Course Outline
Introduction
- General overview of the Elastic Stack (ELK).
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of the current architecture of Altor CB.
- ELK architecture: Elasticsearch, Logstash, Kibana, Beats.
- Ingest node vs. Logstash.
- Scalability and performance considerations in on-premise installations.
- Administration best practices.
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and use of Filebeat, Auditbeat, Winlogbeat, and Packetbeat.
- Secure shipping with SSL.
- Preconfigured modules vs. custom inputs.
- Integration with Logstash and Ingest Pipelines.
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Ingesting custom logs from applications.
- Using Logstash for data parsing and transformation.
- Use of filters: grok, dissect, kv, mutate, date.
- Database connections (Oracle, PostgreSQL, SQL Server) using JDBC input plugin.
- Practical cases: error logs, audit trails, traces, slow queries.
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax in Kibana.
- Use of regular expressions (regex).
- Filters and OR/AND combinations.
- Nested fields and arrays.
- Saving reusable queries and filters.
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Visualization types: bar, line, maps, tables.
- Aggregations and metrics.
- Dynamic filters, controls, and drill-down features.
- Dashboard sharing.
- Exercises: creating dashboards from database and system logs.
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts).
- Creating custom conditions and triggers.
- Email output configuration.
- Exercise: send alert when a critical event is detected in Windows or database logs.
Module 7: User and Permission Management (2 hours)
- Introduction to X-Pack and free options.
- Creating users and roles.
- Access control by index, dashboard, and query.
- Exercise: define roles for audit and operations.
Module 8: Elasticsearch REST API (3 hours)
- Foundations of Elasticsearch RESTful API.
- GET / POST queries.
- Manual and automated indexing.
- Using tools like curl and Postman.
- Exercises: searching, inserting, deleting, and updating documents.
Summary and Next Steps
Requirements
- A solid understanding of the basic ELK Stack architecture and its components.
- Experience in ingesting and visualizing logs using Kibana and Logstash.
- Familiarity with the Linux command line and basic scripting.
Audience
- System administrators.
- Infrastructure engineers.
- Technical teams seeking advanced log centralization capabilities.
Testimonials (2)
The content is very helpful, and the trainer makes it more easier to understand
Ibrahim Al mayahi - Vastech SA
Course - Advanced Elasticsearch and Kibana Administration
the profesionalism of the trainer; the way he tried to respond to all the questions; the review questions we had to ask: engaging us in conversations
