[DOCS] Add watcher and elevated privilege info (elastic/x-pack-elasticsearch#2632)
Original commit: elastic/x-pack-elasticsearch@2dcbace8a0
This commit is contained in:
parent
ea05298087
commit
95a5d36289
|
@ -33,6 +33,12 @@ All operations on index templates.
|
||||||
`manage_ml`::
|
`manage_ml`::
|
||||||
All {ml} operations, such as creating and deleting {dfeeds}, jobs, and model
|
All {ml} operations, such as creating and deleting {dfeeds}, jobs, and model
|
||||||
snapshots.
|
snapshots.
|
||||||
|
+
|
||||||
|
--
|
||||||
|
NOTE: Datafeeds run as a system user with elevated privileges, including
|
||||||
|
permission to read all indices.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
`manage_pipeline`::
|
`manage_pipeline`::
|
||||||
All operations on ingest pipelines.
|
All operations on ingest pipelines.
|
||||||
|
@ -43,6 +49,12 @@ cache clearing.
|
||||||
|
|
||||||
`manage_watcher`::
|
`manage_watcher`::
|
||||||
All watcher operations, such as putting watches, executing, activate or acknowledging.
|
All watcher operations, such as putting watches, executing, activate or acknowledging.
|
||||||
|
+
|
||||||
|
--
|
||||||
|
NOTE: Watches run as a system user with elevated privileges, including permission
|
||||||
|
to read and write all indices.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
`transport_client`::
|
`transport_client`::
|
||||||
All privileges necessary for a transport client to connect. Required by the remote
|
All privileges necessary for a transport client to connect. Required by the remote
|
||||||
|
|
|
@ -44,7 +44,7 @@ The following snippet shows a simple `index` action definition:
|
||||||
| `doc_id` | no | - | The optional `_id` of the document.
|
| `doc_id` | no | - | The optional `_id` of the document.
|
||||||
|
|
||||||
| `execution_time_field` | no | - | The field that will store/index the watch execution
|
| `execution_time_field` | no | - | The field that will store/index the watch execution
|
||||||
time.
|
time.
|
||||||
|
|
||||||
| `timeout` | no | 60s | The timeout for waiting for the index api call to
|
| `timeout` | no | 60s | The timeout for waiting for the index api call to
|
||||||
return. If no response is returned within this time,
|
return. If no response is returned within this time,
|
||||||
|
@ -73,3 +73,6 @@ a document and the index action indexes all of them in a bulk.
|
||||||
|
|
||||||
An `_id` value can be added per document to dynamically set the ID of the indexed
|
An `_id` value can be added per document to dynamically set the ID of the indexed
|
||||||
document.
|
document.
|
||||||
|
|
||||||
|
NOTE: The index action runs as a system user with elevated privileges, including
|
||||||
|
permission to write all indices.
|
||||||
|
|
|
@ -3,8 +3,9 @@
|
||||||
|
|
||||||
[partintro]
|
[partintro]
|
||||||
--
|
--
|
||||||
You can watch for changes or anomalies in your data and perform the necessary
|
{xpack} alerting is a set of administrative features that enable you to watch
|
||||||
actions in response. For example, you might want to:
|
for changes or anomalies in your data and perform the necessary actions in
|
||||||
|
response. For example, you might want to:
|
||||||
|
|
||||||
* Monitor social media as another way to detect failures in user-facing
|
* Monitor social media as another way to detect failures in user-facing
|
||||||
automated systems like ATMs or ticketing systems. When the number of tweets
|
automated systems like ATMs or ticketing systems. When the number of tweets
|
||||||
|
@ -62,6 +63,11 @@ A full history of all watches is maintained in an Elasticsearch index. This
|
||||||
history keeps track of each time a watch is triggered and records the results
|
history keeps track of each time a watch is triggered and records the results
|
||||||
from the query, whether the condition was met, and what actions were taken.
|
from the query, whether the condition was met, and what actions were taken.
|
||||||
|
|
||||||
|
NOTE: Watches run with elevated privileges. Users mapped to the built-in
|
||||||
|
`watcher_admin` role or any other role to which the `manage_watcher` cluster
|
||||||
|
privilege is assigned should be reviewed and granted only to personnel with
|
||||||
|
appropriate trust levels to read and write all indices.
|
||||||
|
|
||||||
--
|
--
|
||||||
|
|
||||||
include::getting-started.asciidoc[]
|
include::getting-started.asciidoc[]
|
||||||
|
@ -81,5 +87,5 @@ include::transform.asciidoc[]
|
||||||
include::java.asciidoc[]
|
include::java.asciidoc[]
|
||||||
|
|
||||||
include::managing-watches.asciidoc[]
|
include::managing-watches.asciidoc[]
|
||||||
|
|
||||||
include::example-watches.asciidoc[]
|
include::example-watches.asciidoc[]
|
||||||
|
|
|
@ -2,17 +2,17 @@
|
||||||
=== Search Input
|
=== Search Input
|
||||||
|
|
||||||
Use the `search` input to load the results of an Elasticsearch search request
|
Use the `search` input to load the results of an Elasticsearch search request
|
||||||
into the execution context when the watch is triggered. See
|
into the execution context when the watch is triggered. See
|
||||||
<<search-input-attributes, Search Input Attributes>> for all of the
|
<<search-input-attributes, Search Input Attributes>> for all of the
|
||||||
supported attributes.
|
supported attributes.
|
||||||
|
|
||||||
In the search input's `request` object, you specify:
|
In the search input's `request` object, you specify:
|
||||||
|
|
||||||
* The indices you want to search
|
* The indices you want to search
|
||||||
* The {ref}/search-request-search-type.html[search type]
|
* The {ref}/search-request-search-type.html[search type]
|
||||||
* The search request body
|
* The search request body
|
||||||
|
|
||||||
The search request body supports the full Elasticsearch Query DSL--it's the
|
The search request body supports the full Elasticsearch Query DSL--it's the
|
||||||
same as the body of an Elasticsearch `_search` request.
|
same as the body of an Elasticsearch `_search` request.
|
||||||
|
|
||||||
For example, the following input retrieves all `event`
|
For example, the following input retrieves all `event`
|
||||||
|
@ -33,7 +33,7 @@ documents from the `logs` index:
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
You can use date math and wildcards when specifying indices. For example,
|
You can use date math and wildcards when specifying indices. For example,
|
||||||
the following input loads the latest VIXZ quote from today's daily quotes index:
|
the following input loads the latest VIXZ quote from today's daily quotes index:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
|
@ -42,7 +42,7 @@ the following input loads the latest VIXZ quote from today's daily quotes index:
|
||||||
"input" : {
|
"input" : {
|
||||||
"search" : {
|
"search" : {
|
||||||
"request" : {
|
"request" : {
|
||||||
"indices" : [ "<stock-quotes-{now/d}>" ],
|
"indices" : [ "<stock-quotes-{now/d}>" ],
|
||||||
"body" : {
|
"body" : {
|
||||||
"size" : 1,
|
"size" : 1,
|
||||||
"sort" : {
|
"sort" : {
|
||||||
|
@ -108,8 +108,8 @@ parameter:
|
||||||
|
|
||||||
==== Applying Conditions
|
==== Applying Conditions
|
||||||
|
|
||||||
The `search` input is often used in conjunction with the <<condition-script,
|
The `search` input is often used in conjunction with the <<condition-script,
|
||||||
`script`>> condition. For example, the following snippet adds a condition to
|
`script`>> condition. For example, the following snippet adds a condition to
|
||||||
check if the search returned more than five hits:
|
check if the search returned more than five hits:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
|
@ -200,4 +200,7 @@ specifying the request `body`:
|
||||||
| `ctx.trigger.triggered_time` | The time this watch was triggered.
|
| `ctx.trigger.triggered_time` | The time this watch was triggered.
|
||||||
| `ctx.trigger.scheduled_time` | The time this watch was supposed to be triggered.
|
| `ctx.trigger.scheduled_time` | The time this watch was supposed to be triggered.
|
||||||
| `ctx.metadata.*` | Any metadata associated with the watch.
|
| `ctx.metadata.*` | Any metadata associated with the watch.
|
||||||
|======
|
|======
|
||||||
|
|
||||||
|
NOTE: The search input runs as a system user with elevated privileges, including
|
||||||
|
permission to read all indices.
|
||||||
|
|
Loading…
Reference in New Issue