Elastic Stack

Overview

The Elastic Stack, formerly known as ELK, is a software suite composed of the following core components:

• the Elasticsearch search engine and indexer;
• the Logstash client;
• the Kibana web dashboard.

A typical installation might also feature:

• the X-Pack security, machine learning and monitoring plugin collection;
• several Beats lightweight data shippers.

Documentation

• Elasticsearch: The Definitive Guide
• Exploring Elasticsearch
• The complete guide to the ELK stack - Logz.io

Setup

Security

The X-Pack plugin comes with a subscription plan and a 30-day trial license:

• Subscriptions
• License expiration
• After X-Pack license expiration - Elastic forum

Once the license has expired, a number of features become unavailable, among which is user management (authentication, authorization).

This limitation can be circumvented by serving the Elastic Stack services behind a reverse HTTP proxy, using Basic Authentication features to manage user authentication and provide simple authorization:

• Playing HTTP Tricks with Nginx

Cluster management

• Pending tasks
• Pending cluster tasks
• How to monitor Elasticsearch performance

Community

• /r/elastic
• /r/elasticsearch
• /r/logstash
• /r/kibana

Real-world use cases

Elastic highlights

• Use cases
• Uses of Elasticsearch, and Things to Learn
• Dealing with Human Language
• Using Elastic Graph + Kibana to Analyze Panama Papers
• Introducing Machine Learning for the Elastic Stack

Community resources

• What are use cases of Elasticsearch? - Quora
• Engineering Uber Predictions in Real Time with ELK - Uber Engineering Blog
• How to use Elasticsearch for Natural Language Processing and Text Mining - Dataconomy

Tutorials and examples

ELK Hello World Example

• Logstash setup
• Elasticsearch setup
• Kibana setup

Apache HTTPD 2.4 logs

• How to Use Elasticsearch, Logstash, and Kibana to Manage Apache Logs
• Logstash basic configuration examples
• Logstash patterns for HTTPD logs

Kibana visualizations

• Creating the perfect Kibana dashboard

Python bindings

• elasticsearch-py low-level API
• elasticsearch-dsl high-level Domain-Specific Language (DSL)
• Having fun: Python and Elasticsearch, Part 1, Part 2, Part 3