Book Image

Getting Started with Elastic Stack 8.0

By : Asjad Athick
Book Image

Getting Started with Elastic Stack 8.0

By: Asjad Athick

Overview of this book

The Elastic Stack helps you work with massive volumes of data to power use cases in the search, observability, and security solution areas. This three-part book starts with an introduction to the Elastic Stack with high-level commentary on the solutions the stack can be leveraged for. The second section focuses on each core component, giving you a detailed understanding of the component and the role it plays. You’ll start by working with Elasticsearch to ingest, search, analyze, and store data for your use cases. Next, you’ll look at Logstash, Beats, and Elastic Agent as components that can collect, transform, and load data. Later chapters help you use Kibana as an interface to consume Elastic solutions and interact with data on Elasticsearch. The last section explores the three main use cases offered on top of the Elastic Stack. You’ll start with a full-text search and look at real-world outcomes powered by search capabilities. Furthermore, you’ll learn how the stack can be used to monitor and observe large and complex IT environments. Finally, you’ll understand how to detect, prevent, and respond to security threats across your environment. The book ends by highlighting architecture best practices for successful Elastic Stack deployments. By the end of this book, you’ll be able to implement the Elastic Stack and derive value from it.

Related Content you might be interested in

Current Title:

Small book image
Getting Started with Elastic Stack 8.0
Asjad Athick
Mar, 2022 | 474 pages
Small book image
Learning Kibana 7
Bahaaldine Azarmi | Anurag Srivastava
Jul, 2019 | 280 pages
Small book image
Threat Hunting with Elastic Stack
Andrew Pease
Jul, 2021 | 392 pages
Small book image
Learning Elastic Stack 7.0
Pranav Shukla | Sharath Kumar
May, 2019 | 474 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Core Components
Section 1: Core Components
Free Chapter
2
Chapter 1: Introduction to the Elastic Stack
Chapter 1: Introduction to the Elastic Stack
An overview of the Elastic Stack
A note about licensing
What is Elasticsearch?
Introducing Kibana
Collecting and ingesting data
Running the Elastic Stack
Solutions built on the stack
Summary
3
Chapter 2: Installing and Running the Elastic Stack
Chapter 2: Installing and Running the Elastic Stack
Technical requirements
Manual installation of the stack
Automating the installation
Using Elastic Cloud Enterprise (ECE) for orchestration
Running on Kubernetes
Configuration of your lab environment
Summary
4
Section 2: Working with the Elastic Stack
Section 2: Working with the Elastic Stack
5
Chapter 3: Indexing and Searching for Data
Chapter 3: Indexing and Searching for Data
Technical requirements
Understanding the internals of an Elasticsearch index
Elasticsearch nodes
Searching for data
Summary
6
Chapter 4: Leveraging Insights and Managing Data on Elasticsearch
Chapter 4: Leveraging Insights and Managing Data on Elasticsearch
Technical requirements
Getting insights from data using aggregations
Managing the life cycle of time series data
Manipulating incoming data with ingest pipelines
Responding to changing data with Watcher
Summary
7
Chapter 5: Running Machine Learning Jobs on Elasticsearch
Chapter 5: Running Machine Learning Jobs on Elasticsearch
Technical requirements
The value of running machine learning on Elasticsearch
Preparing data for machine learning jobs
Looking for anomalies in time series data
Running classification on data
Inferring against incoming data using machine learning
Summary
8
Chapter 6: Collecting and Shipping Data with Beats
Chapter 6: Collecting and Shipping Data with Beats
Technical requirements
Introduction to Beats agents
Collecting logs using Filebeat
Using Metricbeat to monitor system and application metrics
Monitoring operating system audit data using Auditbeat
Monitoring the uptime and availability of services using Heartbeat
Collecting network traffic data using Packetbeat
Summary
9
Chapter 7: Using Logstash to Extract, Transform, and Load Data
Chapter 7: Using Logstash to Extract, Transform, and Load Data
Technical requirements
Introduction to Logstash
Looking at pipelines for real-world data-processing scenarios
Summary
10
Chapter 8: Interacting with Your Data on Kibana
Chapter 8: Interacting with Your Data on Kibana
Technical requirements
Getting up and running on Kibana
Visualizing data with dashboards
Creating data-driven presentations with Canvas
Working with geospatial datasets using Maps
Responding to changes in data with alerting
Summary
11
Chapter 9: Managing Data Onboarding with Elastic Agent
Chapter 9: Managing Data Onboarding with Elastic Agent
Technical requirements
Tackling the challenges in onboarding new data sources
Managing Elastic Agent at scale with Fleet
Setting up your environment
Summary
12
Section 3: Building Solutions with the Elastic Stack
Section 3: Building Solutions with the Elastic Stack
13
Chapter 10: Building Search Experiences Using the Elastic Stack
Chapter 10: Building Search Experiences Using the Elastic Stack
Technical requirements
An introduction to full-text searching
Implementing features to improve the search experience
Summary
14
Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack
Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack
Technical requirements
An introduction to observability
Observing your environment
Instrumenting your application performance
Summary
15
Chapter 12: Security Threat Detection and Response Using the Elastic Stack
Chapter 12: Security Threat Detection and Response Using the Elastic Stack
Technical requirements
Building security capability to protect your organization
Building a SIEM for your SOC
Leveraging endpoint detection and response in your SOC
Summary
16
Chapter 13: Architecting Workloads on the Elastic Stack
Chapter 13: Architecting Workloads on the Elastic Stack
Architecting workloads on Elastic Stack
Architectures to handle complex requirements
Implementing successful deployments of the Elastic Stack
Summary
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Looking for anomalies in time series data

Given the logs in the webapp index, there is some concern that there was some potentially undesired activity happening on the application. This could be completely benign or have malicious consequences. This section will look at how a series of machine learning jobs can be implemented to better understand and analyze the activity in the logs.

Looking for anomalous event rates in application logs

We will use a single-metric machine learning job to build a baseline for the number of log events generated by the application during normal operation.

Follow these steps to configure the job:

  1. Open the machine learning app from the navigation menu and click on the Anomaly Detection tab.
  2. Click on Create job and select the webapp data view. You could optionally use a saved search here with predefined filters applied to narrow down the data used for the job.
  3. Create a single-metric job as we're only interested in the event...
Previous Section
End of Section 5
Next Section