Advanced ELK Stack for Log Management and Centralization Training Course

Elastic Stack (ELK) is a powerful platform for searching, analyzing, and visualizing log data in real-time from multiple sources.

This instructor-led, live training (online or onsite) is aimed at intermediate-level IT professionals who wish to deepen their ELK expertise for managing distributed log data, automating alerts, and creating advanced visualizations and dashboards.

By the end of this training, participants will be able to:

Configure advanced ingestion and parsing flows from multiple sources including databases.
Create customized Kibana dashboards for different teams or use cases.
Implement email notifications and condition-based alerts.
Use regular expressions to improve search precision in logs.
Manage user roles and access rights for secure log environments.
Interact with the Elasticsearch REST API for automation and integration.

Format of the Course

Interactive lecture and discussion.
Lots of exercises and practice.
Hands-on implementation in a live-lab environment.

Course Customization Options

To request a customized training for this course, please contact us to arrange.

This course is available as onsite live training in Ireland or online live training.

Thank you for sending your enquiry! One of our team members will contact you shortly.

Thank you for sending your booking! One of our team members will contact you shortly.

Course Outline

Introduction

General overview of the Elastic Stack (ELK)

Module 1: ELK Stack Architecture and Review of Existing Environment

Review of the current architecture of Altor CB
ELK architecture: Elasticsearch, Logstash, Kibana, Beats
Ingest node vs. Logstash
Scalability and performance considerations in on-premise installations
Administration best practices

Module 2: Beats – Distributed Monitoring (2 hours)

Configuration and use of Filebeat, Auditbeat, Winlogbeat, and Packetbeat
Secure shipping with SSL
Preconfigured modules vs. custom inputs
Integration with Logstash and Ingest Pipelines

Module 3: Parsing and Ingesting Logs from Applications and Databases (4 hours)

Ingesting custom logs from applications
Using Logstash for data parsing and transformation
Use of filters: grok, dissect, kv, mutate, date
Database connections (Oracle, PostgreSQL, SQL Server) using JDBC input plugin
Practical cases: error logs, audit trails, traces, slow queries

Module 4: Advanced Search and Regular Expressions (2 hours)

Advanced search syntax in Kibana
Use of regular expressions (regex)
Filters and OR/AND combinations
Nested fields and arrays
Saving reusable queries and filters

Module 5: Custom Dashboards and Visualizations in Kibana (3 hours)

Visualization types: bar, line, maps, tables
Aggregations and metrics
Dynamic filters, controls, and drill-down features
Dashboard sharing
Exercises: creating dashboards from database and system logs

Module 6: Alerts and Email Notifications (3 hours)

Introduction to Watcher and alternatives (ElastAlert, Kibana Alerts)
Creating custom conditions and triggers
Email output configuration
Exercise: send alert when a critical event is detected in Windows or database logs

Module 7: User and Permission Management (2 hours)

Introduction to X-Pack and free options
Creating users and roles
Access control by index, dashboard, and query
Exercise: define roles for audit and operations

Module 8: Elasticsearch REST API (3 hours)

Foundations of Elasticsearch RESTful API
GET / POST queries
Manual and automated indexing
Using tools like curl and Postman
Exercises: searching, inserting, deleting, and updating documents

Summary and Next Steps

Requirements

An understanding of the basic ELK Stack architecture and components
Experience with ingesting and visualizing logs using Kibana and Logstash
Familiarity with Linux command line and basic scripting

Audience

System administrators
Infrastructure engineers
Technical teams seeking advanced log centralization capabilities

21 Hours

Delivery Options

Private Group Training

Our identity is rooted in delivering exactly what our clients need.

Pre-course call with your trainer
Customisation of the learning experience to achieve your goals -

Bespoke outlines
Practical hands-on exercises containing data / scenarios recognisable to the learners

Training scheduled on a date of your choice
Delivered online, onsite/classroom or hybrid by experts sharing real world experience

Private Group Prices RRP from €6840 online delivery, based on a group of 2 delegates, €2160 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.

Public Training

Please see our public courses

Need help picking the right course?

Testimonials (4)

it is all

Assad Alshabibi - Vastech SA

Course - Advanced Elasticsearch and Kibana Administration

I thought the training was very thorough and while we covered a lot of material, Martin made ample time for questions and gave good focus to each individual and their different requirements.