Configure Elasticsearch integration

To integrate Elasticsearch with SolarWinds Observability:

1. In SolarWinds Observability, click Add Data at the top.

2. In the Add Data dialog, click Integration, and then click Elasticsearch.

3. In the Add Elasticsearch dialog, select a host with the SolarWinds Observability Agent you want to use for Elasticsearch and click Next.

   To only display Agents running in a Kubernetes cluster, click the List only Agents... toggle.

   If you want to install a dedicated Agent on a dedicated host, add the host and then add the Elasticsearch integration. See Add a self-managed host.

   If you prefer using Docker, see Run the SolarWinds Observability Agent as a Docker image or Kubernetes deployment.

4. Select where the Elasticsearch service is located:

   • On Host: The Elasticsearch service runs on the same physical or virtual machine as the Agent.

   • Off Host: The Elasticsearch service runs on a different physical or virtual machine than the Agent.

5. Make sure that Elasticsearch is ready to be integrated.

   • On Host: Test the Elasticsearch service.

     • Run the following command. The call should return basic data.

     curl -X GET 'http://localhost:9200'

     • If you have enabled security features and an authentication is required, run the following command to test the Elasticsearch service. The call should return basic data.

     curl -u <username>:<password> https://localhost:9200

   • Off Host: Configure Elasticsearch to expose data on the network.

     By default, Elasticsearch is only accessible on localhost. Configure the network.host property in elasticsearch.yml to expose the data.

     1. Run the following command to shut down the Elasticsearch service.

     sudo systemctl stop elasticsearch

     2. Update network.host in the elasticsearch.yml file to the following value. By default, the file is located at /etc/elasticsearch/elasticsearch.yml

        network.host: 0.0.0.0
        
        

     3. Start the Elasticsearch service.

     sudo systemctl start elasticsearch

     3. Run the following command. The call should return basic data.

     curl -X GET 'http://localhost:9200'

     4. If you have enabled security features and an authentication is required, run the following command to test the Elasticsearch service. The call should return basic data.

     curl -u <username>:<password> https://localhost:9200

6. Specify credentials to be used for authenticating the Elasticsearch integration in SolarWinds Observability.

   • Add New Credential

     Select this option to create new credentials. Provide a name for the credentials set and the requested details, such as password, API key, and/or client secret.

   • Use Existing Credential

     Select this option to use existing credentials. Select credentials from the list.

   • No Credential

     Select this option if you do not want to use credentials for authentication. Integrating Elasticsearch does not require credentials.

7. Review the configuration and click Deploy to deploy the changes to the agent.

   • Provide a Display Name.

   • Review the Elasticsearch Endpoint.

   • Review the Collection Interval.

   • For On Host integrations, you can collect logs. Click Enable log monitoring and configure logs.

8. Optional for On Host integrations: Configure logs.

   If you enabled logs:

   1. Grant the Agent access to the Elasticsearch log folder. Use the following command:

      sudo usermod -a -G adm swagent

   2. Restart the Agent. Run the following command.

      sudo service uamsclient restart

   3. Review the default path for storing logs. Adjust it if appropriate.

9. When the installation is complete, you can continue to observe Elasticsearch data. Use the buttons on the Summary screen.

To view data collected for the newly configured integration, click Dashboards and search for Elasticsearch. Click the system dashboard for Elasticsearch. See Dashboards.

To view metrics collected for Elasticsearch, click Analyze > Metrics and search for Elasticsearch. See Metrics Explorer for details.