Elasticsearch configuration
With event streaming, you can configure Strivacity to send audit logs and account events into Elasticsearch. This makes it easy to store events, run searches, and build visualizations.

Configuring event streaming to Elasticsearch
When creating an Elasticsearch configuration, you will be asked for the following information:
Field | Configuration |
---|---|
Name | A name for your Elasticsearch configuration. |
Description | A brief description. |
URL | The Elasticsearch endpoint (for example, https://<your-es-host>/\_bulk ). |
API key | The API key used to authenticate requests to your Elasticsearch cluster. |
Index | The name of the Elasticsearch index where events should be stored. |
Data streaming options
- Enable audit log streaming
Sends the entire audit log to Elasticsearch. Certain policy changes (for example, Branding policy, Notification policy, Lifecycle event hooks) will have empty request and response fields. - Enable account event streaming
Sends customer-centric events (for example, login attempts, password changes) to Elasticsearch.- Limited to the basic information available in the header of an account event. This means that only high-level details are forwarded—such as the customer’s identity, the timestamp of the action, and labels indicating success or failure. The detailed steps (for example, identification started, MFA selection started) are not included by default.
- If additional account information is required, you can enable native claims. These native claims are selected via a UI field that lists all native claims available in your instance and included in the event payload when enabled.
Elasticsearch event format
Strivacity uses the Bulk API to send events in JSON format. A typical bulk request might look like:
{ "index": { "_index": "your_index_name" } }
{ "field1": "value1", "field2": "value2" }
{ "index": { "_index": "your_index_name" } }
{ "field1": "value3", "field2": "value4" }
In this case, each Strivacity event (the audit log or account event) is added as a separate JSON document within the bulk payload.
Fields vary depending on the event type but typically include:
- Timestamps
- Customer information (subject, customer ID, optional native claims)
- Event type (login, password reset, etc.)
- Additional contextual data
Once configured, Strivacity will automatically push events to your specified Elasticsearch index. You can then visualize or analyze the data in Kibana or any other compatible tool.
Updated about 11 hours ago