Elastic Cloud

To add an Elasticsearch destination to Axoflow, complete the following steps.

Prerequisites

Steps

  1. Create a new destination.

    1. Open the Axoflow Console.
    2. Select Topology.
    3. Select + > Destination.
  2. Configure the destination.

    1. Select Elasticsearch.

    2. Enter a name for the destination.

      Configure the Elasticsearch destination

    3. Enter your Elasticsearch URL into the URL field, for example, http://my-elastic-server:9200/_bulk

    4. Enter the type of the Elasticsearch index where you want to send your data, into the Type field.

    5. Enter the expression that specifies the Elasticsearch index to use into the Index field, for example: test-${YEAR}${MONTH}${DAY}.

      You can use AxoSyslog macros in this field.

    6. Enter the name and password for the account you want to use.

    7. (Optional)

      By default, Axoflow rejects connections to the destination server if the certificate of the server is invalid (for example, it’s expired, signed by an unknown CA, or its CN and the name of the server is mismatched).

      If you want to accept invalid certificates (or no certificate) from the destination servers, disable the Verify server certificate option.

    8. Select Create.

  3. Create a flow to connect the new destination to an AxoRouter instance.
    1. Select Flows.

    2. Select Create New Flow.

    3. Enter a name for the flow, for example, my-test-flow.

      Create a flow

    4. In the Router Selector field, enter an expression that matches the router(s) you want to apply the flow. To select a specific router, use a name selector, for example, name = my-axorouter-hostname.

    5. Select the Destination where you want to send your data. If you don’t have any destination configured, see Destinations.

    6. (Optional) To process the data transferred in the flow, select Add New Processing Step. For details, see Processing steps. For example:

      1. Add a Reduce step to automatically remove redundant and empty fields from your data.
      2. To select which messages are processed by the flow, add a Select Messages step, and enter a filter into the Query field. For example, to select only the messages received from Fortinet Fortigate firewalls, use the meta.vendor = fortinet + meta.product = fortigate query.
      3. Save the processing steps.

      Example processing steps

    7. Select Create.

    8. The new flow appears in the Flows list.

      The new flow