Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source Search and Analytics Sovereignty
- Elastic license changes and forks.
- OpenSearch vs Elasticsearch feature parity in 2025-2026.
- Use cases: enterprise search, log analytics, SIEM, observability.
Cluster Architecture
- Roles: master, data, coordinating, ingest nodes.
- Security plugin: TLS internode, certificates, PKI.
- Split-brain prevention: discovery.seed_hosts and minimum master nodes.
Data Ingestion
- REST API indexing, bulk loading, mapping definitions.
- Beats, Fluent Bit, and Logstash pipelines.
- OpenTelemetry Collector for traces and metrics.
Search and Dashboards
- Query DSL: match, term, range, aggregations, nested fields.
- OpenSearch Dashboards: visualizations and dashboards.
- SIEM use cases: alert rules and anomaly detection.
Index Management
- ILM: rollover, shrinking, deletion.
- Hot-warm-cold architecture.
- Mapping optimization and text analysis.
Security and Access Control
- RBAC with users, roles, and tenants.
- SAML and OpenID Connect authentication.
- Document-level security and field masking.
Backup and Recovery
- Snapshot repos to MinIO, S3, or NFS.
- Snapshot automation with Curator/ISM.
- Restoring specific indices and cluster-wide DR.
Requirements
- Understanding of search engines and inverted indexes.
- Experience with REST APIs and JSON.
- Linux admin basics: systemd, logs, packages.
Audience
- Search and log analytics engineers.
- Teams replacing managed Elasticsearch or Splunk.
- Security analysts building sovereign SIEM backends.
14 Hours
Testimonials (1)
the trainer was very good and made the training perfect for my needs
