How to

The Agentbeat received in its Events directory some messages in json format which are sent to document manager and inserted in the Elasticsearch.

To know if these messages are inserted in the Elasticsearch , get the id of the message in the json file before sending by the Agentbeat, then make this curl query with that id :

curl -X GET "<ElasticsearchServer>:<Elastic_port>/<Automator_index>/_search?pretty" -H 'Content-Type: application/json' -d' { "query": { "match": { "id": "<id_of the_message>" } }}'

Exemple :

curl -X GET "host.docker.internal:9200/axw_automator/_search?pretty" -H 'Content-Type: application/json' -d' { "query": { "match": { "id": "60DC625B1" } }}'