7–9 November 2016: Conference & Tutorials
9–10 November 2016: Training
Amsterdam, The Netherlands

From ELK to the Elastic stack: Modern logging and monitoring

Tudor Golubenco (Elastic)
13:45–14:25 Monday, 7/11/2016
Metrics/monitoring Cloud, DevOps Auditorium (Ground + Balcony) Audience level: Intermediate
Average rating: ***..
(3.67, 12 ratings)

Prerequisite knowledge

  • Knowledge of Logstash or other logging systems
  • A basic understanding of Docker deployments (useful but not required)

What you'll learn

  • Learn current best practices in creating a modern logging and monitoring system by using the open source Elastic stack


Nowadays, logging and metrics monitoring are a critical part of almost any significant web application or service. The ELK stack—Elasticsearch, Logstash, and Kibana—is one of the most widely deployed platforms for collecting, indexing, and visualizing logs.

Tudor Golubenco discusses some of the new challenges that logging and monitoring systems are facing in today’s world of containers and microservices and how the open source ELK stack is evolving into the Elastic stack—Elasticsearch, Logstash, Kibana, and Beats—to meet these new requirements.

Topics include:

  • Collecting logs with Filebeat
  • Dealing with file rotations, back pressure, and network partitions to avoid losing log lines
  • Structured logging
  • Parsing log lines with the new Elasticsearch features added in 5.0
  • Collecting system metrics with Metricbeat
  • Automatically discovering metadata from Docker containers
  • Advanced data enrichment with Logstash
  • Scaling Logstash deployments
Photo of Tudor Golubenco

Tudor Golubenco


Tudor Golubenco is a cofounder of the Beats open source project and the Beats technical lead inside Elastic, the company behind the popular open source projects Elasticsearch, Logstash, Kibana, and Beats. Previously, Tudor worked as a software engineer and startup CTO in the telecom and VoIP domain. He enjoys writing code in Go, C, Python, JavaScript, and others.