# Elasticsearch

Elasticsearch is a distributed search and analytics engine at the heart of the Elastic Stack.

Developers and communities leverage Elasticsearch for a wide range of use cases, from application search and website search, to logging, infrastructure monitoring, APM, and security analytics.

Adding our Elasticsearch integration will enable us to send alerts for any events against your seeds into your Elasticsearch tenant (cloud or on-prem) and have them ingested as a document. You can them search these and enable further processing by rules and analysis playbooks.

<figure><img src="/files/eV53JZllhyGMNpOMqkDi" alt=""><figcaption></figcaption></figure>

## Step 1 - Get your Elastic Endpoint

This is the destination that your Elasticsearch API is listening on. You will need this later within the seedata.io form that configures your new integration.

1. Go to the Kibana web interface configured for your Elasticsearch instance
2. In the top right hand corner click the link for **Endpoints & API keys**
3. **Copy** the URL to a temporary store.

## Step 2 - Get an API key

You may choose to use an existing API key, or create a new one specifically for seedata.io to use.&#x20;

1. Go to **Endpoints & API keys** link in the top right previously used
2. Click on the **New API key** button
3. Provide a **name** for your new API key
4. Set **Expires = Never** (or whatever your security policy requires)
5. Click **Create API key**
6. **Copy** the new key to a temporary store

## Step 3 - Get your Index name

If you don't already have one, you'll need to create an index to receive seedata.io alerts on (you can skip this first step if you already have an index you want to use).&#x20;

1. Go to **Elasticsearch / Indices** and click **Create a new index**.&#x20;
2. Give it a name, and click **Create index**.
3. **Copy** this index name, as you will use it in a later step.

## Step 4 - Configure your integration on seedata.io

Log into your seedata.io tenant, and take the following steps to add a new Elasticsearch integration

1. Go to **Alerts** from the menubar
2. Find the Elasticsearch tile and click **Install**
3. Complete the form providing the information requested
   * Name and Description simply allow you identify this specific integration amongst other similar integrations
   * Opt-in for baseline events if you wish to receive alerts for events that are considered trusted
   * Copy over the information from your Elasticsearch instance as requested. When copying your API key, only select the **encoded** value, inside the quotes
4. Configure any changes required to the payload of the document to be ingested. You may already have a specific schema you wish our alerts to align to, or additional values you wish to pass. This field must contain valid JSON before the integration can be created.
5. Click **Submit**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.seedata.io/tutorials/managing-your-alerts/elasticsearch.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.