Which component of the ELK stack is responsible for collecting and shipping logs and metrics from various sources?
Think about the lightweight data shippers designed to send data to Elasticsearch or Logstash.
Beats are lightweight data shippers that collect and send data to Logstash or Elasticsearch, enabling observability by gathering logs and metrics.
What is the output of this Elasticsearch query that counts documents with status 'error'?
GET /logs/_count
{
"query": {
"match": {
"status": "error"
}
}
}Count returns the number of documents matching the query.
The query counts documents where the field 'status' matches 'error'. The output shows the count as 42, meaning 42 such documents exist.
What error will this Logstash configuration cause when trying to parse JSON logs?
input { beats { port => 5044 } } filter { json { source => "message" remove_field => ["message"] } } output { elasticsearch { hosts => ["localhost:9200"] } }
Consider what happens if the 'message' field is not valid JSON.
If the 'message' field does not contain valid JSON, the json filter will fail at runtime, causing errors in Logstash processing.
Which Kibana query syntax correctly filters logs with response time greater than 500ms?
Check the correct use of operators and spacing in Kibana query syntax.
Kibana uses Lucene query syntax where range queries require a colon and operator without space, like 'field:>value'.
Which explanation best describes how the ELK stack provides observability across logs, metrics, and traces?
Think about the roles of each ELK component in collecting, storing, and visualizing data.
The ELK stack collects data via Beats and Logstash, stores it in Elasticsearch, and visualizes it in Kibana, enabling full observability of distributed systems.