Course Outline
Introduction
- Comprehensive overview of the Elastic Stack (ELK).
Module 1: ELK Stack Architecture and Review of Existing Environment
- Analysis of the current architecture at Altor CB.
- Overview of ELK architecture: Elasticsearch, Logstash, Kibana, and Beats.
- Differences between ingest nodes and Logstash.
- Scalability and performance factors in on-premise deployments.
- Best practices for administration.
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and application of Filebeat, Auditbeat, Winlogbeat, and Packetbeat.
- Secure data transmission using SSL.
- Utilizing preconfigured modules versus custom inputs.
- Integration with Logstash and Ingest Pipelines.
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Acquiring custom logs directly from applications.
- Employing Logstash for data parsing and transformation.
- Application of filters: grok, dissect, kv, mutate, and date.
- Establishing database connections (Oracle, PostgreSQL, SQL Server) via the JDBC input plugin.
- Practical scenarios: handling error logs, audit trails, traces, and slow queries.
Module 4: Advanced Search and Regular Expressions (2 hours)
- Mastering advanced search syntax within Kibana.
- Effective use of regular expressions (regex).
- Applying filters and combining OR/AND logic.
- Working with nested fields and arrays.
- Storing reusable queries and filters for future use.
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Exploring visualization types: bar charts, line graphs, maps, and tables.
- Understanding aggregations and metrics.
- Implementing dynamic filters, controls, and drill-down functionalities.
- Strategies for sharing dashboards.
- Practical exercises: constructing dashboards from database and system logs.
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternative solutions (ElastAlert, Kibana Alerts).
- Developing custom conditions and triggers.
- Configuring email output settings.
- Exercise: setting up alerts for critical events detected in Windows or database logs.
Module 7: User and Permission Management (2 hours)
- Overview of X-Pack and available free alternatives.
- Creating users and defining roles.
- Implementing access control at the index, dashboard, and query levels.
- Exercise: defining specific roles for audit and operations teams.
Module 8: Elasticsearch REST API (3 hours)
- Core concepts of the Elasticsearch RESTful API.
- Executing GET and POST queries.
- Manual and automated indexing techniques.
- Utilizing tools such as curl and Postman.
- Exercises: searching, inserting, deleting, and updating documents.
Summary and Next Steps
Requirements
- A solid understanding of the fundamental ELK Stack architecture and its components.
- Prior experience in ingesting and visualizing logs using Kibana and Logstash.
- Familiarity with the Linux command line interface and basic scripting techniques.
Target Audience
- System administrators.
- Infrastructure engineers.
- Technical teams looking to enhance their capabilities in advanced log centralization.
Testimonials (2)
The content is very helpful, and the trainer makes it more easier to understand
Ibrahim Al mayahi - Vastech SA
Course - Advanced Elasticsearch and Kibana Administration
the profesionalism of the trainer; the way he tried to respond to all the questions; the review questions we had to ask: engaging us in conversations
