Send JSON Documents (Logs) to Elasticsearch

This integration is part of the Pro edition.

Kubeshark enables you to send schema-free JSON documents directly to any Elasticsearch local instance or cloud-hosted solution using the Elastic helper.

The following example utilizes the onItemCaptured hook and calls vendor.elastic helper to send a JSON document information related to the dissected protocol message whenever a 500 response code is returned.

function onItemCaptured(data) {
  if (data.response.status === 500)
    vendor.elastic(
        "",                     // URL is ignored for Elastic Cloud
        "my-index-name",
        data,                   // Payload
        "",                     // Username is ignored for Elastic Cloud
        "",                     // Password is ignored for Elastic Cloud
        env.ELASTIC_CLOUD_ID,
        env.ELASTIC_API_KEY
    );
}

The data is inserted into the index my-index-name and can be seen in the Elastic Cloud dashboard: