Overview
This instructor-led, live training is aimed at system administrators who wish to set up an ELK stack (Elasticsearch, Logstash, Kibana). Note that a minimum of 3 delegates is needed for this course to run.
The training starts with a discussion of ELK architecture and functionality, then moves on to live lab implementation and practice. Hands-on exercises make up an important part of the training and give participants a chance to put into practice their knowledge while receiving feedback on their progress.
Format of the course
- Heavy emphasis on live practice
- Most of the concepts are learned through exercises and hands-on implementation and deployment
Requirements
- System administration experience
- Familiarity with the Linux command line
- No previous experience with Elasticsearch is required
Audience
- System administrators
Course Outline
Introduction
- Elastic Stack Overview (ELK)
Elasticsearch
Overview:
- What and Why
- Terminology: Documents, Index, Shards, Node, Cluster, Scale Up/Out
Operate: Configuring & Deploying
- Configuring Elasticsearch
- Deploying Elasticsearch
- Lab
Node: Discovery, Types, and Cluster State
- Distributed Model and Discovery
- Master, Data, Client, and Tribe Nodes
- Master Election and Minimum Master Nodes
- Cluster State
- Shard Allocation
Backup: Snapshot and Restore
- High Availability vs. Backup
- Repository, Snapshot, and Restore
- Internals
Production Monitoring
- Alerting Best Practices
- JVM
- Query Performance
- Thread Pools
- Diagnosing Problems
Production Operational Best Practices
- Memory
- Networking
- Disk
- Security
- Cluster Restart (Rolling and Full)
Logstash
- What and Why
- Configuration
- Inputs, Filters, and Outputs
- Installation and configuration
- Backup and restore
- Cluster and availability nuances
- Best practices
Kibana
- What and Why
- Configuration Settings
- Time Picker, Search, and Filters
- Kibana Discover, Visualization, and Dashboard Interfaces
- Installation and configuration
- Backup and restore
- Cluster and availability nuances
- Best practices
Filebeat
- Logs and problems
- Filebeat architecture
- Installation and configuration
- Backup and restore
- Cluster and availability nuances
- Best practices
Summary and Conclusion