intelmq.bots.outputs.elasticsearch package


intelmq.bots.outputs.elasticsearch.output module

The ES-connection can’t be closed explicitly.


alias of intelmq.bots.outputs.elasticsearch.output.ElasticsearchOutputBot

class intelmq.bots.outputs.elasticsearch.output.ElasticsearchOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)


Send events to an Elasticsearch database server

elastic_host: str = ''
elastic_index: str = 'intelmq'
elastic_port: int = 9200
flatten_fields = ['extra']
get_index(event_dict: dict, default_date: Optional[] = None, default_string: str = 'unknown-date') str
Returns the index name to use for the given event,

based on the current bot’s settings and the event’s date fields. - If the bot should rotate its Elasticsearch index, returns elastic_index-<timestamp> based on the bot’s rotation option and the time fields in the event, e.g. intelmq-2018. - If the bot should rotate its Elasticsearch index, but no time information is available in the event, this will return <elastic_index>-<default>, e.g. intelmq-unknown-date. - If the bot should not rotate indices, returns elastic_index, e.g. intelmq.

  • event_dict – The event (as a dict) to examine.

  • default_date – (Optional) The default date to use for events with no time information (e.g. Default: None.

  • default_string – (Optional) The value to append if no time is available in the event. Default: ‘unknown-date’.


A string containing the name of the index which should store the event.

http_password: str = None
http_username: str = None
http_verify_cert: bool = False
replacement_char = None
rotate_index: str = 'never'
ssl_ca_certificate: str = None
ssl_show_warnings: bool = True
use_ssl: bool = False
intelmq.bots.outputs.elasticsearch.output.get_event_date(event_dict: dict)
intelmq.bots.outputs.elasticsearch.output.replace_keys(obj, key_char='.', replacement='_')

Module contents