DataPulse is a next-generation "Human-in-the-Loop" incident response platform built for the Elastic Hackathon. It leverages the Elastic Agent Builder, ES|QL, and Semantic Search to transform raw logs into actionable remediation strategies autonomously.
Recording.2026-01-31.203017.mp4
- Autonomous Investigation: Uses Elastic's Agent Builder to conduct deep RCA (Root Cause Analysis) using real tool calls (logs, metrics, and traces).
- Remediation Strategies: A specialized "Resolver" agent suggests actions (Rollbacks, Scaling, Config changes) based on observed failures.
- Multi-Channel Orchestration: Bi-directional sync with Slack and Jira. Approve production changes directly from Slack buttons.
- MCP Plugin Runtime: Extend Agent Builder tools with JSON plugin manifests loaded at MCP server startup.
- SRE Command Center: A premium Kibana-integrated UI featuring real-time incident tracking, agent "thought logs," and personalized operational impact metrics.
- Security-First: HMAC-verified Slack webhooks, RBAC visibility, and session management integrated out of the box.
graph TD
subgraph "User Interface"
UI["React & @elastic/eui Plugin"]
end
subgraph "Orchestration & Gateway"
Gateway["API Gateway (FastAPI)"]
Verify["HMAC Signature Verification"]
end
subgraph "Intelligent Agents"
Sentinel["Sentinel Agent (Monitoring)"]
Analyst["Analyst Agent (RCA)"]
Resolver["Resolver Agent (Remediation)"]
end
subgraph "Elastic Cloud Core"
ES[("Elasticsearch Storage")]
Builder["Agent Builder (Inference)"]
ESQL["ES|QL Tool Execution"]
ELSER["ELSER v2 (Vector Search)"]
end
subgraph "Integrations"
Slack["Slack (Interactive Alerts)"]
Jira["Jira (Lifecycle Sync)"]
end
%% Connections
Sentinel -- "Anomaly Detected" --> Gateway
Gateway -- "Store Metadata" --> ES
Gateway -- "Trigger RCA" --> Analyst
Analyst -- "Inference Request" --> Builder
Builder -- "Query Logs/Metrics" --> ESQL
ESQL -- "Aggregations" --> ES
Analyst -- "RCCA Report" --> Gateway
Gateway -- "Match Runbooks" --> Resolver
Resolver -- "Vector Search" --> ELSER
ELSER -- "Retrieve" --> ES
Resolver -- "Propose Action" --> Gateway
Gateway -- "Approval Gating" --> Slack
Gateway -- "Incident Sync" --> Jira
Gateway -- "Real-time State" --> UI
DataPulse is built on a distributed agent architecture:
- Sentinel (Detector): High-frequency log analysis to detect anomalies.
- API Gateway (Orchestrator): The central nervous system handling ES persistence and agent routing.
- Analyst Agent (The Brain): Leverages Agent Builder to query ES|QL and synthesize the root cause.
- Resolver Agent (The Fixer): Connects RCA findings to runbook-based resolutions via Semantic Search (ELSER).
- MCP Adapters: Standardized connectors for third-party SaaS (Slack, Jira).
- Inference & AI: Elastic Agent Builder, ES|QL, ELSER v2.
-- Backend: Python 3.10+, FastAPI, Loguru, Pydantic, Httpx.
-- Frontend: React,
@elastic/eui(Elastic UI), LocalStorage persistence. -- Storage: Elasticsearch 8.17+ (ILM, Search Templates, Vector Search). -- Infrastructure: Docker Compose, Bash automation.
# 1. Setup Environment
cp .env.example .env
# 2. Initialize Infrastructure (Storage & Knowledge Base)
./scripts/setup_elasticsearch_indices.sh
npm run seed # Populates runbooks-knowledge index
# 3. Start Core Services
docker-compose up -d
# 4. (Advanced) Run MCP Tool Server
# Exposes Slack/Jira tools for Discovery by Elastic Agent Builder
python integrations/mcp-adapters/mcp_server.py
# Optional: add JSON plugin manifests in integrations/mcp-adapters/plugins/*.jsonVisit the UI at http://localhost:3000 (or within your Kibana custom app frame).
For full setup guides, agent configuration, and integration tutorials, see: FULL DOCUMENTATION GUIDE
- RAG-based runbook generation.
- Adaptive agent personality based on user trust score.
- Multi-region incident correlation.
Built for the Elastic Hackathon 2026.