This Elastic Observability training equips SRE, DevOps and Observability engineers to build and operate a unified observability platform on the Elastic Stack: logs, metrics, APM traces, RUM and uptime brought together in a single experience.
Throughout the course, a distributed application is used as a common thread (frontend, Node.js proxy, Java app server, Python service, database): you collect, correlate, visualize and detect anomalies on a real case — not on disconnected demo data. The training prepares for the Elastic Certified Observability Engineer certification.
Learning objectives
- Describe the pillars of observability and the value of a unified logs / metrics / traces approach.
- Collect logs, metrics and traces with Elastic Agent and Fleet.
- Instrument Java, Node.js and frontend applications with the APM and RUM agents.
- Operate the Observability apps: Logs, Infrastructure, APM, User Experience, Uptime.
- Structure and enrich data through ingest pipelines (grok, date, geoip, enrich).
- Implement ML anomaly detection and AIOps.
- Build multi-source dashboards and actionable alerts.
- Manage the data lifecycle: data streams, ILM and searchable snapshots.
Outline
Module 1 — Getting started
- Why observability: distributed architectures, microservices, silos; observability vs monitoring (known vs unknown unknowns).
- The unified stack: logs, metrics, APM, synthetics, uptime, RUM; SLI / SLO / SLA concepts.
- Uptime with Heartbeat: ICMP, TCP, HTTP, SSL/TLS monitors; status and TLS alerting.
- Discover: Data Views, time range, KQL, field exploration and filtering.
- Labs: exploring the common-thread application and Heartbeat data.
Module 2 — Collecting logs and metrics
- Fleet + Elastic Agent model: a single binary per host, integrations and policies managed centrally.
- Elastic Agent vs Beats: how to choose.
- Logs: anatomy of a log, integrations (paths, pipelines, mappings, dashboards), watching files and folders.
- Metrics: lifecycle, System, Docker and cloud (AWS…) integrations.
- Labs: ingesting and exploring logs and metrics.
Module 3 — Collecting APM data
- APM architecture: agents → APM Server → Elasticsearch → Kibana; distributed tracing and sampling.
- Java agent:
-javaagent, auto-instrumentation, configuration, log correlation (trace.id/transaction.id). - Node.js agent:
elastic-apm-nodemodule, API gateway pattern, supported frameworks, custom events. - RUM agent: frontend monitoring, page load metrics, XHR/Fetch, SPA support (React, Angular, Vue).
- Labs: ingesting traces from the Java and Node.js services.
Module 4 — Working with observability data
- Logs app: centralized stream, live vs historical, filters, contextual logs, ML.
- Infrastructure app: hosts / containers / pods inventory, metrics, drill-down to logs and traces.
- APM app: services, transactions, latency, waterfall, Service Map, errors and stack traces.
- User Experience app: Core Web Vitals (LCP, FID, CLS), breakdown by OS / browser / geo, JS errors.
- Labs: exploring the Logs and APM apps.
Module 5 — Structuring and processing data
- Ingest pipelines vs Logstash; Kibana UI,
processors, conditionals, on-failure,
default_pipeline/final_pipeline. - Extraction: Grok patterns, Grok Debugger,
removeanddropprocessors. - Transformation:
convert,date(ISO-8601, timezones, locale),uppercase/lowercase. - Enrichment:
geoip,user_agent,enrichprocessor. - Labs: creating pipelines, extracting, transforming and enriching events.
Module 6 — Actionable data
- Machine Learning: unsupervised anomaly detection, detectors, single / multi-metric / population jobs, forecasting.
- Ready-to-use and custom jobs; Single Metric Viewer, Anomaly Explorer.
- AIOps: log rate analysis, log pattern analysis, change point detection.
- Alerting: rules, connectors, actions, alerts from the Observability apps.
- Lab: creating alerts.
Module 7 — Visualizing data
- Observability apps vs unified Dashboard view; assets installed by integrations.
- Creating, editing and copying visualizations; pinning filters between Discover and Dashboard.
- Dashboards combining several data streams and custom visualizations (Lens).
Module 8 — Managing data
- Data streams: backing indices, index templates, write-once model; Elastic Common Schema (ECS).
- Index Lifecycle Management: data tiers (hot, warm, cold, frozen), rollover / shrink / force merge / delete actions, phase definition.
- Searchable snapshots: repositories (S3, Azure, GCS…), SLM, cold / frozen phases, fully vs partially-mounted.
- Labs: creating a data stream, repository and searchable snapshots integrated into an ILM policy.
The instructor
With over 110 training sessions conducted on Elastic technologies, your instructor is engaged in production work for 50% of the time, serving as an Elk and Elastic Stack consultant . You have an instructor who also possesses hands-on production experience.
3 to 5 days.
I can modulate the duration for your company.
WITH QUOTE
Rates are defined for you, in inter or intra company.
Custom
Go back to me. I will adapt duration, location and course content.
Who should attend
SRE and DevOps engineers, Observability and performance engineers, developers and architects integrating logs, metrics and traces.
Prerequisites
Basic knowledge of the Elastic Stack (Elasticsearch, Kibana) recommended, along with familiarity with Linux, containers and microservices.
Method
Progression concept → instructor demo → lab on a distributed common-thread application → summary, with an end-of-lesson quiz.
Certification
This training prepares for the Elastic Certified Observability Engineer certification.
Training materials
You will get PDF training materials for all of my courses and code for Hands-on labs.
