Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction
- General overview of the Elastic Stack (ELK)
Module 1: ELK Stack Architecture and Review of Existing Environment
- Review of the current architecture of Altor CB
- ELK architecture: Elasticsearch, Logstash, Kibana, Beats
- Ingest node vs. Logstash
- Scalability and performance considerations in on-premise installations
- Administration best practices
Module 2: Beats – Distributed Monitoring (2 hours)
- Configuration and use of Filebeat, Auditbeat, Winlogbeat, and Packetbeat
- Secure shipping with SSL
- Preconfigured modules vs. custom inputs
- Integration with Logstash and Ingest Pipelines
Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)
- Ingesting custom logs from applications
- Using Logstash for data parsing and transformation
- Use of filters: grok, dissect, kv, mutate, date
- Database connections (Oracle, PostgreSQL, SQL Server) using JDBC input plugin
- Practical cases: error logs, audit trails, traces, slow queries
Module 4: Advanced Search and Regular Expressions (2 hours)
- Advanced search syntax in Kibana
- Use of regular expressions (regex)
- Filters and OR/AND combinations
- Nested fields and arrays
- Saving reusable queries and filters
Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)
- Visualization types: bar, line, maps, tables
- Aggregations and metrics
- Dynamic filters, controls, and drill-down features
- Dashboard sharing
- Exercises: creating dashboards from database and system logs
Module 6: Alerts and Email Notifications (3 hours)
- Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts)
- Creating custom conditions and triggers
- Email output configuration
- Exercise: send alert when a critical event is detected in Windows or database logs
Module 7: User and Permission Management (2 hours)
- Introduction to X-Pack and free options
- Creating users and roles
- Access control by index, dashboard, and query
- Exercise: define roles for audit and operations
Module 8: Elasticsearch REST API (3 hours)
- Foundations of Elasticsearch RESTful API
- GET / POST queries
- Manual and automated indexing
- Using tools like curl and Postman
- Exercises: searching, inserting, deleting, and updating documents
Summary and Next Steps
Requirements
- An understanding of the basic ELK Stack architecture and components
- Experience with ingesting and visualizing logs using Kibana and Logstash
- Familiarity with Linux command line and basic scripting
Audience
- System administrators
- Infrastructure engineers
- Technical teams seeking advanced log centralization capabilities
21 Hours
Delivery Options
Private Group Training
Our identity is rooted in delivering exactly what our clients need.
- Pre-course call with your trainer
- Customisation of the learning experience to achieve your goals -
- Bespoke outlines
- Practical hands-on exercises containing data / scenarios recognisable to the learners
- Training scheduled on a date of your choice
- Delivered online, onsite/classroom or hybrid by experts sharing real world experience
Private Group Prices RRP from €6840 online delivery, based on a group of 2 delegates, €2160 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.
Contact us for an exact quote and to hear our latest promotions
Public Training
Please see our public courses
Testimonials (3)
I thought the training was very thorough and while we covered a lot of material, Martin made ample time for questions and gave good focus to each individual and their different requirements.
Jean Thysse - Quidco
Course - Elasticsearch for Developers
I enjoyed the exercices gives a good insight.
Andreas Kukacka
Course - ELK: Elasticsearch, Logstash and Kibana for Administrators
I genuinely liked learning a new skill.
