Documentation Index
Fetch the complete documentation index at: https://docs.traversal.com/llms.txt
Use this file to discover all available pages before exploring further.
Connecting OpenSearch allows Traversal to query your log/event indices and use matching documents as evidence during investigations.
What Traversal reads
- Logs — documents queried from your log and event indices
Setup
Find your OpenSearch hosts
Enter one or more OpenSearch host URLs, such as https://opensearch.mycompany.com:9200.
Choose an authentication method
OpenSearch deployments expose credentials in different formats. In Traversal, choose the option that matches the credential your OpenSearch administrator gives you.
Username and password
API key
API key with ID
Bearer token
In OpenSearch Dashboards, create or choose a read-only role that can query the indices Traversal should access, then create a user and assign that role.
Use this option if your OpenSearch deployment gives you a single encoded API key value.Ask your OpenSearch administrator to create an API key with read-only access to the indices Traversal should query, then copy the full encoded key value into Traversal.
Use this option if your OpenSearch deployment gives you two values: an API key ID and an API key secret.Ask your OpenSearch administrator to create a read-only API key, then copy the API Key ID and API Key Secret into the matching fields in Traversal.
Use this option only if your OpenSearch cluster already accepts Authorization: Bearer <token> headers, typically through JWT authentication.Ask your OpenSearch administrator or identity team to issue a token for a user or service principal that has read access to the target indices. The token must be signed by an issuer your cluster trusts, and its subject or role claims must map to permissions OpenSearch recognizes.Before saving the integration, test the token with a simple read request:curl -H "Authorization: Bearer $TOKEN" https://opensearch.example.com:9200/_cluster/health
OpenSearch On-Behalf-Of tokens are short-lived, so they are usually not a good fit for a saved integration unless you rotate them automatically.
Configure in Traversal
Go to Company Knowledge > Integrations, select OpenSearch, and enter your host URLs and credentials.If you want clickable links from Traversal back to your OpenSearch UI, optionally set Base URL for UI to your OpenSearch Dashboards URL.
