intelmq.bots.outputs.elasticsearch package

Submodules

intelmq.bots.outputs.elasticsearch.output module

The ES-connection can’t be closed explicitly.

intelmq.bots.outputs.elasticsearch.output.BOT

alias of intelmq.bots.outputs.elasticsearch.output.ElasticsearchOutputBot

class intelmq.bots.outputs.elasticsearch.output.ElasticsearchOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Send events to an Elasticsearch database server

elastic_host: str = '127.0.0.1'
elastic_index: str = 'intelmq'
elastic_port: int = 9200
flatten_fields = ['extra']
get_index(event_dict: dict, default_date: Optional[None.datetime.date] = None, default_string: str = 'unknown-date') str
Returns the index name to use for the given event,

based on the current bot’s settings and the event’s date fields. - If the bot should rotate its Elasticsearch index, returns elastic_index-<timestamp> based on the bot’s rotation option and the time fields in the event, e.g. intelmq-2018. - If the bot should rotate its Elasticsearch index, but no time information is available in the event, this will return <elastic_index>-<default>, e.g. intelmq-unknown-date. - If the bot should not rotate indices, returns elastic_index, e.g. intelmq.

Parameters
  • event_dict – The event (as a dict) to examine.

  • default_date – (Optional) The default date to use for events with no time information (e.g. datetime.today()). Default: None.

  • default_string – (Optional) The value to append if no time is available in the event. Default: ‘unknown-date’.

Returns

A string containing the name of the index which should store the event.

http_password: str = None
http_username: str = None
http_verify_cert: bool = False
init()
process()
replacement_char = None
rotate_index: str = 'never'
should_rotate()
ssl_ca_certificate: str = None
ssl_show_warnings: bool = True
use_ssl: bool = False
intelmq.bots.outputs.elasticsearch.output.get_event_date(event_dict: dict) None.datetime.date
intelmq.bots.outputs.elasticsearch.output.replace_keys(obj, key_char='.', replacement='_')

Module contents