Compound Elastic Case Creation

Create your first Nuix Compound Elasticsearch case.

Create a Compound Elastic Case

Now that you are authenticated, let’s create a compound Elasticsearch case. Configuration of Elasticsearch is outside the scope of this tutorial. Additionally, sharding strategies and replicas are also outside the scope of this tutorial. In order to create an Elasticsearch case you will need to know the Elasticsearch cluster name and host name. For this example, we will use a single shard and zero replicas.

curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
   "name":"HelloCompoundElasticsearchCase",
   "location":"inventory0",
   "description":"My first compound Elasticsearch case",
   "compound":true,
   "investigator":"Inspector Gadget",
   "elasticSearchSettings": {
   	"cluster.name": "elasticsearch",
   	"index.number_of_shards": 1,
   	"index.number_of_replicas": 0,
   	"nuix.transport.hosts": ["127.0.0.1"],
    "nuix.http.hosts": ["127.0.0.1"] 
   }
}
'
{
    "caseId": "a571f00ec43d41538d9e8c4f0bf1bda5",
    "name": "HelloCompoundElasticsearchCase",
    "path": "/Cases/HelloCompoundElasticsearchCase",
    "description": "My first compound Elasticsearch case",
    "investigator": "Inspector Gadget",
    "creationDate": 1613154608469,
    "compound": true,
    "elastic": true,
    "binaryStoreLocation": "/Cases/HelloCompoundElasticsearchCase/Stores/BinaryStore",
    "indexId": "nuix-a571f00ec43d41538d9e8c4f0bf1bda5",
    "caseSize": 0,
    "casePathParent": "/Cases",
    "caseInvestigationTimeZone": "America/New_York",
    "hasExclusions": null,
    "hasNuixSystemTags": null,
    "hasProductionSets": null,
    "hasCalculatedAuditSize": null,
    "casePath": "/Cases/HelloCompoundElasticsearchCase",
    "caseDescription": "My first compound Elasticsearch case",
    "caseCreationDate": 1613154608469,
    "caseInvestigator": "Inspector Gadget",
    "caseName": "HelloCompoundElasticsearchCase"
}

You have now successfully created your first compound Elasticsearch case! Take note of your case ID a571f00ec43d41538d9e8c4f0bf1bda5. Next, we have to add elastic simple child cases to the compound case. Let’s create two elastic simple child cases and add them to the compound case.

Create Elasticsearch Child Case 1

curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
   "name":"HelloElasticChild1",
   "location":"inventory0",
   "description":"My elastic child case 1",
   "compound":false,
   "investigator":"Inspector Gadget",
   "elasticSearchSettings": {
   	"cluster.name": "elasticsearch",
   	"index.number_of_shards": 1,
   	"index.number_of_replicas": 0,
   	"nuix.transport.hosts": ["127.0.0.1"],
    "nuix.http.hosts": ["127.0.0.1"] 
   }
}
'
{
    "caseId": "0d4060b5d16046e58172286266a80980",
    "name": "HelloElasticChild1",
    "path": "/Cases/HelloElasticChild1",
    "description": "My elastic child case 1",
    "investigator": "Inspector Gadget",
    "creationDate": 1613155151596,
    "compound": false,
    "elastic": true,
    "binaryStoreLocation": "/Cases/HelloElasticChild1/Stores/BinaryStore",
    "indexId": "nuix-0d4060b5d16046e58172286266a80980",
    "caseSize": 0,
    "casePathParent": "/Cases",
    "caseInvestigationTimeZone": "America/New_York",
    "hasExclusions": null,
    "hasNuixSystemTags": null,
    "hasProductionSets": null,
    "hasCalculatedAuditSize": null,
    "casePath": "/Cases/HelloElasticChild1",
    "caseDescription": "My elastic child case 1",
    "caseCreationDate": 1613155151596,
    "caseInvestigator": "Inspector Gadget",
    "caseName": "HelloElasticChild1"
}

Create Elasticsearch Child Case 2

curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
   "name":"HelloElasticChild2",
   "location":"inventory0",
   "description":"My elastic child case 2",
   "compound":false,
   "investigator":"Inspector Gadget",
   "elasticSearchSettings": {
   	"cluster.name": "elasticsearch",
   	"index.number_of_shards": 1,
   	"index.number_of_replicas": 0,
   	"nuix.transport.hosts": ["127.0.0.1"],
    "nuix.http.hosts": ["127.0.0.1"] 
   }
}
'
{
    "caseId": "8c680473e5274719a585ba77eb4f9ca5",
    "name": "HelloElasticChild2",
    "path": "/Cases/HelloElasticChild2",
    "description": "My elastic child case 2",
    "investigator": "Inspector Gadget",
    "creationDate": 1613155276207,
    "compound": false,
    "elastic": true,
    "binaryStoreLocation": "/Cases/HelloElasticChild2/Stores/BinaryStore",
    "indexId": "nuix-8c680473e5274719a585ba77eb4f9ca5",
    "caseSize": 0,
    "casePathParent": "/Cases",
    "caseInvestigationTimeZone": "America/New_York",
    "hasExclusions": null,
    "hasNuixSystemTags": null,
    "hasProductionSets": null,
    "hasCalculatedAuditSize": null,
    "casePath": "/Cases/HelloElasticChild2",
    "caseDescription": "My elastic child case 2",
    "caseCreationDate": 1613155276207,
    "caseInvestigator": "Inspector Gadget",
    "caseName": "HelloElasticChild2"
}

Adding Elasticsearch Child Cases to an Elasticsearch Compound Case

Finally, let’s add our two simple Elasticsearch child cases that we just created to our Elasticsearch compound case. The childCases endpoint simply acknowledges the addition of the child cases to the compound case by returning a HTTP status code of 200

curl --location --request POST 'http://localhost:8080/nuix-restful-service/svc/v1/cases/a571f00ec43d41538d9e8c4f0bf1bda5/childCases' \
--header 'nuix-auth-token: 9729a460-eda7-48dc-ba70-d12b3aae3c8d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '[ "0d4060b5d16046e58172286266a80980", "8c680473e5274719a585ba77eb4f9ca5" ]'

You have now successfully created your first Elasticsearch compound case! Next, let’s ingest some data!

Last modified February 12, 2021