Course Outline

Introduction

  • General overview of the Elastic Stack (ELK)

Module 1: ELK Stack Architecture and Review of Existing Environment

  • Review of the current architecture of Altor CB
  • ELK architecture: Elasticsearch, Logstash, Kibana, Beats
  • Ingest node vs. Logstash
  • Scalability and performance considerations in on-premise installations
  • Administration best practices

Module 2: Beats – Distributed Monitoring (2 hours)

  • Configuration and use of Filebeat, Auditbeat, Winlogbeat, and Packetbeat
  • Secure shipping with SSL
  • Preconfigured modules vs. custom inputs
  • Integration with Logstash and Ingest Pipelines

Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)

  • Ingesting custom logs from applications
  • Using Logstash for data parsing and transformation
  • Use of filters: grok, dissect, kv, mutate, date
  • Database connections (Oracle, PostgreSQL, SQL Server) using JDBC input plugin
  • Practical cases: error logs, audit trails, traces, slow queries

Module 4: Advanced Search and Regular Expressions (2 hours)

  • Advanced search syntax in Kibana
  • Use of regular expressions (regex)
  • Filters and OR/AND combinations
  • Nested fields and arrays
  • Saving reusable queries and filters

Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)

  • Visualization types: bar, line, maps, tables
  • Aggregations and metrics
  • Dynamic filters, controls, and drill-down features
  • Dashboard sharing
  • Exercises: creating dashboards from database and system logs

Module 6: Alerts and Email Notifications (3 hours)

  • Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts)
  • Creating custom conditions and triggers
  • Email output configuration
  • Exercise: send alert when a critical event is detected in Windows or database logs

Module 7: User and Permission Management (2 hours)

  • Introduction to X-Pack and free options
  • Creating users and roles
  • Access control by index, dashboard, and query
  • Exercise: define roles for audit and operations

Module 8: Elasticsearch REST API (3 hours)

  • Foundations of Elasticsearch RESTful API
  • GET / POST queries
  • Manual and automated indexing
  • Using tools like curl and Postman
  • Exercises: searching, inserting, deleting, and updating documents

Summary and Next Steps

Requirements

  • An understanding of the basic ELK Stack architecture and components
  • Experience with ingesting and visualizing logs using Kibana and Logstash
  • Familiarity with Linux command line and basic scripting

Audience

  • System administrators
  • Infrastructure engineers
  • Technical teams seeking advanced log centralization capabilities
 21 Hours

Number of participants


Price per participant

회원 평가 (3)

Upcoming Courses

Related Categories