Although they have all been built to work exceptionally well together, each one is a separate open source project that is driven by Elastic. The role of each of these technologies is divided as follows:
Logstash – Tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use, such as searching. You can collect several different types of data from different sources (logs, HTTP, TCP, Kafka, etc.) and then filter or transform them.
Elasticsearch – Search server based on Lucene. It provides a distributed, full-text search engine with a RESTful web interface and schema-free JSON documents. You can use it to index and aggregate data from Logstash.
Kibana – Browser based analytics and search dashboard for Elasticsearch. You can set-up dashboards with graphics and tables to visualize your indexed and aggregated data from Elasticsearch.
These technologies are available for free, meaning that with our Logstash Input plugin, you can start to monitor and get insights about cyber threats for free! ELK users will be able to access the Blueliv’s global intelligence such as malware distribution domains, C&Cs, phishing, exploit kits, backdoors, Infected IPs and OS affected through Kibana dashboards.