5. Elasticsearch

To enable actions logging there are some steps that need to be completed which are outlined below.

5.1. Install Elasticsearch

Elastic has an article on installing Elasticsearch here.

5.2. Import an index template

Import the template and policy below into Elasticsearch.

5.2.1. Action events

For this template you should set the value for elasticsearch.index.actions to match.

curl -k -X PUT -H "Content-Type: application/json" -d @/opt/halon/policyd/share/elasticsearch/actions/halon-policyd-actions-timeseries-policy.json http://elastic:[email protected]:9200/_ilm/policy/halon-policyd-actions-timeseries-policy
curl -k -X PUT -H "Content-Type: application/json" -d @/opt/halon/policyd/share/elasticsearch/actions/halon-policyd-actions.json http://elastic:[email protected]:9200/_index_template/halon-policyd-actions