Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source Search and Analytics Sovereignty
- Elastic license changes and subsequent forks.
- Feature parity between OpenSearch and Elasticsearch in 2025-2026.
- Use cases: enterprise search, log analytics, SIEM, and observability.
Cluster Architecture
- Node roles: master, data, coordinating, and ingest nodes.
- Security plugin: TLS between nodes, certificates, and PKI.
- Preventing split-brain scenarios: discovery.seed_hosts and minimum master nodes.
Data Ingestion
- REST API indexing, bulk loading, and mapping definitions.
- Beats, Fluent Bit, and Logstash pipelines.
- OpenTelemetry Collector for traces and metrics.
Search and Dashboards
- Query DSL: match, term, range, aggregations, and nested fields.
- OpenSearch Dashboards: visualizations and dashboard creation.
- SIEM use cases: alert rules and anomaly detection.
Index Management
- ILM: rollover, shrinking, and deletion processes.
- Hot-warm-cold storage architecture.
- Mapping optimization and text analysis techniques.
Security and Access Control
- RBAC involving users, roles, and tenants.
- SAML and OpenID Connect authentication methods.
- Document-level security and field masking.
Backup and Recovery
- Snapshot repositories for MinIO, S3, or NFS.
- Automating snapshots with Curator and ISM.
- Restoring specific indices and implementing cluster-wide disaster recovery.
Requirements
- Familiarity with search engines and inverted indexes.
- Experience with REST APIs and JSON.
- Basic Linux administration skills: systemd, logs, and packages.
Target Audience
- Engineers specializing in search and log analytics.
- Teams looking to replace managed Elasticsearch or Splunk solutions.
- Security analysts developing sovereign SIEM backends.
14 Hours
Testimonials (1)
the trainer was very good and made the training perfect for my needs
