Most of the applications we see for the ELK stack are from businesses which want to improve their customers' experience. To return relevant search results and to create Kibana dashboards that allow them to analyse data and give the customers what they want. But there are some cases where the customer is always wrong, and where the last thing you want to do is give a site visitor what he wants.
Welcome to the world of forensics, compliance and fraud detection. One of the more unusual applications that an SaaS ELK provider can help you with is in spotting patterns of usage which might indicate a fraudulent transaction, or following up on indicators from logs that something might have been compromised.
How does it work? Essentially, at a high level of abstraction, forensic analysis is a search task; it's just that the "relevancy" criteria have to be defined a little differently. Elasticsearch is a fast and flexible search tool, which makes it ideal for forensic analysis. Xoom.com, for example, uses an ELK stack to protect a $6bn payments network (elastic.co/use-cases/xoom).
Even if you're not running a high-volume payments system, or needing to comply with financial regulation, similar criteria apply. If there is a particular kind of illegitimate transaction that you want to look out for, the process can be automated and we can set up smart alerts to tell you when we've found a suspicious pattern in your data.
If you're worried that your systems might have been compromised, then you will be very glad to have Logstash installed as part of your SaaS ELK solution. Searching through logs to follow up indicators of compromise can be a nightmare task, particularly if they aren't indexed in a helpful way. Logstash can be configured to index terabytes of logs if necessary, automating the process as much as possible and facilitating further investigation using Elasticsearch.
It's not the happiest subject to dwell on. But the same flexible and fast architecture which works so well to help serve the clients you want to see will also help you track down the visitors and orders you want to get rid of.
If you enjoyed this article on ELK then why not read out in-depth guide to Soap vs Rest next?