Summary
In this chapter, you hopefully have learned the end-to-end process of setting up log vectorization for your log analysis workload based on Elastic. One important point for you to decide on while doing this is whether you expand the log on write or on read, meaning preparing the data while ingesting it or expanding to the meaning of the raw log only when querying it. As you can appreciate, this is still an exploratory domain where applying vector search, or GenAI, to accelerate observability incident management workflow is just beginning to murmur. But you are now prepared with the necessary guidance to implement it as it grows.
In the next chapter, we will address another domain of application for vectors and semantic search—cybersecurity, where the requirements are pretty similar to observability in terms of data, but the workflow is quite different.
