Reporting with Elasticsearch and Kibana

Integration with Elasticsearch and Kibana (EK) is provided through a set of configuration files and scripts that prepare EK for use with Airlock Suite Reporting.

You can find the complete bundle here: Airlock reporting bundle.

The bundle includes:

  • Elasticsearch index templates 
  • Kibana dashboards, visualizations and searches

For detailed setup instructions, see Configuring the Airlock Secure Access Hub reporting bundle.

 
Notice

The Elasticsearch and Kibana configurations are provided for both Airlock IAM and Airlock Gateway to support combined logging and reporting.

Known limitations

The built-in Elasticsearch integration has the following limitations:

  • Both HTTP and HTTPS are supported. Note that HTTPS only works when using certificates issued by trusted certificates authorities (CAs).
  • Authentication with the Elasticsearch service is not supported.

Elasticsearch performance and storage considerations

Generally, we recommend following the guidelines outlined in the Elasticsearch documentation.

Index Lifecycle Management, ILM can also be useful in managing storage and search performance.

ILM Example

 
Example
{
	"policy": {
		"phases": {
			"warm": {
				"min_age": "2d",
				"actions": {
					"readonly": {}
					"forcemerge": {"max_num_segments": 1},
				}
			},
			"delete":{
				"min_age": "30d",
				"actions": {"delete": {}}
			}
		}
	}
}

Depending on your requirements or your setup you might also change “number_of_replicas” and/or “number_of_shards”. See Elasticsearch documentation for detailed descriptions.

Further information and links