Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source Search and Analytics Sovereignty
- Elastic license changes and forks.
- Feature parity between OpenSearch and Elasticsearch in 2025-2026.
- Use cases: enterprise search, log analytics, SIEM, and observability.
Cluster Architecture
- Node roles: master, data, coordinating, and ingest nodes.
- Security plugin: inter-node TLS, certificates, and PKI.
- Split-brain prevention: configuring discovery.seed_hosts and minimum master nodes.
Data Ingestion
- REST API indexing, bulk loading, and mapping definitions.
- Utilizing Beats, Fluent Bit, and Logstash pipelines.
- Using the OpenTelemetry Collector for traces and metrics.
Search and Dashboards
- Query DSL: match, term, range, aggregations, and nested fields.
- OpenSearch Dashboards: creating visualizations and dashboards.
- SIEM use cases: alert rules and anomaly detection.
Index Management
- ILM (Index Lifecycle Management): rollover, shrinking, and deletion.
- Hot-warm-cold architecture.
- Mapping optimization and text analysis.
Security and Access Control
- RBAC (Role-Based Access Control) with users, roles, and tenants.
- SAML and OpenID Connect authentication.
- Document-level security and field masking.
Backup and Recovery
- Snapshot repositories configured for MinIO, S3, or NFS.
- Automating snapshots with Curator and ISM.
- Restoring specific indices and implementing cluster-wide disaster recovery.
Requirements
- Understanding of search engines and inverted indexes.
- Experience with REST APIs and JSON.
- Basic Linux administration skills: systemd, logs, and package management.
Audience
- Search and log analytics engineers.
- Teams migrating away from managed Elasticsearch or Splunk solutions.
- Security analysts developing sovereign SIEM backends.
14 Hours
Testimonials (1)
the trainer was very good and made the training perfect for my needs
