Elasticsearch
What is Elasticsearch?
Elasticsearch is a search engine based Lucene library which provides distributed multitenent-capable full-text search engine with webinterface and scheme-free JSON documents.
Description
The Elasticsearch channel will log all events to an Elasticsearch API.
Syntax
[channel.<you_choose>]
type="elasticsearch"
url="elasticsearch_server/index"
Arguments in configuration file
There are 5
arguments in Elasticsearch channel:
argument | default setting | explanation | required |
---|---|---|---|
url |
no | Set the url and index of your Elasticsearch Server. |
yes |
sniff |
no | true defines that the client should find all nodes. |
no |
insecure |
no | true will disable certificate validation. |
no |
username |
no | Set the username used for authentication. |
no |
password |
no | Set the password used for authentication. |
no |
Example
[channel.elasticsearch01]
type="elasticsearch"
url="http://127.0.0.1:9200/honeytrap"
sniff=false
insecure=true
Availability
Linux | MacOS |
---|---|
yes |
yes |