Registration is open - Live, Instructor-led Online Classes - Elasticsearch in March - Solr in April - OpenSearch in May. See all classes


Elasticsearch for Logging

Ship and analyze time-series data

If you are looking to learn about Beats, Logstash, Kibana, and other tools from the ecosystem, this Elasticsearch class will teach you how to set up and use Kibana and Timelion, build different types of visualizations, create dashboards, dig in with sub-aggregations, and use Kibana to search through data.

Your trainer is an active Elasticsearch consultant who worked with clients from 20+ different industries and the author of Elasticsearch in Action.

See Course Outline

Here are some problems Radu Gheorghe, your Elasticsearch trainer, solved for Sematext clients recently:

  • Improved search relevancy using Learning to Rank
  • Optimized multiple petabyte-scale clusters. Some up to 400 nodes.
  • Designed Elasticsearch index and cluster architecture for dozens of clients
  • Optimized log ingestion pipelines to parse and enrich 100K+ events/second
  • Helped clients reduce production Elasticsearch and ingestion pipeline costs by as much as 10x

Why attend?

  • Small, interactive, instructor-led classes
  • Lots of hands-on exercises
  • Customized learning experience
  • More flexible - no need to travel
  • Certificate of Completion included

Attendees come in highly motivated, making the class feel more “alive” than I expected. They constantly look for takeaways to improve their setup, from tweaking a boost to changing the sharding strategy. Their use-cases are very diverse, too, so we end up covering a lot of material.

Radu Gheorghe Radu Gheorghe
Sematext Elasticsearch Training Instructor

What's Included

  • 8-hour online training
  • A digital copy of the training material
  • Docker Compose files, configs, scripts, etc.
  • Certificate of Completion

Next Class To be announced

Upcoming Classes

Price To be announced

Register Now

Who should attend?

This Elasticsearch course is designed for technical attendees with basic Elasticsearch experience, as we’ll focus on the tooling around Elasticsearch. A person should be able to index data to Elasticsearch, run queries and aggregations, work with mappings and analysis.

Experience with Linux systems is not a must, but a basic familiarity with running shell commands (e.g., using curl command) will make the course more enjoyable. If you do not have prior Elasticsearch experience, we strongly suggest you consider attending our Intro to Elasticsearch class first.

For running a logging setup in production, with a non-trivial volume of logs, one needs a good understanding of performance, scaling, monitoring and administering the components involved. While we cover these aspects for ETL tools (Logstash, Logagent, etc) here, the equivalent Elasticsearch part is covered in our Elasticsearch Operations course.

What attendees say

Sematext was an ideal training partner for We had just recently adopted Elasticsearch on a new project, and they gave us two days of solid training that was tailored to our team’s needs. The material was built atop strong foundations and moved quickly into advanced areas around querying, Lucene internals, and cluster performance. It was clear that it was all informed by real-world experience operating these systems at scale.

Andrew Montalenti Andrew Montalenti
CTO/Founder –

Not your typical by-the-book training. Radu was engaging and was a great guide in our journey through Elasticsearch.

Chris Hirsch Chris Hirsch
Staff Engineer - Wayfair

I had to leave before the last class ended unfortunately. But had I been there I would have given you a mini-speech to tell you how awesome you were! ☺️

Thank you so much for being such a fantastic, patient, and effective instructor throughout this 4-day training. Personally, I appreciated the clarity and expertise in the material and the class.
I also thought the class was meticulously structured over the 4 days, each day not feeling too long, and with the right number of breaks - this made me feel like I had the capacity to learn the things planned for the day without feeling too overwhelmed. Having the course material is great for the team to revisit later.

Overall, we really felt like we learned a lot. To put it in perspective, <name redacted for privacy> (who worked with <name redacted> and <name redacted>) already applied some of the lessons from the training in one of our customer throughput issues today. A big progress for the team. And, I am sure we will continue to apply in the future too – I just want you to know that you have clearly influenced us ☺️

Engineering Manager, Search-Infra at Twitter

Be the first to hear about upcoming classes by signing up to our mailing list

Sematext Training Courses

Course Outline

Basic setup: a faster, distributed grep
  • Kibana installation and index patterns
  • Discover tab and saved searches
  • Logstash installation
  • Logstash configuration
  • Lab
    • Index apache logs with Logstash
    • Set up Kibana, run and save searches
Making use of structured logging
  • Logstash’s popular plugins
  • Vizualize. Types of visualizations
  • Building dashboards
  • Lab
    • Configure Logstash to parse and enrich Apache logs
    • Search in fields, using ranges and wildcards
    • Build different types of visualizations and set up a dashboard
Advanced visualizations
  • Searching across multiple clusters
  • Timelion charts and sheets
  • Cumulative metrics
  • Working with multiple time series
  • Customizing Timelion charts
  • Dealing with missing data points
  • Removing noise
  • Lab
    • Set up various Timelion charts
Tuning the ingestion pipeline
  • Pipeline patterns
  • Logstash tunables
  • Filebeat installation and configuration
  • Filebeat configuration
  • Filebeat tunables
  • Metricbeat and Filebeat modules
  • Installing and configuring Logagent
  • Parsing files
  • Lab
    • Tune Logstash for throughput
    • Use Kafka as a buffer
    • Ship logs via Filebeat
    • Parse and ship logs via Logagent
Scaling out the pipeline
  • Sending logs directly to Elasticsearch
  • Sending through Logstash
  • Sending through Logagent
  • General decision points and tradeoffs
  • Lab
    • Parse and ship logs via Filebeat and Ingest node
    • Parse and ship logs via Filebeat and Logstash
    • Use Kafka as a buffer between Filebeat and Logstash
    • Send syslog to Logagent via UDP, parse them and ship to Elasticsearch

Main Topics

  • Kibana searches, visualizations, dashboarding, Timelion
  • Logstash configuration: parsing logs, configuring plugins and pipelines
  • Using Filebeat and Metricbeat to push logs and metrics to Elasticsearch
  • Using Logagent for flexible and efficient log parsing
  • Optimizing pipeline designs; using Kafka as a central buffer

Course key takeaways

After taking this course you will know how to:

  • Set up and use Kibana and Timelion
  • Build different types of visualizations
  • Create dashboards, dig in with sub-aggregations, and use Kibana to search through data.

Things to remember

  • Participants must use their own computer with OSX, Linux, or Windows, with a recent version of Java installed.
  • Participants should be comfortable using a terminal/command line.

Sematext provides:

  • A digital copy of the training material
  • A VM with all configs, scripts, exercises, etc.

Need On-Site or Remote Training

Get in touch with us