Setup Requirements

Data Collection Setup

External Network Access needs to be setup for the RESTful API Port. Depending on your deployment, this API maybe set for local access only. For Further information see:
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

Enabling External Network Access

In the /etc/elasticsearch/elasticsearch.yml set the network.host: to _site_

network.host: _site_

Network Requirements

Port: 9200 (TCP) Default Port
This is configurable for 9200-9300

Least Privilege User

By default Elasticsearch does not have Authentication supported. When using X-Pack use the elastic user security principle.

Supported Versions

Elasticsearch Versions: 5.x, 6.x, 7.x

Connection Parameters

NameRequired?Description
HostRequiredThe Elasticsearch Node to connect to.
PortThe port for communication to Elasticsearch.
UsernameThe username for authenticating to the Elasticsearch Node.
PasswordThe password for the given user.
SSL ConfigurationThe SSL mode to use when connecting to the target. Can be configured to not use SSL (No SSL), use SSL but do not verify the target's certificate (No Verify), and use SSL and verify the target's certificate (Verify).
Connection TimeoutThe timeout in seconds for an API call.