Elasticsearch Pro: Index, Analyze, and Visualize

Elasticsearch Pro Course: Index, Analyze, and Visualize

This course is taught in online format It consists of 5 units and a final project. The course lasts 115 hours. distribute between the content and the collaboration tools. Upon completion, the student will receive a certificate of completion.

The training is conducted through our Virtual Campus : With this format, you will have access to all the course content on the platform, available 24/7 from the start date. Students will also have access to... participation forums , as well as a continuous tutoring .

The course is taught in e-learning modality (100% bonus option) and face-to-face and telepresence training actions can also be carried out on demand.

• Access to the platform: 8 weeks
• Individualized support

Elasticsearch Pro - Data Indexing - Real-Time Analytics - Data Visualization - Search Engine - Elastic Stack - Search AI Platform - Big Data Analytics - Kibana Dashboards - Intelligent Search - RAG with Elasticsearch - Text Processing

Introduction to the ElasticSearch course

In today's environment, the efficient and agile management of large volumes of data has become a key element for the success of organizations across all sectors. Elasticsearch stands out as one of the most powerful and versatile tools for searching, analyzing, and visualizing information in real time.

This training program has been designed to provide participants with the fundamental knowledge and practical skills necessary to implement and make the most of Elastic Search capabilities in professional environments.

Through theoretical content and applied activities, the aim is for each person to acquire a comprehensive vision of data management, index structure and efficient querying, thus laying the foundations for the development of advanced analysis projects and scalable search solutions.

Training objectives: Indexing, analysis and visualization of data

• Understanding the Elastic Stack: Become familiar with the main components such as Elasticsearch, Kibana, Beats, and Logstash.
  
• Data Indexing: Learn how to index documents and manage data within Elasticsearch.
  
• Analysis and visualization: Use Kibana to create dashboards, perform queries, and visualize data.
  
• Optimization and scalability: Learn best practices to improve search performance and scale clusters.
  
• Practical applications: Develop skills to implement real-world search, analysis, and monitoring solutions.

Who is the ElasticSearch course aimed at?

This proposal is aimed at professionals in areas such as computer engineering, data analysis, systems administration and software development who seek to strengthen their skills in handling and exploiting large volumes of information.

It is also relevant for technical staff in technology departments, digital transformation project managers, and business intelligence specialists who need to integrate Elastic Search into their solutions.

The activities and content are also useful for those with no prior experience using the tool who wish to begin using advanced search engines and data visualization techniques. The program has been designed to adapt to both those with basic knowledge and those who aspire to delve deeper into the architecture, optimization, and scalability of Elastic Search in enterprise environments.

Elastic Search Pro course content: Index, Analyze, and Visualize

The following is a training program organized linearly, unit by unit, that guides participants through the essential concepts and practical skills needed to master Elastic Search in professional environments.

Unit 1: Architecture: nodes, shards, replicas - Index creation - Index templates (static/dynamic) - Data Streams - ILM policies

1. Design an index for logs with 3 shards, 2 replicas, compression, mapping for timestamp, message, level.
2. Create an index template for logs-app-YYYY.MM.dd.
3. Define a dynamic template that changes the analyzer based on the log type.
4. Configure ILM with rollover, 30 active days, archiving and deletion at 90 days.
5. Create an index template that generates a Data Stream for sensors.

Unit 2: Term, Phrase, and Multi-Field Queries - Boolean Queries and Filters - Asynchronous Search - Metric Aggregations and Buckets - Sub-aggregations - Runtime Fields - Cross-cluster Search

1. Write a query with an exact phrase + a single term using must and must_not.
2. Add filters by date range and numeric values ​​(e.g., latency > 200 ms).
3. Perform asynchronous search and retrieve results.
4. Formulate metric aggregations (avg, sum, min, max) on response times.
5. Create buckets by log level (“info”, “warn”, “error”).
6. Implement sub-aggregation: % of errors per service within a latency range.
7. Use the runtime field to calculate normalized latency and filter.
8. Configure and run multi-cluster search.

Unit 3: Highlighting - Sorting results - Advanced pagination - Index aliases - Search templates

1. Perform a query with highlighting in text fields.
2. Sort results by level (error>warn>info) and descending timestamp.
3. Implement pagination with from/size and then search_after.
4. Create an index alias (logs-current) and move it during rollover without downtime.
5. Define a parameterized search template with variables (term, date, level).

Unit 4: Advanced Mappings - Custom Analyzers - Multi-fields - Reindexing and Update by Query - Ingestion Pipelines - Painless - Runtime Fields

1. Define mapping with title, text, tags, date, geo.
2. Configure multi-field in title (analyzed text + keyword).
3. Create an analyzer with stop-words, lowercase, and n-grams.
4. Pipeline for raw logs: parse timestamp, extract level, clean fields.
5. Painless script to assign numerical severity according to level.
6. Use update_by_query to add a "severity" field to older documents.
7. Reindex to a new index with updated mapping.
8. Define a runtime field that calculates the difference between timestamps or a normalized value

Unit 5: Shard Diagnosis and Repair - Backups and Snapshots - Searchable Snapshots - Cross-cluster Search - Cross-cluster Replication - Updating and Monitoring

1. Simulate shard in "network" state and diagnose with _cluster/health and _cat/shards.
2. Recover damaged shard.
3. Create a snapshot of critical indexes and partially restore one.
4. Configure queryable snapshot.
5. Configure cross-cluster search between 2 clusters and run remote query.
6. Implement cross-cluster replication.
7. Plan rolling version upgrade.
8. Configure cluster monitoring: JVM metrics, disk, latency, dashboards in Kibana.

Final Project: Implement a complete logging system with ingestion, ILM, advanced queries, aliases, backups and monitoring.

Prerequisites

• Basic computer skills and operating system management.
  
• Familiarity with databases (relational or non-relational).
  
• Basic knowledge of JSON (data format used in Elasticsearch).
  
• Previous experience in development or systems administration environments may be helpful, but is not required.

Other training modalities

If you are interested in taking this course in person or remotely, please contact us:

• Mail: info@nanforiberica.com
• Phone: +34 91 031 66 78
• WhatsApp: +34 685 60 05 91