I’m new to Elasticsearch and have been exploring its potential benefits for our company. As a starting point, I’m considering using it for audit log searching.
I’ve already installed the Docker version of Elasticsearch, but I’m unsure about the best way to learn and explore its features effectively. If anyone has recommendations or resources to share, I’d greatly appreciate it.
Additionally, I’m currently working on extracting logs from the Single Sign-On (SSO) audit logs in WSO2 Carbon. My goal is to demonstrate a real-world use case using Elasticsearch. Any advice or insights on this would be incredibly helpful.
It's not clear from the question where you are currently at in the process. Installing the software is of course helpful, but have you (eg) some experience with json documents, aggregations, query languages, etc, maybe with other tools? e.g. if you have some SQL experience, then ES|QL would be at least semi-familiar (as compared to say query DSL)
When you install kibana there are a few sample datasets you can load via a couple of clicks. e.g. there is some web logs data that comes with a set of visualizations and dashboards. With these you can a) explore data and b) see how that specific data can be summarized, visualized, etc.
Also, if you have (eg) a system where you installed elasticsearch and kibana (via docker is fine) you can also fairly easily install things like filebeat / metricbeat /packetbeat that can feed data into that specific instance. Again thats sort of toy data, but does allow you to explore what documents look like, what sort of fields are available, a bunch of aggregations, etc.
There's a whole ecosystem of "tutorial" videos out there. One I saw which looked semi-interesting was to use elasticsearch to explore Spotify listening history.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.