Basic Components

You are here:

Basic Components

There are a few concepts that are core to Martello iQ and Elasticsearch. You must understand these concepts to successfully use the Martello iQ REST API.

Elasticsearch Node

By default, Martello iQ installs a single Elasticsearch node co-located with the Martello iQ application in the same server. This node is responsible for storing the data that originates from different Sources, and provides indexing and search capabilities.

Elasticsearch Index

An index is a collection of documents that have similar characteristics. In Martello iQ, there are specific indices for Components and States, Component Relationships, Alerts, and Incidents. An index is identified by a name (that must be all lowercase) and this name is used to refer to the index when performing indexing, search, update, and delete operations against the documents in it. The following index categories are defined in Martello iQ:

savisioniq_components_<SourceGuid>—Each of these indices stores documents of type Component and Component State related to a specific Source.

savisioniq_component_relationships_<SourceGuid>—Each of these indices stores documents of type Component Relationship related to a specific Source.

savisioniq_alerts_<SourceGuid>—Each of these indices stores documents of type Alert related to a specific Source.

savisioniq_incidents_<SourceGuid>—Each of these indices stores documents of type Incident related to a specific Source.

Elasticsearch Type

Within an index, only one single Elasticsearch type is defined by Martello iQ. A type is defined for documents that have a set of common fields. The index category savisioniq_components_* contains the Elasticsearch type “esentity,” which may represent two different Martello iQ types: the parent type Component and the child type Component State. The following Elasticsearch types are defined in Martello iQ:

esentity—This type is defined in the indices savisioniq_components_* and may represent the parent type Component and the child type Component State.

componentrelationship—This type is defined in the indices savisioniq_component_relationships_*.

alert—This type is defined in the indices savisioniq_alerts_*.

incident—This type is defined in the indices savisioniq_incidents_*.

Elasticsearch Document

A document is a basic unit of information that can be indexed. For example, in Martello iQ you can have a document for a single Alert, another document for a single Component, and another for a single Incident. This document is expressed in JSON (JavaScript Object Notation), which is a ubiquitous internet data interchange format. Within an index, you can store as many documents as you want.

Each document in an index has an _id field. The _id field is used to uniquely identify a document within that index. Elasticsearch searches on the _id, rather than on the text of a document, to locate information quickly. For example, when you perform a query or use the GET API operation, Elasticsearch uses the _id to look up documents.

Source

In Martello iQ a Source (also called Integration in the interface) represents a specific monitoring tool or ITSM system—such as SCOM or ServiceNow—that provides the data to be stored into Elasticsearch. Each Source is uniquely identified by a GUID.