Setup Elastic
Configure Elasticsearch to receive logs from logcannon.com with standard field mappings. See Supported Destinations for platform overview.
Prerequisites
- An Elasticsearch cluster (version 7.x or later recommended)
- An API key with write permissions to create indices and index documents
- Kibana access (optional, for viewing logs)
Step 1: Create an API Key in Elasticsearch
- Log into Kibana or access Elasticsearch directly
- Navigate to Stack Management → Security → API Keys (in Kibana) or use the Elasticsearch API
- Click Create API key
- Configure the API key:
- Set a name (e.g., "logcannon")
- Grant appropriate privileges:
Required privileges
cluster:monitor/main
indices:data/write/*
indices:data/write/index- Optionally restrict to specific indices
- Copy the API key value - you'll need it for logcannon.com configuration
Step 2: Configure in logcannon.com
| Parameter | Description | Example |
|---|---|---|
| Elasticsearch Endpoint URL | Cluster URL. Cloud/proxied: deployment URL (no port). Self-hosted: include port 9200. | https://elasticsearch.example.com:9200https://xxx.us-east-1.aws.elastic-cloud.com |
| API Key | API key from Step 1. Stored encrypted. | — |
| Index | Index name for logs. Created automatically if missing. | logcannon |
| SSL Verification | Enable for secure connections. Disable only for self-signed certs in development. | — |
| Kibana Web URL (optional) | Kibana URL for viewing logs and direct query links. | https://kibana.example.com:5601 |
| Kibana Data View ID (optional) | Data view ID for your logcannon index. Kibana → Stack Management → Data Views → your logcannon* view → copy ID from URL. | — |
Step 3: Test Connection
Use the "Test Connection" button in logcannon.com to verify your configuration. This will send a test event to your Elasticsearch cluster to ensure everything is working correctly.