Book Image

Getting Started with Elastic Stack 8.0

By : Asjad Athick
5 (1)
Book Image

Getting Started with Elastic Stack 8.0

5 (1)
By: Asjad Athick

Overview of this book

The Elastic Stack helps you work with massive volumes of data to power use cases in the search, observability, and security solution areas. This three-part book starts with an introduction to the Elastic Stack with high-level commentary on the solutions the stack can be leveraged for. The second section focuses on each core component, giving you a detailed understanding of the component and the role it plays. You’ll start by working with Elasticsearch to ingest, search, analyze, and store data for your use cases. Next, you’ll look at Logstash, Beats, and Elastic Agent as components that can collect, transform, and load data. Later chapters help you use Kibana as an interface to consume Elastic solutions and interact with data on Elasticsearch. The last section explores the three main use cases offered on top of the Elastic Stack. You’ll start with a full-text search and look at real-world outcomes powered by search capabilities. Furthermore, you’ll learn how the stack can be used to monitor and observe large and complex IT environments. Finally, you’ll understand how to detect, prevent, and respond to security threats across your environment. The book ends by highlighting architecture best practices for successful Elastic Stack deployments. By the end of this book, you’ll be able to implement the Elastic Stack and derive value from it.
Table of Contents (18 chapters)
1
Section 1: Core Components
4
Section 2: Working with the Elastic Stack
12
Section 3: Building Solutions with the Elastic Stack

Looking for anomalies in time series data

Given the logs in the webapp index, there is some concern that there was some potentially undesired activity happening on the application. This could be completely benign or have malicious consequences. This section will look at how a series of machine learning jobs can be implemented to better understand and analyze the activity in the logs.

Looking for anomalous event rates in application logs

We will use a single-metric machine learning job to build a baseline for the number of log events generated by the application during normal operation.

Follow these steps to configure the job:

  1. Open the machine learning app from the navigation menu and click on the Anomaly Detection tab.
  2. Click on Create job and select the webapp data view. You could optionally use a saved search here with predefined filters applied to narrow down the data used for the job.
  3. Create a single-metric job as we're only interested in the event...