Christoph Wurm

Title: Using Elastic to monitor everything


"Evolution of Elasticsearch - from unstructured to structured data
1. Search
2. Logging
3. Metrics

Technical deep dive on 1 - 2 features that allowed this evolution, probably:
- Columnar storage (doc values)
- Number storage (BKD trees)

Beats - open source framework for building agents/shippers/forwarders to collect and forward data
1. Logs (Filebeat, Winlogbeat)
2. Passive packet capture (Packetbeat)
2. Metrics (existing modules for Top, Apache/Nginx, Mysql/Postgresql, Redis, Cassandra, Docker, and many more)

Live demo of Packetbeat: running on my laptop, capturing live HTTP requests to websites I visit, all data including URLs, HTTP headers, etc. are immediately in Elasticsearch and are visualised with Kibana."


Christoph is the Channel Solutions Architect for Elastic in EMEA. He advises system integrators, platform and product companies in how to use and integrate with the Elastic Stack. On his travels around the continents Christoph is always on the lookout for hummus that tastes as good as it does in Israel. Needless to say he's still looking.