book

Getting Started with Elastic Stack 8.0

by Asjad Athick

March 2022

Beginner to intermediate

474 pages

9h 18m

English

Packt Publishing

Read now

Unlock full access

ForewordContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesDownload the color imagesConventions usedGet in touchShare Your Thoughts
An overview of the Elastic StackThe evolution of the Elastic StackA note about licensingWhat is Elasticsearch?When to use ElasticsearchArchitectural characteristics of ElasticsearchWhen Elasticsearch may not be the right toolIntroducing KibanaCollecting and ingesting dataCollecting data from across your environment using BeatsCentralized extraction and transformation and loading your data with LogstashDeciding between using Beats and LogstashRunning the Elastic StackStandalone deploymentsElastic CloudSolutions built on the stackEnterprise SearchSecurityObservabilitySummary
Technical requirementsManual installation of the stackInstalling on LinuxAutomating the installationUsing Ansible for automationUsing Elastic Cloud Enterprise (ECE) for orchestrationECE architectureProxiesECE installation sizeInstalling ECECreating your deployment on ECERunning on KubernetesConfiguration of your lab environmentSummary
Technical requirementsUnderstanding the internals of an Elasticsearch indexInside an indexElasticsearch nodesMaster-eligible nodesVoting-only nodes Data nodes Ingest nodesCoordinator nodesMachine learning nodesElasticsearch clustersSearching for dataIndexing sample logsRunning queries on your dataSummary
Technical requirementsGetting insights from data using aggregationsManaging the life cycle of time series dataThe usefulness of data over timeIndex Lifecycle ManagementUsing data streams to manage time series dataManipulating incoming data with ingest pipelinesCommon use cases for ingest pipelinesResponding to changing data with WatcherGetting started with WatcherCommon use cases for WatcherSummary
Technical requirementsThe value of running machine learning on ElasticsearchPreparing data for machine learning jobsMachine learning conceptsLooking for anomalies in time series dataLooking for anomalous event rates in application logsLooking for anomalous data transfer volumesComparing the behavior of source IP addresses against the population Running classification on dataPredicting maliciously crafted requests using classificationInferring against incoming data using machine learningSummary
Technical requirementsIntroduction to Beats agentsCollecting logs using FilebeatUsing Metricbeat to monitor system and application metricsMonitoring operating system audit data using AuditbeatMonitoring the uptime and availability of services using HeartbeatCollecting network traffic data using PacketbeatSummary

Technical requirementsIntroduction to LogstashUnderstanding how Logstash worksConfiguring your Logstash instanceRunning your first pipelineLooking at pipelines for real-world data-processing scenariosLoading data from CSV files into ElasticsearchParsing Syslog data sourcesEnriching events with contextual dataAggregating event streams into a single eventProcessing custom logs collected by Filebeat using LogstashSummary
Technical requirementsGetting up and running on KibanaSolutions in KibanaKibana data viewsVisualizing data with dashboardsCreating data-driven presentations with CanvasWorking with geospatial datasets using MapsResponding to changes in data with alertingThe anatomy of an alertCreating alerting rulesSummary
Technical requirementsTackling the challenges in onboarding new data sourcesUnified data collection using a single agentManaging Elastic Agent at scale with FleetAgent policies and integrationsSetting up your environmentPreparing your Elasticsearch deployment for FleetSetting up Fleet Server to manage your agentsCollecting data from your web server using Elastic AgentUsing integrations to collect dataSummary
Technical requirementsAn introduction to full-text searchingAnalyzing text for a searchRunning searchesImplementing features to improve the search experienceAutocompleting search queriesSuggesting search terms for queriesUsing filters to narrow down search resultsPaginating large result setsOrdering search resultsPutting it all together to implement recipe search functionalitySummary
Technical requirementsAn introduction to observabilityMetricsLogsTracesSynthetic and real user monitoringObserving your environmentInfrastructure-level visibilityPlatform-level visibilityHost- and operating system-level visibilityMonitoring your software workloadsLeveraging out-of-the-box content for observability dataInstrumenting your application performanceConfiguring APM to instrument your codeSummary
Technical requirementsBuilding security capability to protect your organizationConfidentialityIntegrityAvailabilityBuilding a SIEM for your SOCCollecting data from a range of hosts and source systemsMonitoring and detecting security threats in near real timeAllowing analysts to work and investigate collaborativelyApplying threat intelligence and data enrichment to contextualize your alertsEnabling teams to hunt for adversarial behavior in the environmentProviding alerting, integrations, and response actionsEasily scaling with data volumes over suitable data retention periodsLeveraging endpoint detection and response in your SOCMalwareRansomwareMemory threatsMalicious behaviorSummary
Architecting workloads on Elastic StackDesigning for high availabilityScaling your workloads with your dataRecovering your workloads from disasterSecuring your workloads on Elastic StackArchitectures to handle complex requirementsFederating searches across different Elasticsearch deploymentsReplicating data between your Elasticsearch deploymentsUsing tiered data architectures for your deploymentImplementing successful deployments of the Elastic StackSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts