Elastic this week previewed a standard query language that can be used across its portfolio to streamline investigations into IT and cybersecurity events.
Gagan Singh, vice president of product marking for Elastic, said Elasticsearch Query Language (ES|QL) makes it simpler, via a single query, to aggregate data from multiple sources using a piped query syntax that makes it simpler to iteratively interrogate data.
Scheduled to become generally available in 2024, ES|QL replaces the multiple domain-specific languages the company has been providing for each version of its search engine. Instead of having to move data into a central repository, Elastic Seach makes it possible to query data wherever it resides in an organization, noted Singh.
That approach enables, for example, a site reliability engineer (SRE) to discover the root cause of an issue through a series of queries that can be launched from a familiar search interface, he said. It will also foster increased collaboration across IT teams that need to visualize query results, added Singh.
In general, IT teams are struggling with an exponential increase in the amount of data they need to analyze to discover the root chaise of an issue, noted Singh. The Elastic search engine provides a means to analyze that data at the level of scale that is now required, he added.
The preview of ES|QL comes on the heels of a technical preview of a generative artificial intelligence (AI) tool for observability the company has made available. The Elastic AI Assistant for Observability makes use of large language models (LLMs) and the Elasticsearch Relevance Engine (ESRE) to explain application errors, log messages, alerts and recommendations for improving code in plain language. DevOps teams can visualize and interactively chat with telemetry data and then invoke runbooks to remediate issues.
Elastic has also generally made available a Universal Profiling tool to enable DevOps teams to identify bottlenecks that adversely impact code performance.
There is little doubt that fundamental changes to how DevOps and cybersecurity teams interact with telemetry data are on the way. The challenge now will be determining when to rely on a generative AI tool versus diving deeper into that data by launching a series of queries. At the very least, AI should provide DevOps and cybersecurity professionals with a better sense of where to start an investigation.
Ultimately, the goal should be to reduce the level of DevOps and cybersecurity effort that is currently required to succeed. In theory, as it becomes simpler to investigate issues, the number of organizations capable of embracing DevOps best practices should increase as well. That’s crucial because IT environments are only becoming more complex with each passing day. The number of dependencies that exist between services has become too numerous for IT teams to track manually. More challenging still, those services are dynamically being updated, so what was known today about them might no longer be relevant tomorrow.
Hopefully, the amount of time and toil required to address issues will significantly decline in the months ahead as the next generation of tools becomes available. The challenge now is hanging on long enough for them to be battle-tested.