Oak Ridge National Laboratory (ORNL), home to the world's fastest supercomputer, Summit, transitioned from using Splunk to Elasticsearch for their cybersecurity needs, significantly enhancing their capacity to manage security information and event management (SIEM) for approximately 20,000 endpoints. The switch was motivated by the limitations of Splunk's data ingestion costs and slow search speeds, which hampered the lab's ability to manage vast data volumes and conduct timely analyses. With Elasticsearch, ORNL has achieved faster data processing and eliminated ingestion limitations, deploying a robust architecture that includes 25 Elasticsearch nodes across virtual machines, enabling them to ingest over two billion documents daily. The Elastic Stack, including tools like Kibana and Graph, further enhances their cybersecurity operations, allowing comprehensive monitoring and rapid response to potential threats. The lab has also employed Canvas to create interactive dashboards for management, providing high-level overviews of security activities.