Elasticsearch

Connecting Hawkeye to your Elasticsearch instance allows us to collect telemetry data related to search queries, index performance, and cluster health. This connection helps monitor Elasticsearch activity and enables insights on data interactions in real time.

To integrate, you will authenticate using an Elasticsearch API key, which provides Hawkeye the necessary permissions to access your Elasticsearch data.

Note

For each step, we’ve created a short demo walkthrough and a step-by-step guide. You can check out the demo for a visual guide to setting up your Elasticsearch connection!

Step 1: Generate an Elasticsearch API Key

Start by creating an API key in your Elasticsearch cluster for Hawkeye to access the necessary data.

1. Access Elasticsearch Security Settings: Log in to your Elasticsearch instance, navigate to your deployment and click on Open Kibana.

   

   On Kibana, navigate to the Management section.

   

2. Navigate to API Keys: Under the Security settings, click on API Keys > Create API key button.

   

3. Create a New API Key:

   • Provide a name for the API key.

     

   • Additionally, select the type of API key, and select read-only as the type of control security privilege.

4. Copy the API Key: Once generated, copy the API key. You won’t be able to view it again after navigating away from the screen, so store it securely.

   

Step 2: Add Elasticsearch Connection to Hawkeye

Now that you have your Elasticsearch API key, you can configure the connection in Hawkeye.

1. Navigate to the Connections Tab: In the Hawkeye dashboard, go to the Connections section and click on New Connection.

   

2. Select Elasticsearch: From the list of available integrations, choose Elasticsearch.

   Then, click Next at the top right corner.

3. Enter Credentials: Provide the following information:

   • Name: A name for the connection.

   • Description: Enter a description for this integration.

   • API Key: Paste the API key you generated in Step 1.

   • Unique ID Key (optional): If your organization uses a unique ID key for tracking, enter it here. It isn’t required for the connection but is useful for organization-specific audits.

   • Elasticsearch URL: Enter your Elasticsearch instance’s URL in this format: https://<your-elasticsearch-domain>/_api/<endpoint>.

   • Cloud ID: If you are using Elastic Cloud, enter the Cloud ID.

     See the image below for most of the credentials above:

     

4. Verify Connection: After saving, Hawkeye will attempt to verify the connection. Once verified, the Elasticsearch connection card will be visible on your dashboard.