Getting Started with Elastic Stack 8.0: Run powerful and scalable data platforms to search, observe, and secure your organization
- Length: 474 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-03-23
- ISBN-10: 1800569491
- ISBN-13: 9781800569492
- Sales Rank: #474130 (See Top 100 Books)
Use the Elastic Stack for search, security, and observability-related use cases while working with large amounts of data on-premise and on the cloud
Key Features
- Learn the core components of the Elastic Stack and how they work together
- Build search experiences, monitor and observe your environments, and defend your organization from cyber attacks
- Get to grips with common architecture patterns and best practices for successfully deploying the Elastic Stack
Book Description
The Elastic Stack helps you work with massive volumes of data to power use cases in the search, observability, and security solution areas.
This three-part book starts with an introduction to the Elastic Stack with high-level commentary on the solutions the stack can be leveraged for. The second section focuses on each core component, giving you a detailed understanding of the component and the role it plays. You’ll start by working with Elasticsearch to ingest, search, analyze, and store data for your use cases. Next, you’ll look at Logstash, Beats, and Elastic Agent as components that can collect, transform, and load data. Later chapters help you use Kibana as an interface to consume Elastic solutions and interact with data on Elasticsearch. The last section explores the three main use cases offered on top of the Elastic Stack. You’ll start with a full-text search and look at real-world outcomes powered by search capabilities. Furthermore, you’ll learn how the stack can be used to monitor and observe large and complex IT environments. Finally, you’ll understand how to detect, prevent, and respond to security threats across your environment. The book ends by highlighting architecture best practices for successful Elastic Stack deployments.
By the end of this book, you’ll be able to implement the Elastic Stack and derive value from it.
What you will learn
- Configure Elasticsearch clusters with different node types for various architecture patterns
- Ingest different data sources into Elasticsearch using Logstash, Beats, and Elastic Agent
- Build use cases on Kibana including data visualizations, dashboards, machine learning jobs, and alerts
- Design powerful search experiences on top of your data using the Elastic Stack
- Secure your organization and learn how the Elastic SIEM and Endpoint Security capabilities can help
- Explore common architectural considerations for accommodating more complex requirements
Who this book is for
Developers and solutions architects looking to get hands-on experience with search, security, and observability-related use cases on the Elastic Stack will find this book useful. This book will also help tech leads and product owners looking to understand the value and outcomes they can derive for their organizations using Elastic technology. No prior knowledge of the Elastic Stack is required.
Getting Started with Elastic Stack 8.0 Foreword Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Core Components Chapter 1: Introduction to the Elastic Stack An overview of the Elastic Stack The evolution of the Elastic Stack A note about licensing What is Elasticsearch? When to use Elasticsearch Architectural characteristics of Elasticsearch When Elasticsearch may not be the right tool Introducing Kibana Collecting and ingesting data Collecting data from across your environment using Beats Centralized extraction and transformation and loading your data with Logstash Deciding between using Beats and Logstash Running the Elastic Stack Standalone deployments Elastic Cloud Solutions built on the stack Enterprise Search Security Observability Summary Chapter 2: Installing and Running the Elastic Stack Technical requirements Manual installation of the stack Installing on Linux Automating the installation Using Ansible for automation Using Elastic Cloud Enterprise (ECE) for orchestration ECE architecture Proxies ECE installation size Installing ECE Creating your deployment on ECE Running on Kubernetes Configuration of your lab environment Summary Section 2: Working with the Elastic Stack Chapter 3: Indexing and Searching for Data Technical requirements Understanding the internals of an Elasticsearch index Inside an index Elasticsearch nodes Master-eligible nodes Voting-only nodes Data nodes Ingest nodes Coordinator nodes Machine learning nodes Elasticsearch clusters Searching for data Indexing sample logs Running queries on your data Summary Chapter 4: Leveraging Insights and Managing Data on Elasticsearch Technical requirements Getting insights from data using aggregations Managing the life cycle of time series data The usefulness of data over time Index Lifecycle Management Using data streams to manage time series data Manipulating incoming data with ingest pipelines Common use cases for ingest pipelines Responding to changing data with Watcher Getting started with Watcher Common use cases for Watcher Summary Chapter 5: Running Machine Learning Jobs on Elasticsearch Technical requirements The value of running machine learning on Elasticsearch Preparing data for machine learning jobs Machine learning concepts Looking for anomalies in time series data Looking for anomalous event rates in application logs Looking for anomalous data transfer volumes Comparing the behavior of source IP addresses against the population Running classification on data Predicting maliciously crafted requests using classification Inferring against incoming data using machine learning Summary Chapter 6: Collecting and Shipping Data with Beats Technical requirements Introduction to Beats agents Collecting logs using Filebeat Using Metricbeat to monitor system and application metrics Monitoring operating system audit data using Auditbeat Monitoring the uptime and availability of services using Heartbeat Collecting network traffic data using Packetbeat Summary Chapter 7: Using Logstash to Extract, Transform, and Load Data Technical requirements Introduction to Logstash Understanding how Logstash works Configuring your Logstash instance Running your first pipeline Looking at pipelines for real-world data-processing scenarios Loading data from CSV files into Elasticsearch Parsing Syslog data sources Enriching events with contextual data Aggregating event streams into a single event Processing custom logs collected by Filebeat using Logstash Summary Chapter 8: Interacting with Your Data on Kibana Technical requirements Getting up and running on Kibana Solutions in Kibana Kibana data views Visualizing data with dashboards Creating data-driven presentations with Canvas Working with geospatial datasets using Maps Responding to changes in data with alerting The anatomy of an alert Creating alerting rules Summary Chapter 9: Managing Data Onboarding with Elastic Agent Technical requirements Tackling the challenges in onboarding new data sources Unified data collection using a single agent Managing Elastic Agent at scale with Fleet Agent policies and integrations Setting up your environment Preparing your Elasticsearch deployment for Fleet Setting up Fleet Server to manage your agents Collecting data from your web server using Elastic Agent Using integrations to collect data Summary Section 3: Building Solutions with the Elastic Stack Chapter 10: Building Search Experiences Using the Elastic Stack Technical requirements An introduction to full-text searching Analyzing text for a search Running searches Implementing features to improve the search experience Autocompleting search queries Suggesting search terms for queries Using filters to narrow down search results Paginating large result sets Ordering search results Putting it all together to implement recipe search functionality Summary Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack Technical requirements An introduction to observability Metrics Logs Traces Synthetic and real user monitoring Observing your environment Infrastructure-level visibility Platform-level visibility Host- and operating system-level visibility Monitoring your software workloads Leveraging out-of-the-box content for observability data Instrumenting your application performance Configuring APM to instrument your code Summary Chapter 12: Security Threat Detection and Response Using the Elastic Stack Technical requirements Building security capability to protect your organization Confidentiality Integrity Availability Building a SIEM for your SOC Collecting data from a range of hosts and source systems Monitoring and detecting security threats in near real time Allowing analysts to work and investigate collaboratively Applying threat intelligence and data enrichment to contextualize your alerts Enabling teams to hunt for adversarial behavior in the environment Providing alerting, integrations, and response actions Easily scaling with data volumes over suitable data retention periods Leveraging endpoint detection and response in your SOC Malware Ransomware Memory threats Malicious behavior Summary Chapter 13: Architecting Workloads on the Elastic Stack Architecting workloads on Elastic Stack Designing for high availability Scaling your workloads with your data Recovering your workloads from disaster Securing your workloads on Elastic Stack Architectures to handle complex requirements Federating searches across different Elasticsearch deployments Replicating data between your Elasticsearch deployments Using tiered data architectures for your deployment Implementing successful deployments of the Elastic Stack Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Getting Started with Elastic Stack 8.0: Run powerful and scalable data platforms to search, observe, and secure your organization
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.