Reporting with Elasticsearch and Kibana

Integration with Elasticsearch and Kibana (EK) is implemented by:

  • The Elasticsearch log output (iam.log.elasticsearch.url property).
  • A set of configuration files and scripts for configuring EK for Airlock Suite Reporting. The set can be found here: Airlock reporting bundle. It includes the following items:
    • Elasticsearch index templates 
    • Kibana dashboards, visualizations and searches.

Extract the .zip file and see the included README.md for further setup instructions.

The Elasticsearch and Kibana configurations are provided for both Airlock IAM and Airlock Gateway to support combined logging and reporting.

 
Info

See elastic.co for more information on Elasticsearch, Kibana, and other Elastic products.

(Ergon Informatik ist not affiliated with Elasticsearch B.V.)

Known limitations

The built-in Elasticsearch integration has the following limitations:

  • Only HTTP is supported as protocol.
  • Authentication with the Elasticsearch service is not supported.

Elasticsearch performance and storage considerations

Generally, we recommend following the guidelines outlined in the Elasticsearch documentation.

Index Lifecycle Management, ILM can also be useful in managing storage and search performance.

ILM Example

 
Example
{
	"policy": {
		"phases": {
			"warm": {
				"min_age": "2d",
				"actions": {
					"readonly": {}
					"forcemerge": {"max_num_segments": 1},
				}
			},
			"delete":{
				"min_age": "30d",
				"actions": {"delete": {}}
			}
		}
	}
}

Depending on your requirements or your setup you might also change “number_of_replicas” and/or “number_of_shards”. See Elasticsearch documentation for detailed descriptions.