intelmq.bots.outputs.elasticsearch package¶

Submodules¶

The ES-connection can’t be closed explicitly.

TODO * Support client_cert and client_key parameters, see https://github.com/certtools/intelmq/pull/1406

intelmq.bots.outputs.elasticsearch.output.BOT¶: alias of ElasticsearchOutputBot

class intelmq.bots.outputs.elasticsearch.output.ElasticsearchOutputBot(*args, **kwargs)¶

Send events to an Elasticsearch database server

get_index(event_dict: dict, default_date: ~.datetime.date = None, default_string: str = 'unknown-date') → str¶

Returns the index name to use for the given event,: based on the current bot’s settings and the event’s date fields. - If the bot should rotate its Elasticsearch index, returns elastic_index-<timestamp> based on the bot’s rotation option and the time fields in the event, e.g. intelmq-2018. - If the bot should rotate its Elasticsearch index, but no time information is available in the event, this will return <elastic_index>-<default>, e.g. intelmq-unknown-date. - If the bot should not rotate indices, returns elastic_index, e.g. intelmq.

Parameters:

event_dict – The event (as a dict) to examine.
default_date – (Optional) The default date to use for events with no time information (e.g. datetime.today()). Default: None.
default_string – (Optional) The value to append if no time is available in the event. Default: ‘unknown-date’.

Returns:

A string containing the name of the index which should store the event.

intelmq.bots.outputs.elasticsearch.output.get_event_date(event_dict: dict) → date¶

intelmq.bots.outputs.elasticsearch.output.replace_keys(obj, key_char='.', replacement='_')¶