Elasticsearch Replication

Sandfly supports the replication of results data to an external Elasticsearch database for independent long-term storage and analysis.

ℹ️

INFO: Upgrade Feature - Elastic Replication

The ability to configure and use Elastic Replication requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/ for details.

The Elasticsearch Replication tab, available via the Settings > Server Configuration menu, contains the following settings that can be edited:

• Elastic Replication Enabled - Set it to true to enable access to the Elasticsearch Replication settings.
• Elastic Replication URL - The replication URL of the external Elasticsearch server, which must be in a standard URL format of <PROTOCOL>://<HOSTNAME>:<PORT>/ like in the reference image.
• Server CA Certificate (optional) - If the external Elasticsearch server uses a certificate from a private CA or is self-signed, provide the trusted certificate in PEM format in this field.
• Username (optional) - If authentication is used, the external Elasticsearch username to connect as.
• Password (optional) - If authentication is used, the external Elasticsearch password associated with the specified username.

---

With correct settings and replication enabled, the Sandfly server will automatically create and maintain an index within Elasticsearch called sandfly_results. No additional setup actions should normally be necessary within Elasticsearch.