Course Outline
Introduction
- Comprehensive overview of the Elastic Stack (ELK).
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of Altor CB's current architecture.
- ELK architecture: Elasticsearch, Logstash, Kibana, Beats.
- Distinction between Ingest nodes and Logstash.
- Scalability and performance factors for on-premise deployments.
- Administrative best practices.
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and application of Filebeat, Auditbeat, Winlogbeat, and Packetbeat.
- Securing data transmission via SSL.
- Differentiating between preconfigured modules and custom inputs.
- Integration with Logstash and Ingest Pipelines.
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Processing custom application logs.
- Employing Logstash for data parsing and transformation.
- Utilizing filters such as grok, dissect, kv, mutate, and date.
- Establishing database connections (Oracle, PostgreSQL, SQL Server) via the JDBC input plugin.
- Practical scenarios: handling error logs, audit trails, traces, and slow queries.
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax within Kibana.
- Effective use of regular expressions (regex).
- Constructing filters with OR/AND logic.
- Navigating nested fields and arrays.
- Saving queries and filters for reuse.
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Visualization options: bar charts, line graphs, maps, tables.
- Aggregations and metric calculations.
- Implementing dynamic filters, controls, and drill-down capabilities.
- Best practices for dashboard sharing.
- Exercises: building dashboards from database and system logs.
Module 6: Alerts and Email Notifications (3 hours)
- Overview of Watcher and alternative tools (ElastAlert, Kibana Alerts).
- Designing custom conditions and triggers.
- Configuring email output settings.
- Exercise: configuring alerts for critical events in Windows or database logs.
Module 7: User and Permission Management (2 hours)
- Introduction to X-Pack and available free alternatives.
- Creating users and defining roles.
- Managing access control by index, dashboard, and query.
- Exercise: establishing roles for audit and operations teams.
Module 8: Elasticsearch REST API (3 hours)
- Foundations of the Elasticsearch RESTful API.
- Executing GET and POST queries.
- Manual and automated indexing techniques.
- Using utilities like curl and Postman.
- Exercises: performing search, insert, delete, and update operations on documents.
Summary and Next Steps
Requirements
- A foundational understanding of ELK Stack architecture and its core components.
- Practical experience with log ingestion and visualization using Kibana and Logstash.
- Familiarity with the Linux command line interface and basic scripting techniques.
Target Audience
- System administrators.
- Infrastructure engineers.
- Technical teams aiming to implement advanced log centralization capabilities.
Testimonials (2)
The theoretical material shown and the detail of the practices
CESAR - ALTOR CASA DE BOLSA
Course - Advanced ELK Stack for Log Management and Centralization
Machine Translated
the teachers' attitude of wanting to help us with our doubts
Roberto - ALTOR CASA DE BOLSA
Course - Advanced ELK Stack for Log Management and Centralization
Machine Translated
