TELEMETRY PIPELINE
Elasticsearch

Elasticsearch destination plugin

The Elasticsearch destination plugin lets you configure Chronosphere Telemetry Pipeline to store, search, and visualize your data using Elasticsearch's indexing and querying capabilities.

Supported telemetry types

This plugin supports these telemetry types:

LogsMetricsTraces

Configuration parameters

Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.

Required

NameKeyDescriptionDefault
HosthostRequired. IP address or hostname of the target Elasticsearch instance.127.0.0.1
PortportRequired. TCP port of the target Elasticsearch instance.9200
IndexindexRequired. Index name.calyptia-core
Logstash Formatlogstash_formatEnables Logstash format compatibility. Accepted values: true, false.false

Security and TLS

NameKeyDescriptionDefault
TLStlsEnables or disables TLS/SSL support. Accepted values: true, false.false
TLS Certificate Validationtls.verifyEnables or disables TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: off, on.on
TLS Debug Leveltls.debugSets TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).1
CA Certificate File Pathtls.ca_fileAbsolute path to CA certificate file.none
Certificate File Pathtls.crt_fileAbsolute path to certificate file.none
Private Key File Pathtls.key_fileAbsolute path to private key file.none
Private Key Path Passwordtls.key_passwdPassword for private key file.none
TLS SNI Hostname Extensiontls.vhostHostname to be used for TLS SNI extension.none

Advanced

NameKeyDescriptionDefault
Replace Dotsreplace_dotsWhen enabled, replaces field name dots with underscore, required by versions of Elasticsearch. Accepted values: true, false.false
TypetypeRequired. Type Name._doc
Suppress Type Namesuppress_type_nameIf true, mapping types are removed. For v7.0.0 or later. Accepted values: true, false.false
Buffer Sizebuffer_sizeSpecifies the buffer size used to read the response from the Elasticsearch HTTP service. Use this option for debugging purposes where it's required to read full responses. Response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to false, otherwise the value must be according to the Unit Size specification.512k
PathpathElasticsearch accepts new data on HTTP query path /_bulk. It's also possible to serve Elasticsearch behind a reverse proxy on a sub path. This option defines such path on the Telemetry Pipeline side. It adds only a path prefix in the indexing HTTP POST URI.none
PipelinepipelineNewer versions of Elasticsearch allows to setup filters called pipelines. This option allows to define which pipeline the database should use. For performance reasons is strongly suggested to do parsing and filtering on Telemetry Pipeline side.none
Generate IDgenerate_idWhen enabled, generates _id for outgoing records. This prevents duplicate records when retrying ES. Accepted values: true, false.false
Write Operationwrite_operationOperation to use to write in bulk requests.create
ID Keyid_keyIf set, _id is the value of the key from incoming record.none
Replace Dotscurrent_time_indexUses current time for index generation instead of message record. Accepted values: true, false.false
Logstash Prefixlogstash_prefixWhen logstash_format is enabled, the Index name is composed using a prefix and the date. For example, if logstash_prefix is equal to mydata, your index becomes mydata-YYYY.MM.DD. The last string appended belongs to the date when the data is being generated.none
Logstash Prefix Keylogstash_prefix_keyWhen included, the value in the record that belongs to the key will be looked up and over-write the logstash_prefix for index generation. If the key/value isn't found in the record, the logstash_prefix option acts as a fallback. Nested keys are supported through record accessor pattern.none
Logstash Date Formatlogstash_dateformatTime format (based on strftime) to generate the second part of the Index name.%Y.%m.%d
Time Keytime_keyWhen logstash_format is enabled, each record will get a new timestamp field. The time_key property defines the name of that field.@timestamp
Time Key Formattime_key_formatWhen logstash_format is enabled, this property defines the format of the timestamp.none
Time Key Nanostime_key_nanosWhen logstash_format is enabled, enabling this property sends nanosecond precision timestamps. Accepted values: true, false.false
Include Tag Keyinclude_tag_keyWhen enabled, it append the Tag name to the record. Accepted values: true, false.false
Tag Keytag_keyWhen include_tag_key is enabled, this property defines the key name of the tag in the message.flb-key

Basic Authentication

NameKeyDescriptionDefault
HTTP Usernamehttp_userBasic auth username.none
HTTP Passwordhttp_passwdBasic auth password. Requires http_user to be set.none

AWS Authentication

NameKeyDescriptionDefault
Enable AWS Authenticationaws_authEnable AWS Sigv4 Authentication. Accepted values: true, false.false
AWS Regionaws_regionAWS Region of your service.none
AWS STS Endpointaws_sts_endpointCustom endpoint for the AWS STS API, used with the aws_role_arn option.none
AWS IAM Assume Roleaws_role_arnARN of an IAM role to assume, For example, for cross-account access.none
AWS External IDaws_external_idSpecifies an external ID for the STS API, can be used with the aws_role_arn parameter if your role requires an external ID.none

Elastic Cloud Authentication

NameKeyDescriptionDefault
Elastic Cloud IDcloud_idElastic Cloud ID of the cluster to connect to.none
Elastic Cloud Authentication Credentialscloud_authElastic Cloud authentication credentials.none

Advanced Networking

NameKeyDescriptionDefault
DNS Modenet.dns.modeSelects the primary DNS connection type, which can be TCP or UDP.none
DNS Resolvernet.dns.resolverSelects the primary DNS connection type, which can be LEGACY or ASYNC.none
Prefer IPv4net.dns.prefer_ipv4Prioritizes IPv4 DNS results when trying to establish a connection. Accepted values: true, false.false
Keepalivenet.keepaliveEnables or disables Keepalive support. Accepted values: true, false.true
Keepalive Idle Timeoutnet.keepalive_idle_timeoutSets the maximum time allowed for an idle Keepalive connection.30s
Max Connect Timeoutnet.connect_timeoutSets the maximum time allowed to establish a connection, which includes the TLS handshake.10s
Max Connect Timeout Log Errornet.connect_timeout_log_errorSpecifies whether to log an error on connection timeout. When disabled, the timeout is logged as a debug message. Accepted values: true, false.true
Max Keepalive Recyclenet.keepalive_max_recycleSets the maximum number of times a keepalive connection can be used before it's retired.2000
Source Addressnet.source_addressSpecifies the network address to bind for data traffic.none

Debugging

NameKeyDescriptionDefault
Trace OutputWhen enabled, print the Elasticsearch API calls to stdout. For diagnostics only. Accepted values: true, false.false
Trace ErrorWhen enabled, print the Elasticsearch exception to stderr. For diagnostics only. Accepted values: true, false.false