What Is Elastic Stack?
Get introduced to Elastic Stack and its collection of open-source projects.
We'll cover the following
Elastic Stack
The Elastic Stack, also known as the ELK Stack, is a collection of open-source projects for data ingestion, analysis, search, and visualization. It is composed of several components, including:
-
Kibana: A web-based visualization tool that allows users to create interactive dashboards and visualize data stored in Elasticsearch.
-
Elasticsearch: A powerful and flexible search engine based on the Lucene library. It allows for full-text search and analytics on large datasets.
-
Beats: A data ingestion and transformation pipeline that ingests data from various sources and normalizes it into a standard format for indexing in Elasticsearch.
-
Logstash: A data processing pipeline that ingests data and consists of a family of lightweight data shippers that can send data from various systems and services to Logstash or Elasticsearch.
-
X-Pack: A pack of features that adds additional functionality to the Elastic Stack.
The Elastic Stack is used by companies worldwide, such as Uber, Slack, Microsoft, and Twilio.
Kibana
Kibana is an open front-end application that sits at the top of the Elastic Stack. It is an analytic and visualization platform that lets us easily visualize and analyze our data from Elasticsearch. Kibana is like a dashboard for Elasticsearch and can create visualizations such as bar charts, pie charts, tables, histograms, and maps. Kibana also manages, monitors, and secures the Elastic Stack instances via a web interface.
We can use Kibana for the following cases:
-
Searching and visualizing data in Elasticsearch using a dashboard to support multiple use cases such as:
- Logging and log analytics
- Infrastructure metrics and container monitoring
- Application performance monitoring (APM)
- Geospatial data analysis and visualization
- Security analytics
- Business analytics
-
Monitoring, managing, and securing an Elastic Stack instance.
-
Centralizing access for built-in solutions developed on the Elastic Stack for observability, security, and enterprise search applications.
Here are some examples of Kibana dashboards:
- The following dashboards show revenue charts and include metrics such as total revenue, daily transactions, and others, which are valuable for businesses to monitor and analyze their revenue performance.
- The following web traffic dashboards display key metrics such as website visitors, page views, bounce rates, and others, which are essential for businesses to track and optimize their online presence.
Elasticsearch
Elasticsearch is at the heart of the Elastic Stack and is an open-source full-text search and analytic engine, which Java developed with the help of the Lucene library. It can be used as a search engine for business data and provides the ability to store and analyze any type of data, including textual, numerical, geospatial, structured, and unstructured data. It also has the ability to search on full and miss/typo text.
Logstash
Logstash is an open-source and server-side data processing pipeline that ingests data from multiple sources, transforms it, and sends it to our desired destination. Traditionally, Logstash has been used to process logs from applications and send them to Elasticsearch. Still, Logstash has evolved into a more general-purpose tool, which means the Logstash pipeline receives data as events, which can be of our choice: e-commerce orders, chat messages, log files, reports, etc. Then, these events are processed by Logstash and shipped to one or more destinations, such as Elasticsearch, message queue, HTTP endpoint, etc.
The Logstash pipeline consists of three stages (inputs, filters, and outputs):
-
Inputs: They ingest data of all shapes, sizes, and sources. Logstash supports different input plugins that pull events to read from multiple data sources simultaneously. It can ingest from our logs, metrics, web applications, data stores, and various AWS services, all in a continuous streaming fashion.
-
Filters: They parse and transform our data. Logstash dynamically transforms and prepares our data regardless of format or complexity. It parses each event, then identifies field names, and converts them into a standard format to be read for the output stage.
-
Outputs: They choose our format and transport our data. After filtering the data, Logstash sends it to a specific destination, such as Elasticsearch. Like the inputs stage, Logstash offers many output plugins that quickly ship event data to a particular destination.
Beats
Beats: It is a free and open platform for single-purpose data shippers. It’s installed as an agent on our servers to send operational data to Elasticsearch or forward it to Logstash for transformation and parsing. Beats provides different data shippers that collect other kinds of data and serve other purposes. Here are the data shippers supplied by Beats:
Filebeat: It is used to collect log files and send them to Elasticsearch or Logstash.
Packetbeat: It collects, ships, and analyzes network data from our servers and containers.
Auditbeat: It collects and ships our Linux audit data and monitors the integrity of our files.
Functionbeat: It collects, ships, and monitors data from our cloud services.
Metricbeat: It collects metrics from our systems and service, ranging from CPU to memory, Redis to NGINX, and much more.
Winlogbeat: It collects and ships Windows event logs.
Heartbeat: It monitors services for their availability. For example, if given a list of URLs, Heartbeat will send the requests using these URLs and ship the response information, such as response time.
X-Pack
X-Pack is a pack of features that adds additional functionality to Kibana and Elasticsearch, including security, alerting, monitoring, reporting, graph analytics, dedicated APM UIs, and machine learning.