OpenSearch is a powerful, open-source analytics and search engine that can be utilized to construct custom search solutions for a broad variety of applications, from websites to enterprise-level systems. It enables flexible search and indexing abilities, making it suitable for a range of uses, a great example of this is scalability. OpenSearch is designed for horizontal scalability, enabling organizations to input additional nodes to their cluster as data volumes and query loads increase.

Coming back from August holidays, I felt the need to take a hard look at what OnlineOrNot does, and keep improving it.

Like many companies, earlier this year we saw an opportunity with LLMs and quickly (but thoughtfully) started building a capability. About a month later, we released Query Assistant to all customers as an experimental feature. We then iterated on it, using data from production to inform a multitude of additional enhancements, and ultimately took Query Assistant out of experimentation and turned it into a core product offering.

In Part 1 of this series, we talked about some challenges with building sufficient coverage for detecting security threats. We also discussed how telemetry sources like logs are invaluable for detecting potential threats to your environment because they provide crucial details about who is accessing service resources, why they are accessing them, and whether any changes have been made.

With just 30 employees, Sentry Software might be considered a small company, but they’re prioritizing sustainability in a big way. As the makers of Hardware Sentry, an IT monitoring software, a large part of their business relies on maintaining optimal temperature conditions at their data centers — an operation that contributes to the company’s overall carbon footprint.

Looking at your IT environment, you probably have various machines and applications connected to your networks. From network devices to servers to laptops, you need to know what’s happening at all times. While your log data provides the monitoring information you need, your environment’s diversity makes aggregating and correlating this information challenging. If your company invested in Windows devices, then your struggle is even more real because Microsoft uses proprietary format.

For many IT organizations, triaging or troubleshooting starts with assessing symptoms. As practitioners investigate the causal factors by answering each of the “5 whys,” logs are often where the actual root cause answers lie. This is even more true for issues related to configuration changes, change management, and security. However, diving into log data can be overwhelming as a first step due to the high volume and velocity of logs and missing context.

Elastic Observability is the premiere tool to provide visibility into web apps running in your environment. AWS App Runner is the serverless platform of choice to run your web apps that need to scale up and down massively to meet demand or minimize costs. Elastic Observability combined with AWS App Runner is the perfect solution for developers to deploy web apps that are auto-scaled with fully observable operations, in a way that’s straightforward to implement and manage.

In today’s world of relentless data growth, security-relevant logs represent a small snapshot of an organization’s overall environment. Teams are beset with a variety of data types, including performance metrics and traces, asset configuration and state, audit logs, and much more. On top of that, teams are expected to scan all of this to compare against industry best practices and join this data with logs and metrics for added context.