### Elasticsearch Watcher: Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.3.1 An introductory guide to using Elasticsearch Watcher for automated alerting and monitoring. It covers the basic concepts and setup. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": [ "my-index-*" ], "body": { "query": { "range": { "@timestamp": { "gt": "now-1m" } } }, "size": 0 } } } }, "condition": { "compare": { "ctx.payload.hits.total.value": { "gt": 100 } } }, "actions": { "log_message": { "logging": { "message": "High volume detected!" } } } } ``` -------------------------------- ### Elasticsearch Watcher Getting Started Guide Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/text-structure-apis An introductory guide to using Elasticsearch Watcher for automated monitoring and alerting based on data in your Elasticsearch cluster. ```text Watcher * Getting started with Watcher ``` -------------------------------- ### Elasticsearch Watcher Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/pipeline-processor Basic examples for setting up and configuring watches in Elasticsearch's Watcher feature for automated alerting. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": [ "logstash-*" ], "body": { "query": { "match": { "response": 500 } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "logLevel": { "logging": { "message": "Found {{ctx.payload.hits.total}} 500 errors in the last hour." } } } } ``` -------------------------------- ### Getting Started with Watcher Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/clear-sql-cursor-api An introductory guide to Elasticsearch Watcher, explaining its core concepts and providing initial steps to set up and create your first watch for proactive alerting. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": [ "logstash-*" ], "body": { "query": { "term": { "response.keyword": "500" } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "send_email": { "email": { "to": "admins@example.com", "subject": "High number of 500 errors detected!", "body": "Found {{ctx.payload.hits.total}} 500 errors in the last hour." } } } } ``` -------------------------------- ### Watcher Getting Started Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ml-get-record A basic example of creating a Watcher in Elasticsearch to monitor for specific conditions and trigger actions. This serves as an introductory point for using the Watcher feature. ```elasticsearch PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["logstash-*"], "body": { "query": { "match": {"message": "error"} } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "log_error": { "logging": { "message": "Found an error in logs: {{ctx.payload.hits.total}}" } } } } ``` -------------------------------- ### Watcher - Getting Started Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/trb-security-saml A basic example of an Elasticsearch Watcher configuration. It demonstrates how to define a trigger (e.g., interval), an input (e.g., a search query), and an action (e.g., logging a message). ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": ["logs-*"], "body": { "query": { "match": {"message": "error"} } } } } }, "actions": { "log_error": { "logging": { "text": "Found an error: {{ctx.payload.hits.total.value}}" } } } } ``` -------------------------------- ### Elasticsearch Watcher: Getting Started with Watcher Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.5.2 This guide provides an introduction to Elasticsearch Watcher. It covers the basic concepts and steps required to set up and use Watcher for automated alerting and actions based on data changes. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["logstash-*"], "body": { "query": { "range": { "@timestamp": { "gt": "now-1h/h", "lt": "now/h" } } }, "aggs": { "errors": { "terms": { "field": "level", "include": "error" } } } } } } }, "condition": { "compare": { "ctx.payload.aggregations.errors.buckets.length": { "gt": 0 } } }, "actions": { "send_email": { "email": { "to": "admin@example.com", "subject": "High Error Rate Detected", "body": "An increased number of errors were found in the last hour." } } } } ``` -------------------------------- ### Elasticsearch Watcher: Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-span-within-query This provides a conceptual overview of getting started with Elasticsearch Watcher. It involves defining watches that trigger actions based on data in Elasticsearch. ```json # Create a simple watch to alert on high error rates PUT _watcher/watch/high_error_rate_alert { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["my-logs-2023*"], "body": { "query": { "term": { "level": "error" } }, "size": 0 } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 100 } } }, "actions": { "send_email": { "email": { "to": "admin@example.com", "subject": "High Error Rate Detected!", "body": "Error count in the last hour: {{ctx.payload.hits.total.value}}" } } } } ``` -------------------------------- ### Install Elasticsearch Service on Windows Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/zip-windows Installs Elasticsearch as a Windows service using the `elasticsearch-service.bat install` command. It shows example output indicating the service name and the `ES_JAVA_HOME` value used during installation. This process enables Elasticsearch to run in the background or start automatically on boot. ```batch C:\Program Files\elasticsearch-8.19.7\bin>elasticsearch-service.bat install Installing service : "elasticsearch-service-x64" Using ES_JAVA_HOME (64-bit): "C:\jvm\jdk1.8" The service 'elasticsearch-service-x64' has been installed. ``` -------------------------------- ### Configuring Elasticsearch Watcher Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/overview-index-lifecycle-management This provides an introductory example of setting up an Elasticsearch Watcher to periodically check for specific conditions and trigger actions. It includes defining a watch with a schedule, input, condition, and actions. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["my-index-*"], "body": { "query": { "match": { "status": "error" } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "log_error": { "logging": { "text": "Found errors in my-index-*" } } } } ``` -------------------------------- ### Watcher Getting Started Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/input-chain A basic example demonstrating how to create a simple Watch in Elasticsearch using the Watcher feature. This watch could trigger an action based on a condition. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": ["logstash-*"], "body": { "query": { "match": { "message": "error" } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": {"gt": 0} } }, "actions": { "log_it": { "logging": { "message": "Found {{ctx.payload.hits.total}} errors." } } } } ``` -------------------------------- ### Clone Elastic Connectors Repository (Git) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/es-postgresql-connector-client-tutorial This command clones the Elastic Connectors repository locally, which contains the necessary framework and example configuration files for setting up self-managed connectors. Use this as a starting point for your connector setup. ```bash git clone https://github.com/elastic/connectors ``` -------------------------------- ### ES|QL Reference Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ciphers Comprehensive guide to ES|QL, covering getting started, syntax, commands, functions, operators, and usage across different interfaces. ```APIDOC ## ES|QL (Elasticsearch SQL) ### Description Documentation for ES|QL, a query language for Elasticsearch. ### Getting Started * Getting started ### ES|QL Reference * Syntax reference * Commands * Functions and operators * Metadata fields * Multivalued fields * Data processing with DISSECT and GROK * Correlate data with LOOKUP JOIN * Data enrichment * Implicit casting * Time spans ### Using ES|QL * REST API * Using ES|QL for search * Using ES|QL in Kibana * Using ES|QL in Elastic Security * Using ES|QL to query multiple indices * Using ES|QL across clusters * Task management ### Limitations * Limitations ``` -------------------------------- ### Elasticsearch Transform: Setup Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-span-within-query This example demonstrates setting up an Elasticsearch transform to aggregate data from one index into another. It defines the source index, destination index, and the transformation logic. ```json PUT _transform/my_transform_id { "source": { "index": "my_data_index" }, "dest": { "index": "my_transformed_index" }, "frequency": "1h", "sync": { "time": { "field": "timestamp", "delay": "10m" } }, "pivot": { "group_by": { "user.id": { "terms": { "field": "user.id" } } }, "aggregations": { "total_amount": { "sum": { "field": "transaction.amount" } }, "avg_amount": { "avg": { "field": "transaction.amount" } } } } } ``` -------------------------------- ### SQL: Overview and Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-match-all-query An introduction to using SQL with Elasticsearch. This covers the basic concepts and how to get started with querying Elasticsearch data using SQL syntax. ```sql SELECT * FROM "my-index-*" WHERE "response.keyword" = '200' LIMIT 10; ``` -------------------------------- ### Index and Search using Elasticsearch APIs (Basic) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ilm-shrink A simple example of indexing a document and then searching for it using Elasticsearch's RESTful APIs. This is a foundational example for interacting with Elasticsearch programmatically, suitable for quick starts. ```json # Index a document POST /my-test-index/_doc { "title": "My First Document", "content": "This is the content of my first document." } # Search for the document GET /my-test-index/_search { "query": { "match": { "content": "first document" } } } ``` -------------------------------- ### Docker Compose Quickstart for Connectors Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/esql-enrich-data A quickstart guide for setting up and running Elasticsearch connectors using Docker Compose. This simplifies the deployment and testing of connectors in a local environment. ```YAML # Example docker-compose.yml snippet for a connector version: '3.7' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0 # ... other elasticsearch configurations ... connector_service: image: docker.elastic.co/connectors/connector-mongodb:8.11.0 environment: ELASTIC_APM_SERVER_URL: "http://apm-server:8200" depends_on: - elasticsearch ``` -------------------------------- ### Elasticsearch Watcher Getting Started Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-api-authenticate A basic example of creating an Elasticsearch Watcher to trigger an action based on a scheduled query. Watcher allows you to automate tasks and receive alerts based on cluster data. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["logstash-*"], "body": { "query": { "bool": { "must": [ { "range": { "@timestamp": { "gte": "now-1h/m", "lt": "now/m" } } }, { "term": { "level.keyword": "ERROR" } } ] } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 5 } } }, "actions": { "send_email": { "email": { "to": "admin@example.com", "subject": "High error count detected!", "body": "There have been {{ctx.payload.hits.total}} errors in the last hour." } } } } ``` -------------------------------- ### Connectors: Docker Compose Quickstart Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ml-get-influencer A quickstart guide for setting up and running Elasticsearch connectors using Docker Compose. This simplifies the orchestration of multiple Docker containers. ```yaml # Example docker-compose.yml for a connector version: '3.7' services: connector: image: ports: - "8080:8080" ``` -------------------------------- ### Query X-Pack Info API (Python, Ruby, JavaScript, HTTP) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/info-api This example demonstrates how to query the general X-Pack info API in Python, Ruby, and JavaScript, as well as a direct HTTP GET request. It retrieves all available information about installed X-Pack features and license status. Ensure the Elasticsearch client library is installed and configured. ```python resp = client.xpack.info() print(resp) ``` ```ruby response = client.xpack.info puts response ``` ```javascript const response = await client.xpack.info(); console.log(response); ``` ```http GET /_xpack ``` -------------------------------- ### Elasticsearch Transform Setup Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sql-search-api A basic JSON configuration for setting up an Elasticsearch data transform job. This example defines the source index, the destination index, and the aggregations to be performed. ```json { "source": { "index": "ecommerce-data-*" }, "dest": { "index": "ecommerce-summary" }, "pivot": { "group_by": { "product_id": {"terms": {"field": "product_id"}}, "timestamp": {"date_histogram": {"field": "@timestamp", "fixed_interval": "1h"}} }, "aggregations": { "total_sales": {"sum": {"field": "total_sales"}}, "avg_quantity": {"avg": {"field": "quantity"}} } } } ``` -------------------------------- ### Watcher: Getting started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/remote-clusters An introduction to Watcher, Elasticsearch's alerting and notification feature, explaining its basic concepts and setup. ```APIDOC ## Watcher ### Getting started with Watcher Provides an introductory guide to Watcher, covering its core functionality and initial setup steps. ### How Watcher works Explains the internal mechanisms and workflow of the Watcher alerting system. ``` -------------------------------- ### Watcher Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/allocation-total-shards This snippet provides a conceptual overview of getting started with Watcher in Elasticsearch. Watcher allows you to define alerts based on data conditions. ```markdown 1. **Define a Watch:** Create a JSON document specifying the trigger, input, condition, and actions. 2. **Schedule the Watch:** Use cron-like syntax to define when the watch should run. 3. **Configure Input:** Specify the Elasticsearch query or other data source. 4. **Set Condition:** Define the criteria that must be met for actions to execute. 5. **Define Actions:** Specify what should happen (e.g., send an email, log a message). ``` -------------------------------- ### Elasticsearch Watcher Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/mapping-types Introduces Elasticsearch Watcher, a feature for automating alerts and actions based on data in Elasticsearch. Covers basic setup, creating simple watches, and understanding the core components. ```json { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": ["logs-*"] } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 1000 } } }, "actions": { "log_high_count": { "logging": { "text": "High log count detected: {{ctx.payload.hits.total}}" } } } } ``` -------------------------------- ### Elasticsearch Watcher: Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-terms-query This snippet provides a basic example of creating a Watcher in Elasticsearch. Watcher allows you to automate alerts and actions based on data in your cluster. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["my-index"], "body": { "query": { "match": {"status": "error"} } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "send_email": { "email": { "to": "admin@example.com", "subject": "High number of errors detected!", "body": "See attached details." } } } } ``` -------------------------------- ### GET /_cat/plugins Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/getting-started-snapshot-lifecycle-management Displays installed plugins on each node using the cat API. ```APIDOC ## GET /_cat/plugins ### Description Displays installed plugins. ### Method GET ### Endpoint /_cat/plugins ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **response** (string) - Tabular information about installed plugins. #### Response Example ``` node component name version type description Jg3Fk3aOT0G-p4hS05i9ew ingest ingest-attachment 8.19.0 plugin Ingest attachment processor ``` ``` -------------------------------- ### Elasticsearch Data Transformation: Setup Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/vector-queries This configuration demonstrates the basic setup for an Elasticsearch data transform. Transforms allow you to preprocess and aggregate data into new indices for analysis. ```json PUT _transform/my_transform_id { "source": { "index": "my-source-index" }, "dest": { "index": "my-destination-index" }, "pivot": { "group_by": { "user_id": "term", "timestamp": "date_histogram", "interval": "1h" }, "aggregations": { "total_revenue": "sum_of_price" } } } ``` -------------------------------- ### SQL Interface for Elasticsearch Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/migration-api Guides users on interacting with Elasticsearch using standard SQL. Covers getting started, conventions, security, and the SQL REST API for executing queries and retrieving data. ```text * SQL * Overview * Getting Started with SQL * Conventions and Terminology * Mapping concepts across SQL and Elasticsearch * Security * SQL REST API * Overview * Response Data Formats * Paginating through a large response * Filtering using Elasticsearch Query DSL * Columnar results * Passing parameters to a query * Use runtime fields * Run an async SQL search * SQL Translate API * SQL CLI * SQL JDBC * API usage * SQL ODBC * Driver installation * Configuration * SQL Client Applications * DBeaver * DbVisualizer * Microsoft Excel * Microsoft Power BI Desktop * Microsoft PowerShell * MicroStrategy Desktop * Qlik Sense Desktop * SQuirreL SQL * SQL Workbench/J * Tableau Desktop * Tableau Server ``` -------------------------------- ### GET /_cat/plugins Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-basic-setup-https Lists installed plugins using the cat API. ```APIDOC ## GET /_cat/plugins ### Description Lists installed plugins. ### Method GET ### Endpoint /_cat/plugins ### Parameters #### Request Body None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **plugins** (array) - Array of plugin information. #### Response Example ```json [ { "node": "node1", "component": "plugin", "name": "plugin1", "version": "1.0", "description": "plugin description", "classname": "plugin.class", "extended_plugins": "plugin2,plugin3" } ] ``` ``` -------------------------------- ### GET /_cat/plugins Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-prefix-query Displays information about installed plugins. ```APIDOC ## GET /_cat/plugins ### Description Displays information about installed plugins. ### Method GET ### Endpoint /_cat/plugins ### Parameters None ### Request Example None ### Response #### Success Response (200) - **plugins_info** (array) - An array of objects with plugin details. #### Response Example ```json [ { "node": "node1", "component": "plugin_name", "version": "1.0.0" } ] ``` ``` -------------------------------- ### Install Elasticsearch from Archive on Linux or MacOS Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ilm-shrink Instructions for installing Elasticsearch using the archive distribution on Linux and MacOS. This method involves downloading a tarball and extracting it, providing flexibility in installation location. It's suitable for users who prefer manual control over the installation process. ```bash # Download the archive curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.19.0-linux-x86_64.tar.gz # Verify the integrity of the download sudo sh -c 'echo "YOUR_DOWNLOADED_SHA512SUM elasticsearch-8.19.0-linux-x86_64.tar.gz" | sha512sum -c -' # Extract the archive tar -xzf elasticsearch-8.19.0-linux-x86_64.tar.gz ``` -------------------------------- ### ES|QL Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/docs-delete Comprehensive guide to ES|QL, a powerful query language for Elasticsearch, covering its getting started guide, reference, and usage in various contexts like REST API and Kibana. ```APIDOC ## ES|QL ### Description Detailed documentation for ES|QL, a versatile query language for Elasticsearch. It includes getting started instructions, a full reference of syntax, commands, functions, operators, and examples of how to use ES|QL with the REST API, Kibana, and Elastic Security. ### Getting started ### ES|QL reference * Syntax reference * Commands * Functions and operators * Metadata fields * Multivalued fields * Data processing with DISSECT and GROK * Correlate data with LOOKUP JOIN * Data enrichment * Implicit casting * Time spans ### Using ES|QL * REST API * Using ES|QL for search * Using ES|QL in Kibana * Using ES|QL in Elastic Security * Using ES|QL to query multiple indices * Using ES|QL across clusters * Task management ### Limitations ### Examples ``` -------------------------------- ### GET /_cat/plugins Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/search-aggregations-metrics-max-aggregation Provides information about installed plugins in a compact, human-readable format. ```APIDOC ## GET /_cat/plugins ### Description Provides information about installed plugins in a compact, human-readable format. ### Method GET ### Endpoint /_cat/plugins ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **plugins** (array) - An array of installed plugins. #### Response Example ```json [ { "node": "node1", "component": "analysis-icu", "version": "8.19.0", "name": "analysis-icu" } ] ``` ``` -------------------------------- ### Start Elasticsearch with Security Enabled Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ml-get-record This command demonstrates how to start the Elasticsearch cluster with security features enabled automatically. It simplifies the initial setup of security configurations. ```bash bin/elasticsearch-setup-passwords auto bin/elasticsearch -d -p pidfile ``` -------------------------------- ### Start Elasticsearch Instance Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-minimal-setup Starts an Elasticsearch instance using the provided command. This is a prerequisite for resetting user passwords. ```bash ./bin/elasticsearch ``` -------------------------------- ### Elasticsearch Data Transformation Setup Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/recipes Provides guidance on setting up and using data transformations in Elasticsearch. It covers the overview, when to use transforms, generating alerts, scaling transforms, and how checkpoints function. Includes a tutorial for sample data transformation. ```text Overview Setup When to use transforms Generating alerts for transforms Transforms at scale How checkpoints work API quick reference Tutorial: Transforming the eCommerce sample data Painless examples Limitations ``` -------------------------------- ### Elasticsearch Watcher: Getting Started Example Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/search-aggregations-metrics-extendedstats-aggregation A basic example of an Elasticsearch Watcher, configured to trigger an action (e.g., logging a message) when a specific condition is met. Watcher automates alerts and actions based on data in Elasticsearch. ```json PUT _watcher/watch/my_simple_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["my-index-2023*"], "body": { "query": { "match": {"status": "error"} } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "log_error": { "logging": { "level": "info", "message": "Found {{ctx.payload.hits.total}} errors in the last hour." } } } } ``` -------------------------------- ### Command line tools Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sql-odbc-setup Documentation for various Elasticsearch command-line tools. ```APIDOC ## Command line tools ### elasticsearch-certgen Generates SSL certificates for Elasticsearch. ### elasticsearch-certutil Utility for generating certificates. ### elasticsearch-create-enrollment-token Creates an enrollment token for Elasticsearch nodes. ### elasticsearch-croneval Evaluates cron expressions. ### elasticsearch-keystore Manages the Elasticsearch keystore. ### elasticsearch-node Manages Elasticsearch nodes. ### elasticsearch-reconfigure-node Reconfigures an Elasticsearch node. ### elasticsearch-reset-password Resets user passwords in Elasticsearch. ### elasticsearch-saml-metadata Generates SAML metadata for Elasticsearch. ### elasticsearch-service-tokens Manages Elasticsearch service tokens. ### elasticsearch-setup-passwords Sets up initial passwords for Elasticsearch users. ### elasticsearch-shard Manages Elasticsearch shards. ### elasticsearch-syskeygen Generates system keys. ### elasticsearch-users Manages Elasticsearch users. ``` -------------------------------- ### GET /_cat/plugins Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/analysis-analyzers Provides information about installed plugins in a compact, human-readable format. ```APIDOC ## GET /_cat/plugins ### Description Provides information about installed plugins in a compact, human-readable format. ### Method GET ### Endpoint /_cat/plugins ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **data** (string) - Tabular data representing the installed plugins. #### Response Example ```json "name component version description type" ``` ``` -------------------------------- ### Install Elasticsearch with .zip on Windows Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ilm-shrink Steps for installing Elasticsearch on Windows using the .zip archive. This is a straightforward method for Windows users, involving downloading and extracting the archive. It allows for easy installation without relying on package managers. ```powershell # Download the archive Invoke-WebRequest -Uri https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.19.0-windows-x86_64.zip -OutFile elasticsearch-8.19.0-windows-x86_64.zip # Extract the archive Expand-Archive elasticsearch-8.19.0-windows-x86_64.zip -DestinationPath "C:\Program Files\Elasticsearch" ``` -------------------------------- ### ES|QL REST API Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-match-all-query Information regarding the ES|QL REST API, including getting started, reference, and usage examples. ```APIDOC ## ES|QL REST API ### Description This section covers the ES|QL REST API, detailing its capabilities for querying and managing data within Elasticsearch using the ES|QL language. ### Method GET, POST (for various ES|QL operations) ### Endpoint `/esql` (Conceptual - specific endpoints would be detailed in API tutorial) ### Parameters #### Query Parameters - **pretty** (boolean) - Optional - Returns pretty-printed JSON. - **format** (string) - Optional - Specifies the response format (e.g., `json`, `txt`). #### Request Body (Varies depending on the specific ES|QL operation. Typically contains the ES|QL query.) ### Request Example ```json { "query": "SELECT * FROM \"my-index\" WHERE \"column_name\" = \"some_value\"" } ``` ### Response #### Success Response (200) - **data** (array) - The results of the ES|QL query. - **rows** (integer) - The number of rows returned. - **columns** (array) - Metadata about the columns in the result set. #### Response Example ```json { "data": [ ["value1", "value2"] ], "rows": 1, "columns": [ { "name": "column_name_1", "type": "string" }, { "name": "column_name_2", "type": "integer" } ] } ``` ``` -------------------------------- ### Set Up Basic Security Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sparse-vector This section details the process of setting up basic security in Elasticsearch, which includes enabling security, configuring users, and potentially setting up TLS/SSL. ```bash # Enable security in elasticsearch.yml xpack.security.enabled: true # Set passwords for built-in users bin/elasticsearch-setup-passwords interactive # Configure realms (e.g., native, file-based) in elasticsearch.yml # xpack.security.authc.realms.native.native_auth: # type: native # order: 0 ``` -------------------------------- ### Configuring Elasticsearch Watcher Basics Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/recipes Introduces the fundamentals of Elasticsearch Watcher, an alerting tool. It covers getting started with Watcher and explaining its core operational mechanisms. ```text Getting started with Watcher How Watcher works ``` -------------------------------- ### Enable and Manage Elasticsearch Service with systemd Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/starting-elasticsearch Commands to enable Elasticsearch to start on boot, and to start and stop the service manually. These operations provide no direct success feedback, with status reported in log files. ```bash sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service sudo systemctl start elasticsearch.service sudo systemctl stop elasticsearch.service ``` -------------------------------- ### Troubleshooting: Setup-passwords Command Failure Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sparse-vector This guide provides solutions for failures encountered when running the `elasticsearch-setup-passwords` command, often related to network connectivity or security settings. ```text Common error: "Connection failure while trying to access Elasticsearch cluster." Troubleshooting steps: 1. Ensure Elasticsearch is running and accessible on the specified host and port. 2. Verify `network.host` and `http.port` settings in `elasticsearch.yml`. 3. Check if security is enabled (`xpack.security.enabled: true`) and if you are using the correct bootstrap password if prompted. 4. If using TLS/SSL, ensure the `setup-passwords` command is configured to trust the Elasticsearch node's certificate or is using appropriate protocols. 5. Check Elasticsearch logs for more detailed error messages. ``` -------------------------------- ### Get Calendar Events (cURL) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/ml-get-calendar-event An example using cURL to fetch scheduled events from a specific calendar. This request can be extended with query parameters like 'start' and 'end' for time-based filtering. ```bash GET _ml/calendars/planned-outages/events ``` ```bash GET _ml/calendars/planned-outages/events?start=1635638400000&end=1635724800000 ``` -------------------------------- ### Start Elasticsearch from Command Line (.tar.gz) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/starting-elasticsearch This command starts Elasticsearch directly from the terminal when installed via a .tar.gz package. It automatically enables security features, generates credentials, and outputs them to the console. Elasticsearch will run in the foreground. ```bash ./bin/elasticsearch ``` -------------------------------- ### Start Elasticsearch Service on Windows Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/zip-windows Starts the installed Elasticsearch service on Windows using the `elasticsearch-service.bat start` command. By default, authentication is enabled when the service starts. This command assumes Elasticsearch has already been installed as a service. ```batch C:\Program Files\elasticsearch-8.19.7\bin>bin\elasticsearch-service.bat start ``` -------------------------------- ### SQL Support in Elasticsearch Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/docs-delete Information on using SQL with Elasticsearch, including an overview, getting started guide, security considerations, and details on the SQL REST API, Translate API, and client applications. ```APIDOC ## SQL ### Description This section covers the SQL support in Elasticsearch, offering an overview, getting started guide, and detailed information on how to use SQL for querying and data analysis. It includes specifics on the SQL REST API, SQL Translate API, and integration with various SQL client applications. ### Overview ### Getting Started with SQL ### Conventions and Terminology * Mapping concepts across SQL and Elasticsearch ### Security ### SQL REST API * Overview * Response Data Formats * Paginating through a large response * Filtering using Elasticsearch Query DSL * Columnar results * Passing parameters to a query * Use runtime fields * Run an async SQL search ### SQL Translate API ### SQL CLI ### SQL JDBC * API usage ### SQL ODBC * Driver installation * Configuration ### SQL Client Applications * DBeaver * DbVisualizer * Microsoft Excel * Microsoft Power BI Desktop * Microsoft PowerShell * MicroStrategy Desktop * Qlik Sense Desktop * SQuirreL SQL * SQL Workbench/J * Tableau Desktop * Tableau Server ### SQL Language * Lexical Structure * SQL Commands * DESCRIBE TABLE * SELECT * SHOW CATALOGS * SHOW COLUMNS * SHOW FUNCTIONS * SHOW TABLES * Data Types * Index patterns * Frozen Indices ### Functions and Operators * Comparison Operators * Logical Operators * Math Operators * Cast Operators * LIKE and RLIKE Operators * Aggregate Functions * Grouping Functions * Date/Time and Interval Functions and Operators * Full-Text Search Functions * Mathematical Functions * String Functions * Type Conversion Functions * Geo Functions * Conditional Functions And Expressions * System Functions ### Reserved keywords ### SQL Limitations ``` -------------------------------- ### Watcher: Getting Started Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sql-client-apps-powerbi An introduction to Watcher, explaining its core concepts and how to begin using it for automated alerting. ```APIDOC ## Watcher: Getting Started This section provides an introduction to Watcher, explaining its purpose and guiding users through their first steps in setting up automated alerts and actions. ### Core Concepts - **Watches**: Scheduled or triggered jobs that execute a query, compare results against conditions, and perform actions. - **Triggers**: Define when a watch should execute (e.g., periodically, on an input change). - **Input**: The data source for a watch, typically an Elasticsearch query. - **Condition**: A check performed on the input data to determine if actions should be executed. - **Actions**: Tasks performed when the condition is met (e.g., sending an email, logging a message, calling a webhook). ### First Watch Example **Description**: A simple example of a watch that triggers an alert if the number of documents in an index exceeds a certain threshold. **Method**: POST **Endpoint**: `/_watcher/watch/` **Request Body Example**: ```json { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": ["my-index"], "body": { "query": { "match_all": {} } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 1000 } } }, "actions": { "log_message": { "logging": { "message": "High document count detected in my-index! Total: {{ctx.payload.hits.total}}" } } } } ``` ``` -------------------------------- ### Running Connectors from Source Code Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/query-dsl-fuzzy-query Instructions on how to run Elastic connectors directly from their source code. This involves setting up the environment and executing the connector. ```shell git clone cd pip install -r requirements.txt python main.py --config ``` -------------------------------- ### Elastic Managed Connectors Tutorial Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/migration-api Details the process of using Elastic's managed connector services, with a specific tutorial example for MongoDB integration. This simplifies data ingestion from supported sources. ```text * Managed connector tutorial (MongoDB) ``` -------------------------------- ### Getting Started with Watcher Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-api-enable-user Provides initial steps and basic concepts for using the Elasticsearch Watcher feature, which allows you to automate alerts and actions based on data in your cluster. ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1h" } }, "input": { "search": { "request": { "indices": ["logs-*"], "body": { "query": { "match": {"message": "error"} } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 10 } } }, "actions": { "log_error": { "logging": { "message": "High number of errors detected: {{ctx.payload.hits.total}}" } } } } ``` -------------------------------- ### Get X-Pack Usage (JavaScript) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/usage-api Asynchronously retrieves X-Pack usage statistics with the Elasticsearch JavaScript client. This example uses `async/await` to call the `client.xpack.usage()` method and logs the result to the console. The `elasticsearch` package must be installed. ```javascript const response = await client.xpack.usage(); console.log(response); ``` -------------------------------- ### Get Elasticsearch PID from File and Terminate Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/stopping-elasticsearch This example shows how to start Elasticsearch in the background, writing its PID to a file, and then using that PID to send a SIGTERM signal for an orderly shutdown. This is a common method for automated or remote management. ```bash $ ./bin/elasticsearch -p /tmp/elasticsearch-pid -d $ cat /tmp/elasticsearch-pid && echo 15516 $ kill -SIGTERM 15516 ``` -------------------------------- ### Elasticsearch Startup Timeout Log Example (systemd) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/starting-elasticsearch Example logs demonstrating a startup timeout scenario with older systemd versions. The Elasticsearch logs show a normal stopping sequence, while systemd logs indicate a startup timeout and failure. ```log [2022-01-31T01:22:31,077][INFO ][o.e.n.Node ] [instance-0000000123] starting ... ... [2022-01-31T01:37:15,077][INFO ][o.e.n.Node ] [instance-0000000123] stopping ... Jan 31 01:22:30 debian systemd[1]: Starting Elasticsearch... Jan 31 01:37:15 debian systemd[1]: elasticsearch.service: Start operation timed out. Terminating. Jan 31 01:37:15 debian systemd[1]: elasticsearch.service: Main process exited, code=killed, status=15/TERM Jan 31 01:37:15 debian systemd[1]: elasticsearch.service: Failed with result 'timeout'. Jan 31 01:37:15 debian systemd[1]: Failed to start Elasticsearch. ``` -------------------------------- ### Set Up Minimal Security Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/sparse-vector This guide outlines the steps to set up minimal security in Elasticsearch, typically involving enabling security and setting initial passwords for built-in users. ```bash # Enable security in elasticsearch.yml xpack.security.enabled: true # Run the setup-passwords command bin/elasticsearch-setup-passwords auto ``` -------------------------------- ### Command line tools Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-basic-setup-https Documentation for various Elasticsearch command-line tools. ```APIDOC ## Command line tools ### elasticsearch-certgen Generates certificates for Elasticsearch. ### elasticsearch-certutil Utility for generating certificates. ### elasticsearch-create-enrollment-token Creates enrollment tokens. ### elasticsearch-croneval Evaluates cron expressions. ### elasticsearch-keystore Manages the Elasticsearch keystore. ### elasticsearch-node Manages Elasticsearch nodes. ### elasticsearch-reconfigure-node Reconfigures an Elasticsearch node. ### elasticsearch-reset-password Resets user passwords. ### elasticsearch-saml-metadata Generates SAML metadata. ### elasticsearch-service-tokens Manages service tokens. ### elasticsearch-setup-passwords Sets up default passwords. ### elasticsearch-shard Manages Elasticsearch shards. ### elasticsearch-syskeygen Generates system keys. ### elasticsearch-users Manages Elasticsearch users. ``` -------------------------------- ### Example Response for ILM Explain API Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/getting-started-index-lifecycle-management Illustrates a typical JSON response from the Elasticsearch ILM explain API, detailing the state of a specific index's lifecycle management. It shows the index's phase, age, and current action. ```json { "indices": { ".ds-timeseries-2099.03.07-000001": { "index": ".ds-timeseries-2099.03.07-000001", "index_creation_date_millis": 1538475653281, "time_since_index_creation": "30s", "managed": true, "policy": "timeseries_policy", "lifecycle_date_millis": 1538475653281, "age": "30s", "phase": "hot", "phase_time_millis": 1538475653317, "action": "rollover", "action_time_millis": 1538475653317, "step": "check-rollover-ready", "step_time_millis": 1538475653317, "phase_execution": { "policy": "timeseries_policy", "phase_definition": { "min_age": "0ms", "actions": { "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } }, "version": 1, "modified_date_in_millis": 1539609701576 } } } } ``` -------------------------------- ### Get Index API Configurations (JavaScript) Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/index-mgmt Uses the Elasticsearch JavaScript client to retrieve index configurations. This is helpful for monitoring and verifying index setups in a Node.js or browser environment. The 'elasticsearch' package must be installed and the client initialized. ```javascript const response = await client.indices.get({ index: "my-index-000001,my-index-000002", }); console.log(response); ``` -------------------------------- ### Elasticsearch Watcher: Getting Started with Watcher Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/remote-clusters This is a basic example of an Elasticsearch Watcher. It defines a trigger (e.g., a schedule), an input (e.g., a search query), and an action (e.g., sending an email). ```json PUT _watcher/watch/my_first_watch { "trigger": { "schedule": { "interval": "1m" } }, "input": { "search": { "request": { "indices": [ "logstash-*" ], "body": { "query": { "match": { "message": "ERROR" } } } } } }, "actions": { "send_email": { "email": { "profile": "default", "to": "admin@example.com", "subject": "High error rate detected!", "body": { "text": "Found {{ctx.payload.hits.total}} error documents in the last minute." } } } } } ``` -------------------------------- ### Setup Metricbeat Assets Source: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/security-basic-setup-https Command to load predefined assets for parsing, indexing, and visualizing data in Metricbeat. The `-e` flag sends output to standard error. ```bash ./metricbeat setup -e ```