It looks like Etsy's security team built this to replace functionality they depended on in Splunk that was missing in Elasticsearch. The slides don't make clear why they moved away from Splunk.
Has to be cost. With how much they charge I'm still surprised that there's no startups offering comparable (particularly on-prem) products. May be it's a harder product to make than it seems.
> I'm still surprised that there's no startups offering comparable (particularly on-prem) products
Please consider giving EventQL [0] a try some time! It's completely open-source and self-hostable. Still a new project though, just released this summer and still in beta.
"EventQL is a distributed, analytical database. It allows you to store massive amounts of structured data and explore it using SQL and other programmatic query facilities."
So it's a completely different class of application than splunk or elasticsearch, and one that you have a commercial interest in. Please don't spam HN.
>> So it's a completely different class of application than splunk or elasticsearch
Sure it takes a somewhat different approach (i.e. it requires an explicit schema), but for the use case discussed in this thread it _is_ completely relevant and a comparable open-source/on-premise alternative which parent was asking about.
>> one that you have a commercial interest in
Yes, I'm involved in the EventQL project but I thought that it was obvious from the way I phrased my posting. Usually I always include a disclaimer to prevent misunderstandings but I didn't consider it necessary in this case.