The Elastic Stack includes four open source products — Elasticsearch, Kibana, Beats, and Logstash — that provide data collection, transformation, ingestion, storage, search, analytics, correlation, and visualization capabilities. While the logical architecture described and tested in this white paper did not use Logstash and Beats, they are relevant to explaining how the Elastic Stack works. In addition to acting as a search engine, the Elastic Stack:

• Provides users with a centralized logging and monitoring platform for their IT environment
• Enables organizations to ingest and explore operational logs and metrics from their IT infrastructure 
• Provides security incident and event management (SIEM) 

Image Caption

 

Figure 2.              Elastic Stack components

The Elastic Stack includes numerous capabilities that help users easily build solutions focused in three areas:

• Enterprise Search: application search, site search, and workplace search
• Observability: logging, APM, and metrics
• Security: SIEM, endpoint, and security analytics

Value-added features such as machine learning, alerting, mapping services, Canvas, cross-cluster replication, cross-cluster search, field- and document-level security, and cluster authentication can be leveraged to meet the mission and business requirements of each organization. Many of these capabilities are free, and others can be obtained through an Elastic subscription that includes support.