April 12, 2022

Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Elasticsearch is developed in Java and is released as open source under the terms of the Apache License. Elasticsearch is distributed under the Apache 2.0 license, which means that you are free to use Elasticsearch in any way you want, as long as you preserve the copyright notice and license.

Elasticsearch is a search engine that is used to search and analyze large volumes of data quickly and in near real-time. It is commonly used for log analytics, full-text search, and for indexing, storing, and analyzing document-oriented data. Elasticsearch is highly scalable and can be used to index, search, and analyze data from various sources, including social media, logs, and other applications. It is an important tool for developers and data scientists who work with large datasets.

collecting the data to Elasticsearch done by beats, each beat has a different feature that allows it to filter the logs and transfer it from the various systems to Elasticsearch.

Kibana is an open source app, its free, Kibana app is part of Elastic stack, provides advanced logs management capabilities, provide advance queries options and visual custom dashboard and graph based of logs stored in Elasticsearch SIEM, Kibana app has Additional elasticsearch capabilities that require subscription, such as anomaly detection using machine learning, advanced security management capability such as elastic endpoint protection.