Oilsprings ELK
Open-source OT observability with Elasticsearch and Kibana.
Oilsprings ELK pairs the Oilsprings control environment with an open-source observability stack built on Elasticsearch, Logstash, and Kibana.
Industrial telemetry from the PLC, SCADA, and IDS flows through Tidal Collector into Logstash pipelines, normalized and indexed into Elasticsearch. Kibana dashboards provide OT-specific visualization: protocol traffic volumes, PLC register changes, detection rule hits, and operator session timelines.
The lab is designed for teams running open-source security stacks who need to validate industrial detection logic, build custom OT dashboards, or test log parsing pipelines against real ICS data.
Not every field operation runs on enterprise licensing. The Oilsprings ELK installation was built by a single engineer over three weekends using hardware salvaged from a decommissioned monitoring station and open-source software downloaded on a satellite connection.
The Logstash pipelines were hand-written. The Kibana dashboards were built panel by panel. The Elasticsearch cluster runs on two nodes and a prayer. But it works — and it sees everything the Splunk deployment sees, for a fraction of the cost.
This is the other path. Not the vendor-approved architecture. The one built by someone who needed visibility and had no budget to buy it.