Log Unification & Cross-Cloud Observability Modernization on Elastic Cloud

Executive Summary

A leading U.S. healthcare provider partnered with Factspan to modernize its observability stack by consolidating AWS, GCP, Kubernetes, and on-prem logs into a unified Elastic Cloud platform. Existing workflows depended on Splunk and cloud-native consoles with inconsistent schemas, short retention, and limited ability to trace incidents across environments.

Factspan implemented a multi-source ingestion layer using Elastic Agent, Filebeat, and native cloud exporters, enabling real-time log streaming. Logs were normalized into a unified schema and stored using ILM-based hot, warm, and cold tiers tuned for search latency and cost efficiency.

The project delivered consolidated dashboards integrating logs, traces, metrics, and derived operational KPIs. The platform now serves as a high-performance foundation for SRE teams and supports AI-driven anomaly detection and automated RCA.

Business Impact:

• Unified log ingestion across AWS, GCP, Kubernetes, and on-prem into one Elastic platform.
• 30-day Splunk backfill ingested into ILM hot, warm, and cold tiers.
• Standardized schema enabling fast, reliable cross-cloud correlation.
• Real-time pipelines and derived KPIs enhancing SRE visibility and triage.
• 40–60% faster incident detection and RCA with unified dashboards.