Home / Companies / Elastic / Blog / October 2014

October 2014 Summaries

4 posts from Elastic

Filter
Month: Year:
Post Summaries Back to Blog
The blog post discusses how to use the ELK stack, comprising Elasticsearch, Logstash, and Kibana, to visualize security-related data from IPTables and KippoSSH honeypot logs. It explains the setup of a clustered Elasticsearch instance on a virtual machine and details the Logstash configuration for processing and enriching log data, which includes identifying relevant events, extracting tokens, and sending data to Elasticsearch for analysis. The post also covers the creation of Grok patterns to parse logs, the configuration of an Elasticsearch cluster to store and make data searchable, and the utilization of Kibana for building dashboards to visualize insights from the data. The overall aim is to demonstrate how the ELK stack can be leveraged to gain insights into security events, such as denied connections and SSH brute force attacks, through interactive dashboards and queries.
Oct 21, 2014 1,824 words in the original blog post.
Alex Brasetvik's article on Elasticsearch, originally known as Found and now Elastic Cloud, delves into the distributed nature of Elasticsearch by focusing on how requests are processed within a cluster. It explains how Elasticsearch handles index and search requests, detailing the roles of different nodes such as data, master, and client nodes in a cluster, as well as the responsibilities of the request coordinator node. The article illustrates the process of routing requests to the appropriate shards, the mechanics of index operations involving primary and replica shards, and the role of the transaction log in ensuring data durability. It also covers search request processing through shard routing, query rewriting, and the scatter/gather approach to retrieve results efficiently. Additionally, the article clarifies the abstractions of mappings and types in Elasticsearch and their transformation into Lucene documents, shedding light on the boundaries between Elasticsearch and Lucene technologies.
Oct 15, 2014 3,599 words in the original blog post.
Logstash is an event processing pipeline with a wide array of plugins, including grok and mutate, which are instrumental in parsing and manipulating unstructured log data into structured formats that can be efficiently queried by Elasticsearch. Elasticsearch is not only adept at full-text searches but also excels at calculating statistics on numerical data in near real-time, with Kibana providing visualization through charts and dashboards. Proper data typing is crucial for Elasticsearch to perform these calculations, and while Logstash automatically transforms data into JSON, it typically sends all values as strings unless explicitly coerced into other types using grok or mutate. Grok can use patterns to parse data and convert it into integers or floats, while mutate allows direct conversion of fields into specified data types. However, even with these conversions, Elasticsearch might interpret data types differently unless explicitly defined, highlighting the importance of understanding data typing for optimal performance. Future lessons promise to delve deeper into advanced typing techniques within Elasticsearch.
Oct 14, 2014 1,031 words in the original blog post.
In the second installment of a series on Elasticsearch testing and quality assurance processes, the article delves into the various testing layers employed to ensure software reliability. It highlights the importance of replicating test environments locally, mirroring those used in continuous integration setups to efficiently identify bugs. The text describes different testing levels, including unit tests for core algorithm validation, integration tests for Java API interactions with local Elasticsearch clusters, REST tests for endpoint verification, and backward compatibility tests to ensure seamless operation between different software versions. Additionally, the article discusses the use of declarative YAML-defined REST API tests and rigorous code quality checks embedded in the build process, such as identifying inefficient API usage and enforcing compatibility standards. It concludes by mentioning the importance of disabling broken tests during development and addressing them before release, with a preview of the upcoming focus on Elasticsearch's randomized testing framework.
Oct 09, 2014 1,181 words in the original blog post.