Course Outline
Introduction
- General overview of the Elastic Stack (ELK)
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of the current architecture for government at Altor CB
- ELK architecture: Elasticsearch, Logstash, Kibana, Beats
- Ingest node vs. Logstash for government
- Scalability and performance considerations in on-premise installations for government
- Administration best practices for government
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and use of Filebeat, Auditbeat, Winlogbeat, and Packetbeat for government
- Secure shipping with SSL for government
- Preconfigured modules vs. custom inputs for government
- Integration with Logstash and Ingest Pipelines for government
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Ingesting custom logs from applications for government
- Using Logstash for data parsing and transformation for government
- Use of filters: grok, dissect, kv, mutate, date for government
- Database connections (Oracle, PostgreSQL, SQL Server) using JDBC input plugin for government
- Practical cases: error logs, audit trails, traces, slow queries for government
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax in Kibana for government
- Use of regular expressions (regex) for government
- Filters and OR/AND combinations for government
- Nested fields and arrays for government
- Saving reusable queries and filters for government
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Visualization types: bar, line, maps, tables for government
- Aggregations and metrics for government
- Dynamic filters, controls, and drill-down features for government
- Dashboard sharing for government
- Exercises: creating dashboards from database and system logs for government
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts) for government
- Creating custom conditions and triggers for government
- Email output configuration for government
- Exercise: send alert when a critical event is detected in Windows or database logs for government
Module 7: User and Permission Management (2 hours)
- Introduction to X-Pack and free options for government
- Creating users and roles for government
- Access control by index, dashboard, and query for government
- Exercise: define roles for audit and operations for government
Module 8: Elasticsearch REST API (3 hours)
- Foundations of Elasticsearch RESTful API for government
- GET / POST queries for government
- Manual and automated indexing for government
- Using tools like curl and Postman for government
- Exercises: searching, inserting, deleting, and updating documents for government
Summary and Next Steps
Requirements
- An understanding of the fundamental architecture and components of the ELK Stack for government use.
- Experience with ingesting and visualizing logs using Kibana and Logstash in a public sector environment.
- Familiarity with Linux command line operations and basic scripting techniques.
Audience
- System administrators for government agencies.
- Infrastructure engineers responsible for government IT systems.
- Technical teams within the public sector seeking advanced log centralization capabilities.
Testimonials (5)
The content is very helpful, and the trainer makes it more easier to understand
Ibrahim Al mayahi - Vastech SA
Course - Advanced Elasticsearch and Kibana Administration
the practice learning
Presiyan Petrov
Course - ELK Training
Marcin knew exactly what he talking about and had proper hands on in-depth experience with the tools. He had answers to all our questions and made some really strong recommendations that we could start working towards with future projects and uses.
Conor Glasman - Quidco
Course - Elasticsearch for Developers
I enjoyed the exercices gives a good insight.
Andreas Kukacka
Course - ELK: Elasticsearch, Logstash and Kibana for Administrators
I genuinely liked learning a new skill.
