# Elasticsearch

## Overview

Elasticsearch has become the de facto standard open source logging database. Many users want to interact with data in Elasticsearch in their automation workflows. With this integration you get to explore the search API in Fylamynt.

## Use Cases

The integration between Fylamynt and Elasticsearch lets you:

* Use the search action - (Returns search hits that match the query defined in the request). You can provide search queries using the q [query string parameter](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html#search-api-query-params-q) or [request body](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-body.html).

## Configure Elasticsearch in Fylamynt

* Navigate to **Settings** > **Integrations** > **Elasticsearch**
* Configure a new integration instance

Details needed to set up **Elasticsearch instance** in **Fylamynt**:

<table data-header-hidden><thead><tr><th>Parameters</th><th width="318.3333333333333">Description</th><th>Required</th></tr></thead><tbody><tr><td><strong>Parameters</strong></td><td><strong>Description</strong></td><td><strong>Required</strong></td></tr><tr><td>API Key ID</td><td>Elastic search API key id</td><td>True</td></tr><tr><td>API Key Value</td><td>Elastic search API key value</td><td>True</td></tr><tr><td>Cloud ID</td><td>Unique Id to configure your client to work with your Elastic Cloud deployment</td><td>True</td></tr></tbody></table>

Follow the steps listed below in your **Elasticsearch Account** and get the desired parameters to enter in **Fylamynt**

* Login to your **Elasticsearch** cloud
* Open `Kibana` in your deployment that you want to integrate

![](/files/-MbJ7MeQmmW2Eo0nUhoS)

* In your left side navigation panel go to management section and click on `Dev Tools`

![](/files/-MbJ7PIGdYKMPT4jhwmP)

* Run the following query and copy the output

```
POST /_security/api_key
{
  "name": "fylamynt_api_key",
  "role_descriptors": {
    "role1": {
      "indices": [
        {
          "names": [
            "*"
          ],
          "privileges": [
            "read"
          ]
        }
      ]
    }
  }
}
```

* Output should look like something

```
{
  "id" : "mKPFnnkBVpgijiDOsaVo",
  "name" : "fylamynt_api_key",
  "api_key" : "TvgPfIY5RSeRKYCC9yF8XQ"
}
```

* Copy the `id` and paste it in `Elastic Search API key id` section and copy `api_key` and paste it in `Elastic search API key value`

## Integration Actions <a href="#integration-actions" id="integration-actions"></a>

You can add these actions in the Fylamynt workflow builder, as part of your workflow.

1. [Elasticsearch Search](#elasticsearch-search)

### Elasticsearch Search

Integration node to run Elasticsearch Search

**Input**

| **Parameter Name** | **Description**                                              | **Required** |
| ------------------ | ------------------------------------------------------------ | ------------ |
| alias              | AWS assume role alias                                        | True         |
| index              | Index name where query is to run                             | True         |
| query              | Search query                                                 | True         |
| offset             | Offset of query result                                       | False        |
| limit              | Limit of query result                                        | False        |
| timeout            | time in seconds to timeout the search query (Default: 300 s) | False        |
| s3\_bucket         | S3 bucket name where query and result would be stored        | False        |

**Output**

| **Parameter Name**    | **Type** | **Description**                                               |
| --------------------- | -------- | ------------------------------------------------------------- |
| execution\_status     | String   | Status of run (ie: S\_OK / E\_FAIL)                           |
| result                | String   | Query result                                                  |
| is\_result\_truncated | Boolean  | Boolean value which denotes if the result is truncated or not |
| result\_bucket\_key   | String   | Name of the file where result is written                      |
| s3\_bucket            | String   | Name of the bucket                                            |

**Note:**

* AWS SSM automation has restriction on size of response object (\~100 KB), so if query has a result greater than this value then truncated result would be returned and if **S3 Bucket Name** is provided then whole result would be written to the bucket.

**Action Example**

![](/files/-MbJ7FqyXjA830UgHvRz)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fylamynt.com/integrations/elasticsearch.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.