> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ewake.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Elasticsearch

> Connect Elasticsearch to give ewake access to your logs and metrics for incident analysis.

<Info>
  **What you'll get:** ewake can query your Elasticsearch indices to retrieve logs, correlate log patterns with alerts, and surface relevant data during investigations, without requiring manual query construction.
</Info>

***

## Prerequisites

* An Elasticsearch instance (Elastic Cloud or self-hosted)
* Admin access to create an API key

***

## Configuration

<Steps>
  <Step title="Create an API key in Elasticsearch">
    In Elasticsearch, go to **Stack Management** → **Security** → **API Keys** → click **Create API key**.

    Set the key privileges to read-only on the indices ewake should access:

    ```json theme={null}
    {
      "indices": [{
        "names": ["*"],
        "privileges": ["read", "view_index_metadata"]
      }]
    }
    ```

    Copy the generated API key immediately, it won't be shown again.
  </Step>

  <Step title="Open the Elasticsearch integration in ewake">
    In your ewake dashboard, go to **Integrations** → **Elasticsearch** → click **Configure**.

    <img src="https://mintcdn.com/ewakeai/M1QmRrA-jDM2VkcE/images/integrations/observability/elasticsearch/connect-modal.png?fit=max&auto=format&n=M1QmRrA-jDM2VkcE&q=85&s=a65addb6befee27b40393ab5ba32f441" alt="Connect to Elasticsearch modal in ewake" style={{ maxHeight: "320px", objectFit: "cover", objectPosition: "top", borderRadius: "8px" }} width="936" height="420" data-path="images/integrations/observability/elasticsearch/connect-modal.png" />
  </Step>

  <Step title="Enter your credentials">
    | Field                      | Value                                                   |
    | -------------------------- | ------------------------------------------------------- |
    | **Elasticsearch Base URL** | Your cluster URL (e.g. `https://my-cluster.es.io:9243`) |
    | **API Key**                | The key created in Step 1                               |
  </Step>

  <Step title="Test and save">
    Click **Test Configuration** to verify the connection, then click **Save**.

    <Check>
      Elasticsearch is connected. Ewake can now query your logs during investigations.
    </Check>
  </Step>
</Steps>

***

<Note>
  Ewake uses **read-only** access. It never writes to or modifies your Elasticsearch indices.
</Note>
