Course Outline
Introduction
- General overview of the Elastic Stack (ELK)
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of the current architecture of Altor CB
- ELK architecture: Elasticsearch, Logstash, Kibana, Beats
- Ingest node versus Logstash
- Scalability and performance considerations for on-premise installations
- Administration best practices
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and application of Filebeat, Auditbeat, Winlogbeat, and Packetbeat
- Secure data shipping via SSL
- Preconfigured modules compared to custom inputs
- Integration with Logstash and Ingest Pipelines
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Ingesting custom logs from applications
- Using Logstash for data parsing and transformation
- Employing filters: grok, dissect, kv, mutate, date
- Database connections (Oracle, PostgreSQL, SQL Server) using the JDBC input plugin
- Practical cases: error logs, audit trails, traces, slow queries
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax in Kibana
- Application of regular expressions (regex)
- Filters and OR/AND combinations
- Nested fields and arrays
- Saving reusable queries and filters
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Visualization types: bar, line, maps, tables
- Aggregations and metrics
- Dynamic filters, controls, and drill-down features
- Dashboard sharing
- Exercises: creating dashboards from database and system logs
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts)
- Creating custom conditions and triggers
- Email output configuration
- Exercise: sending alerts upon detection of critical events in Windows or database logs
Module 7: User and Permission Management (2 hours)
- Introduction to X-Pack and free alternatives
- Creating users and roles
- Access control by index, dashboard, and query
- Exercise: defining roles for audit and operations
Module 8: Elasticsearch REST API (3 hours)
- Foundations of the Elasticsearch RESTful API
- GET / POST queries
- Manual and automated indexing
- Utilizing tools such as curl and Postman
- Exercises: searching, inserting, deleting, and updating documents
Summary and Next Steps
Requirements
- A foundational understanding of ELK Stack architecture and its components.
- Experience in ingesting and visualizing logs using Kibana and Logstash.
- Familiarity with the Linux command line and basic scripting.
Target Audience
- System administrators.
- Infrastructure engineers.
- Technical teams aiming for advanced log centralization capabilities.
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customized Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from 3900 € + VAT*
Contact us for an exact quote and to hear our latest promotions
Testimonials (2)
The content is very helpful, and the trainer makes it more easier to understand
Ibrahim Al mayahi - Vastech SA
Course - Advanced Elasticsearch and Kibana Administration
the profesionalism of the trainer; the way he tried to respond to all the questions; the review questions we had to ask: engaging us in conversations
