Elasticsearch

Use the integration to gain visibility from logging or APM Elastic platform.

Overview

Elasticsearch has become the de facto standard open source logging database. Many users want to interact with data in Elasticsearch in their automation workflows. With this integration you get to explore the search API in Fylamynt.

Use Cases

The integration between Fylamynt and Elasticsearch lets you:

  • Use the search action - (Returns search hits that match the query defined in the request). You can provide search queries using the q query string parameter or request body.

Configure Elasticsearch in Fylamynt

  • Navigate to Settings > Integrations > Elasticsearch

  • Click Add integration to create and configure a new integration instance

Details needed to set up Elasticsearch instance in Fylamynt:

Parameters

Description

Required

API Key ID

Elastic search API key id

True

API Key Value

Elastic search API key value

True

Cloud ID

Unique Id to configure your client to work with your Elastic Cloud deployment

True

Follow the steps listed below in your Elasticsearch Account and get the desired parameters to enter in Fylamynt

  • Login to your Elasticsearch cloud

  • Open Kibana in your deployment that you want to integrate

  • In your left side navigation panel go to management section and click on Dev Tools

  • Run the following query and copy the output

POST /_security/api_key
{
"name": "fylamynt_api_key",
"role_descriptors": {
"role1": {
"indices": [
{
"names": [
"*"
],
"privileges": [
"read"
]
}
]
}
}
}
  • Output should look like something

{
"id" : "mKPFnnkBVpgijiDOsaVo",
"name" : "fylamynt_api_key",
"api_key" : "TvgPfIY5RSeRKYCC9yF8XQ"
}
  • Copy the id and paste it in Elastic Search API key id section and copy api_key and paste it in Elastic search API key value

Integration Actions

You can add these actions in Fylamynt workflow builder, as part of your workflow.

Integration node to run Elasticsearch Search

Input

Parameter Name

Description

Required

alias

AWS assume role alias

True

index

Index name where query is to run

True

query

Search query

True

offset

Offset of query result

False

limit

Limit of query result

False

timeout

time in seconds to timeout the search query (Default: 300 s)

False

s3_bucket

S3 bucket name where query and result would be stored

False

Output

Parameter Name

Type

Description

execution_status

String

Status of run (ie: S_OK / E_FAIL)

result

String

Query result

is_result_truncated

Boolean

Boolean value which denotes if the result is truncated or not

result_bucket_key

String

Name of the file where result is written

s3_bucket

String

Name of the bucket

Note:

  • AWS SSM automation has restriction on size of response object (~100 KB), so if query has a result greater than this value then truncated result would be returned and if S3 Bucket Name is provided then whole result would be written to the bucket.

Action Example