Blog entries by technology: elastic

30. 12. 2024 Alessandro Taufer DevOps, Log-SIEM

Configure Kubernetes Index Lifecycle Policies in Elastic Stack

If you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…

Read More
30. 12. 2024 Alessandro Taufer DevOps, Log-SIEM

Optimizing Log Collection in Kubernetes/OpenShift with Elastic Stack

When monitoring Kubernetes clusters using Elastic Stack, the volume of logs can be overwhelming, often reaching gigabytes per minute. This is particularly true for OpenShift clusters, where significant traffic originates from system namespaces you might not be familiar with. Optimizing log collection becomes crucial for maintaining system efficiency and resource utilization. Success in this endeavor…

Read More
27. 12. 2024 Damiano Chini APM, Development, Log-SIEM, NetEye

Elastic Universal Profiling – Profiling native code

In a previous post we went through the configuration of Elastic Universal Profiling in NetEye, seeing how we can profile applications written in programming languages that do not compile to native code (for example Python, PHP, Perl, etc.) But what happens if the application is written for example in C, Go or Rust? Let’s take…

Read More
23. 12. 2024 Damiano Chini APM, Development, Log-SIEM, NetEye

Continuous Profiling with NetEye – Elastic Universal Profiling

Elastic 8.16, which comes with NetEye 4.39, made Elastic Universal Profiling generally available for self-hosted installations. This means that NetEye SIEM installations will now be able to take advantage of the continuous profiling solution by Elastic. In this blog post we’ll explain what you can achieve with continuous profiling, and how you can configure it…

Read More
20. 12. 2024 Alessandro Taufer DevOps, Log-SIEM

How to Monitor Your OpenShift Cluster with the Elastic Stack

Logs should be centralized, easily accessible, and independent from the monitored objects. Therefore, it’s advisable not to rely solely on the built-in monitoring system of OpenShift; instead, consider using an additional external monitoring solution. In this article, we’ll explore how to monitor an OpenShift cluster using Elastic Stack. Installing the Integration Since OpenShift is entirely…

Read More
20. 12. 2024 Matteo Cipolletta APM, Log-SIEM

Elastic Observability Engineer Certification: A Hands-On Perspective

Recently, I had the opportunity to take the Elastic Observability Engineer certification exam by Elastic. I’d like to share my experience, the challenges I faced, and some tips for anyone considering this path. What to Expect from the Exam The exam primarily focuses on practical skills in using the Elastic Stack for monitoring and observing…

Read More
08. 11. 2024 Reinhold Trocker Log Management, Log-SIEM

Configuring EnvironmentFile for Elastic Agents on NetEye Nodes

When deploying Elastic Agents, the method of installation can affect the configuration of the systemd service file. Specifically, .tgz deployments of Elastic Agents include the line EnvironmentFile=-/etc/sysconfig/elastic-agent in their systemd configuration (elastic-agent.service). However, Elastic Agents installed on NetEye nodes via RPM packages do not include this line in the EnvironmentFile by default. Adding the EnvironmentFile on NetEye Nodes To…

Read More
30. 10. 2024 Rocco Pezzani Log-SIEM, NetEye

Elasticsearch Restart and Network Tuning

We all know that NetEye Upgrades are boring activities. Upgrading is important and useful because it brings you bug fixes and new features, but nonetheless it’s extremely expensive in terms of time. The most boring, tiring and lengthy part is when you restart NetEye Services; if you have the SIEM Module installed, the time spent…

Read More
25. 10. 2024 Tobias Goller Log-SIEM

Enhancing Cybersecurity with Elastic Defend: A Technical Consultant’s Perspective

In today’s digital landscape, cybersecurity is paramount. As a technical consultant, I’ve seen firsthand how organizations struggle to keep up with evolving threats. One tool that’s consistently stood out in the fight against cyber threats is Elastic Defend. In this blog post, I’ll delve into what Elastic Defend is, its key features, and how it…

Read More
02. 10. 2024 Davide Sbetti Log Management, Log-SIEM, Machine Learning, NetEye

Perform KNN Classification Using Elasticsearch

Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is in the form of vectors, could we actually exploit Elasticsearch vector database functionality and perform…

Read More
09. 09. 2024 Rocco Pezzani Log-SIEM, NetEye

Prevent Elasticsearch Crashes Using Disk Watermarks

Hi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…

Read More
30. 08. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitor your Elasticsearch Shards Count

Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…

Read More
20. 08. 2024 Franco Federico APM, Log-SIEM, Unified Monitoring

A Journey through Elastic Integrations

At the beginning of the month we released NetEye version 4.37 that contains Elastic Stack 8.14.3. Every version update of Elastic has both improvements and additions. To see all available integrations in NetEye, click on the screenshot here: As you can see the changes range from cloud integration, to ticketing, to not forgetting security, networking,…

Read More
12. 08. 2024 Davide Sbetti AI, Artificial Intelligence, Log-SIEM, Machine Learning, NetEye

Bring Your Own Model – Using Custom Models in Elasticsearch

Hey everyone! As you may remember, we took a look in the past at how it’s possible to use a model (trained directly in Elasticsearch) to perform some real time classification by using an ingest pipeline. But… what if we wanted to use our own externally trained model? Well the good news is that, under…

Read More
14. 06. 2024 Matteo Cipolletta APM, NetEye, Real User Experience, Visual Synthetic Monitoring

The Right Monitoring Tool: Elastic Synthetic Browser Monitor vs. Alyvix

In today’s digital landscape, ensuring optimal performance and availability of applications is critical. Monitoring tools like Elastic Synthetics Journey Monitor and Alyvix offer unique capabilities tailored to diverse needs. Understanding where each tool excels can help you choose the best solution for your requirements. Elastic Synthetic Browser Monitor: Strengths and Use Cases Elastic Synthetic Browser…

Read More

Archive