Introduction to the ELK Stack SyncPack

Download this manual as a PDF file 

This section describes how you can configure and use the "ELK Stack" SyncPack with the PowerFlow platform to integrate SL1 events and ELK detections.

"ELK" stands for the grouping of the Elasticsearch, Logstash, and Kibana applications. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.

This SyncPack uses the "ELK Stack Automation" PowerPack.

What Can I Do with this SyncPack?

The "ELK StackSyncPack automatically triggers ELK based on SL1 events, which removes the need for manual search, logging and data visualization. Changes are synchronized between the two systems, so users making changes in ELK or SL1 can see each those changes without having make the changes manually in both systems.

"ELK" stands for the grouping of the Elasticsearch, Logstash, and Kibana applications. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.

The SyncPack automates the sharing and exchange of logs so that you can easily search log data, use logs to enrich incidents and tickets, and stash logs for later use.

You can also configure this SyncPack to generate an alert in SL1 if any log is inserted to Logstash at a specified time.

Contents of the SyncPack

This section lists the contents of the "ELK Stack" SyncPack.

PowerFlow Applications

  • Get Data from External Source. This application acquires data from external sources to update ELK statuses in SL1.
  • Search Data in ELK. This application searches data in ELK and posts updates to SL1.
  • Get Data from SL1. This application acquires data from SL1 to send to ELK and back to SL1 for updates.

For more information about how to configure these applications, see Configuring Applications for the ELK Stack SyncPack.

Configuration Object

  • ElasticSearch Logstash Kibana Configuration. This configuration object can be used as a template after the SyncPack is installed on the PowerFlow system.

Steps

The following steps are included in this SyncPack:

  • Get Log Data from SL1
  • Get Search Results from ELK
  • Post Update To SL1
  • Send Data to ELK
  • Update ELK Status To SL1