Compound Elastic Case Creation
Create a Nuix compound Elasticsearch case.
3 minute read
Prerequisites
- Have an Elasticsearch cluster configured
- Note down the Elasticsearch cluster name and hostname
- Have a working knowledge of sharding strategies and replicas
Note
Note: Elasticsearch configuration steps and information on sharding strategies and replicas are outside the scope of this tutorial.Create a compound elastic case
Now that you are authenticated, you can create a compound Elasticsearch case. For this example, you will use a single shard and zero replicas.
curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"name":"HelloCompoundElasticsearchCase",
"location":"inventory0",
"description":"My first compound Elasticsearch case",
"compound":true,
"investigator":"Inspector Gadget",
"elasticSearchSettings": {
"cluster.name": "elasticsearch",
"index.number_of_shards": 1,
"index.number_of_replicas": 0,
"nuix.transport.hosts": ["127.0.0.1"],
"nuix.http.hosts": ["127.0.0.1"]
}
}
'
{
"caseId": "a571f00ec43d41538d9e8c4f0bf1bda5",
"name": "HelloCompoundElasticsearchCase",
"path": "/Cases/HelloCompoundElasticsearchCase",
"description": "My first compound Elasticsearch case",
"investigator": "Inspector Gadget",
"creationDate": 1613154608469,
"compound": true,
"elastic": true,
"binaryStoreLocation": "/Cases/HelloCompoundElasticsearchCase/Stores/BinaryStore",
"indexId": "nuix-a571f00ec43d41538d9e8c4f0bf1bda5",
"caseSize": 0,
"casePathParent": "/Cases",
"caseInvestigationTimeZone": "America/New_York",
"hasExclusions": null,
"hasNuixSystemTags": null,
"hasProductionSets": null,
"hasCalculatedAuditSize": null,
"casePath": "/Cases/HelloCompoundElasticsearchCase",
"caseDescription": "My first compound Elasticsearch case",
"caseCreationDate": 1613154608469,
"caseInvestigator": "Inspector Gadget",
"caseName": "HelloCompoundElasticsearchCase"
}
You have now successfully created a compound Elasticsearch case. Take note of your case ID a571f00ec43d41538d9e8c4f0bf1bda5. Next, you need to
add elastic simple child cases to the compound case. Let’s create two elastic simple child cases and add them to the compound case.
Create Elasticsearch child case 1
curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"name":"HelloElasticChild1",
"location":"inventory0",
"description":"My elastic child case 1",
"compound":false,
"investigator":"Inspector Gadget",
"elasticSearchSettings": {
"cluster.name": "elasticsearch",
"index.number_of_shards": 1,
"index.number_of_replicas": 0,
"nuix.transport.hosts": ["127.0.0.1"],
"nuix.http.hosts": ["127.0.0.1"]
}
}
'
{
"caseId": "0d4060b5d16046e58172286266a80980",
"name": "HelloElasticChild1",
"path": "/Cases/HelloElasticChild1",
"description": "My elastic child case 1",
"investigator": "Inspector Gadget",
"creationDate": 1613155151596,
"compound": false,
"elastic": true,
"binaryStoreLocation": "/Cases/HelloElasticChild1/Stores/BinaryStore",
"indexId": "nuix-0d4060b5d16046e58172286266a80980",
"caseSize": 0,
"casePathParent": "/Cases",
"caseInvestigationTimeZone": "America/New_York",
"hasExclusions": null,
"hasNuixSystemTags": null,
"hasProductionSets": null,
"hasCalculatedAuditSize": null,
"casePath": "/Cases/HelloElasticChild1",
"caseDescription": "My elastic child case 1",
"caseCreationDate": 1613155151596,
"caseInvestigator": "Inspector Gadget",
"caseName": "HelloElasticChild1"
}
Create Elasticsearch child case 2
curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"name":"HelloElasticChild2",
"location":"inventory0",
"description":"My elastic child case 2",
"compound":false,
"investigator":"Inspector Gadget",
"elasticSearchSettings": {
"cluster.name": "elasticsearch",
"index.number_of_shards": 1,
"index.number_of_replicas": 0,
"nuix.transport.hosts": ["127.0.0.1"],
"nuix.http.hosts": ["127.0.0.1"]
}
}
'
{
"caseId": "8c680473e5274719a585ba77eb4f9ca5",
"name": "HelloElasticChild2",
"path": "/Cases/HelloElasticChild2",
"description": "My elastic child case 2",
"investigator": "Inspector Gadget",
"creationDate": 1613155276207,
"compound": false,
"elastic": true,
"binaryStoreLocation": "/Cases/HelloElasticChild2/Stores/BinaryStore",
"indexId": "nuix-8c680473e5274719a585ba77eb4f9ca5",
"caseSize": 0,
"casePathParent": "/Cases",
"caseInvestigationTimeZone": "America/New_York",
"hasExclusions": null,
"hasNuixSystemTags": null,
"hasProductionSets": null,
"hasCalculatedAuditSize": null,
"casePath": "/Cases/HelloElasticChild2",
"caseDescription": "My elastic child case 2",
"caseCreationDate": 1613155276207,
"caseInvestigator": "Inspector Gadget",
"caseName": "HelloElasticChild2"
}
Add Elasticsearch child cases to an Elasticsearch compound case
Now you can add the two simple Elasticsearch child cases to your Elasticsearch compound case. The childCases endpoint simply
acknowledges the addition of the child cases to the compound case by returning a HTTP status code of 200.
curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases/a571f00ec43d41538d9e8c4f0bf1bda5/childCases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '[ "0d4060b5d16046e58172286266a80980", "8c680473e5274719a585ba77eb4f9ca5" ]'
You have now successfully created a Elasticsearch compound case! Now, you can proceed to Part 5: Ingestion.
Feedback
Was this page helpful?
Thank you for your feedback.
Thank you for your feedback.