> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/deployment/recall-qux-only/recall-indices-and-content-for-stream-in-elk-v7.md). # Recall indices & content for Stream in Elk v7 Recall Content can be added to any customer's Stream Elasticsearch & Kibana Index. This guide will explain how a customer is able to quickly & easily add this data. After completing these steps, the user will have these items on their ELK stack: * Index templates in ElasticSearch that will parse fields correctly * Kibana index patterns that will set the timestamp & representation of each index * Kibana saved searches for useful queries, such as the Vectra Security Assessment. * Dashboards, such as VPN overview dashboard, and the Host Dashboard. ## Compressed File with Indices & Saved Searches A zip file with relevant data is attached at the end of this page. Last updated: 2020.10.26 ## Elastic templates ### Install the templates on a given elastic search instance Elasticsearch templates are contained within the ` ./elasticsearch-templates`` ` folder. run `HOST=localhost:9200 ./put.sh` to upload all the existing templates to the local ES **OR** You can use the following `curl` command to install a given template: ``` curl -XPUT $HOST/_template/$TEMPLATE_NAME?include_type_name=true -H "Content-Type: application/json" --data-binary "@$TEMPLATE_PATH" ``` Be sure to populate `$HOST`, `$TEMPLATE_NAME` and `$TEMPLATE_PATH` with the proper data. For instance: ``` curl -XPUT http://localhost:9200/_template/metadata_isession?include_type_name=true \ -H "Content-Type: application/json" \ --data-binary "@tpl/metadata_isession.jsonc" ``` More info on how to load templates can be found in [the official ElasticSearch templates docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html). ## Kibana-state `./kibana-state/` is a store for a Kibana specific state, where the Kibana index patterns are stored. #### Adding Stream index patterns * Before adding index patterns, ensure that index templates have been added to ES (`HOST=localhost:9200 ./put.sh`) * Go to kibana UI, Management, Saved Objects Section. `/app/kibana#/management/kibana/objects` * Click import, and select **recall\_kibana\_indices.ndjson**. ### Attachments {% file src="/files/S4P8nGf81pZo6MYKtqhN" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectra.ai/deployment/recall-qux-only/recall-indices-and-content-for-stream-in-elk-v7.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.