Elasticsearch Forwarding

To Generate API Key from Elasticsearch, please follow the instructions in this link.

Steps to Create Elasticsearch Forwarding

To forward your logs to Elasticsearch, begin by logging into Apica's website.

• Navigate to the Create tab and select the option for Forwarder.

• Next, choose Elasticsearch(HTTP event collector) from the available options; this will bring up a new form with fields such as API Token, Buffer Size, Index, etc. Fill out the required data in these fields and click Create.

Create Forwarder:

Copy

Apitoken:      <ELASTIC-API-KEY>
Buffer_size:   20000
Index:         <INDEX-NAME>
Password:      <PASSWORD>
Type:          _json
Urls:          <ELASTIC-ENDPOINT>
User:          <USERNAME>
Name:          Elasticsearch

• Next, head over to the Explore page and pick out a namespace you wish to forward your logs to Elasticsearch from.

• Click on the three dots icon located next to the calendar and opt for Map Forwarder; this will open a new modal which allows you to choose the newly created Elasticsearch forwarder schema (this can be identified via its Elasticsearch icon).

• Confirm your selection by clicking OK.

• A successful mapping is indicated by a popup showing that namespace-application pairs are connected with respective forwarders; additionally, you'll notice an updated Namespace Forwarder status in effect.

• Your logs are now being forwarded to Elasticsearch.

To help make the steps easier to understand, below are the screenshots illustrating each of the instructions given above.