Introduction to theELK Stack SyncPack

Download this manual as a PDF file 

This section describes how you can configure and use the ELK Stack SyncPack with the PowerFlow platform to integrate SL1 events and ELK detections.

After the 2.1.0 platform release, the Integration Service was rebranded as SL1 PowerFlow, and the Automation Builder was rebranded as SL1 PowerFlow builder.

The label "SyncPack" is used in place of "SyncPack" in the PowerFlow user interface.

What is the ELK Stack Synchronization PowerPack?

The ELK Stack Synchronization PowerPack includes a configuration object, applications, and steps that bidirectionally sync jobs, pipeline jobs, and node status between ELK and SL1.

Prerequisites for this SyncPack

This SyncPack requires the following:

  • SL1 PowerFlow platform version: 2.3.0 or later
  • ELK Stack Automation  PowerPack version 100
  • SL1 version: 11.1.0 or later. For details on upgrading SL1, see the appropriate SL1 Release Notes.
  • The following dependencies are included in the SyncPack:
  • SL1 Notifications: 1.0.2
  • base_steps_syncpack :1.3.2
  • Administrator access to both SL1 and ELK
  • ELK administrator access to the Administration Portal
  • ELK administrator access to the GUI Portal

The following table lists the port access required by PowerFlow and this SyncPack:

Source IP PowerFlow Destination PowerFlow Source Port Destination Port Requirement
PowerFlow SL1 API Any TCP 443 SL1 API Access
PowerFlow ELK REST API Any TCP 443 ELK REST API Access

ScienceLogic highly recommends that you disable all firewall session-limiting policies as the firewalls will drop HTTPS requests resulting in data loss.

Contents of the SyncPack

This section lists the contents of the ELK Stack Synchronization PowerPack.

PowerFlow Applications

  • Get Data from External Source. This application acquires data from external sources to update ELK statuses in SL1.
  • Search Data in ELK. This application searches data in ELK and posts updates the SL1.
  • Get Data from SL1. This application acquires data from SL1 to send to ELK and back to SL1 for updates.

For more information about how to configure these applications, see Configuring Applications for the ELK Stack Synchronization PowerPack.

Configuration Object

  • ElasticSearch Logstash Kibana Configuration. This configuration object can be used as a template after the SyncPack is installed on the PowerFlow system.

Steps

The following steps are included in this SyncPack:

  • Get Log Data from SL1
  • PostUpdateToSL1
  • Get Search Results from ELK
  • Send Data to ELK
  • Update ELK Status To SL1

Installing the SyncPack

A SyncPack file has the .whl file extension type. You can download the SyncPack file from the ScienceLogic Support site.

Downloading the SyncPack

To locate and download the SyncPack:

  1. Go to the ScienceLogic Support Site.
  2. Click the Product Downloads tab and select PowerPack.
  3. In the Search PowerPacks field, search for the SyncPack and select it from the search results. The Release Version page appears.
  4. On the PowerPack Versions tab, click the name of the SyncPack version that you want to install. The Release File Details page appears.
  5. Click the Download File button or click the name of the .zip file containing the .whl file for this SyncPack to start downloading the file.

After you download a SyncPack, you can import it to your PowerFlow system using the PowerFlow user interface.

Importing the SyncPack

To import a SyncPack in the PowerFlow user interface:

  1. On the SyncPacks page () of the PowerFlow user interface, click Import SyncPack. The Import SyncPack page appears.
  2. Click Browse and select the .whl file for the SyncPack you want to install. You can also drag and drop a .whl file to the Import SyncPack page.
  3. Click Import. PowerFlow registers and uploads the SyncPack. The SyncPack is added to the SyncPacks page.
  4. You will need to activate and install the SyncPack in PowerFlow. For more information, see Activating and Installing a Synchronization PowerPack.

You cannot edit the content package in a SyncPack published by ScienceLogic. You must make a copy of a ScienceLogic SyncPack and save your changes to the new SyncPack to prevent overwriting any information in the original SyncPack when upgrading.

Installing the SyncPack

To activate and install a SyncPack in the PowerFlow user interface:

  1. On the SyncPacks page of the PowerFlow user interface, click the Actions button () for the SyncPack you want to install and select Activate & Install. The Activate & Install SyncPack modal appears.

    If you try to activate and install a SyncPack that is already activated and installed, you can choose to "force" installation across all the nodes in the PowerFlow system.

    If you do not see the PowerPack that you want to install, click the Filter icon () on the SyncPacks page and select Toggle Inactive SyncPacks to see a list of the imported PowerPacks.

  1. Click Yes to confirm the activation and installation. When the SyncPack is activated, the SyncPacks page displays a green check mark icon () for that SyncPack. If the activation or installation failed, then a red exclamation mark icon () appears.
  2. For more information about the activation and installation process, click the check mark icon () or the exclamation mark icon () in the Activated column for that SyncPack. For a successful installation, the "Activate & Install SyncPack" application appears, and you can view the Step Log for the steps. For a failed installation, the Error Logs window appears.
  3. If you have other versions of the same SyncPack on your PowerFlow system, you can click the Actions button () for that SyncPack and select Change active version to activate a different version other than the version that is currently running.