Elasticsearch configuration

With event streaming, you can configure Strivacity to send audit logs and account events into Elasticsearch. This makes it easy to store events, run searches, and build visualizations.

Configuring event streaming to Elasticsearch

Configuring event streaming to Elasticsearch

When creating an Elasticsearch configuration, you will be asked for the following information:

FieldConfiguration
NameA name for your Elasticsearch configuration.
DescriptionA brief description.
URLThe Elasticsearch endpoint (for example, https://<your-es-host>/\_bulk).
API keyThe API key used to authenticate requests to your Elasticsearch cluster.
IndexThe name of the Elasticsearch index where events should be stored.

Data streaming options

  • Enable audit log streaming
    Sends the entire audit log to Elasticsearch. Certain policy changes (for example, Branding policy, Notification policy, Lifecycle event hooks) will have empty request and response fields.
  • Enable account event streaming
    Sends customer-centric events (for example, login attempts, password changes) to Elasticsearch.
    • Limited to the basic information available in the header of an account event. This means that only high-level details are forwarded—such as the customer’s identity, the timestamp of the action, and labels indicating success or failure. The detailed steps (for example, identification started, MFA selection started) are not included by default.
    • If additional account information is required, you can enable native claims. These native claims are selected via a UI field that lists all native claims available in your instance and included in the event payload when enabled.

Elasticsearch event format

Strivacity uses the Bulk API to send events in JSON format. A typical bulk request might look like:

{ "index": { "_index": "your_index_name" } }
{ "field1": "value1", "field2": "value2" }
{ "index": { "_index": "your_index_name" } }
{ "field1": "value3", "field2": "value4" }

In this case, each Strivacity event (the audit log or account event) is added as a separate JSON document within the bulk payload.

Fields vary depending on the event type but typically include:

  • Timestamps
  • Customer information (subject, customer ID, optional native claims)
  • Event type (login, password reset, etc.)
  • Additional contextual data

Once configured, Strivacity will automatically push events to your specified Elasticsearch index. You can then visualize or analyze the data in Kibana or any other compatible tool.