Elastic

​

Authentication

This provider requires authentication.

• host: Elasticsearch host (required: False, sensitive: False)
• cloud_id: Elasticsearch cloud id (required: False, sensitive: False)
• verify: Enable SSL verification (required: False, sensitive: False)
• api_key: Elasticsearch API Key (required: False, sensitive: True)
• username: Elasticsearch username (required: False, sensitive: False)
• password: Elasticsearch password (required: False, sensitive: True)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

• connect_to_server: The user can connect to the server (mandatory)

​

In workflows

This provider can be used in workflows.

As “step” to query data, example:

steps:
    - name: Query elastic
      provider: elastic
      config: "{{ provider.my_provider_name }}"
      with:
        query: {value}  # The body of the query
        index: {value}  # The index to search in

Check the following workflow examples:

• create_alerts_from_elastic.yml
• elastic_basic.yml
• elastic_enrich_example.yml

​

Connecting with the Provider

​

API Key

To obtain the Elastic API key, follow these steps:

1. Log in to your elastic.co account
2. Go to the “Elasticsearch Service” section
3. Click on the “API Key” button
4. Generate a new API Key

​

Cloud ID

To obtain the Elastic Cloud ID, follow these steps:

1. Log in to your elastic.co account
2. Go to the “Elasticsearch Service” section
3. Find the “Cloud ID” in the Overview page.