ELK

Prerequisites: Ensure you have access to your ELK stack and have the necessary permissions to create API keys.
Generating API Keys: In your ELK dashboard, navigate to the security settings and generate a new API key with read access to the logs you wish to search.
Configuring DrDroid: In the DrDroid dashboard, go to Integrations > Log Search > ELK Stack. Enter your ELK endpoint URL and the API key you generated.
Testing the Integration: Create a simple playbook in DrDroid to test fetching logs from your ELK stack. Verify that the logs are retrieved successfully.

Add a task in the playbook. Select the Elastic search query option from the options side menu
Configure the index, the query and the result count to execute the task.

On this page