Hello,
How come Elastic doesn't target small use cases and build more out of box solutions and offer that as selling points.
For example, Windows Event Logs are such a great resource of information. It can identify account lockouts, auth failures, directory service changes. Elastic would find a small win, in building a solution around this. They can quickly present an account lockouts dashboard and build into this world of IT. You might say, well we have custom dashboards for that, yes but something as universal as windows event logs, it can provide attraction to those using separate tools.
Another example is building out more pre-built monitoring dashboards.
For example, Database Monitoring.
This could be its own section. Elastic can recommend you to add data using Elastic Agent, once that database metrics are populating the solution dashboard. Elastic can market itself as offering database visibility.The data is there via Integrations! But we normally rely on custom dashboards when I think that can be a great selling point.
Hey! I can share my view of this and I would love to hear your thoughts. You may already know all of this and if so I would love to know what you would like to see different.
So when I think about Elastic Integrations I think of them as "little solutions" that solve individual problems .
When you first deploy an Elastic Agent, the default behavior is to collect system logs and metrics, this installs the "System" integration which includes a dashboard called [System Windows Security] User Management Events along with several others. I setup a new environment and deployed an Elastic agent and did a couple cycles of logon/logoff, along with some failed logons and incorrect password entries and the dashboard shows:
Now when users of Elastic want to get started with Security, they often need to deploy a couple of Elasticsearch nodes, deploy Kibana and Fleet, allocate disk space, go through sizing exercises and more. So by the time you've got your cluster setup, your policies setup and your agents deployed, you probably have lots of use-cases in mind and not just a single point solution like failed logins.
One of the things I'm really excited about that I got to announce at AWS re:Invent this year is the availability of Elastic Cloud Serverless. With Serverless Security Projects you can get started right away, target your exact use-case like failed logins, and with a project like this you would only pay for the storage and retention of the logs you send us (which could be as limited as just sending the failed/successful logs themselves). Which could be just a couple of dollars a month if you are only sending logon events.
For database dashboards we do have some content depending on the database. For example, for PostgresQL we ship a dashboard for slow query troubleshooting:
Our teams are hard at work to offer more integrations with great out-of-the-box dashboard content. For example, I'm working on an integration for monitoring Nvidia GPUs here and the thing I'm focused on now is making great visualizations available out of the box.
Where you need additional content, or where our content doesn't meet your needs, we make it easy to copy these dashboards and modify them yourself. With the new AI Assistant capabilities, you can even ask the AI assistant to help you create visualizations and add them to your dashboard.
Getting this info to you more quickly is something we're also hard at work on with our new onboarding experience that suggests data sources to add and makes onboarding even easier.
I would want a prebuilt one for database monitoring, network monitoring (using packebeat)
Now your probably think isn't it the same thing as custom dashboards?
Yes and no
The way I see it, having more prebuilt views/dashboards allows more adoption, uniformity and structure.
People love out of the box it simplifies everything. The out of the box uses data from integrations but offers no customization.
Custom dashboards are definitely still needed but like many other tools, they offer both.
Custom dashboard so you can customize to your needs and prebuilt views so you can quickly find issues and it can be integrated with the prebuilt alerts.
I think this approach would make Elastic a cohesive solution.
Also prebuilt solutions views are visually more appealing than custom dashboards.
The pre-built dashboards are a love/hate relationship for many.
They offer a great experience for getting started, but, they lack the customization that is important once you get going with the solution. For example, if you've got a use-case where you want to add a business unit control to that host's page, it's just not an option today.
These new capabilities are really exciting to me. I think the best of both worlds would be if we could build and ship custom dashboards with integrations that rival the experiences provided by the tailored UIs, while enabling you to copy and change them as needed!
Yes, your right they aren't built to be tailored and your right it looks like the custom dashboards are improving so thats great to see!
I think that is a good take on building custom dashboards and providing a better experience with tailored UIs.
This is what I would prefer but I am one of many opinions:
Elastic build more tailored UIs (they don't need to be great, but cover all components of monitoring)
a. Elastic can get feedback or contributors can improve these UI's
Add health status to these UIs
a. Health status can be based on external knowledge or Machine Learning
Add prebuilt alerts to appear/connect in these tailored UIs
Create an Elastic ecosystem by connecting solutions and tailored UIs
a. For example, An event occurs with a database (as seen from the database monitoring tailored ui), this would be correlated across Synthetics (perhaps we were monitoring the server availability), across Hosts (perhaps we monitoring the cpu, memory), and across APM (perhaps an application that is dependent on the database)
Allow Custom Dashboards to be used for supplemental insight/ troubleshooting
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
