Elasticsearch

Elasticsearch Destination Plugin

Elasticsearch is a search and analytics engine that is commonly used to store and analyze large volumes of machine-generated data, such as logs, metrics, and other telemetry data. The Elasticsearch Destination Plugin in Calyptia Core allows you to easily integrate your telemetry data with Elasticsearch, enabling you to store, search, and visualize your data using Elasticsearch's powerful indexing and querying capabilities.

With the Elasticsearch Output Plugin, you can configure your Calyptia Core pipeline to output your telemetry data to Elasticsearch.

This plugin provides a flexible and configurable way to transmit your data to Elasticsearch, allowing you to customize the indexing settings, document mappings, and other attributes of your data to suit your specific needs.

Configuration Parameters

The following are configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
Host	IP address or hostname of the target Elasticsearch instance
Port	TCP port of the target Elasticsearch instance
Index	Index name
Logstash format	Enable Logstash format compatibility.

Key

Description

Host

IP address or hostname of the target Elasticsearch instance

Port

TCP port of the target Elasticsearch instance

Index

Index name

Logstash format

Enable Logstash format compatibility.

The following are Security and TLS configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
TLS	Enable or Disable TLS/SSL support
TLS Certificate Validation	Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.
TLS Debug Level	Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose
CA Certificate File Path	Absolute path to CA certificate file
Certificate File Path	Absolute path to Certificate file
Private key File Path	Absolute path to private Key file
Private Key Path Password	Optional password for tls.key_file file
TLS SNI Hostname Extension	Hostname to be used for TLS SNI Extension

Key

Description

TLS

Enable or Disable TLS/SSL support

TLS Certificate Validation

Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.

TLS Debug Level

Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose

CA Certificate File Path

Absolute path to CA certificate file

Certificate File Path

Absolute path to Certificate file

Private key File Path

Absolute path to private Key file

Private Key Path Password

Optional password for tls.key_file file

TLS SNI Hostname Extension

Hostname to be used for TLS SNI Extension

The following are Advanced configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
Replace Dots	When enabled, replace field name dots with underscore, required by versions of Elasticsearch
Type	Type Name
Suppress Type Name	If true, mapping types are removed. for v7.0.0 or later
Buffer Size	Specify the buffer size used to read the response from the Elasticsearch HTTP service. This option is useful for debugging purposes where is required to read full responses, note that response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to 'false', otherwise the value must be according to the Unit Size specification
Path	Elasticsearch accepts new data on HTTP query path '/_bulk'. But it is also possible to serve Elasticsearch behind a reverse proxy on a subpath. This option defines such path on the fluent-bit side. It simply adds a path prefix in the indexing HTTP POST URI
Pipeline	Newer versions of Elasticsearch allows to setup filters called pipelines. This option allows to define which pipeline the database should use. For performance reasons is strongly suggested to do parsing and filtering on Fluent Bit side, avoid pipelines
Generate ID	When enabled, generate _id for outgoing records. This prevents duplicate records when retrying ES
Write Operation	Operation to use to write in bulk requests
ID Key	If set, _id will be the value of the key from incoming record.
Replace Dots	Use current time for index generation instead of message record
Logstash Prefix	When Logstash_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. The last string appended belongs to the date when the data is being generated'
Logstash Prefix Key	When included: the value in the record that belongs to the key will be looked up and over-write the Logstash_Prefix for index generation. If the key/value is not found in the record then the Logstash_Prefix option will act as a fallback. Nested keys are supported through record accessor pattern
Logstash Date Format	Time format (based on strftime) to generate the second part of the Index name
Time Key	When Logstash_Format is enabled, each record will get a new timestamp field. The Time_Key property defines the name of that field
Time Key Format	When Logstash_Format is enabled, this property defines the format of the timestamp
Time Key Nanos	When Logstash_Format is enabled, enabling this property sends nanosecond precision timestamps
Include Tag Key	When enabled, it append the Tag name to the record
Tag Key	When Include_Tag_key is enabled, this property defines the key name of the tag in the message

Key

Description

Replace Dots

When enabled, replace field name dots with underscore, required by versions of Elasticsearch

Type

Type Name

Suppress Type Name

If true, mapping types are removed. for v7.0.0 or later

Buffer Size

Specify the buffer size used to read the response from the Elasticsearch HTTP service. This option is useful for debugging purposes where is required to read full responses, note that response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to 'false', otherwise the value must be according to the Unit Size specification

Path

Elasticsearch accepts new data on HTTP query path '/_bulk'. But it is also possible to serve Elasticsearch behind a reverse proxy on a subpath. This option defines such path on the fluent-bit side. It simply adds a path prefix in the indexing HTTP POST URI

Pipeline

Newer versions of Elasticsearch allows to setup filters called pipelines. This option allows to define which pipeline the database should use. For performance reasons is strongly suggested to do parsing and filtering on Fluent Bit side, avoid pipelines

Generate ID

When enabled, generate _id for outgoing records. This prevents duplicate records when retrying ES

Write Operation

Operation to use to write in bulk requests

ID Key

If set, _id will be the value of the key from incoming record.

Replace Dots

Use current time for index generation instead of message record

Logstash Prefix

When Logstash_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. The last string appended belongs to the date when the data is being generated'

Logstash Prefix Key

When included: the value in the record that belongs to the key will be looked up and over-write the Logstash_Prefix for index generation. If the key/value is not found in the record then the Logstash_Prefix option will act as a fallback. Nested keys are supported through record accessor pattern

Logstash Date Format

Time format (based on strftime) to generate the second part of the Index name

Time Key

When Logstash_Format is enabled, each record will get a new timestamp field. The Time_Key property defines the name of that field

Time Key Format

When Logstash_Format is enabled, this property defines the format of the timestamp

Time Key Nanos

When Logstash_Format is enabled, enabling this property sends nanosecond precision timestamps

Include Tag Key

When enabled, it append the Tag name to the record

Tag Key

When Include_Tag_key is enabled, this property defines the key name of the tag in the message

The following are Basic Authentication configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
HTTP Username	Basic Auth Username
HTTP Password	Basic Auth Password. Requires HTTP_User to be set

Key

Description

HTTP Username

Basic Auth Username

HTTP Password

Basic Auth Password. Requires HTTP_User to be set

The following are AWS Authentication configuration Parameters for Elasticsearch Destination Plugin.

Key Description

Key	Description
Enable AWS Authentication	Enable AWS Sigv4 Authentication
AWS Region	AWS Region of your service
AWS STS Endpoint	Custom endpoint for the AWS STS API, used with the AWS_Role_ARN option
AWS IAM Assume Role	ARN of an IAM role to assume (ex. for cross-account access)
AWS External ID	Specify an external ID for the STS API, can be used with the `aws_role_arn` parameter if your role requires an external ID.

Enable AWS Authentication

Enable AWS Sigv4 Authentication

AWS Region

AWS Region of your service

AWS STS Endpoint

Custom endpoint for the AWS STS API, used with the AWS_Role_ARN option

AWS IAM Assume Role

ARN of an IAM role to assume (ex. for cross-account access)

AWS External ID

Specify an external ID for the STS API, can be used with the aws_role_arn parameter if your role requires an external ID.

The following are Elastic Cloud Authentication configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
Elastic Cloud ID	Elastic cloud ID of the cluster to connect to
Elastic Cloud Authentication Credentials	Elastic cloud authentication credentials

Key

Description

Elastic Cloud ID

Elastic cloud ID of the cluster to connect to

Elastic Cloud Authentication Credentials

Elastic cloud authentication credentials

The following are Advanced Networking configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
DNS Mode	Select the primary DNS connection type (TCP or UDP)
DNS Resolver	Select the primary DNS connection type (TCP or UDP)
Prefer IPv4	Prioritize IPv4 DNS results when trying to establish a connection
Keepalive	Enable or disable Keepalive support
Keepalive Idle Timeout	Set maximum time allowed for an idle Keepalive connection
Max Connect Timeout	Set maximum time allowed to establish a connection, this time includes the TLS handshake
Max Connect Timeout Log Error	On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message
Max Keepalive Recycle	Set maximum number of times a keepalive connection can be used before it is retired.
Source Address	Specify network address to bind for data traffic

Key

Description

DNS Mode

Select the primary DNS connection type (TCP or UDP)

DNS Resolver

Select the primary DNS connection type (TCP or UDP)

Prefer IPv4

Prioritize IPv4 DNS results when trying to establish a connection

Keepalive

Enable or disable Keepalive support

Keepalive Idle Timeout

Set maximum time allowed for an idle Keepalive connection

Max Connect Timeout

Set maximum time allowed to establish a connection, this time includes the TLS handshake

Max Connect Timeout Log Error

On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message

Max Keepalive Recycle

Set maximum number of times a keepalive connection can be used before it is retired.

Source Address

Specify network address to bind for data traffic

The following are Debugging configuration Parameters for Elasticsearch Destination Plugin.

Key	Description
Trace Output	When enabled print the Elasticsearch API calls to stdout (for diag only)
Trace Error	When enabled print the Elasticsearch exception to stderr (for diag only)

Key

Description

Trace Output

When enabled print the Elasticsearch API calls to stdout (for diag only)

Trace Error

When enabled print the Elasticsearch exception to stderr (for diag only)

PreviousSplunk NextNew Relic Logs

Last updated 6 months ago