The Elastic Stack consists of Elasticsearch, Logstash, and Kibana, which together form the ELK Stack. Elasticsearch is an open source search engine developed by Shay Banon, with an easy-to-use web interface that provides excellent flexibility through plugins that expand the functionality of a wide range of applications. Because it is open source, it is easily accessible to everyone, and user input provides great feedback for ongoing, constant improvement of the product. Elasticsearch can be used for everything from simple to complex searches. For example, a simple search for old maps could involve counting the number of cartographers, or studying cartographers' products, or analyzing map contents. Many criteria can be used for searches, for a wide range of purposes.
Elasticsearch supports multi-tenancy, meaning it can store multiple indices on a server, and information can be retrieved from multiple indices using a single query. It uses documents with JSON format; for requests, responses, and during transfer, they are automatically indexed. In this chapter, we are going to cover the following topics:
- Brief history and background
- Why use Elasticsearch?
- What is log analysis?
- Elastic Stack architecture
- Use cases of the Elastic Stack
