# Elastic

### Overview

Keeper supports event streaming into Elastic deployments. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2FjtJ4lyzbQAR3jJz4RpPE%2Fimage.png?alt=media&#x26;token=905804f6-a6ff-4381-8c62-63b18bd35bb1" alt=""><figcaption><p>Elastic Integration Settings</p></figcaption></figure>

Elastic integration uses a TCP push to the destination endpoint. The fields required are:

* Host (e.g. **mycompany.gcp.cloud.us.io:9243**)
* Search Index (e.g. **keeper**)
* API Key

Please refer to the Elastic documentation for generating an API key:

<https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-api-key.html>

{% hint style="info" %}
Important: Ensure that the endpoint is using a valid signed SSL certificate that has a domain matching the subject name in the certificate. The certificate must also include the full certificate chain from your CA. Keeper's systems will refuse to connect to a self-signed certificate.\
\
Also, ensure that your Elastic server allows traffic from Keeper servers. See [Firewall Configuration](https://docs.keeper.io/en/enterprise-guide/event-reporting/firewall) page.
{% endhint %}

### Troubleshooting

If Keeper is unable to connect to your Elastic instance, please check the following:

* In the host field, do not type http or https
* Make sure to include the port
* If you are using a "Space", add the space name to the end of the Host field after the port. For example: `example-elastic01.us-east.found.io:9243/s/spacename`
* Make sure any firewall in front of Elastic is configured per [this page](https://docs.keeper.io/en/enterprise-guide/event-reporting/firewall)