KubeCon Europe 2020 is virtual this year, and Elastic is doing our part to help "keep cloud native connected." We would rather be there in person to shake hands, tell stories, and laugh, but the challenges of a virtual conference also provide the opportunity to share great content and materials that we might not be able to at a crowded booth.

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

In the world of containers and Kubernetes, observability is crucial. Cluster administrators need visibility into the infrastructure and cluster operators need to know the status of their workloads at any given time. And in both cases, they need observability into moving objects. This is where Metricbeat and its autodiscover feature do the hard part for you.

In this blog, I will walk you through the process of configuring both Filebeat and Zeek (formerly known as Bro), which will enable you to perform analytics on Zeek data using Elastic Security. The default configuration for Filebeat and its modules work for many environments; however, you may find a need to customize settings specific to your environment.

The core responsibility of the UK's Driver and Vehicle Licensing Agency (DVLA) is to maintain more than 48 million driver records, more than 40 million vehicle records, and to collect approximately £6 billion ($7.75 billion) a year in Vehicle Excise Duty. The agency is at the forefront of public digital services, and has made significant progress in transforming its IT systems into new cloud-based platforms.

In the world of IT, availability can mean a lot of things. Your website is available if it is up, responding in a timely manner, sending the correct headers, and serving a valid certificate. Your network is available if the correct hosts are online, responding to ICMP pings, and responding to TCP requests on specific ports. Your API endpoint is available if it returns the correct values when sent specific requests.

Welcome to another blog in our series on cost management and optimisation in Elasticsearch Service. In previous installments, we looked at hot-warm architecture and index lifecycle management as ways of managing the costs associated with data retention and at managing replicas as a means of optimising the structure of your Elasticsearch Service deployment. Be sure to check out the other blogs in the series for additional tips to help you as you build out your deployment.

As well as being a search engine, Elasticsearch is also a powerful analytics engine. However, in order to take full advantage of the near real-time analytics capabilities of Elasticsearch, it is often useful to add structure to your data as it is ingested into Elasticsearch. The reasons for this are explained very well in our schema on write vs. schema on read blog post, and for the remainder of this blog series, when I talk about structuring data, I am referring to schema on write.

This post is a brief summary of a presentation I gave recently where I deploy Elastic App Search, show off the ease of setup, data indexing, and relevance tuning, and take look at a few of the many refined APIs. It’s also written up in a codelab with step-by-step instructions for building a movies search engine app using Python Flask. The app will work on desktop or mobile and is a fast, simple, and reliable way to query the information.

This is part of our series on cost management and optimization in Elasticsearch Service. If you’re new to the cloud, be sure to think about these topics as you build out your deployment. If you are yet to start, you can test out the content here by signing up to a 14-day free trial of Elasticsearch Service on Elastic Cloud.