In a detailed exploration of using Elastic to identify anomalies within Splunk's Zeek data, the article highlights the historical context and benefits of Splunk's schema on read principle while acknowledging its latency tradeoffs. Elastic's commitment to integrating the Elastic Common Schema (ECS) with the OpenTelemetry project aims to establish a unified schema for metrics, traces, and logs, promising cost and performance benefits. The piece outlines a step-by-step approach to leveraging Elastic's Zeek integration with Splunk to set up anomaly detection, including configuring Elastic Agent and using preconfigured machine learning jobs in Elastic's Anomaly Explorer. The article emphasizes the simplicity of setting up these tools and the potential for real-time alerts on detected anomalies, underscoring how Elastic's capabilities can enhance data analysis and security monitoring.