Name

Unique name of the resource. Maximum length of the name: 128 Unicode characters.

Required setting.

Tenant

The name of the tenant that owns the resource.

Required setting.

Type

Connector type. You need to select elastic.

Required setting.

URL

URL of the Elasticsearch server.

Required setting.

Elastic credentials

Secret that stores the credentials for connecting to the Elasticsearch server.

Elastic fingerprint

Secret that stores secrets of the 'fingerprint' type for connecting to the Elasticsearch server and secrets of the 'certificate' type for using a CA certificate.

Index

Name of the index in Elasticsearch.

Required setting.

Query

Elasticsearch query. We recommend specifying the size parameter in the query to prevent performance problems with KUMA and Elasticsearch, as well as the sort parameter for the sorting order.

The following values are possible for the sort parameter in the query: asc, desc, or a custom sorting order by specific fields in accordance with the Elasticsearch syntax. To sort by a specific field, we recommend also specifying the "missing" : "_first" parameter next to the "order" parameter to prevent errors in cases when this field is absent in any document. For example, "sort": { "DestinationDnsDomain.keyword": {"order": "desc", "missing" : "_first" } }. For more details on sorting, please refer to the Elasticsearch documentation.

Query example:

"query" : { "match_all" : {} }, "size" : 25, "sort": {"_doc" : "asc"}

Required setting.

Poll interval, sec

Interval between queries to the Elasticsearch server in seconds if the previous query did not return any events. If Elasticsearch contained events at the time of the request, the connector will receive events until all available events have been received from Elasticsearch.

Description

Description of the resource. Maximum length of the description: 4000 Unicode characters.

Character encoding

Character encoding. The default value is UTF-8.

Debug

Resource logging. The toggle switch is turned off by default.