Said – “Through The Lens of Github, Mozilla, Wikipedia” – “Key Metrics that will make your projects more successful” – Elas4csearch & .NET • I’m Going to Go Off-‐Script – ELK Stack – Live Demo – Fun Use Cases! – Awesome stuff in the Roadmaps (we have many) – A Tale of Two .NET Clients
really good at parsing logs (shocking!) – Other sources too • Files, Queues, Messages, Databases, etc – Hundreds of plugins • Transform and Enrich – GROK – IP -‐-‐> Geospa4al – Conver4ng to JSON is very popular • Output to Many Des4na4ons – Databases, Dashboards, Elas4csearch … – many others
Naviga4on – Human Language – Unstructured Data – Rich Syntax • Analy4cs – Real Time – Significant Terms – En4ty Oriented Indexing – Make data available to the whole organiza4on – Use ELK to figure out what ques4ons to start asking
– 300 Million events per day • Amackers – Innova4ve – Real Time – Adap4ve • Exis4ng SIEM op4ons – Closed Systems – Proprietary – Lack of API’s & Endpoints • Solu4on: built their own – Mozilla Defense Pla€orm – Open Source SIEM overlay for Elas4csearch
B prefix searches / month • 870 M text searches / month • Real Time – Rewards Contributors – Fixes Vandalism • Plugins – Contributed many • Expressive Syntax – Fix search without redeployment of search infrastructure • No Down4me Management – Aliases
• Understand Distributed Systems lingo / invarients – “Master” =/= “Primary” – Don’t model your data rela4onally • Read the book – HTML version of O’Reilly book is on Elas4c.co > Learn (Elas4csearch – The Defini4ve Guide) … it’s really good • It’s not a silver bullet – No Such Thing As a Free Lunch