Leaseweb, a global Infrastructure-as-a-Service provider, transitioned from Splunk to the Elastic Stack to enhance security and observability by unifying data into a single platform, reducing costs, and improving administrative efficiency. The company, with over 80,000 servers across numerous data centers, faced challenges in monitoring and securing its vast infrastructure, leading to the adoption of Elastic for its open-source nature, responsive support, and machine learning capabilities. By integrating various data sources, such as firewalls and event logs, Leaseweb utilized Kibana dashboards to enhance proactive monitoring and incident response. Machine learning within Elastic enables the identification of suspicious activities and supports rapid incident mitigation, demonstrated by its ability to detect and respond to a DDOS attack. Leaseweb emphasizes the importance of selecting valuable data sources, staying updated with Elastic's releases, and leveraging support services to optimize their security infrastructure. The company plans to further develop behavior-based alerts, highlighting the proactive potential of machine learning in anticipating and addressing security threats.