You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Custom API

Collect custom events from an API endpoint with Elastic agent

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The custom API input integration is used to ingest data from custom RESTful API's that do not currently have an existing integration.

The input itself supports sending both GET and POST requests, transform requests and responses during runtime, paginate and keep a running state on information from the last collected events.

Configuration

The extensive documentation for the input are currently available here.

The most commonly used configuration options are available on the main integration page, while more advanced and customizable options currently resides under the "Advanced options" part of the integration settings page.

Configuration is split into three main categories, Request, Response, and Cursor.

The request part of the configuration handles points like which URL endpoint to communicate with, the request body, specific transformations that have to happen before a request is sent out and some custom options like request proxy, timeout and similar options.

The response part of the configuration handles options like transformation, rate limiting, pagination, and splitting the response into different documents before it is sent to Elasticsearch.

The cursor part of the configuration is used when there is a need to keep state between each of the API requests, for example if a timestamp is returned in the response, that should be used as a filter in the next request after that, the cursor is a place where this is stored.

Changelog

VersionDetails
1.16.0
Enhancement View pull request
ECS version updated to 8.10.0.
1.15.0
Enhancement View pull request
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest.
1.14.0
Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
1.13.0
Enhancement View pull request
Update package to ECS 8.9.0.
1.12.0
Enhancement View pull request
Update package to ECS 8.8.0.
1.11.0
Enhancement View pull request
Update package-spec version to 2.7.0.
1.10.0
Enhancement View pull request
Add support for chain property.
1.9.0
Enhancement View pull request
Add a new flag to enable request tracing
1.8.1
Enhancement View pull request
Added optional toggle to enable debug trace logging.
1.8.0
Enhancement View pull request
Update package to ECS 8.7.0.
1.7.1
Enhancement View pull request
Added categories and/or subcategories.
1.7.0
Enhancement View pull request
Update package to ECS 8.6.0.
1.6.1
Bug fix View pull request
Minor doc fix.
1.6.0
Enhancement View pull request
Update package to ECS 8.5.0.
1.5.1
Enhancement View pull request
Update docs remnaing Custom HTTPJSON to Custom API
1.5.0
Enhancement View pull request
Update package to ECS 8.4.0
1.4.2
Enhancement View pull request
Update package name and description to align with standard wording
1.4.1
Bug fix View pull request
Remove defaults from manifest.
1.4.0
Enhancement View pull request
Adds oauth_google_jwt_json option
1.3.0
Enhancement View pull request
Update package to ECS 8.3.0.
1.2.4
Bug fix View pull request
Add correct field mapping for event.created
1.2.3
Bug fix View pull request
Fixes oauth2 config rendering
1.2.2
Bug fix View pull request
Fixes rendering issue for custom oauth2 scopes
1.2.1
Bug fix View pull request
Adds missing delegated_account option for Google Oauth2
1.2.0
Enhancement View pull request
Update ECS to 8.2
1.1.1
Bug fix View pull request
Fixes typo in config template
1.1.0
Bug fix View pull request
Fixes issues with certain configuration fields not working
1.0.0
Enhancement View pull request
Initial Implementation

On this page