Elastic: Using Logstash

Elastic's Logstash (opens in new tab) is an open-source data processing engine that allows you to collect, enrich, and transform data from different sources. It is often used alongside other tools in the Elastic Stack, such as Elasticsearch and Kibana, to create a complete data processing and visualization pipeline. In this room, we will explore Logstash in-depth and how data from different sources can be ingested, parsed, normalized, and sent to various outputs.

Learning Objectives

• Install and configure Logstash
• Explore various input, filter, and output plugins for Logstash
• Use Grok plugins to parse and normalize unstructured data
• Use Logstash to ingest, filter, and send Linux authentication logs to Elasticsearch

Room Prerequisites

Some familiarity with the Linux command line, navigating Kibana, and log analysis is recommended. However, all required commands and necessary information are provided in the walkthrough.

• Check out Elastic Stack: The Basics for an overview of Elastic architecture, running queries, and creating visualizations

Lab Access

Click the Start Machine button below. The machine will start in Split-Screen mode. You will have access to all necessary files in the /home/ubuntu/Downloads directory, and Kibana can be accessed via the Elastic shortcut on the machine's desktop with the credentials below. We recommend switching to Full Screen mode for a more immersive experience. This provides a larger workspace, making it easier to manage the terminal and browser as you progress through the room.

• username: elastic
• password: pn00IuML9u43_yKb688y

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.

Target machine

Status:Off

Start Machine