Elasticsearch destination plugin
The Elasticsearch destination plugin lets you configure Chronosphere Telemetry Pipeline to store, search, and visualize your data using Elasticsearch's indexing and querying capabilities.
Supported telemetry types
This plugin supports these telemetry types:
| Logs | Metrics | Traces |
|---|---|---|
Configuration parameters
Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.
Required
| Name | Key | Description | Default |
|---|---|---|---|
| Host | host | Required. IP address or hostname of the target Elasticsearch instance. | 127.0.0.1 |
| Port | port | Required. TCP port of the target Elasticsearch instance. | 9200 |
| Index | index | Required. Index name. | calyptia-core |
| Logstash Format | logstash_format | Enable Logstash format compatibility. Accepted values: true, false. | false |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enable or disable TLS/SSL support. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | Enable or disable TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: off, on. | on |
| TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Password for private key file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| Replace Dots | replace_dots | When enabled, replace field name dots with underscore, required by versions of Elasticsearch. Accepted values: true, false. | false |
| Type | type | Required. Type Name. | _doc |
| Suppress Type Name | suppress_type_name | If true, mapping types are removed. For v7.0.0 or later. Accepted values: true, false. | false |
| Buffer Size | buffer_size | Specify the buffer size used to read the response from the Elasticsearch HTTP service. Use this option for debugging purposes where it's required to read full responses. Response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to false, otherwise the value must be according to the Unit Size specification. | 512k |
| Path | path | Elasticsearch accepts new data on HTTP query path /_bulk. It's also possible to serve Elasticsearch behind a reverse proxy on a sub path. This option defines such path on the Telemetry Pipeline side. It adds only a path prefix in the indexing HTTP POST URI. | none |
| Pipeline | pipeline | Newer versions of Elasticsearch allows to setup filters called pipelines. This option allows to define which pipeline the database should use. For performance reasons is strongly suggested to do parsing and filtering on Telemetry Pipeline side. | none |
| Generate ID | generate_id | When enabled, generate _id for outgoing records. This prevents duplicate records when retrying ES. Accepted values: true, false. | false |
| Write Operation | write_operation | Operation to use to write in bulk requests. | create |
| ID Key | id_key | If set, _id is the value of the key from incoming record. | none |
| Replace Dots | current_time_index | Use current time for index generation instead of message record. Accepted values: true, false. | false |
| Logstash Prefix | logstash_prefix | When logstash_format is enabled, the Index name is composed using a prefix and the date. For example, if logstash_prefix is equal to mydata, your index becomes mydata-YYYY.MM.DD. The last string appended belongs to the date when the data is being generated. | none |
| Logstash Prefix Key | logstash_prefix_key | When included, the value in the record that belongs to the key will be looked up and over-write the logstash_prefix for index generation. If the key/value isn't found in the record, the logstash_prefix option acts as a fallback. Nested keys are supported through record accessor pattern. | none |
| Logstash Date Format | logstash_dateformat | Time format (based on strftime) to generate the second part of the Index name. | %Y.%m.%d |
| Time Key | time_key | When logstash_format is enabled, each record will get a new timestamp field. The time_key property defines the name of that field. | @timestamp |
| Time Key Format | time_key_format | When logstash_format is enabled, this property defines the format of the timestamp. | none |
| Time Key Nanos | time_key_nanos | When logstash_format is enabled, enabling this property sends nanosecond precision timestamps. Accepted values: true, false. | false |
| Include Tag Key | include_tag_key | When enabled, it append the Tag name to the record. Accepted values: true, false. | false |
| Tag Key | tag_key | When include_tag_key is enabled, this property defines the key name of the tag in the message. | flb-key |
Basic Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| HTTP Username | http_user | Basic auth username. | none |
| HTTP Password | http_passwd | Basic auth password. Requires http_user to be set. | none |
AWS Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| Enable AWS Authentication | aws_auth | Enable AWS Sigv4 Authentication. Accepted values: true, false. | false |
| AWS Region | aws_region | AWS Region of your service. | none |
| AWS STS Endpoint | aws_sts_endpoint | Custom endpoint for the AWS STS API, used with the aws_role_arn option. | none |
| AWS IAM Assume Role | aws_role_arn | ARN of an IAM role to assume, For example, for cross-account access. | none |
| AWS External ID | aws_external_id | Specify an external ID for the STS API, can be used with the aws_role_arn parameter if your role requires an external ID. | none |
Elastic Cloud Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| Elastic Cloud ID | cloud_id | Elastic Cloud ID of the cluster to connect to. | none |
| Elastic Cloud Authentication Credentials | cloud_auth | Elastic Cloud authentication credentials. | none |
Advanced Networking
| Name | Key | Description | Default |
|---|---|---|---|
| DNS Mode | net.dns.mode | Select the primary DNS connection type, which can be TCP or UDP. | none |
| DNS Resolver | net.dns.resolver | Select the primary DNS connection type, which can be LEGACY or ASYNC. | none |
| Prefer IPv4 | net.dns.prefer_ipv4 | Prioritize IPv4 DNS results when trying to establish a connection. Accepted values: true, false. | false |
| Keepalive | net.keepalive | Enable or disable Keepalive support. Accepted values: true, false. | true |
| Keepalive Idle Timeout | net.keepalive_idle_timeout | Set maximum time allowed for an idle Keepalive connection. | 30s |
| Max Connect Timeout | net.connect_timeout | Set maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
| Max Connect Timeout Log Error | net.connect_timeout_log_error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message. Accepted values: true, false. | true |
| Max Keepalive Recycle | net.keepalive_max_recycle | Set maximum number of times a keepalive connection can be used before it's retired. | 2000 |
| Source Address | net.source_address | Specify network address to bind for data traffic. | none |
Debugging
| Name | Key | Description | Default |
|---|---|---|---|
| Trace Output | When enabled, print the Elasticsearch API calls to stdout. For diagnostics only. Accepted values: true, false. | false | |
| Trace Error | When enabled, print the Elasticsearch exception to stderr. For diagnostics only. Accepted values: true, false. | false |