Below are my interpretation of the sessions.  Elastic{ON} will release the sessions on video later.  Apologies to the presenters for anything I got wrong. Just trying to provide some information as best I can.

Keynote:

  • Started off with someone doing ballet dancing with lights on them representing data injection.  There will be a session later on the making of this.
  • Then they talked about passing 100 million downloads.
  • Then into value of Open Source.  Making an easy distributed system is complex.  The challenges of keeping the products in sync.  Releasing at the same time.
  • They did mention that they have been working with apache (since Elastic is Lucent) to add numbers, where previously it was focused on reversed index for text. 
  • They also got dropped from MapQuest (getting too popular) and so they developed their own mapping in the cloud free.  Need to check on that. 
  • Their addition of hearbeat (we need to follow up on logstash new performance data going to Kibana).  See Beats in depth discussion for more heartbeat information.
  • Onto beats.  Module design. Filebeat redesign based on metric beats work (modules).  They are talking about how they can issue the filebeat command and it looks like everything to display nginx data in Kibana gets installed.  That is different.  Now they are going to install the "system" module.  Decent dashboard.  Gets installed just like the metricbeats gets installed.  It is like installing an app (Splunk terminology).  For example, with syslog, you get geolocation, word map, and of course the event graph. 
  • In a few weeks in 5.3 will be released.  That will be a good addition.  The idea is that modules is their version of apps.  Now they are talking about how the community can help build these modules.  It is the same concept.
  • Now visualization and embedded timelion.  This is more about metrics, which is a bit of a different beast that we don't use in the traditional way.  We will if we move towards ITSD data monitoring and BI.
  • Prelert was discussed.  It will be embedded.  You kind of have to see it.  Later talks will go into details.

 

Laptop died at this point.  I will have to go by memory.  At this point I moved from table.  Talked with Matt Campbell, Elastic federal sales, during the presentation.

  • Elasticsearch SQL.  Will provide SQL query capabilities. Matt and I discussed two important elements:
    • Allows Elastic to interface with SQL databases easily and natively moving the data for use with Elastic.  Think BI as we combine data.
    • Helps people coming from a SQL background transition to Elastic.
    • Matt was saying a lot of work has gone into this and expect it to be released very soon (next two months).
  • Kibana visualization: very nice.  This also add BI to Kibana and will align very nicely with Elasicsearch SQL.
  • Enterprise Cloud: private and public.  Very nice interface.  Would allow easy management.  Also, can be applied to both private and public.  Treats them as different clusters. 
  • A bunch of stuff on charities and good works. Humanitarian awards. 
  • Current CEO stepping down and giving reigns over to second.  Probably best.  Tech people are not often the business people.  Though second is good tech, but he is very good business.
  • I skipped out on IBM (major sponsor) talking about Watson using Elastic.  Makes sense.  Since he was talking about IBM Watson and I do not plan on using it.

 

After that it came down to detail discussions on changes in each product. 

 

What’s Evolving in Elasticsearch?

Pretty much missed this talk.  I was talking to Matt Cambell, federal sales representative.  was introduced to some of the folks at Elastic.  We talked about Elastic SQL and Kibana Visualization.  How it moves Elastic towards BI and being a business production system.  I mentioned how management up and down the chain wants a dashboard with different views into business.  Different views, level, and data focus from each other and the SOC.  These two elements would make bringing that to being so much easier.

 

What is Cookin’ in Kibana?

  • Heatmap  be in 5.2 Kibana. Any data.
  • Tribe support.  Advance monitoring 14 charts. Logstash monitoring (5.1) Cgroup support search profiler UI (5.1.1). 
  • Tile maps 28 zoom levels.  Cool. 50℅ performance improvement in 5.1.1. They will need it with prelert coming.
  • Coming in Kibana: unified enhanced query bar. Export to CSV visualization: top hit aggregation (group find), many chary improvements. Enhanced tilemaps with geo-centroud support, vector maps, pivot table, time series builder.
  • Watcher UI. That is good. Include testing. Cluster alerts on overview page. Logstash pipeline monitoring (visual). That is cool.
  • Change from Angular.js to be replaced. React (UI code)
  • Stateless react compliance Sass. Styled by Sass out of box

 

What’s Brewing in Beats?

  • Beats. From previous talk, the framework and compartmentalization. This allowed them to redo logstash. They now use modules that make it more like a Splunk app. So it seems Kibana dashboard gets added. Or maybe it is installed in Kibana by default. The point in showing dashboard to demo data parsing. He did state "added their"
  • You can profile go programs with metric beats. Docker metrics using cgroup metrics and Docker API. Cgroup works beyond docker (adv). Run metricbeat in a co Rainer.
  • Adding monitoring network connections using graph.
  • Heartbeat could help ops replacing maybe tools like CheckMK.  Plus, it would get the data into Elastic where security could tap into it. Security gets full view of organization operations while gets same if not better function.
  • Also integrate in cloud.
  • Central monitoring for beats monitoring servers.
  • Enable more security use case. So they are paying attention adding in event monitoring to metricbeat for example.
  • Central configuration. Fix things. That is for the future.

 

That is about it.  Securitymonks avoid alcohol, because "Securitymonks Gone Wild" is not a video anyone wants to see.  The evening social was skipped as we went back to humbly work in our room.