ELK and X-Pack


ElasticSearch is one of the leading search platforms. With LogStash, added for log collection, and Kibana for the dashboard, it becomes ELK, a popular log collection and analysis tool. The (licensed) X-pack brings together security, monitoring, and machine learning. All together, these components provide a platform for industrial search applications, and all of them are covered in this course.

This course is intended for architects, developers, and administrators who are want to build versatile search solutions. It gives them a practical level of experience, achieved through a combination of 50% lecture and 50% lab work.


Architects, Developers, Administrators


4 days


  • be able to navigate Linux command lines
  • basic knowledge of command line Linux editors (VI / nano)

Lab environment

Working environment will be provided for students. Students would only need an SSH client and a browse.
Zero Install: There is no need to install software on students’ machines.

Course Outline:


    • Elasticsearch functionality
    • Indexing, updating, and deleting data
    • Searching your data
    • Analyzing your data
    • Searching with relevancy
    • Exploring your data with aggregations
    • Relations among documents
    • Scaling out
    • Improving performance
    • Cluster administration

Deep-down: Lucene

    • Lucene as a search library
    • Lucene for developers

Scale-out analytics

    • Search and Big Data
    • Elasticsearch with Spark analytics


    • Shipping, Filtering, and Parsing Events with Logstash
    • Extending Logstash
    • Creating, Indexing, and Deleting Data
    • Searching Data
    • Mapping and Analysis
    • Data Exploration with Aggregates


    • Data Visualization
    • The Kibana Dashboard
    • Designing for Scale
    • The ELK Stack in Production
    • Use cases


    • What’s in X-Pack
    • Security
    • Monitoring
    • Alerting and Notification
    • Reporting
    • Graph
    • Machine Learning