Skip to content

Elasticsearch Guide

Screenshot

Elasticsearch allows you to store, search, and analyze huge volumes of data quickly in near real-time providingh back answers in milliseconds. Elasticsearch is able to achieve fast search responses because instead of searching the text directly, it searches an index. Elasticsearch is used for storing, searching, and analyzing structured and unstructured data in near real-time.

Satori is deployed between your Elasticsearch client, such as Kibana and the ElasticSearch search server.

It only takes a few minutes to get started with Satori. What you need is:

  • Access to Satori's management console.
  • The hostname of your Elasticsearch data store, for example: search.acme.com

Adding an Elasticsearch Data Store to Satori

Screenshot

Perform the following steps to add an ElasticSearch data store to your Satori account:

  1. Login to the Satori Management Console.
  2. In the Data Stores view, click the plus button to add a new data store.
  3. Select the Elasticsearch option.
  4. Enter an informative name for the data store, for example: Sales Data Warehouse.
  5. Enter the Hostname of your Elasticsearch database, for example: search.acme.com
  6. Choose a Data Access Controller to use for this data store by selecting the Cloud provider and Region.
  7. Click the Add New Data Store button.
  8. You will be redirected to the Data Stores list view.

Connecting to ElasticSearch via Satori using Kibana

To connect to ElasticSearch via Satori using Kibana, you must replace the ‘elasticsearch.hosts’ parameter in your Kibana configuration with the Satori-generated hostname of your data store. For example: search-acme.us-east-1.p0.satoricyber.net.

Known Limitations

Satori only supports auditing of data activity in ElasticSearch.