Commit Graph

9180 Commits

Author SHA1 Message Date
James Rodewig 65bb679c56 [DOCS] EQL: Move comparison operator defs 2020-09-16 10:54:31 -04:00
James Rodewig 9b10d0b3af [DOCS] EQL: Add xrefs to EQL intro 2020-09-16 10:44:01 -04:00
James Rodewig 61ea9af25b
[DOCS] Document static/dynamic security settings (#62181) (#62460) 2020-09-16 09:50:58 -04:00
James Rodewig 484e74ccaa
[DOCS] Update range field type docs (#62112) (#62454)
Co-authored-by: Wylie Conlon <william.conlon@elastic.co>
2020-09-16 09:33:04 -04:00
James Rodewig f94ae7ae26
[DOCS] Add static/dynamic type to audit logging settings (#61235) (#62417) 2020-09-15 17:34:24 -04:00
debadair 139a2988a0
[DOCS] Make it more obvious that the Java API is deprecated. (#62398) 2020-09-15 14:24:45 -07:00
Lisa Cawley 6320967546 [DOCS] Minor typo in ML API (#62414) 2020-09-15 13:20:55 -07:00
Nik Everett 771a8893a6
Add more debugging information for cardinality agg (#62317) (#62397)
This adds two extra bits of info to the profiler:
1. Count of the number of different types of collectors. This lets us figure
   out if we're using the optimization for segment ordinals. It adds a few
   more similar counters just for good measure.
2. Profiles the `getLeafCollector` and `postCollection` methods. These are
   non-trivial for some aggregations, like cardinality.
2020-09-15 13:21:11 -04:00
James Rodewig 2a7de79a1b
[DOCS] Remove redundant index.blocks.read_only_allow_delete setting (#62392) (#62399) 2020-09-15 12:43:48 -04:00
Adam Locke 5dc0de04fb
[DOCS] Clarifying remote clusters based on feedback from Support (#62335) (#62394)
* Clarifying remote clusters based on feedback from Support.

* Apply suggestions from code review

* Making additional editorial changes.
2020-09-15 12:02:43 -04:00
István Zoltán Szabó d0c7b0a3a8
[DOCS] Removes init_script line from example Painless aggregation. (#62367) (#62379) 2020-09-15 15:13:23 +02:00
Lee Hinman 6b2af30a62
[7.x] Add "synthetics-*-*" templates for synthetics fleet data (#62193) (#62346)
* Add "synthetics-*-*" templates for synthetics fleet data

For the Elastic Agent we currently have `logs` and `metrics`, however, synthetic data doesn't belong
with those and thus we should have a place for it to live. This would be data reported from
heartbeat and under the 'monitoring' category.

This commit adds a composable index template for `synthetics-*-*` indices similar to the work in
 #56709 and #57629.

Resolves #61665
2020-09-14 17:14:34 -06:00
Julie Tibshirani 9332a9c74b Add the fields option to the search API docs. (#62260) 2020-09-14 13:44:44 -07:00
Julie Tibshirani 4a19bdb2ea
Support the 'fields' option in inner_hits and top_hits. (#62337)
This PR adds support for the 'fields' option in the following places:
* Anytime `inner_hits` is used, for both fetching nested/ child docs and field collapsing
* The `top_hits` aggregation

Addresses #61949.
2020-09-14 11:51:45 -07:00
James Rodewig ec335c7c34
[DOCS] Fix capitalization for several headings (#62324) (#62329) 2020-09-14 12:35:15 -04:00
James Rodewig f4dfdc9d59
[DOCS] Fix typo in rollup groups docs (#62269) (#62316)
Co-authored-by: AndyHunt66 <andrew.hunt@elastic.co>
2020-09-14 10:42:58 -04:00
Varun Sharma 65ec94f8a3
[DOCS] Fix node roles typo (#62307) (#62306) 2020-09-14 10:17:30 -04:00
James Rodewig 3ab28e84c6
[DOCS] EQL: Update keyword family field types (#62254) (#62310)
Updates several keyword/constant keyword references to use any field type in the
keyword family.
2020-09-14 09:51:34 -04:00
James Rodewig af13c9802d
[7.x] [DOCS] Add PIT to search after docs (#61593) (#62101) 2020-09-14 09:13:23 -04:00
Tanguy Leroux 9e38dd0254
Deprecate Repository Stats API (#62297) (#62308)
This commit deprecates the Repository Stats API added in 7.8.0 as
an experimental API behind a feature flag. The goal is to deprecate
this API in 7.10.0 and remove it in a follow up PR in 8.0.0.

This API is now superseded by the Repositories Metering API.
2020-09-14 14:57:38 +02:00
Leaf-Lin 5ea5cc5b54 [DOCS] Fix typo in update by query docs (#62263)
This page is referring to update by query, not delete by query.
2020-09-11 09:48:24 -04:00
Nhat Nguyen 3d69b5c41e Introduce point in time APIs in x-pack basic (#61062)
This commit introduces a new API that manages point-in-times in x-pack
basic. Elasticsearch pit (point in time) is a lightweight view into the
state of the data as it existed when initiated. A search request by
default executes against the most recent point in time. In some cases,
it is preferred to perform multiple search requests using the same point
in time. For example, if refreshes happen between search_after requests,
then the results of those requests might not be consistent as changes
happening between searches are only visible to the more recent point in
time.

A point in time must be opened before being used in search requests. The
`keep_alive` parameter tells Elasticsearch how long it should keep a
point in time around.

```
POST /my_index/_pit?keep_alive=1m
```

The response from the above request includes a `id`, which should be
passed to the `id` of the `pit` parameter of search requests.

```
POST /_search
{
    "query": {
        "match" : {
            "title" : "elasticsearch"
        }
    },
    "pit": {
            "id":  "46ToAwMDaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQNpZHkFdXVpZDIrBm5vZGVfMwAAAAAAAAAAKgFjA2lkeQV1dWlkMioGbm9kZV8yAAAAAAAAAAAMAWICBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==",
            "keep_alive": "1m"
    }
}
```

Point-in-times are automatically closed when the `keep_alive` is
elapsed. However, keeping point-in-times has a cost; hence,
point-in-times should be closed as soon as they are no longer used in
search requests.

```
DELETE /_pit
{
    "id" : "46ToAwMDaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQNpZHkFdXVpZDIrBm5vZGVfMwAAAAAAAAAAKgFjA2lkeQV1dWlkMioGbm9kZV8yAAAAAAAAAAAMAWIBBXV1aWQyAAA="
}
```

#### Notable works in this change:

- Move the search state to the coordinating node: #52741
- Allow searches with a specific reader context: #53989
- Add the ability to acquire readers in IndexShard: #54966

Relates #46523
Relates #26472

Co-authored-by: Jim Ferenczi <jimczi@apache.org>
2020-09-10 19:25:47 -04:00
James Rodewig df3a7c0c8d
[DOCS] Fix ILM force merge codec param (#62243) (#62251) 2020-09-10 14:08:04 -04:00
James Rodewig 2b50d7e170
[DOCS] Fix ILM attribute (#62245) (#62249) 2020-09-10 14:07:31 -04:00
James Rodewig 09b167c8dd
[DOCS] Add redirects for removed searchable snapshot APIs (#62236) (#62237) 2020-09-10 11:40:24 -04:00
James Rodewig c9d2d4b306
[DOCS] Remove collapsible examples in EQL syntax docs (#62220) (#62226) 2020-09-10 10:55:00 -04:00
Tanguy Leroux 42f5d38d9b
Remove REST APIs documentation for experimental Searchable Snapshot APIs (#62217) (#62231)
This commit removes the documentation for some specific Searchable Snapshot REST APIs:
- clear cache
- searchable snapshot stats
- repository stats

These APIs are low-level and are useful to investigate the behavior of snapshot
backed indices but we expect them to be removed in the future or to appear in
a different form.
2020-09-10 16:51:28 +02:00
Yannick Welsch e3feafc1e9 Enable searchable snapshots in release builds (#62201)
Enables searchable snapshot functionality not only in snapshot, but also release builds.
2020-09-10 11:20:12 +02:00
David Roberts 969a1c558b [ML] Include the "properties" layer in find_file_structure mappings (#62158)
Previously the "mappings" field of the response from the
find_file_structure endpoint was not a drop-in for the
mappings format of the create index endpoint - the
"properties" layer was missing.  The reason for omitting
it initially was that the assumption was that the
find_file_structure endpoint would only ever return very
simple mappings without any nested objects.  However,
this will not be true in the future, as we will improve
mappings detection for complex JSON objects.  As a first
step it makes sense to move the returned mappings closer
to the standard format.

This is a small building block towards fixing #55616
2020-09-10 09:33:42 +01:00
James Rodewig 71ca7f4d70
[7.x] [DOCS] Update multi-target syntax page (#62192) (#62195)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: Nicole Albee <2642763+a03nikki@users.noreply.github.com>
2020-09-09 18:24:33 -04:00
Lisa Cawley 1eb4595a29 [DOCS] Removes inference from trained model API text (#62125) 2020-09-09 10:13:32 -07:00
Christoph Büscher 885051fc14 Correct command for docs snippets test (#62182)
The command for running individual test seems outdated. Using `integTestRunner`
produces an error while `integTest` seems to work.
2020-09-09 18:58:43 +02:00
James Rodewig f1522fcafc
[DOCS] Fix range query admon for clarity (#62163) (#62171) 2020-09-09 10:37:43 -04:00
James Rodewig 6db8ca4113
[DOCS] Split delete index template API docs (#62074) (#62169)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: Zaeem <zaeemarshad@users.noreply.github.com>
2020-09-09 10:13:16 -04:00
Julie Tibshirani 2ca5f98e05 Small fixes to breaking changes docs.
* Move ngram and shingle changes to the analysis section.
* Add missing heading for field caps change.
2020-09-08 17:19:36 -07:00
Lisa Cawley 78b955eb86 [DOCS] Fix from and size descriptions for model APIs (#62128) 2020-09-08 12:56:36 -07:00
James Rodewig 5bca671f57
[DOCS] Fix ILM read only link (#62113) (#62119) 2020-09-08 12:19:24 -04:00
James Rodewig cc5e01a242
[DOCS] Fix field caps API docs (#62110) (#62116) 2020-09-08 12:19:04 -04:00
Lisa Cawley f0e7d88699 [DOCS] Fix allow_no_match description for model APIs (#62008) 2020-09-08 08:15:16 -07:00
James Rodewig 97bba08ea6
[DOCS] Fix typo in Java API docs (#62095) (#62097) 2020-09-08 09:49:03 -04:00
Francisco Fernández Castaño 2bb5716b3d
Add repositories metering API (#62088)
This pull request adds a new set of APIs that allows tracking the number of requests performed
by the different registered repositories.

In order to avoid losing data, the repository statistics are archived after the repository is closed for
a configurable retention period `repositories.stats.archive.retention_period`. The API exposes the
statistics for the active repositories as well as the modified/closed repositories.

Backport of #60371
2020-09-08 14:01:04 +02:00
David Kyle dfd196cb01
Mute Docs rollover index test snippet (#62045) (#62047)
For #62043
2020-09-07 12:47:02 +01:00
István Zoltán Szabó b07b75ce14
[DOCS] Removes inference from the names of trained model APIs. (#62036) (#62041)
# Conflicts:
#	docs/reference/ml/df-analytics/apis/get-inference-trained-model.asciidoc
2020-09-07 12:14:13 +02:00
Lisa Cawley bc5eec8205
[DOCS] Fix capitalization in HLRC ML APIs (#62010) (#62012) 2020-09-04 16:57:15 -07:00
Lisa Cawley 2789b8e6c4
[DOCS] Refresh machine learning custom URL example (#61826) (#61950) 2020-09-04 09:44:55 -07:00
James Rodewig 9f1f468cef
[DOCS] Document dynamic discovery settings (#61420) (#62002) 2020-09-04 11:36:34 -04:00
James Rodewig 7e2903d888
[DOCS] Document dynamic index mgmt and buffer settings (#61753) (#61996) 2020-09-04 10:40:55 -04:00
James Rodewig 3396184ff3
[DOCS] Use correct get document API (#61804) (#61992)
The documentation refers to a deprecated get document API call (it uses document `type`).

Co-authored-by: Thiago Souza <thiago@elastic.co>
2020-09-04 10:04:33 -04:00
James Rodewig 7863df88e3
[DOCS] Fix typo in URL-based access control docs (#61896) (#61986)
Co-authored-by: George Tseres <george.tseres@gmail.com>
2020-09-04 09:24:48 -04:00
Mikołaj Przybysz 3e6e81c993 [DOCS] Add line break to get ILM lifecycle API docs (#61892) 2020-09-04 09:00:42 -04:00
Théophile Helleboid - chtitux 9416a55687 [DOCS] Add jump link for 7.9.1 release notes (#61960) 2020-09-04 08:56:52 -04:00
Ignacio Vera 31c026f25c
upgrade to Lucene-8.7.0-snapshot-61ea26a (#61957) (#61974) 2020-09-04 13:46:20 +02:00
Ryan Ernst d6e17170c3
Simplify adding plugins and modules to testclusters (#61886)
There are currently half a dozen ways to add plugins and modules for
test clusters to use. All of them require the calling project to peek
into the plugin or module they want to use to grab its bundlePlugin
task, and then both depend on that task, as well as extract the archive
path the task will produce. This creates cross project dependencies that
are difficult to detect, and if the dependent plugin/module has not yet
been configured, the build will fail because the task does not yet
exist.

This commit makes the plugin and module methods for testclusters
symmetetric, and simply adding a file provider directly, or a project
path that will produce the plugin/module zip. Internally this new
variant uses normal configuration/dependencies across projects to get
the zip artifact. It also has the added benefit of no longer needing the
caller to add to the test task a dependsOn for bundlePlugin task.
2020-09-03 19:37:46 -07:00
James Rodewig 6fc1bb011e remove xref from heading 2020-09-03 17:49:36 -04:00
Lisa Cawley 3fb6dc05d2
[DOCS] Remove #60900 from release notes (#61944) 2020-09-03 10:57:00 -07:00
James Rodewig 2a62c8772a
Add release notes for 7.9.1 (#61861) (#61937)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>

Co-authored-by: Martijn Laarman <Mpdreamz@gmail.com>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-09-03 13:25:52 -04:00
James Rodewig 574b177528
[DOCS] Remove 7.9.1 coming tag (#61929) 2020-09-03 12:30:31 -04:00
István Zoltán Szabó acc9ef52db
[7.x] [DOCS] Adds filter aggregation example link to painless examples (#61890) (#61902)
* [DOCS] Adds filter aggregation example link to painless examples (#61890)

* Update docs/reference/transform/painless-examples.asciidoc
2020-09-03 15:32:30 +02:00
Julie Tibshirani 2a02c6ee36 Remove a redundant section on field data types. (#61821)
All information in the section is already included in the 'mapping-types' page.
2020-09-02 15:29:48 -07:00
Dan Hermann e0eafec897
[DOCS] Update tie_breaker defaults for bool_prefix and most_fields query types (#61112) (#61881) 2020-09-02 15:46:38 -05:00
James Rodewig 6eacb6dd89 [DOCS] Fix keyword xref 2020-09-02 11:47:17 -04:00
James Rodewig 8da4e4ab15 [DOCS] Update shard allocation awareness xref 2020-09-02 11:34:22 -04:00
Julie Tibshirani 9ee5f20ebc Link to the keyword family page from the field types docs. (#61819)
We now link to the top-level keyword type family page instead of its individual
subsections. This better fits the page format, where each type name is a link.
2020-09-01 16:23:49 -07:00
James Rodewig 129b233156
[DOCS] Document dynamic cluster settings (#61760) (#61817)
Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-09-01 16:04:23 -04:00
James Rodewig 8613bde780
[DOCS] Combine keyword family docs (#61662) (#61813) 2020-09-01 15:32:56 -04:00
James Rodewig fd976e668c
[DOCS] EQL: Clarify until keyword docs (#61794) (#61808) 2020-09-01 13:56:51 -04:00
Lisa Cawley d5f1223343 [DOCS] Clarify enabling monitoring features (#61758) 2020-08-31 13:16:23 -07:00
Lisa Cawley 0e4303433b
[DOCS] Document static monitoring settings (#61748) (#61756) 2020-08-31 13:03:17 -07:00
James Rodewig f39a9bbe19
[DOCS] Document static ILM settings (#61745) (#61749) 2020-08-31 14:02:10 -04:00
Dan Hermann 2858e1efc4
Document new stats in _cat/nodes (#60445) (#61742) 2020-08-31 12:40:21 -05:00
James Rodewig 130a7cea78
[DOCS] Add placeholder for 7.9.1 release notes (#61652) 2020-08-31 12:25:59 -04:00
Adam Locke 5723b928d7
Remove Outdated Snapshot Docs (#61684) (#61728)
Removing some now outdated statements that refer to a time
when snapshot operations could not run concurrently.

Closes #61680
2020-08-31 12:04:27 -04:00
James Rodewig caa1a9024c
[DOCS] Add jump list to breaking changes page (#61598) 2020-08-31 11:25:57 -04:00
James Rodewig f47363074e
[DOCS] Remove placeholder for 7.8.2 release notes (#61653) 2020-08-31 11:22:14 -04:00
James Rodewig 1f24fc03a0
[DOCS] Document dynamic cluster-lvl shard alloc settings (#61338) (#61735) 2020-08-31 11:19:57 -04:00
James Rodewig 8228cdad67
[DOCS] Fix typo in range query docs (#61722) (#61731) 2020-08-31 11:03:11 -04:00
James Rodewig f94999bb2f
[DOCS] Add force merge to hot phase list (#61725) (#61729) 2020-08-31 11:02:41 -04:00
James Rodewig ccbe2938c8
[DOCS] Fix Gsub processor snippet (#61720) (#61723) 2020-08-31 10:43:26 -04:00
James Rodewig 054a64d66f
[DOCS] Fix old NodeSelector field in Low Level REST Client (#61551) (#61718)
Co-authored-by: Manabu Matsuzaki <matsumana@users.noreply.github.com>
2020-08-31 10:07:58 -04:00
Jason Tedor 64cd229b35
Upgrade to Lucene 8.6.2 (#61688)
This commit upgrades the Lucene dependencies to 8.6.2.
2020-08-31 09:54:07 -04:00
James Rodewig e65778c222
[DOCS] Fix typo in nodes stats docs (#61601) (#61717)
Co-authored-by: Henry <henryloh@ucla.edu>
2020-08-31 09:29:50 -04:00
Jake Landis d2e5f2f532
[7.x] Enhance the ingest node simulate verbose output (#60433) (#60678)
This commit enhances the verbose output for the
`_ingest/pipeline/_simulate?verbose` api. Specifically
this adds the following:
* the pipeline processor is now included in the output
* the conditional (if) and result is now included in the output iff it was defined
* a status field is always displayed. the possible values of status are
  * `success` - if the processor ran with out errors
  * `error` - if the processor ran but threw an error that was not ingored
  * `error_ignored` - if the processor ran but threw an error that was ingored
  * `skipped` - if the process did not run (currently only possible if the if condition evaluates to false)
  * `dropped` - if the the `drop` processor ran and dropped the document
* a `processor_type` field for the type of processor (e.g. set, rename, etc.)
* throw a better error if trying to simulate with a pipeline that does not exist

closes #56004
2020-08-27 16:53:09 -05:00
Lee Hinman 1bfebd54ea
[7.x] Allocate newly created indices on data_hot tier nodes (#61342) (#61650)
This commit adds the functionality to allocate newly created indices on nodes in the "hot" tier by
default when they are created.

This does not break existing behavior, as nodes with the `data` role are considered to be part of
the hot tier. Users that separate their deployments by using the `data_hot` (and `data_warm`,
`data_cold`, `data_frozen`) roles will have their data allocated on the hot tier nodes now by
default.

This change is a little more complicated than changing the default value for
`index.routing.allocation.include._tier` from null to "data_hot". Instead, this adds the ability to
have a plugin inject a setting into the builder for a newly created index. This has the benefit of
allowing this setting to be visible as part of the settings when retrieving the index, for example:

```
// Create an index
PUT /eggplant

// Get an index
GET /eggplant?flat_settings
```

Returns the default settings now of:

```json
{
  "eggplant" : {
    "aliases" : { },
    "mappings" : { },
    "settings" : {
      "index.creation_date" : "1597855465598",
      "index.number_of_replicas" : "1",
      "index.number_of_shards" : "1",
      "index.provided_name" : "eggplant",
      "index.routing.allocation.include._tier" : "data_hot",
      "index.uuid" : "6ySG78s9RWGystRipoBFCA",
      "index.version.created" : "8000099"
    }
  }
}
```

After the initial setting of this setting, it can be treated like any other index level setting.

This new setting is *not* set on a new index if any of the following is true:

- The index is created with an `index.routing.allocation.include.<anything>` setting
- The index is created with an `index.routing.allocation.exclude.<anything>` setting
- The index is created with an `index.routing.allocation.require.<anything>` setting
- The index is created with a null `index.routing.allocation.include._tier` value
- The index was created from an existing source metadata (shrink, clone, split, etc)

Relates to #60848
2020-08-27 13:41:12 -06:00
James Rodewig 0407f1d19b
[DOCS] Change 'data type' to 'field type' (#61633) (#61635) 2020-08-27 12:47:28 -04:00
Lisa Cawley 6d6f5d4acc [DOCS] Per-partition categorization (#61506) 2020-08-26 17:10:01 -07:00
James Rodewig 580ef8eb0c
[DOCS] Document static field cache settings (#61424) (#61606) 2020-08-26 17:29:15 -04:00
Jason Tedor 9840fd1485
Add Lucene 8.6.0 memory leak as a known issue (#61603)
This commit adds a note to the known issues docs that Lucene 8.6.0
contains a memory leak that manifests in Elasticsearch as a slow memory
leak.
2020-08-26 15:45:14 -04:00
James Rodewig 462754e4e6
[DOCS] Reorg field data types page (#61117) (#61599) 2020-08-26 14:24:09 -04:00
James Rodewig 8a6ecd5bfc [DOCS] Fix EQL syntax admon 2020-08-26 13:39:42 -04:00
James Rodewig 20053bfd8c [DOCS] Remove dupe EQl fn/pipe TOC 2020-08-26 12:45:09 -04:00
James Rodewig 4701832879
[DOCS] Add 7.9 breaking change for built-in templates (#61549) (#61558) 2020-08-26 08:10:59 -04:00
lcawl 5fa839b906 [DOCS] Fix typo in update anomaly detection job API 2020-08-25 17:13:38 -07:00
Igor Motov f70a59971a
[7.x] Add rate aggregation (#61369) (#61554)
Adds a new rate aggregation that can calculate a document rate for buckets
of a date_histogram.

Closes #60674
2020-08-25 17:39:00 -04:00
debadair 82585107aa
updated shard limit doc (#56496) (#61509)
* updated shard limit doc

As the documentation was not so clear. I have updated saying this limit includes open indices with unassigned primaries and replicas count towards the limit.

* [DOCS] Incorporated edits.

Co-authored-by: Deb Adair <debadair@elastic.co>

Co-authored-by: gadekishore <50092970+gadekishore@users.noreply.github.com>
2020-08-25 14:24:47 -07:00
James Rodewig e0843571c4 [DOCS] Fix typo in search your data docs 2020-08-25 17:01:08 -04:00
markharwood 8b56441d2b
Search - add case insensitive support for regex queries. (#59441) (#61532)
Backport to add case insensitive support for regex queries. 
Forks a copy of Lucene’s RegexpQuery and RegExp from Lucene master.
This can be removed when 8.7 Lucene is released.

Closes #59235
2020-08-25 17:18:59 +01:00
James Rodewig e3d23c34ab
[DOCS] Document static HTTP settings (#61429) (#61536) 2020-08-25 11:27:05 -04:00
James Rodewig 5ad0ce49e1
[DOCS] Remove response params for #61428 (#61524) (#61534) 2020-08-25 11:17:56 -04:00
Brandon Morelli fade7408cd [DOCS] Fix link to quartz crontrigger tutorial (#61531) 2020-08-25 10:49:00 -04:00
Costin Leau bff3c7470e
EQL: Replace SearchHit in response with Event (#61428) (#61522)
The building block of the eql response is currently the SearchHit. This
is a problem since it is tied to an actual search, and thus has scoring,
highlighting, shard information and a lot of other things that are not
relevant for EQL.
This becomes a problem when doing sequence queries since the response is
not generated from one search query and thus there are no SearchHits to
speak of.
Emulating one is not just conceptually incorrect but also problematic
since most of the data is missed or made-up.

As such this PR introduces a simple class, Event, that maps nicely to
the terminology while hiding the ES internals (the use of SearchHit or
GetResult/GetResponse depending on the API used).

Fix #59764
Fix #59779

Co-authored-by: Igor Motov <igor@motovs.org>
(cherry picked from commit 997376fbe6ef2894038968842f5e0635731ede65)
2020-08-25 17:32:42 +03:00
James Rodewig 2400098a52
[DOCS] Fix typo in profile API docs (#61445) (#61501)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: shashikumarec088 <shashikumarec088@gmail.com>
2020-08-24 15:30:18 -04:00
Nhat Nguyen baa685c2d9 Fix anchor doc for msearch cancellation paragraph
Relates #61418
2020-08-24 15:14:17 -04:00
Nhat Nguyen f34d3efae7 Add cancellation doc for multi search (#61418)
Relates #61337
2020-08-24 15:14:05 -04:00
James Rodewig 439fa46735
[DOCS] Remove collapsible sections in EQL fn docs (#61498) (#61499) 2020-08-24 14:41:27 -04:00
James Rodewig 17b5a0d25e
[DOCS] Combine `Search your data` files (#61477) (#61486)
No-op changes to:

* Move `Search your data` source files into the same directory
* Rename `Search your data` source files based on page ID
* Remove unneeded includes
* Remove the `Request` dir
2020-08-24 13:08:00 -04:00
Benjamin Trent 1ae2923632
[7.x] [ML] adding docs + hlrc for data frame analysis feature_processors (#61149) (#61493)
* [ML] adding docs + hlrc for data frame analysis feature_processors (#61149)

Adds HLRC and some docs for the new feature_processors field in Data frame analytics.

Co-authored-by: Przemysław Witek <przemyslaw.witek@elastic.co>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 12:56:21 -04:00
James Rodewig 2b852388c5
[DOCS] Fix hyphenation for "time series" (#61472) (#61481) 2020-08-24 11:18:07 -04:00
James Rodewig 5992bb0507
[DOCS] Fix ingest script compilation rate and cache size (#61468) (#61479) 2020-08-24 10:46:44 -04:00
Lisa Cawley 52b12a07c4 [DOCS] Document static machine learning settings (#61382) 2020-08-24 07:35:38 -07:00
James Rodewig 3373b1406a
[DOCS] Fix typo in CCR Put Follow API docs (#61392) (#61470)
Co-authored-by: Mark Laney <mark1@elastic.co>
2020-08-24 09:46:23 -04:00
James Rodewig 2100441ef8
[DOCS] Note the cluster settings API can override `elasticsearch.yml` (#61394) (#61464)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 09:32:26 -04:00
James Rodewig da89ff87bb
[DOCS] Prune `Search your data` content (#61303) (#61462)
Changes:
* Removes narrative around URI searches. These aren't commonly used in production. The `q` param is already covered in the search API docs: https://www.elastic.co/guide/en/elasticsearch/reference/master/search-search.html#search-api-query-params-q
* Adds a common options section that highlights narrative docs for query DSL, aggregations, multi-index search, search fields, pagination, sorting, and async search.
* Adds a `Search shard routing` page. Moves narrative docs for adaptive replica selection, preference, routing , and shard limits to that section.
* Moves search timeout and cancellation content to the `Search your data` page.
* Creates a `Search multiple data streams and indices` page. Moves related narrative docs for multi-target syntax searches and `indices_boost` to that page.
* Removes narrative examples for the `search_type` parameters. Moves documentation for this parameter to the search API docs.
2020-08-24 09:31:53 -04:00
Lisa Cawley 7c48a0fc8c [DOCS] Document static dynamic transform settings (#61384) 2020-08-21 13:04:54 -07:00
James Rodewig cbb5f18f81
[DOCS] Document `xpack.graph.enabled` setting (#60073) (#61433) 2020-08-21 15:13:13 -04:00
James Rodewig e92c62bdf8
[7.x] [DOCS] Fix query example for wildcard datatype (#61398) (#61431)
Co-authored-by: jessepeixoto <jessepeixoto@gmail.com>
2020-08-21 12:43:41 -04:00
James Rodewig cb5e9d3bee
[DOCS] Remove URI search examples from API reference (#61423) (#61425) 2020-08-21 11:19:11 -04:00
James Rodewig 1b3a002588
[DOCS] Fix ingest processor TOC sort (#61412) (#61416) 2020-08-21 09:21:41 -04:00
Yang Wang cd52233b94
Include authentication type for the authenticate response (#61247) (#61411)
Add a new "authentication_type" field to the response of "GET _security/_authenticate".
2020-08-21 22:59:43 +10:00
James Rodewig bba4220982
[DOCS] Fix `field` def for join processor (#61395) (#61413) 2020-08-21 08:53:38 -04:00
Ryan Ernst 00b56bf007
Add note about negative epoch times (#61379)
This commit adds a reminder to date type documentation that negative
epoch times are not supported.

relates #40983
2020-08-20 13:54:14 -07:00
James Rodewig 039b306e7d
[DOCS] Fix EQL threat detection example (#61367) (#61373) 2020-08-20 10:45:01 -04:00
Adam Locke 751cee0042
Adding ignore_unavailable param. (#61368) (#61370) 2020-08-20 10:10:16 -04:00
Przemyslaw Gomulka 62baca74ed
[doc] Improve joda-time migration guide (#60499)
Previously migration guide incorrectly stated that joda-time patterns have to be fixed before upgrading to 7.x
since (7.7) #52555 and our bwc policy 6.x created indices even with joda-time are supported
relates #60374
2020-08-20 16:03:58 +02:00
James Rodewig 1182248994 [DOCS] Document empty string boolean value as `false` (#61341) 2020-08-19 12:57:57 -04:00
James Rodewig dc9d613280
[DOCS] Document dynamic circuit breaker settings (#61334) (#61335) 2020-08-19 11:13:46 -04:00
James Rodewig 128d66b03e
[DOCS] Reorder ES TOC (#61231) (#61326) 2020-08-19 09:32:02 -04:00
István Zoltán Szabó 86dbd68131
[DOCS] Adds example to the inference aggregation description (#61290) (#61318) 2020-08-19 12:07:30 +02:00
Lisa Cawley b120368aee
[DOCS] Add security updates to release notes (#61288) (#61296) 2020-08-18 12:00:21 -07:00
David Roberts 96256bd4df
[DOCS] Add 7.9.0 known issue for problems with ML index mappings (#61289)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-18 11:46:08 -07:00
Lisa Cawley 2015d5f86a
[DOCS] Removes 7.9.0 coming tags (#61293) 2020-08-18 11:24:52 -07:00
Andrei Stefan 5de0f19cc3
EQL: Return sequence join keys in the original type (#61268) (#61282)
(cherry picked from commit d54957d61faa0d502387656e3cace594017b6ea0)
2020-08-18 19:37:15 +03:00
István Zoltán Szabó 78d77ebed7
[DOCS] Replaces transform.node with node.roles: [ transform ] in transforms settings. (#61267) (#61271) 2020-08-18 18:00:06 +02:00
István Zoltán Szabó 7596bb7454
[DOCS] Clarifies node.roles settings (#61266) (#61274) 2020-08-18 17:59:34 +02:00
Pius d6ad247e07
[DOCS] Note max field expansions is not a hard limit (#61120)
Per #35284, it looks like we changed this from a max field expansions limit to a soft limit using the `indices.query.bool.max_clause_count` dynamic cluster settting.
2020-08-18 11:39:09 -04:00
Nik Everett 8a387d6df1 Redo experimental tag on vwh (#61065)
The docs didn't have the standard experimental text. This adds it.
2020-08-18 10:02:26 -04:00
James Rodewig e63c12f443
[DOCS] Fix typo in Java HLRC docs (#60863) (#61264)
Co-authored-by: bumjin <bumjin@gmail.com>
2020-08-18 09:09:10 -04:00
István Zoltán Szabó 06ba99413d
[DOCS] Replaces ml.node with node.roles: [ ml ] in ML settings (#61017) (#61257) 2020-08-18 12:06:17 +02:00
Adam Locke a0af82c213
[7.x] [DOCS] Update CCR docs to focus on Kibana. (#61237)
* First crack at rewriting the CCR introduction.

* Emphasizing Kibana in configuring CCR (part one).

* Many more edits, plus new files.

* Fixing test case.

* Removing overview page and consolidating that information in the main page.

* Adding redirects for moved and deleted pages.

* Removing, consolidating, and adding redirects.

* Fixing duplicate ID in redirects and removing outdated reference.

* Adding test case and steps for recreating a follower index.

* Adding steps for managing CCR tasks in Kibana.

* Adding tasks for managing auto-follow patterns.

* Fixing glossary link.

* Fixing glossary link, again.

* Updating the upgrade information and other stuff.

* Apply suggestions from code review

* Incorporating review feedback.

* Adding more edits.

* Fixing link reference.

* Adding use cases for #59812.

* Incorporating feedback from reviewers.

* Apply suggestions from code review

* Incorporating more review comments.

* Condensing some of the steps for accessing Kibana.

* Incorporating small changes from reviewers.
2020-08-17 16:58:13 -04:00
James Rodewig 06d3159125
[DOCS] Add usage tips to `top_hits` agg (#61215) (#61225) 2020-08-17 13:05:40 -04:00
Leaf-Lin e258c85b6a [DOCS] Update configuring-metricbeat.asciidoc (#60857)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-17 10:04:52 -07:00
James Rodewig 6a248aea07
[DOCS] Add admon for built-in index templates (#61063) (#61220)
Adds an important admonition for the built-in `metrics-*-*` and `logs-*-*` index
templates.

Updates several put index template snippets to include a priority.
2020-08-17 12:48:34 -04:00
Adam Locke a3f357c8a5
[DOCS] Update info about geo_shape bounding boxes (#61214) (#61216)
* Adding information about geo_shape bounding boxes.

* Fixing cross link and incorporating review feedback.
2020-08-17 11:44:46 -04:00
James Rodewig 60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
István Zoltán Szabó bc9170387a
[DOCS] Adds clarification to node roles (#61206) (#61211) 2020-08-17 16:15:53 +02:00
James Rodewig 81b8024d66
[DOCS] Fix typo in suggester docs (#61077) (#61202)
Co-authored-by: Arash Layeghi <arashlayeghi57@gmail.com>
2020-08-17 09:09:34 -04:00
Dan Hermann 524247bbc0
[DOCS] write_index_only option for put mapping (#59610) (#61172) 2020-08-17 07:33:49 -05:00
James Rodewig 1ffc983f98 [DOCS] Fix link in similarity module docs 2020-08-14 18:31:07 -04:00
James Rodewig 290adcd25e [DOCS] Reword in EQL threat detection example 2020-08-14 15:50:58 -04:00
James Rodewig d0810cca19
[DOCS] Add xref to multiplexer token filter docs (#60431) (#61168)
Co-authored-by: paiboon auengkongkatong <paiboon15721@gmail.com>
2020-08-14 15:05:07 -04:00
James Rodewig 8263ce79e9
[DOCS] Update ingest processor snippet for ECS (#61128) (#61164)
Co-authored-by: Nicole Albee <2642763+a03nikki@users.noreply.github.com>
2020-08-14 14:21:47 -04:00