# Integrate Tines with ELK

***`Task: Using Tines, you need to make an HTTP request to retrieve the size of a specific index. Once the size is obtained, send an email containing this information. After successfully notifying via email, send another HTTP request to clear the index content while ensuring that the index itself remains intact.`***

Let's begin by sending an HTTP request to Elasticsearch to retrieve a list of all available indices. Once we have the list, we can select any index to work with.

First, we need to configure Ngrok to establish a secure connection between Tines and the Elasticsearch.

```bash
ngrok http https://192.168.204.146:9200/
```

<figure><img src="/files/FWDWSM4v0Qbw2woJSSXv" alt=""><figcaption></figcaption></figure>

Next, we will send an HTTP request to retrieve a list of all available indices.

<figure><img src="/files/cCzyYRU38aAU9P9H4z5f" alt=""><figcaption></figcaption></figure>

We need to include two headers: one for authorization and another for content type.

<figure><img src="/files/x5kAUygsuD2GY5CS1SWk" alt=""><figcaption></figcaption></figure>

Please ensure that your credentials are encoded in Base64 format. Convert your username and password using the following format: `user:password`, then encode it in Base64.

Now, let's submit the request and review the response.

<figure><img src="/files/fFQ5ZbyV5KwVGOD7LNZl" alt=""><figcaption></figcaption></figure>

Each of them is an individual index, and we can choose any one to work with.

Next, we will send an HTTP request to retrieve the size of an index.

<figure><img src="/files/3M3ShBIlZj1qI2Mqh0FZ" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/vMiG8sY4pNpMobWRLVNd" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/6aDye3nBxYrpcjfOudvN" alt=""><figcaption></figcaption></figure>

Now, we will send the size of the **winlogbeat-2025.02.07** index to our email account.

<figure><img src="/files/3r2T0zcLSHsKhFkbohhQ" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/k0rcELvjBPabbxBxHppb" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/prps41hn6IRvzTTLOolt" alt=""><figcaption></figcaption></figure>

Now, let's proceed with sending another HTTP request to remove the data from this index while preserving the index itself.

<figure><img src="/files/yR6HnpGf6TEYGNwQQlTw" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/rHN9g9KdkNQ4Spp0Aqe2" alt=""><figcaption></figcaption></figure>

Next, we need to send a notification to our email account confirming that the index data has been removed.

<figure><img src="/files/MTUcTcfHoGqO4jOfIHMH" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/PrbRBb02edWklW2Xz9JP" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/6qW3d9fotei8Dd9UE8xk" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://faresbltagy.gitbook.io/footprintinglabs/weinnovate-training/soar/integrate-tines-with-elk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.