Structuring Log Data


Course Summary

Logs aren’t always the easiest things to read, but Elasticsearch can help with that. This course teaches you how to structure your unstructured data using an Elasticsearch ingest node. Starting with a simple case of parsing a log file with a predefined parser, you will learn how to parse unstructured event data in hybrid cases using custom grok patterns. You will also learn how to handle and debug ingest errors along the way. After completing this course, you will be able to structure your log data however you want, regardless of its initial format.

  • Structuring Unstructured Data
  • Extracting Fields
  • Combining Text Patterns with Grok
  • Advanced Grok Techniques
  • Hybrid Cases and Best Practices

Course Details

This course is a module of the Logging specialization. Find out how our focused Training Specializations can help you with your use case.

Software Developers and Engineers, Data Architects, System Administrators, DevOps

2-3 hours

We recommend you have taken Elasticsearch Engineer I and Elasticsearch Engineer II or possess equivalent knowledge. Engineer I and Engineer II teach the concepts that are the foundation upon which all specializations are built.

  • Stable internet connection
  • Mac, Linux, or Windows
  • Latest version of Chrome or Firefox (Safari is not 100% supported)
  • Due to virtual classroom JavaScript requirements, we recommend that you disable any ad-blockers and restart your browser before class.

It was awesome. Both instructors are great speakers. They have a wide and deep knowledge about the topic, and they know how to pass it on. They are infecting with their enthusiasm.

Mariusz Kuskowski | Allegro Group