Traveling Monks by by Ian GledhillOne of our monks, Brother John, is making his way to CA to attend Elastic{ON} 2017.  If you happen to be going, look him up.  While agendas can change, below is what he will likely be attending.  It also provides a sense of the conference.  He will post his impressions.  

The complete conference agenda is available at:



9-5: Data Modeling (Hands-On Training)



11:00 Registration and Lunch

 1:00  Keynote

 3:00  What's Evolving in Elasticsearch

Clint and Simon will give an overview of the changes already released in the 5.x series, and a taste of the big new features coming in 6.0.

 4:00  What's Cookin' in Kibana?

In this talk, Court and Jim will share the story behind this transition, insights into how Kibana is so much more than chart and graphs, and details around how the product will continue to add more functionality to centrally configure and manage all aspects of the Elastic Stack, as well as ways for you to visualize your data that you didn't think were possible.

 5:00  On Distributed Systems and Distributed Teams

A wall clock that ran backward and a skull and crossbones flag. Fictional parliamentary systems of ancient civilizations. @all threads that run into the several hundred replies. All are interesting stories and illustrate concepts that make Elastic...elastic?

The distributed systems movement, and open source more broadly, is fueled by solving a series of complex problems: consensus, leader election, failure semantics, among others. Our reasoning about distributed concepts influences system design and implementation. Our understanding impacts that which we build...particularly when we build distributed companies. How does a distributed team building distributed systems, at Elastic, function?

 6:00  How to Become a Superhero (and Get Promoted) with ElasticSearch

XPO Logistics is a global logistics company with over 86,000 employees and 1,425 locations across 34 countries. They built their Real Time Framework from the ground up using Elasticsearch to support their expanding truck brokerage and logistics business.

In this talk, Jason will share how a team of two with a vision for the future grew into a group of more than 30 engineers operating as the de-facto Elasticsearch Center of Excellence, and the resulting positive change in the relationship with their business counterparts. From getting booed and hit by flying objects, to applause and more responsibility, learn how a solid Elasticsearch architecture keeps them in lockstep with the business.



 9:00  Breakfast

10:00  Get the Lay of the Lucene Land

In spite of being close to 20 years old, the Lucene project keeps innovating. While the project was initially focused on full-text search, recent releases expanded its scope, most notably with doc values which made Lucene a competitive engine to run analytics, and multi-dimensional points which made Lucene better at handling structured data.

In this session, Adrien will share the stories between the latest features in Lucene 6, how they impacted Elasticsearch, as well as what to expect in Lucene 7.

11:00  What's X-citing in X-Pack?

X-Pack is a single extension lets you add security (formerly Shield), alerting (via Watcher), monitoring (formerly Marvel), reporting, and Graph functionality across the entire Elastic Stack.

Not only have the capabilities of X-Pack expanded in the past year, but so has its usability, from a better getting started experience to the introduction of several UI features. Needless to say, exciting things are afoot, and the engineers behind X-Pack look forward to sharing what they’re working on with you.

11:45  Lunch (Food Trucks)

 1:15  Machine Learning in the Elastic Stack

Data stored in Elasticsearch contains valuable insights into the behavior and performance of your business and systems. However, questions such as "are users exfiltrating data unusually?" and “is the response time of my website unusual?” can be difficult to answer.

The good news is that machine learning technologies, from the recently acquired Prelert team, can easily answer these questions. These technologies are becoming part of X-Pack and will integrate tightly into the Elastic Stack.

Attend this session to learn how to apply machine learning capabilities to the Elastic Stack and what problems they will help you solve in your business.

 2:15  Correlating Metrics and Logs

Metrics and Logs are meant to be together. Why do we insist on keeping them apart?

In this talk, Tanya is on the mission to reunite them, in the process deriving powerful operational insights using brand-new Kibana visualizations and machine learning techniques.

 2:40  Getting Your Data Graph-Ready

Knowing what sort of data makes sense to put in Graph and how to prepare it is often a challenge for new users. This session will walk through examples of how to model your data in order to start exploring the interesting connections it contains. Learn about models for "wisdom of crowd" style applications and configurations to support "forensic" style investigations.

 3:15  A Standard Query Language for Elasticsearch

 4:15  Machine Learning and Statistical Methods for Time Series Analysis

In this talk, Steve and Tom will present a deep algorithmic dive into the new machine learning technologies available in the Elastic Stack and how they can be applied to real datasets.

Specifically, they will focus on some of the unsupervised machine learning techniques Elastic uses, and the challenges and constraints which exist in order to provide operationally useful insight when applying these technologies to real time series data.

 7:00  Elastic{ON} After Hours

We're excited to celebrate the 3rd annual Elastic{ON} with you at . . . the California Academy of Sciences!

We've rented out the entire museum to make sure there's something fun for everyone, whether it's getting your space geek on at the planetarium, going for a walk on the wild side through a four-story rainforest, or spending some time under the sea in the aquarium. We'll also have a DJ pumping the jams all night — so make sure to get your body on the dance floor!

And don't worry, there will be plenty of food and drinks — this is a party, after all. Transportation will also be provided between the official Elastic{ON} hotels and the Party.



 9:00  Breakfast

10:00  Timelion: Magic, Myth, and Everything in the Middle

Timelion is a simple expression-based pluggable time series interface for everything. Whether you're brand new to Timelion, or have been using it since day 0, you'll learn something new in this session. Rashid will go over Timelion's expression syntax including data sources, chaining, and grouping, and then apply those concepts, along with a few neat tricks, to some real data.

He'll also cover multiple manners of munging data and get into the methods Timelion uses to automatically fit abnormal sources, allowing you to compare and combine sparse and incomplete datasets. Finally, we'll take a brief look at plugins and how you can extend Timelion to do so much more.

11:00  Security@Slack

Monitoring for malicious activity and handling the resulting alerts is vital to the success of a defensive security program. Powerful, centralized logging is available to all of us, but it is only useful if we understand and take action on the data collected.

This talk will discuss tools everyone should consider using to monitor their infrastructure, including Elasticsearch, and the process by which users can create a reliable logging pipeline to handle data from thousands of hosts. Ryan and Nate will demonstrate how to scale these efforts by integrating security into a communication platform that helps users look at more data by delegating event management to the affected individuals directly.

11:45  Lunch

12:45  Elasticsearch Search Improvement

Let's talk about search improvements coming soon to an Elasticsearch near you!

Range Fields:

Want to create a global television guide to find broadcasts airing during certain time periods? Thanks to recent advancements in Lucene this desire is now a reality.

Removing the _all field:

The _all field can be either a boon or a burden. Come hear about why the _all field is going away and what it's being replaced with!

Unified Highlighter:

Starting in 5.3, a fourth highlighter called 'unified' is available in Elasticsearch. This highlighter has landed from Lucene with a goal in mind: he wants to rule them all ! We'll see how and why this highlighter can advantageously replace your highlighter of choice.

The Synonym Graph Filter:

Multi-term synonyms have long been buggy in Lucene and Elasticsearch, but this issue is now fixed thanks to the addition of the new synonym_graph token filter, along with support for graph token streams in query parsers.

 1:45  Kibana Visualizations Deep Dive

Have you noticed Kibana has been looking mighty fine lately?

Attend this session to dive deeper into Kibana's latest visualizations. You'll get a detailed walkthrough of Tagcloud and Heatmap, new visualizations in Kibana 5.2, as well as insight into where we're taking visualizations next. From a roadmap perspective, we'll focus in particular on new geospatial visualizations we are working to bring out in 5.x. As a developer, you'll also get a behind-the-scenes perspective on the evolving world of visualizations and how it may affect your custom visualization plugins. Finally, we'll discuss dedicated UIs for time-series visualizations, from Timelion to a new visual builder for pipeline aggregations.

Leave by 3 pm and travel back to the monastery.