From d8b4d1a96671cdb16eadf4224d925aae3b11f6c7 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Mon, 17 Nov 2025 12:46:21 +0100 Subject: [PATCH 1/8] First commit --- get-started/index.md | 14 +- get-started/toc.yml | 17 +- get-started/trial-choose-use-case.md | 147 ++++++++ get-started/trial-getting-started.md | 87 +++++ get-started/trial-poc-framework.md | 449 ++++++++++++++++++++++ get-started/trial-week-1.md | 444 ++++++++++++++++++++++ get-started/trial-week-2.md | 533 +++++++++++++++++++++++++++ 7 files changed, 1684 insertions(+), 7 deletions(-) create mode 100644 get-started/trial-choose-use-case.md create mode 100644 get-started/trial-getting-started.md create mode 100644 get-started/trial-poc-framework.md create mode 100644 get-started/trial-week-1.md create mode 100644 get-started/trial-week-2.md diff --git a/get-started/index.md b/get-started/index.md index 2262f1e665..1b1d0549c3 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -17,13 +17,21 @@ description: Learn the fundamentals of Elastic. Discover what Elastic offers, ex training resources to get started. --- -# Elastic fundamentals +# Get started -Welcome to Elastic fundamentals! +Welcome! Whether you're starting a trial or exploring what Elastic has to offer, this section helps you understand our platform and get the most value from your experience. + +## On a trial? Start here + +If you've started an Elastic trial and want a guided, hands-on experience to build a proof of concept: + +**[Get started with your Elastic trial](/get-started/trial-getting-started.md)**: Follow our step-by-step tutorial designed specifically for trial users. Set up your environment, select a use case, connect data sources, and build a proof of concept. + +## Elastic fundamentals In this section, we'll walk you through the basics of what our products offer, what they do, how they can help your business, and how to set them up. You'll get a quick look at the core features and concepts, real-world use cases, and deployment options to understand how everything fits together. -You'll also find other helpful information, such as how to use our docs, training resources, and a link to our glossary so you can familiarize yourself with our terminology. Whether you're exercising your options and are curious about what Elastic can offer, are just getting started, or are looking to dive deeper, this is a great place to begin. +You'll also find other helpful information, such as how to use our docs, training resources, and a link to our glossary so you can familiarize yourself with our terminology. ## What is Elastic? [what-is-es] diff --git a/get-started/toc.yml b/get-started/toc.yml index 41f4472933..28af7404af 100644 --- a/get-started/toc.yml +++ b/get-started/toc.yml @@ -1,10 +1,19 @@ project: 'Get started' toc: - file: index.md - - file: introduction.md - - file: the-stack.md - - file: deployment-options.md - - file: versioning-availability.md + - title: Get started with Elastic's trial + items: + - file: trial-getting-started.md + - file: trial-choose-use-case.md + - file: trial-week-1.md + - file: trial-week-2.md + - file: trial-poc-framework.md + - title: Elastic fundamentals + items: + - file: introduction.md + - file: the-stack.md + - file: deployment-options.md + - file: versioning-availability.md - file: howto-use-the-docs.md - title: Glossary crosslink: docs-content://reference/glossary/index.md \ No newline at end of file diff --git a/get-started/trial-choose-use-case.md b/get-started/trial-choose-use-case.md new file mode 100644 index 0000000000..cdc3f7fed4 --- /dev/null +++ b/get-started/trial-choose-use-case.md @@ -0,0 +1,147 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Choose the right Elastic solution for your organization. Compare search, observability, and security use cases to identify the best starting point for your trial. +--- + +# Choose your use case + +Choosing the right use case for your trial is crucial to demonstrating value quickly. Elastic offers three primary solutions, each designed for specific organizational needs. This guide helps you identify which solution best addresses your immediate challenges. + +## Quick decision guide + +Answer these questions to identify your primary use case: + +| Question | Use case | +|----------|----------------| +| Do you need to build search experiences for users or search large volumes of data? | **Search** | +| Are you troubleshooting application performance, system health, or infrastructure issues? | **Observability** | +| Do you need to detect, investigate, or respond to security threats? | **Security** | +| Are you trying to understand user behavior or analyze business data? | **Search** or **Observability** | +| Do you need to monitor compliance or audit access to systems? | **Security** | + +## Solution overview + +### Elasticsearch (Search) + +**Best for**: Building search experiences, analyzing business data, and gaining insights from large datasets. + +**Common use cases**: +- Website or application search +- E-commerce product catalogs +- Enterprise knowledge management +- Log and event search +- Business analytics and dashboards +- Full-text search across documents + +**Your organization might need this if**: +- Users struggle to find information across multiple systems. +- You need to search and analyze large volumes of unstructured data. +- You're building an application that requires fast, relevant search. +- You want to create custom analytics dashboards for business data. + +**What you'll build in your trial**: +- A searchable index of your data (documents, products, or events). +- Custom search queries with filters and relevance tuning. +- Basic analytics and visualizations. +- A simple search interface or dashboard. + +**Time to value**: See search results within 1-2 hours of ingesting data. + +### Elastic Observability + +**Best for**: Monitoring applications, infrastructure, and services to ensure reliability and performance. + +**Common use cases**: +- Application performance monitoring (APM) +- Infrastructure and container monitoring +- Log aggregation and analysis +- Service-level objective (SLO) tracking +- Incident investigation and root cause analysis +- Real user monitoring (RUM) + +**Your organization might need this if**: +- Applications are slow or experiencing errors. +- You have limited visibility into system performance. +- Logs are scattered across multiple systems. +- You need to meet SLAs or track system uptime. +- Troubleshooting incidents takes too long. + +**What you'll build in your trial**: +- Monitoring for 2-3 key services or hosts. +- Log aggregation from critical applications. +- Performance dashboards and health metrics. +- Alerting for important thresholds. +- APM instrumentation for one application. + +**Time to value**: See metrics and logs within 30 minutes to 1 hour. + +### Elastic Security + +**Best for**: Detecting, investigating, and responding to security threats and vulnerabilities. + +**Common use cases**: +- Security information and event management (SIEM) +- Endpoint protection and detection (EDR) +- Threat hunting and investigation +- Vulnerability management +- Security analytics and reporting +- Compliance monitoring + +**Your organization might need this if**: +- You need to detect and respond to security threats. +- Security logs are difficult to analyze. +- You want to monitor for suspicious activity. +- Compliance requires security event tracking. +- Incident response is manual and time-consuming. + +**What you'll build in your trial**: +- Security data ingestion from key systems (endpoints, network, cloud). +- Detection rules for common threats. +- Security dashboards and timelines. +- Alert workflows and case management. +- Basic threat hunting capabilities. + +**Time to value**: See security events and detections within 1-2 hours. + +## Multi-solution approaches + +Many organizations benefit from multiple Elastic solutions working together. However, for your trial, we recommend starting with one primary use case to demonstrate clear value quickly. + +### Common combinations + +After your initial PoC, consider these complementary solutions: + +- Observability and Security: Monitor application health and detect security threats in the same platform. +- Search and Observability: Build search experiences while monitoring application performance. +- Security and Search: Search security events while maintaining threat detection capabilities. + +## Next steps + +After you've selected your use case: + +1. Review the solution documentation: + - [Search documentation](/solutions/search.md) + - [Observability documentation](/solutions/observability.md) + - [Security documentation](/solutions/security.md) + +2. Continue to Week 1: [Week 1: Foundation and first use case](/get-started/trial-week-1.md) to start building your PoC. + +3. Set success criteria: Visit [Proof of concept framework](/get-started/trial-poc-framework.md) to define what success looks like for your organization. + +:::{tip} +You can always expand to additional use cases after your initial PoC. Many successful Elastic implementations start with one solution and grow into comprehensive platforms that address multiple needs. +::: + +## Need more guidance? + +- [Solutions overview](/get-started/introduction.md): Detailed comparison of all three solutions. +- [Customer success stories](https://www.elastic.co/customers/success-stories): See how other organizations use Elastic. +- [Contact sales](https://www.elastic.co/contact): Speak with a specialist about your specific needs. + diff --git a/get-started/trial-getting-started.md b/get-started/trial-getting-started.md new file mode 100644 index 0000000000..f7ddecf59d --- /dev/null +++ b/get-started/trial-getting-started.md @@ -0,0 +1,87 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Start your Elastic trial with confidence. This step-by-step guide helps you set up your environment, choose a use case, and build a proof of concept within your trial period. +navigation_title: Get started with Elastic +--- + +# Get started with your Elastic trial + +Welcome to Elastic! You've started your free trial, and now it's time to explore what Elastic can do for your organization. This guide provides a structured path to help you make the most of your trial period, understand Elastic's capabilities, and build a meaningful proof of concept (PoC) that demonstrates value to your team. + +By following this guide, you'll: + +- Set up your Elastic environment in minutes. +- Choose the right use case for your organization (search, observability, or security). +- Ingest real data from your systems. +- Build a working PoC that solves a real problem. +- Define and measure success metrics to demonstrate ROI. +- Identify next steps for expanding your implementation. + +## Before you begin + +You'll need the following to complete this tutorial: + +- Access to your Elastic trial (if you haven't signed up yet, start at [elastic.co/cloud/trial](https://www.elastic.co/cloud/elasticsearch-service/signup)). +- Basic familiarity with your chosen use case domain (searching data, monitoring systems, or security analysis). +- Access to data sources you want to connect (applications, logs, metrics, or security events). + +:::{tip} +Set aside focused time blocks to work through this tutorial. You'll get the most value by following the week-by-week structure rather than rushing through everything at once. +::: + +## Your trial roadmap + +This tutorial is designed to fit within your trial period, with clear milestones for each week. + +### Week 1: Foundation and first use case + +Focus on getting up and running quickly with your primary use case. + +**[Week 1: Foundation and first use case](/get-started/trial-week-1.md)**: Set up your deployment, connect your first data source, and start seeing value immediately. + +**Time commitment**: 2-4 hours to complete core setup. + +### Week 2: Expand and evaluate + +Build on your foundation by expanding your PoC and preparing for team evaluation. + +**[Week 2: Expand and evaluate](/get-started/trial-week-2.md)**: Add additional data sources, create dashboards, set up alerts, and measure success metrics. + +**Time commitment**: 3-5 hours to expand and refine. + +## Building your proof of concept + +A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. + +**[Proof of concept framework](/get-started/trial-poc-framework.md)**: Learn how to define success criteria, identify key stakeholders, and measure results that matter to your organization. + +## Choosing your use case + +Not sure which use case is right for you? Refer to **[Choose your use case](/get-started/trial-choose-use-case.md)** to understand the differences between search, observability, and security solutions, and select the best starting point for your needs. + +## Need help? + +Throughout your trial, you have access to the following resources: + +- **[Elastic Community](https://discuss.elastic.co/)**: Ask questions and learn from other users. +- **[Elastic Training](https://www.elastic.co/training)**: Free courses and certification paths. +- **[Support resources](https://www.elastic.co/support)**: Documentation, guides, and troubleshooting help. +- **Sales and technical support**: Contact your trial specialist for personalized guidance. + +## Alternative learning paths + +If you're not ready for a trial or want to explore Elastic's fundamentals first: + +- [Elastic fundamentals](/get-started/index.md): Understand core concepts, architecture, and deployment options. +- [Solutions and use cases](/solutions/index.md): Deep dive into specific solution capabilities. +- [Demo gallery](https://www.elastic.co/demo-gallery): Watch demonstrations of key features. +- [Beginner's crash course](https://www.youtube.com/playlist?list=PL_mJOmq4zsHZYAyK606y7wjQtC0aoE6Es): Video series covering Elastic basics. + + diff --git a/get-started/trial-poc-framework.md b/get-started/trial-poc-framework.md new file mode 100644 index 0000000000..2a2a13ad81 --- /dev/null +++ b/get-started/trial-poc-framework.md @@ -0,0 +1,449 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Build a successful proof of concept with Elastic. Learn how to define success criteria, identify stakeholders, and measure results that matter. +--- + +# Proof of concept framework + +A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. This framework guides you through defining objectives, identifying stakeholders, setting success criteria, and evaluating results. + +## What is a PoC? + +A proof of concept is a small-scale implementation that: + +- **Tests feasibility**: Confirms Elastic can solve your specific problem +- **Demonstrates value**: Shows measurable benefits to stakeholders +- **Identifies requirements**: Reveals what you need for full implementation +- **Reduces risk**: Validates technical and business assumptions before committing resources + +**A PoC is not**: +- A full production deployment +- An excuse to test every feature +- A replacement for strategic planning +- Open-ended exploration without goals + +## Step 1: Define your objectives + +Start by clearly articulating what you want to achieve. + +### Good objectives are SMART + +- **Specific**: Clearly defined and unambiguous +- **Measurable**: Quantifiable with metrics +- **Achievable**: Realistic within trial timeframe +- **Relevant**: Aligned with business needs +- **Time-bound**: Completed within your trial period + +### Example objectives by use case + +:::{tabs} +::::{tab} Search + +**Poor objective**: "Evaluate Elasticsearch for search." + +**Good objectives**: +- "Reduce time to find customer support tickets from 5 minutes to under 30 seconds." +- "Enable full-text search across 100,000 product descriptions with sub-second response times." +- "Improve search relevance so that 80% of users find what they need in the first 3 results." +- "Centralize search across 5 different data silos into a single interface." + +:::: + +::::{tab} Observability + +**Poor objective**: "Try out Elastic Observability." + +**Good objectives**: +- "Reduce mean time to detect (MTTD) application errors from 15 minutes to under 2 minutes." +- "Centralize logs from 10 microservices to reduce troubleshooting time by 50%." +- "Monitor infrastructure across 20 hosts to prevent unplanned downtime." +- "Trace user requests across 3 services to identify performance bottlenecks." + +:::: + +::::{tab} Security + +**Poor objective**: "See if Elastic Security works for us." + +**Good objectives**: +- "Detect malware execution on endpoints within 30 seconds of occurrence." +- "Centralize security logs from 50 endpoints and 3 cloud services for correlation." +- "Reduce security incident investigation time from 2 hours to under 30 minutes." +- "Identify and alert on unusual authentication patterns across Azure AD and AWS." + +:::: +::: + +### Template: Define your objective + +Use this template to write your PoC objective: + +> **Objective**: [Action verb] [specific capability] to [achieve result] for [target audience/system] within [timeframe]. +> +> **Example**: Enable full-text search across customer support tickets to reduce search time from 5 minutes to 30 seconds for support agents within 2 weeks. + +## Step 2: Identify stakeholders + +Successful PoCs involve the right people at the right time. + +### Key stakeholders to involve + +| Role | Why they matter | When to involve | +|------|----------------|-----------------| +| **Executive sponsor** | Provides budget and strategic alignment | Before starting, after completion | +| **Technical lead** | Owns implementation and architecture | Throughout entire PoC | +| **End users** | Validate usability and provide feedback | Week 1 (testing), Week 2 (feedback) | +| **IT operations** | Address integration and security | Week 1 (planning), Week 2 (evaluation) | +| **Security team** | Review security and compliance requirements | Before starting, during evaluation | +| **Finance/Procurement** | Understand licensing and costs | After successful PoC | + +### Stakeholder communication plan + +Create a simple plan to keep stakeholders informed: + +| Stakeholder | Communication method | Frequency | +|-------------|---------------------|-----------| +| Executive sponsor | Email updates | Weekly | +| Technical team | Slack/Teams channel | Daily (as needed) | +| End users | Demo sessions | Week 1, Week 2 | +| IT operations | Status meetings | Mid-trial, end-of-trial | + +## Step 3: Define success criteria + +Success criteria are measurable indicators that your PoC has achieved its objectives. + +### Types of success criteria + +1. **Technical criteria**: Can Elastic do what you need? +2. **Business criteria**: Does it deliver measurable value? +3. **User criteria**: Do users find it useful and usable? +4. **Operational criteria**: Can you manage and maintain it? + +### Define criteria by use case + +:::{tabs} +::::{tab} Search + +**Technical criteria**: +- [ ] Index at least [X] documents successfully +- [ ] Achieve search response time under [X] milliseconds +- [ ] Support required search features (filters, autocomplete, facets) +- [ ] Handle expected query volume (queries per second) +- [ ] Integrate with [list data sources] + +**Business criteria**: +- [ ] Reduce time to find information by [X]% +- [ ] Increase user satisfaction scores by [X] points +- [ ] Decrease number of "information not found" incidents by [X]% +- [ ] Save [X] hours per week across team + +**User criteria**: +- [ ] Users find it easier than current solution +- [ ] Search results are relevant for [X]% of queries +- [ ] Users can complete common tasks without training + +**Operational criteria**: +- [ ] Search indexes can be updated within [X] minutes +- [ ] System stays within allocated resource budget +- [ ] Integration with existing tools works reliably + +:::: + +::::{tab} Observability + +**Technical criteria**: +- [ ] Successfully ingest logs from [X] sources +- [ ] Collect metrics from [X] hosts/services +- [ ] Trace requests across [X] services with APM +- [ ] Set up [X] alerts with no false positives +- [ ] Achieve data ingestion latency under [X] seconds + +**Business criteria**: +- [ ] Reduce mean time to detect (MTTD) by [X]% +- [ ] Reduce mean time to resolve (MTTR) by [X]% +- [ ] Prevent [X] hours of downtime +- [ ] Detect [X] issues proactively before user impact + +**User criteria**: +- [ ] Engineers can troubleshoot issues faster +- [ ] Dashboards provide clear visibility into system health +- [ ] Alerts are actionable and timely + +**Operational criteria**: +- [ ] Data retention meets compliance requirements +- [ ] System scales to handle [X] events per second +- [ ] Integration with incident management tools works + +:::: + +::::{tab} Security + +**Technical criteria**: +- [ ] Protect [X] endpoints with Elastic Defend +- [ ] Ingest security events from [X] sources +- [ ] Enable [X] detection rules successfully +- [ ] Achieve alert latency under [X] minutes +- [ ] Integrate with [list security tools] + +**Business criteria**: +- [ ] Detect [X] security events that would have been missed +- [ ] Reduce incident investigation time by [X]% +- [ ] Increase threat detection coverage by [X]% +- [ ] Meet compliance requirements for [specific regulation] + +**User criteria**: +- [ ] Analysts can investigate incidents more efficiently +- [ ] Alerts provide sufficient context for response +- [ ] Dashboards surface high-priority threats + +**Operational criteria**: +- [ ] Security data retention meets compliance needs +- [ ] System integrates with existing SIEM/SOAR tools +- [ ] Endpoint deployment is manageable at scale + +:::: +::: + +### Template: Success criteria checklist + +Create your own success criteria using this template: + +**Technical criteria**: +- [ ] [Specific technical capability or performance metric] +- [ ] [Integration requirement] +- [ ] [Scalability or reliability requirement] + +**Business criteria**: +- [ ] [Quantifiable business outcome with target] +- [ ] [Cost savings or efficiency gain] +- [ ] [Risk reduction or compliance achievement] + +**User criteria**: +- [ ] [User satisfaction or adoption metric] +- [ ] [Usability or ease-of-use measure] +- [ ] [Training or learning curve requirement] + +**Operational criteria**: +- [ ] [Management or maintenance requirement] +- [ ] [Resource utilization metric] +- [ ] [Integration or compatibility need] + +## Step 4: Create a timeline + +Break your PoC into phases with clear milestones. + +### Recommended timeline for trial period + +| Phase | Duration | Key activities | +|-------|----------|----------------| +| **Planning** | 1-2 days | Define objectives, identify stakeholders, set success criteria | +| **Week 1: Foundation** | 3-5 days | Set up deployment, connect first data source, create basic dashboards | +| **Week 2: Expansion** | 3-5 days | Add data sources, refine dashboards, implement advanced features | +| **Evaluation** | 2-3 days | Measure results, prepare presentation, make recommendations | + +### Adjust timeline based on complexity + +- **Simple PoC** (single data source, basic features): 1 week +- **Standard PoC** (multiple data sources, dashboards, alerts): 2 weeks +- **Complex PoC** (many integrations, advanced features, multiple teams): 3-4 weeks + +## Step 5: Measure results + +At the end of your PoC, systematically evaluate whether you met your success criteria. + +### Create a results scorecard + +| Success criterion | Target | Actual | Met? | Notes | +|-------------------|--------|--------|------|-------| +| Search response time < 100ms | 100ms | 75ms | Yes | Exceeded expectations | +| Index 50,000 documents | 50,000 | 52,000 | Yes | All documents indexed successfully | +| Users find results in < 3 clicks | 3 clicks | 2.5 clicks | Yes | User feedback very positive | +| Integrate with 3 data sources | 3 sources | 3 sources | Yes | PostgreSQL, S3, and API | + +### Gather qualitative feedback + +In addition to metrics, collect feedback from stakeholders: + +1. **User interviews**: Ask end users about their experience. +2. **Technical review**: Have your technical team assess architecture and implementation. +3. **Leadership feedback**: Present results to executive sponsor and get input. + +**Sample interview questions**: +- What did you find most valuable about using Elastic? +- What challenges did you encounter? +- How does this compare to your current solution? +- Would you recommend moving forward with Elastic? +- What concerns do you have about production deployment? + +## Step 6: Make your recommendation + +Based on your results, make a clear recommendation with supporting evidence. + +### Possible outcomes + +#### 1. Strong success: Proceed to production + +**Indicators**: +- Met or exceeded all critical success criteria +- Strong stakeholder support +- Clear ROI demonstrated +- Technical feasibility confirmed + +**Recommendation**: Move forward with production planning and implementation. + +**Next steps**: +- Finalize architecture and sizing +- Plan data migration and onboarding +- Obtain budget approval +- Begin team training + +#### 2. Partial success: Proceed with adjustments + +**Indicators**: +- Met most success criteria, but some gaps identified +- Stakeholder support with reservations +- ROI promising but needs refinement +- Technical concerns that can be addressed + +**Recommendation**: Address identified gaps and move forward. + +**Next steps**: +- Work with Elastic to resolve technical issues +- Refine PoC in specific areas +- Adjust implementation plan to address concerns +- Consider phased rollout + +#### 3. Unsuccessful: Do not proceed + +**Indicators**: +- Failed to meet critical success criteria +- Lack of stakeholder support +- No clear ROI +- Significant technical or operational blockers + +**Recommendation**: Do not proceed at this time. + +**Next steps**: +- Document lessons learned +- Identify root causes of failure +- Consider alternative solutions +- Revisit in the future if needs change + +### Recommendation template + +Use this template for your final recommendation: + +> **Recommendation**: [Proceed / Proceed with adjustments / Do not proceed] +> +> **Summary**: [1-2 sentences on overall results] +> +> **Evidence**: +> - [Key success metric and result] +> - [Key success metric and result] +> - [Key success metric and result] +> +> **Business impact**: [Quantified ROI or business value] +> +> **Risks and mitigation**: [Any concerns and how to address them] +> +> **Next steps**: [Immediate actions to take] + +## PoC best practices + +### Do's + +- **Start small**: Focus on one use case and a few data sources. +- **Use real data**: Demonstrate with actual organizational data, not samples. +- **Involve users early**: Get feedback from people who will use the system. +- **Document everything**: Keep notes on decisions, challenges, and results. +- **Set clear boundaries**: Define what's in scope and out of scope. +- **Communicate regularly**: Keep stakeholders informed of progress. +- **Plan for production**: Think about what full implementation would require. + +### Don'ts + +- **Don't boil the ocean**: Trying to do too much leads to incomplete results. +- **Don't skip planning**: Define objectives and success criteria upfront. +- **Don't work in isolation**: Involve stakeholders throughout the process. +- **Don't ignore challenges**: Document problems and work to resolve them. +- **Don't rush evaluation**: Take time to measure results properly. +- **Don't oversell**: Be honest about capabilities and limitations. +- **Don't forget operational needs**: Consider ongoing management and maintenance. + +## Example PoC: E-commerce search + +### Scenario + +An e-commerce company wants to improve product search on their website. + +### Objective + +Enable full-text search across 100,000 products to reduce time-to-find from an average of 3 minutes to under 30 seconds, improving customer satisfaction and conversion rates. + +### Success criteria + +**Technical**: +- [ ] Index 100,000 products with complete metadata +- [ ] Search response time under 200ms at p95 +- [ ] Support filters by category, price, brand, and availability +- [ ] Provide autocomplete suggestions + +**Business**: +- [ ] Reduce average search time by 80% +- [ ] Increase search-to-purchase conversion by 10% +- [ ] Decrease "product not found" support tickets by 50% + +**User**: +- [ ] Users rate search experience 4/5 or higher +- [ ] Relevant results appear in top 3 for 90% of searches + +### Implementation + +**Week 1**: +- Set up Elasticsearch serverless deployment +- Index product catalog from PostgreSQL database +- Create basic search interface +- Configure relevance tuning + +**Week 2**: +- Add autocomplete and suggestions +- Implement faceted filtering +- Create analytics dashboard to track search metrics +- Conduct user testing with 10 internal users + +### Results + +| Criterion | Target | Result | Status | +|-----------|--------|--------|--------| +| Products indexed | 100,000 | 102,500 | Met | +| Response time | <200ms | 145ms | Met | +| Filters supported | 4 types | 5 types | Met | +| Search time reduction | 80% | 85% | Met | +| User satisfaction | 4/5 | 4.3/5 | Met | + +### Recommendation + +**Proceed to production**. The PoC exceeded expectations, demonstrating significant improvements in search speed, relevance, and user satisfaction. Estimated ROI: $150K annually from increased conversions and reduced support costs. + +## Additional resources + +- **[Trial getting started guide](/get-started/trial-getting-started.md)**: Overview of your trial journey. +- **[Week 1 guide](/get-started/trial-week-1.md)**: Set up and initial implementation. +- **[Week 2 guide](/get-started/trial-week-2.md)**: Expansion and evaluation. +- **[Production guidance](/deploy-manage/production-guidance/production-guidance.md)**: Planning for production deployment. + +## Need help? + +If you need assistance with your PoC: + +- **Contact your trial specialist**: Get personalized guidance. +- **[Elastic Community](https://discuss.elastic.co/)**: Ask questions and learn from others. +- **[Elastic Professional Services](https://www.elastic.co/services)**: Get expert help with planning and implementation. + diff --git a/get-started/trial-week-1.md b/get-started/trial-week-1.md new file mode 100644 index 0000000000..ea51e4ac14 --- /dev/null +++ b/get-started/trial-week-1.md @@ -0,0 +1,444 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Week 1 of your Elastic trial. Set up your deployment, connect your first data source, and start seeing value within hours. +--- + +# Week 1: Foundation and first use case + +Week 1 focuses on getting your Elastic environment up and running quickly and demonstrating initial value with your chosen use case. By the end of this week, you'll have data flowing into Elastic and be able to search, visualize, or monitor it effectively. + +## Week 1 goals + +By the end of this week, you'll have: + +- Set up your Elastic deployment. +- Connect your first data source. +- Explore data in Kibana. +- Create your first visualization or dashboard. +- Set up basic alerting (optional but recommended). + +**Estimated time**: 2-4 hours total. + +::::::{stepper} + +:::::{step} Set up your deployment + +### Choose your deployment type + +When you start your trial, select a deployment type: + +- {{serverless-full}} (Recommended for trials): Fully managed, auto-scaling, simplified configuration. +- {{ech}}: Fully managed with more control over configuration and sizing. + +:::{tip} +For most trials, {{serverless-short}} provides the fastest path to value with minimal configuration overhead. +::: + +### Create your deployment + +Create your deployment by following these steps: + +1. Log in to your Elastic Cloud account at [cloud.elastic.co](https://cloud.elastic.co). +2. Click **Create deployment** or **Create project** (for serverless). +3. Select your solution type: + - **Elasticsearch** for search use cases + - **Observability** for monitoring applications and infrastructure + - **Security** for threat detection and security analytics +4. Choose your cloud provider and region (select the region closest to your data sources). +5. Click **Create**. + +Your deployment will be ready in 1-2 minutes. **Save your credentials** when prompted. + +### Access Kibana + +Once your deployment is ready: + +1. Select **Open Kibana** from your deployment overview. +2. Log in with your saved credentials. + +:::{tip} +Bookmark your Kibana URL for easy access throughout your trial. +::: + +::::: + +:::::{step} Connect your first data source + +Choose the path based on your use case: + +::::{tab-set} +:::{tab-item} Search + +Your goal is to index data that you want to search and analyze. Choose one method: + +**Option A: Upload a file (Quickest start)** + +Best for: CSV, JSON, or log files you have on hand. + +1. In Kibana, go to **Management** → **Integrations**. +2. Search for "Upload file" and select it. +3. Drag your file or browse to select it. +4. Review the field mappings and adjust as needed. +5. Select **Import** and name your index. + +If you don't have data ready, Kibana includes sample datasets. Go to **Home** → **Try sample data** and add the "Sample web logs" or "Sample eCommerce orders" dataset. + +**Option B: Use an integration** + +Best for: Connecting to existing systems (databases, APIs, applications). + +1. Go to **Management** → **Integrations**. +2. Browse or search for your data source (examples: PostgreSQL, MongoDB, MySQL, Apache, nginx). +3. Select **Add** and follow the configuration steps. +4. Verify data is flowing by checking the integration status. + +**Option C: Use the API** + +Best for: Custom applications or programmatic data ingestion. + +1. Generate an API key in Kibana (**Management** → **API keys**). +2. Use the Elasticsearch REST API to index documents: + +```bash +curl -X POST "https://your-deployment.elastic.cloud:9200/your-index/_doc" \ + -H "Authorization: ApiKey your-api-key" \ + -H "Content-Type: application/json" \ + -d '{ + "title": "Example document", + "content": "This is a test document for search", + "timestamp": "2024-11-17T10:00:00Z" + }' +``` + +3. Refer to the [Elasticsearch index API documentation](/manage-data/data-store/index-your-data/index-documents.md) for more options. + +### Verify your data + +1. Go to **Analytics** → **Discover** in Kibana. +2. Select your index or data view. +3. Check that your documents are listed with all their fields. + +If you don't find your data, check your integration status or indexing logs. + +::: + +:::{tab-item} Observability + +Your goal is to collect logs, metrics, and traces from your systems. Choose one method: + +**Option A: Monitor infrastructure (Easiest)** + +Best for: Getting started quickly with system metrics. + +1. In Kibana, go to **Management** → **Integrations**. +2. Search for "System" and select the **System integration**. +3. Click **Add System**. +4. **Install Elastic Agent** on a host you want to monitor: + - Copy the installation command shown in Kibana. + - Run it on your Linux, Windows, or macOS host. + - The agent will automatically start collecting metrics. +5. Wait 1-2 minutes for data to appear. +6. Go to **Observability** → **Infrastructure** to see your host. + +**Option B: Collect application logs** + +Best for: Aggregating logs from applications or services. + +1. Go to **Management** → **Integrations**. +2. Search for your log source: + - **Custom logs** for generic log files + - Specific integrations for Apache, nginx, MySQL, PostgreSQL, etc. +3. Select **Add** and configure the log file paths. +4. Install or configure Elastic Agent to collect the logs. +5. Go to **Observability** → **Logs** → **Stream** to see incoming logs. + +**Option C: Monitor an application (APM)** + +Best for: Understanding application performance and errors. + +1. Go to **Observability** → **Applications** → **APM**. +2. Select **Add data**. +3. Select your application language (Java, Node.js, Python, .NET, etc.). +4. Follow the instrumentation instructions to add the APM agent to your application code. +5. Restart your application. +6. Generate some traffic to your application. +7. Return to **Applications** in Kibana to view traces and metrics. + +Refer to [APM documentation](/solutions/observability/apm/apm.md) for detailed setup instructions. + +### Verify your data + +1. Go to **Observability** → **Overview**. +2. You should see metrics, logs, or traces depending on what you configured. +3. Click into **Infrastructure**, **Logs**, or **Applications** for detailed views. + +::: + +:::{tab-item} Security + +### Ingest security data + +Your goal is to collect security events from endpoints, networks, and cloud services. Choose your starting point: + +**Option A: Monitor endpoints (Recommended)** + +Best for: Detecting threats on laptops, desktops, and servers. + +1. In Kibana, go to **Management** → **Integrations**. +2. Search for "Endpoint Security" and select **Elastic Defend**. +3. Select **Add Elastic Defend**. +4. Create an integration policy with default protection settings. +5. **Install Elastic Agent with Elastic Defend** on endpoints: + - Copy the installation command from Kibana. + - Run it on Windows, macOS, or Linux endpoints. + - The agent will install and begin protecting the endpoint. +6. Wait 1-2 minutes for the endpoint to appear in Kibana. +7. Go to **Security** → **Manage** → **Endpoints** to see protected hosts. + +**Option B: Collect security logs** + +Best for: Ingesting logs from firewalls, cloud providers, or security tools. + +1. Go to **Management** → **Integrations**. +2. Search for your security data source: + - AWS CloudTrail, Azure Activity Logs, Google Cloud Audit Logs + - Palo Alto Networks, Cisco, Fortinet + - Okta, Azure AD, Google Workspace +3. Selec **Add** and follow the configuration steps for your provider. +4. Verify data is flowing by checking the integration status. + +**Option C: Collect network traffic** + +Best for: Monitoring network activity for threats. + +1. Go to **Management** → **Integrations**. +2. Search for "Network Packet Capture" or "Packetbeat". +3. Install Elastic Agent with the network integration on a host that can capture traffic. +4. Configure network interfaces to monitor. +5. Go to **Security** → **Network** to see network flows. + +### Verify your data + +1. Go to **Security** → **Overview**. +2. You should see security events and alerts. +3. Explore **Alerts**, **Hosts**, **Network**, or **Users** tabs for detailed information. + +::: +:::: + +::::: + +:::::{step} Explore your data + +Now that data is flowing, let's explore it in Kibana. + +::::{tab-set} +:::{tab-item} Search + +### Explore with Discover + +1. Go to **Analytics** → **Discover**. +2. Select your index pattern or data view. +3. **Try searching**: + - Enter keywords in the search bar. For example, "error" or "user login". + - Use the query language for more precision. For example, `status:200 AND method:GET`. +4. **Filter data**: + - Select field values to add filters. + - Use the time picker to focus on specific time ranges. +5. **Analyze fields**: + - Expand a document to view all fields. + - Select fields in the sidebar to view value distributions. +3. Choose a visualization type (try "Lens" for an intuitive drag-and-drop experience). +4. Select your data source. +5. Drag fields onto the canvas: + - Add dimensions. For example, time or categories. + - Add metrics. For example, count, sum, or average. +6. Customize colors, labels, and formatting. +7. Select **Save** and name your visualization. + +::: + +:::{tab-item} Observability + +### Explore logs + +1. Go to **Observability** → **Logs** → **Stream**. +2. **Filter logs**: + - Use the search bar to find specific messages. + - Filter by host, service, or log level. +3. **View log details**: Select a log entry to see all fields and context. + +### Explore metrics + +1. Go to **Observability** → **Infrastructure**. +2. View your hosts with CPU, memory, and disk metrics. +3. Select a host to view detailed metrics. +4. Switch views to view containers, Kubernetes pods, or services. + +### Explore APM (if configured) + +1. Go to **Observability** → **Applications**. +2. Select your service. +3. View latency, throughput, and error rates. +4. Select a transaction to view traces and spans. + +### Create an observability dashboard + +1. Go to **Analytics** → **Dashboards**. +2. Click **Create dashboard**. +3. Click **Add panel** and choose a visualization type. +4. Select your observability data source. +5. Build visualizations for: + - Error rates over time + - Response time trends + - Resource utilization (CPU, memory) +6. Arrange panels and save your dashboard. + +::: + +:::{tab-item} Security + +### Explore security events + +1. Go to **Security** → **Explore** → **Events**. +2. **Filter events**: + - Use the search bar or KQL to find specific activity. + - Filter by host, user, process, or event type. +3. **Analyze an event**: Click on an event to see all details. + +### View alerts + +1. Go to **Security** → **Alerts**. +2. Review any alerts that have been generated by default detection rules. +3. Click on an alert to investigate further. + +### Explore the security dashboard + +1. Go to **Security** → **Overview**. +2. View the pre-built security dashboards showing: + - Alert trends + - Host and user activity + - Network connections + - Top threats and events + +### Create a custom security query + +1. Go to **Security** → **Timelines**. +2. Click **Create timeline**. +3. Add filters and queries to hunt for specific activity: + - Example: `process.name: "powershell.exe" AND event.action: "network-connection"` +4. Save your timeline for future investigations. + +::: +:::: + +::::: + +:::::{step} Set up alerting (Optional) + +Alerts help you stay informed about important events or conditions. + +### Create a simple alert + +::::{tab-set} +:::{tab-item} Search + +1. Go to **Management** → **Stack Management** → **Rules**. +2. Click **Create rule**. +3. Select **Elasticsearch query** rule type. +4. Define your query (e.g., `error:true`). +5. Set threshold conditions (e.g., "more than 10 matches in 5 minutes"). +6. Configure actions (e.g., send an email or Slack message). +7. Save and enable the rule. + +Refer to [alerting documentation](/explore-analyze/alerts-cases/alerting/alerting.md) for more options. + +::: + +:::{tab-item} Observability + +1. Go to **Observability** → **Alerts**. +2. Click **Manage Rules** → **Create rule**. +3. Choose a rule type: + - **Metric threshold**: Alert when CPU, memory, or custom metrics exceed limits. + - **Log threshold**: Alert on specific log patterns. + - **APM**: Alert on high error rates or slow transactions. +4. Define your conditions and thresholds. +5. Configure connectors (email, Slack, PagerDuty). +6. Save and enable the rule. + +Refer to [observability alerting](/explore-analyze/alerts-cases/alerting/alerting.md) for detailed configuration. + +::: + +:::{tab-item} Security + +1. Go to **Security** → **Rules**. +2. Click **Detection rules (SIEM)**. +3. **Enable prebuilt rules**: + - Browse the rules library. + - Enable 3-5 rules relevant to your environment (e.g., "Unusual Login Activity", "Suspicious Process Execution"). +4. Go back to **Alerts** to see any triggered alerts. + +You can also create custom rules: + +1. Click **Create new rule**. +2. Choose a rule type (query, threshold, machine learning, indicator match). +3. Define detection logic. +4. Set severity and risk scores. +5. Enable the rule. + +Refer to [security detection rules](/solutions/security/detect/detection-rules/detection-rules.md) for more information. + +::: +:::: + +::::: + +:::::{step} Document your progress + +At the end of Week 1, take a moment to document: + +- **Data sources connected**: List what data you're ingesting. +- **Initial insights**: What did you learn from exploring the data? +- **Visualizations created**: Screenshots or links to dashboards. +- **Alerts configured**: What conditions are you monitoring? +- **Challenges encountered**: Note any issues for follow-up. + +This documentation will be valuable when presenting your PoC to stakeholders. + +::::: + +:::::: + +## Week 1 checklist + +Before moving to Week 2, ensure you've completed: + +- Deployment is running and accessible. +- At least one data source is connected and sending data. +- You can search or view your data in Kibana. +- You've created at least one visualization or dashboard. +- (Optional) You've configured at least one alert. + +## Next steps + +Great work! You've established your foundation. Now it's time to expand your PoC and demonstrate deeper value. + +**Continue to [Week 2](/get-started/trial-week-2.md)** to add more data sources, refine your dashboards, and prepare for stakeholder evaluation. + +## Need help? + +If you encountered issues during Week 1: + +- [Troubleshooting documentation](/troubleshoot/index.md): Common issues and solutions. +- [Elastic Community forums](https://discuss.elastic.co/): Ask questions and get help from the community. +- Contact support: Reach out to your trial specialist for personalized assistance. + diff --git a/get-started/trial-week-2.md b/get-started/trial-week-2.md new file mode 100644 index 0000000000..78ee6ddbf5 --- /dev/null +++ b/get-started/trial-week-2.md @@ -0,0 +1,533 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Week 2 of your Elastic trial. Expand your PoC, refine dashboards, measure success metrics, and prepare for team evaluation. +--- + +# Week 2: Expand and evaluate + +In Week 2, you'll build on your foundation by expanding data sources, refining visualizations, and measuring success metrics. By the end of this week, you'll have a compelling PoC ready to demonstrate to stakeholders. + +## Week 2 goals + +By the end of this week, you'll have: + +- Added 1-2 additional data sources. +- Created polished dashboards for stakeholders. +- Implemented advanced features (alerts, ML, custom queries). +- Measured and documented success metrics. +- Prepared your PoC presentation. +- Identified next steps and expansion plans. + +**Estimated time**: 3-5 hours total. + +::::::{stepper} + +:::::{step} Expand your data sources + +Now that you're comfortable with Elastic, add more data to demonstrate broader capabilities. + +### Choose additional sources strategically + +Select data sources that: + +- Complement your Week 1 implementation. +- Address additional stakeholder needs. +- Demonstrate Elastic's integration capabilities. +- Provide more complete visibility. + +### Add data sources + +::::{tab-set} +:::{tab-item} Search + +**Expand your search capabilities**: + +1. **Add another data type**: + - If you started with documents, add product catalogs or user data. + - If you started with logs, add application events or metrics. +2. **Connect multiple sources**: + - Go to **Management** → **Integrations**. + - Add 1-2 more integrations relevant to your use case. + - Create cross-index searches using multiple data views. +3. **Enrich your data**: + - Use ingest pipelines to add calculated fields. + - Go to **Management** → **Ingest Pipelines** → **Create pipeline**. + - Add processors to enrich, transform, or parse data. + +**Example expansions**: +- E-commerce: Add user behavior data alongside product catalog. +- Content management: Add user profiles alongside documents. +- Log analysis: Add application metrics alongside log data. + +Refer to [data ingestion documentation](/manage-data/ingest/index.md) for advanced techniques. + +::: + +:::{tab-item} Observability + +**Expand your observability coverage**: + +1. **Add more hosts or services**: + - Install Elastic Agent on 2-3 additional critical hosts. + - Monitor a diverse set of services (web servers, databases, applications). +2. **Add APM to another application**: + - If you haven't yet, instrument an application with APM. + - Monitor both frontend (RUM) and backend services. +3. **Collect additional log sources**: + - Add logs from databases, load balancers, or message queues. + - Centralize logs from multiple applications. +4. **Enable uptime monitoring**: + - Go to **Observability** → **Uptime**. + - Add synthetic monitors to check endpoint availability. + - Monitor APIs, websites, or internal services. + +**Example expansions**: +- Monitor web tier, application tier, and database tier. +- Combine infrastructure metrics with application traces. +- Add cloud service metrics (AWS CloudWatch, Azure Monitor). + +Refer to [observability integrations](/solutions/observability/integrations.md) for more options. + +::: + +:::{tab-item} Security + +**Expand your security coverage**: + +1. **Add more endpoints**: + - Deploy Elastic Defend to additional critical hosts. + - Cover different OS types (Windows, macOS, Linux). +2. **Add cloud security logs**: + - Connect AWS CloudTrail, Azure AD, or Google Cloud Audit Logs. + - Go to **Management** → **Integrations** and search for your cloud provider. +3. **Add network or firewall logs**: + - Ingest logs from firewalls, proxies, or DNS servers. + - Provides network-level threat visibility. +4. **Enable additional security features**: + - **Host risk scoring**: Identify high-risk hosts. + - **User risk scoring**: Identify compromised accounts. + - **Entity analytics**: Track user and host behavior. + +**Example expansions**: +- Combine endpoint data with cloud security logs. +- Add authentication logs (Okta, Azure AD) for identity monitoring. +- Include firewall logs for network threat detection. + +Refer to [security data sources](/solutions/security/detect/detection-rules/data-sources.md) for integration options. + +::: +:::: + +::::: + +:::::{step} Refine dashboards and visualizations + +Create polished, stakeholder-ready dashboards that tell a compelling story. + +### Design principles for effective dashboards + +- **Focus on outcomes**: Show business impact, not just technical metrics. +- **Use clear titles**: Make it obvious what each panel shows. +- **Highlight key metrics**: Use metric visualizations for important KPIs. +- **Show trends**: Include time-series charts to demonstrate changes. +- **Enable interactivity**: Add filters so viewers can explore. + +### Create stakeholder dashboards + +::::{tab-set} +:::{tab-item} Search + +**Search performance dashboard**: + +1. Go to **Analytics** → **Dashboards** → **Create dashboard**. +2. Add visualizations that show: + - **Total searches performed** (metric visualization) + - **Search latency over time** (line chart) + - **Top search queries** (table or tag cloud) + - **Search result relevance** (if tracking clicks or conversions) + - **Data volume indexed** (metric or line chart) +3. Add markdown panels to provide context and insights. +4. Save as "Search Performance Overview". + +**Business value dashboard**: + +1. Create a dashboard focused on business outcomes: + - User engagement metrics + - Conversion rates (if applicable) + - Content discovery improvements + - Time saved on search tasks +2. Include before/after comparisons if you have baseline data. + +::: + +:::{tab-item} Observability + +**Service health dashboard**: + +1. Go to **Analytics** → **Dashboards** → **Create dashboard**. +2. Add visualizations that show: + - **Service uptime percentage** (metric visualization) + - **Error rate over time** (line chart with threshold lines) + - **Response time trends** (line chart showing p50, p95, p99) + - **Active services and hosts** (metric counts) + - **Top errors by service** (table) +3. Use color coding: green for healthy, yellow for warning, red for critical. +4. Save as "Service Health Overview". + +**Incident response dashboard**: + +1. Create a dashboard for troubleshooting: + - Recent errors and warnings (data table) + - Resource utilization (CPU, memory, disk) + - Network traffic patterns + - APM transaction traces (if available) +2. Add time controls to easily adjust timeframes during incidents. + +**Business value dashboard**: + +1. Create a dashboard showing: + - Mean time to detect (MTTD) improvements + - Mean time to resolve (MTTR) reductions + - Uptime improvements + - Cost savings from faster incident resolution + +::: + +:::{tab-item} Security + +**Security operations dashboard**: + +1. Go to **Analytics** → **Dashboards** → **Create dashboard**. +2. Add visualizations that show: + - **Alert count by severity** (metric or bar chart) + - **Alert trends over time** (line chart) + - **Top alerts by rule name** (table) + - **High-risk hosts and users** (tables with risk scores) + - **Security event timeline** (area chart by event type) +3. Save as "Security Operations Overview". + +**Threat detection dashboard**: + +1. Create a dashboard focused on threats: + - Recent high-severity alerts + - Suspicious process executions + - Unusual network connections + - Failed authentication attempts + - Malware detections + +**Compliance dashboard**: + +1. Create a dashboard for compliance reporting: + - Security events by type + - User activity logs + - Privileged access events + - File and system changes +2. Useful for demonstrating audit capabilities. + +::: +:::: + +### Dashboard best practices + +1. **Use Elastic's visualize options**: + - **Lens**: Intuitive drag-and-drop for most visualizations. + - **TSVB**: Time-series data with advanced calculations. + - **Markdown**: Add explanatory text and links. +2. **Add filters**: Let viewers filter by time, host, service, or other dimensions. +3. **Use drill-downs**: Link visualizations to detailed views. +4. **Set refresh intervals**: Auto-refresh dashboards for live monitoring. +5. **Apply consistent styling**: Use the same color schemes and fonts. + +Refer to [dashboard documentation](/explore-analyze/dashboards/dashboards.md) for advanced features. + +::::: + +:::::{step} Implement advanced features + +Demonstrate Elastic's powerful capabilities with advanced features. + +### Choose features based on your use case + +::::{tab-set} +:::{tab-item} Search + +**Implement these advanced search features**: + +1. **Relevance tuning**: + - Go to **Search** → **Content** → **Elasticsearch indices**. + - Experiment with boosting fields to improve search relevance. + - Test different analyzer configurations. +2. **Search suggestions (autocomplete)**: + - Add completion suggesters to your index mapping. + - Refer to [suggesters documentation](/manage-data/data-store/search-your-data/search-suggesters.md). +3. **Semantic search** (if on Elastic 8.8+): + - Enable vector search for AI-powered semantic matching. + - Refer to [semantic search documentation](/solutions/search/semantic-search/semantic-search.md). +4. **Saved searches**: + - Create and save complex search queries for reuse. + - Share searches with team members. + +::: + +:::{tab-item} Observability + +**Implement these advanced observability features**: + +1. **Service-level objectives (SLOs)**: + - Go to **Observability** → **SLOs**. + - Define SLOs for critical services (e.g., "99.9% uptime", "p95 latency < 200ms"). + - Track SLO compliance over time. +2. **Anomaly detection**: + - Go to **Observability** → **AIOps** → **Anomaly detection**. + - Create ML jobs to detect unusual patterns in metrics or logs. + - Receive alerts when anomalies occur. +3. **Service maps**: + - Go to **Observability** → **Applications** → **Service Map** (requires APM). + - Visualize dependencies between services. + - Identify performance bottlenecks. +4. **Log correlation**: + - Link logs to traces and metrics for full context. + - Use correlation IDs to track requests across services. + +Refer to [observability features](/solutions/observability/index.md) for detailed guides. + +::: + +:::{tab-item} Security + +**Implement these advanced security features**: + +1. **Entity analytics**: + - Go to **Security** → **Manage** → **Entity risk score**. + - Enable entity analytics to calculate risk scores for hosts and users. + - Alert on high-risk entities. +2. **Machine learning detection rules**: + - Go to **Security** → **Rules** → **Detection rules (SIEM)**. + - Enable ML-based rules for anomaly detection: + - Unusual network activity + - Suspicious login behavior + - Anomalous process execution +3. **Case management**: + - Go to **Security** → **Cases**. + - Create a case from an alert. + - Add notes, tasks, and track investigation progress. +4. **Threat intelligence**: + - Go to **Security** → **Explore** → **Threat Intelligence**. + - Import threat intel feeds to identify known bad indicators. + +Refer to [security capabilities](/solutions/security/index.md) for more features. + +::: +:::: + +::::: + +:::::{step} Measure and document success metrics + +Quantify the value of your PoC with concrete metrics. + +### Define success metrics + +Refer to your [PoC framework](/get-started/trial-poc-framework.md) for the success criteria you defined. Now it's time to measure them. + +### Common metrics by use case + +::::{tab-set} +:::{tab-item} Search + +**Quantitative metrics**: +- Search queries processed per day. +- Average search response time. +- Number of documents indexed. +- Search relevance improvements (click-through rates, if available). +- Time saved on data discovery tasks. + +**Qualitative metrics**: +- User satisfaction with search results. +- Ease of finding relevant information. +- Reduced time spent searching across multiple systems. + +**ROI indicators**: +- Hours saved per employee per week. +- Increased productivity in finding information. +- Reduced time to answer customer queries. + +::: + +:::{tab-item} Observability + +**Quantitative metrics**: +- Number of services and hosts monitored. +- Number of log entries ingested per day. +- Alert response time (time from alert to acknowledgment). +- Mean time to detect (MTTD) issues. +- Mean time to resolve (MTTR) incidents. + +**Qualitative metrics**: +- Visibility into system health. +- Ease of troubleshooting. +- Confidence in meeting SLAs. + +**ROI indicators**: +- Downtime reduced by X hours per month. +- Incidents detected Y minutes faster. +- Cost savings from faster incident resolution. + +::: + +:::{tab-item} Security + +**Quantitative metrics**: +- Number of endpoints protected. +- Security events ingested per day. +- Alerts generated and resolved. +- Mean time to detect (MTTD) threats. +- Mean time to respond (MTTR) to incidents. + +**Qualitative metrics**: +- Improved visibility into security posture. +- Confidence in threat detection capabilities. +- Streamlined incident investigation. + +**ROI indicators**: +- Threats detected that would have been missed. +- Time saved on manual log analysis. +- Potential breach costs avoided. + +::: +:::: + +### Document your findings + +Create a summary document with: + +1. **Metrics dashboard**: Screenshot or link to key metrics. +2. **Success criteria met**: Checklist showing which criteria you achieved. +3. **Insights gained**: What you learned about your systems, data, or users. +4. **Problems solved**: Specific issues that Elastic helped you address. +5. **Time and cost savings**: Quantify business value. + +::::: + +:::::{step} Prepare your PoC presentation + +You've built a compelling PoC — now it's time to present it effectively. + +### Create a presentation structure + +1. **Executive summary** (1-2 slides): + - Problem statement + - Solution overview + - Key results and ROI +2. **Use case overview** (2-3 slides): + - Which Elastic solution you evaluated + - Data sources connected + - Timeline of implementation +3. **Live demo** (5-10 minutes): + - Show your dashboards in action + - Demonstrate key features + - Walk through a real-world scenario +4. **Results and metrics** (2-3 slides): + - Success criteria met + - Quantitative results + - Qualitative benefits +5. **Next steps and recommendations** (1-2 slides): + - Expansion opportunities + - Pricing and licensing options + - Implementation timeline + +### Tips for an effective demo + +- **Tell a story**: Walk through a real problem and how Elastic solves it. +- **Keep it focused**: Show 2-3 key capabilities, not everything. +- **Use real data**: Demonstrate with your actual data, not samples. +- **Prepare for questions**: Anticipate technical and business questions. +- **Have a backup plan**: Record a video in case of technical issues. + +### Presenting to different audiences + +| Audience | Focus on | +|----------|----------| +| **Executives** | ROI, cost savings, business impact, time to value | +| **IT leadership** | Scalability, integration, security, operational efficiency | +| **Technical teams** | Features, APIs, ease of use, troubleshooting capabilities | +| **Security teams** | Threat detection, compliance, incident response | + +::::: + +:::::{step} Plan your expansion + +Identify what comes next after your successful PoC. + +### Expansion options + +1. Scale horizontally: Add more data sources, hosts, or users. +2. Scale vertically: Implement advanced features (ML, custom apps, APIs). +3. Add use cases: Combine search, observability, and security. +4. Production deployment: Move from trial to production-ready configuration. +5. Team onboarding: Train additional users and stakeholders. + +### Next steps checklist + +Create a plan for moving forward: + +- [ ] Determine production data volume and retention needs +- [ ] Estimate licensing costs based on usage +- [ ] Identify team members who need training +- [ ] Plan data source migration and onboarding +- [ ] Set up production deployment architecture +- [ ] Define ongoing maintenance and support processes + +### Getting help with production planning + +- **[Deployment architecture](/deploy-manage/production-guidance/production-guidance.md)**: Best practices for production deployments. +- **[Sizing guidance](/deploy-manage/production-guidance/deployment-sizing-guidelines.md)**: Estimate resource requirements. +- **[Contact sales](https://www.elastic.co/contact)**: Discuss licensing and support options. + +::::: + +:::::: + +## Week 2 checklist + +Before completing your trial, ensure you've: + +- Added 1-2 additional data sources. +- Created polished, stakeholder-ready dashboards. +- Implemented at least one advanced feature. +- Measured and documented success metrics. +- Prepared a presentation or demo. +- Identified next steps and expansion plans. + +## Congratulations! + +You've completed a comprehensive Elastic trial and built a meaningful proof of concept. You now have: + +- Real data flowing into Elastic. +- Dashboards demonstrating value. +- Measurable success metrics. +- A clear understanding of Elastic's capabilities. +- A plan for moving forward. + +## Additional resources + +- **[PoC framework](/get-started/trial-poc-framework.md)**: Review your success criteria and evaluation approach. +- **[Solutions documentation](/solutions/index.md)**: Dive deeper into your chosen use case. +- **[Community forums](https://discuss.elastic.co/)**: Connect with other Elastic users. +- **[Elastic training](https://www.elastic.co/training)**: Continue learning with courses and certifications. + +## Need help? + +If you have questions or need assistance: + +- Contact your trial specialist: Reach out for personalized guidance. +- Schedule a follow-up: Arrange a technical review with Elastic experts. +- Join the community: Ask questions in the [Elastic forums](https://discuss.elastic.co/). + From 34f5a379bc13038bb57aaa006b5fdf7d835b6813 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Mon, 17 Nov 2025 12:49:23 +0100 Subject: [PATCH 2/8] Fix errors --- get-started/toc.yml | 10 ++++------ get-started/trial-poc-framework.md | 2 +- get-started/trial-week-1.md | 10 +++++----- get-started/trial-week-2.md | 19 +++++++++---------- 4 files changed, 19 insertions(+), 22 deletions(-) diff --git a/get-started/toc.yml b/get-started/toc.yml index 28af7404af..5ed0e0d772 100644 --- a/get-started/toc.yml +++ b/get-started/toc.yml @@ -1,16 +1,14 @@ project: 'Get started' toc: - file: index.md - - title: Get started with Elastic's trial - items: - - file: trial-getting-started.md + - file: trial-getting-started.md + children: - file: trial-choose-use-case.md - file: trial-week-1.md - file: trial-week-2.md - file: trial-poc-framework.md - - title: Elastic fundamentals - items: - - file: introduction.md + - file: introduction.md + children: - file: the-stack.md - file: deployment-options.md - file: versioning-availability.md diff --git a/get-started/trial-poc-framework.md b/get-started/trial-poc-framework.md index 2a2a13ad81..2a5e39d324 100644 --- a/get-started/trial-poc-framework.md +++ b/get-started/trial-poc-framework.md @@ -437,7 +437,7 @@ Enable full-text search across 100,000 products to reduce time-to-find from an a - **[Trial getting started guide](/get-started/trial-getting-started.md)**: Overview of your trial journey. - **[Week 1 guide](/get-started/trial-week-1.md)**: Set up and initial implementation. - **[Week 2 guide](/get-started/trial-week-2.md)**: Expansion and evaluation. -- **[Production guidance](/deploy-manage/production-guidance/production-guidance.md)**: Planning for production deployment. +- **[Production guidance](/deploy-manage/production-guidance.md)**: Planning for production deployment. ## Need help? diff --git a/get-started/trial-week-1.md b/get-started/trial-week-1.md index ea51e4ac14..d349b8f8a8 100644 --- a/get-started/trial-week-1.md +++ b/get-started/trial-week-1.md @@ -117,7 +117,7 @@ curl -X POST "https://your-deployment.elastic.cloud:9200/your-index/_doc" \ }' ``` -3. Refer to the [Elasticsearch index API documentation](/manage-data/data-store/index-your-data/index-documents.md) for more options. +3. Refer to the [Elasticsearch index API documentation](/manage-data/data-store/index-basics.md) for more options. ### Verify your data @@ -171,7 +171,7 @@ Best for: Understanding application performance and errors. 6. Generate some traffic to your application. 7. Return to **Applications** in Kibana to view traces and metrics. -Refer to [APM documentation](/solutions/observability/apm/apm.md) for detailed setup instructions. +Refer to [APM documentation](/solutions/observability/apm/index.md) for detailed setup instructions. ### Verify your data @@ -358,7 +358,7 @@ Alerts help you stay informed about important events or conditions. 6. Configure actions (e.g., send an email or Slack message). 7. Save and enable the rule. -Refer to [alerting documentation](/explore-analyze/alerts-cases/alerting/alerting.md) for more options. +Refer to [alerting documentation](/solutions/observability/incident-management/alerting.md) for more options. ::: @@ -374,7 +374,7 @@ Refer to [alerting documentation](/explore-analyze/alerts-cases/alerting/alertin 5. Configure connectors (email, Slack, PagerDuty). 6. Save and enable the rule. -Refer to [observability alerting](/explore-analyze/alerts-cases/alerting/alerting.md) for detailed configuration. +Refer to [observability alerting](/solutions/observability/incident-management/alerting.md) for detailed configuration. ::: @@ -395,7 +395,7 @@ You can also create custom rules: 4. Set severity and risk scores. 5. Enable the rule. -Refer to [security detection rules](/solutions/security/detect/detection-rules/detection-rules.md) for more information. +Refer to [security detection rules](/solutions/security/detect-and-alert/about-detection-rules.md) for more information. ::: :::: diff --git a/get-started/trial-week-2.md b/get-started/trial-week-2.md index 78ee6ddbf5..032d93db43 100644 --- a/get-started/trial-week-2.md +++ b/get-started/trial-week-2.md @@ -66,7 +66,7 @@ Select data sources that: - Content management: Add user profiles alongside documents. - Log analysis: Add application metrics alongside log data. -Refer to [data ingestion documentation](/manage-data/ingest/index.md) for advanced techniques. +Refer to [data ingestion documentation](/manage-data/ingest.md) for advanced techniques. ::: @@ -93,7 +93,7 @@ Refer to [data ingestion documentation](/manage-data/ingest/index.md) for advanc - Combine infrastructure metrics with application traces. - Add cloud service metrics (AWS CloudWatch, Azure Monitor). -Refer to [observability integrations](/solutions/observability/integrations.md) for more options. +Refer to [observability get started](/solutions/observability/get-started.md) for more options. ::: @@ -120,7 +120,7 @@ Refer to [observability integrations](/solutions/observability/integrations.md) - Add authentication logs (Okta, Azure AD) for identity monitoring. - Include firewall logs for network threat detection. -Refer to [security data sources](/solutions/security/detect/detection-rules/data-sources.md) for integration options. +Refer to [security detection and alerting](/solutions/security/detect-and-alert.md) for integration options. ::: :::: @@ -245,7 +245,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. 4. **Set refresh intervals**: Auto-refresh dashboards for live monitoring. 5. **Apply consistent styling**: Use the same color schemes and fonts. -Refer to [dashboard documentation](/explore-analyze/dashboards/dashboards.md) for advanced features. +Refer to [dashboard documentation](/explore-analyze/dashboards.md) for advanced features. ::::: @@ -266,10 +266,10 @@ Demonstrate Elastic's powerful capabilities with advanced features. - Test different analyzer configurations. 2. **Search suggestions (autocomplete)**: - Add completion suggesters to your index mapping. - - Refer to [suggesters documentation](/manage-data/data-store/search-your-data/search-suggesters.md). + - Refer to the Elasticsearch documentation for suggesters. 3. **Semantic search** (if on Elastic 8.8+): - Enable vector search for AI-powered semantic matching. - - Refer to [semantic search documentation](/solutions/search/semantic-search/semantic-search.md). + - Refer to [semantic search documentation](/solutions/search/semantic-search.md). 4. **Saved searches**: - Create and save complex search queries for reuse. - Share searches with team members. @@ -296,7 +296,7 @@ Demonstrate Elastic's powerful capabilities with advanced features. - Link logs to traces and metrics for full context. - Use correlation IDs to track requests across services. -Refer to [observability features](/solutions/observability/index.md) for detailed guides. +Refer to [observability features](/solutions/observability.md) for detailed guides. ::: @@ -322,7 +322,7 @@ Refer to [observability features](/solutions/observability/index.md) for detaile - Go to **Security** → **Explore** → **Threat Intelligence**. - Import threat intel feeds to identify known bad indicators. -Refer to [security capabilities](/solutions/security/index.md) for more features. +Refer to [security capabilities](/solutions/security.md) for more features. ::: :::: @@ -487,8 +487,7 @@ Create a plan for moving forward: ### Getting help with production planning -- **[Deployment architecture](/deploy-manage/production-guidance/production-guidance.md)**: Best practices for production deployments. -- **[Sizing guidance](/deploy-manage/production-guidance/deployment-sizing-guidelines.md)**: Estimate resource requirements. +- **[Production guidance](/deploy-manage/production-guidance.md)**: Best practices for production deployments and sizing. - **[Contact sales](https://www.elastic.co/contact)**: Discuss licensing and support options. ::::: From 590da9835379b720691e71849e343ff1516185f0 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Mon, 17 Nov 2025 12:58:18 +0100 Subject: [PATCH 3/8] Remove a doc --- get-started/toc.yml | 1 - get-started/trial-choose-use-case.md | 20 +- get-started/trial-getting-started.md | 18 +- get-started/trial-poc-framework.md | 449 --------------------------- get-started/trial-week-1.md | 20 +- get-started/trial-week-2.md | 15 +- 6 files changed, 34 insertions(+), 489 deletions(-) delete mode 100644 get-started/trial-poc-framework.md diff --git a/get-started/toc.yml b/get-started/toc.yml index 5ed0e0d772..9a425ebcc8 100644 --- a/get-started/toc.yml +++ b/get-started/toc.yml @@ -6,7 +6,6 @@ toc: - file: trial-choose-use-case.md - file: trial-week-1.md - file: trial-week-2.md - - file: trial-poc-framework.md - file: introduction.md children: - file: the-stack.md diff --git a/get-started/trial-choose-use-case.md b/get-started/trial-choose-use-case.md index cdc3f7fed4..8f6e917dc1 100644 --- a/get-started/trial-choose-use-case.md +++ b/get-started/trial-choose-use-case.md @@ -28,7 +28,7 @@ Answer these questions to identify your primary use case: ## Solution overview -### Elasticsearch (Search) +### Elasticsearch (search) **Best for**: Building search experiences, analyzing business data, and gaining insights from large datasets. @@ -46,11 +46,11 @@ Answer these questions to identify your primary use case: - You're building an application that requires fast, relevant search. - You want to create custom analytics dashboards for business data. -**What you'll build in your trial**: +**What you will build in your trial**: - A searchable index of your data (documents, products, or events). - Custom search queries with filters and relevance tuning. - Basic analytics and visualizations. -- A simple search interface or dashboard. +- An efficient search interface or dashboard. **Time to value**: See search results within 1-2 hours of ingesting data. @@ -69,11 +69,11 @@ Answer these questions to identify your primary use case: **Your organization might need this if**: - Applications are slow or experiencing errors. - You have limited visibility into system performance. -- Logs are scattered across multiple systems. -- You need to meet SLAs or track system uptime. +- Logs exist across multiple systems. +- You need to meet service-level agreements (SLAs) or track system uptime. - Troubleshooting incidents takes too long. -**What you'll build in your trial**: +**What you will build in your trial**: - Monitoring for 2-3 key services or hosts. - Log aggregation from critical applications. - Performance dashboards and health metrics. @@ -101,7 +101,7 @@ Answer these questions to identify your primary use case: - Compliance requires security event tracking. - Incident response is manual and time-consuming. -**What you'll build in your trial**: +**What you will build in your trial**: - Security data ingestion from key systems (endpoints, network, cloud). - Detection rules for common threats. - Security dashboards and timelines. @@ -133,15 +133,13 @@ After you've selected your use case: 2. Continue to Week 1: [Week 1: Foundation and first use case](/get-started/trial-week-1.md) to start building your PoC. -3. Set success criteria: Visit [Proof of concept framework](/get-started/trial-poc-framework.md) to define what success looks like for your organization. - :::{tip} You can always expand to additional use cases after your initial PoC. Many successful Elastic implementations start with one solution and grow into comprehensive platforms that address multiple needs. ::: -## Need more guidance? +## Need more guidance - [Solutions overview](/get-started/introduction.md): Detailed comparison of all three solutions. -- [Customer success stories](https://www.elastic.co/customers/success-stories): See how other organizations use Elastic. +- [Customer success stories](https://www.elastic.co/customers/success-stories): Learn how other organizations use Elastic. - [Contact sales](https://www.elastic.co/contact): Speak with a specialist about your specific needs. diff --git a/get-started/trial-getting-started.md b/get-started/trial-getting-started.md index f7ddecf59d..60600115a0 100644 --- a/get-started/trial-getting-started.md +++ b/get-started/trial-getting-started.md @@ -13,32 +13,32 @@ navigation_title: Get started with Elastic # Get started with your Elastic trial -Welcome to Elastic! You've started your free trial, and now it's time to explore what Elastic can do for your organization. This guide provides a structured path to help you make the most of your trial period, understand Elastic's capabilities, and build a meaningful proof of concept (PoC) that demonstrates value to your team. +Welcome to Elastic. You've started your free trial, and now it's time to explore what Elastic can do for your organization. This guide provides a structured path to help you make the most of your trial period, understand Elastic's capabilities, and build a meaningful proof of concept (PoC) that demonstrates value to your team. -By following this guide, you'll: +By following this guide, you will: - Set up your Elastic environment in minutes. - Choose the right use case for your organization (search, observability, or security). - Ingest real data from your systems. - Build a working PoC that solves a real problem. -- Define and measure success metrics to demonstrate ROI. +- Define and measure success metrics to demonstrate return on investment (ROI). - Identify next steps for expanding your implementation. ## Before you begin -You'll need the following to complete this tutorial: +You need the following to complete this tutorial: - Access to your Elastic trial (if you haven't signed up yet, start at [elastic.co/cloud/trial](https://www.elastic.co/cloud/elasticsearch-service/signup)). - Basic familiarity with your chosen use case domain (searching data, monitoring systems, or security analysis). - Access to data sources you want to connect (applications, logs, metrics, or security events). :::{tip} -Set aside focused time blocks to work through this tutorial. You'll get the most value by following the week-by-week structure rather than rushing through everything at once. +Set aside focused time blocks to work through this tutorial. You get the most value by following the week-by-week structure rather than rushing through everything at once. ::: ## Your trial roadmap -This tutorial is designed to fit within your trial period, with clear milestones for each week. +This tutorial fits within your trial period, with clear milestones for each week. ### Week 1: Foundation and first use case @@ -58,15 +58,13 @@ Build on your foundation by expanding your PoC and preparing for team evaluation ## Building your proof of concept -A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. - -**[Proof of concept framework](/get-started/trial-poc-framework.md)**: Learn how to define success criteria, identify key stakeholders, and measure results that matter to your organization. +A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. Throughout this tutorial, you'll learn how to define success criteria, identify key stakeholders, and measure results that matter to your organization. ## Choosing your use case Not sure which use case is right for you? Refer to **[Choose your use case](/get-started/trial-choose-use-case.md)** to understand the differences between search, observability, and security solutions, and select the best starting point for your needs. -## Need help? +## Need help Throughout your trial, you have access to the following resources: diff --git a/get-started/trial-poc-framework.md b/get-started/trial-poc-framework.md deleted file mode 100644 index 2a5e39d324..0000000000 --- a/get-started/trial-poc-framework.md +++ /dev/null @@ -1,449 +0,0 @@ ---- -products: - - id: elasticsearch - - id: elastic-stack - - id: observability - - id: security -applies_to: - serverless: - stack: -description: Build a successful proof of concept with Elastic. Learn how to define success criteria, identify stakeholders, and measure results that matter. ---- - -# Proof of concept framework - -A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. This framework guides you through defining objectives, identifying stakeholders, setting success criteria, and evaluating results. - -## What is a PoC? - -A proof of concept is a small-scale implementation that: - -- **Tests feasibility**: Confirms Elastic can solve your specific problem -- **Demonstrates value**: Shows measurable benefits to stakeholders -- **Identifies requirements**: Reveals what you need for full implementation -- **Reduces risk**: Validates technical and business assumptions before committing resources - -**A PoC is not**: -- A full production deployment -- An excuse to test every feature -- A replacement for strategic planning -- Open-ended exploration without goals - -## Step 1: Define your objectives - -Start by clearly articulating what you want to achieve. - -### Good objectives are SMART - -- **Specific**: Clearly defined and unambiguous -- **Measurable**: Quantifiable with metrics -- **Achievable**: Realistic within trial timeframe -- **Relevant**: Aligned with business needs -- **Time-bound**: Completed within your trial period - -### Example objectives by use case - -:::{tabs} -::::{tab} Search - -**Poor objective**: "Evaluate Elasticsearch for search." - -**Good objectives**: -- "Reduce time to find customer support tickets from 5 minutes to under 30 seconds." -- "Enable full-text search across 100,000 product descriptions with sub-second response times." -- "Improve search relevance so that 80% of users find what they need in the first 3 results." -- "Centralize search across 5 different data silos into a single interface." - -:::: - -::::{tab} Observability - -**Poor objective**: "Try out Elastic Observability." - -**Good objectives**: -- "Reduce mean time to detect (MTTD) application errors from 15 minutes to under 2 minutes." -- "Centralize logs from 10 microservices to reduce troubleshooting time by 50%." -- "Monitor infrastructure across 20 hosts to prevent unplanned downtime." -- "Trace user requests across 3 services to identify performance bottlenecks." - -:::: - -::::{tab} Security - -**Poor objective**: "See if Elastic Security works for us." - -**Good objectives**: -- "Detect malware execution on endpoints within 30 seconds of occurrence." -- "Centralize security logs from 50 endpoints and 3 cloud services for correlation." -- "Reduce security incident investigation time from 2 hours to under 30 minutes." -- "Identify and alert on unusual authentication patterns across Azure AD and AWS." - -:::: -::: - -### Template: Define your objective - -Use this template to write your PoC objective: - -> **Objective**: [Action verb] [specific capability] to [achieve result] for [target audience/system] within [timeframe]. -> -> **Example**: Enable full-text search across customer support tickets to reduce search time from 5 minutes to 30 seconds for support agents within 2 weeks. - -## Step 2: Identify stakeholders - -Successful PoCs involve the right people at the right time. - -### Key stakeholders to involve - -| Role | Why they matter | When to involve | -|------|----------------|-----------------| -| **Executive sponsor** | Provides budget and strategic alignment | Before starting, after completion | -| **Technical lead** | Owns implementation and architecture | Throughout entire PoC | -| **End users** | Validate usability and provide feedback | Week 1 (testing), Week 2 (feedback) | -| **IT operations** | Address integration and security | Week 1 (planning), Week 2 (evaluation) | -| **Security team** | Review security and compliance requirements | Before starting, during evaluation | -| **Finance/Procurement** | Understand licensing and costs | After successful PoC | - -### Stakeholder communication plan - -Create a simple plan to keep stakeholders informed: - -| Stakeholder | Communication method | Frequency | -|-------------|---------------------|-----------| -| Executive sponsor | Email updates | Weekly | -| Technical team | Slack/Teams channel | Daily (as needed) | -| End users | Demo sessions | Week 1, Week 2 | -| IT operations | Status meetings | Mid-trial, end-of-trial | - -## Step 3: Define success criteria - -Success criteria are measurable indicators that your PoC has achieved its objectives. - -### Types of success criteria - -1. **Technical criteria**: Can Elastic do what you need? -2. **Business criteria**: Does it deliver measurable value? -3. **User criteria**: Do users find it useful and usable? -4. **Operational criteria**: Can you manage and maintain it? - -### Define criteria by use case - -:::{tabs} -::::{tab} Search - -**Technical criteria**: -- [ ] Index at least [X] documents successfully -- [ ] Achieve search response time under [X] milliseconds -- [ ] Support required search features (filters, autocomplete, facets) -- [ ] Handle expected query volume (queries per second) -- [ ] Integrate with [list data sources] - -**Business criteria**: -- [ ] Reduce time to find information by [X]% -- [ ] Increase user satisfaction scores by [X] points -- [ ] Decrease number of "information not found" incidents by [X]% -- [ ] Save [X] hours per week across team - -**User criteria**: -- [ ] Users find it easier than current solution -- [ ] Search results are relevant for [X]% of queries -- [ ] Users can complete common tasks without training - -**Operational criteria**: -- [ ] Search indexes can be updated within [X] minutes -- [ ] System stays within allocated resource budget -- [ ] Integration with existing tools works reliably - -:::: - -::::{tab} Observability - -**Technical criteria**: -- [ ] Successfully ingest logs from [X] sources -- [ ] Collect metrics from [X] hosts/services -- [ ] Trace requests across [X] services with APM -- [ ] Set up [X] alerts with no false positives -- [ ] Achieve data ingestion latency under [X] seconds - -**Business criteria**: -- [ ] Reduce mean time to detect (MTTD) by [X]% -- [ ] Reduce mean time to resolve (MTTR) by [X]% -- [ ] Prevent [X] hours of downtime -- [ ] Detect [X] issues proactively before user impact - -**User criteria**: -- [ ] Engineers can troubleshoot issues faster -- [ ] Dashboards provide clear visibility into system health -- [ ] Alerts are actionable and timely - -**Operational criteria**: -- [ ] Data retention meets compliance requirements -- [ ] System scales to handle [X] events per second -- [ ] Integration with incident management tools works - -:::: - -::::{tab} Security - -**Technical criteria**: -- [ ] Protect [X] endpoints with Elastic Defend -- [ ] Ingest security events from [X] sources -- [ ] Enable [X] detection rules successfully -- [ ] Achieve alert latency under [X] minutes -- [ ] Integrate with [list security tools] - -**Business criteria**: -- [ ] Detect [X] security events that would have been missed -- [ ] Reduce incident investigation time by [X]% -- [ ] Increase threat detection coverage by [X]% -- [ ] Meet compliance requirements for [specific regulation] - -**User criteria**: -- [ ] Analysts can investigate incidents more efficiently -- [ ] Alerts provide sufficient context for response -- [ ] Dashboards surface high-priority threats - -**Operational criteria**: -- [ ] Security data retention meets compliance needs -- [ ] System integrates with existing SIEM/SOAR tools -- [ ] Endpoint deployment is manageable at scale - -:::: -::: - -### Template: Success criteria checklist - -Create your own success criteria using this template: - -**Technical criteria**: -- [ ] [Specific technical capability or performance metric] -- [ ] [Integration requirement] -- [ ] [Scalability or reliability requirement] - -**Business criteria**: -- [ ] [Quantifiable business outcome with target] -- [ ] [Cost savings or efficiency gain] -- [ ] [Risk reduction or compliance achievement] - -**User criteria**: -- [ ] [User satisfaction or adoption metric] -- [ ] [Usability or ease-of-use measure] -- [ ] [Training or learning curve requirement] - -**Operational criteria**: -- [ ] [Management or maintenance requirement] -- [ ] [Resource utilization metric] -- [ ] [Integration or compatibility need] - -## Step 4: Create a timeline - -Break your PoC into phases with clear milestones. - -### Recommended timeline for trial period - -| Phase | Duration | Key activities | -|-------|----------|----------------| -| **Planning** | 1-2 days | Define objectives, identify stakeholders, set success criteria | -| **Week 1: Foundation** | 3-5 days | Set up deployment, connect first data source, create basic dashboards | -| **Week 2: Expansion** | 3-5 days | Add data sources, refine dashboards, implement advanced features | -| **Evaluation** | 2-3 days | Measure results, prepare presentation, make recommendations | - -### Adjust timeline based on complexity - -- **Simple PoC** (single data source, basic features): 1 week -- **Standard PoC** (multiple data sources, dashboards, alerts): 2 weeks -- **Complex PoC** (many integrations, advanced features, multiple teams): 3-4 weeks - -## Step 5: Measure results - -At the end of your PoC, systematically evaluate whether you met your success criteria. - -### Create a results scorecard - -| Success criterion | Target | Actual | Met? | Notes | -|-------------------|--------|--------|------|-------| -| Search response time < 100ms | 100ms | 75ms | Yes | Exceeded expectations | -| Index 50,000 documents | 50,000 | 52,000 | Yes | All documents indexed successfully | -| Users find results in < 3 clicks | 3 clicks | 2.5 clicks | Yes | User feedback very positive | -| Integrate with 3 data sources | 3 sources | 3 sources | Yes | PostgreSQL, S3, and API | - -### Gather qualitative feedback - -In addition to metrics, collect feedback from stakeholders: - -1. **User interviews**: Ask end users about their experience. -2. **Technical review**: Have your technical team assess architecture and implementation. -3. **Leadership feedback**: Present results to executive sponsor and get input. - -**Sample interview questions**: -- What did you find most valuable about using Elastic? -- What challenges did you encounter? -- How does this compare to your current solution? -- Would you recommend moving forward with Elastic? -- What concerns do you have about production deployment? - -## Step 6: Make your recommendation - -Based on your results, make a clear recommendation with supporting evidence. - -### Possible outcomes - -#### 1. Strong success: Proceed to production - -**Indicators**: -- Met or exceeded all critical success criteria -- Strong stakeholder support -- Clear ROI demonstrated -- Technical feasibility confirmed - -**Recommendation**: Move forward with production planning and implementation. - -**Next steps**: -- Finalize architecture and sizing -- Plan data migration and onboarding -- Obtain budget approval -- Begin team training - -#### 2. Partial success: Proceed with adjustments - -**Indicators**: -- Met most success criteria, but some gaps identified -- Stakeholder support with reservations -- ROI promising but needs refinement -- Technical concerns that can be addressed - -**Recommendation**: Address identified gaps and move forward. - -**Next steps**: -- Work with Elastic to resolve technical issues -- Refine PoC in specific areas -- Adjust implementation plan to address concerns -- Consider phased rollout - -#### 3. Unsuccessful: Do not proceed - -**Indicators**: -- Failed to meet critical success criteria -- Lack of stakeholder support -- No clear ROI -- Significant technical or operational blockers - -**Recommendation**: Do not proceed at this time. - -**Next steps**: -- Document lessons learned -- Identify root causes of failure -- Consider alternative solutions -- Revisit in the future if needs change - -### Recommendation template - -Use this template for your final recommendation: - -> **Recommendation**: [Proceed / Proceed with adjustments / Do not proceed] -> -> **Summary**: [1-2 sentences on overall results] -> -> **Evidence**: -> - [Key success metric and result] -> - [Key success metric and result] -> - [Key success metric and result] -> -> **Business impact**: [Quantified ROI or business value] -> -> **Risks and mitigation**: [Any concerns and how to address them] -> -> **Next steps**: [Immediate actions to take] - -## PoC best practices - -### Do's - -- **Start small**: Focus on one use case and a few data sources. -- **Use real data**: Demonstrate with actual organizational data, not samples. -- **Involve users early**: Get feedback from people who will use the system. -- **Document everything**: Keep notes on decisions, challenges, and results. -- **Set clear boundaries**: Define what's in scope and out of scope. -- **Communicate regularly**: Keep stakeholders informed of progress. -- **Plan for production**: Think about what full implementation would require. - -### Don'ts - -- **Don't boil the ocean**: Trying to do too much leads to incomplete results. -- **Don't skip planning**: Define objectives and success criteria upfront. -- **Don't work in isolation**: Involve stakeholders throughout the process. -- **Don't ignore challenges**: Document problems and work to resolve them. -- **Don't rush evaluation**: Take time to measure results properly. -- **Don't oversell**: Be honest about capabilities and limitations. -- **Don't forget operational needs**: Consider ongoing management and maintenance. - -## Example PoC: E-commerce search - -### Scenario - -An e-commerce company wants to improve product search on their website. - -### Objective - -Enable full-text search across 100,000 products to reduce time-to-find from an average of 3 minutes to under 30 seconds, improving customer satisfaction and conversion rates. - -### Success criteria - -**Technical**: -- [ ] Index 100,000 products with complete metadata -- [ ] Search response time under 200ms at p95 -- [ ] Support filters by category, price, brand, and availability -- [ ] Provide autocomplete suggestions - -**Business**: -- [ ] Reduce average search time by 80% -- [ ] Increase search-to-purchase conversion by 10% -- [ ] Decrease "product not found" support tickets by 50% - -**User**: -- [ ] Users rate search experience 4/5 or higher -- [ ] Relevant results appear in top 3 for 90% of searches - -### Implementation - -**Week 1**: -- Set up Elasticsearch serverless deployment -- Index product catalog from PostgreSQL database -- Create basic search interface -- Configure relevance tuning - -**Week 2**: -- Add autocomplete and suggestions -- Implement faceted filtering -- Create analytics dashboard to track search metrics -- Conduct user testing with 10 internal users - -### Results - -| Criterion | Target | Result | Status | -|-----------|--------|--------|--------| -| Products indexed | 100,000 | 102,500 | Met | -| Response time | <200ms | 145ms | Met | -| Filters supported | 4 types | 5 types | Met | -| Search time reduction | 80% | 85% | Met | -| User satisfaction | 4/5 | 4.3/5 | Met | - -### Recommendation - -**Proceed to production**. The PoC exceeded expectations, demonstrating significant improvements in search speed, relevance, and user satisfaction. Estimated ROI: $150K annually from increased conversions and reduced support costs. - -## Additional resources - -- **[Trial getting started guide](/get-started/trial-getting-started.md)**: Overview of your trial journey. -- **[Week 1 guide](/get-started/trial-week-1.md)**: Set up and initial implementation. -- **[Week 2 guide](/get-started/trial-week-2.md)**: Expansion and evaluation. -- **[Production guidance](/deploy-manage/production-guidance.md)**: Planning for production deployment. - -## Need help? - -If you need assistance with your PoC: - -- **Contact your trial specialist**: Get personalized guidance. -- **[Elastic Community](https://discuss.elastic.co/)**: Ask questions and learn from others. -- **[Elastic Professional Services](https://www.elastic.co/services)**: Get expert help with planning and implementation. - diff --git a/get-started/trial-week-1.md b/get-started/trial-week-1.md index d349b8f8a8..dba9be387b 100644 --- a/get-started/trial-week-1.md +++ b/get-started/trial-week-1.md @@ -12,11 +12,11 @@ description: Week 1 of your Elastic trial. Set up your deployment, connect your # Week 1: Foundation and first use case -Week 1 focuses on getting your Elastic environment up and running quickly and demonstrating initial value with your chosen use case. By the end of this week, you'll have data flowing into Elastic and be able to search, visualize, or monitor it effectively. +Week 1 focuses on getting your Elastic environment up and running quickly and demonstrating initial value with your chosen use case. By the end of this week, you will have data flowing into Elastic and be able to search, visualize, or monitor it effectively. ## Week 1 goals -By the end of this week, you'll have: +By the end of this week, you will have: - Set up your Elastic deployment. - Connect your first data source. @@ -154,7 +154,7 @@ Best for: Aggregating logs from applications or services. 1. Go to **Management** → **Integrations**. 2. Search for your log source: - **Custom logs** for generic log files - - Specific integrations for Apache, nginx, MySQL, PostgreSQL, etc. + - Specific integrations for Apache, nginx, MySQL, PostgreSQL, and so on. 3. Select **Add** and configure the log file paths. 4. Install or configure Elastic Agent to collect the logs. 5. Go to **Observability** → **Logs** → **Stream** to see incoming logs. @@ -165,7 +165,7 @@ Best for: Understanding application performance and errors. 1. Go to **Observability** → **Applications** → **APM**. 2. Select **Add data**. -3. Select your application language (Java, Node.js, Python, .NET, etc.). +3. Select your application language (Java, Node.js, Python, .NET, and so on). 4. Follow the instrumentation instructions to add the APM agent to your application code. 5. Restart your application. 6. Generate some traffic to your application. @@ -353,9 +353,9 @@ Alerts help you stay informed about important events or conditions. 1. Go to **Management** → **Stack Management** → **Rules**. 2. Click **Create rule**. 3. Select **Elasticsearch query** rule type. -4. Define your query (e.g., `error:true`). -5. Set threshold conditions (e.g., "more than 10 matches in 5 minutes"). -6. Configure actions (e.g., send an email or Slack message). +4. Define your query (for example, `error:true`). +5. Set threshold conditions (for example, "more than 10 matches in 5 minutes"). +6. Configure actions (for example, send an email or Slack message). 7. Save and enable the rule. Refer to [alerting documentation](/solutions/observability/incident-management/alerting.md) for more options. @@ -384,7 +384,7 @@ Refer to [observability alerting](/solutions/observability/incident-management/a 2. Click **Detection rules (SIEM)**. 3. **Enable prebuilt rules**: - Browse the rules library. - - Enable 3-5 rules relevant to your environment (e.g., "Unusual Login Activity", "Suspicious Process Execution"). + - Enable 3-5 rules relevant to your environment (for example, "Unusual Login Activity", "Suspicious Process Execution"). 4. Go back to **Alerts** to see any triggered alerts. You can also create custom rules: @@ -430,11 +430,11 @@ Before moving to Week 2, ensure you've completed: ## Next steps -Great work! You've established your foundation. Now it's time to expand your PoC and demonstrate deeper value. +Great work. You've established your foundation. Now it's time to expand your PoC and demonstrate deeper value. **Continue to [Week 2](/get-started/trial-week-2.md)** to add more data sources, refine your dashboards, and prepare for stakeholder evaluation. -## Need help? +## Need help If you encountered issues during Week 1: diff --git a/get-started/trial-week-2.md b/get-started/trial-week-2.md index 032d93db43..64a0399af5 100644 --- a/get-started/trial-week-2.md +++ b/get-started/trial-week-2.md @@ -12,11 +12,11 @@ description: Week 2 of your Elastic trial. Expand your PoC, refine dashboards, m # Week 2: Expand and evaluate -In Week 2, you'll build on your foundation by expanding data sources, refining visualizations, and measuring success metrics. By the end of this week, you'll have a compelling PoC ready to demonstrate to stakeholders. +In Week 2, you will build on your foundation by expanding data sources, refining visualizations, and measuring success metrics. By the end of this week, you will have a compelling proof of concept (PoC) ready to demonstrate to stakeholders. ## Week 2 goals -By the end of this week, you'll have: +By the end of this week, you will have: - Added 1-2 additional data sources. - Created polished dashboards for stakeholders. @@ -282,7 +282,7 @@ Demonstrate Elastic's powerful capabilities with advanced features. 1. **Service-level objectives (SLOs)**: - Go to **Observability** → **SLOs**. - - Define SLOs for critical services (e.g., "99.9% uptime", "p95 latency < 200ms"). + - Define SLOs for critical services (for example, "99.9% uptime", "p95 latency < 200ms"). - Track SLO compliance over time. 2. **Anomaly detection**: - Go to **Observability** → **AIOps** → **Anomaly detection**. @@ -335,7 +335,7 @@ Quantify the value of your PoC with concrete metrics. ### Define success metrics -Refer to your [PoC framework](/get-started/trial-poc-framework.md) for the success criteria you defined. Now it's time to measure them. +Review the success criteria you defined at the start of your trial. Now it's time to measure them. ### Common metrics by use case @@ -418,7 +418,7 @@ Create a summary document with: :::::{step} Prepare your PoC presentation -You've built a compelling PoC — now it's time to present it effectively. +You've built a compelling PoC—now it's time to present it effectively. ### Create a presentation structure @@ -505,7 +505,7 @@ Before completing your trial, ensure you've: - Prepared a presentation or demo. - Identified next steps and expansion plans. -## Congratulations! +## Congratulations You've completed a comprehensive Elastic trial and built a meaningful proof of concept. You now have: @@ -517,12 +517,11 @@ You've completed a comprehensive Elastic trial and built a meaningful proof of c ## Additional resources -- **[PoC framework](/get-started/trial-poc-framework.md)**: Review your success criteria and evaluation approach. - **[Solutions documentation](/solutions/index.md)**: Dive deeper into your chosen use case. - **[Community forums](https://discuss.elastic.co/)**: Connect with other Elastic users. - **[Elastic training](https://www.elastic.co/training)**: Continue learning with courses and certifications. -## Need help? +## Need help If you have questions or need assistance: From dff5e144459b79f381ef8e2555e6010d18840474 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Mon, 17 Nov 2025 13:17:13 +0100 Subject: [PATCH 4/8] Edits --- get-started/toc.yml | 7 +- get-started/trial-getting-started.md | 2 +- get-started/trial-week-1.md | 85 ++++++++--------- get-started/trial-week-2.md | 137 ++++++--------------------- 4 files changed, 69 insertions(+), 162 deletions(-) diff --git a/get-started/toc.yml b/get-started/toc.yml index 9a425ebcc8..e0fbcd08f1 100644 --- a/get-started/toc.yml +++ b/get-started/toc.yml @@ -7,10 +7,9 @@ toc: - file: trial-week-1.md - file: trial-week-2.md - file: introduction.md - children: - - file: the-stack.md - - file: deployment-options.md - - file: versioning-availability.md + - file: the-stack.md + - file: deployment-options.md + - file: versioning-availability.md - file: howto-use-the-docs.md - title: Glossary crosslink: docs-content://reference/glossary/index.md \ No newline at end of file diff --git a/get-started/trial-getting-started.md b/get-started/trial-getting-started.md index 60600115a0..7d932cc375 100644 --- a/get-started/trial-getting-started.md +++ b/get-started/trial-getting-started.md @@ -8,7 +8,7 @@ applies_to: serverless: stack: description: Start your Elastic trial with confidence. This step-by-step guide helps you set up your environment, choose a use case, and build a proof of concept within your trial period. -navigation_title: Get started with Elastic +navigation_title: Get started with the Elastic trial --- # Get started with your Elastic trial diff --git a/get-started/trial-week-1.md b/get-started/trial-week-1.md index dba9be387b..602dbdbf34 100644 --- a/get-started/trial-week-1.md +++ b/get-started/trial-week-1.md @@ -14,8 +14,6 @@ description: Week 1 of your Elastic trial. Set up your deployment, connect your Week 1 focuses on getting your Elastic environment up and running quickly and demonstrating initial value with your chosen use case. By the end of this week, you will have data flowing into Elastic and be able to search, visualize, or monitor it effectively. -## Week 1 goals - By the end of this week, you will have: - Set up your Elastic deployment. @@ -26,11 +24,11 @@ By the end of this week, you will have: **Estimated time**: 2-4 hours total. -::::::{stepper} +## Set up your deployment -:::::{step} Set up your deployment +::::::{stepper} -### Choose your deployment type +:::::{step} Choose your deployment type When you start your trial, select a deployment type: @@ -41,7 +39,9 @@ When you start your trial, select a deployment type: For most trials, {{serverless-short}} provides the fastest path to value with minimal configuration overhead. ::: -### Create your deployment +::::: + +:::::{step} Create your deployment Create your deployment by following these steps: @@ -56,7 +56,9 @@ Create your deployment by following these steps: Your deployment will be ready in 1-2 minutes. **Save your credentials** when prompted. -### Access Kibana +::::: + +:::::{step} Access Kibana Once your deployment is ready: @@ -68,8 +70,9 @@ Bookmark your Kibana URL for easy access throughout your trial. ::: ::::: +:::::: -:::::{step} Connect your first data source +## Connect your first data source Choose the path based on your use case: @@ -78,7 +81,7 @@ Choose the path based on your use case: Your goal is to index data that you want to search and analyze. Choose one method: -**Option A: Upload a file (Quickest start)** +#### Option A: Upload a file (Quickest start) Best for: CSV, JSON, or log files you have on hand. @@ -90,7 +93,7 @@ Best for: CSV, JSON, or log files you have on hand. If you don't have data ready, Kibana includes sample datasets. Go to **Home** → **Try sample data** and add the "Sample web logs" or "Sample eCommerce orders" dataset. -**Option B: Use an integration** +#### Option B: Use an integration Best for: Connecting to existing systems (databases, APIs, applications). @@ -99,7 +102,7 @@ Best for: Connecting to existing systems (databases, APIs, applications). 3. Select **Add** and follow the configuration steps. 4. Verify data is flowing by checking the integration status. -**Option C: Use the API** +#### Option C: Use the API Best for: Custom applications or programmatic data ingestion. @@ -119,7 +122,7 @@ curl -X POST "https://your-deployment.elastic.cloud:9200/your-index/_doc" \ 3. Refer to the [Elasticsearch index API documentation](/manage-data/data-store/index-basics.md) for more options. -### Verify your data +#### Verify your data 1. Go to **Analytics** → **Discover** in Kibana. 2. Select your index or data view. @@ -133,7 +136,7 @@ If you don't find your data, check your integration status or indexing logs. Your goal is to collect logs, metrics, and traces from your systems. Choose one method: -**Option A: Monitor infrastructure (Easiest)** +#### Option A: Monitor infrastructure (Easiest) Best for: Getting started quickly with system metrics. @@ -147,7 +150,7 @@ Best for: Getting started quickly with system metrics. 5. Wait 1-2 minutes for data to appear. 6. Go to **Observability** → **Infrastructure** to see your host. -**Option B: Collect application logs** +#### Option B: Collect application logs Best for: Aggregating logs from applications or services. @@ -159,7 +162,7 @@ Best for: Aggregating logs from applications or services. 4. Install or configure Elastic Agent to collect the logs. 5. Go to **Observability** → **Logs** → **Stream** to see incoming logs. -**Option C: Monitor an application (APM)** +#### Option C: Monitor an application (APM) Best for: Understanding application performance and errors. @@ -173,7 +176,7 @@ Best for: Understanding application performance and errors. Refer to [APM documentation](/solutions/observability/apm/index.md) for detailed setup instructions. -### Verify your data +#### Verify your data 1. Go to **Observability** → **Overview**. 2. You should see metrics, logs, or traces depending on what you configured. @@ -183,11 +186,9 @@ Refer to [APM documentation](/solutions/observability/apm/index.md) for detailed :::{tab-item} Security -### Ingest security data - Your goal is to collect security events from endpoints, networks, and cloud services. Choose your starting point: -**Option A: Monitor endpoints (Recommended)** +#### Option A: Monitor endpoints (Recommended) Best for: Detecting threats on laptops, desktops, and servers. @@ -202,7 +203,7 @@ Best for: Detecting threats on laptops, desktops, and servers. 6. Wait 1-2 minutes for the endpoint to appear in Kibana. 7. Go to **Security** → **Manage** → **Endpoints** to see protected hosts. -**Option B: Collect security logs** +#### Option B: Collect security logs Best for: Ingesting logs from firewalls, cloud providers, or security tools. @@ -214,7 +215,7 @@ Best for: Ingesting logs from firewalls, cloud providers, or security tools. 3. Selec **Add** and follow the configuration steps for your provider. 4. Verify data is flowing by checking the integration status. -**Option C: Collect network traffic** +#### Option C: Collect network traffic Best for: Monitoring network activity for threats. @@ -224,7 +225,7 @@ Best for: Monitoring network activity for threats. 4. Configure network interfaces to monitor. 5. Go to **Security** → **Network** to see network flows. -### Verify your data +#### Verify your data 1. Go to **Security** → **Overview**. 2. You should see security events and alerts. @@ -233,16 +234,14 @@ Best for: Monitoring network activity for threats. ::: :::: -::::: - -:::::{step} Explore your data +## Explore your data Now that data is flowing, let's explore it in Kibana. ::::{tab-set} :::{tab-item} Search -### Explore with Discover +#### Explore with Discover 1. Go to **Analytics** → **Discover**. 2. Select your index pattern or data view. @@ -267,7 +266,7 @@ Now that data is flowing, let's explore it in Kibana. :::{tab-item} Observability -### Explore logs +#### Explore logs 1. Go to **Observability** → **Logs** → **Stream**. 2. **Filter logs**: @@ -275,21 +274,21 @@ Now that data is flowing, let's explore it in Kibana. - Filter by host, service, or log level. 3. **View log details**: Select a log entry to see all fields and context. -### Explore metrics +#### Explore metrics 1. Go to **Observability** → **Infrastructure**. 2. View your hosts with CPU, memory, and disk metrics. 3. Select a host to view detailed metrics. 4. Switch views to view containers, Kubernetes pods, or services. -### Explore APM (if configured) +#### Explore APM (if configured) 1. Go to **Observability** → **Applications**. 2. Select your service. 3. View latency, throughput, and error rates. 4. Select a transaction to view traces and spans. -### Create an observability dashboard +#### Create an observability dashboard 1. Go to **Analytics** → **Dashboards**. 2. Click **Create dashboard**. @@ -305,7 +304,7 @@ Now that data is flowing, let's explore it in Kibana. :::{tab-item} Security -### Explore security events +#### Explore security events 1. Go to **Security** → **Explore** → **Events**. 2. **Filter events**: @@ -313,13 +312,13 @@ Now that data is flowing, let's explore it in Kibana. - Filter by host, user, process, or event type. 3. **Analyze an event**: Click on an event to see all details. -### View alerts +#### View alerts 1. Go to **Security** → **Alerts**. 2. Review any alerts that have been generated by default detection rules. 3. Click on an alert to investigate further. -### Explore the security dashboard +#### Explore the security dashboard 1. Go to **Security** → **Overview**. 2. View the pre-built security dashboards showing: @@ -328,10 +327,10 @@ Now that data is flowing, let's explore it in Kibana. - Network connections - Top threats and events -### Create a custom security query +#### Create a custom security query 1. Go to **Security** → **Timelines**. -2. Click **Create timeline**. +2. Select **Create timeline**. 3. Add filters and queries to hunt for specific activity: - Example: `process.name: "powershell.exe" AND event.action: "network-connection"` 4. Save your timeline for future investigations. @@ -339,9 +338,7 @@ Now that data is flowing, let's explore it in Kibana. ::: :::: -::::: - -:::::{step} Set up alerting (Optional) +## Set up alerting (Optional) Alerts help you stay informed about important events or conditions. @@ -400,9 +397,7 @@ Refer to [security detection rules](/solutions/security/detect-and-alert/about-d ::: :::: -::::: - -:::::{step} Document your progress +## Document your progress At the end of Week 1, take a moment to document: @@ -412,13 +407,9 @@ At the end of Week 1, take a moment to document: - **Alerts configured**: What conditions are you monitoring? - **Challenges encountered**: Note any issues for follow-up. -This documentation will be valuable when presenting your PoC to stakeholders. - -::::: - -:::::: +This documentation might be valuable when presenting your PoC to stakeholders. -## Week 1 checklist +## Checklist Before moving to Week 2, ensure you've completed: diff --git a/get-started/trial-week-2.md b/get-started/trial-week-2.md index 64a0399af5..91b6949e0f 100644 --- a/get-started/trial-week-2.md +++ b/get-started/trial-week-2.md @@ -14,8 +14,6 @@ description: Week 2 of your Elastic trial. Expand your PoC, refine dashboards, m In Week 2, you will build on your foundation by expanding data sources, refining visualizations, and measuring success metrics. By the end of this week, you will have a compelling proof of concept (PoC) ready to demonstrate to stakeholders. -## Week 2 goals - By the end of this week, you will have: - Added 1-2 additional data sources. @@ -27,9 +25,7 @@ By the end of this week, you will have: **Estimated time**: 3-5 hours total. -::::::{stepper} - -:::::{step} Expand your data sources +## Expand your data sources Now that you're comfortable with Elastic, add more data to demonstrate broader capabilities. @@ -47,7 +43,7 @@ Select data sources that: ::::{tab-set} :::{tab-item} Search -**Expand your search capabilities**: +#### Expand your search capabilities 1. **Add another data type**: - If you started with documents, add product catalogs or user data. @@ -72,7 +68,7 @@ Refer to [data ingestion documentation](/manage-data/ingest.md) for advanced tec :::{tab-item} Observability -**Expand your observability coverage**: +#### Expand your observability coverage 1. **Add more hosts or services**: - Install Elastic Agent on 2-3 additional critical hosts. @@ -99,7 +95,7 @@ Refer to [observability get started](/solutions/observability/get-started.md) fo :::{tab-item} Security -**Expand your security coverage**: +#### Expand your security coverage 1. **Add more endpoints**: - Deploy Elastic Defend to additional critical hosts. @@ -125,26 +121,16 @@ Refer to [security detection and alerting](/solutions/security/detect-and-alert. ::: :::: -::::: - -:::::{step} Refine dashboards and visualizations +## Refine dashboards and visualizations Create polished, stakeholder-ready dashboards that tell a compelling story. -### Design principles for effective dashboards - -- **Focus on outcomes**: Show business impact, not just technical metrics. -- **Use clear titles**: Make it obvious what each panel shows. -- **Highlight key metrics**: Use metric visualizations for important KPIs. -- **Show trends**: Include time-series charts to demonstrate changes. -- **Enable interactivity**: Add filters so viewers can explore. - ### Create stakeholder dashboards ::::{tab-set} :::{tab-item} Search -**Search performance dashboard**: +#### Search performance dashboard 1. Go to **Analytics** → **Dashboards** → **Create dashboard**. 2. Add visualizations that show: @@ -156,7 +142,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. 3. Add markdown panels to provide context and insights. 4. Save as "Search Performance Overview". -**Business value dashboard**: +#### Business value dashboard 1. Create a dashboard focused on business outcomes: - User engagement metrics @@ -169,7 +155,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. :::{tab-item} Observability -**Service health dashboard**: +#### Service health dashboard 1. Go to **Analytics** → **Dashboards** → **Create dashboard**. 2. Add visualizations that show: @@ -181,7 +167,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. 3. Use color coding: green for healthy, yellow for warning, red for critical. 4. Save as "Service Health Overview". -**Incident response dashboard**: +#### Incident response dashboard 1. Create a dashboard for troubleshooting: - Recent errors and warnings (data table) @@ -190,7 +176,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. - APM transaction traces (if available) 2. Add time controls to easily adjust timeframes during incidents. -**Business value dashboard**: +#### Business value dashboard 1. Create a dashboard showing: - Mean time to detect (MTTD) improvements @@ -202,7 +188,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. :::{tab-item} Security -**Security operations dashboard**: +#### Security operations dashboard 1. Go to **Analytics** → **Dashboards** → **Create dashboard**. 2. Add visualizations that show: @@ -213,7 +199,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. - **Security event timeline** (area chart by event type) 3. Save as "Security Operations Overview". -**Threat detection dashboard**: +#### Threat detection dashboard 1. Create a dashboard focused on threats: - Recent high-severity alerts @@ -222,7 +208,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. - Failed authentication attempts - Malware detections -**Compliance dashboard**: +#### Compliance dashboard 1. Create a dashboard for compliance reporting: - Security events by type @@ -234,22 +220,7 @@ Create polished, stakeholder-ready dashboards that tell a compelling story. ::: :::: -### Dashboard best practices - -1. **Use Elastic's visualize options**: - - **Lens**: Intuitive drag-and-drop for most visualizations. - - **TSVB**: Time-series data with advanced calculations. - - **Markdown**: Add explanatory text and links. -2. **Add filters**: Let viewers filter by time, host, service, or other dimensions. -3. **Use drill-downs**: Link visualizations to detailed views. -4. **Set refresh intervals**: Auto-refresh dashboards for live monitoring. -5. **Apply consistent styling**: Use the same color schemes and fonts. - -Refer to [dashboard documentation](/explore-analyze/dashboards.md) for advanced features. - -::::: - -:::::{step} Implement advanced features +## Implement advanced features Demonstrate Elastic's powerful capabilities with advanced features. @@ -258,7 +229,7 @@ Demonstrate Elastic's powerful capabilities with advanced features. ::::{tab-set} :::{tab-item} Search -**Implement these advanced search features**: +#### Implement these advanced search features 1. **Relevance tuning**: - Go to **Search** → **Content** → **Elasticsearch indices**. @@ -278,7 +249,7 @@ Demonstrate Elastic's powerful capabilities with advanced features. :::{tab-item} Observability -**Implement these advanced observability features**: +#### Implement these advanced observability features 1. **Service-level objectives (SLOs)**: - Go to **Observability** → **SLOs**. @@ -302,7 +273,7 @@ Refer to [observability features](/solutions/observability.md) for detailed guid :::{tab-item} Security -**Implement these advanced security features**: +#### Implement these advanced security features 1. **Entity analytics**: - Go to **Security** → **Manage** → **Entity risk score**. @@ -327,9 +298,7 @@ Refer to [security capabilities](/solutions/security.md) for more features. ::: :::: -::::: - -:::::{step} Measure and document success metrics +## Measure and document success metrics Quantify the value of your PoC with concrete metrics. @@ -414,55 +383,7 @@ Create a summary document with: 4. **Problems solved**: Specific issues that Elastic helped you address. 5. **Time and cost savings**: Quantify business value. -::::: - -:::::{step} Prepare your PoC presentation - -You've built a compelling PoC—now it's time to present it effectively. - -### Create a presentation structure - -1. **Executive summary** (1-2 slides): - - Problem statement - - Solution overview - - Key results and ROI -2. **Use case overview** (2-3 slides): - - Which Elastic solution you evaluated - - Data sources connected - - Timeline of implementation -3. **Live demo** (5-10 minutes): - - Show your dashboards in action - - Demonstrate key features - - Walk through a real-world scenario -4. **Results and metrics** (2-3 slides): - - Success criteria met - - Quantitative results - - Qualitative benefits -5. **Next steps and recommendations** (1-2 slides): - - Expansion opportunities - - Pricing and licensing options - - Implementation timeline - -### Tips for an effective demo - -- **Tell a story**: Walk through a real problem and how Elastic solves it. -- **Keep it focused**: Show 2-3 key capabilities, not everything. -- **Use real data**: Demonstrate with your actual data, not samples. -- **Prepare for questions**: Anticipate technical and business questions. -- **Have a backup plan**: Record a video in case of technical issues. - -### Presenting to different audiences - -| Audience | Focus on | -|----------|----------| -| **Executives** | ROI, cost savings, business impact, time to value | -| **IT leadership** | Scalability, integration, security, operational efficiency | -| **Technical teams** | Features, APIs, ease of use, troubleshooting capabilities | -| **Security teams** | Threat detection, compliance, incident response | - -::::: - -:::::{step} Plan your expansion +## Plan your expansion Identify what comes next after your successful PoC. @@ -478,23 +399,19 @@ Identify what comes next after your successful PoC. Create a plan for moving forward: -- [ ] Determine production data volume and retention needs -- [ ] Estimate licensing costs based on usage -- [ ] Identify team members who need training -- [ ] Plan data source migration and onboarding -- [ ] Set up production deployment architecture -- [ ] Define ongoing maintenance and support processes +- Determine production data volume and retention needs. +- Estimate licensing costs based on usage. +- Identify team members who need training. +- Plan data source migration and onboarding. +- Set up production deployment architecture. +- Define ongoing maintenance and support processes. ### Getting help with production planning - **[Production guidance](/deploy-manage/production-guidance.md)**: Best practices for production deployments and sizing. - **[Contact sales](https://www.elastic.co/contact)**: Discuss licensing and support options. -::::: - -:::::: - -## Week 2 checklist +## Checklist Before completing your trial, ensure you've: @@ -505,7 +422,7 @@ Before completing your trial, ensure you've: - Prepared a presentation or demo. - Identified next steps and expansion plans. -## Congratulations +## Congratulations! You've completed a comprehensive Elastic trial and built a meaningful proof of concept. You now have: From ffd44fbeba80fa8cd2a2ffbb0ff4c0262bfea486 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Thu, 20 Nov 2025 12:00:02 +0100 Subject: [PATCH 5/8] Refactor --- get-started/evaluate-elastic.md | 302 ++++++++++++++++++ get-started/index.md | 14 +- get-started/toc.yml | 8 +- get-started/trial-choose-use-case.md | 145 --------- get-started/trial-getting-started.md | 85 ----- get-started/trial-week-1.md | 435 -------------------------- get-started/trial-week-2.md | 448 --------------------------- 7 files changed, 309 insertions(+), 1128 deletions(-) create mode 100644 get-started/evaluate-elastic.md delete mode 100644 get-started/trial-choose-use-case.md delete mode 100644 get-started/trial-getting-started.md delete mode 100644 get-started/trial-week-1.md delete mode 100644 get-started/trial-week-2.md diff --git a/get-started/evaluate-elastic.md b/get-started/evaluate-elastic.md new file mode 100644 index 0000000000..6fcabd97c6 --- /dev/null +++ b/get-started/evaluate-elastic.md @@ -0,0 +1,302 @@ +--- +products: + - id: elasticsearch + - id: elastic-stack + - id: observability + - id: security +applies_to: + serverless: + stack: +description: Build a successful proof of concept during your Elastic trial. Learn how to define success criteria, choose the right deployment and use case, measure results, and prepare for production. +--- + +# Evaluate Elastic + +If you're evaluating Elastic during a trial, this guide helps you build a meaningful proof of concept (PoC) that demonstrates clear value to your organization. Rather than prescribing specific technical steps, this guide focuses on the evaluation process itself, helping you make strategic decisions and measure success. + +## What's included + +Your Elastic trial gives you full access to explore our platform's capabilities: + +- All features available across [Search](/solutions/search.md), [{{observability}}](/solutions/observability.md), and [Security](/solutions/security.md) solutions. +- Choice between {{serverless-full}} and {{ech}} deployment types. +- Access to integrations, {{ml-features}}, and advanced analytics. +- Support resources including documentation, community forums, and technical guidance. + +:::{note} +During the trial, deployments have size and capacity limitations. You can increase deployment size after adding billing details. +::: + +## Trial limitations + +While your trial includes full feature access, be aware of these limitations: + +- Trial duration varies by deployment type: + - {{serverless-short}} projects: 14-day free trial (refer to [trial information](/deploy-manage/deploy/elastic-cloud/create-an-organization.md#general-sign-up-trial-what-is-included-in-my-trial)) + - Self-managed clusters: 30-day trial (refer to [license documentation](/deploy-manage/license.md)) + - Cloud deployments through marketplaces may have different durations (refer to [subscribe from a marketplace](/deploy-manage/deploy/elastic-cloud/subscribe-from-marketplace.md)) +- Data ingested during the trial remains accessible, but consider your evaluation timeline. +- Trial deployments have size and capacity limitations compared to production environments. + +For detailed information about features and licensing: + +- [License and support levels](/deploy-manage/license.md): Understand the different license tiers and what they include. +- [Billing documentation](/deploy-manage/cloud-organization/billing.md): Learn how billing works when moving from trial to production. + +## Before you begin + +Two foundational decisions shape your evaluation: which deployment type to use and which use case to focus on first. + +### Choose your deployment type + +Elastic offers two primary deployment options on {{ecloud}}. For most evaluations, we recommend starting with one approach and focusing your PoC there. + +**{{serverless-short}} (Recommended for evaluations)**: + +- Fully managed with automatic scaling. +- Simplified configuration and maintenance. +- Project-based organization. +- Ideal for focusing on capabilities rather than infrastructure management. + +**{{ech}}**: + +- More control over cluster configuration and sizing. +- Traditional {{es}} architecture. +- Ideal for evaluating specific infrastructure requirements or migrating from self-managed deployments. + +For detailed comparisons: + +- [Deployment comparison](/deploy-manage/deploy/deployment-comparison.md): Side-by-side feature and capability comparison. +- [Differences from other {{es}} offerings](/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md): Understand how {{ecloud}} differs from self-managed deployments. + +:::{tip} +For most evaluations, {{serverless-short}} provides the fastest path to demonstrating value. You can always explore hosted options later or migrate to production with different requirements. +::: + +### Identify your primary use case + +Choose one use case to focus your initial evaluation. You can always expand to additional use cases after establishing initial success. + +| Your challenge | Primary use case | +|----------------|-----------------| +| Users struggle to find relevant information across systems | **Search** | +| Need to build fast, relevant search experiences for applications or websites | **Search** | +| Limited visibility into application performance or system health | **Observability** | +| Slow incident response and troubleshooting | **Observability** | +| Need to detect and respond to security threats | **Security** | +| Security logs are difficult to analyze or correlate | **Security** | +| Compliance requires centralized security monitoring | **Security** | + +To learn more about each solution, refer to the following sections: + +- [Solutions overview](/solutions/index.md): Learn about the different solutions and use cases. +- [Search solutions](/solutions/search.md): Enterprise search, website search, and search-powered applications. +- [Observability solutions](/solutions/observability.md): APM, infrastructure monitoring, log management, and synthetic monitoring. +- [Security solutions](/solutions/security.md): SIEM, endpoint security, threat detection, and incident response. + +## Build your proof of concept + +A successful PoC demonstrates clear value and helps you make an informed decision about adopting Elastic. Follow this framework to structure your evaluation. + +Before starting technical work, establish what success looks like for your organization. + +- What specific problem are you trying to solve? +- Who are the stakeholders who will evaluate the results? +- What metrics matter most to your organization? +- What would make this evaluation successful in the eyes of decision-makers? + +### Example success criteria by use case + +For **Search**: +- Reduce time to find information by X%. +- Index and search Y documents with sub-second response times. +- Demonstrate relevance tuning for domain-specific searches. + +For **Observability**: +- Reduce mean time to detect (MTTD) incidents by X minutes. +- Gain visibility into application performance across Y services. +- Centralize logs from Z disparate systems. + +For **Security**: +- Detect X types of threats that current tools miss. +- Reduce investigation time by Y%. +- Demonstrate compliance reporting for Z requirements. + +### Suggested evaluation timeline + +Most trials run for two weeks. Here's a suggested approach to maximize your evaluation time. + +#### Week 1: Foundation and initial value + +**Goals**: +- Set up your deployment. +- Connect your first data sources. +- Demonstrate basic capabilities. +- Validate that Elastic can address your use case. + +**Getting started by use case**: + +For **Search**: +1. Review [Search getting started guide](/solutions/search/get-started.md). +2. Ingest sample data or connect a data source. +3. Build basic search queries and test relevance. +4. Create simple visualizations of your data. + +For **Observability**: +1. Review [Observability getting started guide](/solutions/observability/get-started.md). +2. Deploy Elastic Agent to monitor 1-2 hosts or services. +3. Collect logs from a critical application. +4. Explore metrics and logs in Kibana. + +For **Security**: +1. Review [Security getting started guide](/solutions/security/get-started.md). +2. [Ingest security data](/solutions/security/get-started/ingest-data-to-elastic-security.md) from your environment. +3. Deploy Elastic Defend to protect critical endpoints. +4. Enable prebuilt detection rules. +5. Investigate sample security events. + +**Documentation paths**: +- [Data ingestion overview](/manage-data/ingest.md): Learn how to bring data into Elastic. +- [Fleet and Elastic Agent](/reference/fleet/index.md): Learn about Elastic Agent and integrations for connecting data sources. +- [Discover data in Kibana](/explore-analyze/discover.md): Learn to explore and search your data. + +#### Week 2: Expansion and measurement + +**Goals**: +- Add additional data sources. +- Create stakeholder-ready dashboards. +- Implement key features (alerts, ML, custom queries). +- Measure against your success criteria. +- Document results for decision-makers. + +**Recommended activities**: + +**Expand your data coverage**: +- Add 2-3 additional data sources relevant to your use case. +- Refer to [Fleet integrations](/reference/fleet/manage-integrations.md) for available integrations. + +**Build compelling visualizations**: +- Create dashboards that answer key stakeholder questions. +- Refer to [Dashboard documentation](/explore-analyze/dashboards.md) for guidance. +- Focus on metrics that demonstrate clear business value. + +**Implement alerting**: +- Set up alerts for critical conditions or thresholds. +- Refer to [Alerting documentation](/explore-analyze/alerts-cases.md) for configuration options. + +**Measure and document**: +- Compare results against your success criteria. +- Capture screenshots and examples. +- Quantify time savings, efficiency gains, or risk reduction. + +### Administrative considerations for evaluations + +Beyond technical capabilities, consider these operational and business aspects during your evaluation. + +#### Understanding costs + +Familiarize yourself with Elastic's pricing and billing model: + +- [Billing documentation](/deploy-manage/cloud-organization/billing.md): Understand how Elastic Cloud billing works. +- [Deployment sizing](/deploy-manage/production-guidance.md): Learn about capacity planning for production. + +Consider: + +- What will your expected data volume be in production? +- How many users will need access? +- What retention requirements do you have? + +#### User and access management + +If you're building a PoC to share with stakeholders: + +- [Users and roles documentation](/deploy-manage/users-roles.md): Set up appropriate access controls. +- Create demo accounts for stakeholders with appropriate permissions. +- Consider role-based access for different organizational needs. + +#### Planning for production + +Even during evaluation, think ahead to production requirements: + +- [Production guidance](/deploy-manage/production-guidance.md): Best practices for production deployments. +- [High availability and disaster recovery](/deploy-manage/distributed-architecture.md): Understand resilience options. +- [Security best practices](/deploy-manage/security.md): Plan for secure production deployment. + +## Measuring success + +Document your results to demonstrate value to decision-makers. + +### Quantitative metrics + +Capture concrete numbers that demonstrate impact: + +**Performance metrics**: +- Response times (search queries, dashboard load times). +- Data ingestion rates and volumes. +- Query performance at scale. + +**Operational metrics**: +- Time saved on common tasks. +- Reduction in mean time to detect (MTTD) or mean time to respond (MTTR). +- Number of systems or data sources consolidated. + +**Business impact metrics**: +- Cost savings from operational efficiency. +- Risk reduction from improved visibility or security. +- Productivity improvements from better search or monitoring. + +### Qualitative assessment + +Document the experience and capabilities: + +- Ease of setup and configuration. +- Learning curve for your team. +- Quality of documentation and support resources. +- Fit with existing workflows and tools. + +### Preparing your findings + +Create a summary document or presentation that includes: + +1. The challenge you set out to address. +2. What you evaluated and how. +3. Metrics and outcomes achieved during the PoC. +4. Screenshots, dashboards, or specific use cases. +5. Next steps and production readiness. + +## Next steps after your trial + +When you're ready to move beyond evaluation: + +1.Based on your PoC, determine production sizing needs. +2. Review [license documentation](/deploy-manage/license.md) to choose the right tier. +3. If moving from trial to production, plan data migration and configuration transfer. +4. Discuss your evaluation results and production requirements with the Elastic team. + +### Expanding your implementation + +After proving value with one use case: + +- Consider adding complementary solutions (for example, Observability + Security). +- Expand data sources and integrations. +- Implement advanced features (ML, custom applications, APIs). +- Onboard additional teams and users. + +### Getting help + +Resources available to support your evaluation and production planning: + +- **[Elastic Community forums](https://discuss.elastic.co/)**: Ask questions and learn from other users. +- **[Elastic training and certification](https://www.elastic.co/training)**: Develop team expertise with official courses. +- **[Professional services](https://www.elastic.co/services)**: Get expert help with implementation and optimization. +- **[Customer success stories](https://www.elastic.co/customers/success-stories)**: Learn from organizations with similar use cases. + +## Additional resources + +Continue exploring Elastic's capabilities: + +- **[Solutions overview](/solutions/index.md)**: Deep dive into Search, Observability, and Security capabilities. +- **[Deploy and manage guide](/deploy-manage/index.md)**: Comprehensive deployment and operational guidance. +- **[Manage data guide](/manage-data/index.md)**: Learn about data ingestion, storage, and lifecycle management. +- **[Explore and analyze guide](/explore-analyze/index.md)**: Master Kibana's visualization and analysis tools. + diff --git a/get-started/index.md b/get-started/index.md index 1b1d0549c3..69d53e711c 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -19,17 +19,13 @@ description: Learn the fundamentals of Elastic. Discover what Elastic offers, ex # Get started -Welcome! Whether you're starting a trial or exploring what Elastic has to offer, this section helps you understand our platform and get the most value from your experience. +Welcome to Elastic fundamentals. This section helps you understand our platform, learn core concepts, and explore deployment options. -## On a trial? Start here - -If you've started an Elastic trial and want a guided, hands-on experience to build a proof of concept: - -**[Get started with your Elastic trial](/get-started/trial-getting-started.md)**: Follow our step-by-step tutorial designed specifically for trial users. Set up your environment, select a use case, connect data sources, and build a proof of concept. - -## Elastic fundamentals +:::{tip} Evaluating Elastic? +If you're on a trial and need guidance on building a proof of concept, refer to [Evaluate Elastic](/get-started/evaluate-elastic.md). +::: -In this section, we'll walk you through the basics of what our products offer, what they do, how they can help your business, and how to set them up. You'll get a quick look at the core features and concepts, real-world use cases, and deployment options to understand how everything fits together. +In this section, we'll walk you through the basics of what our products offer, what they do, how they can help your business, and how to set them up. You'll get a quick look at the core features and concepts, real-world use cases, and deployment options to understand how everything fits together. You'll also find other helpful information, such as how to use our docs, training resources, and a link to our glossary so you can familiarize yourself with our terminology. diff --git a/get-started/toc.yml b/get-started/toc.yml index e0fbcd08f1..e870d25e9a 100644 --- a/get-started/toc.yml +++ b/get-started/toc.yml @@ -1,15 +1,11 @@ -project: 'Get started' +project: 'Elastic Fundamentals' toc: - file: index.md - - file: trial-getting-started.md - children: - - file: trial-choose-use-case.md - - file: trial-week-1.md - - file: trial-week-2.md - file: introduction.md - file: the-stack.md - file: deployment-options.md - file: versioning-availability.md + - file: evaluate-elastic.md - file: howto-use-the-docs.md - title: Glossary crosslink: docs-content://reference/glossary/index.md \ No newline at end of file diff --git a/get-started/trial-choose-use-case.md b/get-started/trial-choose-use-case.md deleted file mode 100644 index 8f6e917dc1..0000000000 --- a/get-started/trial-choose-use-case.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -products: - - id: elasticsearch - - id: elastic-stack - - id: observability - - id: security -applies_to: - serverless: - stack: -description: Choose the right Elastic solution for your organization. Compare search, observability, and security use cases to identify the best starting point for your trial. ---- - -# Choose your use case - -Choosing the right use case for your trial is crucial to demonstrating value quickly. Elastic offers three primary solutions, each designed for specific organizational needs. This guide helps you identify which solution best addresses your immediate challenges. - -## Quick decision guide - -Answer these questions to identify your primary use case: - -| Question | Use case | -|----------|----------------| -| Do you need to build search experiences for users or search large volumes of data? | **Search** | -| Are you troubleshooting application performance, system health, or infrastructure issues? | **Observability** | -| Do you need to detect, investigate, or respond to security threats? | **Security** | -| Are you trying to understand user behavior or analyze business data? | **Search** or **Observability** | -| Do you need to monitor compliance or audit access to systems? | **Security** | - -## Solution overview - -### Elasticsearch (search) - -**Best for**: Building search experiences, analyzing business data, and gaining insights from large datasets. - -**Common use cases**: -- Website or application search -- E-commerce product catalogs -- Enterprise knowledge management -- Log and event search -- Business analytics and dashboards -- Full-text search across documents - -**Your organization might need this if**: -- Users struggle to find information across multiple systems. -- You need to search and analyze large volumes of unstructured data. -- You're building an application that requires fast, relevant search. -- You want to create custom analytics dashboards for business data. - -**What you will build in your trial**: -- A searchable index of your data (documents, products, or events). -- Custom search queries with filters and relevance tuning. -- Basic analytics and visualizations. -- An efficient search interface or dashboard. - -**Time to value**: See search results within 1-2 hours of ingesting data. - -### Elastic Observability - -**Best for**: Monitoring applications, infrastructure, and services to ensure reliability and performance. - -**Common use cases**: -- Application performance monitoring (APM) -- Infrastructure and container monitoring -- Log aggregation and analysis -- Service-level objective (SLO) tracking -- Incident investigation and root cause analysis -- Real user monitoring (RUM) - -**Your organization might need this if**: -- Applications are slow or experiencing errors. -- You have limited visibility into system performance. -- Logs exist across multiple systems. -- You need to meet service-level agreements (SLAs) or track system uptime. -- Troubleshooting incidents takes too long. - -**What you will build in your trial**: -- Monitoring for 2-3 key services or hosts. -- Log aggregation from critical applications. -- Performance dashboards and health metrics. -- Alerting for important thresholds. -- APM instrumentation for one application. - -**Time to value**: See metrics and logs within 30 minutes to 1 hour. - -### Elastic Security - -**Best for**: Detecting, investigating, and responding to security threats and vulnerabilities. - -**Common use cases**: -- Security information and event management (SIEM) -- Endpoint protection and detection (EDR) -- Threat hunting and investigation -- Vulnerability management -- Security analytics and reporting -- Compliance monitoring - -**Your organization might need this if**: -- You need to detect and respond to security threats. -- Security logs are difficult to analyze. -- You want to monitor for suspicious activity. -- Compliance requires security event tracking. -- Incident response is manual and time-consuming. - -**What you will build in your trial**: -- Security data ingestion from key systems (endpoints, network, cloud). -- Detection rules for common threats. -- Security dashboards and timelines. -- Alert workflows and case management. -- Basic threat hunting capabilities. - -**Time to value**: See security events and detections within 1-2 hours. - -## Multi-solution approaches - -Many organizations benefit from multiple Elastic solutions working together. However, for your trial, we recommend starting with one primary use case to demonstrate clear value quickly. - -### Common combinations - -After your initial PoC, consider these complementary solutions: - -- Observability and Security: Monitor application health and detect security threats in the same platform. -- Search and Observability: Build search experiences while monitoring application performance. -- Security and Search: Search security events while maintaining threat detection capabilities. - -## Next steps - -After you've selected your use case: - -1. Review the solution documentation: - - [Search documentation](/solutions/search.md) - - [Observability documentation](/solutions/observability.md) - - [Security documentation](/solutions/security.md) - -2. Continue to Week 1: [Week 1: Foundation and first use case](/get-started/trial-week-1.md) to start building your PoC. - -:::{tip} -You can always expand to additional use cases after your initial PoC. Many successful Elastic implementations start with one solution and grow into comprehensive platforms that address multiple needs. -::: - -## Need more guidance - -- [Solutions overview](/get-started/introduction.md): Detailed comparison of all three solutions. -- [Customer success stories](https://www.elastic.co/customers/success-stories): Learn how other organizations use Elastic. -- [Contact sales](https://www.elastic.co/contact): Speak with a specialist about your specific needs. - diff --git a/get-started/trial-getting-started.md b/get-started/trial-getting-started.md deleted file mode 100644 index 7d932cc375..0000000000 --- a/get-started/trial-getting-started.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -products: - - id: elasticsearch - - id: elastic-stack - - id: observability - - id: security -applies_to: - serverless: - stack: -description: Start your Elastic trial with confidence. This step-by-step guide helps you set up your environment, choose a use case, and build a proof of concept within your trial period. -navigation_title: Get started with the Elastic trial ---- - -# Get started with your Elastic trial - -Welcome to Elastic. You've started your free trial, and now it's time to explore what Elastic can do for your organization. This guide provides a structured path to help you make the most of your trial period, understand Elastic's capabilities, and build a meaningful proof of concept (PoC) that demonstrates value to your team. - -By following this guide, you will: - -- Set up your Elastic environment in minutes. -- Choose the right use case for your organization (search, observability, or security). -- Ingest real data from your systems. -- Build a working PoC that solves a real problem. -- Define and measure success metrics to demonstrate return on investment (ROI). -- Identify next steps for expanding your implementation. - -## Before you begin - -You need the following to complete this tutorial: - -- Access to your Elastic trial (if you haven't signed up yet, start at [elastic.co/cloud/trial](https://www.elastic.co/cloud/elasticsearch-service/signup)). -- Basic familiarity with your chosen use case domain (searching data, monitoring systems, or security analysis). -- Access to data sources you want to connect (applications, logs, metrics, or security events). - -:::{tip} -Set aside focused time blocks to work through this tutorial. You get the most value by following the week-by-week structure rather than rushing through everything at once. -::: - -## Your trial roadmap - -This tutorial fits within your trial period, with clear milestones for each week. - -### Week 1: Foundation and first use case - -Focus on getting up and running quickly with your primary use case. - -**[Week 1: Foundation and first use case](/get-started/trial-week-1.md)**: Set up your deployment, connect your first data source, and start seeing value immediately. - -**Time commitment**: 2-4 hours to complete core setup. - -### Week 2: Expand and evaluate - -Build on your foundation by expanding your PoC and preparing for team evaluation. - -**[Week 2: Expand and evaluate](/get-started/trial-week-2.md)**: Add additional data sources, create dashboards, set up alerts, and measure success metrics. - -**Time commitment**: 3-5 hours to expand and refine. - -## Building your proof of concept - -A successful proof of concept (PoC) demonstrates clear value and helps you make an informed decision about adopting Elastic. Throughout this tutorial, you'll learn how to define success criteria, identify key stakeholders, and measure results that matter to your organization. - -## Choosing your use case - -Not sure which use case is right for you? Refer to **[Choose your use case](/get-started/trial-choose-use-case.md)** to understand the differences between search, observability, and security solutions, and select the best starting point for your needs. - -## Need help - -Throughout your trial, you have access to the following resources: - -- **[Elastic Community](https://discuss.elastic.co/)**: Ask questions and learn from other users. -- **[Elastic Training](https://www.elastic.co/training)**: Free courses and certification paths. -- **[Support resources](https://www.elastic.co/support)**: Documentation, guides, and troubleshooting help. -- **Sales and technical support**: Contact your trial specialist for personalized guidance. - -## Alternative learning paths - -If you're not ready for a trial or want to explore Elastic's fundamentals first: - -- [Elastic fundamentals](/get-started/index.md): Understand core concepts, architecture, and deployment options. -- [Solutions and use cases](/solutions/index.md): Deep dive into specific solution capabilities. -- [Demo gallery](https://www.elastic.co/demo-gallery): Watch demonstrations of key features. -- [Beginner's crash course](https://www.youtube.com/playlist?list=PL_mJOmq4zsHZYAyK606y7wjQtC0aoE6Es): Video series covering Elastic basics. - - diff --git a/get-started/trial-week-1.md b/get-started/trial-week-1.md deleted file mode 100644 index 602dbdbf34..0000000000 --- a/get-started/trial-week-1.md +++ /dev/null @@ -1,435 +0,0 @@ ---- -products: - - id: elasticsearch - - id: elastic-stack - - id: observability - - id: security -applies_to: - serverless: - stack: -description: Week 1 of your Elastic trial. Set up your deployment, connect your first data source, and start seeing value within hours. ---- - -# Week 1: Foundation and first use case - -Week 1 focuses on getting your Elastic environment up and running quickly and demonstrating initial value with your chosen use case. By the end of this week, you will have data flowing into Elastic and be able to search, visualize, or monitor it effectively. - -By the end of this week, you will have: - -- Set up your Elastic deployment. -- Connect your first data source. -- Explore data in Kibana. -- Create your first visualization or dashboard. -- Set up basic alerting (optional but recommended). - -**Estimated time**: 2-4 hours total. - -## Set up your deployment - -::::::{stepper} - -:::::{step} Choose your deployment type - -When you start your trial, select a deployment type: - -- {{serverless-full}} (Recommended for trials): Fully managed, auto-scaling, simplified configuration. -- {{ech}}: Fully managed with more control over configuration and sizing. - -:::{tip} -For most trials, {{serverless-short}} provides the fastest path to value with minimal configuration overhead. -::: - -::::: - -:::::{step} Create your deployment - -Create your deployment by following these steps: - -1. Log in to your Elastic Cloud account at [cloud.elastic.co](https://cloud.elastic.co). -2. Click **Create deployment** or **Create project** (for serverless). -3. Select your solution type: - - **Elasticsearch** for search use cases - - **Observability** for monitoring applications and infrastructure - - **Security** for threat detection and security analytics -4. Choose your cloud provider and region (select the region closest to your data sources). -5. Click **Create**. - -Your deployment will be ready in 1-2 minutes. **Save your credentials** when prompted. - -::::: - -:::::{step} Access Kibana - -Once your deployment is ready: - -1. Select **Open Kibana** from your deployment overview. -2. Log in with your saved credentials. - -:::{tip} -Bookmark your Kibana URL for easy access throughout your trial. -::: - -::::: -:::::: - -## Connect your first data source - -Choose the path based on your use case: - -::::{tab-set} -:::{tab-item} Search - -Your goal is to index data that you want to search and analyze. Choose one method: - -#### Option A: Upload a file (Quickest start) - -Best for: CSV, JSON, or log files you have on hand. - -1. In Kibana, go to **Management** → **Integrations**. -2. Search for "Upload file" and select it. -3. Drag your file or browse to select it. -4. Review the field mappings and adjust as needed. -5. Select **Import** and name your index. - -If you don't have data ready, Kibana includes sample datasets. Go to **Home** → **Try sample data** and add the "Sample web logs" or "Sample eCommerce orders" dataset. - -#### Option B: Use an integration - -Best for: Connecting to existing systems (databases, APIs, applications). - -1. Go to **Management** → **Integrations**. -2. Browse or search for your data source (examples: PostgreSQL, MongoDB, MySQL, Apache, nginx). -3. Select **Add** and follow the configuration steps. -4. Verify data is flowing by checking the integration status. - -#### Option C: Use the API - -Best for: Custom applications or programmatic data ingestion. - -1. Generate an API key in Kibana (**Management** → **API keys**). -2. Use the Elasticsearch REST API to index documents: - -```bash -curl -X POST "https://your-deployment.elastic.cloud:9200/your-index/_doc" \ - -H "Authorization: ApiKey your-api-key" \ - -H "Content-Type: application/json" \ - -d '{ - "title": "Example document", - "content": "This is a test document for search", - "timestamp": "2024-11-17T10:00:00Z" - }' -``` - -3. Refer to the [Elasticsearch index API documentation](/manage-data/data-store/index-basics.md) for more options. - -#### Verify your data - -1. Go to **Analytics** → **Discover** in Kibana. -2. Select your index or data view. -3. Check that your documents are listed with all their fields. - -If you don't find your data, check your integration status or indexing logs. - -::: - -:::{tab-item} Observability - -Your goal is to collect logs, metrics, and traces from your systems. Choose one method: - -#### Option A: Monitor infrastructure (Easiest) - -Best for: Getting started quickly with system metrics. - -1. In Kibana, go to **Management** → **Integrations**. -2. Search for "System" and select the **System integration**. -3. Click **Add System**. -4. **Install Elastic Agent** on a host you want to monitor: - - Copy the installation command shown in Kibana. - - Run it on your Linux, Windows, or macOS host. - - The agent will automatically start collecting metrics. -5. Wait 1-2 minutes for data to appear. -6. Go to **Observability** → **Infrastructure** to see your host. - -#### Option B: Collect application logs - -Best for: Aggregating logs from applications or services. - -1. Go to **Management** → **Integrations**. -2. Search for your log source: - - **Custom logs** for generic log files - - Specific integrations for Apache, nginx, MySQL, PostgreSQL, and so on. -3. Select **Add** and configure the log file paths. -4. Install or configure Elastic Agent to collect the logs. -5. Go to **Observability** → **Logs** → **Stream** to see incoming logs. - -#### Option C: Monitor an application (APM) - -Best for: Understanding application performance and errors. - -1. Go to **Observability** → **Applications** → **APM**. -2. Select **Add data**. -3. Select your application language (Java, Node.js, Python, .NET, and so on). -4. Follow the instrumentation instructions to add the APM agent to your application code. -5. Restart your application. -6. Generate some traffic to your application. -7. Return to **Applications** in Kibana to view traces and metrics. - -Refer to [APM documentation](/solutions/observability/apm/index.md) for detailed setup instructions. - -#### Verify your data - -1. Go to **Observability** → **Overview**. -2. You should see metrics, logs, or traces depending on what you configured. -3. Click into **Infrastructure**, **Logs**, or **Applications** for detailed views. - -::: - -:::{tab-item} Security - -Your goal is to collect security events from endpoints, networks, and cloud services. Choose your starting point: - -#### Option A: Monitor endpoints (Recommended) - -Best for: Detecting threats on laptops, desktops, and servers. - -1. In Kibana, go to **Management** → **Integrations**. -2. Search for "Endpoint Security" and select **Elastic Defend**. -3. Select **Add Elastic Defend**. -4. Create an integration policy with default protection settings. -5. **Install Elastic Agent with Elastic Defend** on endpoints: - - Copy the installation command from Kibana. - - Run it on Windows, macOS, or Linux endpoints. - - The agent will install and begin protecting the endpoint. -6. Wait 1-2 minutes for the endpoint to appear in Kibana. -7. Go to **Security** → **Manage** → **Endpoints** to see protected hosts. - -#### Option B: Collect security logs - -Best for: Ingesting logs from firewalls, cloud providers, or security tools. - -1. Go to **Management** → **Integrations**. -2. Search for your security data source: - - AWS CloudTrail, Azure Activity Logs, Google Cloud Audit Logs - - Palo Alto Networks, Cisco, Fortinet - - Okta, Azure AD, Google Workspace -3. Selec **Add** and follow the configuration steps for your provider. -4. Verify data is flowing by checking the integration status. - -#### Option C: Collect network traffic - -Best for: Monitoring network activity for threats. - -1. Go to **Management** → **Integrations**. -2. Search for "Network Packet Capture" or "Packetbeat". -3. Install Elastic Agent with the network integration on a host that can capture traffic. -4. Configure network interfaces to monitor. -5. Go to **Security** → **Network** to see network flows. - -#### Verify your data - -1. Go to **Security** → **Overview**. -2. You should see security events and alerts. -3. Explore **Alerts**, **Hosts**, **Network**, or **Users** tabs for detailed information. - -::: -:::: - -## Explore your data - -Now that data is flowing, let's explore it in Kibana. - -::::{tab-set} -:::{tab-item} Search - -#### Explore with Discover - -1. Go to **Analytics** → **Discover**. -2. Select your index pattern or data view. -3. **Try searching**: - - Enter keywords in the search bar. For example, "error" or "user login". - - Use the query language for more precision. For example, `status:200 AND method:GET`. -4. **Filter data**: - - Select field values to add filters. - - Use the time picker to focus on specific time ranges. -5. **Analyze fields**: - - Expand a document to view all fields. - - Select fields in the sidebar to view value distributions. -3. Choose a visualization type (try "Lens" for an intuitive drag-and-drop experience). -4. Select your data source. -5. Drag fields onto the canvas: - - Add dimensions. For example, time or categories. - - Add metrics. For example, count, sum, or average. -6. Customize colors, labels, and formatting. -7. Select **Save** and name your visualization. - -::: - -:::{tab-item} Observability - -#### Explore logs - -1. Go to **Observability** → **Logs** → **Stream**. -2. **Filter logs**: - - Use the search bar to find specific messages. - - Filter by host, service, or log level. -3. **View log details**: Select a log entry to see all fields and context. - -#### Explore metrics - -1. Go to **Observability** → **Infrastructure**. -2. View your hosts with CPU, memory, and disk metrics. -3. Select a host to view detailed metrics. -4. Switch views to view containers, Kubernetes pods, or services. - -#### Explore APM (if configured) - -1. Go to **Observability** → **Applications**. -2. Select your service. -3. View latency, throughput, and error rates. -4. Select a transaction to view traces and spans. - -#### Create an observability dashboard - -1. Go to **Analytics** → **Dashboards**. -2. Click **Create dashboard**. -3. Click **Add panel** and choose a visualization type. -4. Select your observability data source. -5. Build visualizations for: - - Error rates over time - - Response time trends - - Resource utilization (CPU, memory) -6. Arrange panels and save your dashboard. - -::: - -:::{tab-item} Security - -#### Explore security events - -1. Go to **Security** → **Explore** → **Events**. -2. **Filter events**: - - Use the search bar or KQL to find specific activity. - - Filter by host, user, process, or event type. -3. **Analyze an event**: Click on an event to see all details. - -#### View alerts - -1. Go to **Security** → **Alerts**. -2. Review any alerts that have been generated by default detection rules. -3. Click on an alert to investigate further. - -#### Explore the security dashboard - -1. Go to **Security** → **Overview**. -2. View the pre-built security dashboards showing: - - Alert trends - - Host and user activity - - Network connections - - Top threats and events - -#### Create a custom security query - -1. Go to **Security** → **Timelines**. -2. Select **Create timeline**. -3. Add filters and queries to hunt for specific activity: - - Example: `process.name: "powershell.exe" AND event.action: "network-connection"` -4. Save your timeline for future investigations. - -::: -:::: - -## Set up alerting (Optional) - -Alerts help you stay informed about important events or conditions. - -### Create a simple alert - -::::{tab-set} -:::{tab-item} Search - -1. Go to **Management** → **Stack Management** → **Rules**. -2. Click **Create rule**. -3. Select **Elasticsearch query** rule type. -4. Define your query (for example, `error:true`). -5. Set threshold conditions (for example, "more than 10 matches in 5 minutes"). -6. Configure actions (for example, send an email or Slack message). -7. Save and enable the rule. - -Refer to [alerting documentation](/solutions/observability/incident-management/alerting.md) for more options. - -::: - -:::{tab-item} Observability - -1. Go to **Observability** → **Alerts**. -2. Click **Manage Rules** → **Create rule**. -3. Choose a rule type: - - **Metric threshold**: Alert when CPU, memory, or custom metrics exceed limits. - - **Log threshold**: Alert on specific log patterns. - - **APM**: Alert on high error rates or slow transactions. -4. Define your conditions and thresholds. -5. Configure connectors (email, Slack, PagerDuty). -6. Save and enable the rule. - -Refer to [observability alerting](/solutions/observability/incident-management/alerting.md) for detailed configuration. - -::: - -:::{tab-item} Security - -1. Go to **Security** → **Rules**. -2. Click **Detection rules (SIEM)**. -3. **Enable prebuilt rules**: - - Browse the rules library. - - Enable 3-5 rules relevant to your environment (for example, "Unusual Login Activity", "Suspicious Process Execution"). -4. Go back to **Alerts** to see any triggered alerts. - -You can also create custom rules: - -1. Click **Create new rule**. -2. Choose a rule type (query, threshold, machine learning, indicator match). -3. Define detection logic. -4. Set severity and risk scores. -5. Enable the rule. - -Refer to [security detection rules](/solutions/security/detect-and-alert/about-detection-rules.md) for more information. - -::: -:::: - -## Document your progress - -At the end of Week 1, take a moment to document: - -- **Data sources connected**: List what data you're ingesting. -- **Initial insights**: What did you learn from exploring the data? -- **Visualizations created**: Screenshots or links to dashboards. -- **Alerts configured**: What conditions are you monitoring? -- **Challenges encountered**: Note any issues for follow-up. - -This documentation might be valuable when presenting your PoC to stakeholders. - -## Checklist - -Before moving to Week 2, ensure you've completed: - -- Deployment is running and accessible. -- At least one data source is connected and sending data. -- You can search or view your data in Kibana. -- You've created at least one visualization or dashboard. -- (Optional) You've configured at least one alert. - -## Next steps - -Great work. You've established your foundation. Now it's time to expand your PoC and demonstrate deeper value. - -**Continue to [Week 2](/get-started/trial-week-2.md)** to add more data sources, refine your dashboards, and prepare for stakeholder evaluation. - -## Need help - -If you encountered issues during Week 1: - -- [Troubleshooting documentation](/troubleshoot/index.md): Common issues and solutions. -- [Elastic Community forums](https://discuss.elastic.co/): Ask questions and get help from the community. -- Contact support: Reach out to your trial specialist for personalized assistance. - diff --git a/get-started/trial-week-2.md b/get-started/trial-week-2.md deleted file mode 100644 index 91b6949e0f..0000000000 --- a/get-started/trial-week-2.md +++ /dev/null @@ -1,448 +0,0 @@ ---- -products: - - id: elasticsearch - - id: elastic-stack - - id: observability - - id: security -applies_to: - serverless: - stack: -description: Week 2 of your Elastic trial. Expand your PoC, refine dashboards, measure success metrics, and prepare for team evaluation. ---- - -# Week 2: Expand and evaluate - -In Week 2, you will build on your foundation by expanding data sources, refining visualizations, and measuring success metrics. By the end of this week, you will have a compelling proof of concept (PoC) ready to demonstrate to stakeholders. - -By the end of this week, you will have: - -- Added 1-2 additional data sources. -- Created polished dashboards for stakeholders. -- Implemented advanced features (alerts, ML, custom queries). -- Measured and documented success metrics. -- Prepared your PoC presentation. -- Identified next steps and expansion plans. - -**Estimated time**: 3-5 hours total. - -## Expand your data sources - -Now that you're comfortable with Elastic, add more data to demonstrate broader capabilities. - -### Choose additional sources strategically - -Select data sources that: - -- Complement your Week 1 implementation. -- Address additional stakeholder needs. -- Demonstrate Elastic's integration capabilities. -- Provide more complete visibility. - -### Add data sources - -::::{tab-set} -:::{tab-item} Search - -#### Expand your search capabilities - -1. **Add another data type**: - - If you started with documents, add product catalogs or user data. - - If you started with logs, add application events or metrics. -2. **Connect multiple sources**: - - Go to **Management** → **Integrations**. - - Add 1-2 more integrations relevant to your use case. - - Create cross-index searches using multiple data views. -3. **Enrich your data**: - - Use ingest pipelines to add calculated fields. - - Go to **Management** → **Ingest Pipelines** → **Create pipeline**. - - Add processors to enrich, transform, or parse data. - -**Example expansions**: -- E-commerce: Add user behavior data alongside product catalog. -- Content management: Add user profiles alongside documents. -- Log analysis: Add application metrics alongside log data. - -Refer to [data ingestion documentation](/manage-data/ingest.md) for advanced techniques. - -::: - -:::{tab-item} Observability - -#### Expand your observability coverage - -1. **Add more hosts or services**: - - Install Elastic Agent on 2-3 additional critical hosts. - - Monitor a diverse set of services (web servers, databases, applications). -2. **Add APM to another application**: - - If you haven't yet, instrument an application with APM. - - Monitor both frontend (RUM) and backend services. -3. **Collect additional log sources**: - - Add logs from databases, load balancers, or message queues. - - Centralize logs from multiple applications. -4. **Enable uptime monitoring**: - - Go to **Observability** → **Uptime**. - - Add synthetic monitors to check endpoint availability. - - Monitor APIs, websites, or internal services. - -**Example expansions**: -- Monitor web tier, application tier, and database tier. -- Combine infrastructure metrics with application traces. -- Add cloud service metrics (AWS CloudWatch, Azure Monitor). - -Refer to [observability get started](/solutions/observability/get-started.md) for more options. - -::: - -:::{tab-item} Security - -#### Expand your security coverage - -1. **Add more endpoints**: - - Deploy Elastic Defend to additional critical hosts. - - Cover different OS types (Windows, macOS, Linux). -2. **Add cloud security logs**: - - Connect AWS CloudTrail, Azure AD, or Google Cloud Audit Logs. - - Go to **Management** → **Integrations** and search for your cloud provider. -3. **Add network or firewall logs**: - - Ingest logs from firewalls, proxies, or DNS servers. - - Provides network-level threat visibility. -4. **Enable additional security features**: - - **Host risk scoring**: Identify high-risk hosts. - - **User risk scoring**: Identify compromised accounts. - - **Entity analytics**: Track user and host behavior. - -**Example expansions**: -- Combine endpoint data with cloud security logs. -- Add authentication logs (Okta, Azure AD) for identity monitoring. -- Include firewall logs for network threat detection. - -Refer to [security detection and alerting](/solutions/security/detect-and-alert.md) for integration options. - -::: -:::: - -## Refine dashboards and visualizations - -Create polished, stakeholder-ready dashboards that tell a compelling story. - -### Create stakeholder dashboards - -::::{tab-set} -:::{tab-item} Search - -#### Search performance dashboard - -1. Go to **Analytics** → **Dashboards** → **Create dashboard**. -2. Add visualizations that show: - - **Total searches performed** (metric visualization) - - **Search latency over time** (line chart) - - **Top search queries** (table or tag cloud) - - **Search result relevance** (if tracking clicks or conversions) - - **Data volume indexed** (metric or line chart) -3. Add markdown panels to provide context and insights. -4. Save as "Search Performance Overview". - -#### Business value dashboard - -1. Create a dashboard focused on business outcomes: - - User engagement metrics - - Conversion rates (if applicable) - - Content discovery improvements - - Time saved on search tasks -2. Include before/after comparisons if you have baseline data. - -::: - -:::{tab-item} Observability - -#### Service health dashboard - -1. Go to **Analytics** → **Dashboards** → **Create dashboard**. -2. Add visualizations that show: - - **Service uptime percentage** (metric visualization) - - **Error rate over time** (line chart with threshold lines) - - **Response time trends** (line chart showing p50, p95, p99) - - **Active services and hosts** (metric counts) - - **Top errors by service** (table) -3. Use color coding: green for healthy, yellow for warning, red for critical. -4. Save as "Service Health Overview". - -#### Incident response dashboard - -1. Create a dashboard for troubleshooting: - - Recent errors and warnings (data table) - - Resource utilization (CPU, memory, disk) - - Network traffic patterns - - APM transaction traces (if available) -2. Add time controls to easily adjust timeframes during incidents. - -#### Business value dashboard - -1. Create a dashboard showing: - - Mean time to detect (MTTD) improvements - - Mean time to resolve (MTTR) reductions - - Uptime improvements - - Cost savings from faster incident resolution - -::: - -:::{tab-item} Security - -#### Security operations dashboard - -1. Go to **Analytics** → **Dashboards** → **Create dashboard**. -2. Add visualizations that show: - - **Alert count by severity** (metric or bar chart) - - **Alert trends over time** (line chart) - - **Top alerts by rule name** (table) - - **High-risk hosts and users** (tables with risk scores) - - **Security event timeline** (area chart by event type) -3. Save as "Security Operations Overview". - -#### Threat detection dashboard - -1. Create a dashboard focused on threats: - - Recent high-severity alerts - - Suspicious process executions - - Unusual network connections - - Failed authentication attempts - - Malware detections - -#### Compliance dashboard - -1. Create a dashboard for compliance reporting: - - Security events by type - - User activity logs - - Privileged access events - - File and system changes -2. Useful for demonstrating audit capabilities. - -::: -:::: - -## Implement advanced features - -Demonstrate Elastic's powerful capabilities with advanced features. - -### Choose features based on your use case - -::::{tab-set} -:::{tab-item} Search - -#### Implement these advanced search features - -1. **Relevance tuning**: - - Go to **Search** → **Content** → **Elasticsearch indices**. - - Experiment with boosting fields to improve search relevance. - - Test different analyzer configurations. -2. **Search suggestions (autocomplete)**: - - Add completion suggesters to your index mapping. - - Refer to the Elasticsearch documentation for suggesters. -3. **Semantic search** (if on Elastic 8.8+): - - Enable vector search for AI-powered semantic matching. - - Refer to [semantic search documentation](/solutions/search/semantic-search.md). -4. **Saved searches**: - - Create and save complex search queries for reuse. - - Share searches with team members. - -::: - -:::{tab-item} Observability - -#### Implement these advanced observability features - -1. **Service-level objectives (SLOs)**: - - Go to **Observability** → **SLOs**. - - Define SLOs for critical services (for example, "99.9% uptime", "p95 latency < 200ms"). - - Track SLO compliance over time. -2. **Anomaly detection**: - - Go to **Observability** → **AIOps** → **Anomaly detection**. - - Create ML jobs to detect unusual patterns in metrics or logs. - - Receive alerts when anomalies occur. -3. **Service maps**: - - Go to **Observability** → **Applications** → **Service Map** (requires APM). - - Visualize dependencies between services. - - Identify performance bottlenecks. -4. **Log correlation**: - - Link logs to traces and metrics for full context. - - Use correlation IDs to track requests across services. - -Refer to [observability features](/solutions/observability.md) for detailed guides. - -::: - -:::{tab-item} Security - -#### Implement these advanced security features - -1. **Entity analytics**: - - Go to **Security** → **Manage** → **Entity risk score**. - - Enable entity analytics to calculate risk scores for hosts and users. - - Alert on high-risk entities. -2. **Machine learning detection rules**: - - Go to **Security** → **Rules** → **Detection rules (SIEM)**. - - Enable ML-based rules for anomaly detection: - - Unusual network activity - - Suspicious login behavior - - Anomalous process execution -3. **Case management**: - - Go to **Security** → **Cases**. - - Create a case from an alert. - - Add notes, tasks, and track investigation progress. -4. **Threat intelligence**: - - Go to **Security** → **Explore** → **Threat Intelligence**. - - Import threat intel feeds to identify known bad indicators. - -Refer to [security capabilities](/solutions/security.md) for more features. - -::: -:::: - -## Measure and document success metrics - -Quantify the value of your PoC with concrete metrics. - -### Define success metrics - -Review the success criteria you defined at the start of your trial. Now it's time to measure them. - -### Common metrics by use case - -::::{tab-set} -:::{tab-item} Search - -**Quantitative metrics**: -- Search queries processed per day. -- Average search response time. -- Number of documents indexed. -- Search relevance improvements (click-through rates, if available). -- Time saved on data discovery tasks. - -**Qualitative metrics**: -- User satisfaction with search results. -- Ease of finding relevant information. -- Reduced time spent searching across multiple systems. - -**ROI indicators**: -- Hours saved per employee per week. -- Increased productivity in finding information. -- Reduced time to answer customer queries. - -::: - -:::{tab-item} Observability - -**Quantitative metrics**: -- Number of services and hosts monitored. -- Number of log entries ingested per day. -- Alert response time (time from alert to acknowledgment). -- Mean time to detect (MTTD) issues. -- Mean time to resolve (MTTR) incidents. - -**Qualitative metrics**: -- Visibility into system health. -- Ease of troubleshooting. -- Confidence in meeting SLAs. - -**ROI indicators**: -- Downtime reduced by X hours per month. -- Incidents detected Y minutes faster. -- Cost savings from faster incident resolution. - -::: - -:::{tab-item} Security - -**Quantitative metrics**: -- Number of endpoints protected. -- Security events ingested per day. -- Alerts generated and resolved. -- Mean time to detect (MTTD) threats. -- Mean time to respond (MTTR) to incidents. - -**Qualitative metrics**: -- Improved visibility into security posture. -- Confidence in threat detection capabilities. -- Streamlined incident investigation. - -**ROI indicators**: -- Threats detected that would have been missed. -- Time saved on manual log analysis. -- Potential breach costs avoided. - -::: -:::: - -### Document your findings - -Create a summary document with: - -1. **Metrics dashboard**: Screenshot or link to key metrics. -2. **Success criteria met**: Checklist showing which criteria you achieved. -3. **Insights gained**: What you learned about your systems, data, or users. -4. **Problems solved**: Specific issues that Elastic helped you address. -5. **Time and cost savings**: Quantify business value. - -## Plan your expansion - -Identify what comes next after your successful PoC. - -### Expansion options - -1. Scale horizontally: Add more data sources, hosts, or users. -2. Scale vertically: Implement advanced features (ML, custom apps, APIs). -3. Add use cases: Combine search, observability, and security. -4. Production deployment: Move from trial to production-ready configuration. -5. Team onboarding: Train additional users and stakeholders. - -### Next steps checklist - -Create a plan for moving forward: - -- Determine production data volume and retention needs. -- Estimate licensing costs based on usage. -- Identify team members who need training. -- Plan data source migration and onboarding. -- Set up production deployment architecture. -- Define ongoing maintenance and support processes. - -### Getting help with production planning - -- **[Production guidance](/deploy-manage/production-guidance.md)**: Best practices for production deployments and sizing. -- **[Contact sales](https://www.elastic.co/contact)**: Discuss licensing and support options. - -## Checklist - -Before completing your trial, ensure you've: - -- Added 1-2 additional data sources. -- Created polished, stakeholder-ready dashboards. -- Implemented at least one advanced feature. -- Measured and documented success metrics. -- Prepared a presentation or demo. -- Identified next steps and expansion plans. - -## Congratulations! - -You've completed a comprehensive Elastic trial and built a meaningful proof of concept. You now have: - -- Real data flowing into Elastic. -- Dashboards demonstrating value. -- Measurable success metrics. -- A clear understanding of Elastic's capabilities. -- A plan for moving forward. - -## Additional resources - -- **[Solutions documentation](/solutions/index.md)**: Dive deeper into your chosen use case. -- **[Community forums](https://discuss.elastic.co/)**: Connect with other Elastic users. -- **[Elastic training](https://www.elastic.co/training)**: Continue learning with courses and certifications. - -## Need help - -If you have questions or need assistance: - -- Contact your trial specialist: Reach out for personalized guidance. -- Schedule a follow-up: Arrange a technical review with Elastic experts. -- Join the community: Ask questions in the [Elastic forums](https://discuss.elastic.co/). - From 41c6fc7d32098e75a54ede0c7639755a3a7fdc33 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Thu, 20 Nov 2025 12:14:13 +0100 Subject: [PATCH 6/8] Improve structure --- get-started/evaluate-elastic.md | 90 ++++++++++++++++++++------------- 1 file changed, 54 insertions(+), 36 deletions(-) diff --git a/get-started/evaluate-elastic.md b/get-started/evaluate-elastic.md index 6fcabd97c6..b20505b475 100644 --- a/get-started/evaluate-elastic.md +++ b/get-started/evaluate-elastic.md @@ -14,7 +14,7 @@ description: Build a successful proof of concept during your Elastic trial. Lear If you're evaluating Elastic during a trial, this guide helps you build a meaningful proof of concept (PoC) that demonstrates clear value to your organization. Rather than prescribing specific technical steps, this guide focuses on the evaluation process itself, helping you make strategic decisions and measure success. -## What's included +## What's included in your trial Your Elastic trial gives you full access to explore our platform's capabilities: @@ -51,19 +51,27 @@ Two foundational decisions shape your evaluation: which deployment type to use a Elastic offers two primary deployment options on {{ecloud}}. For most evaluations, we recommend starting with one approach and focusing your PoC there. -**{{serverless-short}} (Recommended for evaluations)**: +::::{tab-set} + +:::{tab-item} Elastic Cloud Serverless - Fully managed with automatic scaling. - Simplified configuration and maintenance. - Project-based organization. - Ideal for focusing on capabilities rather than infrastructure management. -**{{ech}}**: +::: + +:::{tab-item} Elastic Cloud Hosted - More control over cluster configuration and sizing. - Traditional {{es}} architecture. - Ideal for evaluating specific infrastructure requirements or migrating from self-managed deployments. +::: + +:::: + For detailed comparisons: - [Deployment comparison](/deploy-manage/deploy/deployment-comparison.md): Side-by-side feature and capability comparison. @@ -105,88 +113,98 @@ Before starting technical work, establish what success looks like for your organ - What metrics matter most to your organization? - What would make this evaluation successful in the eyes of decision-makers? -### Example success criteria by use case +### Example success criteria by use case + +::::{tab-set} + +:::{tab-item} Search -For **Search**: - Reduce time to find information by X%. - Index and search Y documents with sub-second response times. - Demonstrate relevance tuning for domain-specific searches. -For **Observability**: +::: + +:::{tab-item} Observability + - Reduce mean time to detect (MTTD) incidents by X minutes. - Gain visibility into application performance across Y services. - Centralize logs from Z disparate systems. -For **Security**: +::: + +:::{tab-item} Security + - Detect X types of threats that current tools miss. - Reduce investigation time by Y%. - Demonstrate compliance reporting for Z requirements. +::: + +:::: + ### Suggested evaluation timeline Most trials run for two weeks. Here's a suggested approach to maximize your evaluation time. #### Week 1: Foundation and initial value -**Goals**: +For the first week, focus on the following activities: + - Set up your deployment. - Connect your first data sources. - Demonstrate basic capabilities. - Validate that Elastic can address your use case. -**Getting started by use case**: +The following activities are recommended for each use case: + +::::{tab-set} + +:::{tab-item} Search -For **Search**: 1. Review [Search getting started guide](/solutions/search/get-started.md). 2. Ingest sample data or connect a data source. 3. Build basic search queries and test relevance. 4. Create simple visualizations of your data. -For **Observability**: +::: + +:::{tab-item} Observability + 1. Review [Observability getting started guide](/solutions/observability/get-started.md). 2. Deploy Elastic Agent to monitor 1-2 hosts or services. 3. Collect logs from a critical application. 4. Explore metrics and logs in Kibana. -For **Security**: +::: + +:::{tab-item} Security + 1. Review [Security getting started guide](/solutions/security/get-started.md). 2. [Ingest security data](/solutions/security/get-started/ingest-data-to-elastic-security.md) from your environment. 3. Deploy Elastic Defend to protect critical endpoints. 4. Enable prebuilt detection rules. 5. Investigate sample security events. -**Documentation paths**: +::: + +:::: + +The following resources are recommended for all use cases: + - [Data ingestion overview](/manage-data/ingest.md): Learn how to bring data into Elastic. - [Fleet and Elastic Agent](/reference/fleet/index.md): Learn about Elastic Agent and integrations for connecting data sources. - [Discover data in Kibana](/explore-analyze/discover.md): Learn to explore and search your data. #### Week 2: Expansion and measurement -**Goals**: -- Add additional data sources. -- Create stakeholder-ready dashboards. -- Implement key features (alerts, ML, custom queries). -- Measure against your success criteria. -- Document results for decision-makers. - -**Recommended activities**: - -**Expand your data coverage**: -- Add 2-3 additional data sources relevant to your use case. -- Refer to [Fleet integrations](/reference/fleet/manage-integrations.md) for available integrations. - -**Build compelling visualizations**: -- Create dashboards that answer key stakeholder questions. -- Refer to [Dashboard documentation](/explore-analyze/dashboards.md) for guidance. -- Focus on metrics that demonstrate clear business value. - -**Implement alerting**: -- Set up alerts for critical conditions or thresholds. -- Refer to [Alerting documentation](/explore-analyze/alerts-cases.md) for configuration options. +For the second week, focus on the following activities: -**Measure and document**: +- Add 2-3 additional data sources relevant to your use case. Refer to [Fleet integrations](/reference/fleet/manage-integrations.md) for available integrations. +- Create dashboards that answer key stakeholder questions. Refer to [Create a dashboard](/explore-analyze/dashboards/create-dashboard.md) for guidance. +- Focus on metrics that demonstrate clear business value. Use [Lens visualizations](/explore-analyze/visualize/lens.md) to highlight KPIs. +- Set up alerts for critical conditions or thresholds. Refer to [Alerting](/explore-analyze/alerts-cases.md) for configuration options. - Compare results against your success criteria. -- Capture screenshots and examples. - Quantify time savings, efficiency gains, or risk reduction. ### Administrative considerations for evaluations From 4f7bc63da8beefce1bafd1fb52eb61e042f779c5 Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Thu, 20 Nov 2025 12:23:20 +0100 Subject: [PATCH 7/8] Add tabs --- get-started/evaluate-elastic.md | 35 +++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/get-started/evaluate-elastic.md b/get-started/evaluate-elastic.md index b20505b475..514cb5978a 100644 --- a/get-started/evaluate-elastic.md +++ b/get-started/evaluate-elastic.md @@ -211,7 +211,9 @@ For the second week, focus on the following activities: Beyond technical capabilities, consider these operational and business aspects during your evaluation. -#### Understanding costs +::::{tab-set} + +:::{tab-item} Understanding costs Familiarize yourself with Elastic's pricing and billing model: @@ -224,7 +226,9 @@ Consider: - How many users will need access? - What retention requirements do you have? -#### User and access management +::: + +:::{tab-item} User and access management If you're building a PoC to share with stakeholders: @@ -232,7 +236,9 @@ If you're building a PoC to share with stakeholders: - Create demo accounts for stakeholders with appropriate permissions. - Consider role-based access for different organizational needs. -#### Planning for production +::: + +:::{tab-item} Planning for production Even during evaluation, think ahead to production requirements: @@ -240,6 +246,10 @@ Even during evaluation, think ahead to production requirements: - [High availability and disaster recovery](/deploy-manage/distributed-architecture.md): Understand resilience options. - [Security best practices](/deploy-manage/security.md): Plan for secure production deployment. +::: + +:::: + ## Measuring success Document your results to demonstrate value to decision-makers. @@ -248,21 +258,34 @@ Document your results to demonstrate value to decision-makers. Capture concrete numbers that demonstrate impact: -**Performance metrics**: +::::{tab-set} + +:::{tab-item} Performance metrics + - Response times (search queries, dashboard load times). - Data ingestion rates and volumes. - Query performance at scale. -**Operational metrics**: +::: + +:::{tab-item} Operational metrics + - Time saved on common tasks. - Reduction in mean time to detect (MTTD) or mean time to respond (MTTR). - Number of systems or data sources consolidated. -**Business impact metrics**: +::: + +:::{tab-item} Business impact metrics + - Cost savings from operational efficiency. - Risk reduction from improved visibility or security. - Productivity improvements from better search or monitoring. +::: + +:::: + ### Qualitative assessment Document the experience and capabilities: From ca31faaf1b96323d616a21fcc1c2dc8683efc70c Mon Sep 17 00:00:00 2001 From: Fabrizio Ferri Benedetti Date: Thu, 20 Nov 2025 14:08:19 +0100 Subject: [PATCH 8/8] Move links to table --- get-started/evaluate-elastic.md | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/get-started/evaluate-elastic.md b/get-started/evaluate-elastic.md index 514cb5978a..dbb7d904aa 100644 --- a/get-started/evaluate-elastic.md +++ b/get-started/evaluate-elastic.md @@ -87,20 +87,13 @@ Choose one use case to focus your initial evaluation. You can always expand to a | Your challenge | Primary use case | |----------------|-----------------| -| Users struggle to find relevant information across systems | **Search** | -| Need to build fast, relevant search experiences for applications or websites | **Search** | -| Limited visibility into application performance or system health | **Observability** | -| Slow incident response and troubleshooting | **Observability** | -| Need to detect and respond to security threats | **Security** | -| Security logs are difficult to analyze or correlate | **Security** | -| Compliance requires centralized security monitoring | **Security** | - -To learn more about each solution, refer to the following sections: - -- [Solutions overview](/solutions/index.md): Learn about the different solutions and use cases. -- [Search solutions](/solutions/search.md): Enterprise search, website search, and search-powered applications. -- [Observability solutions](/solutions/observability.md): APM, infrastructure monitoring, log management, and synthetic monitoring. -- [Security solutions](/solutions/security.md): SIEM, endpoint security, threat detection, and incident response. +| Users struggle to find relevant information across systems | [Search](/solutions/search.md) | +| Need to build fast, relevant search experiences for applications or websites | [Search](/solutions/search.md) | +| Limited visibility into application performance or system health | [Observability](/solutions/observability.md) | +| Slow incident response and troubleshooting | [Observability](/solutions/observability.md) | +| Need to detect and respond to security threats | [Security](/solutions/security.md) | +| Security logs are difficult to analyze or correlate | [Security](/solutions/security.md) | +| Compliance requires centralized security monitoring | [Security](/solutions/security.md) | ## Build your proof of concept