Reporting with Elasticsearch and Kibana

Integration with Elasticsearch and Kibana (EK) is implemented by:

The Elasticsearch log output (iam.log.elasticsearch.url)
A set of configuration files and scripts to configure EK for Airlock Suite Reporting can be found here: https://techzone.ergon.ch/external-reporting. This includes

Elasticsearch Index Templates
Kibana Dashboards, Visualizations and Searches

The scripts are compatible with Elasticsearch and Kibana version 7.x. Extract the Zip file and see the included README.md for further setup instructions.

The Elasticsearch and Kibana configurations are provided for both Airlock IAM and Airlock Gateway (WAF) to support combined logging and reporting.

See elastic.co for more information on Elasticsearch, Kibana, and other Elastic products.

(Ergon Informatik ist not affiliated with Elasticsearch B.V.)

Known limitations

The built-in Elasticsearch integration has the following limitations:

-Only http is supported as protocol. The is no support for http/s.
-Authentication with the Elasticsearch service is not supported

Elasticsearch performance and storage considerations

Generally, we recommend following the guidelines outlined in the Elasticsearch documentation.

Index Lifecycle Management, ILM can also be useful in managing storage and search performance.

ILM Example

{
	"policy": {
		"phases": {
			"warm": {
				"min_age": "2d",
				"actions": {
					"readonly": {}
					"forcemerge": {"max_num_segments": 1},
				}
			},
			"delete":{
				"min_age": "30d",
				"actions": {"delete": {}}
			}
		}
	}
}

Depending on your requirements or your setup you might also change "number_of_replicas" and/or "number_of_shards". See Elasticsearch documentation for detailed descriptions.