ELK (Elastic) Stack

ELK (Elastic) stack is an Open Source observability platform that is made of products from Elastic company namely Elasticsearch, Logstash, Kibana, and Beats.

Contact

Course content

Introduction to ELK

  • What is Observability?
  • Understanding Observability
    • Log Data for Observability
    • Metric Data for Observability
    • Performance Data for Observability
    • Benefits of Observability
    • How to Choose an Observability Platform?
  • What is Log Management?
    • Major Log Management Tools
  • What is Security Information & Event Management (SIEM)?
    • Major SIEM Tools
  • What is Application Performance Management (APM)?
    • Major APM Tools
  • What is Infrastructure Monitoring?
    • Major Infrastructure Monitoring Tools
  • What is ELK?
    • Managed ELK Services
  • History of ELK

Key Components in ELK

  • Elasticsearch
  • Logstash
  • Kibana
  • Beats
    • Auditbeat
    • Filebeat
    • Functionbeat
    • Heartbeat
    • Metricbeat
    • Packetbeat
    • Winlogbeat
    • APM

Overview of ELK

  • Architecture of ELK-managed Observability
  • ELK vs Splunk vs Sumo Logic in Terms of Log Management and SIEM
  • ELK vs NewRelic in Terms of APM
  • ELK vs Grafana vs Nagios in Terms of Infrastructure Monitoring

FAQ on ELK

Prerequisites for ELK

Elasticsearch

  • What is the Purpose of Elasticsearch?
  • Key Components in Elasticsearch
  • Using Docker Containers as Elasticsearch Nodes
  • Install Elasticsearch
  • Significance of Elasticsearch Programs
  • Configure Elasticsearch
  • Configure Highly Scalable Elasticsearch
  • Understanding Elasticsearch System Paths
  • Manage Elasticsearch

Logstash

  • What is the Purpose of Logstash?
  • Key Components in Logstash
  • Using Docker Containers as Logstash Nodes
  • Install Logstash
  • Significance of Logstash Programs
  • Configure Logstash
  • Understanding Logstash System Paths
  • Manage Logstash

Kibana

  • What is the Purpose of Kibana?
  • Key Components in Kibana
  • Using Docker Containers as Kibana Nodes
  • Install Kibana
  • Significance of Kibana Programs
  • Configure Kibana
  • Understanding Kibana System Paths
  • Manage Kibana

APM

  • What is the Purpose of APM?
  • Key Components in APM
  • Using Docker Containers as APM Nodes
  • Install APM
  • Significance of APM Programs
  • Configure APM
  • Understanding APM System Paths
  • Manage APM

Filebeat

  • What is the Purpose of Filebeat?
  • Key Components in Filebeat
  • Install Filebeat
  • Significance of Filebeat Programs
  • Configure Filebeat
  • Understanding Filebeat System Paths
  • What is Filebeat Module?
  • Key Components in Filebeat Module
  • Structure of Filebeat Module
  • Writing Filebeat Module
  • Manage Filebeat

Metricbeat

  • What is the Purpose of Metricbeat?
  • Install Metricbeat
  • Significance of Metricbeat Programs
  • Configure Metricbeat
  • Understanding Metricbeat System Paths
  • Manage Metricbeat

Heartbeat

  • What is the Purpose of Heartbeat?
  • Install Heartbeat
  • Significance of Heartbeat Programs
  • Configure Heartbeat
  • Understanding Heartbeat System Paths
  • Manage Heartbeat

Using Kibana

  • Index Pattern
    • What is the Purpose of Index Pattern?
    • Create Index Pattern
  • Discover
    • What is the Purpose of Discover?
    • Execute Lucene Queries on Discover
  • Visualize
    • What is the Purpose of Visualize?
    • Create Timelion Visualization
    • Create Guage Visualization
    • Create Pie Visualization
  • Dashboard
    • What is the Purpose of Dashboard?
    • Create Dashboard
  • Infrastructure
  • APM
  • Logs
  • Uptime
  • Dev Tools
  • Monitoring
  • Watcher
    • What is the Purpose of Watcher?
    • Setup & Configure Slack
    • Create Alert on Watcher
  • Simulate Traffic to App

Case Studies

  • Analyzing SloopEngine Log Data using ELK
  • Analyzing SloopEngine Metric Data using ELK

Interview on ELK

Key aspects

Prerequisites

  • A machine running Linux Ubuntu 18.04 LTS as host operating system. Don't panic, we'll help you in this.
  • Machine hardware requirements are minimum 12GB RAM, 4 CPU cores, and 100GB storage.
  • Must have exceptional knowledge on Linux-based operating systems and it's commands.

Objective

The main objective of the ELK course is to help you collect log, metric, and performance data of sample CRM app service running on Docker containers. We use the Beats framework to collect and push the data to Logstash, whereas Logstash parses the data and indexes it to Elasticsearch for building visualizations and dashboards on the Kibana user interface. The CRM app is built on Python Flask micro framework and uses Redis as a database.

Audience

Anyone from the IT/software industry who is passionate and willing to perform observability using log data, metric data, and performance data can start learning ELK. It doesn't matter whether you are a fresher or an experienced candidate, we always start from ground zero.

Activities

  • You do hands-on from day one.
  • We do digital whiteboarding to make you understand concepts and real-time implementations.
  • You can ask questions, participate in discussions, and get solutions for complex problems.
  • We deal with a variety of use cases and case studies.
  • We do deep diving on all topics.