SUMMARY

Building on the widely used open-source product line of ElasticSearch, Logstash and Kibana ("ELK"), Elastic has added features for intelligent analysis of incoming data. The product is positioned as a platform, on which users can build customizations for their specific use cases.

The platform targets the following uses cases:

  • Anomaly detection through machine learning (based on defition of time series and influence factors)
  • Correlating different data streams to detect root causes
  • Detecting security events

There are preconfigured recipes for some uses cases, such as:

  • Response code changes in web logs
  • System metric changes, e.g. CPU
  • DNS Tunneling
  • Suspicious Process Activity
  • HTTP data exfiltration
  • Suspicious Login Activity

Elastic is listed in the Gartner "Hype Cycle IT for Performance Analysis" (July 2018), in the AIOps category. The vendor is also listed in the the Gartner Market Guide for AIOps (Nov 2018).