Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Elasticsearch (OTLP)

Description

The Elasticsearch (OTLP) Destination configures an OTLP Exporter to send telemetry data (logs, metric, traces) to Elastic for ingestion. The OTLP gRPC Exporter is used for Self-Managed Elastic instances, and the OTLP/HTTP Exporter is used for Elastic Cloud instances.

Supported Types

LogsMetricsTracesBindPlane Agent
v1.36.0+

Elasticsearch Exporter vs OTLP Exporter

note

Per Elastic Documentation:

"When using the OpenTelemetry Collector, you should always prefer sending data via the OTLP exporter to an Elastic APM Server. Other methods, like using the elasticsearch exporter to send data directly to Elasticsearch will send data to the Elastic Stack, but will bypass all of the validation and data processing that the APM Server performs. In addition, your data will not be viewable in the Kibana Observability apps if you use the elasticsearch exporter."

How to Find Your APM Server URL and Secret Token

Elastic Cloud

  • Navigate to your Elastic deployment.
  • Navigate to Management > Fleet > Agent Policies (Search for agent policies).
  • Select the Agent Policy you wish to configure your agent for. If none exist, one must be created.
  • Under the integrations tab, there should be a row titled Elastic APM. On the far right of this row is a menu of actions. Select the action Edit Integration.
  • Your Server URL is listed under General > Server Configuration > URL.
  • Your Secret Token is listed under Agent Authorization > Secret token and can be configured if desired.

Self-Managed

For Kubernetes hosted Elastic, reference the Elastic docs: Connect to the APM Server

Configuration Table

ParameterTypeDefaultDescription
telemetry_typestelemetrySelectorLogs, Metrics, TracesSpecifies which types of telemetry to export to Elasticsearch.
deployment_typeenumElastic CloudThe deployment model of your elastic instance. Either Elastic Cloud or Self-Managed. Used to determine whether the http or gRPC protocol will be used, respectively.
server_urlstringThe URL of your Elastic APM Server. Telemetry will be sent to server_url/v1/logs, server_url/v1/metrics, server_url/v1/traces respectively. Only relevant for Elastic Cloud instances.
hostnamestringThe hostname or IP address of your Elastic APM Server. Only relevant for Self-Managed Elastic instances.
grpc_portint8200TCP port to which the exporter is going to send OTLP data. Only relevant for Self-Managed Elastic instances.
secret_tokenstringThe Secret Token for agents to authenticate with your Elastic APM Server.
enable_tlsbooltrueEnable advanced TLS settings. Only relevant for Self-Managed Elastic. Elastic Cloud instances always use TLS with TLS Verification enabled.
insecure_skip_verifyboolfalseEnable to skip TLS certificate verification.
ca_filestringCertificate authority used to validate the database server's TLS certificate.
tls_server_name_overridestringOptional virtual hostname. Indicates the name of the server requested by the client. This option is generally not required.
mutual_tlsboolfalseWhether or not to use mutual TLS authentication.
cert_filestringA TLS certificate used for client authentication if mutual TLS is enabled.
key_filestringA TLS private key used for client authentication if mutual TLS is enabled.
compressionenumgzipCompression algorithm to use when sending data to the OTLP server. Must be one of none, gzip, and zlib.
headersmap{}Additional headers to attach to each request.

Supported Retry and Queuing Settings

This destination supports the following retry and queuing settings:

Sending QueuePersistent QueueRetry on Failure

Example Configuration

Web Interface

observIQ docs - Elasticsearch (OTLP) Destination - image 1