agent\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epart two\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Customer case studies","_metadata":{"uid":"csee6c45412241f5e3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping our customers address challenges and realize opportunities using Elastic solutions on AWS fuels our strategic collaboration. Below are a handful of these examples in 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEducation\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/georgia-state-university\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeorgia State University\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFinancial Services\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/bank-leumi\"\u003e\u003cspan style='font-size: 12pt;'\u003eBank Leumi\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/discover\"\u003e\u003cspan style='font-size: 12pt;'\u003eDiscover Financial Services\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProfessional Services\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/bigid\"\u003e\u003cspan style='font-size: 12pt;'\u003eBigID\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRetail\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/hse\"\u003e\u003cspan style='font-size: 12pt;'\u003eHSE\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/waitrose\"\u003e\u003cspan style='font-size: 12pt;'\u003eWaitrose\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSoftware and Technology\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/chatleap\"\u003e\u003cspan style='font-size: 12pt;'\u003eChat Leap\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/doctolib\"\u003e\u003cspan style='font-size: 12pt;'\u003eDoctolib\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/proficio\"\u003e\u003cspan style='font-size: 12pt;'\u003eProficio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Looking ahead ","_metadata":{"uid":"cs1e73a166b54cf9cf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOver the years, Elastic and AWS have unlocked numerous opportunities for shared success, particularly in generative AI, security, and observability. These solutions are deeply integrated with the AWS Cloud and accessible through AWS Marketplace — making it seamless for you to discover, deploy, and manage Elastic Cloud on AWS. We’re focused on the substantial value of our AWS alliance and the broad opportunities it creates for our joint customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting advancements from Elastic and AWS in 2025 as we continue to innovate and expand upon our joint successes!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMissed attending AWS re:Invent 2024? You can still schedule time with an Elastic expert. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet in touch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start a free trial today","_metadata":{"uid":"cs6cc599f1d55646b8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInterested in accelerating time to insight with Elastic on AWS? Start your own \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/prodview-voru33wi6xs7k?trk=5fbc596b-6d2a-433a-8333-0bd1f28e84da%E2%89%BBchannel=el\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e7-day free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eby signing up via\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/prodview-voru33wi6xs7k?trk=d54b31eb-671c-49ba-88bb-7a1106421dfa%E2%89%BBchannel=el\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Marketplace\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand quickly spin up a deployment in minutes on any of the\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-reference-regions.html#ec_amazon_web_services_aws_regions\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud regions on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003earound the world. Your AWS Marketplace purchase of Elastic will be included in your monthly consolidated billing statement and will draw against your committed spend with AWS.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs563b38243e426d1e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4aedda257da11108"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs500c5fe11a43e259"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt736c21c9cc3bed67","ACL":{},"created_at":"2023-11-06T20:35:30.489Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-regions","label_l10n":"Cloud regions","tags":[],"title":"Cloud regions","updated_at":"2023-11-06T20:35:30.489Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.290Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cloud monitoring","label_l10n":"Cloud monitoring","keyword":"cloud-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt4f82459203f5a666","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:35:08.968Z","updated_at":"2023-11-06T20:35:08.968Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.872Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt2448051eb5c150d4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T14:41:32.786Z","created_by":"bltb6c155cd84fc0c1a","file_size":"133379","filename":"168344_-_(Already_sourced)_Batch_of_5_blog_header_images_D2_3.jpg","parent_uid":null,"tags":[],"title":"168344 - (Already sourced) Batch of 5 blog header images D2_3.jpg","updated_at":"2024-12-18T14:41:32.786Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.749Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2448051eb5c150d4/6762df1cad0534d6a92c1f30/168344_-_(Already_sourced)_Batch_of_5_blog_header_images_D2_3.jpg"},"title":"Elastic and AWS in 2024: Celebrating innovation synergy at AWS re:Invent","title_l10n":"Elastic and AWS in 2024: Celebrating innovation synergy at AWS re:Invent","updated_at":"2024-12-18T14:56:23.316Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-aws-reinvent-2024","publish_details":{"time":"2024-12-18T15:58:00.601Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2fafca906f0a1e56","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Learn more about Elastic Cloud Serverless pricing and packaging, focusing on our approach for solution-specific pricing, pricing metrics, consumption, and support.","author":["blta7580a5deddd23f5"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-05-14T20:09:13.477Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Elastic Cloud pricing evolved","_metadata":{"uid":"csc01f0a6d1abc4b6f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud has long been the best way to use the Elastic Stack. The launch of Elastic Cloud Serverless expands Elastic Cloud with a new set of services built on the industry’s first Search AI Lake. Our pricing and packaging for Elastic Cloud Serverless was designed to be simple while offering you increased flexibility. This will make it easier for you to use, forecast, and manage your serverless deployments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscfe5f25e9745343d"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cse854f4de4ed7b5f4"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The changes discussed here apply to our Elastic Cloud Serverless offering; our existing Self Managed and Cloud Hosted (Elasticsearch Service) offerings retain existing pricing and packaging.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Serverless pricing and packaging objectives","_metadata":{"uid":"cs98554ea9f2be8bf3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn building the pricing and packaging for Elastic Cloud Serverless, we saw this as an opportunity to evolve our pricing approach to better fit with how you are using our solutions today and will use them in the future. In doing so, we identified the following objectives for pricing and packaging:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimple and flexible\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — solution-specific (Security, Observability, and Elasticsearch) pricing that is simple and easy to understand; flexibility to pay for just the Elasticsearch platform or for an Elastic solution that has Elasticsearch underpinnings\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eestablished business metrics\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — for ease of planning and budgeting\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable, no required commitment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — works for small and large customers; easy to try new solutions and/or features\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCompetitively priced\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Solution-specific pricing and packaging","_metadata":{"uid":"cs230f912b43158957"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith serverless, we now have pricing and packaging that is distinct and designed specifically for our three solutions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.17–$0.60 per GB ingested, $0.018–$0.040 per GB/month for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-observability\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eObservability\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.15–$0.50 per GB ingested, $0.02–$0.040 per GB/month for Search AI Lake\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.14 per ingest \u003c/span\u003e\u003ca href=\"https://docs.elastic.co/serverless/elasticsearch/elasticsearch-billing\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVirtual Compute Unit (VCU)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, $0.09 per Search VCU, $0.047 per GB/month for Retention\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe also offer different packages along with a few supplemental add-ons, giving you flexibility to tailor pricing to meet your needs. For example:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity Analytics Essentials provides traditional SIEM for $0.17–$0.50\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB ingested, $0.018–$0.036\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB/month for Search AI Lake.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity Analytics Complete extends SIEM to an AI-driven security analytics platform for $0.20–$0.60\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB ingested, $0.020–$.040\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB/month for Search AI Lake.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEndpoint Protection is also available as an add-on for $1.25 per endpoint (when purchased with Essentials) or $1.50 per endpoint (when purchased with Complete).\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVolume tiered pricing is now available and applied automatically based on consumption.\u0026nbsp;For example, pricing for Security Analytics Essentials starts at $0.50 per GB ingested but can go as low as $0.17 per GB ingested at the highest volume tier. Additional details can be found on each solution pricing page linked above.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Simplified pricing metrics","_metadata":{"uid":"csa6030159d2d44689"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen we chose to introduce three new offerings as part of Elastic Cloud Serverless, we wanted to deliver dedicated experiences in the product as well as in the pricing model. Unlike our approach with Elastic Cloud Hosted pricing, which is based on provisioned capacity of a specific Cloud instance type, serverless is priced based on metrics that are aligned with the solution domain, making it simpler and easier to forecast usage.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimplicity:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eObservability\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, this means pricing is based on the amount of data ingested and the size of the data retained in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For any optional add-ons you choose, these will also have simple pricing metrics. Details can be found \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-security\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Security and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-observability\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Observability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimplicity plus configurability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElasticsearch\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, pricing is based on Virtual Compute Units (VCUs). Think of VCUs as a vertical slice of a virtual host with 1GB of RAM and associated local disk and vCPU. You are charged for each VCU consumed for Ingest, Search, and Machine Learning. For the data stored in the Search AI Lake, there is a GB/month charge. The number of VCUs is automatically adjusted based on your workload, with changes in ingestion or searches affecting the number of Ingest or Search VCUs you use. Additional details can be found \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Consumption friendly","_metadata":{"uid":"csc8a3b33cc115c977"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we make it easy to purchase Elastic Cloud — either directly from us or via the AWS, Google Cloud, or Azure Marketplaces. Both options use our Cloud consumption model, which is billed monthly for pay-as-you-go customers or allows you to pre-purchase \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-billing-ecu.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Consumption Units\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (ECUs) at a discount. If you are a current Elastic Cloud customer using our prepaid consumption model, and you have an ECU balance, you can use those ECUs for any Elastic Cloud offering — Hosted and/or Serverless. Any future ECU purchases can also be used for our Cloud Hosted and/or Serverless models. If you are a Cloud monthly customer, you can choose a hosted deployment or serverless project, which will all accumulate toward your bill.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Mix and match product tier and support tier","_metadata":{"uid":"csb4d24b3987b1a45c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith serverless, you can now choose one of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/support/welcome\"\u003e\u003cspan style='font-size: 12pt;'\u003efour support tiers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for your entire Elastic Cloud organization. Unlike Elastic Self-Managed and Elastic Cloud Hosted, you can choose the features you use in Elastic Cloud Serverless on a per-project basis. So your Elastic Cloud organization can be at the highest support tier (Premium), but you can have one or more Elastic Security Serverless projects that use the Essentials product tier. Similarly, your Elastic Cloud organization can be set to the Basic support tier, but you have one or more of your Elastic Security Serverless projects use the Complete product tier. Note that the support tier you select must be the same across your entire cloud organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Pricing and packaging built for you","_metadata":{"uid":"cs78334b240839aae6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith our Elastic Cloud \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eServerless pricing and packaging\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we have simplified getting started and growing with Elastic so you can focus on results. Our solution packaging closely matches how you use Elastic. The Elastic Cloud Serverless pricing dimensions are simple, intuitive, and easy to forecast usage. We are also maintaining and even increasing the flexibility that Elastic is known for, allowing you to keep using the same customer-friendly consumption models for your serverless consumption.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs929a74b0f3bf6303"},"header_style":"H2","paragraph_l10n":"\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eOriginally published on May 15, 2024; Updated on December 2, 2024.\u003c/em\u003e\u003c/span\u003e"}],"_metadata":{"uid":"cs850ec1db22df9860"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs430d1052a4fafc17"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb2082e172d962a0f"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"With Elastic Cloud Serverless, we are simplifying and offering increased flexibility with our new solution-specific pricing and packaging for Security, Observability, and Elasticsearch.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Architecture","label_l10n":"Architecture","keyword":"architecture","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt91896b1dfcbd6413","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:38.693Z","updated_at":"2020-06-17T03:39:38.693Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:38.693Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-24T15:31:11.375Z","user":"bltf6ab93733e4e3a73"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte4a85686c1a69b90","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-05-14T20:05:06.177Z","created_by":"bltb6c155cd84fc0c1a","file_size":"179633","filename":"dark_blue_sky.jpg","parent_uid":null,"tags":[],"title":"dark blue sky.jpg","updated_at":"2024-05-14T20:05:06.177Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-15T12:45:01.135Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte4a85686c1a69b90/6643c3f2bfbef50de95f5ccb/dark_blue_sky.jpg"},"title":"Elastic Cloud Serverless pricing and packaging","title_l10n":"Elastic Cloud Serverless pricing and packaging","updated_at":"2024-12-18T14:12:00.661Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-serverless-pricing-packaging","publish_details":{"time":"2024-12-18T14:12:06.942Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt29d5f9b1d3b4faab","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"Follow this step-by-step process to implement encryption at rest with Azure Key Vault keys and Elastic Cloud deployments to create a secure and compliant environment for your sensitive data.","author":["bltd40b1c822e24d3a9","blt3f02e05e41c2a581","bltcc6b80deaa2c967f"],"category":["bltb79594af7c5b4199"],"created_at":"2024-08-20T14:22:48.673Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc7d4fc697bf7a2f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn the first \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-enterprise-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in this series, we unpacked the foundational concepts of encryption at rest and introduced you to Elastic Cloud’s “bring your own key” (BYOK) feature, which allows you to do encryption at rest with encryption keys managed by the KMS service of your cloud provider. The second \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-aws-kms\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e of this series dives into the technical nuances of implementing encryption at rest with AWS KMS keys. Building on that knowledge, this blog dives into the technical nuances of implementing encryption at rest with Azure Key Vault keys and Elastic Cloud deployments, providing you with a secure and compliant environment for your sensitive data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFirst, let’s walk through the architecture of the solution and its prerequisites, and then we’ll explore how to create an Azure Key Vault key and apply it to an Elastic Cloud Hosted deployment for encrypting data and snapshots at rest. We’ll also show you how to validate your setup and implement additional security policies, such as encryption key rotation and revocation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elastic Cloud and Azure Key Vault integration","_metadata":{"uid":"cs14b8bfb2cd89a7f9"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Architecture","_metadata":{"uid":"cscc7c9986ef6f354b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe following diagram showcases how Elastic Cloud integrates with Azure Key Vault to provide your application with Hosted Stack deployments encrypted with your own Key Vault keys.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csca43f76b0d12c909"}}},{"image":{"image":{"uid":"bltae00e3c1325e4573","_version":1,"title":"image13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:09:32.707Z","updated_at":"2024-08-20T14:09:32.707Z","content_type":"image/png","file_size":"279078","filename":"image13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.195Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltae00e3c1325e4573/66c4a39c0388811b011eeee6/image13.png"},"_metadata":{"uid":"cs506ccc42808ce34b"},"caption_l10n":"","alt_text_l10n":"architecture","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Prerequisites","_metadata":{"uid":"cs89972a22cc62be9d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e1. Get your own key: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo use BYOK, you need a key that you control. You set this up in your Azure Key Vault account. Create an RSA asymmetric key. The key must be available in each region you have deployments to encrypt. You can use the same key to encrypt multiple deployments, although security best practices recommend using a different one per deployment. Later, you'll need to provide the Key Vault Key URI and the key name to Elastic Cloud.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e2. Upgrade to Enterprise:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e BYOK is available for the Enterprise subscription level. This means if you're using Elastic on Azure, you can encrypt your data using your own key.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKeep in mind, i\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ef you're using a custom snapshot repository instead of Elastic Cloud's default one, your snapshots won't automatically be encrypted with your key. However, the file system itself will still encrypt data being stored on disk.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e3. Access control:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Create Azure Identity and Access Management (IAM) policies to control access to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe following are required permissions on Azure:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePermissions to create an RSA key in the Azure Key Vault where you want to store your key\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMembership in the Application Administrator role (This is required to create a new service principal for Elastic Cloud in your Azure tenant.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePermissions to assign roles in your Key Vault using access control (IAM) (This is required to grant the service principal access to your key.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Azure Key Vault where the RSA key will be stored must have purge protection enabled to support the encryption of snapshots.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Creating and configuring an Azure Key Vault key","_metadata":{"uid":"cse2f6c58683bf2aa2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e1. To start the key creation process, go to the Key Vault service in the Azure portal. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKeys\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc42770a7d6fea4b9"}}},{"image":{"image":{"uid":"blt9624a583756c23cc","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:23:06.709Z","updated_at":"2024-08-20T14:23:06.709Z","content_type":"image/png","file_size":"46243","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.388Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9624a583756c23cc/66c4a6ca5c9bfed96e0f0b6c/image5.png"},"_metadata":{"uid":"cs825f0ca9ad87d5df"},"caption_l10n":"","alt_text_l10n":"click keys","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-small: 25%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd00c44a68f8e7b74"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. In the key creation process, select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGenerate/Import\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and specify the key type and key size.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. Provide a name for the key and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs28d2c58f2aaed5b5"}}},{"image":{"image":{"uid":"blt5f8b531747d7c2aa","_version":1,"title":"image11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:23:33.165Z","updated_at":"2024-08-20T14:23:33.165Z","content_type":"image/png","file_size":"196877","filename":"image11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.348Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5f8b531747d7c2aa/66c4a6e55c9bfe37ea0f0b73/image11.png"},"_metadata":{"uid":"csb365c4c2f6d7af08"},"caption_l10n":"","alt_text_l10n":"create a key","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb90268d37b31be37"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4. Add the necessary principal (Elastic service principal) to the access policy and click \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The service principal grants Elastic Cloud access to interact with your RSA key.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn your Azure Portal, view the key that you created. In the Access control (IAM) settings for the key, grant the service principal the role \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eKey Vault Crypto User\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5. Copy the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eKey Identifier\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the key name from the Overview tab. Save them in a safe place for use in a later step.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdeb5a30358911051"}}},{"image":{"image":{"uid":"blt02d8909ad824da0e","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:33.797Z","updated_at":"2024-08-20T14:24:33.797Z","content_type":"image/png","file_size":"168095","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.399Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02d8909ad824da0e/66c4a721ab1b6940163ca5ee/image7.png"},"_metadata":{"uid":"cs745de582423d3941"},"caption_l10n":"","alt_text_l10n":"key identifier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Integrating an Azure Key Vault key with Elastic Cloud","_metadata":{"uid":"cs644bc930ca342af3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e1. Now you can create a new Elastic deployment that uses the Azure Key Vault key you just created. Start by signing in to the Elastic Cloud console.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csddfa8af81f84fbf7"}}},{"image":{"image":{"uid":"bltf418b39a7570da16","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:41.901Z","updated_at":"2024-08-20T14:24:41.901Z","content_type":"image/png","file_size":"119683","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.363Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf418b39a7570da16/66c4a729ab1b6930633ca5f4/image1.png"},"_metadata":{"uid":"csbbea8a6af9bd7d0b"},"caption_l10n":"","alt_text_l10n":"Elastic Cloud console","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5a1d3985ba9a605c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. After you’ve signed in to the console, click the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate deployment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e button.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc48ec5c5510e3d25"}}},{"image":{"image":{"uid":"blt2bb198045e5dbfc1","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:50.819Z","updated_at":"2024-08-20T14:24:50.819Z","content_type":"image/png","file_size":"45753","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.277Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2bb198045e5dbfc1/66c4a7323bab118481a2c150/image8.png"},"_metadata":{"uid":"cs83976710069daa83"},"caption_l10n":"","alt_text_l10n":"create deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a28bc14991e8058"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. Enter a Name for your deployment and select \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMicrosoft Azure\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as your Cloud provider. Then expand the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdvanced setting\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003es\u003c/strong\u003e section and enable the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUse a customer-managed encryption key option\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Paste in the Azure Key Vault RSA Key Identifier (URI) and key name that you copied in the previous step.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa2490bcbe539508d"}}},{"image":{"image":{"uid":"bltd2ca2e00783c0893","_version":1,"title":"Screenshot 2024-08-20 at 10.18.59 AM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:19:15.774Z","updated_at":"2024-08-20T14:19:15.774Z","content_type":"image/png","file_size":"82066","filename":"Screenshot_2024-08-20_at_10.18.59_AM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.328Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd2ca2e00783c0893/66c4a5e34b8e147d10bc740d/Screenshot_2024-08-20_at_10.18.59_AM.png"},"_metadata":{"uid":"cse7b7f3b2718d3a6e"},"caption_l10n":"","alt_text_l10n":"create a deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0b501117e0fe375d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e4. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate deployment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The deployment is now created and encrypted using the specified key.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Verification and troubleshooting","_metadata":{"uid":"cs237a2f5ff5bcea81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. In the Elastic Cloud Console, you can check that your hosted deployment is correctly encrypted with the key you specified. To do that, go to the deployment’s \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003epage by selecting \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from the left navigation menu.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs69d1c6f35d40ddec"}}},{"image":{"image":{"uid":"blt96ffbe0f4ca9f7f9","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:25:06.318Z","updated_at":"2024-08-20T14:25:06.318Z","content_type":"image/png","file_size":"366581","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.229Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96ffbe0f4ca9f7f9/66c4a742038881cc3d1eef0a/image3.png"},"_metadata":{"uid":"cs714b51d6363c0d4f"},"caption_l10n":"","alt_text_l10n":"byok-demo-deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31fdeff057a4a9ac"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. Select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManage encryption key\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in the Encryption at rest section.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc92bdb76ec53be79"}}},{"image":{"image":{"uid":"bltef0c7fece5d9f172","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:25:18.501Z","updated_at":"2024-08-20T14:25:18.501Z","content_type":"image/png","file_size":"320514","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.414Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltef0c7fece5d9f172/66c4a74e13428673bac3d845/image9.png"},"_metadata":{"uid":"csc3ab2d0c0c8cbbd3"},"caption_l10n":"","alt_text_l10n":"manage encryption key","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf4d68c9561414606"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. You should see your Azure Key Vault URI and key name listed in the Azure \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey Vault RSA key identifier \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efield.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse9b12b7c0f4b1ff9"}}},{"image":{"image":{"uid":"bltefa0823ea5385c01","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:21:24.211Z","updated_at":"2024-08-20T14:21:24.211Z","content_type":"image/png","file_size":"135964","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.376Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltefa0823ea5385c01/66c4a664dd1a36004940b7c7/image2.png"},"_metadata":{"uid":"cs94b1a75423322a3a"},"caption_l10n":"","alt_text_l10n":"Key Vault RSA key identifier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Key rotation and revocation","_metadata":{"uid":"cs22212d91e39eb38f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Hosted deployments encrypted with Azure Key Vault keys benefit from Azure's security policies and features, such as key rotation and revocation. Key rotation helps reduce the risk of data breaches due to compromised keys, while key revocation ensures that access to encrypted data via a compromised key is terminated. This can be done by disabling, deleting the key, or altering the key’s access policy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAzure Key Vault keys can be rotated manually when necessary. Elastic automatically manages these key rotations, ensuring that your Elastic Cloud deployment remains encrypted and accessible with the most current Azure Key Vault key.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf a key is compromised, you can manually revoke it in Azure Key Vault. This emergency operation, intended for security breaches, locks the deployment’s data directories within 30 minutes and prompts you to delete the deployment. If the revocation is accidental, the key can be restored, allowing the deployment to resume normal operations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"cs60c97797fe9e1334"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou now understand the process of using your own key for encrypting an Elastic Deployment on Azure. Initially, an Azure Key Vault key is created and configured with the necessary policy settings for Elastic to manage and rotate the key’s credentials. You can create an Elastic Cloud deployment using this key to encrypt the deployment’s data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGive it a try today! Create an Elastic Cloud deployment with your Azure Key Vault key to enhance the security of your Elastic Cloud deployment. Sign up for a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree 14-day trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to get started. In the last blog of this series, we will walk you through the steps to encrypt your deployment data and snapshots with GCP KMS managed keys.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs19af3fa242a6869c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs54cc71e490c8118e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5bf70832c03e2e16"}}}],"publish_date":"2024-08-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Implement encryption at rest with Azure Key Vault and Elastic Cloud","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt405e99573a94e858","ACL":{},"created_at":"2023-11-06T20:37:33.009Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-loss-prevention","label_l10n":"Data Loss Prevention (DLP)","tags":[],"title":"Data Loss Prevention (DLP)","updated_at":"2023-11-06T20:37:33.009Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:40.892Z","user":"blt06083bb707628f5c"}},{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9c004073d90dac2b","_version":1,"title":"stratus clouds.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T13:58:46.542Z","updated_at":"2024-08-20T13:58:46.542Z","content_type":"image/jpeg","file_size":"167150","filename":"stratus_clouds.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.294Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9c004073d90dac2b/66c4a1163f4c1960721cc7ea/stratus_clouds.jpg"},"title":"Encryption at rest in Elastic Cloud: Bring your own key with Azure Key Vault","title_l10n":"Encryption at rest in Elastic Cloud: Bring your own key with Azure Key Vault","updated_at":"2024-12-17T23:36:56.910Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-azure-key-vault","publish_details":{"time":"2024-12-17T23:37:04.069Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfdc4c28c380ffb80","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltbf6fc4da34fe35bb"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-16T18:26:39.428Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.16.2 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.2 over the previous versions 8.16.1\n\nThe 8.16.2 release contains a fix for a security vulnerability. Please see our [security advisory for more details](https://discuss.elastic.co/c/announcements/security-announcements/31).\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).","modular_blocks":[],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.16.2 released","title_l10n":"Elastic Stack 8.16.2 released ","updated_at":"2024-12-17T20:39:28.847Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-2-released","publish_details":{"time":"2024-12-17T20:39:34.059Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3f18cfd58e6d859e","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"The latest release, version 8.12, marks a significant shift in tuning for Elastic Agent and Beats. Elastic introduces Performance Presets, aiming to simplify the tuning process for users and enhance the default settings for improved performance.","author":["blt7efc3760b8361101","blt61ffae86741bef1a"],"category":["bltb79594af7c5b4199"],"created_at":"2024-01-23T23:23:52.094Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Big improvements to Elastic Agent performance in 8.12","_metadata":{"uid":"cs34a06bd79f0e8d9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe latest release, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-12-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eversion 8.12\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, marks a significant shift in tuning for Elastic Agent and Beats. In this update, Elastic® introduces Performance Presets, aiming to simplify the tuning process for users and enhance the default settings for improved performance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Default setting enhancements","_metadata":{"uid":"cs61430148506f4326"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe default tuning parameters used with Elastic Agent today have been in place since the beginning of Beats and were picked to ensure that data gets into Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e as quickly as possible for analysis. Historically, tweaking performance of Elastic Agent and Beats involved deep knowledge, and benchmarking them for an optimal combination requires even more expertise.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith 8.12, we’ve made tuning Elastic Agent and Beats a thing of the past for the vast majority of customers. We’ve introduced new default settings for Elastic Agent and Beats that:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImprove throughput by up to 50%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce memory usage by 10%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce concurrent connections to Elasticsearch by up to 80%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce Disk I/O in Elasticsearch from Beats/Agent requests by up to 50%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Introducing Performance Presets","_metadata":{"uid":"cs8d8f14954bdfd0e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf the new defaults don’t meet your needs, or perhaps you need more throughput or want to scale to a larger deployment of agents, the next step is not tuning parameters in a YAML file; instead, new Performance Presets take the best practices from our trusted customers, field teams, and performance test beds and allow you to pick the preset that best suits your needs, effectively offering a tailored configurations to meet your diverse performance requirements. Let's explore the four presets and the new \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e option and understand which one suits your needs best:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Balanced ","_metadata":{"uid":"csded08b75ab7bcea2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom 8.12 onward, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eBalanced\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset is the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003edefault\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset and optimizes Elastic Agent to achieve a reasonable level of throughput and resource utilization, making it the preferred choice for a wide array of Elastic Agent use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those of you who are familiar with the various settings available within Beats, here are the exact changes happening to the default values in 8.12. These new defaults increase the Events Per Second throughput (EPS) by 25%.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePlease note:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e These settings may change in future versions as we continue to tune these for the best performance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs2d104c0a286557d0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfiguration\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCurrent Default\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBalanced\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ebulk_max_size\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e50\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1600\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eworkers\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.events\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4096\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3200\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.flush.min_events\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2048\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1600\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.flush.timeout\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e10\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecompression_level\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003econnection_idle_timeout\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e60\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs95d7a03daef25644"}}},{"title_text":{"title_text":[{"title_l10n":"2. Optimized for Throughput","_metadata":{"uid":"cs9621ef658fd9a9b3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Throughput\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset focuses on achieving 4x higher data ingestion rates, making it ideal for scenarios where you need Agent to handle high volumes of events. It takes the best parts of the Balanced preset but more freely consumes CPU and memory and multiplexes events across multiple additional connections to Elasticsearch.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Optimized for Scale","_metadata":{"uid":"cs0e870e6c542bb537"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re deploying Elastic Agent to tens of thousands of systems, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Scale\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset fine-tunes Elastic Agent for gathering lower volumes of host data like logs or metrics but from tens or hundreds of thousands of devices. It takes the best parts of the Balanced preset, but trades a short delay in data ingestion for a total 30x reduction in open connections to Elasticsearch over the defaults. This makes a big difference if you’re using a reverse proxy or load balancer in front of Elasticsearch. This setting’s EPS performance is fairly similar to that of the Balanced setting.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"4. Optimized for Latency","_metadata":{"uid":"cse67a54b025bc7fa2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Latency\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset reduces the time between data ingestion and processing, making it suitable for low throughput but real-time analytics and applications that demand low latency. This preset closely mirrors the pre-8.12 Elastic Agent default settings and is the perfect fallback for any issues encountered testing the newer presets.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn your Elastic environment, it’s important to note that these presets only impact Agents on version 8.12+. Older versions of Agent will continue to use their existing settings.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Custom","_metadata":{"uid":"cs8720d345fa233062"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile presets are designed to simplify the tuning process for Elastic Agent, the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e option allows the user to have more granular control over performance. You can still refer to the old guidance provided by Elastic, which is still relevant on Agent as the \u003cspan data-type='inlineCode'\u003equeue.mem.events\u003c/span\u003e are now also configurable. The old guidance, available \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-tune-elastic-beats-performance-a-practical-example-with-batch-size-worker-count-and-more\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, offers practical examples and insights on tuning Elastic Beats performance, including batch size, worker count, and more.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Configuring the performance Presets","_metadata":{"uid":"cs4e58fe3c142c9bc6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can configure the throughput presets on each Elasticsearch output. As shown below, when editing the Elasticsearch or Remote Elasticsearch output, the user has the option of choosing which preset should apply:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc32486f986fcc750"}}},{"video":{"vidyard_uuid":"SCcB1ZvD1yMLwATCjsFRWn","_metadata":{"uid":"cse0733783bd507ba1"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc7b8646f84c118b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo provide further guidance, the table in our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/fleet/master/es-output-settings.html#es-output-settings-performance-tuning-settings\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epublic documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e shows the effects on EPS throughput performance as a function of the performance of the Balanced preset, for various permutations of these tuning parameters, for users who require more granular control. These parameters can be set when the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e preset is chosen.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn conclusion, Elastic's new Performance Presets provide a convenient way to fine-tune Elastic Agent for different performance requirements. Whether you need a balanced performance, high throughput, scalability, or low latency, these presets offer optimized configurations to meet your needs. Happy tuning!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cem\u003eWhat else is new in Elastic 8.12? Check out the \u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-12-0\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e8.12 announcement post\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cem\u003e to learn more \u0026gt;\u0026gt;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7c1cee14f73e0466"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3089d79ae367e5c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csebfe256ee4f60b74"}}}],"publish_date":"2024-01-29","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8e1fb3c2503581ab","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-01-24T20:23:03.297Z","created_by":"bltb6c155cd84fc0c1a","file_size":"178901","filename":"138291_-_Blog_header_2_V2.jpg","parent_uid":null,"tags":[],"title":"138291_-_Blog_header_2_V2.jpg","updated_at":"2024-01-24T20:23:03.297Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-01-25T14:00:00.311Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8e1fb3c2503581ab/65b171a768334a8547c60095/138291_-_Blog_header_2_V2.jpg"},"title":"Using Elastic Agent Performance Presets in 8.12","title_l10n":"Using Elastic Agent Performance Presets in 8.12","updated_at":"2024-12-17T14:58:54.350Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/using-elastic-agent-performance-presets-in-8-12","publish_details":{"time":"2024-12-17T14:59:02.090Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt38e86b4423818f55","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security excels in the AV-Comparatives Business Security Test — praised for seamless integration and advanced capabilities. With 99.8% malware detection, it shows the power of AI-driven security analytics in defending against today’s threats.","author":["blt014666be75ac5a2b"],"category":["bltb79594af7c5b4199"],"created_at":"2024-12-17T14:06:41.987Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd5ef2ad221991439"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security has achieved remarkable results in the recent \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/tests/business-security-test-2024-august-november/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives Business Security Test\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This independent assessment underscores our commitment to providing world-class malware protection.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why the AV-Comparatives Business Security Test matters","_metadata":{"uid":"cs70494232ad034726"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.av-comparatives.org/consumer/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a highly respected organization that conducts rigorous, independent testing specifically for business endpoint security solutions. Unlike consumer antivirus tests, these evaluations go beyond basic malware detection. They simulate real-world attack scenarios that businesses encounter, including malicious websites, infected devices, and network threats. This multipronged approach provides valuable insights into a product's ability to safeguard businesses from contemporary threats. Performing well in the AV-Comparatives Business Security Test signifies a solution's effectiveness in keeping organizations protected.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Highlights from Elastic Security’s performance","_metadata":{"uid":"cs2313989d556dd36d"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAV-Comparatives recognizes the strength of Elastic Security, emphasizing that\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic Security integrates seamlessly with contemporary cybersecurity frameworks, leveraging the speed and extensibility of the Search AI Platform, making it an essential tool for modern security teams.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e” This acknowledgment highlights our commitment to providing a cutting-edge security solution designed for the current dynamic threat landscape. By harnessing the power of Search AI, our platform delivers rapid, scalable protection that adapts to evolving security needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNearly perfect in Malware Protection Test:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Security’s advanced threat detection engine achieved an impressive 99.8% score in the Malware Protection Test, highlighting its exceptional effectiveness in identifying and mitigating malware threats. This near-perfect result underscores Elastic Security's commitment to staying ahead of the curve in the ever-evolving malware landscape.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTarget real threats with zero false alarms on common business software:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e One of the most frustrating aspects of security software is dealing with false positives. Fortunately, Elastic Security boasts a perfect record of zero false positives on common business software in the test. This translates to a streamlined workflow for your security teams, allowing them to focus on genuine threats instead of wasting time investigating false alarms.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs26df47cd9e0bffa2"}}},{"image":{"image":{"uid":"blt09a09783a88745f3","_version":1,"title":"poll.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-17T14:41:50.152Z","updated_at":"2024-12-17T14:41:50.152Z","content_type":"image/png","file_size":"76291","filename":"poll.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-17T14:42:46.503Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09a09783a88745f3/67618daee72011f591030822/poll.png"},"_metadata":{"uid":"cse193434c9ffaa285"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscca2dd8804de43b7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese results reflect our continuous efforts to enhance security measures and provide reliable protection for businesses of all sizes. Elastic Security stands out as a trusted solution for protecting your organization's data from attacks.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Performance is key to security","_metadata":{"uid":"cs569e93def61f9157"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn today’s cybersecurity landscape, robust malware protection is essential for ensuring a smooth operational baseline. A sluggish device or high resource consumption can be a red flag that often signals the presence of malicious processes. While key security features like advanced threat detection, ransomware defense, and behavior-based protection are vital, system performance plays an equally important role. At Elastic Security, we recognize that effective protection must come without sacrificing system performance. We’ve made it our mission to deliver powerful security capabilities with minimal impact on CPU and memory usage — setting a high standard for how Elastic Agent is developed and maintained.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Get started with Elastic Security","_metadata":{"uid":"csae07809979df13e7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJoin the growing number of businesses that trust Elastic Security to protect their organization against attacks. Experience the peace of mind that comes with knowing your endpoints — and organization as a whole — are secure against the latest threats. Start your Elastic Security \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and discover the difference that our protection can make. Visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style='font-size: 12pt;'\u003eelastic.co/security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more and get started.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor more detailed results and to see the full report, visit \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/tests/business-security-test-2024-august-november/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives Business Security Test 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs207cc984ad909e08"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1388ed704d10132c"}}}],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security among top solutions in AV-Comparatives Business Test","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Delivering exceptional performance and protection in rigorous evaluations","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltac352930d0bd6c7f","ACL":{},"created_at":"2023-11-06T21:36:27.692Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"xdr","label_l10n":"XDR","tags":[],"title":"XDR","updated_at":"2023-11-06T21:36:27.692Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.167Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte41b0699a34eac99","ACL":{},"created_at":"2023-11-06T20:38:53.624Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"edr","label_l10n":"EDR","tags":[],"title":"EDR","updated_at":"2023-11-06T20:38:53.624Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:26.559Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt585cc7cd992d372e","_version":1,"title":"137714 - Blog header_Option 1 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-17T14:06:40.580Z","updated_at":"2024-12-17T14:06:40.580Z","content_type":"image/jpeg","file_size":"101161","filename":"137714_-_Blog_header_Option_1_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-17T14:42:46.521Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt585cc7cd992d372e/67618570333a8645edc2344d/137714_-_Blog_header_Option_1_(1).jpg"},"title":"Elastic Security is a top performer in the latest AV-Comparatives Business Test","title_l10n":"Elastic Security is a top performer in the latest AV-Comparatives Business Test","updated_at":"2024-12-17T14:41:51.440Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-av-comparatives-business-test","publish_details":{"time":"2024-12-17T14:42:45.900Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt00cbd0f80522e6fb","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"Take a peek at how Elasticians around the world are celebrating the holiday season during Decemberfest.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2023-12-14T22:12:25.958Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csda328789e07fae6a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDecember is here and that means holiday celebrations. At Elastic, we call the season’s celebration Decemberfest. It’s a time for all Elasticians to connect, give back, or get decked out in our custom swag.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/culture-life-at-elastic-decemberfest-for-the-holidays\"\u003e\u003cspan style='font-size: 12pt;'\u003eDecemberfest started in 2020\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e when the world had to be 100% virtual and has evolved into our flagship holiday celebration running from the end of November to mid-December.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve always been distributed by design. To uphold that ethos and allow everyone to join the festivities, we have many ways for our Elasticians to celebrate the season. This year, Elasticians have three options to choose from.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIn-office events:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e In-person events are organized in 12 cities with Elastic offices around the world — the offices are decorated for the holidays, allowing Elasticians to celebrate and mingle in person.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCluster-team events:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For those who don’t live near an Elastic office but do live near other Elasticians, cluster teams have put together their own celebrations specific to their region and interests. For example, a cluster in Phoenix, AZ, is hosting a team lunch at a local restaurant, while one in the Netherlands is organizing a Dutch gift swap with a small poem “Sinterklaasgedicht.”\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSwag bags: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe’d never leave out those who \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-create-engaging-employee-events\"\u003e\u003cspan style='font-size: 12pt;'\u003ecan’t join us IRL\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Those who aren’t in close proximity to an in-person event can choose to receive sustainably sourced Elastic swag from the Decemberfest gift shop or 100 Benevity bucks to donate to the charity of their choosing on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-giving-tuesday\"\u003e\u003cspan style='font-size: 12pt;'\u003eGiving Tuesday\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs23357be57279f59f"}}},{"image":{"image":{"uid":"bltb96aeb9a4d734b94","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:03.347Z","created_by":"blte369ea3bcd6ac892","file_size":"1315802","filename":"Arlingtonoffice2.jpg","parent_uid":null,"tags":[],"title":"Arlingtonoffice2.jpg","updated_at":"2024-12-12T00:52:03.347Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.827Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb96aeb9a4d734b94/675a33b3f5804ac0e6db36ed/Arlingtonoffice2.jpg"},"_metadata":{"uid":"csebe4bfb659df8960"},"caption_l10n":"Arlington, VA, USA","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt0959eb2066e56d2b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:28.723Z","created_by":"blte369ea3bcd6ac892","file_size":"159477","filename":"BangaloreOffice.jpeg","parent_uid":null,"tags":[],"title":"BangaloreOffice.jpeg","updated_at":"2024-12-12T00:52:28.723Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.898Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0959eb2066e56d2b/675a33cc333a86c0f5c20b10/BangaloreOffice.jpeg"},"_metadata":{"uid":"cs245d4188d760adf3"},"caption_l10n":"India","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltfb2904c9e97ada2a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:50.345Z","created_by":"blte369ea3bcd6ac892","file_size":"2847026","filename":"BerlinCluster.jpg","parent_uid":null,"tags":[],"title":"BerlinCluster.jpg","updated_at":"2024-12-12T00:52:50.345Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.868Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb2904c9e97ada2a/675a33e2dc7d4184971c33f2/BerlinCluster.jpg"},"_metadata":{"uid":"cse503f636a97d644d"},"caption_l10n":"Germany","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltd3436556607795ca","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:53:18.412Z","created_by":"blte369ea3bcd6ac892","file_size":"898794","filename":"CopenhagenCluster.jpg","parent_uid":null,"tags":[],"title":"CopenhagenCluster.jpg","updated_at":"2024-12-12T00:53:18.412Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.782Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd3436556607795ca/675a33fe4af80bad9bf0d1c5/CopenhagenCluster.jpg"},"_metadata":{"uid":"csec092dedea9f53b7"},"caption_l10n":"Denmark","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt6eef40cb2edf3357","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:07.349Z","created_by":"blte369ea3bcd6ac892","file_size":"899198","filename":"JapanOffice.jpg","parent_uid":null,"tags":[],"title":"JapanOffice.jpg","updated_at":"2024-12-12T00:54:07.349Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.801Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6eef40cb2edf3357/675a342f3f552a5b23e3efe3/JapanOffice.jpg"},"_metadata":{"uid":"cs9aaa768c30c4e662"},"caption_l10n":"Japan","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt77f82b825be06166","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:44.137Z","created_by":"blte369ea3bcd6ac892","file_size":"9045864","filename":"LondonOffice.jpg","parent_uid":null,"tags":[],"title":"LondonOffice.jpg","updated_at":"2024-12-12T00:54:44.137Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.847Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77f82b825be06166/675a3454f0d612cb78b068d9/LondonOffice.jpg"},"_metadata":{"uid":"cs54ff42fa1916dc2d"},"caption_l10n":"England","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltd8c206c9d263ea8d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:46.396Z","created_by":"blte369ea3bcd6ac892","file_size":"1889748","filename":"ParisOffice.jpg","parent_uid":null,"tags":[],"title":"ParisOffice.jpg","updated_at":"2024-12-12T00:54:46.396Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.918Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd8c206c9d263ea8d/675a345619cfd5dd7af0af84/ParisOffice.jpg"},"_metadata":{"uid":"csf58e44f7aaaf57b9"},"caption_l10n":"France","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt4a780b9c5d468a1b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:53.325Z","created_by":"blte369ea3bcd6ac892","file_size":"2188574","filename":"SingaporeOffice.jpg","parent_uid":null,"tags":[],"title":"SingaporeOffice.jpg","updated_at":"2024-12-12T00:54:53.325Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.882Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4a780b9c5d468a1b/675a345d7fae94e6f4bef832/SingaporeOffice.jpg"},"_metadata":{"uid":"cs7dbd07e207b8c4e6"},"caption_l10n":"Singapore","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb1527cd358d3f3ce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo further our worldwide connection, Elasticians can add a recipe to the\u003c/span\u003e\u003cspan style=\"color: rgb(9, 9, 9);font-size: 12pt;\"\u003e Elastic eCookbook, which celebrates our diverse teams through food.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(9, 9, 9);font-size: 12pt;\"\u003eAnd, in the spirit of giving, the workplace experience team has organized giving opportunities to support various charities in cities around the world. From creating Cards for Kindness to support those at risk of social isolation to partnering with organizations like Toys for Tots, our team embraces the joy of giving.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe holidays are always a special time of year. It’s a time for celebration and reflection. As we bring this year to a close, it’s important to us to celebrate our Elasticians — the people who make Elastic, Elastic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWishing you all a joyful holiday season!\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eInterested in joining Elastic? Check out our \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture--decemberfest-elastic-holiday-celebration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eopen roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp; \u003cbr /\u003e\u003cbr /\u003e\u003cem\u003eThis blog was originally published on December 15, 2023.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9cca9c47438eb676"}}}],"publish_date":"2024-12-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt0414045bd4e12b0e","_content_type_uid":"tags_culture"},{"uid":"blt3a53ab5d9bed00eb","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blte0da50ac123d4d0b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-12-14T22:00:29.037Z","created_by":"blte369ea3bcd6ac892","file_size":"164264","filename":"decemberfest-blog-image-720x420-2x.png","parent_uid":null,"tags":[],"title":"decemberfest-blog-image-720x420-2x.png","updated_at":"2023-12-14T22:00:29.037Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2023-12-15T15:00:00.429Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte0da50ac123d4d0b/657b7afd7cafa3c370de7f9e/decemberfest-blog-image-720x420-2x.png"},"title":"Decemberfest is here! How we celebrate the holidays at Elastic","title_l10n":"Decemberfest is here! How we celebrate the holidays at Elastic","updated_at":"2024-12-12T01:16:12.244Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-decemberfest-elastic-holiday-celebration","publish_details":{"time":"2024-12-12T15:00:01.767Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1230],"videoEntries":[[{"uid":"bltd3acdef08d556348","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-01-29T02:57:47.773Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Introduction to Elastic Observability: Built for the future with Search AI","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAre you ready for the next generation of observability? Find out how Elastic Observability delivers simplified onboarding and automated insights to help you detect and resolve issues faster. Take advantage of our comprehensive visibility powered by Search AI. This webinar will cover all of Elastic Observability's core capabilities (logging, metrics, APM, synthetic monitoring, profiling) along with how to apply generative AI and SLOs on our unified platform.\u003c/p\u003e\u003cp\u003eWe'll also review how Elastic Observability future-proofs your organization and how customers are seeing real and measurable benefits today. Find out you can increase operational efficiency and team performance in this fast-paced webinar introducing Elastic Observability.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eIn-depth demonstration of Elastic Observability's capabilities\u003c/li\u003e\u003cli\u003eHow Elastic Observability delivers improvements for IT operations and a better customer experience\u003c/li\u003e\u003cli\u003eHow to future-proof your observability\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/virtual-events/live-elastic-observability-demo\"\u003eHands-on Elastic Observability demo\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/cloud/observability-trial-overview\"\u003eElastic cloud registration\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/lp/observability-maturity-assessment\" target=\"_self\"\u003eObservability maturity assessment\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-03-13T17:00:00.000Z","presenter":["blt6595654c09e95d22","blt29599372767963e8"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Introduction to Elastic Observability: Build for the future with Search AI","seo_description_l10n":"Find out why the next generation of observability will require a new era of speed, scale, and simplicity: Elastic Observability. From open standards to simplified onboarding and automated insights, Elastic helps you detect and resolve issues, faster. Watch this webinar to learn more. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elastic Observability: Built for the future with Search AI","token":"8211527597","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-19T15:25:26.796Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/introduction-to-elastic-observability","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"L2oHWJhEHvDvBzQUkkPonr","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-19T15:25:30.691Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt98b71123abf65157","_version":5,"locale":"en-us","ACL":{},"created_at":"2025-03-17T09:46:42.529Z","created_by":"blte04802f0330f25f7","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Query Quest: Transforming Splunk SPL to Elastic ES|QL","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12248","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eThis multi-part workshop will show you how to transform familiar Splunk® SPL queries into Elastic ES|QL with ease. By bridging these platforms with real-world examples, you’ll learn how the Elastic ES|QL query language can be applied to SPL based use cases.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis series will empower you to understand how Elastic can fit into your organization’s evolving cybersecurity landscape, helping you make informed decisions.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHighlights:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e• Live Demos: Demonstration of Elastic AI Assistant for seamless query conversion.\u003c/p\u003e\u003cp\u003e• Query Techniques and Best Practices: Leverage ES|QL to convert SPL queries, understanding when and why to use specific ES|QL commands. \u003c/p\u003e\u003cp\u003e• Actionable Skills: Master converting SPL to ES|QL queries to achieve desired outcomes with Elastic Security\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cstrong\u003ePrerequisites:\u003c/strong\u003e\u003cstrong\u003e\u003c/strong\u003e• Experience working in Security Operations• Familiar with Splunk SPL query language• Basic understanding of Elastic Security solutions","presentation_date":"2025-04-29T05:00:00.000Z","presenter":["blt0555a58731a0323f"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Query Quest: Transforming Splunk SPL to Elastic ES|QL","seo_description_l10n":"This series will empower you to understand how Elastic can fit into your organization’s evolving cybersecurity landscape, helping you make informed decisions.","seo_keywords_l10n":"Security, Elastic ES|QL, Elasticsearch","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}},{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt5c7c769c44d0a39f","ACL":{},"created_at":"2020-06-17T03:22:38.187Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"automotive-manufacturing","label_l10n":"Automotive \u0026 manufacturing","tags":[],"title":"Automotive \u0026 manufacturing","updated_at":"2020-07-06T22:17:51.159Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.604Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blte0b2951800682f39","ACL":{},"created_at":"2020-06-17T03:23:08.064Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"energy-utilities","label_l10n":"Energy \u0026 utilities","tags":[],"title":"Energy \u0026 utilities","updated_at":"2020-07-06T22:17:47.822Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.528Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt34aaba843e1a6a56","ACL":{},"created_at":"2020-06-17T03:23:40.011Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"food-beverage-hospitality","label_l10n":"Food \u0026 beverage/hospitality","tags":[],"title":"Food \u0026 beverage/hospitality","updated_at":"2020-07-06T22:17:44.469Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.320Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt3f3639d673966a36","ACL":{},"created_at":"2020-06-17T03:24:07.151Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"healthcare","label_l10n":"Healthcare","tags":[],"title":"Healthcare","updated_at":"2020-07-06T22:17:41.344Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.540Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt58f4c3eca4afb6ad","ACL":{},"created_at":"2020-06-17T03:24:20.486Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"media-entertainment","label_l10n":"Media \u0026 entertainment","tags":[],"title":"Media \u0026 entertainment","updated_at":"2020-07-06T22:17:39.186Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.848Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt55fcdf707cf978c2","ACL":{},"created_at":"2020-06-17T03:24:33.455Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"professional-services","label_l10n":"Professional services","tags":[],"title":"Professional services","updated_at":"2020-07-06T22:17:37.861Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.832Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt371b46b1f7be39e3","ACL":{},"created_at":"2020-06-17T03:24:44.114Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retail","label_l10n":"Retail","tags":[],"title":"Retail","updated_at":"2020-07-06T22:17:35.972Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.835Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt7e757baff4a3fec6","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:24.553Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:24.553Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"telecommunication","label_l10n":"Telecommunication","tags":[],"title":"Telecommunication","updated_at":"2020-07-06T22:17:31.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}},{"_version":2,"locale":"en-us","uid":"bltdc295116bb7f305e","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:08.977Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:08.977Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"travel-transportation","label_l10n":"Travel \u0026 transportation","tags":[],"title":"Travel \u0026 transportation","updated_at":"2020-07-06T22:17:27.413Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[{"title":"Practitioner","label_l10n":"Practitioner","keyword":"practitioner","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt945c4bcb7423a5db","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:50:43.688Z","updated_at":"2021-12-16T23:50:43.688Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.186Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Line of Business","label_l10n":"Line of Business","keyword":"line-of-business","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc7c3b39e2e489f59","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:50:29.169Z","updated_at":"2021-12-16T23:50:29.169Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:54.975Z","user":"blt3044324473ef223b70bc674c"}}],"tags_stage":[{"title":"Consideration","label_l10n":"Consideration","keyword":"consideration","hidden_value":true,"tags":[],"locale":"en-us","uid":"bltcc21b70ba839da7d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:48.154Z","updated_at":"2021-12-16T23:51:48.154Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.006Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Query Quest: Transforming Splunk SPL to Elastic ES|QL","token":"e21qgzz1k8","translated_date_l10n":"","translated_time_l10n":"10:30 a.m. IST / 1 p.m. SGT / 3 p.m. AEST ","updated_at":"2025-03-19T06:06:48.335Z","updated_by":"blte04802f0330f25f7","url":"/virtual-events/transforming-splunk-spl-to-elastic-esql","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-19T07:06:02.395Z","user":"blte04802f0330f25f7","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3e3177ed003f2791","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-03-05T19:29:44.157Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":" How Cypris built an AI research platform for production scale on Elastic","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eAMER: 9:00 a.m. PDT, 12:00 p.m. EDT\u003c/p\u003e\u003cp\u003eEMEA: 11:00 a.m. CEST, 2:30 p.m. IST\u003c/p\u003e\u003cp\u003eAPJ: 11:00 a.m. SGT, 1:00 p.m. AEDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eR\u0026amp;D teams operate in a high-stakes environment where speed and accuracy are critical. Cypris, an AI-driven research platform, has transformed how organizations analyze technical and market data — delivering insights in minutes instead of weeks.\u003c/p\u003e\u003cp\u003eJoin this webinar to explore how Cypris built an advanced search and research platform that processes over 500 million data points using Elastic. Learn how the team harnessed vector search, Better Binary Quantization (BBQ), and retrieval-augmented generation (RAG) to optimize relevance, reduce development costs, and scale for rapid enterprise growth.\u003c/p\u003e\u003cp\u003eIf you're working with AI search, vector databases, or retrieval-augmented generation, this session will provide deep technical insights from a real-world, production-scale implementation.\u003c/p\u003e\u003ch4\u003eWhat you'll learn\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eOptimizing AI search at scale:\u003c/strong\u003e How Cypris delivers relevant results across vast data sets with dense vector search.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBuilding a production-ready RAG workflow:\u003c/strong\u003e Key considerations for integrating generative AI into research applications.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eTechnical decisions that drive efficiency:\u003c/strong\u003e Why Cypris chose Elastic for real-time indexing, query performance, and cost-effective scaling.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eMeasurable business impact:\u003c/strong\u003e How these optimizations accelerated report generation and reduced in-house AI development costs.\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/what-is/vector-search\"\u003eWhat is vector search?\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/thin-indexing-shards-elasticsearch-serverless\"\u003e[Featured blog]\u003c/a\u003e Introducing Serverless Thin Indexing Shards\u003c/li\u003e\u003cli\u003e\u003ca href=\"/customers/cypris\"\u003e[Customer story]\u003c/a\u003e Cypris puts Elastic vector search and RAG technologies at the heart of its AI-powered research platform\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://landing.cypris.ai/introduction-to-cypris\"\u003e[Intro to Cypris]\u003c/a\u003e Learn more about Cypris, an AI-powered research platform\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-17T16:00:00.000Z","presenter":["blt2cd6f9b6f7e5b592","bltfc4880a0d9930918","blt8e30adfb69293636"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Cypris built an AI research platform for production scale on Elastic","seo_description_l10n":"Discover the transformative journey of Cypris, an AI-powered research platform, as it scales its operations using vector search with Elastic.","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"How Cypris built an AI research platform for production scale on Elastic","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-11T20:16:06.267Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/how-cypris-built-an-ai-research-platform-on-elastic","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-11T20:18:03.540Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbd5321a530d5b0c6","_version":5,"locale":"en-us","ACL":{},"created_at":"2025-01-10T21:26:13.124Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Solving business challenges with data and AI: Insights from 1,000+ C-Suite Leaders","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eHarnessing the power of data and AI is crucial to solving business challenges, driving innovation, and staying ahead of the competition. Despite significant investments in technology 7 in 10 C-suite executives still struggle to make real-time data-driven decisions in confidence.\u003c/p\u003e\u003cp\u003eIn this webinar, we will discuss the \u003cstrong\u003e5 key insights from 1000+ c-suite, business, and technology leaders\u003c/strong\u003e from our recent research study. Learn about your peer's top business challenges, data problems, and investment priorities (especially AI and generative AI) to see how you can get ahead. Discover why prioritising your data foundation is key to leveraging AI to drive business value.\u003c/p\u003e\u003ch4\u003eKey highlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eBusiness challenges:\u003c/strong\u003e Learn what challenges C-suite leaders across all industries face.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData challenges:\u003c/strong\u003e Discover why 60% of leaders are unsatisfied with the data insights your company generates.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData maturity:\u003c/strong\u003e See why 2 in 3 leaders are behind on data maturity and identify steps to enhance your capabilities.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBusiness impact of data and AI:\u003c/strong\u003e 80% of C-suite executives believe using AI data-driven insights increases revenue. See how data and AI capabilities drive business value.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eGenAI and AI investments:\u003c/strong\u003e Hear from the 93% of executives already investing or planning to invest in generative AI.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDon't miss out—attend the webinar to get the full insights!\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"/resources/portfolio/report/5-insights-csuite-leaders-data-ai\" target=\"_self\"\u003eRead the research report to learn more\u003c/a\u003e.\u003c/p\u003e","presentation_date":"2025-02-19T16:00:00.000Z","presenter":["blt14f762eec103604e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Solving business challenges with data and AI: Insights from 1,000+ C-Suite Leaders","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Solving business challenges with data and AI: Insights from 1,000+ C-Suite Leaders","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-11T17:36:31.621Z","updated_by":"blt7ee4b4a4026b9c0b","url":"/virtual-events/ai-insights-from-thousand-executive-leaders","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"caxyVvkSJowVQp5CqxC9FM","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-11T17:36:37.914Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb0e0bad931802dd6","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-02-21T23:47:28.008Z","created_by":"blt36e890d06c5ec32c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Delivering ROI on AI: How AI transforms security operations","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"Thank you!","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cul\u003e\u003cli\u003eEurope \u0026amp; India: April 1, 2025, at 2:00 p.m. CEST / 6:30 p.m. IST\u003c/li\u003e\u003cli\u003eAmericas: April 1, 2025, at 1:00 p.m. PDT / 4:00 p.m. EDT\u003c/li\u003e\u003cli\u003eAsia-Pacific: April 1, 2025, at 11:00 a.m. SGT / 2:00 p.m. AEDT\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eCyber threats are an ongoing concern for businesses across industries — especially with the speed of AI evolution. Environments and threats are changing rapidly, posing the question: How can AI accelerate security operations?\u003c/p\u003e\n\u003cp\u003eIn this webinar, our panel of experts from Elastic and Microsoft will explore key considerations for investing in AI-driven security analytics. They'll discuss ways organizations can gain greater efficiency and accuracy within security workflows while improving their security posture.\u003c/p\u003e\n\u003cp\u003eGain insights and best practices on building your security AI strategy to stay ahead of threats and attacks. Learn how Elastic and Microsoft are realizing business impact with security AI Assistants for threat intelligence reporting, investigation, and more.\u003c/p\u003e\n\u003ch4\u003eAdditional resources\u003c/h4\u003e\n\n\u003cul\u003e\n \u003cli\u003eExcited about AI and ready to get started? Visit our \u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?ocid=idc-microsoft-security-operations\"\u003eAzure Marketplace listing\u003c/a\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/portfolio/operationalizing-generative-ai-strategic-guide\"\u003eAn executive's guide to operationalizing generative AI\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/platform\"\u003eLearn how to use your data in real time with the Elastic Search AI Platform\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2025-04-01T08:00:00.000Z","presenter":["bltaa21b392f1697213","blt089f6ddbd5d28a07"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Delivering ROI on AI: How AI transforms security operations","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-11T00:07:43.211Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/idc-microsoft-security-operations","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-13T01:56:23.119Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3a2eb4cb63616c25","_version":18,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:49.867Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"pic.png","uid":"blt9c3715d9e5bb29d5","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T07:08:33.277Z","updated_at":"2019-01-05T07:08:33.277Z","content_type":"image/png","file_size":"80896","filename":"pic.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:40:51.565Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9c3715d9e5bb29d5/5c3057f16d4494e30b7b5563/pic.png"},"main_header":{"title_l10n":"Elastic App Search Overview and Demo","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"6648","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6648","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eThe Swiftype team at Elastic introduces a powerful new search product for developers. The new product is called App Search, and it’s a search-as-a-service solution that simplifies the process of building rich search experiences for software applications of every kind — from ecommerce websites, to SaaS applications, to mobile apps.\n\u003c/p\u003e\n\u003cp\u003eRegister for our on-demand recording for an\u0026nbsp;overview and demo of Elastic App Search and gain access to a set of robust APIs and tools for building modern, relevant, user-facing search experiences, all backed by the Elastic Stack.\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003eBuilt on the Elastic Stack and powered by Elasticsearch\u003c/li\u003e\n\t\u003cli\u003eAdd a new search engine to your custom application in minutes\u003c/li\u003e\n\t\u003cli\u003eRobust APIs for indexing content and managing your search engine\u003c/li\u003e\n\t\u003cli\u003eFine-tune results through an intuitive interface\u003c/li\u003e\n\t\u003cli\u003eAdjust search relevance to meet your specific needs\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAdditional Resources (Related content)\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003e\u003ca href=\"/app-search/service?elektra=app-search-overview-demo-webinar\"\u003eFree 14-Day App Search Trial\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"https://swiftype.com/documentation/app-search/getting-started\"\u003eApp Search Documentation\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/elastic-app-search-is-now-generally-available\"\u003eApp Search GA Blog Post\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"https://info.elastic.co/app-search-request-demo.html?baymax=web\u0026elektra=app-search-overview-webinar\"\u003eTalk to a search expert\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2018-06-06T16:00:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["app","swiftype"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"title":"Optimizing","label_l10n":"Optimizing","keyword":"optimizing","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt7731091cfa6e23e8","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:15.070Z","updated_at":"2020-06-17T03:40:15.070Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:15.069Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:51.089Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blte1906c436045dbef","ACL":{},"created_at":"2020-06-17T03:31:19.243Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"app-search","label_l10n":"App search","tags":[],"title":"App search","updated_at":"2020-07-06T22:20:20.511Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.547Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Elastic App Search Overview and Demo","token":"n3mochofrb","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-10T16:44:14.526Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/elastic-app-search-overview-and-demo","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"CZHfZQTSg5BVtY6edfuuRA","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-10T16:45:22.620Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt203719faf31d8266","_version":14,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:09:23.816Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"schema.jpg","uid":"blt382664fd579c9334","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:09:23.935Z","updated_at":"2019-02-04T06:09:23.935Z","content_type":"image/jpeg","file_size":"152780","filename":"schema.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-05T09:34:07.341Z","user":"blt0ac59771801e2eb09befe680"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt382664fd579c9334/5c57d713516e21cf0b2a0f83/schema.jpg"},"main_header":{"title_l10n":"Introducing the Elastic Common Schema","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"3819","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"4797","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhether you’re conducting security analytics, operations analytics, or a different use case altogether, you likely perform centralized analysis of data from diverse sources. Wouldn’t it be useful if you could apply a common data model to all that data to simplify the cross-source analysis and correlation? Say hello to the Elastic Common Schema!\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe Elastic Common Schema (ECS) defines a common set of fields and naming guidelines for ingesting data into Elasticsearch, helping you correlate data from diverse vendors and technologies (e.g., Apache web logs, Cisco NetFlow, Tanium endpoint events). Whether you’re searching your data, exploring it with Kibana, configuring a machine learning job, or configuring an alert, ECS will enhance your productivity and power.\u003c/p\u003e\u003cp\u003eThis webinar will include:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 1em;\"\u003eAn overview of ECS and its benefits\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 1em;\"\u003e\u003c/span\u003eA demo for implementing ECS\u003c/li\u003e\u003cli\u003eBest practices for using ECS for your data\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eResources:\u003c/p\u003e\u003cul\u003e\u003cli\u003eView the \u003ca href=\"https://github.com/elastic/ecs\"\u003eECS GitHub repository\u003c/a\u003e to find a list of standard fields, a contribution guide, and more\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2019-02-12T17:00:00.000Z","presenter":["blt0dbe04e5acc0f969","bltb94a4ee45f7fae74","blt16a7e55c02b91c17"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Introducing the Elastic Common Schema","seo_description_l10n":"The Elastic Common Schema (ECS) defines a common set of fields and naming guidelines for ingesting data into Elasticsearch, helping you correlate data from diverse vendors and technologies (e.g., Apache web logs, Cisco NetFlow, Tanium endpoint events). Whether you’re searching your data, exploring it with Kibana, configuring a machine learning job, or configuring an alert, ECS will enhance your productivity and power.","seo_keywords_l10n":"Elastic, Elasticsearch, ELK, ELK Stack, Elastic Stack, Common, Schema, Elastic Common Schema, ECS, Apache web logs, Cisco NetFlow, Tanium endpoint events, Kibana, machine learning, alert","seo_image":null,"noindex":false},"tags":["elasticsearch"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Introducing the Elastic Common Schema","token":"ii8gpwywiy","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-10T16:43:16.455Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/introducing-the-elastic-common-schema","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"9nCdkV5oM64cQp3hDqbDup","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-10T16:43:58.123Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5ed46b2c2f2f513c","_version":23,"locale":"en-us","ACL":{},"created_at":"2019-02-21T14:01:35.642Z","created_by":"blt5280857d9e24912bc99a2478","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"bltae230213b0a8297c","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2019-02-27T00:34:06.372Z","updated_at":"2019-02-27T00:34:06.372Z","content_type":"image/png","file_size":"165579","filename":"uptime.png","title":"uptime.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-27T21:47:47.711Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltae230213b0a8297c/5c75dafe2b22f9f161d6f994/uptime.png"},"main_header":{"title_l10n":"Elastic Uptime: Actively Monitor the Availability of Your Systems and Services","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6083","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWeb applications continue to rely on an increasing number of services, both internal and external. Operation teams face a wider footprint of things to monitor that are not all in their control. By using the new Elastic Uptime solution, they can detect when services are down or responding slowly. With alerting, they can get proactively notified even before those services are called by the application. If you are already sending logs and metrics to Elasticsearch, the new Uptime solution expands your observability effort into a new dimension. If you’re new to the Elastic Stack, Elastic Uptime is a great way to get started with observability.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eIn this video you'll learn:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe benefits of actively monitoring the services you rely on\u003c/li\u003e\u003cli\u003eAn overview of the Elastic Uptime solution\u003c/li\u003e\u003cli\u003eHow to configure Heartbeat to send uptime data to your Elasticsearch cluster (on prem or in Elastic Cloud)\u003c/li\u003e\u003cli\u003eHow to take advantage of machine learning and alerting with your uptime data\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRelated Content:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/beats/heartbeat\"\u003eHeartbeat - Lightweight Shipper for Uptime Monitoring\u003c/a\u003e \u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/uptime-monitoring-with-heartbeat-and-the-elastic-stack\"\u003eUptime Monitoring with Heartbeat and the Elastic Stack\u003c/a\u003e \u003c/li\u003e\u003cli\u003e\u003ca href=\"/guide/en/beats/heartbeat/6.6/heartbeat-overview.html\"\u003eHeartbeat Overview\u003c/a\u003e \u003c/li\u003e\u003cli\u003e\u003ca href=\"/webinars/using-elastic-beats-and-apm-to-monitor-your-openshift-data\"\u003eUsing Elasticsearch, Beats and Elastic APM to monitor your OpenShift Data\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2019-03-27T16:00:00.000Z","presenter":["blt7b7f066c1eeda22d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Uptime: Actively Monitor the Availability of Your Systems and Services","seo_description_l10n":"Web applications continue to rely on an increasing number of services, both internal and external. Operation teams face a wider footprint of things to monitor that are not all in their control. By using the new Elastic Uptime solution, they can detect when services are down or responding slowly. With alerting, they can get proactively notified even before those services are called by the application. If you are already sending logs and metrics to Elasticsearch, the new Uptime solution expands your observability effort into a new dimension. If you’re new to the Elastic Stack, Elastic Uptime is a great way to get started with observability.","seo_keywords_l10n":"Elastic, Elastic Stack, ELK, ELK Stack, Elasticsearch, monitor, monitoring, Elastic Uptime, uptime, Heartbeat, Elasticsearch cluster, machine learning, alerting","seo_image":{"uid":"bltae230213b0a8297c","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2019-02-27T00:34:06.372Z","updated_at":"2019-02-27T00:34:06.372Z","content_type":"image/png","file_size":"165579","filename":"uptime.png","title":"uptime.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-27T21:47:47.711Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltae230213b0a8297c/5c75dafe2b22f9f161d6f994/uptime.png"},"noindex":false},"tags":["uptime","monitoring","machine learning","alerting"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":7,"locale":"en-us","uid":"bltab0bd43c3f7d586d","ACL":{},"created_at":"2020-06-17T03:32:33.672Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"uptime-monitoring","label_l10n":"Uptime monitoring","tags":[],"title":"Uptime monitoring","updated_at":"2021-04-09T06:48:48.376Z","updated_by":"bltcb593abdd43b4039","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.250Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Elastic Uptime: Actively monitor the availability of your systems and services","token":"jrytc6fjue","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-10T16:42:38.310Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/elastic-uptime-monitoring-actively-monitor-the-availability-of-your-systems-and-services","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"yWFcwqWjuLfqScvFCVRtmE","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-10T16:42:55.600Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6e440239b7e08cf1","_version":29,"locale":"en-us","ACL":{},"created_at":"2019-04-05T14:54:08.925Z","created_by":"blt5280857d9e24912bc99a2478","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"bltbe089d60ac2113e2","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2019-04-08T16:56:52.877Z","updated_at":"2019-04-08T16:56:52.877Z","content_type":"image/jpeg","file_size":"183096","filename":"spotting-security-anomalies.jpg","title":"spotting-security-anomalies.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-08T16:58:15.816Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbe089d60ac2113e2/5cab7d54037f9c9d783e6dd3/spotting-security-anomalies.jpg"},"main_header":{"title_l10n":"Spotting Security Anomalies with the new Elasticsearch Maps and Uptime features in the Elastic (ELK) Stack","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6083","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWith the launch of \"\u003ca href=\"/solutions/maps\"\u003eMaps\u003c/a\u003e\" and \"\u003ca href=\"/solutions/uptime-monitoring\"\u003eUptime\u003c/a\u003e\", we’ve given users of the Elastic Stack even more ways of analysing data sets and spotting issues within their environments. The use of these features may be fairly obvious in a network operations, business analytics or operational analytics context - but what about security operations?\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eElastic’s lightweight heartbeat agent can periodically monitor several network services such as http(s), TCP and ICMP endpoints. Within seconds, the data finds its way into Elasticsearch and is immediately viewable in the new curated uptime UI. We have other beats such as Filebeat and Packetbeat, as well as logstash plugins, which can gather data sources with IP addresses and enrich them with geo location information. Now, with a dedicated UI for maps, we can layer several different data sources which contain geo points, aggregate them, correlate against other metrics, and more.\n\u003c/p\u003e\u003cp\u003eIn this webinar, James Spiteri, Elastic Solutions Architect, Cyber Security Specialist, and Nicholas Palmer, Elastic Solutions Architect, show you how one can use the Maps and Uptime features to spot anomalies in security data sets.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eThis\u0026nbsp;demo will show:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eHow to use heartbeat and uptime to spot potential security anomalies (WAF failures, TLS certificate expiry, irregular latency etc).\u003c/li\u003e\n\t\u003cli\u003eUsing maps to layer several different security data sources with geo points\u003c/li\u003e\n\t\u003cli\u003eCreate machine learning jobs and alerts based on the heartbeat datasets\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAdditional Resources:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eDocs\n\t\u003cul\u003e\n\t\t\u003cli\u003e\u003ca href=\"/guide/en/beats/heartbeat/current/heartbeat-getting-started.html\"\u003eGetting Started with Heartbeat\u003c/a\u003e \u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\t\u003cli\u003eBlog\n\t\u003cul\u003e\n\t\t\u003cli\u003e\u003ca href=\"/blog/elastic-uptime-monitoring-solution-released\"\u003eUptime Introduction Blog\u003c/a\u003e\u003c/li\u003e\n\t\u003c/ul\u003e\n\t\u003cul\u003e\n\t\t\u003cli\u003e\u003ca href=\"/blog/elastic-maps-beta-released\"\u003eElastic Maps Released\u003c/a\u003e\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\t\u003cli\u003eVideos\n\t\u003cul\u003e\n\t\t\u003cli\u003e\u003ca href=\"/webinars/elastic-maps-for-geospatial-analysis\"\u003eElastic Maps for Geospatial Analysis\u003c/a\u003e\u003c/li\u003e\n\t\t\u003cli\u003e\u003ca href=\"/webinars/elastic-uptime-monitoring-actively-monitor-the-availability-of-your-systems-and-services\"\u003eElastic Uptime: Actively Monitor the Availability of Your Systems and Services\u003c/a\u003e\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2019-04-18T08:00:00.000Z","presenter":["blt47281ee31f9b7aa9","bltcf0784b64eb8a96d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Spotting Security Anomalies with the new Elasticsearch Maps and Uptime features in the Elastic (ELK) Stack","seo_description_l10n":"Elastic’s lightweight heartbeat agent can periodically monitor several network services such as http(s), TCP and ICMP endpoints. Within seconds, the data finds its way into Elasticsearch and is immediately viewable in the new curated uptime UI. We have other beats such as Filebeat and Packetbeat, as well as logstash plugins, which can gather data sources with IP addresses and enrich them with geo location information. Now, with a dedicated UI for maps, we can layer several different data sources which contain geo points, aggregate them, correlate against other metrics, and more.","seo_keywords_l10n":"ELK, ELK Stack, Elastic, Elasticsearch, elasticsearch, TCP, ICMP, Filebeat, Uptime, UI, Packbeat, logstash, geo, maps","seo_image":{"uid":"bltbe089d60ac2113e2","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2019-04-08T16:56:52.877Z","updated_at":"2019-04-08T16:56:52.877Z","content_type":"image/jpeg","file_size":"183096","filename":"spotting-security-anomalies.jpg","title":"spotting-security-anomalies.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-08T16:58:15.816Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbe089d60ac2113e2/5cab7d54037f9c9d783e6dd3/spotting-security-anomalies.jpg"},"noindex":false},"tags":["security","uptime","maps"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":7,"locale":"en-us","uid":"bltab0bd43c3f7d586d","ACL":{},"created_at":"2020-06-17T03:32:33.672Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"uptime-monitoring","label_l10n":"Uptime monitoring","tags":[],"title":"Uptime monitoring","updated_at":"2021-04-09T06:48:48.376Z","updated_by":"bltcb593abdd43b4039","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.250Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltd609f5ed6cf2db23","ACL":{},"created_at":"2020-06-17T03:33:07.306Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"geospatial","label_l10n":"Geospatial","tags":[],"title":"Geospatial","updated_at":"2020-07-06T22:20:11.933Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.430Z","user":"blt36e890d06c5ec32c"}}],"timezone":{"title_l10n":"","url":""},"title":"Spotting Security Anomalies with the new Elasticsearch Maps and Uptime features in the Elastic (ELK) Stack","token":"fmqr00vzy5","translated_date_l10n":"","translated_time_l10n":"9 am BST / 10 am CEST / 4 pm SGT","updated_at":"2025-03-10T16:41:54.604Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/spotting-security-anomalies-with-the-new-elasticsearch-maps-and-uptime-features-in-the-elastic-elk-stack","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"9NDWfDhacSpXt1gCKefyQe","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-10T16:42:15.159Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltdc1d04aeda803ff2","_version":25,"locale":"en-us","ACL":{},"created_at":"2019-05-02T22:15:02.564Z","created_by":"blta5fd9e464c6ed162","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt643d8df6107ea0b3","created_by":"blta5fd9e464c6ed162","updated_by":"blta5fd9e464c6ed162","created_at":"2019-05-06T20:29:48.262Z","updated_at":"2019-05-06T20:29:48.262Z","content_type":"image/jpeg","file_size":"175683","filename":"IMAGE1-elastic-enterprise-search-ui-better.jpg","title":"IMAGE1-elastic-enterprise-search-ui-better.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-06T20:56:11.900Z","user":"blta5fd9e464c6ed162"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt643d8df6107ea0b3/5cd0993cdce922a269a6129c/IMAGE1-elastic-enterprise-search-ui-better.jpg"},"main_header":{"title_l10n":"Getting started with Elastic Enterprise Search (Beta)","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eNote (January 27, 2020):\u003c/strong\u003e The Elastic Enterprise Search product has been renamed to Elastic Workplace Search. Our suite of search products — \u003ca href=\"https://www.elastic.co/app-search\" target=\"_blank\"\u003eApp Search\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/site-search\" target=\"_blank\"\u003eSite Search\u003c/a\u003e, and \u003ca href=\"https://www.elastic.co/workplace-search\" target=\"_blank\"\u003eWorkplace Search\u003c/a\u003e — are now a part of our broader \u003ca href=\"https://www.elastic.co/enterprise-search\" target=\"_blank\"\u003eElastic Enterprise Search\u003c/a\u003e solution.\n\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWith its ease of deployment, pre-tuned relevance, intuitive interface, and hassle-free administration, Elastic Enterprise Search (Beta) provides a powerful yet simple way to apply the relevance, scale, and speed of Elasticsearch to your organizational search needs. When you create a single source of truth, people can spend less time finding and more time doing.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eLearn how to spin up the all-new Elastic Enterprise Search on your own hardware at no charge during the beta period, and start instantly indexing content across a variety of common cloud applications (Salesforce, Dropbox, Drive, GitHub, or connect to any source with the Custom Source API).\n\u003c/p\u003e\u003cp\u003eWebinar Highlights:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eGet a rundown of downloading, prerequisites, and beta details \u003c/li\u003e\n\t\u003cli\u003eReview common cloud and enterprise data sources\u003c/li\u003e\n\t\u003cli\u003eUnderstand different search capabilities: weights, autocomplete, facets, and more\u003c/li\u003e\n\t\u003cli\u003eMonitor and customize the search experience\u003c/li\u003e\n\t\u003cli\u003eLearn how to get involved in the Elastic community\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAdditional Resources:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003e\u003ca href=\"https://elastic.co/downloads/enterprise-search\"\u003eDownload Enterprise Search Beta\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"https://swiftype.com/documentation/enterprise-search\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"https://elastic.co/blog/elastic-enterprise-search-beta1-released\"\u003eBlog post\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"https://elastic.co/solutions/enterprise-search\"\u003eEnterprise Search Solution\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2019-06-05T16:00:00.000Z","presenter":["blt6f8c1e29600b488b","blt70c76c99e0846d48"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting started with Elastic Enterprise Search (Beta)","seo_description_l10n":"With its ease of deployment, pre-tuned relevance, intuitive interface, and hassle-free administration, Elastic Enterprise Search (Beta) provides a powerful yet simple way to apply the relevance, scale, and speed of Elasticsearch to your organizational search needs.","seo_keywords_l10n":"enterprise search, elastic enterprise search","seo_image":null,"noindex":false},"tags":["enterprise search"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Getting started with Elastic Enterprise Search (Beta)","token":"hDHHoz425V","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-10T16:40:57.654Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/getting-started-with-elastic-enterprise-search-beta","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"LLzZy8WpabFk1DdjB9XPvY","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-10T16:41:19.531Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt473a16a5cbcef8e7","_version":12,"locale":"en-us","ACL":{},"created_at":"2024-11-06T00:22:14.963Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Delivering ROI on AI: How AI transforms customer support efficiency","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eDiscover how a leading technology company built an AI assistant to increase customer and support efficiency and realized a return on investment in less than four months.\u003c/p\u003e\u003cp\u003eExperts from Microsoft, Elastic, and IDC discuss business and technical considerations of optimizing large language models (LLMs) for generative AI applications to deliver business value.\u003c/p\u003e\u003cp\u003eThis discussion will highlight the importance of cost-tracking, AI KPIs, and key business metrics, offering a clear roadmap to returns on your AI investment.\u003c/p\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eJoin our \u003ca href=\"http://events.elastic.co/microsoftworkshopshub/webinar\"\u003eMarch roundtables\u003c/a\u003e for an in-depth, in-person exploration. Meet experts and gain insights!\u003c/li\u003e\u003cli\u003eExcited about AI and like to get started? Visit our \u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?ocid=microsoft-elastic-support-assistant\"\u003eAzure Marketplace listing.\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/portfolio/operationalizing-generative-ai-strategic-guide\" target=\"_self\"\u003eAn executive's guide to operationalizing generative AI\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/pdf/elastic-on-elastic-support-assistant.pdf\" target=\"_self\"\u003eElastic on Elastic: Support Assistant Case Study\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/platform\" target=\"_self\"\u003eLearn how to use your data in real time with the Elastic Search AI Platform\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-01-28T21:00:00.000Z","presenter":["blt53f53e1c547f2110","blt57f0334083eb9790","blte0652df2f117e695","blt089f6ddbd5d28a07"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Delivering ROI on AI: How AI transforms customer support efficiency","token":"5346","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-10T16:22:01.618Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/microsoft-elastic-support-assistant","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"KFJherZAs6jxzV7EyaAUVn","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-10T16:22:07.028Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6bcafd2e9d5c3727","_version":11,"locale":"en-us","ACL":{},"created_at":"2025-01-03T22:49:55.229Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"2025 technical trends: Embracing the era of choice to bring GenAI into production","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs the landscape of artificial intelligence continues to evolve at an unprecedented pace, 2025 is poised to be the year where choices redefine the future of technology.\u003c/p\u003e\u003cp\u003eOur upcoming virtual event delves into the emerging technical trends in search and highlights the transformative potential of generative AI (GenAI) as ideas move from experimentation to production. Join industry leaders, AI pioneers, and technical experts as we explore the critical decisions that will shape the deployment of GenAI in the coming year.\u003c/p\u003e\u003cp\u003eThis event is designed for technical leaders, data scientists, AI practitioners, and developers who are keen on understanding the pivotal trends and choices that will drive GenAI in 2025. Learn how to stay ahead of the curve by successfully bringing GenAI solutions into production, heralding a new era of technological innovation and operational excellence.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eChoice of AI Providers:\u003c/strong\u003e Examine the expanding ecosystem of GenAI technology, comparing offerings from various providers. Understand the implications of choosing the right model based on factors such as performance, cost, and ethical considerations.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eWorkflow Customization:\u003c/strong\u003e Discover innovative tools and frameworks that enable streamlined creation and deployment of AI workflows like retrieval augmented generation (RAG). Learn how to meet specific business needs with tailored solutions that ensure scalability and efficiency.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eIntegrations:\u003c/strong\u003e Identify best practices for integrating GenAI into existing systems and workflows. Explore strategies to ensure compatibility and seamless operation across environments.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eFuture-Proofing AI Investments:\u003c/strong\u003e Learn how to make strategic decisions that safeguard your AI investments against rapid technological changes and market shifts.\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eLooking for more general GenAI trends? Check out the \u003ca href=\"/resources/search/analyst-report/idc-how-advances-ai-changed-game\"\u003elatest research from IDC\u003c/a\u003e on how search has advanced in the era of AI.\u003c/li\u003e\u003cli\u003eExplore the \u003ca href=\"/partners/ai-ecosystem\"\u003eElastic AI Ecosystem,\u003c/a\u003e which offers developers prebuilt Elasticsearch vector database \u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003eintegrations\u003c/a\u003e from a trusted network of industry-leading AI companies.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-02-27T17:00:00.000Z","presenter":["blt22c162f71dbc7943","blt6cc24a383769a34f","blt96df47be2dea5b85","blt9d00569d44cf03ea"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"2025 technical trends: Embracing the era of choice to bring GenAI into production","seo_description_l10n":"As organizations bring their GenAI experiences from experimentation to production, 2025 is poised to be the year where choices redefine the future of technology. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"2025 technical trends: Embracing the era of choice to bring GenAI into production","token":"9456508911","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T19:15:11.222Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/2025-technical-search-trends","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"d8pTymFG6ocuTdUpt8S11z","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-07T19:15:14.954Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0dcd30a4d5512c65","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-03-06T19:28:15.985Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Analyzing the economic impact of AI-driven security analytics","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eAMER: 9:00 a.m. PDT, 12:00 p.m EDT \u003c/p\u003e\u003cp\u003eEMEA: 11:00 a.m. CEST, 2:30 p.m. IST \u003c/p\u003e\u003cp\u003eAPJ: 11:00 a.m. SGT, 2:00 p.m. AEDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eEmpowering security team members to accelerate their operations is critical to the success of your SOC. But how is this possible when data volumes, attack surface, and costs are constantly growing? You need AI-driven security analytics.\u003c/p\u003e\u003cp\u003eJoin us in this webinar to explore how Sierra Nevada Corporation unlocked efficiencies with Elastic Security's AI-driven security analytics. Plus, learn about the economic impact Elastic Security is providing to teams through analysis from Informa TechTarget's Enterprise Strategy Group. You'll come away with best practices to share with your team, including tools and assets to substantiate your security investments.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cp\u003eLearn how Elastic Security customers, including Sierra Nevada Corporation, realized the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003e74% of full-time security employees' hours reclaimed\u003c/li\u003e\u003cli\u003e42%–56% reduction in the total cost of ownership\u003c/li\u003e\u003cli\u003e36% reduction in annual risk exposure\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eIDC analyst report: \u003ca href=\"/explore/security-without-limits/elastic-ai-assistant-analyst-report\"\u003eThe Elastic AI Assistant Advantage\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEMA analyst report: \u003ca href=\"/security/elastic-ai-assistant-simplifies-cybersecurity\"\u003eAI at your fingertips: How Elastic AI Assistant simplifies cybersecurity\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/lp/security/ai-assistant-resume\"\u003eElastic AI Assistant resume\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-16T17:00:00.000Z","presenter":["blt14f762eec103604e","blt02410229abe49649","bltc0a74c17a24dca91"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Analyzing the economic impact of AI-driven security analytics","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Analyzing the economic impact of AI-driven security analytics","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T17:24:48.171Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/analyzing-the-economic-impact-of-ai-driven-security-analytics","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-11T20:03:32.774Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1e376f7b498fe403","_version":9,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:20:28.161Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"New Geo Capabilities with 5.0.png","uid":"blt68edc0d86ef94edb","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T13:59:06.247Z","updated_at":"2019-02-04T13:59:06.247Z","content_type":"image/png","file_size":"27244","filename":"New_Geo_Capabilities_with_5.0.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:32:31.785Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt68edc0d86ef94edb/5c58452aeab90dd80b53f1f4/New_Geo_Capabilities_with_5.0.png"},"main_header":{"title_l10n":"New Geo Capabilities with 5.0","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","gdpr_load_id":"","success_message_l10n":"","cta_title_l10n":"","fallback":"","gdpr_text":[]},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eThe Elastic Stack 5.0 is released and part of the release was improved geo capabilities. \u0026nbsp;This webinar will cover everything you wanted to know about geo and Elasticsearch. Get advice on field mapping strategies, learn about geo aggregations and visualizations for exploratory spatial data analysis, as well as get insights into new spatial data structures being added to Lucene and Elasticsearch.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eAgenda Includes:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eElastic Stack 5.1 Overview\u003c/li\u003e\u003cli dir=\"ltr\"\u003eGeo field types\u003c/li\u003e\u003cli dir=\"ltr\"\u003eGeo indexing\u003c/li\u003e\u003cli dir=\"ltr\"\u003eGeo search\u003c/li\u003e\u003cli dir=\"ltr\"\u003eGeo aggregations\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLive Q\u0026amp;A\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eIf you can’t join us live, register anyway and we’ll ship you the recording and slides.\u003c/p\u003e\u003cdiv\u003e\u003cbr /\u003e\u003c/div\u003e","presentation_date":"2016-12-20T17:00:00.000Z","presenter":["blt0683a897e123952b","blt33bd88de6b213c4f"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltd609f5ed6cf2db23","ACL":{},"created_at":"2020-06-17T03:33:07.306Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"geospatial","label_l10n":"Geospatial","tags":[],"title":"Geospatial","updated_at":"2020-07-06T22:20:11.933Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.430Z","user":"blt36e890d06c5ec32c"}}],"timezone":{"title_l10n":"","url":""},"title":"New Geo Capabilities with 5.0","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:28:38.715Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/new-geo-capabilities-for-elasticsearch-5.0","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"Hr4Y8ULHJ72RMZT4xPggTc","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:28:42.735Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd0e3be58c183881d","_version":8,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:47.828Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt028a8c04c57dab3a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-10T09:55:49.409Z","updated_at":"2018-10-10T09:55:49.409Z","content_type":"image/jpeg","file_size":"66614","filename":"ingesting-more-with-elastic-webinar.jpg","title":"ingesting-more-with-elastic-webinar.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:40:51.565Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt028a8c04c57dab3a/5bbdcca520bcc78f36235ee5/ingesting-more-with-elastic-webinar.jpg"},"main_header":{"title_l10n":"Ingesting More with the Elastic Stack","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","gdpr_load_id":"","success_message_l10n":"","cta_title_l10n":"","fallback":"","gdpr_text":[]},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWe realize you have acres of data, and Elastic has the right tools to ingest and unify everything to your desire. Come join us to learn more about the Elastic ingestion suite and some use cases you can leverage to drive additional value. \u0026nbsp;We’ll stitch together popular data sources and show how to keep your in-flight data safe with our security features and integrations.\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eThe data ingestion journey with the Elastic Stack\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLogstash and Beats use cases - you know, for ingest...\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSecuring your data flow from end-to-end\u003c/li\u003e\u003cli dir=\"ltr\"\u003eHadoop \u0026amp; friends\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2016-05-25T16:00:00.000Z","presenter":["bltfe1fd513e0662fbc","bltac9c8eef342a33ed"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Ingesting More with the Elastic Stack","token":"w1wpj5kemk","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:27:40.562Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/ingesting-more-with-the-elastic-stack","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"Z718CF23A5nRz7wQk4T52G","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:27:44.198Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1d87eb8bf2bce5ca","_version":6,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:12:55.949Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt0cdbabdfd2a3893b","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T08:55:56.546Z","updated_at":"2018-10-09T08:55:56.546Z","content_type":"image/png","file_size":"20893","filename":"video-level-up-your-cluster.png","title":"video-level-up-your-cluster.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:39:13.630Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0cdbabdfd2a3893b/5bbc6d1cbecc14715d488a86/video-level-up-your-cluster.png"},"main_header":{"title_l10n":"Level Up Your Cluster: Upgrading Elasticsearch","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","gdpr_load_id":"","success_message_l10n":"","cta_title_l10n":"","fallback":"","gdpr_text":[]},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eFor some, upgrading can be the bane of their job. Does the latest version fix any bugs that affect my cluster? Will the new minor release break my system?\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"margin-top: 0pt;margin-bottom: 0pt;\" rel=\"margin-top: 0pt; margin-bottom: 0pt;\"\u003eOften, users decide to upgrade based on a new feature they need, or a bug fix that affects them. But upgrading can have other benefits, like improved performance and decreased index size. In this webinar, Ryan Ernst, Elastic Developer and Lucene Committer,\u0026nbsp;will explore why upgrading can help you, what questions to ask yourself before\u0026nbsp;upgrading, and how to actually perform that pesky upgrade with minimal misery.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWatch now and download the latest version of \u003ca href=\"https://www.elastic.co/downloads/elasticsearch\" target=\"_blank\"\u003eElasticsearch\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAlso, simplify your upgrade process and stay on the latest version of the stack by switching to Elasticsearch Service\u0026nbsp;with a \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup?elektra=level-up-cluster-video\"\u003efree 14 day trial.\u003c/a\u003e\u0026nbsp;\u003c/p\u003e","presentation_date":"2015-06-30T16:00:00.000Z","presenter":["bltd9feb033b1349273"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["elasticsearch","webinar","developing"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Level Up Your Cluster: Upgrading Elasticsearch","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:26:34.009Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/upgrading-elasticsearch","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"VQhSCfkZuEQVXER4QT5zRf","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:26:37.930Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta365672e5efc6a5d","_version":6,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:09:39.801Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt9d4080a08757453b","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T09:35:11.728Z","updated_at":"2018-10-09T09:35:11.728Z","content_type":"image/png","file_size":"11492","filename":"video-open-source-trends-insights.png","title":"video-open-source-trends-insights.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:41:37.717Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d4080a08757453b/5bbc764f831347c0148ae69e/video-open-source-trends-insights.png"},"main_header":{"title_l10n":"Open Source Trends and Insights - A Conversation with the Experts","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","gdpr_load_id":"","success_message_l10n":"","cta_title_l10n":"","fallback":"","gdpr_text":[]},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic and 451 Research for a discussion on trends and developments in the open source landscape. Gaurav Gupta (Vice-President of Product Management, Elastic), Steve Mayzak (Senior Director of Worldwide Solutions Architecture at Elastic), and Jay Lyman (Research Manager at 451 Research) will cover growing top-down adoption of Open Source technologies, why companies buy subscriptions, trends in Shadow IT, and commercial drivers in Open Source.\u003c/p\u003e","presentation_date":"2015-09-16T16:00:00.000Z","presenter":["bltf8a28ed7f286abad","bltf7bd920c871e639e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Open Source Trends and Insights - A Conversation with the Experts","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:25:24.162Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/open-source-trends-and-insights","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"yzLMNHCN7Uxr6AokdFRDfz","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:25:31.544Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd7206cb6bbeceb26","_version":7,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:58.241Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blteb61e45cffff3151","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T08:56:00.600Z","updated_at":"2018-10-09T08:56:00.600Z","content_type":"image/png","file_size":"10143","filename":"video-launch-evolve-elasticsearch-deployment.png","title":"video-launch-evolve-elasticsearch-deployment.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:21.189Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blteb61e45cffff3151/5bbc6d2063ed239936a7d91c/video-launch-evolve-elasticsearch-deployment.png"},"main_header":{"title_l10n":"Launch and Evolve Your Elasticsearch Deployment","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eIt’s no secret that Elasticsearch is easy to get up and running. Often, users get started solving one problem, say application search, and find they can tackle many more use cases, like log analytics, multi-language search, geospatial applications, and more. That’s what makes us, you know, elastic. \u0026nbsp;\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.499999942779541;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.499999942779541;margin-top:0pt;margin-bottom:0pt;\"\u003eIn this webinar, Christian Dahlqvist, Elastic Solutions Architect, will present best practices on how to easily get up and running with Elasticsearch. Salvatore Vadacca, Technical Team Leader, at JobRapido, will showcase real life examples about how JobRapido leveraged and expanded their Elasticsearch usage, from storing key values to:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.499999942779541;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.499999942779541;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eSearching across multiple languages (18 languages in 58 countries)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eUsing the Elasticsearch percolator feature for\u0026nbsp;job classification\u003c/li\u003e\u003cli dir=\"ltr\"\u003eManaging and organizing job locations\u0026nbsp;with path analyzers\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2015-07-08T16:00:00.000Z","presenter":["blt9c76b7f20a136f34","blte305d0d8f427e122"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["elasticsearch","webinar","analytics","technology","scaling"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Launch and Evolve Your Elasticsearch Deployment","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:16:35.226Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/launch-and-evolve-your-es-deployment","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"wNHzmi6mqvqLMkYGG26hqY","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:16:38.759Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9c0084614b17d7dc","_version":8,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:52.231Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt2aa48f474a83198c","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T09:17:44.638Z","updated_at":"2018-10-09T09:17:44.638Z","content_type":"image/png","file_size":"18978","filename":"video-elasticsearch-netsuite-speed-scale-security.png","title":"video-elasticsearch-netsuite-speed-scale-security.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:21.189Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2aa48f474a83198c/5bbc72383bd14fb77f741b5c/video-elasticsearch-netsuite-speed-scale-security.png"},"main_header":{"title_l10n":"Elasticsearch at NetSuite: Speed, Scale, and Security","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eJoin us for a live webinar to hear Bryan Washer, Principal Site Reliability Engineer at NetSuite, discuss how NetSuite is scaling their Elasticsearch deployment to better serve their clients and internal needs.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eTopics covered:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eNetSuite’s Elasticsearch architecture to ingest 3 billion daily events\u003c/li\u003e\u003cli dir=\"ltr\"\u003eScale to handle a petabyte of data\u003c/li\u003e\u003cli dir=\"ltr\"\u003eMeet security needs like HIPAA, EU, PACRIM, PCI/DSS with Shield\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eBryan will be joined by Marty Messer, VP of Customer Care, and Steve Kearns, Director of Product Management.\u0026nbsp;\u003c/p\u003e","presentation_date":"2015-08-12T16:00:00.000Z","presenter":["bltda363d8e512a1c1e","blta88061c105b8011d","bltb068a3d5b604f364"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}},{"title":"Scaling","label_l10n":"Scaling","keyword":"scaling","hidden_value":true,"tags":[],"locale":"en-us","uid":"bltbafe1bd178271a4e","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:27.127Z","updated_at":"2020-06-17T03:40:27.127Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:27.127Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-23T10:32:18.015Z","user":"blt3e52848e0cb3c394"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elasticsearch at NetSuite: Speed, Scale, and Security","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:15:26.935Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/speed-scale-and-security","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"HMYWhzkDPc17KkGyopEtJx","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:15:30.543Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt342acba62c7f0c3d","_version":8,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:50.238Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt4b8b5f5984744f1f","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T09:17:35.139Z","updated_at":"2018-10-09T09:17:35.139Z","content_type":"image/png","file_size":"11298","filename":"video-logstash-plugins1-5.png","title":"video-logstash-plugins1-5.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:21.189Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4b8b5f5984744f1f/5bbc722f7498f42b0c1a6275/video-logstash-plugins1-5.png"},"main_header":{"title_l10n":"Logstash Plugins Ecosystem and Security","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Logstash creator, Jordan Sissel and Logstash\u0026nbsp;Team Lead, Suyog Rao for a presentation and discussion on what’s new with Logstash 1.5 including:\u003cbr /\u003e\u003c/p\u003e\u0026gt;\u003cul\u003e\u003cli dir=\"ltr\"\u003eNew Plugin Ecosystem with Examples\u003c/li\u003e\u003cli dir=\"ltr\"\u003eIntegrating Logstash with Security\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eAlerting and Logstash\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"line-height: 1.6em;background-color: initial;\"\u003eDownload and start playing around with the latest version, \u003c/span\u003e\u003ca href=\"http://www.elastic.co/downloads/logstash\"\u003eLogstash 5.2.0\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e","presentation_date":"2015-08-19T16:00:00.000Z","presenter":["blt8ba74c7c0a468fe7","bltac9c8eef342a33ed"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["logstash","webinar"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt8adcbb1adf4f30dc","ACL":{},"created_at":"2020-06-17T03:37:36.199Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack-security","label_l10n":"Stack security","tags":[],"title":"Stack security","updated_at":"2020-06-17T03:37:36.199Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-07T20:06:58.974Z","user":"blt36e890d06c5ec32c"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Logstash Plugins Ecosystem and Security","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:14:31.911Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/logstash-1-5-plugins","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"nhSdvGYYuSW32NNLU2hz1k","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:14:36.152Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd03ec406767eb1f6","_version":6,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:48.242Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt26f0a738c045b57d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T09:35:09.651Z","updated_at":"2018-10-09T09:35:09.651Z","content_type":"image/png","file_size":"11376","filename":"video-kafka-integration.png","title":"video-kafka-integration.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:21.189Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt26f0a738c045b57d/5bbc764d63ed239936a7d9f2/video-kafka-integration.png"},"main_header":{"title_l10n":"Kafka Integration with the ELK Stack and its Use at LinkedIn","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eJoin LinkedIn Senior Site Reliability Engineer, Tin Le, and Elastic developer, Tal Levy, for a presentation and discussion on ways of using Kafka with Logstash \u0026amp; Elasticsearch.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eLearn how to scale Logstash using Kafka, including architecture and configuration, and hear from LinkedIn about how they are using Kafka with Elasticsearch to monitor their services.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eThis webinar will also cover:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eLogstash 1.5 Kafka input/output plugins\u003c/li\u003e\u003cli dir=\"ltr\"\u003eMonitoring Kafka JMX reporter statistics using the Elasticsearch, Logstash, and Kibana\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLive Kibana demo to collect and analyze Kafka JMX bean statistics\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLinkedIn’s use of Kafka and set-up to scale them to 875 billion daily messages and 700 TB/day\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2015-09-10T16:00:00.000Z","presenter":["blt62c6943dd5314c8c","blt4a614fc6690e9fb0","bltcf0a69ce766b1421"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Kafka Integration with the ELK Stack and its Use at LinkedIn","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:13:26.078Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/kafka-integration-with-elk","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"9Cfdo2X4A8kJ1ky4Sw7Bf5","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:13:29.916Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf90a3cae55393a6b","_version":6,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:38.231Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"bltce1ba7613020badf","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T10:42:18.033Z","updated_at":"2018-10-09T10:42:18.033Z","content_type":"image/png","file_size":"9736","filename":"video-whats-new-shield-watcher.png","title":"video-whats-new-shield-watcher.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:21.189Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltce1ba7613020badf/5bbc860ab160bf6a367eb83b/video-whats-new-shield-watcher.png"},"main_header":{"title_l10n":"What’s New with Shield and Watcher 2.0","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWe're thrilled to announce the release of Shield and Watcher 2.0. This is the first release of these extensions that is compatible with \u003ca href=\"https://www.elastic.co/blog/elasticsearch-2-0-0-released\" target=\"_blank\"\u003eElasticsearch 2.0\u003c/a\u003e. Beyond Elasticsearch 2.0 compatibility, Shield and Watcher 2.0 introduce several new and exciting features, expanding the security and alerting capabilities respectively.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\" rel=\"line-height:2.025;margin-top:0pt;margin-bottom:11pt;\"\u003eJoin Uri Boness, Commercial Products Engineering Lead, for a webinar and Q\u0026amp;A session covering what’s new with Shield and Watcher 2.0 including:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\"\u003e\u003cstrong\u003eShield\u003c/strong\u003e (for security)\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eExtensible Realms\u003c/li\u003e\u003cli dir=\"ltr\"\u003eField and Document ACL\u003c/li\u003e\u003cli dir=\"ltr\"\u003eUser Impersonation\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\"\u003e\u003cstrong\u003eWatcher\u003c/strong\u003e (for alerting)\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eSlack and HipChat Integration\u003c/li\u003e\u003cli dir=\"ltr\"\u003eArray Compare Condition\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWatch De/activation\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2015-12-02T17:00:00.000Z","presenter":["blta0594facbc6d6cf0"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"What’s New with Shield and Watcher 2.0","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:12:26.896Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/what-is-new-with-shield-and-watcher-2-0","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"YhZSTGdR5arWfytZ76Shpk","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:12:31.126Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt87fc6f165aaceb13","_version":7,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:34.219Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blta281dfdb1eeaed49","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T12:12:55.328Z","updated_at":"2018-10-09T12:12:55.328Z","content_type":"image/png","file_size":"16193","filename":"video-kibana-galaxy.png","title":"video-kibana-galaxy.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:37.490Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta281dfdb1eeaed49/5bbc9b4763ed239936a7db68/video-kibana-galaxy.png"},"main_header":{"title_l10n":"The Contributor's Guide to the Kibana Galaxy (Jan 2016)","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eExploring the expanse\u0026nbsp;of the Kibana galaxy alone can be daunting, but join us to discover the answer to the greatest question - how does it all work? We will venture into the belly of the beast to discover how Kibana works, and how you can modify and extend it.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\" rel=\"line-height:2.025;margin-top:0pt;margin-bottom:11pt;\"\u003eIn this video, we will cover:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eSetting up Kibana for Development\u003c/li\u003e\u003cli dir=\"ltr\"\u003eNavigating the expanse (source code)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSlaying space bugs\u003c/li\u003e\u003cli dir=\"ltr\"\u003ePreserving our prime directive (testing)\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\"\u003eAttendees will leave this presentation with a deep understanding of how to tweak Kibana, how to spot it’s weaknesses and fix them, and how to share their efforts with the rest of the community via Github.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\"\u003eAdditional Kibana Video:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/webinars/kibana-101-get-started-with-visualizations\" target=\"_blank\"\u003eKibana 101: Getting Started with Visualizations\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr /\u003e","presentation_date":"2016-01-27T17:00:00.000Z","presenter":["blt2d395623cc3472a3"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["kibana","webinar","videos"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"The Contributor's Guide to the Kibana Galaxy (Jan 2016)","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:10:56.799Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/the-contributors-guide-to-the-kibana-galaxy","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"CU288duhB5kC7ekf5nfiDU","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:11:00.770Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt04b32cd4970ad8b6","_version":12,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:52.156Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt6911ca14acc20fd0","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:24:32.441Z","updated_at":"2018-10-09T13:24:32.441Z","content_type":"image/png","file_size":"29353","filename":"video-xpack-webinar.png","title":"video-xpack-webinar.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:50.744Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6911ca14acc20fd0/5bbcac107498f42b0c1a64ae/video-xpack-webinar.png"},"main_header":{"title_l10n":"Security Overview, Roadmap, and Demo","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eLearn about \u003ca href=\"https://www.elastic.co/products/x-pack/open\" target=\"_blank\"\u003eopening x-pack\u003c/a\u003e and our updated \u003ca href=\"https://www.elastic.co/subscriptions\" target=\"_blank\"\u003esubscription features.\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eYour data is too important not to protect. Security is the best way to secure your cluster and your work. Join Jay Modi, Team Lead for Security, for a webinar and Q\u0026amp;A session covering an overview of security, sneak peek at what’s to come, and a live demo showing users how to migrate to X-Pack.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eSimple Security\u003c/p\u003e\u003cul class=\"list-black\"\u003e\u003cli dir=\"ltr\"\u003eUsername/password protection\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAdvanced Security When Needed\u003c/p\u003e\u003cul class=\"list-black\"\u003e\u003cli dir=\"ltr\"\u003eLDAP, Active Directory, and PKI Integration\u003c/li\u003e\u003cli dir=\"ltr\"\u003eRole-based access control\u003c/li\u003e\u003cli dir=\"ltr\"\u003eField and document level security\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEncrypted communication\u003c/li\u003e\u003cli dir=\"ltr\"\u003eAuditing\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2016-04-26T16:00:00.000Z","presenter":["blt4aa00d198bbdaf6e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["security"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt8adcbb1adf4f30dc","ACL":{},"created_at":"2020-06-17T03:37:36.199Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack-security","label_l10n":"Stack security","tags":[],"title":"Stack security","updated_at":"2020-06-17T03:37:36.199Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-07T20:06:58.974Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Security Overview, Roadmap, and Demo","token":"r4g7kgstdd","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:09:26.957Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/x-pack-security-overview-roadmap-demo","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"3t3CC6ctFaAyxB3L4pJjV8","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:09:30.631Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt034705c4860f8894","_version":9,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:07.830Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt99a1909b9bb97234","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:06:17.834Z","updated_at":"2018-10-11T05:06:17.834Z","content_type":"image/png","file_size":"56885","filename":"video-proven-architectural-patterns.png","title":"video-proven-architectural-patterns.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:41:15.562Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt99a1909b9bb97234/5bbeda49c863b8e614126e50/video-proven-architectural-patterns.png"},"main_header":{"title_l10n":"Proven Architectural Patterns for Mature Elastic Stack Deployments","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eThe Elastic Stack is used to address a variety of needs, ranging dramatically in both complexity and scale. Components from Elastic can be deployed and configured uniquely for each implementation, so architecting a solution based on proven practices can both accelerate and de-risk projects. \u0026nbsp;Join Elasticsearch Solution Architects as they present reference architectures and proven practices in Elasticsearch deployments, ranging from high-volume log analytics to embedded search applications. \u0026nbsp; \u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eCommon patterns to be covered include:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eGetting started quickly-- show results in minutes\u003c/li\u003e\u003cli dir=\"ltr\"\u003eScaling to meet (the inevitable!) increasing demand\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSupporting high-availability operations and resiliency\u003c/li\u003e\u003cli dir=\"ltr\"\u003eConsidering multiple data centers\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCommon approaches to embedded and enterprise search\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2016-10-20T16:00:00.000Z","presenter":["blt446c17b51322cc82","blt29236ae1d2f00217"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Architecture","label_l10n":"Architecture","keyword":"architecture","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt91896b1dfcbd6413","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:38.693Z","updated_at":"2020-06-17T03:39:38.693Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:38.693Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-24T15:31:11.375Z","user":"bltf6ab93733e4e3a73"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Proven Architectural Patterns for Mature Elastic Stack Deployments","token":"r6hha2k8el","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:08:13.443Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/proven-architectural-patterns-for-mature-elastic-stack-deployments","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"anvSSq6EqWJ4GBXceVytdK","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:08:18.495Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb432d0bac3d736da","_version":8,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:28.219Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"bltb55b137bf7560d9b","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:12:57.452Z","updated_at":"2018-10-11T05:12:57.452Z","content_type":"image/jpeg","file_size":"56584","filename":"elastic-stack-5-0-virtual-event.jpg","title":"elastic-stack-5-0-virtual-event.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:37.490Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb55b137bf7560d9b/5bbedbd911df34800cd949c6/elastic-stack-5-0-virtual-event.jpg"},"main_header":{"title_l10n":"Elastic Stack 5.0 Virtual Event","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWith 5.0, everything you love about Elastic just got better. 5.0 is about our products working beautifully together, a simplified getting started experience, and a lot of great new features. In this video, the creators of the Elastic Stack tell the story behind 5.0 and introduce all the new and glorious features that make version 5.0 our biggest release yet.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eHighlights include:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eThe 5.0 Story with Shay\u003c/li\u003e\u003cli dir=\"ltr\"\u003eElasticsearch 5.0: What You Need to Know\u003c/li\u003e\u003cli dir=\"ltr\"\u003eKibana 5: It’s More Than Charts and Graphs\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTimelion: Exploring Time Series Data\u003c/li\u003e\u003cli dir=\"ltr\"\u003eIngestion 5.0 Style with Logstash and Beats\u003c/li\u003e\u003cli dir=\"ltr\"\u003eExtend the Elastic Stack with X-Pack\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2016-11-03T15:00:00.000Z","presenter":["blt4990cfe37610ed0f","blta14bb0509c1528d3","blt717d62571a49ab4e","blt08a3f527ab2f0397","blt8ba74c7c0a468fe7","blt392d0d33022a47e8","blta88061c105b8011d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elastic Stack 5.0 Virtual Event","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:07:16.921Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-stack-5-0-virtual-event","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"hLhcWkMx2iNrzWKK3j5YSh","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:07:20.699Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf8023a0ef28940d3","_version":7,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:43.846Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"Tales from the field- Elastic Stack and Hadoop.png","uid":"blt9bbbead9d0cf031e","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T13:59:12.253Z","updated_at":"2019-02-04T13:59:12.253Z","content_type":"image/png","file_size":"33134","filename":"Tales_from_the_field-_Elastic_Stack_and_Hadoop.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:40:51.565Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9bbbead9d0cf031e/5c584530dfaabbd40b9c2c76/Tales_from_the_field-_Elastic_Stack_and_Hadoop.png"},"main_header":{"title_l10n":"Tales from the field: Elastic Stack and Hadoop","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4642","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eHadoop is a great platform for storing and processing massive amounts of data. Elasticsearch is an ideal solution for real-time analytics and visualization of the same data. Join us to learn how you can leverage the full power of both platforms to maximize the value of your data. Learn about the ES-Hadoop connector and some common design patterns from real-world implementations.\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eThis webinar will cover several use cases for using Elasticsearch with Hadoop including:\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eLambda Architecture\u003c/li\u003e\u003cli dir=\"ltr\"\u003eReal-time Architecture\u003c/li\u003e\u003cli dir=\"ltr\"\u003eMonitoring Hadoop\u003c/li\u003e\u003cli dir=\"ltr\"\u003eHDFS as back-up store\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2017-02-28T17:00:00.000Z","presenter":["blt8344ec6cc0ffae54","bltef7fcd39f3071b57"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["videos"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Tales from the field: Elastic Stack and Hadoop","token":"zzyf1pcknr","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:05:42.705Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elasticsearch-hadoop","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"8HH3EhUWkboRZPhe1AHhEt","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:05:46.410Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6c428d61e5a27640","_version":10,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:20:40.185Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"Painless - Secure Scripting Language for Elasticsearch | Elastic 2017-07-13 09-25-01.png","uid":"bltcbb4065ab422d574","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T14:02:12.366Z","updated_at":"2019-02-04T14:02:12.366Z","content_type":"image/png","file_size":"28019","filename":"Painless_-_Secure_Scripting_Language_for_Elasticsearch_Elastic_2017-07-13_09-25-01.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:32:09.607Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcbb4065ab422d574/5c5845e4eab90dd80b53f206/Painless_-_Secure_Scripting_Language_for_Elasticsearch_Elastic_2017-07-13_09-25-01.png"},"main_header":{"title_l10n":"Painless - Secure Scripting Language for Elasticsearch","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"3819","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eBack in the pre-5.0 dark ages, Elasticsearch lacked a secure scripting language. And the people were sad! But our hero Painless came in 5.0, the shining new default, careful, quick, and kind. Ever watchful of its whitelist and loop counters, Painless protects Elasticsearch from malign mandate, inadvertent or iniquitous.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eGather and hear of Painless' guiding principles, see the features they represent, and, time permitting, discuss Painless' future.\u003c/p\u003e\u003cdiv\u003e\u003cbr /\u003e\u003c/div\u003e","presentation_date":"2017-04-19T16:00:00.000Z","presenter":["blta5b9a463201a679d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Painless - Secure Scripting Language for Elasticsearch","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T15:04:25.652Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/painless-secure-scripting-language-for-elasticsearch","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"6GqgmseJ9u3V5WjZ7GipFA","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:04:29.235Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0371be2d7f33381a","_version":10,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:10:27.822Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"Monitoring Your Elasticsearch Cluster with Beats | Elastic 2017-07-13 09-58-30.png","uid":"blt8e5b46581c2ebde1","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T14:02:00.556Z","updated_at":"2019-02-04T14:02:00.556Z","content_type":"image/png","file_size":"24500","filename":"Monitoring_Your_Elasticsearch_Cluster_with_Beats_Elastic_2017-07-13_09-58-30.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:41:03.752Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8e5b46581c2ebde1/5c5845d8bc5d07ed0b48cbb3/Monitoring_Your_Elasticsearch_Cluster_with_Beats_Elastic_2017-07-13_09-58-30.png"},"main_header":{"title_l10n":"Monitoring Your Elasticsearch Cluster with Beats","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eElasticsearch is a great place to centralize infrastructure data for search and analysis — because when the darker forces go to work on your hardware, you want to be able to respond.\u0026nbsp;\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eThe same applies to your Elasticsearch cluster. The monitoring features in X-Pack provide you with visibility into how your Elastic Stack is running.\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;margin-top:0pt;margin-bottom:0pt;\"\u003eJoin our team in Sydney for a presentation, live demo, and Q\u0026amp;A about how to successfully:\u003cbr /\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eActivate monitoring for Elasticsearch\u003c/li\u003e\u003cli dir=\"ltr\"\u003eShip\u0026nbsp;infrastructure data to Elasticsearch\u003c/li\u003e\u003cli dir=\"ltr\"\u003eIntroduction to Beats,\u0026nbsp;followed by demo of Metricbeat (external system data shipper)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCreate a Kibana dashboard to monitor non-standard infrastructure\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2017-04-27T18:38:56.000Z","presenter":["blt5c270dcaa430a685"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["videos"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Monitoring Your Elasticsearch Cluster with Beats","token":"3aeck0bnec","translated_date_l10n":"April 27, 2017","translated_time_l10n":"10:00 a.m. AEST / 8:00 a.m. AWST / 12:00 p.m. NZST","updated_at":"2025-03-07T15:03:16.901Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/monitoring-your-elasticsearch-cluster-with-beats","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"4EA7RPTn7fzHEv7KkJsTLy","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T15:03:20.345Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc6c54bf8999bbf17","_version":9,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:13:03.942Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"kubernetes.png","uid":"blt7f6354303a0ca81b","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T13:53:42.674Z","updated_at":"2019-02-04T13:53:42.674Z","content_type":"image/png","file_size":"119783","filename":"kubernetes.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:38:43.305Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7f6354303a0ca81b/5c5843e6516e21cf0b2a1258/kubernetes.png"},"main_header":{"title_l10n":"Docker \u0026 Kubernetes Log Collection and Monitoring with Beats and Elasticsearch","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eTasks such as log collection and metrics aggregation can be daunting within Kubernetes and Docker deployments. Fortunately, the open source Elastic Stack (formerly known as the ELK Stack) provides effective methods to collect and store a wide variety of operational data to simplify these and similar problems.\u003c/p\u003e\u003cp\u003eJoin Carlos Pérez-Aradros, Beats Software Engineer, and Brandon Mensing, Beats Senior Product Manager\u0026nbsp;for a live demo and presentation on leveraging the latest features in Beats (including “add metadata” processors, modules, and new autodiscovery features), Elasticsearch, and Kibana can make managing containerized, scheduled, and otherwise automated environments a great experience.\u003cbr /\u003e\u003cbr /\u003eLearn more about \u003ca href=\"https://www.elastic.co/docker-kubernetes-container-monitoring\"\u003emonitoring your containers with Elastic.\u003c/a\u003e\u003cbr /\u003e\u003cbr /\u003eAdditional Resources (Related Content)\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutodiscovery Documentation\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/6.2/configuration-autodiscover.html\"\u003eFilebeat\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/metricbeat/6.2/configuration-autodiscover.html\"\u003eMetricbeat\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eBlog Post\u003cul\u003e\u003cli\u003e\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/shipping-kubernetes-logs-to-elasticsearch-with-filebeat\"\u003eShipping Kubernetes Logs to Elasticsearch with Filebeat\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/brewing-in-beats-autodiscovery-with-docker\"\u003eAutodiscovery with Docker\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2018-02-15T17:00:00.000Z","presenter":["blt7d681b6e7c070b1f","bltd4566efa20ee4b6e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Docker \u0026 Kubernetes Log Collection and Monitoring with Beats and Elasticsearch","seo_description_l10n":"Watch a Docker and Kubernetes with Elasticsearch demo on leveraging the latest features in Beats, Elasticsearch, and Kibana can make managing containerized, scheduled, and otherwise automated environments a great experience.","seo_keywords_l10n":"docker, kubernetes, elasticsearch, demo, container, containerized, containers, beats, kibana","seo_image":null,"noindex":false},"tags":["kubernetes","docker"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Docker \u0026 Kubernetes Log Collection and Monitoring with Beats and Elasticsearch","token":"8tse4hlsj0","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:59:09.865Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elasticsearch-log-collection-with-kubernetes-docker-and-containers","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"9dac6UF661WHSqU3qNtbAn","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:59:14.003Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt35bb84c9b298ff3e","_version":9,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:11:31.885Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt743d944c5e01d67d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:21:16.950Z","updated_at":"2018-10-09T13:21:16.950Z","content_type":"image/jpeg","file_size":"15874","filename":"video-elastic-cloud-overview-demo.jpg","title":"video-elastic-cloud-overview-demo.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:40:25.349Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt743d944c5e01d67d/5bbcab4c37fc138a5d280863/video-elastic-cloud-overview-demo.jpg"},"main_header":{"title_l10n":"Elastic Cloud Overview \u0026 Demo","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWatch this video\u0026nbsp;for an official tour of Elastic Cloud, our Elasticsearch as a Service offering. Elastic Cloud is a fully hosted and managed service that provides the real-time search and analytics capabilities of Elasticsearch and integrates across the entire Elastic ecosystem, including Security (Shield), Alerting (Watcher) and monitoring (Marvel).\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" rel=\"line-height:2.025;margin-top:0pt;margin-bottom:11pt;\" style=\"margin-top: 0pt;margin-bottom: 11pt;line-height: 2.025;\"\u003eIn this video, Alex Brasetvik, Elastic Software Engineer, Morgan Goeller, Solutions Architect, and Igor Kupczynski, Elastic Cloud Engineer, will\u0026nbsp;walk you through the product's ins and outs, including:\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eElastic Cloud architecture\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSetting up Logstash and Kibana\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCustomizing your cluster\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEasily Add Alerting, Monitoring, and Enhanced Security\u003c/li\u003e\u003cli dir=\"ltr\"\u003eProtect Against Downtime with High Availability\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"margin-top: 0pt;margin-bottom: 11pt;line-height: 2.025;\"\u003eTake Elastic Cloud for a spin with a\u0026nbsp;\u003ca href=\"https://www.elastic.co/cloud/signup\"\u003e14-day free trial\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eYou may also want to check out the Elastic{ON}16\u0026nbsp;\u003ca href=\"https://www.elastic.co/elasticon/conf/2016/sf/opening-keynote\" target=\"_blank\"\u003eKeynote\u003c/a\u003e, in which Njal and Elastic Cloud Team Lead Michael Basnight presented a demo of Elastic Cloud Enterprise, beginning at the 85-minute mark.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWant to learn more about the differences between the Amazon Elasticsearch Service and our official Elasticsearch Service? Visit our \u003ca href=\"https://www.elastic.co/aws-elasticsearch-service\" target=\"_blank\"\u003eAWS Elasticsearch\u003c/a\u003e comparison page.\u003c/p\u003e","presentation_date":"2016-04-12T16:00:01.000Z","presenter":["blt553467a41584839d","blt577f3e1d73446c87","blt662f7fef2e8ed560"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Elastic Cloud Overview \u0026 Demo","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:55:18.477Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-cloud-overview-and-demo","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"ftF8hPFXoZ9nN3n8jdhiry","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:55:22.115Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbee2d0e58e6cc517","_version":10,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:11:29.879Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blta128d6f9f984aeaa","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:21:11.986Z","updated_at":"2018-10-09T13:21:11.986Z","content_type":"image/jpeg","file_size":"27364","filename":"video-overview-elastic-cloud.jpg","title":"video-overview-elastic-cloud.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:40:25.349Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta128d6f9f984aeaa/5bbcab4752d7ede27f814f82/video-overview-elastic-cloud.jpg"},"main_header":{"title_l10n":"Overview of Elastic Cloud | April 19, 14:00 AEST","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin us for an official tour of Cloud, our Elasticsearch as a Service offering. Elastic Cloud is a fully hosted and managed service that provides the real-time search and analytics capabilities of Elasticsearch and integrates across the entire Elastic ecosystem, including Security (Shield), Alerting (Watcher) and monitoring (Marvel).\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\" rel=\"line-height:2.025;margin-top:0pt;margin-bottom:11pt;\"\u003eIn this webinar, Mark Walkom, Elastic Solutions Architect, and Christian Strzadala, Elastic Software Engineer, will walk you through the product's ins and outs, including:\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eElastic Cloud architecture\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSetting up Logstash and Kibana\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCustomizing your cluster\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEasily Add Alerting, Monitoring, and Enhanced Security\u003c/li\u003e\u003cli dir=\"ltr\"\u003eProtect Against Downtime with High Availability\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 2.025;margin-top: 0pt;margin-bottom: 11pt;\"\u003eTake Elastic Cloud for a spin with a \u003ca href=\"https://www.elastic.co/cloud/signup\"\u003e14-day free trial\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eYou may also want to check out the Elastic{ON}16 \u003ca href=\"https://www.elastic.co/elasticon/conf/2016/sf/opening-keynote\" target=\"_blank\"\u003eKeynote\u003c/a\u003e, in which Njal and Elastic Cloud Team Lead Michael Basnight presented a demo of Elastic Cloud Enterprise, beginning at the 85-minute mark.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWant to learn more about the differences between the Amazon Elasticsearch Service and our official Elasticsearch Service? Visit our \u003ca href=\"https://www.elastic.co/aws-elasticsearch-service\" target=\"_blank\"\u003eAWS Elasticsearch\u003c/a\u003e comparison page.\u003c/p\u003e","presentation_date":"2016-04-18T04:00:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Overview of Elastic Cloud | April 19, 14:00 AEST","token":"","translated_date_l10n":"Tuesday, April 19 at 2 p.m. AEST","translated_time_l10n":"","updated_at":"2025-03-07T14:51:48.283Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-cloud-overview-and-demo-apac","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"LtFt85TEYMEqHwkUfju2iR","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:51:51.925Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt828650920fe339dc","_version":14,"locale":"en-us","ACL":{},"created_at":"2020-04-30T13:13:03.063Z","created_by":"blt3502447710c9a651","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Elastic Cloud and Orchestration","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6123","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eElastic Cloud Enterprise enable to do provision, manage, and monitor Elasticsearch and Kibana at any scale, on any infrastructure, while managing everything from a single console. Whereas Elastic Cloud on Kubernetes simplifies setup, upgrades, snapshots, scaling, high availability, security, and more for running Elasticsearch and Kibana in Kubernetes for one or many use cases.\u003c/p\u003e\u003cp\u003eRegister today to learn how you can operationalise the tools mentioned to achieve your goals. You’ll also see the exciting future ahead for building programs with the Elastic Stack that are designed to reduce deployment time and increase operational flexibility.\u003c/p\u003e\u003cp\u003eHighlights:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLatest and greatest of Elastic Cloud Enterprise and Elastic Cloud Kubernetes.\u003c/li\u003e\u003cli\u003eHow to migrate your existing Elastic cluster to Elastic Cloud Enterprise / Elastic Cloud Kubernetes.\u003c/li\u003e\u003cli\u003eComparison of Elastic Cloud Enterprise and Elastic Cloud Kubernetes.\u003c/li\u003e\u003cli\u003eDemonstration on Elastic Cloud Enterprise and Elastic Cloud Kubernetes.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2020-04-22T04:00:00.000Z","presenter":["blt5a853ed84ea8bcc8"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Cloud and Orchestration Webinar","seo_description_l10n":"Elastic Cloud Enterprise enable to do provision, manage, and monitor Elasticsearch and Kibana at any scale, on any infrastructure, while managing everything from a single console. Whereas Elastic Cloud on Kubernetes simplifies setup, upgrades, snapshots, scaling, high availability, security, and more for running Elasticsearch and Kibana in Kubernetes for one or many use cases.","seo_keywords_l10n":"Elastic Cloud Enterprise, Elasticsearch, Kibana, Elastic Cloud, Kubernetes","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elastic Cloud and Orchestration","token":"g8v1ztracf","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:50:38.041Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-cloud-and-orchestration","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"K5x7mUNjx9DKkm4i2Yej8r","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:50:41.774Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt96746338ee4066d6","_version":20,"locale":"en-us","ACL":{},"created_at":"2020-03-09T21:41:54.239Z","created_by":"blt5280857d9e24912bc99a2478","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blte1b0e085739b8b09","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2020-03-13T16:20:00.702Z","updated_at":"2020-03-13T16:20:00.702Z","content_type":"image/jpeg","file_size":"99167","filename":"structuring.jpg","title":"structuring.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-03-13T16:22:21.012Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1b0e085739b8b09/5e6bb2b0b5b6af18a9746916/structuring.jpg"},"main_header":{"title_l10n":"Elastic Observability Engineer training preview: Structuring data","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6083","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eProperly parsing and structuring your data is an important first step in building an efficient and effective observability solution using the Elastic Stack. Effectively indexing and structuring data into Elasticsearch is critical for establishing efficient search criteria and effective results. Logstash filters and ingest pipelines make processing unstructured data easier by providing a set of common processors to efficiently parse, transform, and index that data into the desired structure.\u003c/p\u003e\u003cp\u003eIn this webinar, we will explore concepts from the all-new Elastic Observability Engineer course, including how to process and structure data using a variety of common processors. Our expert instructors will demonstrate various solutions and built-in features that convert, enrich, process, and structure different types of fields from unstructured data. In addition, we will show how to create your own pipeline of processors for transformations that are not possible using the prebuilt processors.\u003c/p\u003e\u003cp\u003eAttend the live webinar to receive access to the \u003ca href=\"https://www.elastic.co/training/observability-fundamentals\"\u003eObservability Fundamentals course\u003c/a\u003e - free of charge. Your course will be sent after the webinar.\u003c/p\u003e\u003ch4\u003eHighlights:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eIntroduce common ingest processors to parse unstructured data into structured data\u003c/li\u003e\u003cli\u003eDiscuss best practices for dissecting, converting, and enriching your fields\u003c/li\u003e\u003cli\u003eExplore different scenarios that require either a built-in processor or a pipeline of processors for certain types of unstructured data\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional Resources:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eTraining: \u003ca href=\"https://www.elastic.co/training/elastic-observability-engineer\" target=\"_blank\"\u003eElastic Observability Engineer\u003c/a\u003e\u003c/li\u003e\u003cli\u003eBlogs:\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/should-i-use-logstash-or-elasticsearch-ingest-nodes\" target=\"_blank\"\u003eShould I use Logstash or Elasticsearch ingest nodes?\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-ingest-data-into-elasticsearch-service\" target=\"_blank\"\u003eHow to ingest data into Elasticsearch Service\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-ingest-data-into-elasticsearch-service\" target=\"_blank\"\u003eUsing Logstash to split data and send it to multiple outputs\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eWant to try it for yourself? Take some of these features for a spin with a \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup?elektra=webinar\" target=\"_blank\"\u003efree trial of our Elasticsearch Service\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2020-04-08T14:00:00.000Z","presenter":["blt7ea761f2acdd1cb9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["training","observability","elasticsearch"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See the webinar start time for my timezone","url":"https://info.elastic.co/timezone-test.html?dt=2020-04-08%2006:00"},"title":"Structuring and processing data into Elasticsearch - April","token":"jrytc6fjue","translated_date_l10n":"","translated_time_l10n":"3 pm CET","updated_at":"2025-03-07T14:43:03.775Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elasticsearch-structuring-and-processing-data","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"ifYLsEWSkQb1YzL5Qnd3zW","data_chapter":"","video_has_playlist":false},"zoom_id":"391182788","publish_details":{"time":"2025-03-07T14:43:07.879Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6f51e8eb2677e234","_version":16,"locale":"en-us","ACL":{},"created_at":"2020-07-15T22:37:32.181Z","created_by":"blt6fa29433803d8193","disclaimer":[],"do_not_display_on_overview_page":true,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blted504c26cf69d565","ACL":{},"_version":1,"content_type":"image/svg+xml","created_at":"2020-04-29T00:25:42.760Z","created_by":"blt3044324473ef223b70bc674c","file_size":"7047","filename":"brand-elastic-observability-220x130.svg","is_dir":false,"tags":[],"title":"brand-elastic-observability-220x130.svg","updated_at":"2020-04-29T00:25:42.760Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-31T14:00:00.000Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted504c26cf69d565/5ea8c986e54e940b09427fc1/brand-elastic-observability-220x130.svg"},"main_header":{"title_l10n":"Best practices for managing logs, metrics, and APM with Elastic Observability","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eThis is one\u0026nbsp;of three\u0026nbsp;best practices webinars.\u0026nbsp;Sign up for the rest of the series\u0026nbsp;\u003ca href=\"http://www.elastic.co/campaigns/run-in-elastic-cloud-your-way?baymax=cloudyourway-gic\u0026elektra=organic\u0026storm=webinarlp\"\u003eor explore\u0026nbsp;more Elastic Cloud resources\u003c/a\u003e:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/webinars/best-practices-for-security-monitoring-and-threat-hunting-elastic-security-gic?baymax=cloudyourway-gic\u0026elektra=organic\u0026storm=webinarlp\"\u003eBest practices for security monitoring and threat hunting with Elastic Security\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/webinars/best-practices-for-building-search-experiences-with-elastic-enterprise-search?baymax=cloudyourway-gic\u0026elektra=organic\u0026storm=webinarlp\"\u003eBest practices for building search experiences with Elastic Enterprise Search\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.92;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;padding: 0pt 0pt 11pt 0pt;\"\u003eObservability is more critical than ever before, and many enterprise organizations have 10 or more monitoring tools. But with Elastic Observability, you can bring your logs, metrics, and APM traces together at scale in a single stack to monitor and react to events happening anywhere in your environment.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.92;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;padding: 0pt 0pt 11pt 0pt;\"\u003eWe’ll show you the tools you need to deploy Elastic Observability your way. Join Mikkel Kidmose, solutions architect at Elastic, for a webinar demonstrating how to manage logs, metrics, and APM on Elastic Cloud — the official managed Elasticsearch experience with powerful, out-of-the-box solutions, including enterprise search, observability, and security..\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.92;background-color: #ffffff;margin-top: 0pt;margin-bottom: 11pt;\"\u003eHighlights include:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHow you can benefit from Elastic Observability\u003c/li\u003e\u003cli dir=\"ltr\"\u003eElastic APM (including an overview of distributed tracing)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTips and tricks for Elastic Logs and Metrics\u003c/li\u003e\u003cli dir=\"ltr\"\u003eAlerting and machine learning\u003c/li\u003e\u003cli dir=\"ltr\"\u003eBest practices for observability with Elastic Cloud\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cspan\u003e\u003c/span\u003eDemo of managing observability in Kibana\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003c/ul\u003e","presentation_date":"2020-07-01T14:39:45.000Z","presenter":["blt043afa5eb8c3ca2f"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Best practices for managing logs, metrics, and APM with Elastic Observability","seo_description_l10n":"This is a seminar on how to manage logs, metrics, and APM on Elastic Cloud — the official hosted and managed Elasticsearch experience with powerful, out-of-the-box solutions such as Elastic Observability. We’ll give you the tools you need to get started with Elastic Observability on Elastic Cloud.","seo_keywords_l10n":"Elastic Observability, logs, APM","seo_image":{"uid":"blt2a208400a2506d99","created_by":"blt6fa29433803d8193","updated_by":"blt6fa29433803d8193","created_at":"2020-08-11T16:40:44.571Z","updated_at":"2020-08-11T16:40:44.571Z","content_type":"image/jpeg","file_size":"357391","filename":"cloud-linkedin-observability-webinar-en-1200x628.jpg","title":"cloud-linkedin-observability-webinar-en-1200x628.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-11T16:41:15.343Z","user":"blt6fa29433803d8193"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2a208400a2506d99/5f32ca0c48d3b57cb9749af6/cloud-linkedin-observability-webinar-en-1200x628.jpg"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Best practices for managing logs, metrics, and APM with Elastic Observability - GIC","token":"jagwwdrvnk","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:39:47.576Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/best-practices-for-managing-logs-metrics-and-apm-with-elastic-observability-gic","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"pzhiNN777cJZ1nrXhGQFbX","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:39:52.017Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8e02863e7937207e","_version":13,"locale":"en-us","ACL":{},"created_at":"2020-09-09T02:06:39.765Z","created_by":"bltf020187e3918e5de","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt00d197d625a9a5f0","created_by":"bltf020187e3918e5de","updated_by":"bltf020187e3918e5de","created_at":"2020-09-15T15:42:48.320Z","updated_at":"2020-09-15T15:42:48.320Z","content_type":"image/png","file_size":"189412","filename":"Webp.net-resizeimage.png","title":"Webp.net-resizeimage.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-15T15:43:02.334Z","user":"bltf020187e3918e5de"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00d197d625a9a5f0/5f60e0f8f972ad4f3941e168/Webp.net-resizeimage.png"},"main_header":{"title_l10n":"Elastic Security 7.9: Empowering security practitioners","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eElastic Security 7.9 delivers the first major milestone toward comprehensive endpoint security integrated directly into the Elastic Stack by introducing signatureless malware prevention and kernel-level data collection on the new \u003ca href=\"https://www.elastic.co/blog/introducing-elastic-agent-and-ingest-manager\"\u003eElastic Agent\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.800012;margin-top: 3pt;margin-bottom: 3pt;\" rel=\"line-height:1.800012;margin-top:3pt;margin-bottom:3pt;\"\u003eLearn how to streamline analyst workflows with community-driven refinements, analyst interface enhancements, and a trove of newly supported data sources that equip practitioners to stop threats, wherever they’re revealed.\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eHighlights:\u003c/p\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eElastic Agent: One Beat to rule them all\u003c/li\u003e\u003cli dir=\"ltr\"\u003eFree malware prevention and deep endpoint visibility\u003c/li\u003e\u003cli dir=\"ltr\"\u003eElastic SIEM analyst workflow enhancement\u003c/li\u003e\u003cli dir=\"ltr\"\u003ePrebuilt cloud protections and expanded detection options\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSimplify data ingestion with expanded out-of-the-box data collection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003eAdditional Resources:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-security-7-9-0-free-endpoint-security\"\u003eWhat's new in Elastic security 7.9\u003c/a\u003e\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eWant to try it for yourself? Take some of these features for a spin with a \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup?elektra=webinar\"\u003efree trial of our Elasticsearch Service\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2020-09-29T02:00:00.000Z","presenter":["blt0555a58731a0323f"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security 7.9: Empowering security practitioners","seo_description_l10n":"Learn how to streamline analyst workflows with Community-driven refinements, analyst interface enhancements and a trove of newly supported data sources that equip practitioners to stop threats, wherever they’re revealed.","seo_keywords_l10n":"ELK, elastic, Elastic Security, endpoint security, SIEM, security, Threats detection, elastic stack","seo_image":{"uid":"blt198bb793e9d92f1e","created_by":"bltf020187e3918e5de","updated_by":"bltf020187e3918e5de","created_at":"2020-09-16T04:45:35.245Z","updated_at":"2020-09-16T04:45:35.245Z","content_type":"image/png","file_size":"297532","filename":"Security.png","title":"Security.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-29T02:16:22.634Z","user":"bltf020187e3918e5de"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt198bb793e9d92f1e/5f61986fb038186a244b887e/Security.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See the webinar start time for my timezone","url":"https://info.elastic.co/timezone-test.html?dt=2020-09-28%2020:00"},"title":"Elastic Security 7.9: Empowering security practitioners","token":"gyplh14uh2","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:38:06.377Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-security-7-9-empowering-the-security-practitioner","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"jQf1CrFq9HgQFHaqfLP1z7","data_chapter":"","video_has_playlist":false},"zoom_id":"96023901385","publish_details":{"time":"2025-03-07T14:38:10.244Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc83c2c0485ff88ea","_version":18,"locale":"en-us","ACL":{},"created_at":"2020-08-24T16:09:38.679Z","created_by":"bltf020187e3918e5de","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt63981646f537cdaf","created_by":"bltf020187e3918e5de","updated_by":"bltf020187e3918e5de","created_at":"2020-08-26T09:15:01.300Z","updated_at":"2020-08-26T09:15:01.300Z","content_type":"image/png","file_size":"109902","filename":"social-linkedin-alt-7dot9-1200x628.png","title":"social-linkedin-alt-7dot9-1200x628.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-27T07:58:38.558Z","user":"bltf020187e3918e5de"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt63981646f537cdaf/5f462815a5031b4a3bba8a94/social-linkedin-alt-7dot9-1200x628.png"},"main_header":{"title_l10n":"What's new in Elastic 7.9?","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp dir=\"ltr\" style=\"line-height: 1.38;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;background-color:#ffffff;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eJoin this webinar as we demonstrate the exciting enhancements we've made to our free and open solutions, including the addition of Elastic Workplace Search and endpoint security to the free distribution tier.\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;\" rel=\"line-height:1.38;background-color:#ffffff;margin-top:0pt;margin-bottom:0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #000000;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eHighlights:\u003c/span\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;background-color: #ffffff;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #000000;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-in-elastic-7-9-0-free-workplace-search-engine-endpoint-security\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #4999ef;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e highlights include the lightning-fast speed of Kibana’s new architecture.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-enterprise-search-7-9-0-free-workplace-search-kibana-access\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #4999ef;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eElastic Enterprise Search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e welcomes Workplace Search to our free distribution tier.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-observability-7-9-0-unified-agent-kpi-overview-dashboard\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #4999ef;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eElastic Observability\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e introduces simplified data ingestion with the new Elastic Agent (beta).\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"http://elastic.co/blog/whats-new-elastic-security-7-9-0-free-endpoint-security\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #4999ef;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eElastic Security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e offers a free distribution tier for endpoint security.\u003c/span\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-cloud-aws-privatelink-fedramp\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #4999ef;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #343741;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003e enhances security with support for AWS PrivateLink and IP filtering.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.2;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cspan style=\"font-size: 11pt;font-family: 'Open Sans',sans-serif;color: #000000;background-color: transparent;font-weight: 400;font-style: normal;font-variant: normal;text-decoration: none;vertical-align: baseline;white-space: pre-wrap;\"\u003eAdditional Resources:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;box-sizing: border-box;color: rgb(0, 0, 0);\"\u003eWant to try it for yourself? Take some of these features for a spin with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup?elektra=webinar\" style=\"box-sizing: border-box;color: rgb(0, 119, 204);background-color: rgb(255, 255, 255);transition: color 300ms ease-in-out 0s;font-weight: 600;\"\u003e\u003cspan style=\"box-sizing: border-box;font-size: 11pt;color: rgb(17, 85, 204);background-color: transparent;font-weight: 400;font-variant-numeric: normal;font-variant-east-asian: normal;text-decoration-line: underline;text-decoration-skip-ink: none;vertical-align: baseline;white-space: pre-wrap;\"\u003efree trial of our Elasticsearch Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;box-sizing: border-box;color: rgb(0, 0, 0);\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e","presentation_date":"2020-09-23T08:30:00.000Z","presenter":["bltf711694142fe3427"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"What's New in Elastic 7.9","seo_description_l10n":"The 7.9 release brings a broad set of new capabilities to our Elastic Enterprise Search, Observability, and Security solutions, which are built on the Elastic Stack — Elasticsearch, Kibana, Logstash, and Beats. Register the webinar today to learn more about the latest and greatest of Elastic Stack.","seo_keywords_l10n":"ELK, ELK Stack, Elastic, Elasticsearch, elastic 7.9, security, Elastic Security, Elastic Observability, observability","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See the webinar start time for my timezone","url":"https://info.elastic.co/timezone-test.html?dt=2020-09-23%2001:30"},"title":"What's new in Elastic 7.9?","token":"m393o3lfj8","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:35:28.009Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/whats-new-in-elastic-stack-7-9","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"28yvqjz68RafRL4aRjbwzB","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:35:33.433Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt23f40e75501f16fa","_version":10,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:21:32.208Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blte59f028742893dc2","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T12:31:29.136Z","updated_at":"2018-10-09T12:31:29.136Z","content_type":"image/jpeg","file_size":"6857","filename":"video-elastic-stack-screenshot.jpg","title":"video-elastic-stack-screenshot.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:31:37.490Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte59f028742893dc2/5bbc9fa141d9d6bb142630d4/video-elastic-stack-screenshot.jpg"},"main_header":{"title_l10n":"Elastic{ON}16 Highlights and AMA","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWe’re sorry you couldn’t join us in person at Elastic{ON}\u003csup\u003e16\u003c/sup\u003e for all of the great presentations covering product updates for Elasticsearch, Logstash, Kibana, and Beats, as well as a sneak peek at what’s to come with the plugins for security (Shield), alerting (Watcher), and monitoring (Marvel).\u003c/p\u003e\u003cp\u003eWatch this video for a recap of all major Elastic product updates and announcements.\u003c/p\u003e\u003cp\u003eWe’re aligning all of our products (Elasticsearch, Beats, Logstash, and Kibana) to one release schedule and number with \u003ca href=\"/products/\" target=\"_blank\"\u003eversion 5.0\u003c/a\u003e.\u003c/p\u003e","presentation_date":"2016-02-18T16:30:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["videos"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elastic{ON}16 Highlights and AMA","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-07T14:33:00.574Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elasticon-highlights","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"9w46cUv8h5QzkV3t4zd4R5","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:33:04.792Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt25014156416b282c","_version":22,"locale":"en-us","ACL":{},"created_at":"2020-09-03T05:50:45.037Z","created_by":"bltf020187e3918e5de","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt776951d6cd3489ad","created_by":"bltf020187e3918e5de","updated_by":"bltf020187e3918e5de","created_at":"2020-09-07T02:48:35.097Z","updated_at":"2020-09-07T02:48:35.097Z","content_type":"image/png","file_size":"186555","filename":"Webp.net-resizeimage.png","title":"Webp.net-resizeimage.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-07T15:44:19.412Z","user":"bltf020187e3918e5de"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt776951d6cd3489ad/5f559f830cdf4159f6738862/Webp.net-resizeimage.png"},"main_header":{"title_l10n":"Elastic Cloud: Why are customers migrating?","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003e\u003cem\u003e\u003cstrong\u003eThe Wall Street Journal reported this month that companies world-wide spent a record $34.6 billion on cloud services in the second quarter, up 30% from the same period last year.\u003c/strong\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003eThe impact of COVID-19 on your organisation may have prompted you to rethink your Elasticsearch management strategy. This webinar will provide you with the most current information regarding \u003cstrong\u003eElasticsearch Service on Elastic Cloud\u003c/strong\u003e to help you determine your approach going forward.\u0026nbsp;\u003c/p\u003e\u003cp\u003eDuring this webinar you will learn more about:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe financial and other benefits of running your Elastic clusters on Elastic Cloud as opposed to fully managing on-premise\u003c/li\u003e\u003cli\u003eHow to migrate from on-premise to Elastic Cloud with migration assistance services available from Elastic\u003c/li\u003e\u003cli\u003eWhich Elasticsearch features are only available for cloud consumption via the Elasticsearch Service on Elastic Cloud\u003c/li\u003e\u003cli\u003eNew functionality available on Elastic Cloud today, including the latest release, 7.9\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eGet in touch with our\u0026nbsp;Cloud Onboarding team who are\u0026nbsp;here to help you get the most from your cloud trial evaluation and to ensure our solution is aligned with your business needs:\u0026nbsp;\u003ca href=\"mailto:ecloud@elastic.co\"\u003eecloud@elastic.co\u003c/a\u003e\u003c/p\u003e","presentation_date":"2020-10-01T03:00:00.000Z","presenter":["bltd50e5f942ea65295","blt01cec6b9a5b44f1a"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Cloud: Why are customers migrating now","seo_description_l10n":"The impact of COVID-19 on your organisation may have prompted you to rethink your Elasticsearch management strategy. This webinar will provide you with the most current information regarding Elasticsearch Service on Elastic Cloud to help you determine your approach going forward.","seo_keywords_l10n":"Elastic, ELK, Elasticsearch, Elastic Cloud, Cloud migration, Elastic Stack, cloud strategy, Elasticsearch service","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See the webinar start time for my timezone","url":"https://info.elastic.co/timezone-test.html?dt=2020-09-30%2020:00"},"title":"Elastic Cloud: Why customers are migrating?","token":"fn8j4ahwih","translated_date_l10n":"","translated_time_l10n":"11 am SGT / 1 pm AEST","updated_at":"2025-03-07T14:31:26.769Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-cloud-why-customers-are-migrating-now","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"oPU4HjEJkQZBD48TcEn4p7","data_chapter":"","video_has_playlist":false},"zoom_id":"917 5320 3478","publish_details":{"time":"2025-03-07T14:31:30.352Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6bb598a9b4b0ccdc","_version":17,"locale":"en-us","ACL":{},"created_at":"2020-12-22T08:47:17.175Z","created_by":"blta4706a7723d386a4","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blt8de8d9f28848da08","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-04-03T17:34:32.380Z","updated_at":"2020-04-03T17:34:32.380Z","content_type":"image/png","file_size":"37875","filename":"illustration-lucene-20years-2050-robot.png","title":"illustration-lucene-20years-2050-robot.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-04-13T15:06:51.906Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8de8d9f28848da08/5e8773a8ed2db72f23e897b3/illustration-lucene-20years-2050-robot.png"},"main_header":{"title_l10n":"How do you feel, Mr. Robot?","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4737","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eIf your daily job is dealing with condition monitoring, smart factory or the Industrial Internet of Things (IIoT) and acronyms like MQTT, OPC-UA or technologies like message queues or data ETL (Extract Transform Load) is part of your job this webinar is for you!\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe’ll introduce you to the Elastic Stack and its features in the context of smart factory and IIoT. See how you can get your smart factory data into the Elastic Stack and use it as a single source of truth that allows you to build meaningful condition monitoring with alerts, anomaly detections and secured data handling.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eWe will explain how you can build dashboards or SCADA-like visualizations to get the most out of your data, defining and building it the way you need.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003eFinally the webinar will provide a preview of a second follow-up webinar where we will introduce a joint solution with our technology partners and provide even more detailed hints and tips for using the Elastic Stack for smart factory and IIoT.\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cstrong\u003eHighlights:\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\" style=\"line-height: 1.38;margin-top: 0pt;margin-bottom: 0pt;\"\u003e\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIntroduction to ingest agents for machine data\u003c/li\u003e\u003cli\u003eIIoT common schema for every machine type/vendor\u003c/li\u003e\u003cli\u003eCondition monitoring with machine learning\u003c/li\u003e\u003cli\u003eDashboarding the way you want\u003c/li\u003e\u003cli\u003eOutlook to a broader solution with technology partners\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2021-03-24T14:16:51.000Z","presenter":["blt41fd5efe7cfa809a"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["english"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt5c7c769c44d0a39f","ACL":{},"created_at":"2020-06-17T03:22:38.187Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"automotive-manufacturing","label_l10n":"Automotive \u0026 manufacturing","tags":[],"title":"Automotive \u0026 manufacturing","updated_at":"2020-07-06T22:17:51.159Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.604Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See the webinar starts time for my timezone","url":"https://info.elastic.co/timezone-test.html?dt=2021-03-24%2002:00"},"title":"How do you feel, Mr. Robot?","token":"sfhucpvobl","translated_date_l10n":"Wednesday, March 24th, 2021","translated_time_l10n":"9 a.m GMT / 10 a.m CET / 5 p.m SGT","updated_at":"2025-03-07T14:16:53.735Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/how-do-you-feel-mr-robot","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"KSRtLWBvZWBpdmx474XMDD","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-03-07T14:16:57.372Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt73fac6c08b06a899","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:37:57.724Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Manny Daniele, Senior Account Technology Strategist at Microsoft, and Hiral Shah, Director of Product Management at Docusign, to explore the value delivered through the partnership between Elastic and Microsoft.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights into how the Elastic-Microsoft partnership benefits Docusign\u003c/li\u003e\u003cli\u003eEnhancing digital workflows at Docusign with advanced technology integration\u003c/li\u003e\u003cli\u003eStrengthening Docusign’s solutions through innovative collaboration\u003c/li\u003e\u003cli\u003eThe importance of strategic alliances in driving technological advancements for Docusign\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt62a7f7a74a6a5a51","bltbcda328c05f06aec"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-06T19:09:33.365Z","updated_by":"blt36e890d06c5ec32c","url":"/events/elasticon/archive/docusign-microsoft","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"HS4TmfMAo7H5psBBkM5ztc","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-06T19:09:37.175Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5db22f9ec67c56da","_version":59,"locale":"en-us","ACL":{},"created_at":"2021-10-18T16:43:56.847Z","created_by":"blta4706a7723d386a4","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":"Placement #4","description":"This session is perfect for users that are new to Elasticsearch or users that want to see features like the frozen tier and runtime fields in action. We’ll cover getting started which includes deploying, managing, and analyzing data in Elasticsearch."},"hour_time_format":false,"image":{"uid":"blta8fb788f1106a523","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:11:15.851Z","updated_at":"2018-10-11T05:11:15.851Z","content_type":"image/jpeg","file_size":"45101","filename":"getting-started-elasticsearch.jpg","title":"getting-started-elasticsearch.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-03-19T10:37:07.704Z","user":"blt8288fbcbd8c9dce4"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta8fb788f1106a523/5bbedb737fe6399a7f31fbcf/getting-started-elasticsearch.jpg"},"main_header":{"topic_heading_l10n":"","title_l10n":"Getting started with Elasticsearch","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eJoin the upcoming Getting started with Elasticsearch session in your timezone:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAmericas: Thursday, April 1, 2025, at 9 a.m. PDT, 12 p.m. EDT\u003c/li\u003e\u003cli\u003eEurope \u0026amp; India: Thursday, \u003cspan\u003e\u003c/span\u003eApril 1, 2025, at 11 a.m. CEST, 2:30 p.m. IST\u003c/li\u003e\u003cli\u003e\u003cp\u003eAsia Pacific: Thursday, \u003cspan\u003e\u003c/span\u003eApril 1, 2025, at 11 a.m. SGT, 1 p.m. AEST\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhat is Elasticsearch?\u003c/p\u003e\u003cp\u003eElasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. As the heart of the free and open ELK or Elastic Stack, it securely stores your data for lightning fast search, fine‑tuned relevancy, and powerful analytics that scale with ease.\u003c/p\u003e\u003cp\u003eThis session is perfect for users that are new to Elasticsearch or users that want to see new capabilities in action. We’ll cover getting started, which includes deploying, managing, and analyzing data in Elasticsearch.\u003c/p\u003e\u003ch4\u003eGetting started with Elasticsearch\u0026nbsp;covers:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eFollowing along the demo by launching a free trial on Elasticsearch Service\u003c/li\u003e\u003cli\u003eAdding, updating, and managing data through both CRUD REST APIs and UI\u003c/li\u003e\u003cli\u003eConfiguring fields on the fly with basic text analysis including tokenization and filtering\u003c/li\u003e\u003cli\u003eBasic search queries\u003c/li\u003e\u003cli\u003eAggregations: The faceting and analytics workhorse of Elasticsearch\u003c/li\u003e\u003cli\u003eQuerying geo-spatial data\u003c/li\u003e\u003cli\u003eFun with analyzers\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional Resources:\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eFree trial:\u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 11pt;'\u003e Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/Demo_Script.txt\"\u003e\u003cspan style='font-size: 11pt;'\u003eDemo_Script.txt\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-restaurants.csv\"\u003e\u003cspan style='font-size: 11pt;'\u003eMichelin restaurants .csv file\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-resturants.txt\"\u003e\u003cspan style='font-size: 11pt;'\u003eMichelin restaurants .txt file\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eRead the\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html\"\u003e\u003cspan style='font-size: 11pt;'\u003e Elasticsearch documentation\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003e\u003cspan style='font-size: 11pt;'\u003eDownload Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-01T10:00:00.000Z","presenter":["blt59e7f7049d793705"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting Started with Elasticsearch","seo_description_l10n":"Elasticsearch is an open-source distributed, RESTful search and analytics engine capable of solving a growing number of use cases.","seo_keywords_l10n":"elasticsearch, open source, getting started","seo_image":{"uid":"blt415c7141d8fb9943","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2020-07-22T21:17:02.723Z","updated_at":"2020-07-22T21:17:02.723Z","content_type":"image/jpeg","file_size":"93520","filename":"elasticsearch_screenshot_-_facebook_ad.jpg","title":"elasticsearch_screenshot_-_facebook_ad.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-22T21:17:22.269Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt415c7141d8fb9943/5f18accec0cdfc39bd77aa79/elasticsearch_screenshot_-_facebook_ad.jpg"},"noindex":false},"tags":["started","elasticsearch","video"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Getting started with Elasticsearch - Live","token":"j0inhskxhk","translated_date_l10n":"","translated_time_l10n":"11:00am CET","updated_at":"2025-03-05T09:23:35.542Z","updated_by":"blt7ee4b4a4026b9c0b","url":"/virtual-events/getting-started-elasticsearch-live","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-05T09:23:42.062Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltcbe3cbd158afec8b","_version":14,"locale":"en-us","ACL":{},"created_at":"2025-02-19T18:45:01.626Z","created_by":"blt36e890d06c5ec32c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"What's new: Elastic 9.0 for GenAI, Security, and Observability | Spring 2025","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eAmericas: April 9, 2025 at 8:00 a.m. PDT / 11:00 a.m. EDT\u003c/p\u003e\u003cp\u003eEurope: April 9, 2025 at 17:00 BST\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eJoin us for an \u003cem\u003e\u003cstrong\u003eexclusive webinar\u003c/strong\u003e\u003c/em\u003e as we introduce the latest advancements in Elastic with the upcoming release of 9.0 and 8.18. Our experts will provide highlights and demos of the key new features and enhancements designed to help you drive critical business outcomes with GenAI, Security, and Observability.\u003c/p\u003e\u003cp\u003eWhether you are a current user looking to upgrade or are new to Elastic, this webinar will provide insights to help you maximize the potential of your deployment. Don't miss this opportunity to stay ahead of the curve and see the full power of Elastic innovations!\u003c/p\u003e\u003ch4\u003e\u003cstrong\u003eWhy attend?\u003c/strong\u003e\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExpert insights:\u003c/strong\u003e Gain knowledge from Elastic experts on how to leverage the latest features.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLive demos:\u003c/strong\u003e Watch live demonstrations of new capabilities.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eQ\u0026amp;A:\u003c/strong\u003e Get your questions answered by Elastic experts.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-09T16:00:00.000Z","presenter":["blte02541aa8488cd2e","blt86d32979f49901de","blt4bd459fcb13e2f4d","blt91eeaf08ab3d1d6a","bltde0a0be05534cebf"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"What's new: Elastic 9.0 for GenAI, Security, and Observability | Spring 2025","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"What's new: Elastic 9.0 for GenAI, Security, and Observability | Spring 2025","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-04T11:53:53.692Z","updated_by":"blt7ee4b4a4026b9c0b","url":"/virtual-events/whats-new-elastic-9-0","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-04T11:54:06.221Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt14c471ad4df0f460","_version":32,"locale":"en-us","ACL":{},"created_at":"2021-01-27T12:26:00.846Z","created_by":"blta4706a7723d386a4","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Elastic Telco Day: Applications and operational highlights from telco environments","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"3819","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin us for the second virtual Elastic Telco Day! Our expert users will cover their experience with implementing and modifying the Elastic Stack to fit their unique needs. Stay for the advanced machine learning session with our senior solutions architect and telco expert Piotr Kobziakowski.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eA few words from our speakers:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e“\u003cem\u003eMonitoring challenges in our 24x7x365 running Swisscom TV Services: Where the Elastic shines for our needs and what we think could be improved in future releases\u003c/em\u003e.” -\u0026nbsp;Ginu Kalangara\u003c/p\u003e\u003cp\u003e\u003cem\u003e“In the field of security, there is nothing new under the Sun. Yet, change is constant and is inevitable. How can these two, seemingly contradictory statements be true at the same time?\u0026nbsp;And what does this have to do with Elastic?\u0026nbsp;This talk will focus on observations made in the security field in the telecommunications and financial industries\u0026nbsp;as well as provide practical, thought-provoking questions to ask if you are planning to successfully implement Elastic at your organization.” -\u0026nbsp;\u003c/em\u003eSandor Balint\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e“Take a look at the next steps Play made in their approach to network management. We were able to further reduce time and cost of operations when using the Elastic Stack.” -\u0026nbsp;Bartlomiej Podles:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAdditional resources:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/customers/entel\" target=\"_self\"\u003eCase study: Learn how Entel turned to Elastic to unify multinational observability with 360-degree vision\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2021-03-17T09:00:00.000Z","presenter":["blt1e227cc40ceaf4fa","bltd88d91f86c9528af","bltd109200afee7e0ca","blte38913acffb06d5c","blt805c5798a2cf1939","blt9012669b851a47a4"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7e757baff4a3fec6","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:24.553Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:24.553Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"telecommunication","label_l10n":"Telecommunication","tags":[],"title":"Telecommunication","updated_at":"2020-07-06T22:17:31.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"See when this webinar starts in my time zone","url":"https://info.elastic.co/timezone-test.html?dt=2020-03-17%2002:00"},"title":"Elastic Telco Day: Applications and operational highlights from telco environments","token":"6r3mx24jxr","translated_date_l10n":"Wednesday, March 17th, 2021","translated_time_l10n":"10 a.m CET, 5 p.m. SGT, 7 p.m. AEST","updated_at":"2025-03-03T10:53:56.987Z","updated_by":"blt3e52848e0cb3c394","url":"/webinars/elastic-telco-day-applications-and-operational-highlights-from-telco-environments","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"CCKHzhZxkuXsciizWBxBmb","data_chapter":"","video_has_playlist":false},"zoom_id":"94270426686","publish_details":{"time":"2025-03-03T10:54:03.403Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1473562a679dd74f","_version":9,"locale":"en-us","ACL":{},"created_at":"2024-07-01T21:40:35.966Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Semantic search excellence: Getting started with AI","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eJoin the upcoming 'Semantic search excellence: Getting started with AI' session in your timezone:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAmericas: Thursday, April 23, 2025, at 9 a.m. PDT, 12 p.m. EDT\u003c/li\u003e\u003cli\u003eEurope \u0026amp; India: Thursday, April 23, 2025, at 11 a.m. CEST, 2:30 p.m. IST\u003c/li\u003e\u003cli\u003e\u003cp\u003eAsia Pacific: Thursday, April 23, 2025, at 11 a.m. SGT, 1 p.m. AEST\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin us as we guide you through the spectrum of search methodologies, the steps to building search that understands the \u003cem\u003emeaning\u003c/em\u003e of a query, and the choices and options along this path. We’ll start with foundational text search using BM25 and then extend into vector databases, advanced models like Elastic's Learned Sparse EncodeR (ELSER), and the revolutionary retrieval augmented generation (RAG) model.\u003c/p\u003e\u003cp\u003eThis webinar is tailored for both novice and seasoned Elasticsearch users. This immersive journey into the evolving landscape of semantic search will help you achieve excellent search results with Elasticsearch.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eGain insights into the spectrum of semantic search, from foundational text search to advanced models like RAG.\u003c/li\u003e\u003cli\u003eUnderstand the role of vector databases, enriched by ELSER, in expanding the horizons of search capabilities.\u003c/li\u003e\u003cli\u003eExperience the seamless integration of ESRE, dynamically fine-tuning search relevance based on user behavior and enhancing the search journey in the semantic space.\u003c/li\u003e\u003cli\u003eGet practical guidance on creating an Elastic Cloud account, ingesting data with the Elastic web crawler, and implementing semantic search in just a few clicks.\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eFollow along with us: Start a\u003ca href=\"/cloud/generative-ai-trial-overview\" target=\"_self\"\u003e free 14-day trial of Elasticsearch\u003c/a\u003e or \u003ca href=\"https://cloud.elastic.co/\" target=\"_self\"\u003elog into your cloud account\u003c/a\u003e\u003c/li\u003e\u003cli\u003eReview \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp.html\" target=\"_self\"\u003eDocumentation: Natural language processing\u003c/a\u003e\u003c/li\u003e\u003cli\u003eReady to take the next step? Get started with a \u003ca href=\"https://www.elastic.co/search-labs/tutorials\" target=\"_self\"\u003eSearch Labs tutorial\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-23T16:00:00.000Z","presenter":["blt4e6feaf0ce1d6ed7","blt34e024f6c83997c2"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Semantic search excellence: Getting started with AI","seo_description_l10n":"Guide to getting started with generative AI. Semantic search excellence is your starting point. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Semantic search excellence: Getting started with AI - LIVE","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-03-02T22:08:58.170Z","updated_by":"blt7ee4b4a4026b9c0b","url":"/virtual-events/getting-started-semantic-search-excellence-live","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-03-02T22:09:04.994Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt50679f7466660cf9","_version":14,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:09:05.789Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"title":"sitesearch.png","uid":"bltafec087c494a5cf3","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T08:40:19.270Z","updated_at":"2019-01-05T08:40:19.270Z","content_type":"image/png","file_size":"125093","filename":"sitesearch.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-11T09:42:02.814Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafec087c494a5cf3/5c306d736e9992e16f529a0f/sitesearch.png"},"main_header":{"title_l10n":"Elastic Site Search - Overview and Demo","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"6649","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"6649","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhen your visitors search for information on your website (30% will), it's important that your site search delivers relevant results, even for complicated or misspelled queries. With Elastic Site Search (from the creators of Elasticsearch), you can now easily create and manage a website search experience tailored to your specific needs.\u003c/p\u003e\u003cp\u003eRegister for our on-demand recording and see how Elastic Site Search can help you increase engagement with your audience, mitigate support requests and boost conversion on your website.\u003c/p\u003e\u003cp\u003eLearn how to: \u003c/p\u003e\u003cul\u003e\u003cli\u003eAdd search to your website in minutes\u003c/li\u003e\u003cli\u003eIndex your content and make it searchable\u003c/li\u003e\u003cli\u003eGuide visitors to the content that's most relevant to them\u003c/li\u003e\u003cli\u003eLeverage robust search analytics to make informed decisions\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdditional Resources (Related content)\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://info.elastic.co/site-search-trial-v9.html?baymax=web\u0026elektra=site-search-overview-webinar\" target=\"_blank\"\u003eFree 14-Day Trial\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/use-cases/shopify\" target=\"_blank\"\u003eShopify Customer Story\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-site-search-wordpress-search-plugin\"\u003eWordpress Plugin\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://swiftype.com/documentation/site-search/site_search\" target=\"_blank\"\u003eSite Search Documentation\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://swiftype.com/search-ui\"\u003eSearch UI\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://info.elastic.co/site-search-request-demo.html?baymax=web\u0026elektra=site-search-overview-webinar\"\u003eTalk to a Search Expert\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003chttps: app.swiftype.com=\"\" users=\"\" sign_up?utm_source=\"elastic\"\u003e\u003c/https:\u003e\u003c/p\u003e\u003cp\u003e\u003chttps: swiftype.com=\"\" customers=\"\" government-search-city-of-portland?utm_source=\"elastic\"\u003e\u003c/https:\u003e\u003c/p\u003e\u003cp\u003e\u003chttps: www.elastic.co=\"\" blog=\"\" how-to-build-a-site-search-ui?utm_source=\"elastic\"\u003e\u003c/https:\u003e\u003c/p\u003e","presentation_date":"2018-03-16T23:46:11.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltfecf9b7e870c2778","ACL":{},"created_at":"2020-06-17T03:31:03.463Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"site-search","label_l10n":"Site search","tags":[],"title":"Site search","updated_at":"2020-07-06T22:20:00.938Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Elastic Site Search - Overview and Demo","token":"yhxkkqbjqb","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-28T23:46:15.469Z","updated_by":"blt3044324473ef223b70bc674c","url":"/webinars/elastic-site-search-overview-and-demo","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"BD5Mgrh5tLxPDP3MLDioRW","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-02-28T23:46:23.335Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte62ad0fe13d9ce68","_version":4,"locale":"en-us","ACL":{},"created_at":"2020-06-24T18:30:09.809Z","created_by":"blt36e890d06c5ec32c","disclaimer":["blt3cbd46d03d839b0f"],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Grab: Building a Healthy Elasticsearch Ecosystem","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eGrab began developing with Elasticsearch to help arrange team user access privileges. Discover how, through trial and error, Grab was able to go further to build a flexible and scalable Elasticsearch ecosystem.\u003c/p\u003e","presentation_date":"2020-06-23T23:44:46.000Z","presenter":["blt3c8964507e739464"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltdc295116bb7f305e","ACL":{},"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:26:08.977Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"created_at":"2020-06-17T03:26:08.977Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"travel-transportation","label_l10n":"Travel \u0026 transportation","tags":[],"title":"Travel \u0026 transportation","updated_at":"2020-07-06T22:17:27.413Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:18:10.949Z","user":"blt3044324473ef223b70bc674c"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte1906c436045dbef","ACL":{},"created_at":"2020-06-17T03:31:19.243Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"app-search","label_l10n":"App search","tags":[],"title":"App search","updated_at":"2020-07-06T22:20:20.511Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.547Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Grab: Building a Healthy Elasticsearch Ecosystem","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-28T23:44:48.501Z","updated_by":"blt3044324473ef223b70bc674c","url":"/elasticon/tour/2020/asia-pacific/grab-building-a-healthy-elasticsearch-ecosystem","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"YvxfqtDAASCPJ3MiZHttCR","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-02-28T23:44:54.001Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2922fa146b9773fc","_version":5,"locale":"en-us","ACL":{},"created_at":"2020-04-23T16:55:50.007Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Elastic Security: Enterprise Protection Built on the Elastic Stack","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eElastic Security provides global data threat prevention, collection, detection, and response. Learn how to outpace the adversaries with multi-layered technology, see live demos, and get answers to all your questions.\u003c/p\u003e","presentation_date":"2020-04-21T16:08:00.000Z","presenter":["blt0f29d73fc8cc4651"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"US Public Sector (Virtual) 2020: Elastic Security: Enterprise Protection Built on the Elastic Stack","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-28T23:44:02.740Z","updated_by":"blt3044324473ef223b70bc674c","url":"/elasticon/tour/2020/tysons/elastic-security-enterprise-protection-built-on-the-elastic-stack","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"1HtJsehZH15tB4uqu17Bah","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-02-28T23:44:06.386Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7726096cfe3ebb70","_version":5,"locale":"en-us","ACL":{},"created_at":"2020-04-28T17:21:59.694Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Elasticsearch on Azure","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eSearch, Observe, Protect with native Elasticsearch capabilities on Azure, regardless of whether you’re targeting Azure as your cloud, hybrid, or multi-cloud. Join the creators of the Elastic Stack and Microsoft product experts to learn best practices around deployment, scaling, and security and get a sneak peek at what's next for Elastic on Microsoft Azure.\u003c/p\u003e","presentation_date":"2020-04-23T16:05:00.000Z","presenter":["bltefdbb8f617794629"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Americas East (Virtual) 2020: Elasticsearch on Azure","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-28T23:43:30.581Z","updated_by":"blt3044324473ef223b70bc674c","url":"/elasticon/tour/2020/raleigh/elasticsearch-on-azure","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"sJe8vFfn8FtKfryk4H7d47","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-02-28T23:43:34.393Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc41e67bfb62022f5","_version":5,"locale":"en-us","ACL":{},"created_at":"2020-04-28T15:49:35.139Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Search for All with Elastic Workplace Search","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"4342","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eLearn how we reimagined search in the workplace so you can get to the information you need quickly with a unified search experience, out-of-the-box data connectors, and simple search management interfaces.\u003c/p\u003e","presentation_date":"2020-04-23T16:02:00.000Z","presenter":["blt6f8c1e29600b488b"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Americas East (Virtual) 2020: Search for All with Elastic Workplace Search","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-28T23:42:17.161Z","updated_by":"blt3044324473ef223b70bc674c","url":"/elasticon/tour/2020/raleigh/search-for-all-with-elastic-workplace-search","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"8FgtwZZiTv6sQtMh52Cu6Y","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2025-02-28T23:42:22.996Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1533],"apiContent":[],"translateContent":[[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}],75],"entryLocale":"en","isEntryLocalized":false,"translateContentRedesign":[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}]},"primeNav":[[{"_version":121,"locale":"en-us","uid":"blta694a81b23d8d1b6","ACL":{},"actions_nav_items":[{"link_type":"icon-link-with-dropdown","icon_name":"language-picker","title_l10n":"Language","_metadata":{"uid":"cs4d57cace9f8b81be"},"url":"","display_in_mobile_footer":true,"dropdown":[{"title_l10n":"Deutsch","_metadata":{"uid":"cs6b8052e8e3d6eeff"},"url":"/de/"},{"title_l10n":"English","_metadata":{"uid":"cs3e739da0e5dd755c"},"url":"/"},{"title_l10n":"Español","_metadata":{"uid":"cs6abb4025e07ad795"},"url":"/es/"},{"title_l10n":"Français","_metadata":{"uid":"csf1d3e66812e0bf02"},"url":"/fr/"},{"title_l10n":"日本語","_metadata":{"uid":"csc55ffdf988121f1a"},"url":"/jp/"},{"title_l10n":"한국어","_metadata":{"uid":"cs12fd960301a768cf"},"url":"/kr/"},{"title_l10n":"简体中文","_metadata":{"uid":"csa94cdb113d29264c"},"url":"/cn/"},{"title_l10n":"Português","_metadata":{"uid":"cs785765bc8a8317b4"},"url":"/pt/"}]},{"link_type":"search","icon_name":"search","title_l10n":"Search","_metadata":{"uid":"cs9e5210a44cd35e0e"},"url":"","display_in_mobile_footer":false,"dropdown":[]},{"link_type":"icon-link","icon_name":"login","title_l10n":"Login","_metadata":{"uid":"cs8256bccc1ea2456e"},"url":"https://cloud.elastic.co","display_in_mobile_footer":true,"dropdown":[]},{"link_type":"primary","icon_name":null,"title_l10n":"Start free trial","_metadata":{"uid":"cs27d6c530946181b6"},"url":"https://cloud.elastic.co/registration","display_in_mobile_footer":true,"dropdown":[]},{"link_type":"secondary","icon_name":null,"title_l10n":"Contact Sales","_metadata":{"uid":"cs6492748b6ed9ff24"},"url":"/contact","display_in_mobile_footer":true,"dropdown":[]}],"alert_bar":[],"created_at":"2023-04-20T14:14:37.626Z","created_by":"blt3e52848e0cb3c394","logo":{"elastic_logo":null,"url":"/"},"nav_items":[{"title_l10n":"Platform","_metadata":{"uid":"cs67c33f9bf7891f56"},"title_id":"nav-item-platform","url":"","sections":[{"title_l10n":"Elasticsearch Platform + ELK Stack","_metadata":{"uid":"cs28455439cc50fde8"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","_version":33,"locale":"en-us","uid":"blte130d9e7e04c68ce","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Partner overview","_metadata":{"uid":"cs287bd794fe8c916d"},"url":"/partners","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs97e60956b4c77e82"},"footnote_l10n":""}}],"column_modular_blocks":[{"title":{"title_l10n":"The Search AI Company","_metadata":{"uid":"cs8a188450384d411d"},"url":"/platform"}},{"image":{"type":"thumbnail-fill container","file":{"uid":"bltb72b02d269f3201a","_version":1,"title":"nav-platform.png","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-14T15:34:13.950Z","updated_at":"2024-05-14T15:34:13.950Z","content_type":"image/png","file_size":"48119","filename":"nav-platform.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-05-15T12:50:43.247Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb72b02d269f3201a/6643847599f5a8667dc35ac7/nav-platform.png"},"_metadata":{"uid":"cs6d350f035dacb270"},"alt_text_l10n":"Search, Security, Observability"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eBuild tailored experiences with Elastic.\u003c/p\u003e","_metadata":{"uid":"cscf9c3c37ecef1469"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Elastic Search AI Platform overview","_metadata":{"uid":"cs65261558f229f943"},"url":"/platform","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"csd2c7e2a0dcf7c4ee"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cse5d465d6bcfbf132"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eScale your business with Elastic Partners\u003c/strong\u003e\u003c/p\u003e","_metadata":{"uid":"cs361ee4966b199f0c"}}},{"sublinks":{"sublinks":[{"title_l10n":"Find a partner","_metadata":{"uid":"cs01f018b8e6c2aa61"},"url":"https://partners.elastic.co/findapartner/"},{"title_l10n":"Become a partner","_metadata":{"uid":"cs5f07508f60c9c0fe"},"url":"/partners/become-a-partner"}],"_metadata":{"uid":"cs6e2d31658c521070"}}}],"created_at":"2023-06-04T11:59:07.519Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Ghost card"},"tags":[],"title":"Platform - Elasticsearch Platform","title_l10n":"","updated_at":"2024-05-15T18:25:30.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-15T18:25:42.923Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"site_navigation_reference","uid":"blt6fe143a8799b1d7b","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":null,"file":{"_version":3,"is_dir":false,"uid":"blt0090c6239e64faf8","ACL":{},"content_type":"image/svg+xml","created_at":"2019-06-18T00:09:05.515Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Stack\"","file_size":"379","filename":"logo-stack-32-color.svg","parent_uid":"blt3dd6454f65ccc34c","tags":[],"title":"logo-stack-32-color.svg","updated_at":"2022-06-15T16:32:00.813Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-15T16:32:09.806Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/62aa0980c949fd5059e8aebc/logo-stack-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/logo-stack-32-color.svg"},"_metadata":{"uid":"cs56b531fd46473960"},"alt_text_l10n":""}},{"title":{"title_l10n":"ELK Stack","_metadata":{"uid":"csb2b0c9d496752b81"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eSearch and analytics, data ingestion, and visualization – all at your fingertips.\u003c/p\u003e","_metadata":{"uid":"cse32f929fa3057408"}}},{"sublinks":{"sublinks":[{"title_l10n":"Kibana","_metadata":{"uid":"csc13bf0787bfe64c3"},"url":"/kibana"},{"title_l10n":"Elasticsearch","_metadata":{"uid":"cs800aa8a08413ff75"},"url":"/elasticsearch"},{"title_l10n":"Integrations","_metadata":{"uid":"csac6f26e4d9dc92bf"},"url":"/integrations"}],"_metadata":{"uid":"csc0eb9aae95a2d760"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"ELK Stack overview","_metadata":{"uid":"cs8a81059a67502f8f"},"url":"/elastic-stack","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs1d19ed20cdaf80ba"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cseed81fb40af11110"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eBy developers, for developers\u003c/strong\u003e\u003c/p\u003e","_metadata":{"uid":"csf65c9e004a53da0b"}}},{"sublinks":{"sublinks":[{"title_l10n":"Try the world's most used vector database","_metadata":{"uid":"csa74c6a42e5c25b13"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Scale with the low-latency Search AI Lake","_metadata":{"uid":"cs79e8262c7a671730"},"url":"/blog/search-ai-lake-elastic-cloud-serverless"},{"title_l10n":"Join our community","_metadata":{"uid":"cs462063e2c301a820"},"url":"/community"}],"_metadata":{"uid":"cs4f61a5b050f66f94"}}}],"created_at":"2023-06-04T12:03:38.980Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Platform - ELK Stack","title_l10n":"","updated_at":"2024-12-04T20:16:54.644Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-04T20:16:59.029Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]},{"title_l10n":"Elastic Cloud","_metadata":{"uid":"cs6c2a742c3201f02f"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2b4f1f6c89ecd6b2","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"bltdb0f38c35ae455dc","ACL":{},"content_type":"image/svg+xml","created_at":"2019-06-17T19:56:54.761Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Cloud\"","file_size":"1716","filename":"logo-cloud-24-color.svg","tags":[],"title":"logo-cloud-24-color.svg","updated_at":"2021-12-17T19:41:38.654Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T19:46:22.193Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/5d07f086877575d0584760a3/logo-cloud-24-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/logo-cloud-24-color.svg"},"_metadata":{"uid":"cs03ac8608840d234a"},"alt_text_l10n":""}},{"title":{"title_l10n":"Elastic Cloud","_metadata":{"uid":"cse27182bd72de81f8"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnlock the power of real-time insights with Elastic on your preferred cloud provider.\u003c/p\u003e","_metadata":{"uid":"cs6cfc29a0530d445e"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Elastic Cloud overview","_metadata":{"uid":"cs9e1ba22a61156b8e"},"url":"/cloud","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs50a5b2b008340d9e"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csee961bd984575808"}}},{"sublinks":{"sublinks":[{"title_l10n":"Elastic Cloud Serverless","_metadata":{"uid":"cs974ba013957fd92b"},"url":"/cloud/serverless"},{"title_l10n":"Elastic Cloud Serverless pricing","_metadata":{"uid":"csa49e9903f1b062f6"},"url":"/pricing/serverless-search"},{"title_l10n":"Search AI Lake","_metadata":{"uid":"csd24af6c48b144268"},"url":"/cloud/serverless/search-ai-lake"}],"_metadata":{"uid":"csc5efe659a4339dfd"}}}],"created_at":"2023-06-04T12:03:32.338Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Platform - Elastic Cloud","title_l10n":"","updated_at":"2025-01-16T23:57:39.534Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2025-01-16T23:59:39.913Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Solutions","_metadata":{"uid":"cs1538385775c98efd"},"title_id":"nav-item-solutions","url":"","sections":[{"title_l10n":"Generative AI","_metadata":{"uid":"cs8f79c87796141d46"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2b5b716b730e7095","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Generative AI overview ","_metadata":{"uid":"cs43afe4a5eb95776a"},"url":"/generative-ai","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs78bf3b3fd7424010"},"footnote_l10n":""}}],"column_modular_blocks":[{"title":{"title_l10n":"Generative AI","_metadata":{"uid":"cs18b2763e43ebbbea"},"url":"/generative-ai"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003ePrototype and integrate with LLMs faster using search AI.\u003c/p\u003e","_metadata":{"uid":"csc2b19500d60f1812"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search AI Lake","_metadata":{"uid":"cs35466fb715f2ee26"},"url":"/cloud/serverless/search-ai-lake"},{"title_l10n":"Elastic AI Assistant","_metadata":{"uid":"csa826ec74cb488fda"},"url":"/elasticsearch/ai-assistant"},{"title_l10n":"Retrieval Augmented Generation","_metadata":{"uid":"cscdbdc699afde4a02"},"url":"/enterprise-search/rag"}],"_metadata":{"uid":"csb397b8fbfeb59c8d"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csdfa77237ae8319e6"}}},{"sublinks":{"sublinks":[{"title_l10n":"Generative AI blogs","_metadata":{"uid":"csa1f8add36e960f17"},"url":"/blog/category/generative-ai"},{"title_l10n":"Search Labs tutorials","_metadata":{"uid":"cs6e6cd221ea191f9c"},"url":"https://www.elastic.co/search-labs/tutorials"},{"title_l10n":"Elastic Community","_metadata":{"uid":"cs9f83e06b285c3f47"},"url":"/community"}],"_metadata":{"uid":"cs67c6e2303b42bb57"}}}],"created_at":"2024-05-10T22:33:22.668Z","created_by":"blt3044324473ef223b70bc674c","sanity_migration_complete":false,"style":{"type":"Ghost card"},"tags":[],"title":"Solutions - Generative AI","title_l10n":"","updated_at":"2024-12-03T17:26:30.015Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-03T17:26:35.047Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]},{"title_l10n":"Search, Security, Observability","_metadata":{"uid":"csdd81ddba0bf8cc4b"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","_version":13,"locale":"en-us","uid":"bltc3a1cd40e0416b2c","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Search overview","_metadata":{"uid":"csbd5496aa3d1b0190"},"url":"/enterprise-search","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs44eaadf5237824b3"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"uid":"blt549f7d977c2a88f4","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt36e890d06c5ec32c","created_at":"2019-06-18T00:15:48.602Z","updated_at":"2022-07-14T22:30:12.657Z","content_type":"image/svg+xml","file_size":"1812","filename":"logo-enterprise-search-32-color.svg","title":"logo-enterprise-search-32-color.svg","ACL":{},"_version":4,"is_dir":false,"tags":[],"description":"image_alternative_text: blt4c95fef51f752b47","parent_uid":"blt3dd6454f65ccc34c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-16T22:51:05.584Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/5d082d34616162aa5a85707d/logo-enterprise-search-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/logo-enterprise-search-32-color.svg"},"_metadata":{"uid":"cs170d33ec56ceac69"},"alt_text_l10n":""}},{"title":{"title_l10n":"Search","_metadata":{"uid":"cs775478cd77e6d292"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDiscover a world of AI possibilities — built with the power of search.\u003c/p\u003e","_metadata":{"uid":"cs5a4b902119bba40f"}}},{"sublinks":{"sublinks":[{"title_l10n":"Vector database","_metadata":{"uid":"csed77c651fdd3174c"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Relevance","_metadata":{"uid":"cs80141cb427dee0c1"},"url":"/enterprise-search/relevance"},{"title_l10n":"Search applications","_metadata":{"uid":"cs9d714be4e38ada8a"},"url":"/enterprise-search/search-applications"},{"title_l10n":"Ecommerce","_metadata":{"uid":"cs7963bae02344b71b"},"url":"/enterprise-search/ecommerce"},{"title_l10n":"Website search","_metadata":{"uid":"cs7836f56c55ba3cfe"},"url":"/enterprise-search/site-search"},{"title_l10n":"Workplace search","_metadata":{"uid":"csf4a77adc63248830"},"url":"/enterprise-search/workplace-search"},{"title_l10n":"Customer support","_metadata":{"uid":"cs445feacc70664066"},"url":"/enterprise-search/customer-support"}],"_metadata":{"uid":"csf4d2d6f3005e3796"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csbd1e64a45bcdc466"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search Labs","_metadata":{"uid":"cs361d5d1595a1b47f"},"url":"https://www.elastic.co/search-labs"}],"_metadata":{"uid":"cs64700fb4732c0bd3"}}}],"created_at":"2023-06-04T12:03:13.040Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Search","title_l10n":"","updated_at":"2024-07-11T21:27:34.509Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-07-11T21:28:38.978Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"site_navigation_reference","uid":"blt63c42ebb62439573","_version":11,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Security overview","_metadata":{"uid":"cs607609172da7b010"},"url":"/security","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs5975061ef819456a"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"bltf58b7c8e04706979","ACL":{},"content_type":"image/svg+xml","created_at":"2020-01-16T23:28:40.015Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Security\"","file_size":"915","filename":"logo-security-32-color.svg","tags":[],"title":"logo-security-32-color.svg","updated_at":"2022-02-08T19:17:13.406Z","updated_by":"blt36e890d06c5ec32c","parent_uid":"blt3dd6454f65ccc34c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-03T20:41:01.783Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/5e20f1a8132ead1155e8d0a4/logo-security-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/logo-security-32-color.svg"},"_metadata":{"uid":"cs3fd34bcf6bd4aa1e"},"alt_text_l10n":""}},{"title":{"title_l10n":"Security","_metadata":{"uid":"cs6bfb6459afd01091"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eProtect, investigate, and respond to cyber threats with AI-driven security analytics.\u003c/p\u003e","_metadata":{"uid":"cs5cd48eb76a2507c5"}}},{"sublinks":{"sublinks":[{"title_l10n":"SIEM","_metadata":{"uid":"csca3f3d9c18e2a70b"},"url":"/security/siem"},{"title_l10n":"AI for the SOC","_metadata":{"uid":"cs423503ab8b0c29e9"},"url":"/security/ai"},{"title_l10n":"Threat Research","_metadata":{"uid":"csb0b9fd0791e6e0bb"},"url":"/security/cyber-threat-research"}],"_metadata":{"uid":"cs0f0079b9e8827b1a"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csf3e74156baa03a98"}}},{"sublinks":{"sublinks":[{"title_l10n":"Security Labs","_metadata":{"uid":"csd59f826a7734c6e5"},"url":"https://www.elastic.co/security-labs"}],"_metadata":{"uid":"csad4ae4404fd4fb84"}}}],"created_at":"2023-06-04T17:00:41.862Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Security","title_l10n":"","updated_at":"2024-07-26T21:43:38.678Z","updated_by":"blt27204bf9f7abb7fd","publish_details":{"time":"2024-07-29T14:22:51.164Z","user":"blt27204bf9f7abb7fd","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"bltb6f106dd636862a0","_version":20,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Observability overview","_metadata":{"uid":"cs1fd681e6a529b1d7"},"url":"/observability","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs3d2c913e15258d90"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":3,"is_dir":false,"uid":"bltbf6ba0d0e0e1e5ab","ACL":{},"content_type":"image/svg+xml","created_at":"2020-01-16T23:28:26.433Z","created_by":"blt3044324473ef223b70bc674c","description":"image_alternative_text: blt6e3875f2cb65b010","file_size":"854","filename":"logo-observability-32-color.svg","parent_uid":"blt3dd6454f65ccc34c","tags":[],"title":"logo-observability-32-color.svg","updated_at":"2022-06-23T22:18:33.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-03T20:41:01.766Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/5e20f19a2aa8e40a75136318/logo-observability-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/logo-observability-32-color.svg"},"_metadata":{"uid":"cs6d88bb24abedd2e3"},"alt_text_l10n":""}},{"title":{"title_l10n":"Observability","_metadata":{"uid":"cs67387a91562b3205"},"url":"/observability"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnify app and infrastructure visibility to proactively resolve issues.\u003c/p\u003e","_metadata":{"uid":"cs88a641ffc2911203"}}},{"sublinks":{"sublinks":[{"title_l10n":"Log monitoring and analytics","_metadata":{"uid":"cs1dd5fa6336795a30"},"url":"/observability/log-monitoring"},{"title_l10n":"OpenTelemetry","_metadata":{"uid":"cs519e0baebee3d9cb"},"url":"/observability/opentelemetry"},{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cs94aa837d61a0762c"},"url":"/observability/application-performance-monitoring"},{"title_l10n":"Infrastructure monitoring","_metadata":{"uid":"cs4f06f89314df2822"},"url":"/observability/infrastructure-monitoring"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs32572e3664317fa4"},"url":"/observability/synthetic-monitoring"},{"title_l10n":"Real user monitoring","_metadata":{"uid":"cs6c9d63696d568c3b"},"url":"/observability/real-user-monitoring"},{"title_l10n":"Universal Profiling","_metadata":{"uid":"csc17955dd2f2e9772"},"url":"/observability/universal-profiling"},{"title_l10n":"AIOps","_metadata":{"uid":"cs378204c3874ca8e0"},"url":"/observability/aiops"}],"_metadata":{"uid":"cs85b2751f40f3e527"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cs64367ecef14bcb75"}}},{"sublinks":{"sublinks":[{"title_l10n":"Observability Labs","_metadata":{"uid":"cs922d2c431301758e"},"url":"https://www.elastic.co/observability-labs"}],"_metadata":{"uid":"csd9188663d72fdd62"}}}],"created_at":"2023-06-04T12:03:24.813Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Observability","title_l10n":"","updated_at":"2024-12-02T09:38:00.463Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2024-12-02T09:38:05.590Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Customers","_metadata":{"uid":"cs02fc8bc99a63871c"},"title_id":"nav-item-customers","url":"","sections":[{"title_l10n":"Customers - By solution and by industry","_metadata":{"uid":"cs37e49237bd8c8b6a"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt8a06ade8f3124e88","title":"Customers - By solution","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"bltacc5e178e52f430e","ACL":{},"content_type":"image/svg+xml","created_at":"2023-06-04T17:40:11.179Z","created_by":"blt3e52848e0cb3c394","file_size":"2499","filename":"icon-checkmark-decorative-border.svg","parent_uid":null,"tags":[],"title":"icon-checkmark-decorative-border.svg","updated_at":"2023-06-04T17:40:11.179Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:34:54.206Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltacc5e178e52f430e/647ccc7b6be35fb5eabd2100/icon-checkmark-decorative-border.svg"},"_metadata":{"uid":"cs4dd1fca9f5f44f70"},"alt_text_l10n":""}},{"title":{"title_l10n":"By solution","_metadata":{"uid":"cs5da14c808687a24e"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eSee how customers search, solve, and succeed — all on one Search AI Platform.\u003c/p\u003e","_metadata":{"uid":"cs232ddd0cf2230d2d"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search","_metadata":{"uid":"cs5b14b1b43ac9d8c6"},"url":"/customers/success-stories?usecase=enterprise-search\u0026industry=All"},{"title_l10n":"Security","_metadata":{"uid":"csc5d7c70d48ca90ae"},"url":"/customers/success-stories?usecase=security-analytics\u0026industry=All"},{"title_l10n":"Observability","_metadata":{"uid":"cse86ef1e2be61f194"},"url":"/customers/success-stories?usecase=elastic-observability\u0026industry=All"}],"_metadata":{"uid":"cs24cb1db1f15de1c4"}}}],"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"All customer stories","_metadata":{"uid":"cs0ce277db9b7e5ae7"},"url":"/customers","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs165f459ec9fb4aa5"},"footnote_l10n":""}}],"tags":[],"locale":"en-us","style":{"type":"Illustration Grid - two column"},"title_l10n":"","created_by":"blt3e52848e0cb3c394","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-06-04T12:02:51.393Z","updated_at":"2024-05-10T23:00:02.210Z","ACL":{},"_version":9,"publish_details":{"time":"2024-05-15T12:50:42.894Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","_version":3,"locale":"en-us","uid":"blt1d401e05c1cb52ce","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Industries overview","_metadata":{"uid":"cs11ae98a64026023e"},"url":"/industries","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"csa93a1ad9dbde01ba"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt9f634b6f74878698","ACL":{},"content_type":"image/svg+xml","created_at":"2023-06-04T17:39:46.794Z","created_by":"blt3e52848e0cb3c394","file_size":"1595","filename":"icon-briefcase.svg","parent_uid":null,"tags":[],"title":"icon-briefcase.svg","updated_at":"2023-06-04T17:39:46.794Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:36:29.443Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f634b6f74878698/647ccc625637890f19859454/icon-briefcase.svg"},"_metadata":{"uid":"cs8466139a3eb018b6"},"alt_text_l10n":""}},{"title":{"title_l10n":"Industries","_metadata":{"uid":"cs15073e3c310d94e5"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eExceed customer expectations and go to market faster.\u003c/p\u003e","_metadata":{"uid":"csd8f00d1e3c8e0ed4"}}},{"sublinks":{"sublinks":[{"title_l10n":"Public sector","_metadata":{"uid":"cs51ef52ec6b54b410"},"url":"/industries/public-sector"},{"title_l10n":"Financial services","_metadata":{"uid":"cs22eff93153cc2fbe"},"url":"/industries/financial-services"},{"title_l10n":"Telecommunications","_metadata":{"uid":"csacac8855fc00c0f8"},"url":"/industries/telecommunications"},{"title_l10n":"Retail","_metadata":{"uid":"csa363462a65d751a1"},"url":"/industries/retail-ecommerce"},{"title_l10n":"Manufacturing","_metadata":{"uid":"cs38a6bfd8d2f6022e"},"url":"/industries/manufacturing"}],"_metadata":{"uid":"cs9983d6253e2017aa"}}}],"created_at":"2024-05-10T22:59:23.362Z","created_by":"blt3044324473ef223b70bc674c","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Customers - Industries","title_l10n":"","updated_at":"2024-05-15T18:10:31.550Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-15T18:11:29.679Z","user":"blt3044324473ef223b70bc674c"}}]},{"title_l10n":"Customer spotlight","_metadata":{"uid":"csb4ca6ac5082711d7"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","uid":"bltf4eeed992c6383a2","_version":15,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"title":{"title_l10n":"Customer spotlight","_metadata":{"uid":"cs69b04a73066109e4"},"url":""}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"_version":1,"is_dir":false,"uid":"blt652fec920f2b1a14","ACL":{},"content_type":"image/svg+xml","created_at":"2023-09-21T10:40:07.365Z","created_by":"blt3e52848e0cb3c394","file_size":"64960","filename":"logo-nav-dropdown-48x48-cisco.svg","parent_uid":null,"tags":[],"title":"logo-nav-dropdown-48x48-cisco.svg","updated_at":"2023-09-21T10:40:07.365Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-29T17:10:07.068Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt652fec920f2b1a14/650c1d87aa86c13fa1cc288c/logo-nav-dropdown-48x48-cisco.svg"},"alt_text_l10n":"Cisco logo"},"_metadata":{"uid":"cs5f973141d5cc1738"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eCisco saves 5,000 support engineer hours per month\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csf06d2489c4bd37ef"},"url":"/customers/cisco"}]}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"uid":"blte788c0f923f209a3","_version":1,"title":"logo-dropdown-48x48-sitecore.svg","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-07-08T20:20:05.367Z","updated_at":"2024-07-08T20:20:05.367Z","content_type":"image/svg+xml","file_size":"4873","filename":"logo-dropdown-48x48-sitecore.svg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-07-08T20:21:17.641Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte788c0f923f209a3/668c49f5534bb913eb26e9e8/logo-dropdown-48x48-sitecore.svg"},"alt_text_l10n":"Sitecore logo"},"_metadata":{"uid":"csa2a078ccf29d695e"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eSitecore automates 96 percent of security workflows with Elastic\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csd53cb4b361d76ca2"},"url":"/customers/sitecore-security"}]}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"_version":1,"is_dir":false,"uid":"blt90a52ed02808cbc1","ACL":{},"content_type":"image/svg+xml","created_at":"2023-09-21T10:40:45.741Z","created_by":"blt3e52848e0cb3c394","file_size":"47721","filename":"logo-nav-dropdown-48x48-comcast.svg","parent_uid":null,"tags":[],"title":"logo-nav-dropdown-48x48-comcast.svg","updated_at":"2023-09-21T10:40:45.741Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-29T17:10:28.064Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90a52ed02808cbc1/650c1dadb25642d90add1e4e/logo-nav-dropdown-48x48-comcast.svg"},"alt_text_l10n":"Comcast logo"},"_metadata":{"uid":"csc9c0ac125da0e92b"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eComcast transforms customer experiences with Elastic Observability\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csada0ee69c800d1e2"},"url":"/customers/comcast"}]}}],"created_at":"2023-06-04T17:04:44.752Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Customer spotlight"},"tags":[],"title":"Customers - Customer spotlight","title_l10n":"Customer Spotlight","updated_at":"2024-07-08T21:10:17.479Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-07-08T21:10:20.899Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Resources","_metadata":{"uid":"cs6d6faf906902f3c2"},"title_id":"nav-item-resources","url":"","sections":[{"title_l10n":"Research, Build, Learn, Connect","_metadata":{"uid":"csac521faabda66147"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2da6064728802db5","_version":3,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cse8a0cd9936682cef"},"alt_text_l10n":""}},{"title":{"title_l10n":"Research","_metadata":{"uid":"cscb627b8efa82cba0"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eStay at the forefront of innovation with technical tips from the experts.\u003c/p\u003e","_metadata":{"uid":"csddfb11d93d95bad7"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search Labs","_metadata":{"uid":"cs58dba67e336edf8b"},"url":"https://www.elastic.co/search-labs"},{"title_l10n":"Security Labs","_metadata":{"uid":"csffc4aa7973e5ffba"},"url":"https://www.elastic.co/security-labs"},{"title_l10n":"Observability Labs","_metadata":{"uid":"cs5a301cabb223025d"},"url":"https://www.elastic.co/observability-labs"}],"_metadata":{"uid":"cs1ac1fdfa36126b2f"}}}],"created_at":"2024-05-10T23:09:27.197Z","created_by":"blt3044324473ef223b70bc674c","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Resources - Research","title_l10n":"","updated_at":"2024-12-02T09:41:27.963Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2024-12-02T09:41:32.349Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt74484ccc1b85172f","title":"Resources - Build","style":{"type":"Illustration Grid - two column"},"title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cs44c67d7b9a7d1650"},"alt_text_l10n":""}},{"title":{"title_l10n":"Build","_metadata":{"uid":"cse60ed914d4f01062"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eCode with other developers to create a better Elastic, together.\u003c/p\u003e","_metadata":{"uid":"csc56a3cd59fe094f5"}}},{"sublinks":{"sublinks":[{"title_l10n":"Community","url":"/community","_metadata":{"uid":"csd88d4c1cd46edc5d"}},{"title_l10n":"Forum","url":"https://discuss.elastic.co","_metadata":{"uid":"csb90d3bb62af3a70b"}},{"title_l10n":"Downloads","url":"/downloads","_metadata":{"uid":"cs7d47f2c7085e8b89"}},{"title_l10n":"Documentation","url":"/guide","_metadata":{"uid":"csd9f5895ad4598f70"}}],"_metadata":{"uid":"cs0ac4399ed28c210f"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-10T23:10:45.764Z","updated_at":"2024-05-10T23:10:45.764Z","ACL":{},"_version":1,"publish_details":{"time":"2024-05-15T12:50:42.957Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt934060d9e8d39d63","title":"Resources - Learn","title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cs5ed8e58e5dfaca72"},"alt_text_l10n":""}},{"title":{"title_l10n":"Learn","_metadata":{"uid":"cs019e09cee63b6044"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnleash the possibilities of your data and grow your skill set.\u003c/p\u003e","_metadata":{"uid":"cs2dd1ed4ed0245fb1"}}},{"sublinks":{"sublinks":[{"title_l10n":"Getting started","_metadata":{"uid":"csfc9cb80c881cd24a"},"url":"/getting-started"},{"title_l10n":"Elastic resources","_metadata":{"uid":"cs397c877c7fb56827"},"url":"/learn"},{"title_l10n":"Consulting services","_metadata":{"uid":"csbfa8b33d458721f6"},"url":"/consulting"},{"title_l10n":"Trainings \u0026 certifications","_metadata":{"uid":"csd9ec8c412f31120a"},"url":"/training"}],"_metadata":{"uid":"cs9cc31abd8fb24ad8"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","style":{"type":"Illustration Grid - two column"},"created_by":"blt3e52848e0cb3c394","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-06-04T12:01:35.685Z","updated_at":"2024-05-10T23:12:02.296Z","ACL":{},"_version":8,"publish_details":{"time":"2024-05-15T12:50:43.025Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt845ebfe78aed4d5e","title":"Resources - Connect/Have questions","style":{"type":"Illustration Grid - two column"},"title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cse56c42201943cd81"},"alt_text_l10n":""}},{"title":{"title_l10n":"Connect","_metadata":{"uid":"cs06fc73baa9cc0e3a"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eKeep informed about the latest tech and news from Elastic.\u003c/p\u003e","_metadata":{"uid":"cs6b31c90db1e2a16c"}}},{"sublinks":{"sublinks":[{"title_l10n":"Blog","_metadata":{"uid":"csf3d7822d155dba5f"},"url":"/blog"},{"title_l10n":"Events","_metadata":{"uid":"csb66cf41564a89c85"},"url":"/events"}],"_metadata":{"uid":"cs1fef3e4e9c6dbed8"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cse01f8ca7bd6510d5"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eHave questions?\u003c/p\u003e","_metadata":{"uid":"cs5a829b57a618798d"}}},{"sublinks":{"sublinks":[{"title_l10n":"Contact sales","_metadata":{"uid":"cs96d4362517c2285c"},"url":"/contact?storm=global-header-en"},{"title_l10n":"Get support","_metadata":{"uid":"cs7aa5c4baaaef5c7d"},"url":"/support"}],"_metadata":{"uid":"cs04b8e73b8815803a"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-10T23:18:50.596Z","updated_at":"2024-05-14T02:49:41.602Z","ACL":{},"_version":5,"publish_details":{"time":"2024-05-15T12:50:42.982Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Pricing","_metadata":{"uid":"csaf6025f268634b11"},"title_id":"nav-item-pricing","url":"/pricing","sections":[],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Docs","_metadata":{"uid":"cs4989d0473c51cc69"},"title_id":"nav-item-docs","url":"https://www.elastic.co/docs","sections":[],"dropdown_footer":{"title_l10n":"","cards":[]}}],"tags":[],"title":"Site Navigation","updated_at":"2024-08-14T18:26:51.120Z","updated_by":"blt3044324473ef223b70bc674c","url":"/","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-14T18:27:02.197Z","user":"blt3044324473ef223b70bc674c"}}],1],"footer":{"uid":"blt269f572cdb5d93d5","_version":29,"locale":"en-us","ACL":{},"bottom_nav":[{"assigned_to_column":"1","title_l10n":"About us","_metadata":{"uid":"cs6cd917a10b9de1ff"},"url":"","sub_nav":[{"title_l10n":"About Elastic","_metadata":{"uid":"cs57853e838eec1fb4"},"url":"/about/","label":""},{"title_l10n":"Leadership","_metadata":{"uid":"cs7b59ceb017ff22bd"},"url":"/about/leadership","label":""},{"title_l10n":"DE\u0026I","_metadata":{"uid":"csb0b86d236613965f"},"url":"/careers/diversity-and-inclusion","label":""},{"title_l10n":"Blog","_metadata":{"uid":"cs3246df6b3f8161fe"},"url":"/blog","label":""},{"title_l10n":"Newsroom","_metadata":{"uid":"cs3d227dcae1bb8384"},"url":"/about/press","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"1","title_l10n":"Join us","_metadata":{"uid":"cs4d22a4582aebc90c"},"url":"","sub_nav":[{"title_l10n":"Careers","_metadata":{"uid":"csca2cc3d07a6b7d36"},"url":"/careers","label":""},{"title_l10n":"Career portal","_metadata":{"uid":"cs53d10ad225a44f28"},"url":"https://jobs.elastic.co/#/","label":""},{"title_l10n":"How we hire","url":"/careers/how-we-hire","label":"","_metadata":{"uid":"cs832de86dbf975c63"}}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"2","title_l10n":"Partners","_metadata":{"uid":"cs5fef14456079028c"},"url":"","sub_nav":[{"title_l10n":"Find a partner","_metadata":{"uid":"cse2fd098c7efded04"},"url":"https://partners.elastic.co/findapartner/","label":""},{"title_l10n":"Partner login","_metadata":{"uid":"cs95528fa33120b654"},"url":"https://login.elastic.co/login/partner","label":""},{"title_l10n":"Request access","_metadata":{"uid":"cs30282070e0411be1"},"url":"https://partners.elastic.co/English/register_email.aspx","label":""},{"title_l10n":"Become a partner","_metadata":{"uid":"cs0792dcf8683f5042"},"url":"/partners/become-a-partner","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"2","title_l10n":"Trust \u0026 Security","_metadata":{"uid":"cs676bf9d92ab4cab2"},"url":"","sub_nav":[{"title_l10n":"Trust center","_metadata":{"uid":"cs0e067ac5cdb67f07"},"url":"/trust","label":""},{"title_l10n":"EthicsPoint portal","_metadata":{"uid":"csa5a6f1f0f4ad6561"},"url":"https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html","label":""},{"title_l10n":"ECCN report","_metadata":{"uid":"cs10977a5ef048e0ee"},"url":"/trust/business-integrity#international-trade-compliance—eccn-information","label":""},{"title_l10n":"Ethics email","_metadata":{"uid":"cs3e9bd0524b74e154"},"url":"mailto:ethics@elastic.co","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"3","title_l10n":"Investor relations","_metadata":{"uid":"cs12f93a5521bcc919"},"url":"","sub_nav":[{"title_l10n":"Investor resources","_metadata":{"uid":"cs0f53f841a7406963"},"url":"https://ir.elastic.co/home/default.aspx","label":""},{"title_l10n":"Governance","_metadata":{"uid":"cs372c8a459d030d80"},"url":"https://ir.elastic.co/governance/corporate-governance/default.aspx","label":""},{"title_l10n":"Financials","_metadata":{"uid":"cs44c6147db9c45464"},"url":"https://ir.elastic.co/financials/quarterly-results/default.aspx","label":""},{"title_l10n":"Stock","_metadata":{"uid":"csdceab8cb42b2e8e6"},"url":"https://ir.elastic.co/stock/stock-quote/default.aspx","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"3","title_l10n":"Excellence Awards","_metadata":{"uid":"csef48ff6cc0c8017f"},"url":"","sub_nav":[{"title_l10n":"Previous winners","_metadata":{"uid":"cs0033483bf17111bb"},"url":"/blog/2022-elastic-excellence-awards-winners","label":""},{"title_l10n":"ElasticON Tour","_metadata":{"uid":"csd7af0a9be8c75c8c"},"url":"/elasticon","label":""},{"title_l10n":"Become a sponsor","_metadata":{"uid":"cse46c08157caa313e"},"url":"/events/sponsor","label":""},{"title_l10n":"All events","_metadata":{"uid":"csa8aadaa647b40c37"},"url":"/events/","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]}],"copyright_l10n":"\u003cp\u003e© \u003cspan class=\"copyright-year\"\u003e\u003c/span\u003e. Elasticsearch B.V. All Rights Reserved\u003c/p\u003e","created_at":"2023-07-12T17:40:07.721Z","created_by":"blt36e890d06c5ec32c","footnote_l10n":"\u003cp\u003eElastic, Elasticsearch and other related marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries.\u003c/p\u003e\u003cp\u003eApache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the \u003ca href=\"https://www.apache.org/\"\u003eApache Software Foundation\u003c/a\u003e in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners.\u003c/p\u003e","legal_links":[{"title_l10n":"Trademarks","_metadata":{"uid":"csc3a92ddcd1567637"},"url":"/legal/trademarks"},{"title_l10n":"Terms of Use","_metadata":{"uid":"cs244688727f583112"},"url":"/legal/terms-of-use"},{"title_l10n":"Privacy","_metadata":{"uid":"cs227108640c2a1b4b"},"url":"/legal/privacy-statement"},{"title_l10n":"Sitemap","_metadata":{"uid":"cs01d3fe43dedf205c"},"url":"/sitemap"}],"logo":{"uid":"bltf8467a95eaa27e4a","_version":1,"created_by":"blt27204bf9f7abb7fd","updated_by":"blt27204bf9f7abb7fd","created_at":"2024-05-06T13:15:06.525Z","updated_at":"2024-05-06T13:15:06.525Z","content_type":"image/svg+xml","file_size":"18710","filename":"logo-tagline_secondary_all_white-177.svg","title":"logo-tagline_secondary_all_white-177.svg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-05-06T14:16:52.270Z","user":"blt27204bf9f7abb7fd","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8467a95eaa27e4a/6638d7da0d02e4e98155aaa3/logo-tagline_secondary_all_white-177.svg"},"sanity_migration_complete":false,"social_media_label_l10n":"Follow us","social_media_links":[{"title_l10n":"LinkedIn","_metadata":{"uid":"cs8281b766eac50225"},"url":"https://www.linkedin.com/company/elastic-co","image":{"uid":"blte7cfb1a091901ce1","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:34.613Z","updated_at":"2020-05-04T12:37:38.030Z","content_type":"image/svg+xml","file_size":"1528","filename":"footer-icon-linkedin.svg","title":"footer-icon-linkedin.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte7cfb1a091901ce1/5eb00c925751b2150e57a9d6/footer-icon-linkedin.svg"},"hover_icon":null,"tracking_id":"footer_linkedin"},{"title_l10n":"YouTube","_metadata":{"uid":"cs0a7ef0f38baa3dc4"},"url":"https://www.youtube.com/user/elasticsearch","image":{"uid":"blt7c28b18be98b1af8","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:59.474Z","updated_at":"2020-05-04T12:38:01.471Z","content_type":"image/svg+xml","file_size":"1890","filename":"footer-icon-youtube.svg","title":"footer-icon-youtube.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7c28b18be98b1af8/5eb00ca908d37e6d82ef7655/footer-icon-youtube.svg"},"hover_icon":null,"tracking_id":"footer_youtube"},{"title_l10n":"Facebook","_metadata":{"uid":"csbe2c2f5c606f8c8d"},"url":"https://www.facebook.com/elastic.co","image":{"uid":"blt75566c5278ad68da","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:02.511Z","updated_at":"2020-05-04T12:36:41.395Z","content_type":"image/svg+xml","file_size":"1143","filename":"footer-icon-facebook.svg","title":"footer-icon-facebook.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt75566c5278ad68da/5eb00c59d238e314f259fbea/footer-icon-facebook.svg"},"hover_icon":null,"tracking_id":"footer_facebook"},{"title_l10n":"Twitter","_metadata":{"uid":"csac0b218be6f14543"},"url":"https://www.twitter.com/elastic","image":{"uid":"blt341fed86979a9fbb","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:18.715Z","updated_at":"2020-05-04T12:37:10.251Z","content_type":"image/svg+xml","file_size":"2572","filename":"footer-icon-twitter.svg","title":"footer-icon-twitter.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt341fed86979a9fbb/5eb00c76b8a6356e4ddc1180/footer-icon-twitter.svg"},"hover_icon":null,"tracking_id":"footer_twitter"},{"title_l10n":"GitHub","_metadata":{"uid":"cs3f871c12d50cb1c4"},"url":"https://github.com/elastic","image":{"_version":1,"is_dir":false,"uid":"blt6ef5841a45696d80","ACL":{},"content_type":"image/svg+xml","created_at":"2023-08-02T10:05:35.275Z","created_by":"blt3e52848e0cb3c394","file_size":"1327","filename":"icon-footer-github.svg","parent_uid":null,"tags":[],"title":"icon-footer-github.svg","updated_at":"2023-08-02T10:05:35.275Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-26T23:47:50.075Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ef5841a45696d80/64ca2a6fc530871313bc3822/icon-footer-github.svg"},"hover_icon":null,"tracking_id":""}],"tags":[],"title":"Footer Redesign 2023","updated_at":"2024-11-07T21:46:07.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-11-09T02:07:26.435Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},"headers":{"country-code":"DE"},"subNav":[[{"uid":"bltaa9e8ef97db20945","_version":179,"locale":"en-us","ACL":{},"collapse_menu":{"title_l10n":"Collapse menu"},"created_at":"2022-03-15T00:28:09.929Z","created_by":"blt3044324473ef223b70bc674c","level_2":[{"title_l10n":"About","_metadata":{"uid":"cs8e091c3682d07b9f"},"url":"/about","level_3":[{"title_l10n":"Leadership","_metadata":{"uid":"cs51a59c6870a53681"},"url":"/about/leadership","level_4":[]},{"title_l10n":"Board","_metadata":{"uid":"cs93163805bdd45c96"},"url":"/about/board","level_4":[]},{"title_l10n":"Open source","_metadata":{"uid":"cs23a3f05026c3f3aa"},"url":"/about/open-source","level_4":[]},{"title_l10n":"Media","_metadata":{"uid":"cs0b695b5ccd67dfe7"},"url":"/about/press","level_4":[]},{"title_l10n":"ESG","_metadata":{"uid":"csfc5459e2272d8169"},"url":"/about/esg","level_4":[]},{"title_l10n":"Trust","_metadata":{"uid":"cs854223d2b53a055d"},"url":"/trust","level_4":[]}],"unlisted":[{"title_l10n":"Source Code","_metadata":{"uid":"cse7f28813f700063b"},"url":"/about/our-source-code"},{"title_l10n":"Distributed","_metadata":{"uid":"cs4069554cd5f6b28a"},"url":"/about/distributed"}]},{"title_l10n":"Blog","_metadata":{"uid":"cs15a678df84fd56c2"},"url":"/blog","level_3":[{"title_l10n":"Solutions","_metadata":{"uid":"cs4207ff196bc706b1"},"url":"/blog/category/solutions","level_4":[]},{"title_l10n":"Stack + Cloud","_metadata":{"uid":"cs5441abdada9821d3"},"url":"/blog/category/stack-cloud","level_4":[]},{"title_l10n":"News","_metadata":{"uid":"cs1e85870f77b92cd6"},"url":"/blog/category/company-news","level_4":[]},{"title_l10n":"Customers","_metadata":{"uid":"cs825404bee91003c3"},"url":"/blog/category/customers","level_4":[]},{"title_l10n":"Generative AI","_metadata":{"uid":"csaa7aa42e834f4477"},"url":"/blog/category/generative-ai","level_4":[]},{"title_l10n":"Culture","_metadata":{"uid":"csef703334f6243895"},"url":"/blog/category/culture","level_4":[]}],"unlisted":[]},{"title_l10n":"Careers","_metadata":{"uid":"cs969077f437917ab2"},"url":"/careers/","level_3":[{"title_l10n":"Our values","_metadata":{"uid":"cs4b8d5b0e5636d8f3"},"url":"/careers/our-values","level_4":[]},{"title_l10n":"Diversity","_metadata":{"uid":"cs9e9e3af649cdca99"},"url":"/careers/diversity-and-inclusion","level_4":[]},{"title_l10n":"Apply now","_metadata":{"uid":"cs40392061bf97b03f"},"url":"https://jobs.elastic.co/all-openings#/","level_4":[]},{"title_l10n":"How we hire","_metadata":{"uid":"csd4df1b5e6f6e2202"},"url":"/careers/how-we-hire","level_4":[]}],"unlisted":[]},{"title_l10n":"Community","_metadata":{"uid":"csa7c1026c5be4ea6e"},"url":"/community","level_3":[{"title_l10n":"Meetups","_metadata":{"uid":"cs5f78ad934ea2205a"},"url":"https://www.meetup.com/pro/elastic/","level_4":[]},{"title_l10n":"Forums","_metadata":{"uid":"csdbb9e951df255450"},"url":"https://discuss.elastic.co/","level_4":[]},{"title_l10n":"Contributors","_metadata":{"uid":"csd075c05386901a0f"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs26101e3bed0a4d02"},"url":"/community/contributor"},{"title_l10n":"Rules","_metadata":{"uid":"cs22e3a8ac4fe28ce5"},"url":"/community/contributor/rules"},{"title_l10n":"Submissions","_metadata":{"uid":"cscb9adc71046046b8"},"url":"/community/contributor/submissions"},{"title_l10n":"Awards","_metadata":{"uid":"cs4b5f2e050fad550b"},"url":"/community/contributor/awards"},{"title_l10n":"FAQ","_metadata":{"uid":"cs59205ebe12a7ec2d"},"url":"/community/contributor/faq"},{"title_l10n":"Contributor portal","_metadata":{"uid":"cs2e8a2af70005fb4c"},"url":"https://contributor-program.app.elstc.co/"}]},{"title_l10n":"Code of conduct","_metadata":{"uid":"csa8ceb4bdb0d19c1d"},"url":"/community/codeofconduct","level_4":[]},{"title_l10n":"Newsletter","_metadata":{"uid":"cscbc9596811de7ad0"},"url":"/community/newsletter","level_4":[]},{"title_l10n":"Help","_metadata":{"uid":"cs1a30f9e3c4d47a24"},"url":"/community/help","level_4":[]}],"unlisted":[]},{"title_l10n":"Consulting","_metadata":{"uid":"cs0048b24adf49ac89"},"url":"/consulting","level_3":[{"title_l10n":"Boost services","_metadata":{"uid":"cs93b353c225c34e62"},"url":"/consulting/boost-services","level_4":[]},{"title_l10n":"Cloud migration","_metadata":{"uid":"cs267573d97e318669"},"url":"/consulting/cloud-migration-services","level_4":[]},{"title_l10n":"Advisory services","_metadata":{"uid":"cs60ffc2c0967469de"},"url":"/consulting/advisory-services","level_4":[]},{"title_l10n":"Contact","_metadata":{"uid":"csa6ac6c2c01f8e140"},"url":"/consulting/contact","level_4":[]}],"unlisted":[]},{"title_l10n":"Customers","_metadata":{"uid":"csc0ea258b71fc82b0"},"url":"/customers","level_3":[{"title_l10n":"Use cases","_metadata":{"uid":"cs070e1aed0e6b3d61"},"url":"","level_4":[{"title_l10n":"Search","_metadata":{"uid":"csc49f7b01bd1f922f"},"url":"/customers/success-stories?usecase=enterprise-search\u0026industry=All"},{"title_l10n":"Observability","_metadata":{"uid":"csc67dd4db7de37244"},"url":"/customers/success-stories?usecase=elastic-observability\u0026industry=All"},{"title_l10n":"Security","_metadata":{"uid":"cs399d89851a0da445"},"url":"/customers/success-stories?usecase=security-analytics\u0026industry=All"}]},{"title_l10n":"Value","_metadata":{"uid":"csf92f4d053140915f"},"url":"/customers/value","level_4":[]}],"unlisted":[{"title_l10n":"Customer value","_metadata":{"uid":"csdc32877d2588370d"},"url":"/customers/value"}]},{"title_l10n":"Elastic Cloud","_metadata":{"uid":"csadc9ecd5d3ccbc57"},"url":"/cloud","level_3":[{"title_l10n":"Serverless","_metadata":{"uid":"csc13d13e75a303990"},"url":"/cloud/serverless","level_4":[{"title_l10n":"Serverless roadmap","_metadata":{"uid":"csb4626fd3abd2508f"},"url":"/cloud/serverless/roadmap"},{"title_l10n":"Search AI Lake","_metadata":{"uid":"cs1451f73495a09dda"},"url":"/cloud/serverless/search-ai-lake"}]},{"title_l10n":"Regions","_metadata":{"uid":"csd395063dddd8845c"},"url":"/cloud/regions","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"cs0601c60d26f18c69"},"url":"https://www.elastic.co/guide/en/cloud/current/index.html","level_4":[]},{"title_l10n":"Shared responsibility","_metadata":{"uid":"cs78cfc0cc33a0f07a"},"url":"/cloud/shared-responsibility","level_4":[]},{"title_l10n":"Cloud migration","_metadata":{"uid":"cs99559229bb453ba4"},"url":"","level_4":[{"title_l10n":"Developers","_metadata":{"uid":"cs6b23c5745eabd086"},"url":"/cloud/platform-migration-dev/"},{"title_l10n":"Business Leaders","_metadata":{"uid":"csa656e7b98e93ec8f"},"url":"/cloud/platform-migration"},{"title_l10n":"Consulting services","_metadata":{"uid":"cs505e18ed277cc6ce"},"url":"/cloud/cloud-migration-services"}]}],"unlisted":[{"title_l10n":"Elastic Cloud Enterprise","_metadata":{"uid":"csad2dd1950db00c3a"},"url":"/ece"},{"title_l10n":"Elastic Cloud on Kubernetes","_metadata":{"uid":"cs116ae0b80627d3bd"},"url":"/elastic-cloud-kubernetes"},{"title_l10n":"Elastic App Search Service","_metadata":{"uid":"csb105633fb925c2f6"},"url":"/app-search/service"},{"title_l10n":"App Search Service pricing","_metadata":{"uid":"cs714085379fda18e6"},"url":"/app-search/service/pricing"},{"title_l10n":"Elastic Site Search Service","_metadata":{"uid":"cscd76d7fa04786f14"},"url":"/site-search/service"},{"title_l10n":"Site Search Service pricing","_metadata":{"uid":"cseafb7630188819b8"},"url":"/site-search/service/pricing"}]},{"title_l10n":"Elastic Stack","_metadata":{"uid":"cs60a7b8db425ecda6"},"url":"/elastic-stack","level_3":[{"title_l10n":"Features","_metadata":{"uid":"cs4c2b753f00e29c11"},"url":"/elastic-stack/features","level_4":[]},{"title_l10n":"Capabilities","_metadata":{"uid":"cs0ac881f9652ac2dc"},"url":"","level_4":[{"title_l10n":"Stack security","_metadata":{"uid":"csb16e64ebe7794179"},"url":"/what-is/elastic-stack-security"},{"title_l10n":"Machine learning","_metadata":{"uid":"cse6053162c8526c10"},"url":"/what-is/elasticsearch-machine-learning"},{"title_l10n":"Geospatial","_metadata":{"uid":"cscdff16895437806c"},"url":"/geospatial"},{"title_l10n":"Vector database","_metadata":{"uid":"cse48968b090b6807f"},"url":"/elasticsearch/vector-database"},{"title_l10n":"AutoOps","_metadata":{"uid":"cs42bff71c0925503d"},"url":"/platform/autoops"}]},{"title_l10n":"Elasticsearch","_metadata":{"uid":"cs6928bf21a330389c"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs08cabb5a3b90ede9"},"url":"/elasticsearch"},{"title_l10n":"Features","_metadata":{"uid":"cs03c3242fafe8f43c"},"url":"/elasticsearch/features"},{"title_l10n":"Elasticsearch Service","_metadata":{"uid":"cs9847a5cb39480166"},"url":"/elasticsearch/service"},{"title_l10n":"Elasticsearch searchable snapshots","_metadata":{"uid":"csf47888fa25ecb5f2"},"url":"/elasticsearch/elasticsearch-searchable-snapshots"},{"title_l10n":"Elasticsearch runtime fields","_metadata":{"uid":"cs1f99c5679876f78f"},"url":"/elasticsearch/elasticsearch-runtime-fields"},{"title_l10n":"Elasticsearch Relevance Engine","_metadata":{"uid":"cs404ad7d9e4de8ada"},"url":"/elasticsearch/elasticsearch-relevance-engine"}]},{"title_l10n":"Kibana","_metadata":{"uid":"cs78304ca2eada29b7"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs0eb09309d8eb60e8"},"url":"/kibana"},{"title_l10n":"Features","_metadata":{"uid":"cs29c3df77aa69834b"},"url":"/kibana/features"},{"title_l10n":"Kibana Canvas","_metadata":{"uid":"csb2c5fc936c9d37e9"},"url":"/what-is/kibana-canvas"},{"title_l10n":"Kibana Lens","_metadata":{"uid":"cs81b16f5b629c6734"},"url":"/kibana/kibana-lens"},{"title_l10n":"Kibana dashboard","_metadata":{"uid":"cs37cc1272dc9d1e79"},"url":"/kibana/kibana-dashboard"},{"title_l10n":"Kibana alerting","_metadata":{"uid":"csdca15c27859f48ca"},"url":"/what-is/kibana-alerting"},{"title_l10n":"Elastic Maps","_metadata":{"uid":"cs8f301712e95044fe"},"url":"/maps"},{"title_l10n":"Elastic Maps Service","_metadata":{"uid":"csf728be400b42cd60"},"url":"/elastic-maps-service"}]},{"title_l10n":"Integrations","_metadata":{"uid":"cs7e4a2f68f369617b"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs85db9ea3ae40465e"},"url":"/integrations"},{"title_l10n":"Data integrations","_metadata":{"uid":"csfcd0e63e8f2ee96a"},"url":"/integrations/data-integrations"},{"title_l10n":"Elastic Agent","_metadata":{"uid":"cs2751f90a3cec66f9"},"url":"/elastic-agent"},{"title_l10n":"Beats","_metadata":{"uid":"cscba27789614477d8"},"url":"/beats"},{"title_l10n":"Logstash","_metadata":{"uid":"cs3fd37ce923d20d9b"},"url":"/logstash"},{"title_l10n":"Web crawler","_metadata":{"uid":"csaf5ad6e3c2c8d43a"},"url":"/web-crawler"},{"title_l10n":"Content connectors","_metadata":{"uid":"cs3f2fc425a0ee4265"},"url":"/workplace-search/content-sources"}]},{"title_l10n":"Docs","_metadata":{"uid":"cs50ae00c58f827097"},"url":"https://www.elastic.co/guide/en/elastic-stack/current/index.html","level_4":[]}],"unlisted":[{"title_l10n":"What is Elasticsearch","_metadata":{"uid":"csf97903f364909b99"},"url":"/what-is/elasticsearch"},{"title_l10n":"Open X-Pack","_metadata":{"uid":"csc78be312aaff7a28"},"url":"/what-is/open-x-pack"},{"title_l10n":"What is the ELK Stack","_metadata":{"uid":"csdffef2c490972db8"},"url":"/what-is/elk-stack"},{"title_l10n":"Elasticsearch SQL","_metadata":{"uid":"cs404c333ec7ec4952"},"url":"/what-is/elasticsearch-sql"},{"title_l10n":"Elasticsearch-Hadoop","_metadata":{"uid":"cs6c24a5a40f30dfd4"},"url":"/what-is/elasticsearch-hadoop"},{"title_l10n":"Elasticsearch business analytics","_metadata":{"uid":"cs8fd31c81ae759787"},"url":"/what-is/elasticsearch-business-analytics"},{"title_l10n":"Elasticsearch graph","_metadata":{"uid":"cs8e205d91ee02bb96"},"url":"/what-is/elasticsearch-graph"},{"title_l10n":"Elasticsearch monitoring","_metadata":{"uid":"cs8bb9c4f6d47f9844"},"url":"/what-is/elasticsearch-monitoring"},{"title_l10n":"Elastic Common Schema","_metadata":{"uid":"cs7b1c798a93d36629"},"url":"/what-is/ecs"},{"title_l10n":"AWS Elasticsearch Service","_metadata":{"uid":"csc3872252e7286b8b"},"url":"/aws-elasticsearch-service"},{"title_l10n":"OpenSearch","_metadata":{"uid":"cs1b26f037931beadd"},"url":"/what-is/opensearch"},{"title_l10n":"What is Kibana","_metadata":{"uid":"csa66c8bfb9eeb7d64"},"url":"/what-is/kibana"},{"title_l10n":"Kibana feedback","_metadata":{"uid":"csa1f9cce921215858"},"url":"/kibana/feedback"},{"title_l10n":"Kibana ask us questions","_metadata":{"uid":"cs123bbb4d6f52c352"},"url":"/kibana/ask-elastic"},{"title_l10n":"Kibana reporting","_metadata":{"uid":"csa143fdde145d7da8"},"url":"/what-is/kibana-reporting"},{"title_l10n":"ServiceNow and Elastic","_metadata":{"uid":"cs23b5bf47ce54388e"},"url":"/what-is/servicenow"},{"title_l10n":"Help","_metadata":{"uid":"csca062d77a79f2faf"},"url":"/help"}]},{"title_l10n":"Search","_metadata":{"uid":"cs815dbfdfcb5d665d"},"url":"/enterprise-search","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"csae031a6128f7400f"},"url":"","level_4":[{"title_l10n":"Data ingestion","_metadata":{"uid":"cs1840c4df996b35ab"},"url":"/enterprise-search/data-ingestion"},{"title_l10n":"Search UI","_metadata":{"uid":"cs2bfeb97c747a96a7"},"url":"/enterprise-search/search-ui"},{"title_l10n":"Search analytics","_metadata":{"uid":"csb97709dfb73eab49"},"url":"/enterprise-search/search-analytics"},{"title_l10n":"Provisioning","_metadata":{"uid":"cs802968c46c6d4a90"},"url":"/enterprise-search/deployment"},{"title_l10n":"Relevance","_metadata":{"uid":"csdb072364aaa5fb4b"},"url":"/enterprise-search/relevance"},{"title_l10n":"Machine learning","_metadata":{"uid":"cse1133a3fb4606c9a"},"url":"/enterprise-search/machine-learning"},{"title_l10n":"Vector database","_metadata":{"uid":"cse18cb18a810a2b13"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Retrieval Augmented Generation","_metadata":{"uid":"cs5bb2a1c8ad475327"},"url":"/enterprise-search/rag"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs232455854532744c"},"url":"","level_4":[{"title_l10n":"Search applications","_metadata":{"uid":"cs9f7fba4ad3dd44bb"},"url":"/enterprise-search/search-applications"},{"title_l10n":"Ecommerce","_metadata":{"uid":"cs91e93b3cb71b94b2"},"url":"/enterprise-search/ecommerce"},{"title_l10n":"Website","_metadata":{"uid":"cs127db46d15150d15"},"url":"/enterprise-search/site-search"},{"title_l10n":"Workplace search","_metadata":{"uid":"csadc4b4c5dd21b53f"},"url":"/enterprise-search/workplace-search"},{"title_l10n":"Customer support","_metadata":{"uid":"cscb4a04887f303e5d"},"url":"/enterprise-search/customer-support"}]},{"title_l10n":"Docs","_metadata":{"uid":"cs1a6f89380c0872c8"},"url":"https://www.elastic.co/guide/en/enterprise-search/current/index.html","level_4":[]}],"unlisted":[]},{"title_l10n":"Events","_metadata":{"uid":"csbcb9840ba1d9acdb"},"url":"/events","level_3":[{"title_l10n":"Event videos","_metadata":{"uid":"csef7fae775cb448ac"},"url":"/events/videos","level_4":[]},{"title_l10n":"Elastic Excellence Awards","_metadata":{"uid":"csce1bc3f82e76e201"},"url":"/events/awards","level_4":[]},{"title_l10n":"Sponsor","_metadata":{"uid":"cs1029354d0af20664"},"url":"/events/sponsor","level_4":[]}],"unlisted":[]},{"title_l10n":"Getting started","_metadata":{"uid":"cs81808631706d95aa"},"url":"/getting-started","level_3":[{"title_l10n":"Data ingest","_metadata":{"uid":"cs4551c049b5bce4a9"},"url":"/customer-success/data-ingestion","level_4":[]},{"title_l10n":"Search Guides","_metadata":{"uid":"cs4dd23a7a841db1b3"},"url":"","level_4":[{"title_l10n":"Build an AI-powered search experience","_metadata":{"uid":"csf73f8655be7769c1"},"url":"/getting-started/enterprise-search/build-a-semantic-search-experience"},{"title_l10n":"Search across databases and business systems","_metadata":{"uid":"cs94f1e8b406cae10c"},"url":"/getting-started/enterprise-search/search-across-business-systems-and-software"},{"title_l10n":"Add search to your website","_metadata":{"uid":"cs7c73d9c5e1b9c693"},"url":"/getting-started/enterprise-search/add-search-to-your-website"},{"title_l10n":"Set up vector search","_metadata":{"uid":"cs45277c6abe450b02"},"url":"/getting-started/enterprise-search/vector-search"},{"title_l10n":"Build an application on top of Elasticsearch","_metadata":{"uid":"csb5c046a7df26ed60"},"url":"/getting-started/enterprise-search/build-an-application-on-top-of-elasticsearch"}]},{"title_l10n":"Observability Guides","_metadata":{"uid":"cse4691fd58cd3e1fe"},"url":"","level_4":[{"title_l10n":"Collect and analyze logs","_metadata":{"uid":"cs0fdbe552cdda5d84"},"url":"/getting-started/observability/collect-and-analyze-logs"},{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cse9bc3f5a66245f0a"},"url":"/getting-started/observability/monitor-your-application-performance"},{"title_l10n":"Monitor your hosts","_metadata":{"uid":"cs50a6e0ab8c07d2fb"},"url":"/getting-started/observability/monitor-your-hosts"},{"title_l10n":"Kubernetes monitoring","_metadata":{"uid":"cs5bbc668d4f1ef63e"},"url":"/getting-started/observability/monitor-kubernetes-clusters"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs61ca4004d8aab0e4"},"url":"/getting-started/observability/create-synthetic-monitor"}]},{"title_l10n":"Security Guides","_metadata":{"uid":"cs338104439ba04d75"},"url":"","level_4":[{"title_l10n":"SIEM","_metadata":{"uid":"cs06bf6cebc83287a7"},"url":"/getting-started/security/detect-threats-in-my-data-with-siem"},{"title_l10n":"Endpoint Security","_metadata":{"uid":"cs77396d612fe76685"},"url":"/getting-started/security/secure-my-hosts-with-endpoint-security"},{"title_l10n":"Cloud Security Posture Management","_metadata":{"uid":"cs35a5d9c5449f4ac5"},"url":"/getting-started/security/secure-my-cloud-assets-with-cloud-security-posture-management"}]},{"title_l10n":"Cloud providers","_metadata":{"uid":"cse05b315407095d1b"},"url":"","level_4":[{"title_l10n":"AWS","_metadata":{"uid":"csa16e918cc9bffb18"},"url":"/getting-started/aws"},{"title_l10n":"Google Cloud","_metadata":{"uid":"cs81ea6102c539d232"},"url":"/getting-started/google-cloud"},{"title_l10n":"Microsoft Azure","_metadata":{"uid":"csdbcf27b684e503ee"},"url":"/getting-started/microsoft-azure"}]}],"unlisted":[{"title_l10n":"Resources","_metadata":{"uid":"cs6dd493af724f798a"},"url":"/customer-success/resources"},{"title_l10n":"Customer success","_metadata":{"uid":"cs9f7d53a4c318df4d"},"url":"/customer-success/"}]},{"title_l10n":"Learn","_metadata":{"uid":"cs8bb13f85f00dddcd"},"url":"/learn","level_3":[{"title_l10n":"Videos","_metadata":{"uid":"cs653df48587680973"},"url":"/videos","level_4":[]},{"title_l10n":"White paper","_metadata":{"uid":"csb7a951170183ca96"},"url":"/learn/exploration-center","level_4":[]}],"unlisted":[]},{"title_l10n":"Observability","_metadata":{"uid":"cse4e0fb50dd4e95fd"},"url":"/observability","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"csc296f379a0602ce1"},"url":"","level_4":[{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cseab0aa3128578bc9"},"url":"/observability/application-performance-monitoring"},{"title_l10n":"Log monitoring","_metadata":{"uid":"csd03474cbaf4902ce"},"url":"/observability/log-monitoring"},{"title_l10n":"Infrastructure monitoring","_metadata":{"uid":"cs46ef7fc35494bfa7"},"url":"/observability/infrastructure-monitoring"},{"title_l10n":"Real user monitoring","_metadata":{"uid":"csea9acd1bbbbfde95"},"url":"/observability/real-user-monitoring"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs44921c274725fe6d"},"url":"/observability/synthetic-monitoring"},{"title_l10n":"Universal profiling","_metadata":{"uid":"csace62291bb813cd4"},"url":"/observability/ebpf-continuous-code-profiling"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs64047eecb6ef228c"},"url":"","level_4":[{"title_l10n":"Cloud monitoring","_metadata":{"uid":"cs805172c3209d1b54"},"url":"/observability/cloud-monitoring"},{"title_l10n":"DevOps","_metadata":{"uid":"cs90631dd39dad3a1a"},"url":"/observability/devops"},{"title_l10n":"Cloud migration","_metadata":{"uid":"csc12e5aecf32ec016"},"url":"/observability/cloud-migration"},{"title_l10n":"Cloud native","_metadata":{"uid":"cs8a37f3b2b907608f"},"url":"/observability/cloud-native"},{"title_l10n":"Kubernetes monitoring","_metadata":{"uid":"csd55c740f313186b9"},"url":"/observability/kubernetes-monitoring"},{"title_l10n":"Serverless monitoring","_metadata":{"uid":"csb93f6b68cd95688f"},"url":"/observability/serverless-monitoring"},{"title_l10n":"OpenTelemetry","_metadata":{"uid":"cs67530af55fe9b32c"},"url":"/observability/opentelemetry"},{"title_l10n":"AIOps","_metadata":{"uid":"csf4a5b4cccd8b4420"},"url":"/observability/aiops"},{"title_l10n":"Digital experience","_metadata":{"uid":"csd3064a183915f3cb"},"url":"/observability/digital-experience-monitoring"},{"title_l10n":"Tool Consolidation","_metadata":{"uid":"csdd3038cf0d5189bd"},"url":"/observability/tool-consolidation"}]},{"title_l10n":"Integrations","_metadata":{"uid":"cs242e973705950a46"},"url":"/integrations/data-integrations?solution=observability","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"cs98524b345bd61a42"},"url":"https://www.elastic.co/guide/en/observability/current/index.html","level_4":[]}],"unlisted":[{"title_l10n":"Prometheus monitoring","_metadata":{"uid":"cs8a431f6fa437a2d9"},"url":"/elasticsearch/prometheus-monitoring"}]},{"title_l10n":"Partners","_metadata":{"uid":"cs3155ab73235c8389"},"url":"/partners","level_3":[{"title_l10n":"Become a partner","_metadata":{"uid":"cs7701e9efdd695240"},"url":"/partners/become-a-partner","level_4":[]},{"title_l10n":"Support","_metadata":{"uid":"cs65a1c96e522aabd8"},"url":"","level_4":[{"title_l10n":"Contact us","_metadata":{"uid":"cs1fee03324e45ae1e"},"url":"/partners/contact"},{"title_l10n":"Program guide","_metadata":{"uid":"cs2f056d86678ebfc4"},"url":"/partners/program"}]},{"title_l10n":"Partner account","_metadata":{"uid":"cs236419f427ae708f"},"url":"","level_4":[{"title_l10n":"Login","_metadata":{"uid":"csf3e5ca80df9a2ec4"},"url":"https://login.elastic.co/login/partner"},{"title_l10n":"Request access","_metadata":{"uid":"csd1d246815afdb7da"},"url":"https://partners.elastic.co/English/register_email.aspx"}]}],"unlisted":[]},{"title_l10n":"Platform","_metadata":{"uid":"cs3dab20cab2c29923"},"url":"/products","level_3":[{"title_l10n":"What's new","_metadata":{"uid":"cs8a308f98f32daacf"},"url":"/whats-new","level_4":[]}],"unlisted":[]},{"title_l10n":"Pricing","_metadata":{"uid":"csfc63cdfc1c06399d"},"url":"/pricing","level_3":[{"title_l10n":"Elastic Cloud Serverless","_metadata":{"uid":"csb8a4fdb9c3bc4300"},"url":"","level_4":[{"title_l10n":"Elasticsearch Serverless","_metadata":{"uid":"csd97bc438bdc6d807"},"url":"/pricing/serverless-search"},{"title_l10n":"Elastic Security Serverless","_metadata":{"uid":"cs936f5653e401ba68"},"url":"/pricing/serverless-security"},{"title_l10n":"Elastic Observability Serverless","_metadata":{"uid":"csc47cb6fcee6a3718"},"url":"/pricing/serverless-observability"}]},{"title_l10n":"Benefits","_metadata":{"uid":"csb5cd64003b72b082"},"url":"/pricing/benefits","level_4":[]},{"title_l10n":"FAQ","_metadata":{"uid":"cs689e5f5ca8e039b0"},"url":"/pricing/faq","level_4":[]},{"title_l10n":"Features","_metadata":{"uid":"csc2015a372acc1084"},"url":"","level_4":[{"title_l10n":"Elastic Cloud","_metadata":{"uid":"csf1bb052541fd91ef"},"url":"/subscriptions/cloud"},{"title_l10n":"Self-managed","_metadata":{"uid":"cs21f845b2fe5757d2"},"url":"/subscriptions"}]}],"unlisted":[]},{"title_l10n":"Security","_metadata":{"uid":"cs16cbda02c3601d34"},"url":"/security/","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"cseae0b1e586ba8fac"},"url":"","level_4":[{"title_l10n":"SIEM","_metadata":{"uid":"csa7c6619304d5d43e"},"url":"/security/siem"},{"title_l10n":"AI for the SOC","_metadata":{"uid":"csec7f9985bfa7acd1"},"url":"/security/ai"},{"title_l10n":"Security research","_metadata":{"uid":"cs48b56bae35f752ac"},"url":"https://www.elastic.co/security-labs"}]},{"title_l10n":"Features","_metadata":{"uid":"cs0106c99cab044dee"},"url":"","level_4":[{"title_l10n":"Endpoint Security","_metadata":{"uid":"csd2a677bc227c9b5c"},"url":"/security/endpoint-security"},{"title_l10n":"Cloud Security","_metadata":{"uid":"cs6ba30fd6994fd441"},"url":"/security/cloud-security"},{"title_l10n":"XDR","_metadata":{"uid":"cs8f2e4665d3e05358"},"url":"/security/xdr"},{"title_l10n":"CDR","_metadata":{"uid":"csfedb5e2871b95180"},"url":"/security/cloud-detection-and-response"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs501631844000d8ff"},"url":"","level_4":[{"title_l10n":"Continuous Monitoring","_metadata":{"uid":"cs516d9e75901b9e2f"},"url":"/security/continuous-monitoring"},{"title_l10n":"Threat Hunting","_metadata":{"uid":"cse59e1656166da3c2"},"url":"/security/threat-hunting"},{"title_l10n":"Streamlined investigation \u0026 response","_metadata":{"uid":"cse5d322ffe4da2123"},"url":"/security/investigation-response"},{"title_l10n":"Automated Threat Protection","_metadata":{"uid":"cs923005404e1e9a58"},"url":"/security/automated-threat-protection"}]},{"title_l10n":"Value calculator","_metadata":{"uid":"cs2d4170dce7f39ad5"},"url":"/security/value-calculator","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"csce035df42beb2608"},"url":"https://www.elastic.co/guide/en/security/current/index.html","level_4":[]}],"unlisted":[]},{"title_l10n":"Security Labs","_metadata":{"uid":"csf6824d930aad376a"},"url":"/security-labs","level_3":[{"title_l10n":"About","_metadata":{"uid":"csb2589ed0d7b2a427"},"url":"/security-labs/about","level_4":[]},{"title_l10n":"Topics","_metadata":{"uid":"cse25a23f2a3af802a"},"url":"","level_4":[{"title_l10n":"Security Research","_metadata":{"uid":"cs7b629f746bd8afc2"},"url":"/security-labs/security-research"},{"title_l10n":"Malware Analysis","_metadata":{"uid":"cs2f3f082807873a63"},"url":"/security-labs/malware-analysis"},{"title_l10n":"Campaign","_metadata":{"uid":"cs1efed0ff19b6cb7d"},"url":"/security-labs/campaign"},{"title_l10n":"Groups \u0026 Tactics","_metadata":{"uid":"csb10dafb9c8538737"},"url":"/security-labs/groups-and-tactics"},{"title_l10n":"Detection Science","_metadata":{"uid":"csed887fc3ed3cacf6"},"url":"/security-labs/detection-science"}]},{"title_l10n":"Vuln updates","_metadata":{"uid":"csdc16bf239e9db7a9"},"url":"/security-labs/vulnerability-updates","level_4":[]},{"title_l10n":"Reports","_metadata":{"uid":"cs9f95eb60b65c9ec6"},"url":"/security-labs/reports","level_4":[]},{"title_l10n":"Tools","_metadata":{"uid":"cs424a38936637b3fb"},"url":"/security-labs/tools","level_4":[]}],"unlisted":[]},{"title_l10n":"Support","_metadata":{"uid":"cs32a26731618404a3"},"url":"/support","level_3":[{"title_l10n":"Support matrix","_metadata":{"uid":"csf95633f0f6b12cc7"},"url":"/support/matrix","level_4":[]},{"title_l10n":"Submit ticket","_metadata":{"uid":"cs7977b44b540d7211"},"url":"https://support.elastic.co/","level_4":[]}],"unlisted":[]},{"title_l10n":"Training","_metadata":{"uid":"csa5adc240a715c659"},"url":"/training","level_3":[{"title_l10n":"Private","_metadata":{"uid":"csb2c5866403d9a976"},"url":"/training/private-training","level_4":[]},{"title_l10n":"Subscriptions","_metadata":{"uid":"cs4303c8ed367f3d2b"},"url":"/training/subscriptions","level_4":[]},{"title_l10n":"Certifications","_metadata":{"uid":"csaf4321a2ffd12544"},"url":"/training/certification","level_4":[]},{"title_l10n":"Schedule","_metadata":{"uid":"cs03d21c9ad4b35af1"},"url":"/training/schedule","level_4":[]},{"title_l10n":"FAQ","_metadata":{"uid":"cscb69ba6d9cbf9d6c"},"url":"/training/faq","level_4":[]}],"unlisted":[]},{"title_l10n":"Use cases","_metadata":{"uid":"cse0705b3c33d28245"},"url":"/explore","level_3":[{"title_l10n":"Key topics","_metadata":{"uid":"csceafd77b846bc398"},"url":"","level_4":[{"title_l10n":"Power of Elastic","_metadata":{"uid":"cs6d22610e017ebb12"},"url":"/explore/succeed-with-power-of-elastic"},{"title_l10n":"Improving digital customer experiences","_metadata":{"uid":"csdfc902ad0d1715b4"},"url":"/explore/improving-digital-customer-experiences"},{"title_l10n":"Evolving the DevOps lifecycle","_metadata":{"uid":"csb48ace3e2e1fc0c1"},"url":"/explore/devops-observability"},{"title_l10n":"Security without limits","_metadata":{"uid":"csfba99822996d03cf"},"url":"/explore/security-without-limits"}]},{"title_l10n":"Industry","_metadata":{"uid":"cs9857d2f16dc7d396"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"csc66e758d15ae6bdf"},"url":"/industries"},{"title_l10n":"Public Sector","_metadata":{"uid":"cs2a9e6c29d73574ce"},"url":"/industries/public-sector"},{"title_l10n":"Financial services","_metadata":{"uid":"cs69a77a95be8ae670"},"url":"/industries/financial-services"},{"title_l10n":"Telecommunications","_metadata":{"uid":"cs442027d0d054f2f5"},"url":"/industries/telecommunications"},{"title_l10n":"Healthcare","_metadata":{"uid":"cs41f069ee8826f3cc"},"url":"/industries/healthcare"},{"title_l10n":"Technology","_metadata":{"uid":"cs10d2a61d7bf2dfea"},"url":"/industries/technology"},{"title_l10n":"Retail and ecommerce","_metadata":{"uid":"csfd0f8c6ead313dba"},"url":"/industries/retail-ecommerce"},{"title_l10n":"Media and entertainment","_metadata":{"uid":"cs24a39eb8ab182103"},"url":"/industries/media-entertainment"},{"title_l10n":"Manufacturing and automotive","_metadata":{"uid":"csea5e7766a5458ef5"},"url":"/industries/manufacturing"}]}],"unlisted":[]},{"title_l10n":"Observability Labs","_metadata":{"uid":"cs311ec910bc2c0842"},"url":"/observability-labs","level_3":[{"title_l10n":"About","_metadata":{"uid":"cs48c8c88ed6540a13"},"url":"/observability-labs/about","level_4":[]},{"title_l10n":"Topics","_metadata":{"uid":"cs39efd75bc1968340"},"url":"","level_4":[{"title_l10n":"Topic 2","_metadata":{"uid":"cs1a209b9755f3df0f"},"url":"/observability-labs/topic-2"},{"title_l10n":"Topic 3","_metadata":{"uid":"cs11a1889686d577b4"},"url":"/observability-labs/topic-3"}]}],"unlisted":[]}],"tags":[],"title":"Sub Navigation","updated_at":"2025-03-11T14:34:07.364Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2025-03-11T14:34:13.344Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1],"translateContentRedesign":[[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}],75],"blogCategoryDetail":[[{"uid":"blt79ab512346c0eec7","_version":12,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-09-24T00:29:13.783Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_elastic_stack":[],"tags_topic":[]},"footer_cta_reference":[],"gallery":{"title_l10n":"More on Tech Topics"},"hero":[{"uid":"bltab2d957fab7fcfb1","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_stack":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Tech Topics","updated_at":"2024-06-12T15:57:19.637Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/technical-topics","publish_details":{"time":"2024-10-16T12:24:16.366Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0b8a092baa2d643f","_version":39,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2021-09-21T18:30:40.097Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Customers","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_topic":[],"tags_elastic_stack":[{"uid":"blt6f3b5313b04c2729","_content_type_uid":"tags_elastic_stack"}]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on customers"},"hero":[{"uid":"blt2b94c476a7e69ac9","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_stack":[{"_content_type_uid":"tags_elastic_stack","_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Customers","updated_at":"2024-05-07T16:27:28.325Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/customers","publish_details":{"time":"2024-10-16T12:22:32.272Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte4a5ee5e2481c636","_version":9,"locale":"en-us","ACL":{},"carousel":[],"category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2021-09-21T18:32:10.309Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_elastic_elk_stack":[],"tags_topic":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on company news"},"hero":[{"uid":"blt11b85590199dd40d","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_elk_stack":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Company news","updated_at":"2024-04-25T19:56:48.937Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/company-news","publish_details":{"time":"2024-10-16T12:32:14.544Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt77601f62cf0c6252","_version":16,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2018-11-22T06:22:22.201Z","created_by":"sys_blt57a423112de8a853","display_latest_blog_posts":true,"featured_blog":{"author":[],"category":[],"featured_blog":[],"topic_heading_l10n":"","tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"Releases"},"hero":[{"uid":"blt244541ff164d2b1c","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Releases","updated_at":"2024-04-25T19:42:34.910Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/releases","publish_details":{"time":"2024-10-16T12:27:14.782Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt957ce7a950db551e","_version":32,"locale":"en-us","ACL":{},"carousel":[{"icon":{"_version":1,"is_dir":false,"uid":"bltfd50cc17d6fa3667","ACL":{},"content_type":"image/svg+xml","created_at":"2021-01-26T11:54:03.941Z","created_by":"blt3e52848e0cb3c394","file_size":"1836","filename":"enterprise-search-logo-color-32px.svg","tags":[],"title":"enterprise-search-logo-color-32px.svg","updated_at":"2021-01-26T11:54:03.941Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.769Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfd50cc17d6fa3667/601002db96de49101cfb4c30/enterprise-search-logo-color-32px.svg"},"_metadata":{"uid":"cs9314448a9b4c9a83"},"title_l10n":"Search","tags_use_case":["blt10eb11313dc454f1"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Search","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Search"}},{"icon":{"_version":1,"is_dir":false,"uid":"blta89419c24b753828","ACL":{},"content_type":"image/svg+xml","created_at":"2021-07-19T08:04:15.433Z","created_by":"blt63e521894b971259","file_size":"401","filename":"observability-color.svg","parent_uid":null,"tags":[],"title":"observability-color.svg","updated_at":"2021-07-19T08:04:15.433Z","updated_by":"blt63e521894b971259","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.740Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta89419c24b753828/60f531ff3f40e5481e85a752/observability-color.svg"},"_metadata":{"uid":"cs6bc3a97a635d5697"},"title_l10n":"Observability","tags_use_case":["blt8a7a5ea52ac5d888"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Observability","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Observability"}},{"icon":{"_version":1,"is_dir":false,"uid":"blte046ae7d78156afb","ACL":{},"content_type":"image/svg+xml","created_at":"2021-01-26T20:54:17.021Z","created_by":"blt3e52848e0cb3c394","file_size":"991","filename":"security-logo-color-32px.svg","tags":[],"title":"security-logo-color-32px.svg","updated_at":"2021-01-26T20:54:17.021Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.755Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte046ae7d78156afb/601081790839e910126d7653/security-logo-color-32px.svg"},"_metadata":{"uid":"csdffb4405d5195ea7"},"title_l10n":"Security","tags_use_case":["blt569b48df66a9ba5d"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Security","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Security"}}],"category":[],"created_at":"2021-09-21T18:39:20.131Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":""},"hero":[{"uid":"bltafc1a9945479fe16","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Solutions","updated_at":"2024-04-25T19:41:39.446Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/solutions","publish_details":{"time":"2024-10-16T12:28:16.626Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte470cd0f47832b94","_version":28,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-09-21T18:33:05.397Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on culture"},"hero":[{"uid":"blt40f02945da0d4949","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Culture","updated_at":"2024-04-25T19:37:36.516Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/culture","publish_details":{"time":"2024-10-16T12:25:56.276Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt98f03da8444253c4","_version":19,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2023-06-21T20:59:14.074Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":6,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[{"title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration","_metadata":{"uid":"csd06fb2a856adee86"}}],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2025-03-17T09:05:02.976Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2025-03-17T09:05:05.600Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on Generative AI"},"hero":[{"uid":"bltbcfe080c422717bb","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[{"uid":"blt99b075caf3df4ca7","_content_type_uid":"tags_topic"}],"tags_use_case":[],"title":"Blog Category - Generative AI","updated_at":"2024-04-25T19:36:28.188Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/generative-ai","publish_details":{"time":"2024-10-16T12:29:57.776Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt47677f49600645bd","_version":33,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2021-09-24T16:08:27.777Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[],"gallery":{"title_l10n":"More on Elastic Stack + Cloud"},"hero":[{"uid":"blt44ed576d81624808","_content_type_uid":"hero"}],"main_header":{"topic_heading_l10n":"","title_l10n":"Elastic Stack + Cloud","subtitle_l10n":"","paragraph_l10n":"\u003cp\u003eLearn more about the Elastic Search Platform, including Elasticsearch, Kibana, and Elastic Cloud.\u003c/p\u003e"},"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"title":"Blog Category - Stack + Cloud","updated_at":"2024-02-26T10:57:21.311Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/category/stack-cloud","publish_details":{"time":"2024-10-16T12:31:22.574Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],8],"gdprData":{"ip":"44.246.198.213","country_code":"US","city":"boardman","in_eu":false,"lang":"*"},"contentFound":true,"__N_SSP":true},"page":"/default_detail","query":{},"buildId":"Vl2WrvhD4hELkCAgiQD_z","runtimeConfig":{"public":"public","env":"production"},"isFallback":false,"gssp":true,"customServer":true,"appGip":true,"scriptLoader":[]}</script></body></html>