"Elastic-Security"
- Splunk → Elastic Security Detection Rule Migration:6 段 phased playbook 跟 5 大踩雷 從 Splunk Enterprise Security 遷到 Elastic Security 的 detection rule translation playbook:SPL ↔ KQL/ES|QL schema 對位、AI-assisted translation pipeline、parallel run 比對、cutover routing、5 個 production 踩雷(macro 沒對應 / time zone 差異 / summary index 不對位 / alert dedup key 衝突 / 過早 decommission)、capacity / cost 對照