> ## Documentation Index
> Fetch the complete documentation index at: https://docs.traversal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Elasticsearch

> Connect Elasticsearch to query log indices during investigations.

Connecting Elasticsearch allows Traversal to query your log indices, detect relevant errors or patterns, and use those logs as evidence during investigations.

## What Traversal reads

* **Logs** — documents queried from your log indices

## Setup

<Tabs>
  <Tab title="Elastic Cloud">
    <Steps>
      <Step title="Find your Elasticsearch endpoint">
        In your Elastic Cloud project, click the **Help** icon (top right) and select **Connection details**. Copy the **Elasticsearch endpoint** URL (e.g., `https://my-project-XXXX.es.us-central1.gcp.elastic.cloud`).

        <img src="https://mintcdn.com/traversal-ff380fca/qGhvpikajw9E7hhH/images/elasticsearch-connection-details.png?fit=max&auto=format&n=qGhvpikajw9E7hhH&q=85&s=d95d131f1a835c7530524fdd5cb3139b" alt="Finding Connection details in Elastic Cloud" width="1627" height="752" data-path="images/elasticsearch-connection-details.png" />
      </Step>

      <Step title="Create an API key">
        Go to **Settings > Access > API keys** and click **Create API key**. Give it read access to the indices Traversal should query.

        <Info>Create a user API key, not a cross-cluster API key.</Info>

        After creation, Elastic shows you a single encoded API key value — copy it.
      </Step>

      <Step title="Configure in Traversal">
        Go to **Company Knowledge > Integrations**, select **Elasticsearch**, and enter:

        * **Host**: the Elasticsearch endpoint from step 1
        * **Authentication**: select **API Key** and paste the encoded key
      </Step>
    </Steps>
  </Tab>

  <Tab title="Self-managed">
    <Steps>
      <Step title="Find your Elasticsearch endpoint">
        Identify your Elasticsearch host URL (e.g., `https://elasticsearch.mycompany.com:9200`).
      </Step>

      <Step title="Choose an authentication method">
        <Tabs>
          <Tab title="Username and password">
            Use the username and password of a user with read access to the indices Traversal should query.
          </Tab>

          <Tab title="API key">
            In Kibana, go to **Stack Management > Security > API keys** and click **Create API key**. Give it read access to the indices Traversal should query.

            If Elastic shows you a single encoded API key value, paste it into **API Key** in Traversal.
          </Tab>

          <Tab title="API key ID and secret">
            If Elastic shows you separate `id` and `api_key` values after creation, select **API Key with ID** in Traversal and enter both values.
          </Tab>
        </Tabs>
      </Step>

      <Step title="Configure in Traversal">
        Go to **Company Knowledge > Integrations**, select **Elasticsearch**, and enter your host URL and chosen credentials.

        If the integration does not work as expected, check the following:

        * You entered the Elasticsearch endpoint URL, not a Kibana URL
        * You selected the authentication method that matches the credential you created
        * The user or API key has read access to the log indices Traversal should query
      </Step>
    </Steps>
  </Tab>
</Tabs>

## More information

* [Elasticsearch API keys](https://www.elastic.co/docs/deploy-manage/api-keys/elasticsearch-api-keys)