[DOCS] Add watcher and elevated privilege info (elastic/x-pack-elasticsearch#2632)

Original commit: elastic/x-pack-elasticsearch@2dcbace8a0
This commit is contained in:
Lisa Cawley 2017-09-26 13:26:02 -07:00 committed by GitHub
parent ea05298087
commit 95a5d36289
4 changed files with 36 additions and 12 deletions

View File

@ -33,6 +33,12 @@ All operations on index templates.
`manage_ml`:: `manage_ml`::
All {ml} operations, such as creating and deleting {dfeeds}, jobs, and model All {ml} operations, such as creating and deleting {dfeeds}, jobs, and model
snapshots. snapshots.
+
--
NOTE: Datafeeds run as a system user with elevated privileges, including
permission to read all indices.
--
`manage_pipeline`:: `manage_pipeline`::
All operations on ingest pipelines. All operations on ingest pipelines.
@ -43,6 +49,12 @@ cache clearing.
`manage_watcher`:: `manage_watcher`::
All watcher operations, such as putting watches, executing, activate or acknowledging. All watcher operations, such as putting watches, executing, activate or acknowledging.
+
--
NOTE: Watches run as a system user with elevated privileges, including permission
to read and write all indices.
--
`transport_client`:: `transport_client`::
All privileges necessary for a transport client to connect. Required by the remote All privileges necessary for a transport client to connect. Required by the remote

View File

@ -44,7 +44,7 @@ The following snippet shows a simple `index` action definition:
| `doc_id` | no | - | The optional `_id` of the document. | `doc_id` | no | - | The optional `_id` of the document.
| `execution_time_field` | no | - | The field that will store/index the watch execution | `execution_time_field` | no | - | The field that will store/index the watch execution
time. time.
| `timeout` | no | 60s | The timeout for waiting for the index api call to | `timeout` | no | 60s | The timeout for waiting for the index api call to
return. If no response is returned within this time, return. If no response is returned within this time,
@ -73,3 +73,6 @@ a document and the index action indexes all of them in a bulk.
An `_id` value can be added per document to dynamically set the ID of the indexed An `_id` value can be added per document to dynamically set the ID of the indexed
document. document.
NOTE: The index action runs as a system user with elevated privileges, including
permission to write all indices.

View File

@ -3,8 +3,9 @@
[partintro] [partintro]
-- --
You can watch for changes or anomalies in your data and perform the necessary {xpack} alerting is a set of administrative features that enable you to watch
actions in response. For example, you might want to: for changes or anomalies in your data and perform the necessary actions in
response. For example, you might want to:
* Monitor social media as another way to detect failures in user-facing * Monitor social media as another way to detect failures in user-facing
automated systems like ATMs or ticketing systems. When the number of tweets automated systems like ATMs or ticketing systems. When the number of tweets
@ -62,6 +63,11 @@ A full history of all watches is maintained in an Elasticsearch index. This
history keeps track of each time a watch is triggered and records the results history keeps track of each time a watch is triggered and records the results
from the query, whether the condition was met, and what actions were taken. from the query, whether the condition was met, and what actions were taken.
NOTE: Watches run with elevated privileges. Users mapped to the built-in
`watcher_admin` role or any other role to which the `manage_watcher` cluster
privilege is assigned should be reviewed and granted only to personnel with
appropriate trust levels to read and write all indices.
-- --
include::getting-started.asciidoc[] include::getting-started.asciidoc[]
@ -81,5 +87,5 @@ include::transform.asciidoc[]
include::java.asciidoc[] include::java.asciidoc[]
include::managing-watches.asciidoc[] include::managing-watches.asciidoc[]
include::example-watches.asciidoc[] include::example-watches.asciidoc[]

View File

@ -2,17 +2,17 @@
=== Search Input === Search Input
Use the `search` input to load the results of an Elasticsearch search request Use the `search` input to load the results of an Elasticsearch search request
into the execution context when the watch is triggered. See into the execution context when the watch is triggered. See
<<search-input-attributes, Search Input Attributes>> for all of the <<search-input-attributes, Search Input Attributes>> for all of the
supported attributes. supported attributes.
In the search input's `request` object, you specify: In the search input's `request` object, you specify:
* The indices you want to search * The indices you want to search
* The {ref}/search-request-search-type.html[search type] * The {ref}/search-request-search-type.html[search type]
* The search request body * The search request body
The search request body supports the full Elasticsearch Query DSL--it's the The search request body supports the full Elasticsearch Query DSL--it's the
same as the body of an Elasticsearch `_search` request. same as the body of an Elasticsearch `_search` request.
For example, the following input retrieves all `event` For example, the following input retrieves all `event`
@ -33,7 +33,7 @@ documents from the `logs` index:
} }
-------------------------------------------------- --------------------------------------------------
You can use date math and wildcards when specifying indices. For example, You can use date math and wildcards when specifying indices. For example,
the following input loads the latest VIXZ quote from today's daily quotes index: the following input loads the latest VIXZ quote from today's daily quotes index:
[source,js] [source,js]
@ -42,7 +42,7 @@ the following input loads the latest VIXZ quote from today's daily quotes index:
"input" : { "input" : {
"search" : { "search" : {
"request" : { "request" : {
"indices" : [ "<stock-quotes-{now/d}>" ], "indices" : [ "<stock-quotes-{now/d}>" ],
"body" : { "body" : {
"size" : 1, "size" : 1,
"sort" : { "sort" : {
@ -108,8 +108,8 @@ parameter:
==== Applying Conditions ==== Applying Conditions
The `search` input is often used in conjunction with the <<condition-script, The `search` input is often used in conjunction with the <<condition-script,
`script`>> condition. For example, the following snippet adds a condition to `script`>> condition. For example, the following snippet adds a condition to
check if the search returned more than five hits: check if the search returned more than five hits:
[source,js] [source,js]
@ -200,4 +200,7 @@ specifying the request `body`:
| `ctx.trigger.triggered_time` | The time this watch was triggered. | `ctx.trigger.triggered_time` | The time this watch was triggered.
| `ctx.trigger.scheduled_time` | The time this watch was supposed to be triggered. | `ctx.trigger.scheduled_time` | The time this watch was supposed to be triggered.
| `ctx.metadata.*` | Any metadata associated with the watch. | `ctx.metadata.*` | Any metadata associated with the watch.
|====== |======
NOTE: The search input runs as a system user with elevated privileges, including
permission to read all indices.