Elasticsearch
Use the Elasticsearch API to ingest seedata.io alerts
Last updated
Use the Elasticsearch API to ingest seedata.io alerts
Last updated
Elasticsearch is a distributed search and analytics engine at the heart of the Elastic Stack.
Developers and communities leverage Elasticsearch for a wide range of use cases, from application search and website search, to logging, infrastructure monitoring, APM, and security analytics.
Adding our Elasticsearch integration will enable us to send alerts for any events against your seeds into your Elasticsearch tenant (cloud or on-prem) and have them ingested as a document. You can them search these and enable further processing by rules and analysis playbooks.
This is the destination that your Elasticsearch API is listening on. You will need this later within the seedata.io form that configures your new integration.
Go to the Kibana web interface configured for your Elasticsearch instance
In the top right hand corner click the link for Endpoints & API keys
Copy the URL to a temporary store.
You may choose to use an existing API key, or create a new one specifically for seedata.io to use.
Go to Endpoints & API keys link in the top right previously used
Click on the New API key button
Provide a name for your new API key
Set Expires = Never (or whatever your security policy requires)
Click Create API key
Copy the new key to a temporary store
If you don't already have one, you'll need to create an index to receive seedata.io alerts on (you can skip this first step if you already have an index you want to use).
Go to Elasticsearch / Indices and click Create a new index.
Give it a name, and click Create index.
Copy this index name, as you will use it in a later step.
Log into your seedata.io tenant, and take the following steps to add a new Elasticsearch integration
Go to Alerts from the menubar
Find the Elasticsearch tile and click Install
Complete the form providing the information requested
Name and Description simply allow you identify this specific integration amongst other similar integrations
Opt-in for baseline events if you wish to receive alerts for events that are considered trusted
Copy over the information from your Elasticsearch instance as requested. When copying your API key, only select the encoded value, inside the quotes
Configure any changes required to the payload of the document to be ingested. You may already have a specific schema you wish our alerts to align to, or additional values you wish to pass. This field must contain valid JSON before the integration can be created.
Click Submit