NewESSource.md

Adding a new Elasticsearch source

To add a new Elasticsearch source to 411, add a new block to $config['es'] in config.php.

Example block:

$config['es'] = [
    ...
    'things' => [
        'hosts' => ['http://localhost:9200'],
        'index_hosts' => [],
        'ssl_cert' => null,
        'index' => null,
        'date_based' => true,
        'date_field' => '@timestamp',
        'src_url' => null,
    ],
];

Fields

• hosts: A list of hosts in your ES cluster to query. You can pass HTTP Basic auth credentials via the URL.
• index_hosts: A list of hosts in your ES cluster to create documents on. If empty, defaults to hosts.
• ssl_cert: The full path to the ssl certificate of the server (if using self signed certs).
• index: The index to query. If null, will query all indices.
• date_based: Whether the indices are date based.
• date_field: The field to use for date based queries. If null, this is ignored.
• src_url: A link to display the data (Kibana, as an example).