Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Elasticsearch (Legacy)

Description

The Elasticsearch (Legacy) Destination configures the Elasticsearch exporter to send telemetry data (logs, metric, traces) to Elastic for ingestion. If your Elastic deployment has the APM Server Integration, using the Elasticsearch (OTLP) Destination is recommended as described below.

Supported Types

MetricsLogsTraces

Elasticsearch Exporter vs OTLP Exporter

note

Per Elastic Documentation:

"When using the OpenTelemetry Collector, you should always prefer sending data via the OTLP exporter to an Elastic APM Server. Other methods, like using the elasticsearch exporter to send data directly to Elasticsearch will send data to the Elastic Stack, but will bypass all of the validation and data processing that the APM Server performs. In addition, your data will not be viewable in the Kibana Observability apps if you use the elasticsearch exporter."

Configuration Table

ParameterTypeDefaultDescription
telemetry_typestelemetrySelectorLogs, TracesSpecifies which types of telemetry to export to Elasticsearch.
enable_elastic_cloudboolfalseWhether or not to enable support for Elastic Cloud.
endpointsstringsList of Elasticsearch URLs. e.g https://elastic.corp.net:9200.
cloudidstringThe ID of the Elastic Cloud Cluster to publish events to. The cloudid can be used instead of endpoints.
logs_indexstringlogs-generic-defaultThe index or datastream name to publish logs to.
traces_indexstringtraces-generic-defaultThe index or datastream name to publish traces to.
pipelinestringOptional Ingest Node pipeline ID used for processing documents published by the exporter.
enable_authboolfalseWhether or not to enable authentication.
auth_typeenumbasicAuthentication Type to use. Options include "basic" and "apikey".
userstringUsername used for HTTP Basic Authentication.
passwordstringPassword used for HTTP Basic Authentication.
api_keystringAuthorization API Key.
configure_tlsboolfalseConfigure advanced TLS settings.
insecure_skip_verifyboolfalseEnable to skip TLS certificate verification.
ca_filestringCertificate authority used to validate the database server's TLS certificate.
mutual_tlsboolfalseWhether or not to use mutual TLS authentication.
cert_filestringA TLS certificate used for client authentication if mutual TLS is enabled.
key_filestringA TLS private key used for client authentication if mutual TLS is enabled.
retry_on_failure_enabledbooltrueAttempt to resend telemetry data that has failed to be transmitted to the destination.
num_workersint0The number of workers publishing bulk requests concurrently. If 0, it defaults to the number of CPU cores.

Supported Retry and Queuing Settings

This destination supports the following retry and queuing settings:

Sending QueuePersistent QueueRetry on Failure
*

* This destination only partially supports Retry on Failure; See the above configuration table for specific configuration for this destination type.

Example Configuration

Web Interface

observIQ docs - Elasticsearch Destination - image 1