You're reading from Getting Started with Elastic Stack 8.0 Run powerful and scalable data platforms to search, observe, and secure your organization

Product type Paperback

Published in Mar 2022

Publisher Packt

ISBN-13 9781800569492

Length 474 pages

Edition 1st Edition

Tools

Elasticsearch

Concepts

Enterprise Search

Author (1):

Asjad Athick

View More author details

Table of Contents (18) Chapters

Preface

1. Section 1: Core Components

2. Chapter 1: Introduction to the Elastic Stack FREE CHAPTER

3. Chapter 2: Installing and Running the Elastic Stack

4. Section 2: Working with the Elastic Stack

5. Chapter 3: Indexing and Searching for Data

6. Chapter 4: Leveraging Insights and Managing Data on Elasticsearch

7. Chapter 5: Running Machine Learning Jobs on Elasticsearch

8. Chapter 6: Collecting and Shipping Data with Beats

9. Chapter 7: Using Logstash to Extract, Transform, and Load Data

10. Chapter 8: Interacting with Your Data on Kibana

11. Chapter 9: Managing Data Onboarding with Elastic Agent

12. Section 3: Building Solutions with the Elastic Stack

13. Chapter 10: Building Search Experiences Using the Elastic Stack

14. Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack

15. Chapter 12: Security Threat Detection and Response Using the Elastic Stack

16. Chapter 13: Architecting Workloads on the Elastic Stack

17. Other Books You May Enjoy

Solutions built on the stack

As described previously, the Elastic Stack provides access to core components for search, visualization, and ingestion. These components can be used to solve a wide array of data-related problems, and it was up to the users of the products to create these solutions in the past. Over the last couple of releases, Elastic has moved to provide more out-of-the-box solutions built on top of the core components of the stack. Elastic provides solutions for Enterprise Search-, Security-, and Observability-related use cases at the time of writing. Users are free to build on top of the solutions on offer or build their own solutions for other use cases.

Enterprise Search

The Enterprise Search offering by Elastic provides access to an array of features to make it as easy and seamless as possible to add search functionality for your application, website, or workplace. Let's take a look:

The App Search product provides access to user-friendly APIs for developers to index and search through data, with an emphasis on relevant, tolerant, and insightful searches. Relevance improves the overall quality of the results that the user sees. Being tolerant of typos and providing result suggestions makes it easy for users to use the search application itself.
The Site Search product makes it easy for you to add search to your public website. Site Search is a SaaS service that comes with a web crawler for discovering and indexing your web-facing content. The Site Search APIs can then be used to power your search functionality. You can either implement your own frontend to integrate with the APIs or use one of the sample frontend applications provided.
The Workplace Search product makes it easy and convenient for you to make your organizational content searchable. This can include sources such as email, instant messaging, document sharing and collaboration tools, customer relationship management platforms, and code collaboration platforms. Performing unified searches across disparate internal data sources can help improve team productivity and efficiency.

Security

The Security offering from Elastic builds on top of the solid foundation of the big data search, exploration, and visualization capabilities Kibana has offered for a long time. Elastic Security offers features for implementing security analytics capabilities using a SIEM solution, as well as EDR capabilities:

The SIEM product enables security analysts and practitioners to easily analyze and visualize data. SIEM comes with threat hunting and investigation tools, as well as a framework for implementing threat detections and responding to alerts. The SIEM app leverages ECS, allowing it to work with all types of data, from the Elastic Endpoint Security agent to Beats collecting data from various sources, to your own ECS-compliant data sources.
The Endpoint Security product is an agent-based malware detection, prevention, and response capability that protects hosts across your network from attacks. Endpoint Security also provides visibility into the environment by collecting host-based telemetry for visualization and more complex analytics on Elasticsearch and the SIEM app.

Observability

The Observability solution provides features that help developers and engineers gain better visibility and insight into the performance and operation of their applications and infrastructure.

The observability solution is comprised of the Logs, Metrics, Uptime, and APM apps on Kibana:

The Logs app displays application events such as trace/info/error logs, which can indicate issues in your application or platform.
The Metrics app puts the measurements that have been obtained from the application or its components in graphs to help the engineer understand the workload it is running.
The Uptime app visualizes service or endpoint uptime and latency metrics to help engineers spot issues with application availability or health.
The APM app allows you to instrument custom application code as it runs so that you can collect data on aspects such as slow functions/sub-routines and usage patterns that can lead to degrading performance or application crashes.