Elasticsearch × Tines

Integrating Tines and Elasticsearch allows for seamless automation and real-time data indexing, enabling efficient incident response and elevated search capabilities.

Book a demoSign up free

Pre-built templates

With Tines, you can easily take any action that has a defined API. We've already pre-built some of the most popular ones for you, so you can build quickly.

Query Elasticsearch
Packetbeat IP and Port Query
Packetbeat DNS Question Query
Filebeat SSH Attempts Query
Create Document in Elasticsearch

Build your own connections

With Tines, you can easily take any action that has a defined API using an HTTP request. To build even more quickly, copy a cURL command and paste it into the storyboard.

cURL request

curl -v -X GET --location "https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY" -H 'Content-Type: application/json'

Paste in your Tines story

Full workflow examples

Explore pre-built workflows for Elasticsearch. Use them for inspiration or as a starting point to build your custom automation solution.

Replay Data with Cribl into Elastic Security and Isolate Hosts Using Elastic Agent

Receive a webhook from Elastic to initiate the creation of a SIEM case and link alerts. Analyze the IP, add location and enrichment data, query Elasticsearch for related hits, and decide whether to isolate the host.

Tools: Cribl, Elastic

Query Elasticsearch and page through results

Query Elasticsearch for specific information and page through all of the results. This Story will continue to query Elasticsearch for more sets of results until they all have been returned.

Tools: Elastic

Monitor Invary appraisals and isolate threats with Elastic Fleet

Upon detecting changes, Invary sends appraisals to Tines, which rigorously records events and searches Elasticsearch for host information. Should it detect threats to kernel integrity, Tines swiftly isolates them via the Elastic agent, enhancing network security.

Tools: Elastic, Invary

Send Google Workspace security logs to ELK

Routinely retrieve Google Workspace security logs and upload to Logstash. This method demonstrates an efficient and cost-effective way to ingest logs which can then be ingested into Elasticsearch for further analysis.

Tools: Elastic, Google

Connect quickly

It takes minutes, not months, to connect to tools in Tines.

Credentials documentation

Learn how to use credentials in Tines.

Authentication Guides

Learn how to authenticate third-party products for use with Tines.

More Elastic products

View all Elastic products →

Elastic FleetElastic SecurityKibana

Explore more resources

Check out our blogs that mention Elasticsearch, browse our learning paths, and more.

Blog

How cloud engineering teams use Elastic Observability and Tines to optimize resources

Read now

Case studies

Powerful users, powerful studies

Discover how companies – from Fortune 10 to startups – apply Tines to transform the way their teams operate.

Read case studies

Learn

Tines University

Build your knowledge with dedicated learning paths at all levels.

Start learning

Learn

Learn to use Tines with our documentation

Go to docs

Trusted by industry innovators

CanvaCode42CoinbaseElasticGitLabIntercom
MarsMcKessonOak Ridge National LaboratoryOpenTableSnowflakeReddit

Built by you,
powered by Tines

Book a demoSign up free

Already have an account? Log in.