Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Mastering Elastic Stack
Mastering Elastic Stack

Mastering Elastic Stack: Dive into data analysis with a pursuit of mastering ELK Stack on real-world scenarios.

eBook
$9.99 $47.99
Paperback
$60.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Mastering Elastic Stack

Chapter 1. Elastic Stack Overview

It's as easy to read a log file of a few MBs or hundreds as it is to keep data of this size in databases or files and still get sense out of it. But then a day comes when this data takes up terabytes, petabytes and grows even faster in future. As data demand pushes, normal text editors or word processing tools would refuse to cope up and would not be able to open such a large dataset. There would be a need to analyze the raw data which can be used to discover insights. You start to find something for huge log management, or something that can index the data properly and make sense out of it. If you Google this, you will stumble upon ELK Stack. Elasticsearch manages your data, Logstash reads the data from different sources, and Kibana makes a fine visualization of it.

Recently, ELK Stack has evolved as Elastic Stack. We will get to know more about it in this chapter, along with setting it up. The following are the points that will be covered in this chapter:

  • Introduction to ELK Stack
  • The birth of Elastic Stack
  • Who uses the Stack
  • Stack competitors
  • Setting up Elastic Stack
  • X-Pack

Introduction to ELK Stack

It all began with Shay Banon, who started an open source project called Elasticsearch, successor of Compass, which gained popularity as one of the top open source database engines. Later, based on the distributed model of working, Kibana was introduced, to visualize the data present in Elasticsearch. Earlier, to put data into Elasticsearch, we had Rivers, which provided us with a specific input via which we inserted data into Elasticsearch.

However, with growing popularity, this setup required a tool via which we could insert data into Elasticsearch and have flexibility to perform various transformations on data (to make unstructured data structured and have full control on how to process the data). Based on this premise, Logstash was born, which was then incorporated into the Stack, and together these three tools, Elasticsearch, Logstash, and Kibana were named ELK Stack.

The following diagram is a simple data pipeline using ELK Stack:

Introduction to ELK Stack

As we can see from the preceding figure, data is read using Logstash and indexed to Elasticsearch. Later, we can use Kibana to read the indices from Elasticsearch and visualize it using charts and lists. Let's understand these components separately, and the role they play in the making of the Stack.

Logstash

As mentioned earlier, Rivers were initially used to put data into Elasticsearch before ELK Stack. For ELK Stack, Logstash is the entry point for all types of data. Logstash has so many plugins to read data from a number of sources, and so many output plugins to submit data to a variety of destinations - one of those is the Elasticsearch plugin, which helps to send data to Elasticsearch.

After Logstash became popular, Rivers eventually got deprecated, as they made the cluster unstable and also performance issues were observed.

Logstash does not just ship data from one end to another; it helps us with collecting raw data and modifying/filtering it to convert it to something meaningful, formatted, and organized. The updated data is then sent to Elasticsearch. If there is no plugin available to support reading data from a specific source, writing the data to a location, or modifying it in your own way, Logstash is flexible enough to allow you to write your own plugins.

Simply put, Logstash is open source, highly flexible, rich with plugins and can read your data from your choice of location. It normalizes data as per your defined configurations, and sends it to a particular destination, as per the requirements.

We will be learning more about Logstash in Chapter 3, Exploring Logstash and Its Plugins and Chapter 7, Customizing Elastic Stack.

Elasticsearch

All of the data read by Logstash is sent to Elasticsearch for indexing. Elasticsearch is not only used to index data, it is also full-text search engine, highly scalable, distributed, and offers many more things too. Elasticsearch manages and maintains your data in the form of indices and offers you to query, access, and aggregate the data using its APIs. Elasticsearch is based on Lucene, thus providing you all of the features that Lucene does.

We will be learning more about Elasticsearch in Chapter 2, Stepping into Elasticsearch, Chapter 7, Customizing Elastic Stack, and Chapter 8, Elasticsearch APIs.

Kibana

Kibana uses Elasticsearch APIs to read/query data from Elasticsearch indices, to visualize and analyze in the form of charts, graphs and tables. Kibana is in the form of a web application, providing you with a highly configurable user interface that lets you query the data, create a number of charts to visualize, and make actual sense out of the data stored.

We will be learning more about Kibana in Chapter 4, Kibana Interface and Chapter 7, Customizing Elastic Stack.

After a robust ELK Stack, as time passed, a few important and complex demands took place, such as authentication, security, notifications, and so on. This demand led to the development of a few other tools such as Watcher (providing alerts and notifications based on changes in data), Shield (authentication and authorization for securing clusters), Marvel (monitoring statistics of the cluster), ES-Hadoop, Curator, and Graph, as requirements arose.

The birth of Elastic Stack

All the jobs of reading data were once done using Logstash, but that's resource consuming. Since Logstash runs on JVM, it consumes a good amount of memory. The community realized the need for improvement and to make the pipelining process resource friendly and lightweight. In 2015, Packetbeat was born, a project which was an effort to make a network packet analyzer that could read from different protocols, parse the data, and ship to Elasticsearch. Being lightweight in nature did the trick and a new concept of Beats was formed. Beats are written in Go programming language. The project evolved, and now ELK stack was no more just Elasticsearch, Logstash, and Kibana;  Beats also became a significant component.

The pipeline now looked as follows:

The birth of Elastic Stack

Beat

A Beat reads data, parses it, and can ship it to either Elasticsearch or Logstash. The difference is that they are lightweight, serve a specific purpose, and are installed as agents. There are a few Beats available such as Metricbeat, Filebeat, Packetbeat, and so on, which are supported and provided by the Elastic Team and a good number of Beats are already written by the community. If you have a specific requirement, you can write your own Beat using the libbeat library.

In simple words, Beats can be treated as very lightweight agents to ship data to either Logstash or Elasticsearch, offering you an infrastructure using the libbeat library to create your own Beats.

We will be learning more about Beats in Chapter 5, Using Beats and Chapter 7, Customizing Elastic Stack.

Together Elasticsearch, Logstash, Kibana, and Beats became Elastic Stack, formally known as ELK Stack. Elastic Stack did not just add Beats to its team; they will be using the same version always. The starting version of the Elastic Stack will be 5.0.0 and the same version will apply to all the components.

This version and release method is not only for Elastic Stack, but for other tools of the Elastic family as well. Due to there being so many tools, there was a problem of unification, wherein each tool had their own version, and every version was not compatible with each other, hence leading to a problem. To solve this, all of the tools will now be built, tested, and released together.

All of these components play a significant role in creating a pipeline. While Beats and Logstash are used to collect the data, parse it, and ship it, Elasticsearch creates indices, which is finally used by Kibana to make visualizations. While Elastic Stack helps with a pipeline, other tools add security, notifications, monitoring, and other such capabilities to the setup.

Who uses Elastic Stack?

In the past few years, implementations of Elastic Stack have been increasing very rapidly. In this section, we will consider a few case studies to understand how Elastic Stack has helped this development.

Salesforce

Salesforce developed a new plugin named ELF (Event Log Files) to collect Salesforce logged data to, enable auditing of user activities. The purpose was to analyze the data to understand user behavior and trends in Salesforce.

The plugin is available on GitHub at https://github.com/developerforce/elf_elk_docker.

ELF is an abbreviation for Event Log Files. This plugin simplifies the Stack configuration and allows to download Event Log Files to get indexed and finally make sense of the  data by visualizing it using Kibana. This implementation utilizes Elasticsearch, Logstash and Kibana.

CERN

There is not just one use case that Elastic Stack helped CERN (European Organization for Nuclear Research), but five. At CERN, Elastic Stack is used for the following:

  • Messaging
  • Data monitoring
  • Cloud benchmarking
  • Infrastructure monitoring
  • Job monitoring

Multiple Kibana dashboards are used by CERN for a number of visualizations.

Green Man Gaming

Green Man Gaming is an online gaming platform where game providers publish their games. The website wanted to make a difference by proving better gameplay. They started using Elastic Stack to carry out log analysis, search, and analysis of gameplay data.

They began with setting up Kibana dashboards to gain insights about the counts of gamers, by the country and currency used by gamers. This helped them to understand and streamline support and help in order to provide an improved response.

Apart from these case studies, Elastic Stack is used by a number of other companies to gain insights into the data they own. Sometimes, not all of the components are used; that is, not all of the times a Beat would be used and Logstash would be configured. Sometimes, only an Elasticsearch and Kibana combination is used.

If we look at the users within the organization, all of the titles who are expected to do big data analysis, business intelligence, data visualizations, log analysis, and so on, can utilize Elastic Stack for their technical forte, for example data scientists, devops, and so on.

Stack competitors

Well, it would be wrong to call for Elastic Stack Competitors because Elastic Stack has been emerged as a strong competitor to many other tools in the market in recent years and is growing rapidly. Few of these are:

Most of these compare with respect to log management, while Elastic Stack is much more than that. It offers you the ability to analyze any type of data, not just logs.

Setting up Elastic Stack

In this section, we will install all four components of Elastic Stack on two popular operating systems - Microsoft Windows and Ubuntu. As a pre-requisite for installation of Elasticsearch or Logstash, Java should be installed. In case you have Java installed you can skip the Installation of Java section.

Installation of Java

In this section, JDK needs to be installed for accessing Elasticsearch. Oracle Java 8 (Oracle JDK version 1.8.0_73 onwards) should be installed, as it is the recommended version for Elasticsearch 5.0.0 onwards.

Installation of Java on Ubuntu 14.04

Install Java 8 using terminal and apt package in the following manner:

  1. Add Oracle Java PPA (Personal Package Archive) to apt repository list:
            sudo add-apt-repository -y ppa:webupd8team/java

    Note

    In this case, we use a third-party repository. It does not violate the Oracle Java Rules by not including Java binaries; instead this PPA directly downloads Java Binaries from Oracle and installs the binaries.

    You will be prompted to enter a password after running sudo command (unless you are not logged into as root) and you would receive OK on successful addition to repository, which indicates repository has been imported.

  2. Update the apt package database to include all the latest files under the packages:
            sudo apt-get update
    
  3. Install the latest version of Oracle Java 8:
           sudo apt-get -y install oracle-java8-installer
    
    

    Also during installation, you will be prompted to accept the license agreement which pops up as shown in the following screenshot:

    Installation of Java on Ubuntu 14.04

  4. To check whether Java has successfully installed, type the following command into the terminal:
            java -version
    
    

    Installation of Java on Ubuntu 14.04

The preceding screenshot signifies Java has installed successfully.

Installation of Java on Windows

We can install Java on windows by going through the below steps:

  1. Download the latest version of Java JDK from Sun Microsystems site using the following link:

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

    Upon opening the link click on the Download button of JDK to download.

    You will be redirected to the download page - first click on the Accept License Agreement radio button, then click on your Windows version (use x86 for 32-bit or x64 for 64-bit) to download the EXE file.

  2. Double click on installation file and it will open as an installer.
  3. Click on Next followed by accepting license by reading it, and keep clicking next until it shows JDK has successfully installed.
  4. Now for running Java in windows, you need to set the path of JAVA in the environment variable settings of Windows. Firstly open properties of My Computer. Select Advanced system settings and then click on the Advanced tab wherein you will click environment variables options as shown in the following screenshot:

    After opening environment variables, click on New (under System Variables) and give the variable name as JAVA_HOME and variable value as C:\Program Files\Java\jdk1.8.0_74. (Do check in your system where jdk has been installed and provide that path):

    Installation of Java on Windows

    Then double click Path variable (under System Variables) and move towards the end of the text box - insert a semi colon if not inserted and add the location of the bin folder of JDK such as: %JAVA_HOME%\bin. Then click on OK to all the windows opened.

    Note

     Do not delete anything within the path variable textbox.

  5. To validate whether Java is successfully installed, type the following command in command prompt:
    java -version
    

    Installation of Java on Windows

    The preceding screenshot signifies Java has installed successfully.

Installation of Elasticsearch

In this section, Elasticsearch v5.1.1 installation will be covered for Ubuntu and Windows separately.

Installation of Elasticsearch on Ubuntu 14.04

In order to install Elasticsearch on Ubuntu, refer to the following steps:

  1. Download Elasticsearch 5.1.1 as a debian package using terminal:
            wget https://artifacts.elastic.co
            /downloads/elasticsearch/elasticsearch-5.1.1.deb
    
  2. Install the debian package using following command:
            sudo dpkg -i elasticsearch-5.1.1.deb
    

    Note

    Elasticsearch will be installed in /usr/share/elasticsearch directory. The configuration files will be present at /etc/elasticsearch. The init script will be present at /etc/init.d/elasticsearch. The log files will be present within /var/log/elasticsearch directory.

  3. Configure Elasticsearch to run automatically on bootup . If you are using SysV init distribution, then run the following command:
            sudo update-rc.d elasticsearch defaults 9510
    
    

    The preceding command will print on screen:

            Adding system startup for,  /etc/init.d/elasticsearch
    

    Check status of Elasticsearch using following command:

           sudo service elasticsearch status
    

    Run Elasticsearch as a service using following command:

             sudo service elasticsearch start
    

    Note

    Elasticsearch may not start if you have any plugin installed which is not supported in ES-5.0.x version onwards. As plugins have been deprecated, it is required to uninstall any plugin if exists in prior version of ES. Remove a plugin after going to ES Home using following command:  bin/elasticsearch-plugin remove head

    Usage of Elasticsearch command:

           sudo  service elasticsearch {start|stop|restart|force-reload|status}
    

    If you are using systemd distribution, then run following command:

            sudo /bin/systemctl daemon-reload
            sudo /bin/systemctl enable elasticsearch.service
    
    

    To verify elasticsearch installation open open http://localhost:9200 in browser or run the following command from command line:

           curl -X GET http://localhost:9200
    
    

    Installation of Elasticsearch on Ubuntu 14.04

Installation of Elasticsearch on Windows

In order to install Elasticsearch on Windows, refer to the following steps:

  1. Download Elasticsearch 5.1.1 version from its site using the following link:

    https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.1.1.zip

    Upon opening the link, click on it and it will download the ZIP package.

  2. Extract the downloaded ZIP package by unzipping it using WinRAR, 7-Zip, and other such extracting softwares (if you don't have one of these then download it).

    This will extract the files and folders in the directory.

  3. Then click on the extracted folder and navigate the folder to reach inside the bin folder.
  4. Click on the elasticsearch.bat file to run Elasticsearch.

    Note

    If this window is closed Elasticsearch will stop running, as the node will shut down.

  5. To verify Elasticsearch installation, open http://localhost:9200 in the browser:

Installation of Elasticsearch as a service

After installing Elasticsearch as previously mentioned, open Command Prompt after navigating to the bin folder and use the following command:

elasticsearch-service.bat install 

Usage: elasticsearch-service.bat install | remove | start | stop | manager

Installation of Kibana

This section covers installation of Kibana 5.1.1 on Ubuntu and Windows separately, before running Kibana, there are some prerequisites:

  • Elasticsearch should be installed and running on port 9200 (default port).
  • Make sure the port on which Kibana is running is not being used by any other application. By default, Kibana runs on port 5601.

Installation of Kibana on Ubuntu 14.04

In order to install Kibana on Ubuntu, refer to the following steps:

  1. Before installing Kibana, please check whether your system is 32 bit or 64 bit which can be done using the following command:
         uname -m
    

    If it gives an output as x86_64 it means it is 64-bit system else, if it gives i686 it means it is a 32-bit system.

  2. Download Kibana 5.1.1 as a debian package using terminal:
    • For 64-bit system:
                    wget https://artifacts.elastic.co/
                   downloads/kibana/kibana-5.1.1-amd64.deb
      
    • For 32-bit system:
                   wget https://artifacts.elastic.co/
                   downloads/kibana/kibana-5.1.1-i386.deb
      
  3. Install the debian package using following command:
    • For 64-bit system:
                    sudo dpkg -i kibana-5.1.1-amd64.deb
      
    •  For 32-bit system:
                    sudo dpkg -i kibana-5.1.1-i386.deb
      

      Note

      Kibana will be installed in /usr/share/kibana directory. The configuration files will be present at /etc/kibana. The init script will be present at /etc/init.d/kibana. The log files will be present within /var/log/kibana directory.

  4. Configure Kibana to run automatically on bootup . If you are using SysV init distribution, then run the following command:
          sudo update-rc.d kibana defaults 9510
    

    The above command will print on screen:

          Adding system startup for /etc/init.d/kibana
    

    Check status of Kibana using following command:

          sudo service kibana status
    

    Run Kibana as a service using following command:

          sudo service kibana start
    

    Usage of Kibana command:

          sudo service kibana {start|force-start|stop|force-stop|status|restart}
    

    If you are using systemd distribution then run following command:

            sudo /bin/systemctl daemon-reload
            sudo /bin/systemctl enable kibana.service
    

    Tip

    If you want to install any other version of Kibana, you can visit the Elastic Team download site and copy the debian package link and use wget to fetch the package.

  5. To verify Kibana installation open http://localhost:5601 in the browser:

    Installation of Kibana on Ubuntu 14.04

Installation of Kibana on Windows

In order to install Kibana on Windows, refer to the following steps:

  1. Download Kibana version 5.1.1 from the Elastic website using the following link:

    https://artifacts.elastic.co/downloads/kibana/kibana-5.1.1-windows-x86.zip

    Upon opening the link, click on it and it will download the ZIP package.

  2. Extract the downloaded ZIP package by either it using WinRAR, 7-Zip, or other such software.This will extract the files and folders in the directory.
  3. Then click on the extracted folder and navigate the folder to reach inside the bin folder.
  4. Click on the kibana.bat file to run Kibana.
  5. To verify Kibana installation, open http://localhost:5601 in the browser:

    Installation of Kibana on Windows

Installation of Logstash

In this section, Logstash will be installed. Logstash 5.1.1 will be installed and this section covers installation on Ubuntu and Windows separately.

Installation of Logstash on Ubuntu 14.04

In order to install Logstash on Ubuntu, refer to the following steps:

  1. Download Logstash 5.1.1 as a debian package using terminal:
            wget https://artifacts.elastic.co
            /downloads/logstash/logstash-5.1.1.deb
    
  2. Install the debian package using following command:
           sudo dpkg -i logstash-5.1.1.deb
    
    

    Note

    Logstash will be installed in /usr/share/logstash directory. The configuration files will be present at /etc/logstash. The log files will be present within /var/log/logstash directory

  3. Check status of Logstash using following command:
         sudo initcl status logstash
    

    Run Logstash as a service using following command:

            sudo initctl start logstash
    

    Note

    Logstash is installed in location /usr/share/logstash

Installation of Logstash on Windows

In order to install Logstash on Windows, refer to the following steps:

  1. Download Logstash 5.1.1 version from the Elastic site using the following link:

    https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.zip

    Upon opening the link click it to download the ZIP package.

  2. Extract the downloaded ZIP package by unzipping it using WinRar, 7Zip and other such software.

    This will extract the files and folders in the directory.

  3. Then click on the extracted folder and navigate the folder to reach inside the bin folder.
  4. To validate whether Logstash is successfully installed, type the following command into command prompt after navigating to the bin folder:
    logstash --version
    

    This will print the Logstash version installed.

Installation of Filebeat

In this section, Filebeat will be installed. Filebeat 5.1.1 will be installed and this section covers installation on Ubuntu and Windows separately.

Installation of Filebeat on Ubuntu 14.04

In order to install Filebeat on Ubuntu, refer to the following steps:

  1. Before installing Filebeat, please check whether your system is 32 bit or 64 bit which can be done using the following command:
             uname -m
    

    If it gives an output as x86_64 it means it is 64-bit system else, if it gives i686 it means it is a 32-bit system.

  2. Download Filebeat 5.1.1 as a debian package using terminal
    • For 64-bit system:
                      wget https://artifacts.elastic.co
                      /downloads/beats/filebeat/filebeat-5.1.1-amd64.deb
      
    • For 32-bit system:
                     wget https://artifacts.elastic.co
                     /downloads/beats/filebeat/filebeat-5.1.1-i386.deb
      
  3. Install the debian package using following command:
    • For 64-bit system:
                     sudo dpkg -i filebeat-5.1.1-amd64.deb
      
    • For 32-bit system:
                     sudo dpkg -i filebeat-5.1.1-i386.deb
      

      Note

      Filebeat will be installed in /usr/share/filebeat directory. The configuration files will be present at /etc/filebeat. The init script will be present at /etc/init.d/filebeat. The log files will be present within /var/log/filebeat directory.

  4. Configure Filebeat to run automatically on bootup. If you are using SysV init distribution, then run the following command:
            sudo update-rc.d filebeat defaults 95 10
    

    The above command will print on screen:

            Adding system startup for /etc/init.d/filebeat.

    Check status of Filebeat using following command:

            sudo service filebeat status
    

    Run Filebeat as a service using following command:

           sudo service filebeat start
    

    Usage of Filebeat command:

            sudo service filebeat {start|stop|status|restart|force-reload}
    

    Note

    If you run Filebeat as a service, then it will run the /etc/filebeat/filebeat.yml configuration file.

    Tip

    If you want to install any other version of Filebeat, you can visit the Elastic Team download site and copy the debian package link and use wget to fetch the package.

Installation of Filebeat on Windows

In order to install Filebeat on Windows, refer to the following steps:

  1. Before installing Filebeat, please check whether your system is 32 bit or 64 bit which can be done using the following command in command prompt:
            wmic os get osarchitecture
    

    It will give an output as 64-bit or 32-bit.

  2. Download Filebeat 5.1.1 version from Elastic site using the following link:

    Upon opening the link, click on it and it will download the ZIP package.

  3. Extract the downloaded ZIP package by unzipping it using WinRAR, 7-Zip, or other such software:

    This will extract the files and folders in the directory.

  4. Open Windows PowerShell as an administrator (install if not present).
  5. Navigate to the directory where Filebeat is extracted and stored (such as C:\Users\username\Desktop) and run the following command in Windows PowerShell:
    .\install-service-filebeat.ps1
    

    Note

    If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: 

    PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1.

    This will install Filebeat as a Windows service.

X-Pack

Along with Elastic Stack, there are a few more aspects needed taken care of. These are sensitive points such as security, monitoring, alerts, and so on. X-Pack includes five such features:

  • Security
  • Alerts
  • Monitoring
  • Graphs
  • Reporting

Security, alerts, and monitoring were already there with different names: Shield, Watcher, and Marvel, respectively. Now graphs and reporting are also part of the team, and this team is named X-Pack. Just like tools in Elastic Stack, these will also be developed, built, tested, and released together with the same version.

Summary

This chapter is an introductory chapter for Elastic Stack and its components. We learned about how it progressed, what was changed, what was introduced, and how it became Elastic Stack from ELK stack. We got to know about a few of the case studies where these components helped organizations to meet their requirements.

Later in the chapter, we set up Elasticsearch, Logstash, and Kibana, along with Filebeat as a service. Finally, this chapter introduced X-Pack, which will be covered later in this book.

In the next chapter, we will learn about Elasticsearch in detail, APIs, QueryDSL, and so on.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Your one-stop solution to perform advanced analytics with Elasticsearch, Logstash, and Kibana
  • Learn how to make better sense of your data by searching, analyzing, and logging data in a systematic way
  • This highly practical guide takes you through an advanced implementation on the ELK stack in your enterprise environment

Description

Even structured data is useless if it can’t help you to take strategic decisions and improve existing system. If you love to play with data, or your job requires you to process custom log formats, design a scalable analysis system, and manage logs to do real-time data analysis, this book is your one-stop solution. By combining the massively popular Elasticsearch, Logstash, Beats, and Kibana, elastic.co has advanced the end-to-end stack that delivers actionable insights in real time from almost any type of structured or unstructured data source. If your job requires you to process custom log formats, design a scalable analysis system, explore a variety of data, and manage logs, this book is your one-stop solution. You will learn how to create real-time dashboards and how to manage the life cycle of logs in detail through real-life scenarios. This book brushes up your basic knowledge on implementing the Elastic Stack and then dives deeper into complex and advanced implementations of the Elastic Stack. We’ll help you to solve data analytics challenges using the Elastic Stack and provide practical steps on centralized logging and real-time analytics with the Elastic Stack in production. You will get to grip with advanced techniques for log analysis and visualization. Newly announced features such as Beats and X-Pack are also covered in detail with examples. Toward the end, you will see how to use the Elastic stack for real-world case studies and we’ll show you some best practices and troubleshooting techniques for the Elastic Stack.

Who is this book for?

This book cater to developers using the Elastic stack in their day-to-day work who are familiar with the basics of Elasticsearch, Logstash, and Kibana, and now want to become an expert at using the Elastic stack for data analytics.

What you will learn

  • Build a pipeline with help of Logstash and Beats to visualize Elasticsearch data in Kibana
  • Use Beats to ship any type of data to the Elastic stack
  • Understand Elasticsearch APIs, modules, and other advanced concepts
  • Explore Logstash and it's plugins
  • Discover how to utilize the new Kibana UI for advanced analytics
  • See how to work with the Elastic Stack using other advanced configurations
  • Customize the Elastic Stack and plugin development for each of the component
  • Work with the Elastic Stack in a production environment
  • Explore the various components of X-Pack in detail.
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 28, 2017
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781786460011
Vendor :
Elastic
Category :
Concepts :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Feb 28, 2017
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781786460011
Vendor :
Elastic
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 143.97
Learning Elastic Stack 6.0
$38.99
Learning Kibana 5.0
$43.99
Mastering Elastic Stack
$60.99
Total $ 143.97 Stars icon
Banner background image

Table of Contents

12 Chapters
1. Elastic Stack Overview Chevron down icon Chevron up icon
2. Stepping into Elasticsearch Chevron down icon Chevron up icon
3. Exploring Logstash and Its Plugins Chevron down icon Chevron up icon
4. Kibana Interface Chevron down icon Chevron up icon
5. Using Beats Chevron down icon Chevron up icon
6. Elastic Stack in Action Chevron down icon Chevron up icon
7. Customizing Elastic Stack Chevron down icon Chevron up icon
8. Elasticsearch APIs Chevron down icon Chevron up icon
9. X-Pack: Security and Monitoring Chevron down icon Chevron up icon
10. X-Pack: Alerting, Graph, and Reporting Chevron down icon Chevron up icon
11. Best Practices Chevron down icon Chevron up icon
12. Case Study-Meetup Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
(1 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 100%
william a schroeder Jul 27, 2017
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
This book is nothing more than a very thin regurgitation of the documentation on Elastics web site. Do not buy this book you will NOT find it helpful. I want my money back.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela