ELK

​

ELK Stack

1. Prerequisites: Ensure you have access to your ELK stack and have the necessary permissions to create API keys.
2. Generating API Keys: In your ELK dashboard, navigate to the security settings and generate a new API key with read access to the logs you wish to search.
3. Configuring DrDroid: In the DrDroid dashboard, go to Integrations > Log Search > ELK Stack. Enter your ELK endpoint URL and the API key you generated.
4. Testing the Integration: Create a simple playbook in DrDroid to test fetching logs from your ELK stack. Verify that the logs are retrieved successfully.

​

How to Query

1. Add a task in the playbook. Select the Elastic search query option from the options side menu
2. Configure the index, the query and the result count to execute the task.