Updating Elastic Agents is usually straightforward—unless you’re working in a secure, air-gapped environment where machines can’t access the internet (and so, the Elastic Artifact Repository). That was exactly our challenge. We needed a way to keep Elastic Agents up to date across a fleet of systems, without exposing production servers to the outside world. Following…
Read MoreLately I’ve been receiving more and more inquiries about whether we can integrate OpenTelemetry into our NetEye system, and what the analysis would look like. For this reason, I’d like to use this article to briefly describe the range of features we offer with our NetEye Elastic APM solution. In today’s fast-paced digital landscape, ensuring…
Read MoreAt Würth Phoenix, we’re no strangers to the ever-evolving world of technology. As part of our continuous innovation process and culture, we’ve been enhancing our user guide to support Elasticsearch’s ELSER model for semantic search. The goal is to improve the efficiency and accuracy of our searches, powered by machine learning. However, in typical developer…
Read MoreAs traffic to applications deployed on OpenShift grows, it’s essential to gain visibility into the flow of data entering your cluster. Monitoring this incoming traffic helps administrators maintain optimal performance, reduce security risks, and quickly resolve any emerging issues. Enabling Logging All traffic directed to an OpenShift Route is routed through a designated set of…
Read MoreWhen designing an Elasticsearch architecture, choosing the right storage is crucial. While NFS might seem like a convenient and flexible option, it comes with several pitfalls when used for hosting live Elasticsearch data (hot, warm, cold, and frozen nodes). However, NFS proves to be an excellent choice for storing snapshots and searchable snapshots. Here’s why….
Read MoreElastic Agents are flexible and powerful tools used within the Elastic Stack for collecting and shipping logs, metrics, and other data to Elasticsearch. However, the headers they use can vary depending on whether they are running in “normal” mode or acting as a Fleet Server. Let’s explore these differences. Note that a fleet server is…
Read MoreIn a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…
Read MoreIf you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…
Read MoreWhen monitoring Kubernetes clusters using Elastic Stack, the volume of logs can be overwhelming, often reaching gigabytes per minute. This is particularly true for OpenShift clusters, where significant traffic originates from system namespaces you might not be familiar with. Optimizing log collection becomes crucial for maintaining system efficiency and resource utilization. Success in this endeavor…
Read MoreIn a previous post we went through the configuration of Elastic Universal Profiling in NetEye, seeing how we can profile applications written in programming languages that do not compile to native code (for example Python, PHP, Perl, etc.) But what happens if the application is written for example in C, Go or Rust? Let’s take…
Read MoreElastic 8.16, which comes with NetEye 4.39, made Elastic Universal Profiling generally available for self-hosted installations. This means that NetEye SIEM installations will now be able to take advantage of the continuous profiling solution by Elastic. In this blog post we’ll explain what you can achieve with continuous profiling, and how you can configure it…
Read MoreLogs should be centralized, easily accessible, and independent from the monitored objects. Therefore, it’s advisable not to rely solely on the built-in monitoring system of OpenShift; instead, consider using an additional external monitoring solution. In this article, we’ll explore how to monitor an OpenShift cluster using Elastic Stack. Installing the Integration Since OpenShift is entirely…
Read MoreRecently, I had the opportunity to take the Elastic Observability Engineer certification exam by Elastic. I’d like to share my experience, the challenges I faced, and some tips for anyone considering this path. What to Expect from the Exam The exam primarily focuses on practical skills in using the Elastic Stack for monitoring and observing…
Read MoreWhen deploying Elastic Agents, the method of installation can affect the configuration of the systemd service file. Specifically, .tgz deployments of Elastic Agents include the line EnvironmentFile=-/etc/sysconfig/elastic-agent in their systemd configuration (elastic-agent.service). However, Elastic Agents installed on NetEye nodes via RPM packages do not include this line in the EnvironmentFile by default. Adding the EnvironmentFile on NetEye Nodes To…
Read MoreWe all know that NetEye Upgrades are boring activities. Upgrading is important and useful because it brings you bug fixes and new features, but nonetheless it’s extremely expensive in terms of time. The most boring, tiring and lengthy part is when you restart NetEye Services; if you have the SIEM Module installed, the time spent…
Read More