Forwarding to Elasticsearch
Elasticsearch is a distributed, RESTful search and analytics engine at the heart of the Elastic Stack. Sysdig provides event forwarding to Elasticsearch and has been tested with:
- Elasticsearch 6.8
- Opensearch 1.2.x
For more information, see How to Ingest Data Into Elasticsearch Service
Event forwards originate from region-specific IPs. For the full list of outbound IPs by region, see SaaS Regions and IP Ranges. Update your firewall and allow inbound requests from these IP addresses to enable Sysdig to handle event forwarding.
You must have an instance of Elasticsearch running and permissions to access it.
Configure Event Forwarding Integration with Elasticsearch
Log in to Sysdig Secure as
Settingsmodule, navigate to the
Elasticsearchfrom the drop-down menu.
Configure the required options:
Integration Name: Define an integration name.
Endpoint: Enter the specific Elasticsearch instance where the data will be saved. For ELK Stack, ES Cloud and ES Cloud Enterprise, the endpoint can be found under the Deployments page:
Index Name: Name of the index under which the data will be stored. See also: https://www.elastic.co/blog/what-is-an-elasticsearch-index
Authentication: Basic authentication is the most common format (
username:password). The given user must have write privileges in Elasticsearch; you can query the available users.
Data to Send: Select from the drop-down the types of Sysdig data that should be forwarded. The available list depends on the Sysidg features and products you have enabled.
Allow insecure connections: Used to skip certificate validations when using HTTPS
Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
- Click the
Savebutton to save the integration.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.