Introduction
Elasticsearch is a powerful, open-source search and analytics engine designed for real-time data processing and scalable log management. It excels in indexing and querying large volumes of log data, enabling quick and efficient searches, aggregations, and visualizations.
When integrated with the OpsRamp platform, Elasticsearch enhances log collection and analysis by providing a robust, scalable solution for indexing and querying logs from various sources.This section provides instructions on integrating Elasticsearch application.
Configure custom integration
You can set up log configuration for Elasticsearch from the INGESTION tab.
To set up log configuration:
- Click Elasticsearch under default section.The LOG CONFIGURATION page is displayed.You can perform any of the following actions from the LOG CONFIGURATION page.
- Default Configuration - This page provides the predefined configurations that describe how logs are collected from various sources and subsequently analyzed for insights and patterns.
- +ADD - This page refers to the process of adding new settings or parameters to the default configuration based on requirements or preferences.
Default Configuration
- Select Default Configuration to make the changes to the default template.You can make changes to the template by providing values against the data provided in the template.
elasticsearch:
type:
source:
include:
exclude:
parser_type:
regex:
multiline:
line_start_pattern:
timestamp:
layout_type:
layout:
resource_attributes:
elasticsearch_json:
type:
source:
include:
parser_type:
multiline:
line_start_pattern:
custom_formatting:
timestamp:
layout_type:
layout:
elasticsearch_gc:
type:
source:
include:
parser_type:
regex:
multiline:
line_start_pattern:
timestamp:
layout_type:
layout:
See Default configuration attributes explained for detailed information on the supported attributes.
- By default, the Enable Configuration checkbox is checked. If you want to disable the log ingestion for the app, you can uncheck the Enable Configuration checkbox.
- Click SAVE once you have made the changes.The data is now saved, and logs will be ingested based on the configuration settings.
Add Configuration
- In the Add Custom Configuration page:
- Enter the name for the configuration.
- Select the priority value from the Priority field. The priorities are assigned with a numerical value, the configuration with the highest value will be considered first.
- To assign resources to the log configuration, click FILTER.The RESOURCES page is displayed.
- You can filter the resources using LOGQL attributes. Once you select the resources, click DONE.
- You can make changes to the template under LOG CONFIGURATION YAML by providing values against the data provided in the template.Note: See Default configuration for more details on the available configuration attributes.
- Click SAVE.The new log configurations have been added and will be displayed on the LOG CONFIGURATIONS page.