Select Page

ElasticStack

Turn your data into solutions

Discover Elastic Stack: The ultimate open source solution for collecting, processing, analyzing and storing information and events.

Elasticsearch

The Open Source Enterprise search server

Elasticsearch is a distributed search and analytics server, which represents the core of the Elastic Stack. The communication between Elasticsearch and the service consumer is almost exclusively based on JSON via REST interface. This has the advantage that even smaller read and write operations can be tested and developed using CURL, without having to resort to a heavy-weight API.

Seek. Watch. Protect.

Scaling

Especially Elasticsearch stands out because it brings along everything that is needed for scaling and distribution of the installation. If an increase is necessary due to increasing load, then Elasticsearch only needs to be notified of a new server. It then takes care of the redistribution of data and inquiries independently.

Performance

All incoming data is immediately indexed by Elasticsearch. Whether log information, numeric or geographical data. Since everything is indicated, boredom never arises. This means that all data can be retrieved and processed at tremendously high speed. And of course, the whole comes with a frantic fast full text search in the luggage.

Logstash

Flexible Log- and Eventmanagement

Logstash is an open source log management solution that specializes in channeling, filtering and distribution of log and event information. It supports a large number of input and output formats and thus integrates into almost any IT environment.

In short, Logstash is the open source solution for managing and analyzing log information and the tool of choice to address the increasing volume of information in an auditable manner. Logstash has a variety of input, filtering and output plug-ins. Thus all events and log messages available in your network can be received, processed and forwarded.

Integration

Logstash supports a variety of inputs and outputs to process and forward the various information from a variety of sources. In addition to standards such as syslog, pipe and SNMP traps, various message brokers are also supported. The integration of application logs is thus possible without further detours and requires no installation of additional third-party software.
input { stdin { } }

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

Kibana

Your look in the Elastic Stack

Kibana visualizes and analyzes the data stored in Elasticsearch. Sophisticated filtering option allows the construction of dashboards for all data stored in Elasticsearch. Working with Kibana is the real reward for the effort invested in collecting the log and event information in advance. The access to all stored information is very fast and no deeper knowledge of a query language like SQL is necessary. Of course understanding the underlying intersections of the queried data is an advantage in order to get to the goal quickly, but even without it, visual viewing of the data is simply fun.

Geoinformation can easily be used in Kibana to create a local data reference. With the help of the Geoip filter plug-in, log data can be enriched with corresponding geoinformation based on the existing IP address.
Elasticsearch is more than a pure index database and has a powerful time series engine, the so-called Timeseries. This allows performance information from log data to be stored and analyzed for longer periods of time.

Beats

Collect, analyze and send

Beats is the platform for building lightweight data collectors for a wide variety of data types.

There are different Beats with a multitude of possibilities for reading in data, from enriching or processing data in advance by processors, through a multitude of modules with prefabricated processing chains for direct submission in Elasticsearch, to ready-made dashboards for a wide variety of products. In addition, there is the possibility of not only sending data to Elasticsearch and Logstash, because the absolute plus is the possibility of enriching the data with additional information in the form of document fields and tags while reading it in before sending it.

Beats not only convince with their integrations, but also with their very small footprint on the system.

Like every member of the Elastic Stack toolbox, Beats are a standard tool for processing information and events of all kinds, codecs and sources. So it is almost impossible to get around tBeats when collecting information with the Elastic Stack or related tools.

Filebeat

Filebeat is the tool for collecting log information from a variety of sources in a wide variety of formats. The range of inputs goes from plain file to syslog. This also predestines Filebeat as a site collector in order to then deliver it to a central Elasticsearch cluster.

Yes, you read that right – Elasticsearch! Because with its large number of modules for a large number of products in a modern infrastructure, Filebeat provides already processed data or processing pipelines for Elasticsearch, as well as index patterns and Kibana dashboards – and of course everything is ECS-compliant. These mechanisms guarantee perfect functioning with, for example, the new Elastic Security Integration for a comprehensive IT security evaluation.

Winlogbeat

For Windows event logs, the Winlogbeats represent a special variant of the Filebeats, which was specially developed for the collection of event logs. In conjunction with additionally supplied processors and in interaction with Sysmon from Sysinternals, this offers the possibility of precise thread monitoring.

Thus, the data can already be processed here without burdening the system and enriched with information in the form of additional fields or tags. The result is a lightweight solution for central storage of Windows log data with direct ingest in Elasticsearch or optionally via Logstash.

Service

Elastic Stack Consulting

We help you with the conception, installation and integration of your environment – for more power, know-how, peace of mind!

Power

Years of experience

We have been supporting our customers in operating their IT infrastructures for many years. Industries, tools, operating systems – we’ve seen, operated and built everything. We know the best practices with Graylog, Elastic & Co. and many topics related to Open Source and Linux.

Know How

Full Understanding

We not only understand your IT systems and services, but the big picture and the countless aspects of operating complex IT infrastructures. There is often a lack of time and personnel with increasing complexity and a rapidly changing IT world.

Peace of Mind

Targeted Reinforcement

As Linux generalists and open source experts, we have a broad base and are well integrated into the open source communities. With us you are never alone! Whether as an IT consultant, engineer, support or architect – we strengthen your team and relieve you of work.

Everything from a single source

The holistic portfolio of NETWAYS

You need support with the planning, implementation and operation of your Elastic Stack environment. NETWAYS supports you in all matters relating to consulting, outsourcing and, of course, training.

IT Outsourcing

As an external IT department, we take over the complete operation of entire environments. We take care of all the necessary systems from the open source world and work with you.

Support

With us you get quick help from your personal systems engineer. Whether by phone, chat, email or ticket: we are always there for you! Elastic not doing what it’s supposed to? Get it contact with us!

Trainings

We are happy to pass on our extensive and profound practical knowledge to you in our training courses and workshops. Of course, as face-to-face and of course online training.

Starter Pack

The simple beginning of something big

With our starter packages, we want to make it easier to get started with log management with the Elastic Stack (Elasticsearch, Logstash and Kibana) and offer a cost-effective way of getting to know the open source system without having to make large financial advance payments, such as which is often the case with commercial products.

One of our experienced consultants comes on site for 4 or 7 days, sets up the system directly on site and teaches the basics for further operation. The package is billed at a fixed price and there are no additional costs.

We recommend attending our Elastic Stack training before booking the Elastic Stack Standard Starter Pack. This training is already included in the Elastic Stack Starter Pack Premium.

Elastic Stack Starterpaket Standard

  • Joint workshop on log and event management
  • Introduction to the Logstash, Elasticsearch, Kibana, and Beats components
  • Installation and basic configuration on customer hardware
  • Exemplary integration of customer logs and evaluation using Kibana

Elastic Stack Starterpaket Premium

  • Elastic Stack Training (4 days for 3 participants – additional participants possible for an extra charge – 6 max.) *
  • Joint workshop on log and event management
  • Introduction to the components Logstash, Elasticsearch, Kibana and Beats
  • Installation and basic configuration on customer hardware
  • Exemplary integration of customer logs and evaluation with the help of Kibana
* The training will cover the scope of the Elastic Stack training and will be conducted on-site
(including rental notebooks, training material and attendee certificates)

Subscriptions

Elastic Enterprise

With us you get all self-managed Elastic Subscriptions so that you can use your on-premise deployments optimally and with all ELK stack features.
Simply request and we will create an individual offer for your area.

News

Posts from our Blog

Webinars

Our Webinars for Elastic

Just contact us. We look forward to seeing you!