Getting Started with Elastic Stack 8.0

By : Asjad Athick

Getting Started with Elastic Stack 8.0

By: Asjad Athick

Overview of this book

The Elastic Stack helps you work with massive volumes of data to power use cases in the search, observability, and security solution areas. This three-part book starts with an introduction to the Elastic Stack with high-level commentary on the solutions the stack can be leveraged for. The second section focuses on each core component, giving you a detailed understanding of the component and the role it plays. You’ll start by working with Elasticsearch to ingest, search, analyze, and store data for your use cases. Next, you’ll look at Logstash, Beats, and Elastic Agent as components that can collect, transform, and load data. Later chapters help you use Kibana as an interface to consume Elastic solutions and interact with data on Elasticsearch. The last section explores the three main use cases offered on top of the Elastic Stack. You’ll start with a full-text search and look at real-world outcomes powered by search capabilities. Furthermore, you’ll learn how the stack can be used to monitor and observe large and complex IT environments. Finally, you’ll understand how to detect, prevent, and respond to security threats across your environment. The book ends by highlighting architecture best practices for successful Elastic Stack deployments. By the end of this book, you’ll be able to implement the Elastic Stack and derive value from it.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Share Your Thoughts

Section 1: Core Components

Free Chapter

Chapter 1: Introduction to the Elastic Stack

An overview of the Elastic Stack

A note about licensing

What is Elasticsearch?

Introducing Kibana

Collecting and ingesting data

Running the Elastic Stack

Solutions built on the stack

Summary

Chapter 2: Installing and Running the Elastic Stack

Technical requirements

Manual installation of the stack

Automating the installation

Using Elastic Cloud Enterprise (ECE) for orchestration

Running on Kubernetes

Configuration of your lab environment

Summary

Section 2: Working with the Elastic Stack

Chapter 3: Indexing and Searching for Data

Technical requirements

Understanding the internals of an Elasticsearch index

Elasticsearch nodes

Searching for data

Summary

Chapter 4: Leveraging Insights and Managing Data on Elasticsearch

Technical requirements

Getting insights from data using aggregations

Managing the life cycle of time series data

Manipulating incoming data with ingest pipelines

Responding to changing data with Watcher

Summary

Chapter 5: Running Machine Learning Jobs on Elasticsearch

Technical requirements

The value of running machine learning on Elasticsearch

Preparing data for machine learning jobs

Looking for anomalies in time series data

Running classification on data

Inferring against incoming data using machine learning

Summary

Chapter 6: Collecting and Shipping Data with Beats

Technical requirements

Introduction to Beats agents

Collecting logs using Filebeat

Using Metricbeat to monitor system and application metrics

Monitoring operating system audit data using Auditbeat

Monitoring the uptime and availability of services using Heartbeat

Collecting network traffic data using Packetbeat

Summary

Chapter 7: Using Logstash to Extract, Transform, and Load Data

Technical requirements

Introduction to Logstash

Looking at pipelines for real-world data-processing scenarios

Summary

Chapter 8: Interacting with Your Data on Kibana

Technical requirements

Getting up and running on Kibana

Visualizing data with dashboards

Creating data-driven presentations with Canvas

Working with geospatial datasets using Maps

Responding to changes in data with alerting

Summary

Chapter 9: Managing Data Onboarding with Elastic Agent

Technical requirements

Tackling the challenges in onboarding new data sources

Managing Elastic Agent at scale with Fleet

Setting up your environment

Summary

Section 3: Building Solutions with the Elastic Stack

Chapter 10: Building Search Experiences Using the Elastic Stack

Technical requirements

An introduction to full-text searching

Implementing features to improve the search experience

Summary

Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack

Technical requirements

An introduction to observability

Observing your environment

Instrumenting your application performance

Summary

Chapter 12: Security Threat Detection and Response Using the Elastic Stack

Technical requirements

Building security capability to protect your organization

Building a SIEM for your SOC

Leveraging endpoint detection and response in your SOC

Summary

Chapter 13: Architecting Workloads on the Elastic Stack

Architecting workloads on Elastic Stack

Architectures to handle complex requirements

Implementing successful deployments of the Elastic Stack

Summary

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Preface

A core aspect of working in any IT environment is the ability to make sense of and use large amounts of data. Every single component in your environment generates data about its state, warnings or errors that were encountered, and vital health and diagnostic information about the component. The ability to collect, analyze, correlate, and visualize this data is key to the operational resiliency as well as security of your organization.

The Elastic Stack has deep roots in the world of search. Elasticsearch is a powerful and ultra-scalable search engine and data store that gives users the ability to ingest and search across massive volumes of data. The flexibility of Elasticsearch allows users to build simple experiences to find what they are looking for in large repositories of data.

The Elastic Stack is a collection of technologies that can collect data from any source system, transform the data to make it useful, and give users the ability to understand and derive insights from the data to enable a range of use cases. Today, the Elastic Stack consists of Beats, Logstash, and Elastic Agent as collection and transformation tools; Elasticsearch as a search and analytics engine; and Kibana as a tool to build solutions around your data. The Elastic Stack has become a de facto standard when it comes to collecting and analyzing data, used widely in open source as well as enterprise and commercial projects.

The main goal of this book is to simplify and optimize your experience as you get started with this technology. The flexibility of the Elastic Stack means there is more than one way to solve a given problem. The nature of the individual core components also means that the guides and reference materials available focus on technical capability and not the solutions or outcomes that can be built.

This book aims to give you a robust introduction and understanding of the core components and how they work together to solve problems in the realms of search, observability, and security. It also focuses on the most up-to-date best practices and approaches to implementing your solution using the stack.

Use this book to give yourself a head start on your Elastic Stack projects. You will understand the capabilities of the stack and build your solutions to evolve and grow alongside your environment, as well as using the insights in your data to best serve your users while delivering value to your organization.

Getting Started with Elastic Stack 8.0

By : Asjad Athick

Getting Started with Elastic Stack 8.0

By: Asjad Athick

Overview of this book

Related Content you might be interested in

Current Title:

Getting Started with Elastic Stack 8.0

Learning Kibana 7

Threat Hunting with Elastic Stack

Learning Elastic Stack 7.0

Preface