Have Sophie tail all or some of your Elastic data

Release or Environment

Sophie standalone versions 3.4.x - 3.7.x


To configure an Elastic data-input, go to the Data-Inputs page, click new, and select Elastic:

Next, name your Data-Input, and use the following configuration options to filter what data should be read by Sophie:
Index Prefix - read only indices with names matching the prefix, e.g. my-app-*
Term Filters (advanced) - use this to filter the events fetched. For example, if your events include a field called "severity" and you want to filter by severity, input something like {"severity": ["error", "warning"]} 

If your Elastic is an Amazon Elasticsearch service, you can provide Access Credentials.

If your Elastic requires basic authentication, specify the user and password in the Server URL property, e.g.

Note: Supported Elastic versions are 5 and newer.


Article Information

Last Updated:2020-05-19 12:41:28