Versions Compared

Old Version 1

changes.mady.by.user Jonas Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Jonas Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Elasticsearch is a search engine based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Connect Elasticsearch with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Elasticsearch.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Server URL: Enter server URL for Elasticsearch.

  9. Username: Enter Username for Elasticsearch.

  10. Password: Enter Password for Elasticsearch.

  11. After you've entered all the details, click Connect.

Actions for Elasticsearch

Run Query v2

Runs the query on Elasticsearch service.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

...

Advanced Query
{"query": { "multi_match" : { "query": "{{search_text}}", "fields": [ "subject", "message" ] }}} | Required | | Query Timeout | Query timeout in seconds (default is 30 seconds). | Optional | | Stored Fields | Select column that contains value for Stored Fields. | Optional | | Records Size | Enter Size for Elastic search records. (default is 10). | Optional |

Output

A JSON object containing multiple rows of correlated result:

  • has_error: True/False

  • error: message/null

  • other keys of Elasticsearch Query Results

...

Insert Records

Inserts records in an Elasticsearch index.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Select Index

Select column that contains the index name where the records are to be inserted.

Required

Jinja Template for Document

Enter jinja-templated document JSON.

Example:

`{

"fname": "{{firstname_col}}",

"lname": "{{lastname_col}}"

}`

Required

Batch Size

Enter a number of rows to process in one batch of the bulk insert. (Default is 100).

Optional

Output

A JSON object containing multiple rows of correlated result:

  • has_error: True/False

  • error: message/null

  • other keys of insert response per document returned by Elasticsearch.

...

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

...