Hello,
I wanted to share an idea about how elastic can improve their “monitoring” use cases. I am not sure where to share my ideas.
So, currently Elastic Agent with integrations is one of the quickest ways to get data into Elastic. Some integrations come with their own dashboards. This is great and more integrations are getting added!
But I would like to take this a step further. Introduce the concept of “Packs”. These “packs” are more use-case based and are essentially a way to monitor something specific using existing integrations.
For example, your use case is to monitor Domain Controllers. Elastic can offer “Domain Controller pack” where it will utilize:
- Custom Windows Integration (to collect Directory Service event logs)
- Windows integration (to collect Standard Windows Event logs and Perfmon Counters)
- Systems integration (to collect System Metrics and Windows Services)
- Specifications on “DC Services” to monitor
- Specifications on perfmon counters like “LDAP Client Sessions”)
- Dashboard showing all of the data under “DC Overview”
- ML jobs to run to detect anomalies
Why is this beneficial:
- Leveraging existing integrations
- Customers can consolidate their old traditional monitoring tools with Elastic
- Allows for more community-driven use cases
- Eliminates dashboard context switching, one dashboard contains all useful information
Example of the dashboard (inspired by other observability solutions 
):
