Operations | Monitoring | ITSM | DevOps | Cloud

I have a confession to make. I was going to use this blog to wax poetically about the flaw inherent in the well-established notion of the Three Pillars of Observability. I was going to argue that a fourth pillar was badly needed: topological metadata. In other words, without annotating each data stream across the three common data types with a pointer to where that data in the deployment topology was coming from, all you have is a lot of data with no chance of making sense of it.

Hidden among your normal, everyday logs are any number of unexpected events and anomalies. These events can provide key insights when troubleshooting problems, tracing transactions, or monitoring performance and behavior. However, finding them can be challenging, especially if you’re unsure of what, or how, to look for them. Searching for unexpected events involves more than just searching for keywords like “error” or “critical”.

This release unifies views, dashboards, and search for a more flexible and comprehensive approach to threat hunting. The expanded search introduces greater efficiency by making it easier to reuse searches you need to run on a regular basis with saved search and search workflows. Other enhancements such as full screen dashboards, and updates to alerting round out v3.2.

A sequel to our first post, Automating the installation of Elastic Cloud Enterprise with Ansible, this blog shows how to extend automation to cloud provisioning with Terraform. In the first post, we detailed how to deploy and configure Elastic Cloud Enterprise (ECE) across three availability zones in AWS using Ansible. However, the provisioning of the underlying EC2 instances and configuration of the security groups was all manual.

The Elastic Common Schema (ECS) defines a common set of fields for ingesting data into Elasticsearch. A common schema helps you correlate data from sources like logs and metrics or IT operations analytics and security analytics. Further information on ECS can be found in the official Elastic documentation, GitHub repository, or the Introducing Elastic Common Schema article.

In 2010, cloud computing just started to lead the IT revolution. It’s 2020 and the cloud is already mainstream. If you’re not running your business in virtual yet, you’re missing out on huge profit opportunities and capabilities that the cloud has to offer. Adopting a cloud strategy brings better security, increased stability and overall greater flexibility for your organization.

Howdy Splunkers, I’m back and this time I’m packin’ a serious punch. I’m so excited to announce the availability of my new IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting.

When an application in a Docker container emits logs, they are sent to the application’s stdout and stderr output streams. The container’s logging driver can access these streams and send the logs to a file, a log collector running on the host, or a log management service endpoint. In this post, we’ll explain how the driver you choose—and how you configure it—influences the performance of your containerized application and the reliability of your Docker logging.