How to Setup Centralized Logging with Elasticsearch, Fluentd, and Kibana
Designed for Site Reliability Engineers (SREs) and DevOps specialists responsible for improving observability in mid-size, microservices-based cloud environments who are new to centralized logging stacks. to spark real collaboration and high-energy learning.
A 90-minute hybrid workshop. Participants work in a fast-paced, microservices-driven environment and struggle with fragmented log data spread across services and servers, making troubleshooting and monitoring a major pain. Some have tried log aggregation tools but found them too complex or hard to maintain.
Mystery Log Hunt
Open the session with a quick group challenge: display a deliberately messy screenshot of logs from multiple servers with a hidden error message ('500 Internal Server Error at /api/v2/users'). Ask participants to spot the actual problem in 90 seconds. The payoff: most can't, and it tees up the need for centralized logs.
Tap to view the full activity.
Why this works
Curiosity peaks when we encounter a challenge we can't solve with current tools. This hooks attention and highlights the pain point.
Log Pipeline Mythbusting
Present three common myths as bold statements: 'Fluentd is only for huge systems,' 'Elasticsearch setups always require expensive clusters,' and 'Kibana is just a pretty dashboard.' Have the group vote on which are true before debunking each with one clear fact.
Tap to view the full activity.
Why this works
Revealing misconceptions early helps unseat barriers to learning and makes space for new understanding.
Your First Fluentd Config
Guide participants to write a simple Fluentd config file live, using a fill-in-the-blanks template. Pair up in breakout rooms (or at tables) and compare answers for 2 minutes. Zero judgment, just hands-on practice!
Tap to view the full activity.
Why this works
Low-pressure, supported participation gets everyone touching the tech without fear of making mistakes.
Log Stream Race
Kick off a high-energy group relay: display a simulated log stream (live tail output) and ask participants to race to write down the event type, timestamp, and error level for each new entry, shouting (or chatting) 'Caught it!' when they spot an error. Award mini-prizes for the quickest spotters.
Tap to view the full activity.
Why this works
Injects energy and urgency, reinforcing the chaos of unmanaged logs and the value of real-time insights.
PagerDuty Panic Dilemma
Pose a real-world scenario: 'It’s 2 AM. PagerDuty alerts you to high latency. Logs are scattered across 7 containers. You have 20 minutes before users notice. What’s your move?' Invite the group to brainstorm, then show how centralized logging would have changed the outcome.
Tap to view the full activity.
Why this works
Grounds abstract skills in urgent, relatable stakes—anchoring motivation to real job needs.
Log Wins Lightning Round
Close with a 1-minute reflection: ask everyone to write down (or type) one situation from their own systems where centralized logging with EFK would have saved them time, stress, or money. Volunteers share out, and all answers are posted on a shared board or chat.
Tap to view the full activity.
Why this works
Active reflection cements learning by connecting content to personal experience and value.
Sign up to unlock 3 more activities
Get the full pack, facilitation flow, and more ready-to-run ideas.