Connector, elastic type

Kaspersky Unified Monitoring and Analysis Platform

Support Send link Get as PDF

User guide > KUMA resources > Connectors > Connector settings > Connector, elastic type

Connector, elastic type

Connectors of the elastic type are used for getting Elasticsearch data. Elasticsearch version 7.0.0 is supported. Settings for a connector of the elastic type are described in the following tables.

Basic settings tab

Setting	Description
Name	Unique name of the resource. The maximum length of the name is 128 Unicode characters. Required setting.
Tenant	The name of the tenant that owns the resource. Required setting.
Type	Connector type: elastic. Required setting.
Connection	Elasticsearch server connection settings: URL is the URL of the Elasticsearch server. You can add multiple URLs or remove an URL. To add an URL, click the + Add button. To remove an URL, click the delete icon next to it. Required setting. Index is the name of the index in Elasticsearch. Required setting. Query is the Elasticsearch query. We recommend specifying the `size` parameter in the query to prevent performance problems with KUMA and Elasticsearch, as well as the `sort` parameter for the sorting order. The following values are possible for the `sort` parameter in the query: `asc`, `desc`, or a custom sorting order by specific fields in accordance with the Elasticsearch syntax. To sort by a specific field, we recommend also specifying the `"missing" : "_first"` parameter next to the `"order"` parameter to prevent errors in cases when this field is absent in any document. For example, `"sort": { "DestinationDnsDomain.keyword": {"order": "desc", "missing" : "_first" } }`. For more details on sorting, please refer to the Elasticsearch documentation. Query example: `"query" : { "match_all" : {} }, "size" : 25, "sort": {"_doc" : "asc"}` Required setting. Elastic credentials is the secret that stores the credentials for connecting to the Elasticsearch server. You can select an existing secret or create a new secret. To create a new secret, select Create new. If you want to edit the settings of an existing secret, click the pencil icon next to it. How to create a secret? To create a secret: In the Name field, enter the name of the secret. In the User and Password fields, enter the credentials of the user account that the Agent will use to connect to the connector. If necessary, enter a description of the secret in the Description field. Click the Create button. The secret is added and displayed in the Secret drop-down list. Elastic fingerprint is the secret that stores secrets of the 'fingerprint' type for connecting to the Elasticsearch server and secrets of the 'certificate' type for using a CA certificate. You can select an existing secret or create a new secret. To create a new secret, select Create new. If you want to edit the settings of an existing secret, click the pencil icon next to it. Poll interval, sec is the interval between queries to the Elasticsearch server in seconds if the previous query did not return any events. If Elasticsearch contained events at the time of the request, the connector will receive events until all available events have been received from Elasticsearch. You can add multiple connections to an Elasticsearch server resources or delete an Elasticsearch server connection. To add an Elasticsearch server connection, click the + Add connection button. To delete an Elasticsearch server connection, click the delete icon next to the Elasticsearch server.
Description	Description of the resource. The maximum length of the description is 4000 Unicode characters.

Advanced settings tab

Setting	Description
Debug	The switch enables resource logging. The toggle switch is turned off by default.
Character encoding	Character encoding. The default is UTF-8.

Article ID: 273544, Last review: Apr 23, 2025

Page top