The official Go client for Elasticsearch is one of the latest additions to the family of clients developed, maintained, and supported by Elastic. The initial version was published early in 2019 and has matured over the past year, gaining features such as retrying requests, discovering cluster nodes, and various helper components. We also provide comprehensive examples to facilitate using the client.

We recently released our new training Quick Start guides for the products in the Elastic Enterprise Search solution: Elastic Workplace Search and Elastic App Search. Each product is built on the Elastic Stack, so you can enjoy its speed, scale, and relevance without the heavy development and maintenance requirements of building your own search solution. Each 15-minute video tutorial provides everything you need to start creating powerful search experiences for your workplace, websites, and apps.

Elastic Cloud Enterprise (ECE) makes it easy to manage your Elastic Stack deployments, just like role-based access control (RBAC) makes it easy to manage your users. Combining the two can really make an administrator's life much simpler. The intent of this blog post is to provide instructions for configuring a SAML realm for RBAC in ECE environments where Auth0 is used as an identity provider (IdP).

In our blog post on structuring Elasticsearch data with grok on ingest for faster analytics, we took a look at how to structure unstructured data on ingest (schema on write) to make sure your analytics run at near real time. Speed like that can help take your observability use cases to the next level. In this article, we’re going to build on what we learned by incrementally creating a new grok pattern from scratch!

Being able to easily monitor the health of all your sites and services from multiple global locations is a powerful tool for site reliability. However, no one wants to sit and stare at a status dashboard all day. Naturally, teams want to be alerted when there is an issue. We can do that with alerting in Kibana. And when coupled with Elastic machine learning, alerts can be automatically generated from anomalies that are automatically detected. That’s the power of Elastic Observability.

Elastic Cloud recently introduced full FedRAMP authorization at the Moderate Impact level on AWS GovCloud (US). This brings the speed, simplicity, and security of Elastic Cloud to federal organizations and other customers in highly regulated environments. If you're a new or existing user who handles data for a US federal, state, or local government entity — or an educational institution — you can sign up for Elastic Cloud on AWS GovCloud (US) today.

This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments.

As many organizations have migrated their infrastructure, applications, and data to cloud offerings, adversaries have extended their operational capabilities in cloud environments to achieve their mission — whether that means stealing intellectual property, disrupting business operations, or holding an organization’s data for ransom.

We are pleased to announce the general availability of Elastic 7.9. This release brings a broad set of new capabilities to our Elastic Enterprise Search, Observability, and Security solutions, which are built on the Elastic Stack — Elasticsearch, Kibana, Logstash, and Beats.

In Elasticsearch 7.9, we’ll be introducing a new “wildcard” field type optimised for quickly finding patterns inside string values. This new field type addresses best practices for efficiently indexing and searching within logs and security data by taking a whole new approach to how we index string data. Depending on your existing field usage, wildcards can provide: The most exciting feature of this new data type is its simplification of partial matches.

KubeCon Europe 2020 is virtual this year, and Elastic is doing our part to help "keep cloud native connected." We would rather be there in person to shake hands, tell stories, and laugh, but the challenges of a virtual conference also provide the opportunity to share great content and materials that we might not be able to at a crowded booth.

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

In the world of containers and Kubernetes, observability is crucial. Cluster administrators need visibility into the infrastructure and cluster operators need to know the status of their workloads at any given time. And in both cases, they need observability into moving objects. This is where Metricbeat and its autodiscover feature do the hard part for you.

In this blog, I will walk you through the process of configuring both Filebeat and Zeek (formerly known as Bro), which will enable you to perform analytics on Zeek data using Elastic Security. The default configuration for Filebeat and its modules work for many environments; however, you may find a need to customize settings specific to your environment.

The core responsibility of the UK's Driver and Vehicle Licensing Agency (DVLA) is to maintain more than 48 million driver records, more than 40 million vehicle records, and to collect approximately £6 billion ($7.75 billion) a year in Vehicle Excise Duty. The agency is at the forefront of public digital services, and has made significant progress in transforming its IT systems into new cloud-based platforms.

In the world of IT, availability can mean a lot of things. Your website is available if it is up, responding in a timely manner, sending the correct headers, and serving a valid certificate. Your network is available if the correct hosts are online, responding to ICMP pings, and responding to TCP requests on specific ports. Your API endpoint is available if it returns the correct values when sent specific requests.

Welcome to another blog in our series on cost management and optimisation in Elasticsearch Service. In previous installments, we looked at hot-warm architecture and index lifecycle management as ways of managing the costs associated with data retention and at managing replicas as a means of optimising the structure of your Elasticsearch Service deployment. Be sure to check out the other blogs in the series for additional tips to help you as you build out your deployment.