Document toolboxDocument toolbox

Elasticsearch

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
3 min read
[ 1 Connect Elasticsearch with Devo SOAR ] [ 2 Actions for Elasticsearch ] [ 2.1 Run Query v2 ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 Insert Records ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 3 Release Notes ]

Elasticsearch is a search engine based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Connect Elasticsearch with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Elasticsearch.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Server URL: Enter server URL for Elasticsearch.

  9. Username: Enter Username for Elasticsearch.

  10. Password: Enter Password for Elasticsearch.

  11. After you've entered all the details, click Connect.

Actions for Elasticsearch

Run Query v2

Runs the query on Elasticsearch service.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Index Name

Select column that contains index name to run the ES query on.

Required

Query Type

Select Query Type Basic/Advanced.

Required

Jinja Template for Query

Template of the elastic search query.

 

Example:

 

 

Basic Query

 

 

title:"{{title_column}}" AND text:{{text_column}}

 

 

Advanced Query
{"query": { "multi_match" : { "query": "{{search_text}}", "fields": [ "subject", "message" ] }}} | Required | | Query Timeout | Query timeout in seconds (default is 30 seconds). | Optional | | Stored Fields | Select column that contains value for Stored Fields. | Optional | | Records Size | Enter Size for Elastic search records. (default is 10). | Optional |

Output

A JSON object containing multiple rows of correlated result:

  • has_error: True/False

  • error: message/null

  • other keys of Elasticsearch Query Results

Insert Records

Inserts records in an Elasticsearch index.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Select Index

Select column that contains the index name where the records are to be inserted.

Required

Jinja Template for Document

Enter jinja-templated document JSON.

 

Example:

 

 

`{

 

 

"fname": "{{firstname_col}}",

 

 

"lname": "{{lastname_col}}"

 

 

}`

Required

 

Batch Size

Enter a number of rows to process in one batch of the bulk insert. (Default is 100).

Optional

Output

A JSON object containing multiple rows of correlated result:

  • has_error: True/False

  • error: message/null

  • other keys of insert response per document returned by Elasticsearch.

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem