Collect custom events from an API endpoint with Elastic agent
What is an Elastic integration?
This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
The custom API input integration is used to ingest data from custom RESTful API's that do not currently have an existing integration.
The input itself supports sending both GET and POST requests, transform requests and responses during runtime, paginate and keep a running state on information from the last collected events.
The extensive documentation for the input are currently available here.
The most commonly used configuration options are available on the main integration page, while more advanced and customizable options currently resides under the "Advanced options" part of the integration settings page.
Configuration is split into three main categories, Request, Response, and Cursor.
The request part of the configuration handles points like which URL endpoint to communicate with, the request body, specific transformations that have to happen before a request is sent out and some custom options like request proxy, timeout and similar options.
The response part of the configuration handles options like transformation, rate limiting, pagination, and splitting the response into different documents before it is sent to Elasticsearch.
The cursor part of the configuration is used when there is a need to keep state between each of the API requests, for example if a timestamp is returned in the response, that should be used as a filter in the next request after that, the cursor is a place where this is stored.
| Version | Details |
|---|---|
1.8.1 | Enhancement View pull request Added optional toggle to enable debug trace logging. |
1.8.0 | Enhancement View pull request Update package to ECS 8.7.0. |
1.7.1 | Enhancement View pull request Added categories and/or subcategories. |
1.7.0 | Enhancement View pull request Update package to ECS 8.6.0. |
1.6.1 | Bug fix View pull request Minor doc fix. |
1.6.0 | Enhancement View pull request Update package to ECS 8.5.0. |
1.5.1 | Enhancement View pull request Update docs remnaing Custom HTTPJSON to Custom API |
1.5.0 | Enhancement View pull request Update package to ECS 8.4.0 |
1.4.2 | Enhancement View pull request Update package name and description to align with standard wording |
1.4.1 | Bug fix View pull request Remove defaults from manifest. |
1.4.0 | Enhancement View pull request Adds oauth_google_jwt_json option |
1.3.0 | Enhancement View pull request Update package to ECS 8.3.0. |
1.2.4 | Bug fix View pull request Add correct field mapping for event.created |
1.2.3 | Bug fix View pull request Fixes oauth2 config rendering |
1.2.2 | Bug fix View pull request Fixes rendering issue for custom oauth2 scopes |
1.2.1 | Bug fix View pull request Adds missing delegated_account option for Google Oauth2 |
1.2.0 | Enhancement View pull request Update ECS to 8.2 |
1.1.1 | Bug fix View pull request Fixes typo in config template |
1.1.0 | Bug fix View pull request Fixes issues with certain configuration fields not working |
1.0.0 | Enhancement View pull request Initial Implementation |