Setup Elastic
Configure Elasticsearch to receive logs from logcannon.com with ECS-compliant field mappings
Prerequisites
- An Elasticsearch cluster (version 7.x or later recommended)
- An API key with write permissions to create indices and index documents
- Kibana access (optional, for viewing logs)
Step 1: Create an API Key in Elasticsearch
- Log into Kibana or access Elasticsearch directly
- Navigate to Stack Management → Security → API Keys (in Kibana) or use the Elasticsearch API
- Click Create API key
- Configure the API key:
- Set a name (e.g., "logcannon")
- Grant appropriate privileges:
cluster:monitor/main
indices:data/write/*
indices:data/write/index- Optionally restrict to specific indices
- Copy the API key value - you'll need it for logcannon.com configuration
Security Note
Step 2: Configure in logcannon.com
In the logcannon.com interface, provide the following information:
Elasticsearch Endpoint URL
The URL for your Elasticsearch cluster, including the port (typically 9200).
https://elasticsearch.example.com:9200API Key
Paste the API key you created in Step 1. This key is encrypted and stored securely.
Index
The Elasticsearch index name where logs will be stored. Indices are created automatically if they don't exist.
logcannonSSL Verification
Enable SSL certificate verification for secure connections. Disable only if using self-signed certificates in development environments.
Kibana Web URL (Optional)
The URL for your Kibana instance to view logs. This enables direct links to Kibana queries.
https://kibana.example.com:5601Kibana Data View ID (Optional)
The data view ID in Kibana for your logcannon index. Get this from Kibana: Stack Management → Data Views → Click your logcannon* view → Copy ID from URL
Step 3: Test Connection
Use the "Test Connection" button in logcannon.com to verify your configuration. This will send a test event to your Elasticsearch cluster to ensure everything is working correctly.
ECS Compliance