[DOCS] Add watcher and elevated privilege info (elastic/x-pack-elasticsearch#2632)
Original commit: elastic/x-pack-elasticsearch@2dcbace8a0
This commit is contained in:
Lisa Cawley
GitHub
parent
ea05298087
commit
95a5d36289
|
|
@ -33,6 +33,12 @@ All operations on index templates.
|
|||
`manage_ml`::
|
||||
All {ml} operations, such as creating and deleting {dfeeds}, jobs, and model
|
||||
snapshots.
|
||||
+
|
||||
--
|
||||
NOTE: Datafeeds run as a system user with elevated privileges, including
|
||||
permission to read all indices.
|
||||
|
||||
--
|
||||
|
||||
`manage_pipeline`::
|
||||
All operations on ingest pipelines.
|
||||
|
|
@ -43,6 +49,12 @@ cache clearing.
|
|||
|
||||
`manage_watcher`::
|
||||
All watcher operations, such as putting watches, executing, activate or acknowledging.
|
||||
+
|
||||
--
|
||||
NOTE: Watches run as a system user with elevated privileges, including permission
|
||||
to read and write all indices.
|
||||
|
||||
--
|
||||
|
||||
`transport_client`::
|
||||
All privileges necessary for a transport client to connect. Required by the remote
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ The following snippet shows a simple `index` action definition:
|
|||
| `doc_id` | no | - | The optional `_id` of the document.
|
||||
|
||||
| `execution_time_field` | no | - | The field that will store/index the watch execution
|
||||
time.
|
||||
time.
|
||||
|
||||
| `timeout` | no | 60s | The timeout for waiting for the index api call to
|
||||
return. If no response is returned within this time,
|
||||
|
|
@ -73,3 +73,6 @@ a document and the index action indexes all of them in a bulk.
|
|||
|
||||
An `_id` value can be added per document to dynamically set the ID of the indexed
|
||||
document.
|
||||
|
||||
NOTE: The index action runs as a system user with elevated privileges, including
|
||||
permission to write all indices.
|
||||
|
|
|
|||
|
|
@ -3,8 +3,9 @@
|
|||
|
||||
[partintro]
|
||||
--
|
||||
You can watch for changes or anomalies in your data and perform the necessary
|
||||
actions in response. For example, you might want to:
|
||||
{xpack} alerting is a set of administrative features that enable you to watch
|
||||
for changes or anomalies in your data and perform the necessary actions in
|
||||
response. For example, you might want to:
|
||||
|
||||
* Monitor social media as another way to detect failures in user-facing
|
||||
automated systems like ATMs or ticketing systems. When the number of tweets
|
||||
|
|
@ -62,6 +63,11 @@ A full history of all watches is maintained in an Elasticsearch index. This
|
|||
history keeps track of each time a watch is triggered and records the results
|
||||
from the query, whether the condition was met, and what actions were taken.
|
||||
|
||||
NOTE: Watches run with elevated privileges. Users mapped to the built-in
|
||||
`watcher_admin` role or any other role to which the `manage_watcher` cluster
|
||||
privilege is assigned should be reviewed and granted only to personnel with
|
||||
appropriate trust levels to read and write all indices.
|
||||
|
||||
--
|
||||
|
||||
include::getting-started.asciidoc[]
|
||||
|
|
@ -81,5 +87,5 @@ include::transform.asciidoc[]
|
|||
include::java.asciidoc[]
|
||||
|
||||
include::managing-watches.asciidoc[]
|
||||
|
||||
|
||||
include::example-watches.asciidoc[]
|
||||
|
|
|
|||
|
|
@ -2,17 +2,17 @@
|
|||
=== Search Input
|
||||
|
||||
Use the `search` input to load the results of an Elasticsearch search request
|
||||
into the execution context when the watch is triggered. See
|
||||
into the execution context when the watch is triggered. See
|
||||
<<search-input-attributes, Search Input Attributes>> for all of the
|
||||
supported attributes.
|
||||
|
||||
|
||||
In the search input's `request` object, you specify:
|
||||
|
||||
* The indices you want to search
|
||||
* The {ref}/search-request-search-type.html[search type]
|
||||
* The search request body
|
||||
|
||||
The search request body supports the full Elasticsearch Query DSL--it's the
|
||||
The search request body supports the full Elasticsearch Query DSL--it's the
|
||||
same as the body of an Elasticsearch `_search` request.
|
||||
|
||||
For example, the following input retrieves all `event`
|
||||
|
|
@ -33,7 +33,7 @@ documents from the `logs` index:
|
|||
}
|
||||
--------------------------------------------------
|
||||
|
||||
You can use date math and wildcards when specifying indices. For example,
|
||||
You can use date math and wildcards when specifying indices. For example,
|
||||
the following input loads the latest VIXZ quote from today's daily quotes index:
|
||||
|
||||
[source,js]
|
||||
|
|
@ -42,7 +42,7 @@ the following input loads the latest VIXZ quote from today's daily quotes index:
|
|||
"input" : {
|
||||
"search" : {
|
||||
"request" : {
|
||||
"indices" : [ "<stock-quotes-{now/d}>" ],
|
||||
"indices" : [ "<stock-quotes-{now/d}>" ],
|
||||
"body" : {
|
||||
"size" : 1,
|
||||
"sort" : {
|
||||
|
|
@ -108,8 +108,8 @@ parameter:
|
|||
|
||||
==== Applying Conditions
|
||||
|
||||
The `search` input is often used in conjunction with the <<condition-script,
|
||||
`script`>> condition. For example, the following snippet adds a condition to
|
||||
The `search` input is often used in conjunction with the <<condition-script,
|
||||
`script`>> condition. For example, the following snippet adds a condition to
|
||||
check if the search returned more than five hits:
|
||||
|
||||
[source,js]
|
||||
|
|
@ -200,4 +200,7 @@ specifying the request `body`:
|
|||
| `ctx.trigger.triggered_time` | The time this watch was triggered.
|
||||
| `ctx.trigger.scheduled_time` | The time this watch was supposed to be triggered.
|
||||
| `ctx.metadata.*` | Any metadata associated with the watch.
|
||||
|======
|
||||
|======
|
||||
|
||||
NOTE: The search input runs as a system user with elevated privileges, including
|
||||
permission to read all indices.
|
||||
|
|
|
|||
Loading…
Reference in New Issue