« Tomcat NetWitness Logs integration (To be deprecated soon) Netscout integration »
Elastic Docs Elastic integrations

Custom API input integration

edit

Custom API input integration

edit

Version

1.21.1 (View all)

Compatible Kibana version(s)

8.13.0 or higher

Supported Serverless project types
What’s this?

Security
Observability

Subscription level
What’s this?

Basic

Level of support
What’s this?

Elastic

The custom API input integration is used to ingest data from custom RESTful API’s that do not currently have an existing integration.

The input itself supports sending both GET and POST requests, transform requests and responses during runtime, paginate and keep a running state on information from the last collected events.

If you are starting development of a new custom HTTP API input, we recommend that you use the Common Expression Language input which provides greater flexibility and an improved developer experience.

Configuration

edit

The extensive documentation for the input are currently available here.

The most commonly used configuration options are available on the main integration page, while more advanced and customizable options currently resides under the "Advanced options" part of the integration settings page.

Configuration is split into three main categories, Request, Response, and Cursor.

The request part of the configuration handles points like which URL endpoint to communicate with, the request body, specific transformations that have to happen before a request is sent out and some custom options like request proxy, timeout and similar options.

The response part of the configuration handles options like transformation, rate limiting, pagination, and splitting the response into different documents before it is sent to Elasticsearch.

The cursor part of the configuration is used when there is a need to keep state between each of the API requests, for example if a timestamp is returned in the response, that should be used as a filter in the next request after that, the cursor is a place where this is stored.

Changelog

edit
Changelog
Version Details Kibana version(s)

1.21.1

Bug fix (View pull request)
Fix broken link in Custom API using Common Expression Language.

8.13.0 or higher

1.21.0

Enhancement (View pull request)
Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.20.0

Enhancement (View pull request)
Set sensitive values as secret.

8.12.0 or higher

1.19.0

Enhancement (View pull request)
Advise new projects to use CEL.

8.7.1 or higher

1.18.1

Enhancement (View pull request)
Changed owners

8.7.1 or higher

1.18.0

Enhancement (View pull request)
Limit request tracer log count to five.

8.7.1 or higher

1.17.0

Enhancement (View pull request)
ECS version updated to 8.11.0.

8.7.1 or higher

1.16.0

Enhancement (View pull request)
ECS version updated to 8.10.0.

8.7.1 or higher

1.15.0

Enhancement (View pull request)
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added owner.type: elastic to package manifest.

8.7.1 or higher

1.14.0

Enhancement (View pull request)
Add tags.yml file so that integration’s dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.13.0

Enhancement (View pull request)
Update package to ECS 8.9.0.

8.7.1 or higher

1.12.0

Enhancement (View pull request)
Update package to ECS 8.8.0.

8.7.1 or higher

1.11.0

Enhancement (View pull request)
Update package-spec version to 2.7.0.

8.7.1 or higher

1.10.0

Enhancement (View pull request)
Add support for chain property.

8.7.1 or higher

1.9.0

Enhancement (View pull request)
Add a new flag to enable request tracing

8.7.1 or higher

1.8.1

Enhancement (View pull request)
Added optional toggle to enable debug trace logging.

8.4.0 or higher

1.8.0

Enhancement (View pull request)
Update package to ECS 8.7.0.

1.7.1

Enhancement (View pull request)
Added categories and/or subcategories.

8.4.0 or higher

1.7.0

Enhancement (View pull request)
Update package to ECS 8.6.0.

8.4.0 or higher

1.6.1

Bug fix (View pull request)
Minor doc fix.

8.4.0 or higher

1.6.0

Enhancement (View pull request)
Update package to ECS 8.5.0.

8.4.0 or higher

1.5.1

Enhancement (View pull request)
Update docs remnaing Custom HTTPJSON to Custom API

8.4.0 or higher

1.5.0

Enhancement (View pull request)
Update package to ECS 8.4.0

8.4.0 or higher

1.4.2

Enhancement (View pull request)
Update package name and description to align with standard wording

8.4.0 or higher

1.4.1

Bug fix (View pull request)
Remove defaults from manifest.

8.4.0 or higher

1.4.0

Enhancement (View pull request)
Adds oauth_google_jwt_json option

8.4.0 or higher

1.3.0

Enhancement (View pull request)
Update package to ECS 8.3.0.

7.16.0 or higher
8.0.0 or higher

1.2.4

Bug fix (View pull request)
Add correct field mapping for event.created

7.16.0 or higher
8.0.0 or higher

1.2.3

Bug fix (View pull request)
Fixes oauth2 config rendering

7.16.0 or higher
8.0.0 or higher

1.2.2

Bug fix (View pull request)
Fixes rendering issue for custom oauth2 scopes

7.16.0 or higher
8.0.0 or higher

1.2.1

Bug fix (View pull request)
Adds missing delegated_account option for Google Oauth2

7.16.0 or higher
8.0.0 or higher

1.2.0

Enhancement (View pull request)
Update ECS to 8.2

7.16.0 or higher
8.0.0 or higher

1.1.1

Bug fix (View pull request)
Fixes typo in config template

7.16.0 or higher
8.0.0 or higher

1.1.0

Bug fix (View pull request)
Fixes issues with certain configuration fields not working

7.16.0 or higher
8.0.0 or higher

1.0.0

Enhancement (View pull request)
Initial Implementation

7.16.0 or higher
8.0.0 or higher
« Tomcat NetWitness Logs integration (To be deprecated soon) Netscout integration »