Kibana and Logstash Fundamentals

Upcoming Elasticsearch Classes 2019

Mar 5, 2019$200 / person Only $180 / person before Feb 6thRegister Now
May 7, 2019$200 / person Only $180 / person before 6th AprRegister Now
Sept 17, 2019$200 / person Only $180 / person before 20 JulyRegister Now
Dec 3, 2019$200 / person Only $180 / person before 30 SeptRegister Now


Radu Gheorghe

This course will get you started with Logstash and Kibana, so you can build an ELK stack. You will learn all the important information about ELK functionality, from parsing logs to building dashboards. This Elasticsearch online class is taught by Radu Gheorghe, a seasoned Elasticsearch instructor, and consultant from Sematext, author of “Elasticsearch in Action”, and frequent conference speaker.

Who Should Attend

This course is designed for anyone who wants to understand how Logstash and Kibana work, or wants to set up an in-house ELK stack.

Why Attend

This class is a quick yet deep dive on both Logstash and Kibana, so you know how to build a complete logging solution on top of Elasticsearch. Further benefits:

  • A customized learning experience, targeted for solving specific use-cases
  • Classes are instructor-led and exercises are derived from years of working with clients.
  • Small class sizes allowing for more interaction and more time to discuss what matters to you in practice.
  • More flexible – no need to travel, a short class is easier to fit in your schedule
  • Same high-quality instruction as our public or private Elasticsearch classes

Course Outline

  1. Basic setup: a faster, distributed grep on top of Elasticsearch
    • Setting up Kibana
    • Index patterns and saved fields
    • Kibana’s Discover pane: running full text search on your logs
    • Saved searches
    • Setting up Logstash: which options you have in terms of packaging and configuration
    • Configuring Logstash to read data and send it to Elasticsearch
    • Lab
      • Indexing data with Logstash
      • Searching through the indexed data with Kibana
      • Search syntax basics
  2. Using structured logging for more precise searches and meaningful visualizations
    • Reading data from files or over the network
    • Using Kafka as a central buffer to scale multiple Logstash instances
    • Using Logstash to reindex Elasticsearch documents
    • Using grok or dissect to parse unstructured data. Advantages & disadvantages of both
    • Enriching data with GeoIP information or from external sources
    • Using the mutate filter to change fields of your structured event
    • Parsing various date formats
    • Using conditionals in Logstash configuration
    • Visualizations in Kibana: line, area and pie charts, metrics, etc
    • When to use which visualization to derive insights from your data
    • Building dashboards with saved visualizations
    • Lab
      • Parse and enrich Apache logs with Logstash
      • Searching in specific fields with Kibana
      • Saved searches and visualizations
      • Building custom dashboards

Things to Remember

For the online training, all participants must use their own computer with OSX, Linux, or Windows, with the latest version of Docker installed. A modern browser is needed to join the virtual classroom, as well as a working headset, microphone and camera.

Participants should also be comfortable using a terminal/command line. Sematext provides:

  • A digital copy of the training material, including exercises
  • An archive with Docker Compose files, configs, scripts, etc.