Elastic Search Pro: Index, Analyze, and Visualize

Elastic Search Pro Course: Index, Analyze, and Visualize

This course is taught in online mode and consists of 5 units and a final project. The course duration is 115 hours, which are distribute between content and collaboration tools. Upon completion, the student will receive a certificate of completion.

Training is carried out through our Virtual Campus , with this option you will have all the educational content on the course platform and it will be accessible, from the day the course starts, 24 hours a day, every day of the week. The student will also have access to participation forums , as well as a continuous tutoring .

The course is taught in distance learning modality (100% bonus option) and in-person and online training courses can also be provided on demand.

• Access to the platform: 8 weeks
• Individualized support

Introduction

In today's environment, efficient and agile management of large volumes of data has become key to the success of organizations across all sectors. Elastic Search is positioned as one of the most powerful and versatile tools for searching, analyzing, and visualizing information in real time.

This training program has been designed to provide participants with the fundamental knowledge and practical skills necessary to implement and take full advantage of Elastic Search's capabilities in professional environments.

Through theoretical content and applied activities, the goal is for each student to acquire a comprehensive understanding of data management, index structure, and efficient querying, thus laying the foundation for the development of advanced analytics projects and scalable search solutions.

Training objectives

• Understanding the Elastic Stack: Get familiar with core components like Elasticsearch, Kibana, Beats, and Logstash.
  
• Data Indexing: Learn how to index documents and manage data within Elasticsearch.
  
• Analysis and Visualization: Use Kibana to create dashboards, run queries, and visualize data.
  
• Optimization and Scalability: Learn best practices for improving search performance and scaling clusters.
  
• Practical Applications: Develop skills to implement real-world search, analysis, and monitoring solutions.

Course aimed at

This program is aimed at professionals in fields such as computer engineering, data analysis, systems administration, and software development who seek to strengthen their skills in managing and exploiting large volumes of information.

It is also relevant for technical staff in technology departments, digital transformation project managers, and business intelligence specialists who need to integrate Elastic Search into their solutions.

The activities and content are also useful for those with no prior experience with the tool who want to learn how to use advanced search engines and data visualization techniques. The program has been designed to suit both those with basic knowledge and those who aspire to delve deeper into the architecture, optimization, and scalability of Elastic Search in enterprise environments.

Elastic Search Pro Course Content: Index, Analyze, and Visualize

The following is a linear, unit-by-unit training program that guides participants through the essential concepts and practical skills needed to master Elastic Search in professional environments.

Unit 1: Architecture: nodes, shards, replicas - Creating indexes - Index templates (static/dynamic) - Data streams - ILM policies

1. Design an index for logs with 3 shards, 2 replicas, compression, mapping for timestamp, message, level.
2. Create an index template for logs-app-YYYY.MM.dd.
3. Define a dynamic template that changes the parser depending on the log type.
4. Configure ILM with rollover, 30-day active, and 90-day archiving and deletion.
5. Create an index template that generates a Data Stream for sensors.

Unit 2: Term, phrase, and multi-field queries - Boolean queries and filters - Asynchronous search - Metric aggregations and buckets - Sub-aggregations - Runtime fields - Cross-cluster search

1. Write a query with an exact phrase + a loose term using must and must_not.
2. Add filters by date range and numeric values ​​(e.g. latency > 200 ms).
3. Execute asynchronous search and retrieve results.
4. Formulate metric aggregations (avg, sum, min, max) on response times.
5. Create buckets by log level (“info”, “warn”, “error”).
6. Implement sub-aggregation: % of errors per service within a latency range.
7. Use runtime field to calculate normalized latency and filter.
8. Configure and run multi-cluster search.

Unit 3: Highlighting - Sorting Results - Advanced Pagination - Index Aliases - Search Templates

1. Perform query with highlighting in text fields.
2. Sort results by level (error>warn>info) and descending timestamp.
3. Implement pagination with from/size and then search_after.
4. Create index alias (logs-current) and move it during rollover without downtime.
5. Define parameterized search template with variables (term, date, level).

Unit 4: Advanced Mappings - Custom Parsers - Multi-fields - Reindexing and update_by_query - Ingestion Pipelines - Painless - Runtime Fields

1. Define mapping with title, text, labels, date, geo.
2. Configure multi-field in title (parsed text + keyword).
3. Create parser with stop-words, lowercase and n-grams.
4. Pipeline for raw logs: parse timestamp, extract level, clean fields.
5. Painless script to assign numerical severity based on level.
6. Use update_by_query to add the “severity” field to older documents.
7. Reindex to a new index with updated mapping.
8. Define a runtime field that calculates the difference between timestamps or a normalized value

Unit 5: Shard Diagnosis and Repair - Backups and Snapshots - Queryable Snapshots - Cross-cluster Search - Cross-cluster Replication - Update and Monitoring

1. Simulate shard in “network” state and diagnose with _cluster/health and _cat/shards.
2. Recover damaged shard.
3. Create a snapshot of critical indexes and partially restore one.
4. Configure queryable snapshot.
5. Configure cross-cluster search between 2 clusters and run remote query.
6. Implement cross-cluster replication.
7. Plan rolling version upgrade.
8. Configure cluster monitoring: JVM, disk, latency metrics, and Kibana dashboards.

Final Project: Implement a complete log system with ingestion, ILM, advanced queries, aliases, backups, and monitoring.

Prerequisites

• Basic knowledge of computer science and operating systems management.
  
• Familiarity with databases (relational or non-relational).
  
• Basic knowledge of JSON (data format used in Elasticsearch).
  
• Previous experience in development environments or systems administration may be helpful, but is not required.

Other training modalities

If you are interested in taking this course in person or online, please contact us:

• Mail: info@nanforiberica.com
• Phone: +34 91 031 66 78
• WhatsApp: +34 685 60 05 91