Elasticsearch

Overview

You can send logs to Elasticsearch via HTTP using our HTTP Data sink.

Data sink configuration

To start sending data to Elasticsearch, follow these steps:

Create a new HTTP Data sink. To do it, go to Data sinks > New Data sink and double-click HTTP.

Give your Data sink a Name and, optionally, add a Description and some Tags. Click Finish when you're done.

Now, drag your Data sink to the required Pipeline canvas. Link it to the required Listener/Action and double-click it to configure it.

Fill the following parameters as follows:

Parameter

Description

HTTP method*

Choose POST.

URL*

Enter <elastic_endpoint>.

Message

Choose the field containing the message you wish to send on.

Content-Type

Choose your required data type.

Support special characters

Set it to true.

Use gzip, HTTP headers

Set as required.

In the Bulk configuration section, fill in the parameters as follows:

Parameter

Description

Bulk allow*

Set it to true.

Delimiter*

Choose Manual delimiter* and leave it as new line (\n).

Maximum number of buffers per server URL*

Enter 50.

Event amount*, Event time limit*

Set both to 1.

Set the Authentication type* to API key. Enter your API key name* and choose the required API key value*. Create a Secret containing your API key or select one already created.

Fill in the rest of the parameters and required, and click Save.

PreviousCrowdStrike Falcon LogScale NextExabeam

Last updated 8 hours ago

Was this helpful?