Setup Elastic
Configure Elasticsearch to receive logs from Logcannon with standard field mappings. See Supported Destinations for platform overview and version compatibility.
Prerequisites
- An Elasticsearch cluster
- An API key with write permissions to create indices and index documents
- Kibana access (optional, for viewing logs and for creating API keys in Step 1)
Step 1: Create an API Key in Elasticsearch
- Log into Kibana or access Elasticsearch directly
- Navigate to Stack Management → Security → API Keys (in Kibana) or use the Elasticsearch API
- Click Create API key
- Configure the API key:
- Set a name (e.g., "logcannon")
- Grant appropriate privileges:
Required privileges
cluster:monitor/main
indices:data/write/*
indices:data/write/index- Optionally restrict to specific indices
- Copy the API key value - you'll need it for Logcannon configuration
Step 2: Configure in Logcannon
| Parameter | Description | Example |
|---|---|---|
| Elasticsearch Endpoint URL | Cluster URL. Cloud/proxied: deployment URL (no port). Self-hosted: include port 9200. | https://elasticsearch.example.com:9200https://xxx.us-east-1.aws.elastic-cloud.com |
| API Key | API key from Step 1. Stored encrypted. | — |
| Index | Index name for logs. Created automatically if missing. | logcannon |
| Kibana Web URL (optional) | Kibana URL for viewing logs and direct query links. | https://kibana.example.com:5601 |
| Kibana Data View ID (optional) | Data view ID for your logcannon index. Kibana → Stack Management → Data Views → your logcannon* view → copy ID from URL. | — |
Step 3: Test Connection
Use the "Test Connection" button in Logcannon to verify your configuration. This will send a query to your Elasticsearch cluster to ensure everything is working correctly.