This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Elastic connector

Posted on 08-27-2022 10:47 PM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

Hi everyone, I have an issue and wondering if any of you could help.
I installed the elastic integration and added a connector for it with the index in which alerts are stored. It is working, however when I hit "run connector once" I get only the first alert of the selected timeframe over and over again.
And also even if the connector is started the inflow of alerts doesn't happen, I can only get new cases if I run the connector manually.

0 8 88
Topic Labels
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
Andrew_Cook
New Member
Reply posted on --/--/---- --:-- AM

Running a test on the Elastic connector has always returned one result for me, so that doesn't seem like anything is wrong. There should be a "Logs" tab in the connector settings. Enable the logs, set the log level to Info, and see what happens as the connector runs.

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

But the connector doesn't run automatically

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

And the first problem is that the one result it returns me when I "run connector once" is repeating itself, instead of going 1 by one through all alerts found. (Here you can see that I ran it twice, and the same alert was considered, although it found 2.

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Darius_Iakabos , not sure about why no alerts are ingested when you run the connector.. Could you try to re-create the connector?
Do you have any other connector installed and producing alerts?
Did this same connector work in the past for you?

As for the test results only showing the same alert, I am not familiar with Elastic connector's code, but generally speaking, the test function is for connectivity and does not retain any 'memory' or 'state'. So every time you run it you get a 'fresh' run for the connector, which means it will get the same alert, provided its still in the timeframe.

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

I tried re-creating the connector, as well as using both the available integrations for elastic, the test works but it won't work by itself once turned on.
Is there anything else that needs to be done so it starts pulling in data?

Thanks for the clarification regarding the "run once" aspect.

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

Also, is there any way I can set the connector's "Max Days Backwards" to less than 24 hours?

I can only use whole numbers, even negative numbers, such as -1 days, but not .2 or .3

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

But the connector doesn't run automatically

0 Likes

Posted on --/--/---- --:-- AM
Darius_Iakabos
New Member
Reply posted on --/--/---- --:-- AM

And the first problem is that the one result it returns me when I "run connector once" is repeating itself, instead of going 1 by one through all alerts found. (Here you can see that I ran it twice, and the same alert was considered, although it found 2.

View files in slack

0 Likes
Top Solution Authors
View all