Course Outline
Introduction
- Comprehensive overview of the Elastic Stack (ELK)
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of the current architecture of Altor CB
- ELK architecture components: Elasticsearch, Logstash, Kibana, and Beats
- Ingest nodes versus Logstash: key distinctions and use cases
- Scalability and performance considerations for on-premise deployments
- Best practices for administration
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and deployment of Filebeat, Auditbeat, Winlogbeat, and Packetbeat
- Securing data transmission with SSL
- Comparison of preconfigured modules versus custom input configurations
- Integration with Logstash and Ingest Pipelines
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Ingesting custom logs from applications
- Leveraging Logstash for data parsing and transformation
- Utilising filters: grok, dissect, kv, mutate, and date
- Establishing database connections (Oracle, PostgreSQL, SQL Server) via the JDBC input plugin
- Practical scenarios: handling error logs, audit trails, traces, and slow queries
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax within Kibana
- Effective use of regular expressions (regex)
- Combining filters with OR/AND operators
- Working with nested fields and arrays
- Saving reusable queries and filters
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Types of visualisations: bar charts, line graphs, maps, and tables
- Aggregations and metrics
- Dynamic filters, controls, and drill-down capabilities
- Sharing dashboards across teams
- Practical exercises: building dashboards from database and system logs
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternative solutions (ElastAlert, Kibana Alerts)
- Creating custom conditions and triggers
- Configuring email output for notifications
- Practical exercise: sending alerts when critical events are detected in Windows or database logs
Module 7: User and Permission Management (2 hours)
- Overview of X-Pack and available free options
- Creating users and defining roles
- Access control by index, dashboard, and query
- Practical exercise: defining roles for audit and operations teams
Module 8: Elasticsearch REST API (3 hours)
- Foundations of the Elasticsearch RESTful API
- Executing GET and POST queries
- Manual and automated indexing techniques
- Using tools such as curl and Postman
- Practical exercises: searching, inserting, deleting, and updating documents
Summary and Next Steps
Requirements
- A foundational understanding of the ELK Stack architecture and its core components.
- Practical experience with ingesting and visualizing logs using Kibana and Logstash.
- Familiarity with the Linux command line and basic scripting concepts.
Target Audience
- System administrators.
- Infrastructure engineers.
- Technical teams seeking advanced capabilities for log centralization.
Testimonials (2)
The content is very helpful, and the trainer makes it more easier to understand
Ibrahim Al mayahi - Vastech SA
Course - Advanced Elasticsearch and Kibana Administration
the profesionalism of the trainer; the way he tried to respond to all the questions; the review questions we had to ask: engaging us in conversations
