We are pleased to announce the general availability of Elastic 7.9. This release brings a broad set of new capabilities to our Elastic Enterprise Search, Observability, and Security solutions, which are built on the Elastic Stack — Elasticsearch, Kibana, Logstash, and Beats.
I have recently been heads-down working on a large Splunk Cloud PoV (20+ TB / day), and the customer asked if Splunk supported their forwarding technology called Vector. I had never heard of Vector, so I took a note to do further research. I couldn’t find anyone else at Splunk who had seen this technology before, so I embarked on a little research project. What I discovered surprised me—Vector is actually fairly powerful, and cool!
One question I get asked frequently is “how can I get deeper insight and audit correlation searches running inside my environment?” The first step in understanding our correlation searches, is creating a baseline of what is expected and identify what is currently enabled and running today. Content Management inside Splunk Enterprise Security is a quick way to filter on what is enabled (and it’s built into the UI and works out of the box).
The stats overview page that we launched in June was very well received. We have followed up on this and developed a similar idea for downtime logs. This went live on Friday and shows downtime records for all your monitors in one place.
With more engineering teams adopting Kubernetes as their container orchestration platform, new challenges emerge in giving your entire team visibility into Kubernetes for monitoring, debugging, and deployment. We’ve heard consistent feedback from developers and infrastructure teams about the observability gaps that exist between underlying Kubernetes infrastructure and deployed services.
Things have been busy with the Loki project! Once again, we waited too long between releases, and there are so many new things I won’t be able to list them all. But that won’t stop me from trying, so let’s get to it. For a change of pace, instead of listing interesting PRs, I’m going to talk through Loki’s components and mention the changes in more of a paragraph style. Let’s see how this goes.
We have been busy adding new features to our growing list of abilities. Logz.io Cloud SIEM is no exception. Throughout 2020 we have been enriching our security incident and event management tool, refining threat intelligence, adding new dashboards, and improving the user experience to ensure there’s an eagle’s-eye view of the security challenges that organizations face. Here are a few of those updates that we have recently put to production.
It is tempting to consider logging as a simple, solved problem. We write a log, check our file and, boom, we’ve cracked it. Yet those of us who have sat up at three in the morning, trawling through log files over an unreliable SSH connection, know that this is simply not enough. As your system scales, so too must the sophistication of your tooling. Your logging best practices must be scalable and ready to support your efforts.
Log files, which are the records of everything that has happened in your server, application, or framework, are generally unfiltered and huge. Going on for pages, these plain text files are packed with tons of information and are the initial go-to place for any troubleshooting. However, the challenge lies in reading, understanding, and interpreting log files, and ultimately pulling out the right piece of information required for analysis.
