In this chapter, we will cover best practices for Elastic Stack. These practices are very important to optimize Elastic Stack performance and to avoid security threats. Elastic Stack best practices are there to ensure that we follow the proper ways for data handling in Logstash, Elasticsearch, and Kibana. There are different aspects where we need to ensure best practices, such as avoiding large documents and unrelated data in the same index and returning large result sets.
We will cover different aspects of, and best practices for, Kibana, Elasticsearch, and Logstash. In this chapter, we will cover why a test environment is required for our Elastic Stack setup, why we should pick the right time filter field, and why we should avoid indexing large documents. After that, we will discuss sparsity and different ways to avoid it, such as normalizing the document, avoiding unrelated data in the same index, and avoiding different document types in an index.