Commit Graph

7910 Commits

Author SHA1 Message Date
James Rodewig 6eacb6dd89 [DOCS] Fix keyword xref 2020-09-02 11:47:17 -04:00
James Rodewig 8da4e4ab15 [DOCS] Update shard allocation awareness xref 2020-09-02 11:34:22 -04:00
Julie Tibshirani 9ee5f20ebc Link to the keyword family page from the field types docs. (#61819)
We now link to the top-level keyword type family page instead of its individual
subsections. This better fits the page format, where each type name is a link.
2020-09-01 16:23:49 -07:00
James Rodewig 129b233156
[DOCS] Document dynamic cluster settings (#61760) (#61817)
Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-09-01 16:04:23 -04:00
James Rodewig 8613bde780
[DOCS] Combine keyword family docs (#61662) (#61813) 2020-09-01 15:32:56 -04:00
James Rodewig fd976e668c
[DOCS] EQL: Clarify until keyword docs (#61794) (#61808) 2020-09-01 13:56:51 -04:00
Lisa Cawley d5f1223343 [DOCS] Clarify enabling monitoring features (#61758) 2020-08-31 13:16:23 -07:00
Lisa Cawley 0e4303433b
[DOCS] Document static monitoring settings (#61748) (#61756) 2020-08-31 13:03:17 -07:00
James Rodewig f39a9bbe19
[DOCS] Document static ILM settings (#61745) (#61749) 2020-08-31 14:02:10 -04:00
Dan Hermann 2858e1efc4
Document new stats in _cat/nodes (#60445) (#61742) 2020-08-31 12:40:21 -05:00
James Rodewig 130a7cea78
[DOCS] Add placeholder for 7.9.1 release notes (#61652) 2020-08-31 12:25:59 -04:00
Adam Locke 5723b928d7
Remove Outdated Snapshot Docs (#61684) (#61728)
Removing some now outdated statements that refer to a time
when snapshot operations could not run concurrently.

Closes #61680
2020-08-31 12:04:27 -04:00
James Rodewig caa1a9024c
[DOCS] Add jump list to breaking changes page (#61598) 2020-08-31 11:25:57 -04:00
James Rodewig f47363074e
[DOCS] Remove placeholder for 7.8.2 release notes (#61653) 2020-08-31 11:22:14 -04:00
James Rodewig 1f24fc03a0
[DOCS] Document dynamic cluster-lvl shard alloc settings (#61338) (#61735) 2020-08-31 11:19:57 -04:00
James Rodewig 8228cdad67
[DOCS] Fix typo in range query docs (#61722) (#61731) 2020-08-31 11:03:11 -04:00
James Rodewig f94999bb2f
[DOCS] Add force merge to hot phase list (#61725) (#61729) 2020-08-31 11:02:41 -04:00
James Rodewig ccbe2938c8
[DOCS] Fix Gsub processor snippet (#61720) (#61723) 2020-08-31 10:43:26 -04:00
James Rodewig e65778c222
[DOCS] Fix typo in nodes stats docs (#61601) (#61717)
Co-authored-by: Henry <henryloh@ucla.edu>
2020-08-31 09:29:50 -04:00
Jake Landis d2e5f2f532
[7.x] Enhance the ingest node simulate verbose output (#60433) (#60678)
This commit enhances the verbose output for the
`_ingest/pipeline/_simulate?verbose` api. Specifically
this adds the following:
* the pipeline processor is now included in the output
* the conditional (if) and result is now included in the output iff it was defined
* a status field is always displayed. the possible values of status are
  * `success` - if the processor ran with out errors
  * `error` - if the processor ran but threw an error that was not ingored
  * `error_ignored` - if the processor ran but threw an error that was ingored
  * `skipped` - if the process did not run (currently only possible if the if condition evaluates to false)
  * `dropped` - if the the `drop` processor ran and dropped the document
* a `processor_type` field for the type of processor (e.g. set, rename, etc.)
* throw a better error if trying to simulate with a pipeline that does not exist

closes #56004
2020-08-27 16:53:09 -05:00
Lee Hinman 1bfebd54ea
[7.x] Allocate newly created indices on data_hot tier nodes (#61342) (#61650)
This commit adds the functionality to allocate newly created indices on nodes in the "hot" tier by
default when they are created.

This does not break existing behavior, as nodes with the `data` role are considered to be part of
the hot tier. Users that separate their deployments by using the `data_hot` (and `data_warm`,
`data_cold`, `data_frozen`) roles will have their data allocated on the hot tier nodes now by
default.

This change is a little more complicated than changing the default value for
`index.routing.allocation.include._tier` from null to "data_hot". Instead, this adds the ability to
have a plugin inject a setting into the builder for a newly created index. This has the benefit of
allowing this setting to be visible as part of the settings when retrieving the index, for example:

```
// Create an index
PUT /eggplant

// Get an index
GET /eggplant?flat_settings
```

Returns the default settings now of:

```json
{
  "eggplant" : {
    "aliases" : { },
    "mappings" : { },
    "settings" : {
      "index.creation_date" : "1597855465598",
      "index.number_of_replicas" : "1",
      "index.number_of_shards" : "1",
      "index.provided_name" : "eggplant",
      "index.routing.allocation.include._tier" : "data_hot",
      "index.uuid" : "6ySG78s9RWGystRipoBFCA",
      "index.version.created" : "8000099"
    }
  }
}
```

After the initial setting of this setting, it can be treated like any other index level setting.

This new setting is *not* set on a new index if any of the following is true:

- The index is created with an `index.routing.allocation.include.<anything>` setting
- The index is created with an `index.routing.allocation.exclude.<anything>` setting
- The index is created with an `index.routing.allocation.require.<anything>` setting
- The index is created with a null `index.routing.allocation.include._tier` value
- The index was created from an existing source metadata (shrink, clone, split, etc)

Relates to #60848
2020-08-27 13:41:12 -06:00
James Rodewig 0407f1d19b
[DOCS] Change 'data type' to 'field type' (#61633) (#61635) 2020-08-27 12:47:28 -04:00
Lisa Cawley 6d6f5d4acc [DOCS] Per-partition categorization (#61506) 2020-08-26 17:10:01 -07:00
James Rodewig 580ef8eb0c
[DOCS] Document static field cache settings (#61424) (#61606) 2020-08-26 17:29:15 -04:00
Jason Tedor 9840fd1485
Add Lucene 8.6.0 memory leak as a known issue (#61603)
This commit adds a note to the known issues docs that Lucene 8.6.0
contains a memory leak that manifests in Elasticsearch as a slow memory
leak.
2020-08-26 15:45:14 -04:00
James Rodewig 462754e4e6
[DOCS] Reorg field data types page (#61117) (#61599) 2020-08-26 14:24:09 -04:00
James Rodewig 8a6ecd5bfc [DOCS] Fix EQL syntax admon 2020-08-26 13:39:42 -04:00
James Rodewig 20053bfd8c [DOCS] Remove dupe EQl fn/pipe TOC 2020-08-26 12:45:09 -04:00
James Rodewig 4701832879
[DOCS] Add 7.9 breaking change for built-in templates (#61549) (#61558) 2020-08-26 08:10:59 -04:00
lcawl 5fa839b906 [DOCS] Fix typo in update anomaly detection job API 2020-08-25 17:13:38 -07:00
Igor Motov f70a59971a
[7.x] Add rate aggregation (#61369) (#61554)
Adds a new rate aggregation that can calculate a document rate for buckets
of a date_histogram.

Closes #60674
2020-08-25 17:39:00 -04:00
debadair 82585107aa
updated shard limit doc (#56496) (#61509)
* updated shard limit doc

As the documentation was not so clear. I have updated saying this limit includes open indices with unassigned primaries and replicas count towards the limit.

* [DOCS] Incorporated edits.

Co-authored-by: Deb Adair <debadair@elastic.co>

Co-authored-by: gadekishore <50092970+gadekishore@users.noreply.github.com>
2020-08-25 14:24:47 -07:00
James Rodewig e0843571c4 [DOCS] Fix typo in search your data docs 2020-08-25 17:01:08 -04:00
markharwood 8b56441d2b
Search - add case insensitive support for regex queries. (#59441) (#61532)
Backport to add case insensitive support for regex queries. 
Forks a copy of Lucene’s RegexpQuery and RegExp from Lucene master.
This can be removed when 8.7 Lucene is released.

Closes #59235
2020-08-25 17:18:59 +01:00
James Rodewig e3d23c34ab
[DOCS] Document static HTTP settings (#61429) (#61536) 2020-08-25 11:27:05 -04:00
James Rodewig 5ad0ce49e1
[DOCS] Remove response params for #61428 (#61524) (#61534) 2020-08-25 11:17:56 -04:00
Brandon Morelli fade7408cd [DOCS] Fix link to quartz crontrigger tutorial (#61531) 2020-08-25 10:49:00 -04:00
Costin Leau bff3c7470e
EQL: Replace SearchHit in response with Event (#61428) (#61522)
The building block of the eql response is currently the SearchHit. This
is a problem since it is tied to an actual search, and thus has scoring,
highlighting, shard information and a lot of other things that are not
relevant for EQL.
This becomes a problem when doing sequence queries since the response is
not generated from one search query and thus there are no SearchHits to
speak of.
Emulating one is not just conceptually incorrect but also problematic
since most of the data is missed or made-up.

As such this PR introduces a simple class, Event, that maps nicely to
the terminology while hiding the ES internals (the use of SearchHit or
GetResult/GetResponse depending on the API used).

Fix #59764
Fix #59779

Co-authored-by: Igor Motov <igor@motovs.org>
(cherry picked from commit 997376fbe6ef2894038968842f5e0635731ede65)
2020-08-25 17:32:42 +03:00
James Rodewig 2400098a52
[DOCS] Fix typo in profile API docs (#61445) (#61501)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: shashikumarec088 <shashikumarec088@gmail.com>
2020-08-24 15:30:18 -04:00
Nhat Nguyen baa685c2d9 Fix anchor doc for msearch cancellation paragraph
Relates #61418
2020-08-24 15:14:17 -04:00
Nhat Nguyen f34d3efae7 Add cancellation doc for multi search (#61418)
Relates #61337
2020-08-24 15:14:05 -04:00
James Rodewig 439fa46735
[DOCS] Remove collapsible sections in EQL fn docs (#61498) (#61499) 2020-08-24 14:41:27 -04:00
James Rodewig 17b5a0d25e
[DOCS] Combine `Search your data` files (#61477) (#61486)
No-op changes to:

* Move `Search your data` source files into the same directory
* Rename `Search your data` source files based on page ID
* Remove unneeded includes
* Remove the `Request` dir
2020-08-24 13:08:00 -04:00
Benjamin Trent 1ae2923632
[7.x] [ML] adding docs + hlrc for data frame analysis feature_processors (#61149) (#61493)
* [ML] adding docs + hlrc for data frame analysis feature_processors (#61149)

Adds HLRC and some docs for the new feature_processors field in Data frame analytics.

Co-authored-by: Przemysław Witek <przemyslaw.witek@elastic.co>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 12:56:21 -04:00
James Rodewig 2b852388c5
[DOCS] Fix hyphenation for "time series" (#61472) (#61481) 2020-08-24 11:18:07 -04:00
James Rodewig 5992bb0507
[DOCS] Fix ingest script compilation rate and cache size (#61468) (#61479) 2020-08-24 10:46:44 -04:00
Lisa Cawley 52b12a07c4 [DOCS] Document static machine learning settings (#61382) 2020-08-24 07:35:38 -07:00
James Rodewig 3373b1406a
[DOCS] Fix typo in CCR Put Follow API docs (#61392) (#61470)
Co-authored-by: Mark Laney <mark1@elastic.co>
2020-08-24 09:46:23 -04:00
James Rodewig 2100441ef8
[DOCS] Note the cluster settings API can override `elasticsearch.yml` (#61394) (#61464)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 09:32:26 -04:00
James Rodewig da89ff87bb
[DOCS] Prune `Search your data` content (#61303) (#61462)
Changes:
* Removes narrative around URI searches. These aren't commonly used in production. The `q` param is already covered in the search API docs: https://www.elastic.co/guide/en/elasticsearch/reference/master/search-search.html#search-api-query-params-q
* Adds a common options section that highlights narrative docs for query DSL, aggregations, multi-index search, search fields, pagination, sorting, and async search.
* Adds a `Search shard routing` page. Moves narrative docs for adaptive replica selection, preference, routing , and shard limits to that section.
* Moves search timeout and cancellation content to the `Search your data` page.
* Creates a `Search multiple data streams and indices` page. Moves related narrative docs for multi-target syntax searches and `indices_boost` to that page.
* Removes narrative examples for the `search_type` parameters. Moves documentation for this parameter to the search API docs.
2020-08-24 09:31:53 -04:00
Lisa Cawley 7c48a0fc8c [DOCS] Document static dynamic transform settings (#61384) 2020-08-21 13:04:54 -07:00
James Rodewig cbb5f18f81
[DOCS] Document `xpack.graph.enabled` setting (#60073) (#61433) 2020-08-21 15:13:13 -04:00
James Rodewig e92c62bdf8
[7.x] [DOCS] Fix query example for wildcard datatype (#61398) (#61431)
Co-authored-by: jessepeixoto <jessepeixoto@gmail.com>
2020-08-21 12:43:41 -04:00
James Rodewig cb5e9d3bee
[DOCS] Remove URI search examples from API reference (#61423) (#61425) 2020-08-21 11:19:11 -04:00
James Rodewig 1b3a002588
[DOCS] Fix ingest processor TOC sort (#61412) (#61416) 2020-08-21 09:21:41 -04:00
James Rodewig bba4220982
[DOCS] Fix `field` def for join processor (#61395) (#61413) 2020-08-21 08:53:38 -04:00
Ryan Ernst 00b56bf007
Add note about negative epoch times (#61379)
This commit adds a reminder to date type documentation that negative
epoch times are not supported.

relates #40983
2020-08-20 13:54:14 -07:00
James Rodewig 039b306e7d
[DOCS] Fix EQL threat detection example (#61367) (#61373) 2020-08-20 10:45:01 -04:00
Adam Locke 751cee0042
Adding ignore_unavailable param. (#61368) (#61370) 2020-08-20 10:10:16 -04:00
Przemyslaw Gomulka 62baca74ed
[doc] Improve joda-time migration guide (#60499)
Previously migration guide incorrectly stated that joda-time patterns have to be fixed before upgrading to 7.x
since (7.7) #52555 and our bwc policy 6.x created indices even with joda-time are supported
relates #60374
2020-08-20 16:03:58 +02:00
James Rodewig 1182248994 [DOCS] Document empty string boolean value as `false` (#61341) 2020-08-19 12:57:57 -04:00
James Rodewig dc9d613280
[DOCS] Document dynamic circuit breaker settings (#61334) (#61335) 2020-08-19 11:13:46 -04:00
James Rodewig 128d66b03e
[DOCS] Reorder ES TOC (#61231) (#61326) 2020-08-19 09:32:02 -04:00
István Zoltán Szabó 86dbd68131
[DOCS] Adds example to the inference aggregation description (#61290) (#61318) 2020-08-19 12:07:30 +02:00
Lisa Cawley b120368aee
[DOCS] Add security updates to release notes (#61288) (#61296) 2020-08-18 12:00:21 -07:00
David Roberts 96256bd4df
[DOCS] Add 7.9.0 known issue for problems with ML index mappings (#61289)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-18 11:46:08 -07:00
Lisa Cawley 2015d5f86a
[DOCS] Removes 7.9.0 coming tags (#61293) 2020-08-18 11:24:52 -07:00
Andrei Stefan 5de0f19cc3
EQL: Return sequence join keys in the original type (#61268) (#61282)
(cherry picked from commit d54957d61faa0d502387656e3cace594017b6ea0)
2020-08-18 19:37:15 +03:00
István Zoltán Szabó 78d77ebed7
[DOCS] Replaces transform.node with node.roles: [ transform ] in transforms settings. (#61267) (#61271) 2020-08-18 18:00:06 +02:00
István Zoltán Szabó 7596bb7454
[DOCS] Clarifies node.roles settings (#61266) (#61274) 2020-08-18 17:59:34 +02:00
Pius d6ad247e07
[DOCS] Note max field expansions is not a hard limit (#61120)
Per #35284, it looks like we changed this from a max field expansions limit to a soft limit using the `indices.query.bool.max_clause_count` dynamic cluster settting.
2020-08-18 11:39:09 -04:00
Nik Everett 8a387d6df1 Redo experimental tag on vwh (#61065)
The docs didn't have the standard experimental text. This adds it.
2020-08-18 10:02:26 -04:00
István Zoltán Szabó 06ba99413d
[DOCS] Replaces ml.node with node.roles: [ ml ] in ML settings (#61017) (#61257) 2020-08-18 12:06:17 +02:00
Adam Locke a0af82c213
[7.x] [DOCS] Update CCR docs to focus on Kibana. (#61237)
* First crack at rewriting the CCR introduction.

* Emphasizing Kibana in configuring CCR (part one).

* Many more edits, plus new files.

* Fixing test case.

* Removing overview page and consolidating that information in the main page.

* Adding redirects for moved and deleted pages.

* Removing, consolidating, and adding redirects.

* Fixing duplicate ID in redirects and removing outdated reference.

* Adding test case and steps for recreating a follower index.

* Adding steps for managing CCR tasks in Kibana.

* Adding tasks for managing auto-follow patterns.

* Fixing glossary link.

* Fixing glossary link, again.

* Updating the upgrade information and other stuff.

* Apply suggestions from code review

* Incorporating review feedback.

* Adding more edits.

* Fixing link reference.

* Adding use cases for #59812.

* Incorporating feedback from reviewers.

* Apply suggestions from code review

* Incorporating more review comments.

* Condensing some of the steps for accessing Kibana.

* Incorporating small changes from reviewers.
2020-08-17 16:58:13 -04:00
James Rodewig 06d3159125
[DOCS] Add usage tips to `top_hits` agg (#61215) (#61225) 2020-08-17 13:05:40 -04:00
Leaf-Lin e258c85b6a [DOCS] Update configuring-metricbeat.asciidoc (#60857)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-17 10:04:52 -07:00
James Rodewig 6a248aea07
[DOCS] Add admon for built-in index templates (#61063) (#61220)
Adds an important admonition for the built-in `metrics-*-*` and `logs-*-*` index
templates.

Updates several put index template snippets to include a priority.
2020-08-17 12:48:34 -04:00
Adam Locke a3f357c8a5
[DOCS] Update info about geo_shape bounding boxes (#61214) (#61216)
* Adding information about geo_shape bounding boxes.

* Fixing cross link and incorporating review feedback.
2020-08-17 11:44:46 -04:00
James Rodewig 60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
István Zoltán Szabó bc9170387a
[DOCS] Adds clarification to node roles (#61206) (#61211) 2020-08-17 16:15:53 +02:00
James Rodewig 81b8024d66
[DOCS] Fix typo in suggester docs (#61077) (#61202)
Co-authored-by: Arash Layeghi <arashlayeghi57@gmail.com>
2020-08-17 09:09:34 -04:00
Dan Hermann 524247bbc0
[DOCS] write_index_only option for put mapping (#59610) (#61172) 2020-08-17 07:33:49 -05:00
James Rodewig 1ffc983f98 [DOCS] Fix link in similarity module docs 2020-08-14 18:31:07 -04:00
James Rodewig 290adcd25e [DOCS] Reword in EQL threat detection example 2020-08-14 15:50:58 -04:00
James Rodewig d0810cca19
[DOCS] Add xref to multiplexer token filter docs (#60431) (#61168)
Co-authored-by: paiboon auengkongkatong <paiboon15721@gmail.com>
2020-08-14 15:05:07 -04:00
James Rodewig 8263ce79e9
[DOCS] Update ingest processor snippet for ECS (#61128) (#61164)
Co-authored-by: Nicole Albee <2642763+a03nikki@users.noreply.github.com>
2020-08-14 14:21:47 -04:00
James Rodewig 3fef26bfb0
[DOCS] EQL: Add threat detection example (#59105) (#61161) 2020-08-14 13:40:44 -04:00
Lisa Cawley 65d0c7bbee [DOCS] Update elasticsearch-certutil example (#61110) 2020-08-14 07:38:44 -07:00
David Turner 0549c40ac1
Minor network docs fixes (#60905)
Followup to #60216, fixing the formatting of
`transport.tcp.reuse_address` and clarifying some wording around the
distinction between the transport and HTTP layers.
2020-08-13 13:06:09 +01:00
James Rodewig 910abeea2e
[DOCS] Change wildcard to index pattern in DS docs (#61058) (#61060) 2020-08-12 15:14:03 -04:00
James Rodewig cfa67e933f
[DOCS] Fix chunking in query docs (#61053) (#61054)
Changes:
* Moves "Notes" sections for the joining queries and percolate query
  pages to the parent page
* Adds related redirects for the moved "Notes" pages
* Assigns explicit anchor IDs to other "Notes" headings. This was required for
  the redirects to work.
2020-08-12 14:01:10 -04:00
James Rodewig 14e1618fd9
[DOCS] Fix case of ingest processor titles (#61024) (#61039)
Converts page headings to sentence case.
Adds a title abbreviation.
2020-08-12 11:49:54 -04:00
Andrei Dan 32173a82c8
ILM: add frozen phase (#60983) (#61035)
This adds a frozen phase to ILM that will allow the execution of the
set_priority, unfollow, allocate, freeze and searchable_snapshot actions.

The frozen phase will be executed after the cold and before the delete phase.

(cherry picked from commit 6d0148001c3481290ed7e60dab588e0191346864)
Signed-off-by: Andrei Dan <andrei.dan@elastic.co>
2020-08-12 16:36:27 +01:00
Yannick Welsch 25404cbe3d Provide option to allow writes when master is down (#60605)
Elasticsearch currently blocks writes by default when a master is unavailable. The cluster.no_master_block setting allows
a user to change this behavior to also block reads when a master is unavailable. This PR introduces a way to now also still
allow writes when a master is offline. Writes will continue to work as long as routing table changes are not needed (as
those require the master for consistency), or if dynamic mapping updates are not required (as again, these require the
master for consistency).

Eventually we should switch the default of cluster.no_master_block to this new mode.
2020-08-12 16:56:45 +02:00
James Rodewig c80d36706b
[DOCS] Fix index boost snippet (#61023) (#61025)
Updates the `indices_boost` snippet to use the `my-index-000001` index.

Removes a related REST test.
2020-08-12 09:50:27 -04:00
James Rodewig bc37b1b2a7 [DOCS] Fix EQL required fields language 2020-08-12 09:48:11 -04:00
Jay Modi 2fa6448a15
System index reads in separate threadpool (#60927)
This commit introduces a new thread pool, `system_read`, which is
intended for use by system indices for all read operations (get and
search). The `system_read` pool is a fixed thread pool with a maximum
number of threads equal to lesser of half of the available processors
or 5. Given the combination of both get and read operations in this
thread pool, the queue size has been set to 2000. The motivation for
this change is to allow system read operations to be serviced in spite
of the number of user searches.

In order to avoid a significant performance hit due to pattern matching
on all search requests, a new metadata flag is added to mark indices
as system or non-system. Previously created system indices will have
flag added to their metadata upon upgrade to a version with this
capability.

Additionally, this change also introduces a new class, `SystemIndices`,
which encapsulates logic around system indices. Currently, the class
provides a method to check if an index is a system index and a method
to find a matching index descriptor given the name of an index.

Relates #50251
Relates #37867
Backport of #57936
2020-08-11 12:16:34 -06:00
James Rodewig 929f1cc9f9
[DOCS] Remove search request body page (#60972) (#60977) 2020-08-11 13:04:07 -04:00
James Rodewig 7d4117426a [DOCS] Remove unneeded word in EQL docs 2020-08-11 12:19:08 -04:00
James Rodewig c0fa582df4
[DOCS] Make EQL example snippets more realistic (#60971) (#60974) 2020-08-11 12:01:31 -04:00
Mark Tozzi ab8518fb5b
[7.x] Extensibility for Composite Agg #59648 (#60842) 2020-08-11 09:14:33 -04:00
James Rodewig 4aae278d1d
[DOCS] Move post filter/rescore content to new page (#60903) (#60961) 2020-08-11 09:06:59 -04:00
Alan Woodward 54279212cf
Make MetadataFieldMapper extend ParametrizedFieldMapper (#59847) (#60924)
This commit cuts over all metadata field mappers to parametrized format.
2020-08-11 09:02:28 +01:00
debadair 063518ca2b
[DOCS] Mention that inline scripts need to be enabled for Kibana (#60633) (#60798) 2020-08-10 13:28:59 -07:00
James Rodewig 1b2a015734
[DOCS] Cross-link `copy_to` and search speed docs (#60926) (#60928) 2020-08-10 15:35:10 -04:00
James Rodewig 877ecd5b66
[DOCS] Add PUT example to `Date math in index names` (#60908) (#60920)
Previously, all examples in this section were GET requests. This
demonstrates that other CRUD operations are also supported.
2020-08-10 12:46:10 -04:00
James Rodewig 739097a56c
[DOCS] Move `min_score` docs to search API page (#60895) (#60896)
Reformats the `min_score` docs as a param definition on the
search API reference page.
2020-08-10 09:43:07 -04:00
Henning Andersen a155315ceb
Autoscaling decider and decision service (#59005) (#60884)
Split the autoscaling decider into a service and configuration
in order to enable having additional context information available
in the service. Added AutoscalingDeciderContext holding generic
information all deciders are expected to need. Implemented GET
_autoscaling/decision
2020-08-10 15:28:52 +02:00
James Rodewig 8a0f1d8746
[DOCS] Combine highlighting docs files (#60849) (#60892) 2020-08-10 09:05:49 -04:00
Dan Hermann 192dc9dd3d
[DOCS] Update get data stream API (#60862) 2020-08-10 08:03:17 -05:00
David Turner f44c28b595
Deprecate and ignore join timeout (#60872)
There is no point in timing out a join attempt any more once a cluster
is entirely in 7.x. Timing out and retrying with the same master is
pointless, and an in-flight join attempt to one master no longer blocks
attempts to join other masters. This commit deprecates this unnecessary
setting and removes its effect from the joining process.

Relates #60873 which removes this setting in master.
2020-08-10 13:57:41 +01:00
Andrei Dan 235e5ed3ea
[7.x] ILM: add force-merge step to searchable snapshots action (#60819) (#60882)
This adds a force-merge step to the searchable snapshot action, enabled by default,
but parameterizable using the `force_merge-index" optional boolean.

eg.
```
PUT _ilm/policy/my_policy
{
  "policy": {
    "phases": {
      "cold": {
        "actions": {
          "searchable_snapshot" : {
            "snapshot_repository" : "backing_repo",
            "force_merge_index": true
          }
        }
      }
    }
  }
}
```

(cherry picked from commit d0a17b2d35f1b083b574246bdbf3e1929471a4a9)
Signed-off-by: Andrei Dan <andrei.dan@elastic.co>
2020-08-10 13:45:11 +01:00
Alan Woodward e8d9185045 Cut over IPFieldMapper to parametrized form (#60602)
This commit makes IpFieldMapper extend ParametrizedFieldMapper. It also
updates the IpFieldMapper docs to add the ignore_malformed parameter,
which was not previously documented.
2020-08-10 11:01:10 +01:00
James Rodewig 788778c139
[DOCS] Move inner hits content to separate page (#60840) (#60843)
Moves inner hits content from the deprecated 'Request Body Search'
chapter to a separate page.
2020-08-06 14:06:01 -04:00
James Rodewig a761985fab
[DOCS] Move script and stored fields content to search fields page (#60826) (#60835)
Changes:

* Moves `Retrieve selected fields` to its own page and adds a title abbreviation.
* Adds existing script and stored fields content to `Retrieve selected fields`
* Adds a xref for `Retrieve selected fields` to `Search your data`
* Adds related redirects and updates existing xrefs
2020-08-06 13:06:06 -04:00
James Rodewig ff4ea4720a
[DOCS] Update example data stream names (#60783) (#60820)
Uses `my-data-stream` in place of `logs` for data stream examples.
This provides a more intuitive experience for users that copy/paste
their own values into snippets.
2020-08-06 09:38:35 -04:00
Rory Hunter 69645ee4ff Upgrade Docker image from CentOS 7 to 8 2020-08-06 13:44:58 +01:00
David Turner 75c0e4d044 AwaitsFix for #51619 2020-08-06 09:48:35 +01:00
Russ Cam 152d330369 Change vm.max_map_count on Docker WSL2 backend (#58153)
This commit adds docs for how to change
vm.max_map_count when running on Docker
Desktop with WSL2 backend on Windows.
2020-08-06 14:28:15 +10:00
James Rodewig 3a9bf33993
[DOCS] Remove metrics sidebar in `_source` docs (#60777) (#60786) 2020-08-05 16:19:47 -04:00
James Rodewig 029869eb35
[DOCS] Fix metadata field refs (#60764) (#60769) 2020-08-05 14:04:55 -04:00
James Rodewig 815f3d526e
[DOCS] Move named query content to bool query (#60748) (#60772) 2020-08-05 13:42:13 -04:00
Lisa Cawley d77ba58cfd
[DOCS] Add ml-cpp PRs to 7.9.0 release notes (#60689)
Co-authored-by: David Roberts <dave.roberts@elastic.co>
2020-08-05 10:12:11 -07:00
James Rodewig 3f9152c835
[DOCS] Fix query docs formatting (#60752) (#60760) 2020-08-05 12:47:42 -04:00
James Rodewig a1c27b0833
[DOCS] Refactor EQL docs (#60700) (#60745)
Changes:

* Moves sample data to reusable rest test
* Combines EQL index, requirements, and run a search pages
* Combines EQL syntax and limitations pages
* Adds related redirects
2020-08-05 11:25:18 -04:00
István Zoltán Szabó 35b9f2b46b [DOCS] Adds inference phase to get DFA job stats. (#60737) 2020-08-05 16:26:02 +02:00
James Rodewig 8db3f0ca27
[DOCS] Refactor snippets for `Search your data` (#60701) (#60738)
Changes:
* Moves sample data to reusable REST test
* Add xref to pagination docs
* Removes duplicated results
* Updates the wildcard example
2020-08-05 09:52:35 -04:00
James Rodewig e214c70f8d [DOCS] Fix outdated twitter reference 2020-08-05 09:29:51 -04:00
James Rodewig e2553d5884
[DOCS] Add soft redirect for sliced scroll (#60699) (#60733) 2020-08-05 09:23:15 -04:00
Martijn van Groningen 160f27f77c
Fix mistake in notes around dynamic template validation. (#60726)
The double bracket notation is incorrect.
2020-08-05 14:42:15 +02:00
Przemysław Witek 0afa1bd972
Deprecate allow_no_jobs and allow_no_datafeeds in favor of allow_no_match (#60601) (#60727) 2020-08-05 13:39:40 +02:00
Pius 1ca58398c5 Highlight `cluster.initial_master_nodes` removal after cluster formation (#60631)
Explicitly ask users to remove `cluster.initial_master_nodes` once the cluster
has formed for the first time.
2020-08-05 08:58:22 +01:00
James Rodewig 5885f6ae66
[DOCS] Add missing lang values to snowball token filter (#60489) (#60692) 2020-08-04 17:46:03 -04:00
James Rodewig 704395e792
[DOCS] Update Debian APT repo command (#60679) (#60685)
The current `tee` command appends a definition to
`/etc/apt/sources.list.d/elastic-{version}.list`.

This can lead to duplicate lines and significantly slow apt-get
operations.

This updates the command to overwrite rather than append.
2020-08-04 16:00:32 -04:00
Lisa Cawley b1c10f457a
[DOCS] Adds scope to monitoring (#57852) (#60665) 2020-08-04 12:40:11 -07:00
James Rodewig a21ec410c7
[DOCS] Replace `twitter` dataset in search/agg docs (#60667) (#60675) 2020-08-04 14:16:38 -04:00
James Rodewig 0587199fa6
[DOCS] Update ILM docs to use composable index templates (#60323) (#60670) 2020-08-04 13:01:19 -04:00
Russ Cam 667309e6a6 [DOCS] Fix list dangling indices documentation (#60099)
This commit fixes the list dangling indices response.
The dangling_indices array is an array of objects
that represent aggregated dangling index information

(cherry picked from commit 24c72d4e71c95f2d7690090933e0657152f6af9b)
2020-08-04 10:32:00 +10:00
debadair 80584d266d
[DOCS] Update link to ILM tutorial (#60557) (#60624) 2020-08-03 13:04:24 -07:00
debadair e9ac195756
[DOCS] Add info about why we removed test fw docs (#60346) (#60558)
* [DOCS] Add info about why we removed test fw docs

* Apply suggestions from code review

Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
2020-08-03 12:05:35 -07:00
James Rodewig 26d51089da
[DOCS] Replace `twitter` dataset in docs (#60604) (#60609) 2020-08-03 13:31:19 -04:00
James Rodewig c5f4f91ac4 [DOCS] Clarify reindex does not require existing dest 2020-08-03 12:46:40 -04:00
James Rodewig 5be515f126 [DOCS] Unhide EQL search in data streams docs 2020-08-03 11:59:12 -04:00
James Rodewig cfab3bccab
[DOCS] Replace `twitter` dataset in cat API docs (#60588) (#60597) 2020-08-03 10:22:36 -04:00
Yannick Welsch b0d601fa63 Adjust searchable snapshot license (#60578)
No longer needs Platinum license for testing on staging.
2020-08-03 13:19:53 +02:00
James Rodewig fcc53d9e0e
[DOCS] Note refresh requests are synchronous (#60540) (#60550) 2020-07-31 16:22:34 -04:00
James Rodewig 5a2c6f0d4f
[DOCS] http -> https, remove outdated plugin docs (#60380) (#60545)
Plugin discovery documentation contained information about installing
Elasticsearch 2.0 and installing an oracle JDK, both of which is no
longer valid.

While noticing that the instructions used cleartext HTTP to install
packages, this commit replaces HTTPs links instead of HTTP where possible.

In addition a few community links have been removed, as they do not seem
to exist anymore.

Co-authored-by: Alexander Reelsen <alexander@reelsen.net>
2020-07-31 16:16:31 -04:00
James Rodewig fb599dc343
[DOCS] Add rollups to `Tune for disk usage` (#60436) (#60542)
Co-authored-by: Leaf-Lin <39002973+Leaf-Lin@users.noreply.github.com>
2020-07-31 16:10:57 -04:00
James Rodewig 771e9f142a
[DOCS] Move search pagination content to one page (#60515) (#60525) 2020-07-31 12:40:40 -04:00
James Rodewig 9eba7f39b0
[DOCS] Replace `twitter` dataset in docs APIs (#60521) (#60529) 2020-07-31 12:40:03 -04:00
James Rodewig 4b12e69e8e
[DOCS] Replace `twitter` dataset in index API docs (#60473) (#60510) 2020-07-31 09:51:47 -04:00
James Rodewig 0022d316bb
[DOCS] Merge search topic and overview pages (#60459) (#60479) 2020-07-30 16:45:18 -04:00
James Rodewig 134b69d3aa
[DOCS] Fix `template` param in put index template API (#60474) (#60476) 2020-07-30 16:44:50 -04:00
James Rodewig 2d2b74dd32
[DOCS] Note remote reindex is not fwd compatible (#60425) (#60454) 2020-07-30 09:23:55 -04:00
James Rodewig b17ae33b3a
[DOCS] Move field collapse content to separate page (#60424) (#60451) 2020-07-30 09:19:05 -04:00
Bogdan Pintea 8c22adc447
SQL: Add option to provide the delimiter for the CSV format (#59907) (#60420)
* SQL: Add option to provide the delimiter for the CSV format (#59907)

* Add option to provide the delimiter to the CSV fmt

This adds the option to provide the desired character as the separator
for the CSV format (the default remains comma).
A set of characters are excluded though - like CR, LF, `"` - to avoid
slipping onto the CSV-dialects slope. The tab is also forbidden, the
user needs to choose the "tsv" format explicitely.

Update the doc to make it clear that the textual CSV, TSV and TXT
formats pass the cursor back to the user through the Cursor HTTP header.

(cherry picked from commit 3a8b00cc7480f7ada57fcea3cbac957facac08fc)

* Java8 fixes

- replace Set#of();
- URLDecoder#decode() requires a string (vs a charset) as 2nd arg.
2020-07-29 21:40:11 +02:00
Tim Brooks 85fdf959ad
Add configured indexing memory limit to node stats (#60414)
This commit adds the configured memory limit to the node stats API.
2020-07-29 12:28:21 -06:00
James Rodewig 6054d33a63
[DOCS] Replace `twitter` dataset in API conventions + README (#60408) (#60410) 2020-07-29 14:14:01 -04:00
Tim Brooks e73c8eed33
Fix documentation about `indexing_pressure.memory.limit` (#60341)
The documentation about this setting is currently mislabelled. This
commit fixes the issue.
2020-07-29 10:57:29 -06:00
James Rodewig d08e7633f8
[DOCS] Add `number_of_routing_shards` index setting to index modules (#60311) (#60400)
Changes:

* Adds the `number_of_routing_shards` index setting to index modules docs.
* Updates the split API docs to mention that `number_of_routing_shards`
is a static setting.
2020-07-29 10:53:50 -04:00
James Rodewig ac6c806ec7
[DOCS] Fix typo in Watcher docs (#60326) (#60388)
Co-authored-by: Martin-Kemp <30285179+Martin-Kemp@users.noreply.github.com>
2020-07-29 10:15:09 -04:00
James Rodewig 1cfdb4fc08
[DOCS] Fix formatting in 7.0 breaking changes (#60372) (#60385)
Co-authored-by: Jacob Dreesen <jacob@hdreesen.de>
2020-07-29 09:16:29 -04:00
James Rodewig 9667aeadd2
[DOCS] Fix typo in take snapshot docs (#60204) (#60383)
Co-authored-by: VLADIMIR MIRONOV <mironov.v@torrowtech.com>
2020-07-29 09:16:00 -04:00
David Turner cf0cab614d Clarify remote clusters' use of transport layer (#60268)
Today there are a few places in the transport layer docs where we talk
about communication between nodes _within a cluster_. We also use the
transport layer for remote cluster connections, and these statements
also apply there, but this is not clear from today's docs. This commit
generalises these statements to make it clear that they apply to remote
cluster connections too.

It also adds a link from the docs on configuring TCP retries to the
(deeply-buried) docs on preserving long-lived connections.
2020-07-29 13:04:10 +01:00
Julie Tibshirani c7bfb5de41
Add search `fields` parameter to support high-level field retrieval. (#60258)
This feature adds a new `fields` parameter to the search request, which
consults both the document `_source` and the mappings to fetch fields in a
consistent way. The PR merges the `field-retrieval` feature branch.

Addresses #49028 and #55363.
2020-07-28 10:58:20 -07:00
markharwood e0286e9bd3
Search - remove allow-expensive-query checks from wildcard field. (#60273) (#60308)
Removing allow-expensive-query checks because we think this field type is fast enough.

Closes #60139
2020-07-28 17:12:33 +01:00
David Turner 9450ea08b4 Log and track open/close of transport connections (#60297)
Transport connections between nodes remain in place until one or other
node shuts down or the connection is disrupted by a flaky network.
Today it is very difficult to demonstrate that transient failures and
cluster instability are caused by the network even though this is often
the case. In particular, transport connections open and close without
logging anything, even at `DEBUG` level, making it very hard to quantify
the scale of the problem or to correlate the networking problems with
external events.

This commit adds the missing `DEBUG`-level logging when transport
connections open and close, and also tracks the total number of
transport connections a node has opened as a measure of the stability of
the underlying network.
2020-07-28 17:08:04 +01:00
Adam Locke ee18538fd7
[DOCS] Adds table with icons for version compatibility (#60159) (#60302)
* Adds table with icons for simplicity.

* Updating table for clarity.

* Changing table formatting and incorporating more feedback.

* Changing table alignment.
2020-07-28 11:08:58 -04:00
James Rodewig 4eee6d274d
[DOCS] Fix broken link to Lucene docs (#59365) (#60290)
Co-authored-by: Alexander Reelsen <alexander@reelsen.net>
2020-07-28 09:09:48 -04:00
Yannick Welsch a55c869aab Properly document keepalive and other tcp options (#60216)
Keepalive options are not well-documented (only in transport section, although also available at http and network level).

Co-authored-by: David Turner <david.turner@elastic.co>
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>
2020-07-28 11:10:04 +02:00
Yannick Welsch ffe114b890 Set specific keepalive options by default on supported platforms (#59278)
keepalives tell any intermediate devices that the connection remains alive, which helps with overzealous firewalls that are
killing idle connections. keepalives are enabled by default in Elasticsearch, but use system defaults for their
configuration, which often times do not have reasonable defaults (e.g. 7200s for TCP_KEEP_IDLE) in the context of
distributed systems such as Elasticsearch.

This PR sets the socket-level keep_alive options for network.tcp.{keep_idle,keep_interval} to 5 minutes on configurations
that support it (>= Java 11 & (MacOS || Linux)) and where the system defaults are set to something higher than 5
minutes. This helps keep the connections alive while not interfering with system defaults or user-specified settings
unless they are deemed to be set too high by providing better out-of-the-box defaults.
2020-07-28 11:10:04 +02:00
James Rodewig aba785cb6e
[DOCS] Update my-index examples (#60132) (#60248)
Changes the following example index names to `my-index-000001` for consistency:

* `my-index`
* `my_index`
* `myindex`
2020-07-27 15:58:26 -04:00
James Rodewig 3bb58eb5c1
[DOCS] Fix `fuzzy_rewrite` ref in match query docs (#60237) (#60251) 2020-07-27 15:36:09 -04:00
James Rodewig 1178f5c6db
[DOCS] Fix ingest processor docs for autogen doc IDs (#60147) (#60242)
If you autogen doc IDs, you cannot use the `{{_id}}` value in an ingest
processor.

This adds a related admonition to the ingest processor docs.
2020-07-27 13:55:21 -04:00
James Rodewig 95d7ce76ec
[DOCS] Fix `rewrite` => `fuzzy_rewrite` in multi match query docs (#60175) (#60233)
Co-authored-by: homersimpsons <guillaume.alabre@gmail.com>
2020-07-27 12:33:14 -04:00
James Rodewig 7a23c6b6ec
[DOCS] Fix formatting in simple query string query docs (#60226)
Co-authored-by: Ulas Keles <ulaskeles@users.noreply.github.com>
2020-07-27 12:20:02 -04:00
James Rodewig dbd7e7793a
[DOCS] Fix default gap policy for moving fn, moving avg aggs (#60223) 2020-07-27 12:08:33 -04:00
lcawl a27d630bdf [DOCS] Removes coming tag 2020-07-27 07:55:18 -07:00
James Rodewig 747f8bfe79
[DOCS] Add Kibana screenshots to data stream docs (#60118) (#60217) 2020-07-27 10:39:32 -04:00
James Rodewig 608a5b9e71
[DOCS] Clarify compatibility for upgrade via reindex (#60045) (#60209)
Co-authored-by: Inbar Shimshon <inbar.shimshon@elastic.co>
2020-07-27 09:38:39 -04:00
James Rodewig 08e11814c3
[DOCS] Fix clarity of 7.6 derived key breaking change (#60154) 2020-07-27 08:36:48 -04:00
David Turner 53fa52d618 Fix whitespace bug in #59222 2020-07-27 12:26:33 +01:00
David Turner d8fdb82efb Suggest reducing tcp_retries2 (#59222)
Adds documentation suggesting reducing `tcp_retries2` on Linux to detect
network partitions more quickly.

Relates #34405
2020-07-27 11:40:12 +01:00
debadair 284c61ad19
[DOCS] Refactored index-templates topic. (#59737) (#60165)
* [DOCS] Refactored index-templates topic.

* [DOCS] Add separate files.

* [DOCS] Add delete component template.

* Apply suggestions from code review

Co-authored-by: James Rodewig <james.rodewig@elastic.co>

* [DOCS] Incorporated review comments
2020-07-23 19:48:19 -07:00
Lisa Cawley 2665bfffce
[DOCS] Fix security links in machine learning APIs (#60098) (#60152) 2020-07-23 16:43:10 -07:00
Lisa Cawley cc6edc39a1
[DOCS] Refresh transform screenshots with histograms (#59264) (#60145) 2020-07-23 11:14:50 -07:00
James Rodewig 2e01f652c1
[DOCS] Move search sort docs to separate page (#60123) (#60142)
Moves the search sort docs from the deprecated 'Request Body Search'
page to a new subpage of 'Run a search'.

No substantive changes were made to the content.
2020-07-23 13:44:47 -04:00
Albert Zaharovits 2eaf5e1c25
[DOCS] Mapping updates are deprecated for ingestion privileges (#60024)
This PR contains the deprecation notice that `create`, `create_doc`, `index` and
`write` ingest privileges do not permit mapping updates in version 8. It also
updates the docs description of said privileges. 

This should've been part of #58784
2020-07-23 19:49:23 +03:00
James Rodewig 988e8c8fc6
[DOCS] Swap `[float]` for `[discrete]` (#60134)
Changes instances of `[float]` in our docs for `[discrete]`.

Asciidoctor prefers the `[discrete]` tag for floating headings:
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/#blocks
2020-07-23 12:42:33 -04:00
Adrien Grand 716a3d5a21 Mention how CCR can help optimize indexing throughput. (#54870) 2020-07-23 18:40:40 +02:00
Martijn Laarman 890d35f74d [DOCS] note breaking change from 7.8.1 in migration guide (#59642)
Co-authored-by: Adam Locke <adam.locke@elastic.co>
(cherry picked from commit b0c34020ed6a10fda8e6efa9af343bd283954ec5)
2020-07-23 13:18:46 +02:00
Julie Tibshirani aa57bbd422
Consolidate validation for 'docvalue_fields'. (#60065)
This improves modularity and also fixes some issues when `docvalues_fields` is
used within `inner_hits` or the `top_hits` agg:
* We previously didn't resolve wildcards in field names.
* We also forgot to enforce the limit `index.max_docvalue_fields_search`.
2020-07-22 17:26:58 -07:00
James Rodewig 67b07ec386
[DOCS] Remove SQL access settings page (#60078) (#60089)
This page previously documented `xpack.sql.enabled`.

However, in 7.8 and above, `xpack.sql.enabled` is always enabled and
the setting has no effect. There is no reason to maintain this page.
2020-07-22 16:59:21 -04:00
James Rodewig f8976505cb
[DOCS] Correct the default value of `ignore_throttled` param (#60036) (#60086)
Co-authored-by: bellengao <gbl_long@163.com>
2020-07-22 16:53:18 -04:00
James Rodewig 0c9791798d
[7.x] [DOCS] Reformat snippets to use two-space indents (#60080) 2020-07-22 15:57:49 -04:00
Lisa Cawley 9ba017f699
[DOCS] Changes level offset of transform pages (#60066) (#60075) 2020-07-22 11:22:57 -07:00
Tim Brooks ba01540d7e
Implement human readable indexing pressure stats (#60058)
The indexing pressure stats do not currently have human readable
variants. This commit add human readable variants and updates the
documentation.
2020-07-22 12:07:59 -06:00
James Rodewig ed10d7407c
[DOCS] Fix shrink index API prereqs (#59985) (#60067) 2020-07-22 14:06:40 -04:00
Tim Brooks ceb54ed655
Add indexing pressure documentation (#59456)
This commit adds documentation about the new indexing pressure memory
limit setting and exposure of this metrics in node stats.
2020-07-22 10:09:18 -06:00
Adam Locke 0a73225cd8
[DOCS] Adding new page for restore snapshot API (#59937) (#60055)
* Adding new page for restore snapshot API.

* Improving test cases, lots of edits, and streamlining content.

* Incorporating review suggestions and feedback.

* Specify `index alias` vs `alias`

* Change parameter order

* Provide clarity around regular expression

* Add link to SLM parameters

* Split sentences in example

* Adding link to master node page.
2020-07-22 12:08:55 -04:00
Lisa Cawley 46d33b1586
[DOCS] 7.9.0 release notes (#60053) 2020-07-22 08:40:59 -07:00
Emily Li 5f27a95346 Fix grammar mistake in SQL data type docs. (#60028)
Remove an extra 'when'.
2020-07-21 16:15:06 -07:00
James Rodewig 293cb8d48c
[DOCS] Fix typo in thread pools docs (#59944) (#60019)
Fix typo where available processors should be allocated processors.

Co-authored-by: Leaf-Lin <39002973+Leaf-Lin@users.noreply.github.com>
2020-07-21 17:04:36 -04:00
James Rodewig 401e12dc2b
[DOCS] Fix data stream docs (#59818) (#60010) 2020-07-21 17:04:13 -04:00
James Rodewig 04c68ba740
[DOCS] Update search docs to use `my-index` dataset (#60005) (#60012) 2020-07-21 16:14:44 -04:00
James Rodewig b302b09b85
[DOCS] Reformat snippets to use two-space indents (#59973) (#59994) 2020-07-21 15:49:58 -04:00
David Roberts 606b7ea139 [DOCS] Adds extra ml-cpp PRs to release notes (#59967) 2020-07-21 11:47:36 -07:00
Tim Brooks ed315442ac
Update thread pool docs about WRITE queue size (#59643)
This commit updates the thread pool documentation to reflect the change
in the WRITE thread pool default queue size.
2020-07-21 12:38:03 -06:00
James Rodewig 32d7fa1541
[DOCS] Introduce basic ECS logs test (#59713) (#59997)
Adds a new `my-index-00001` REST test for docs snippets.

This test can serve as a lightweight replacement for
our existing `twitter` REST tests.

The new dataset is:

* Based on Apache logs, which is better aligned with Elastic use cases
* Compliant with ECS
* Similar to the existing `twitter` data set, containing the same field data types
* Lightweight, which should keep existing test runtimes roughly the same

Also updates the search API reference docs to use the new test.
2020-07-21 13:25:53 -04:00
James Rodewig fb40ccf8a4
[DOCS] Mark data stream stats API as stable (#59978) (#59987)
Removes experimental admon from data stream stats API.
Relates to #59860.
2020-07-21 11:22:36 -04:00
malpani 0555fef799 Support ignore_keywords flag for word delimiter graph token filter (#59563)
This commit allows customizing the word delimiter token filters to skip processing 
tokens tagged as keyword through the `ignore_keywords` flag Lucene's 
WordDelimiterGraphFilter already exposes.

Fix for #59491
2020-07-21 16:11:55 +01:00
Howard 466e947b0e
[DOCS] Fix missing punctuation in agg docs (#59823) 2020-07-21 10:19:29 -04:00
Przemysław Witek 283a1f605c
Rename binary_soft_classification evaluation to outlier_detection (#59951) (#59970) 2020-07-21 15:15:04 +02:00
Lisa Cawley fb212269ce
[DOCS] Changes level offset of anomaly detection pages (#59911) (#59940) 2020-07-20 17:04:59 -07:00
Julie Tibshirani 8dc5880c3f Add 'point' to the top-level field type docs. (#59731)
Before it was missing from the list. This PR also renames the 'geo data types'
section to 'spatial data types' and consolidates the geo and cartesian types
into that section.
2020-07-20 16:30:12 -07:00
Lisa Cawley 9633d503d8
[DOCS] Changes level offset for anomaly detection APIs (#59920) (#59928) 2020-07-20 13:10:54 -07:00
Lisa Cawley 8f8d24b3c1
[DOCS] Changes level offset in data frame analytics APIs (#59919) (#59923) 2020-07-20 13:06:29 -07:00
James Rodewig ff8a042580
[DOCS] Reformat agg snippets to use two-space indents (#59912) (#59922) 2020-07-20 15:59:00 -04:00
James Rodewig 24fec52447
[DOCS] Add performance warning for scripts (#59890) (#59913) 2020-07-20 15:05:33 -04:00
Armin Braun e16e565c5e
Fix Snapshot Status API Docs Test (#59902) (#59908)
The clock resolution for this API is our default 200ms. It is unlikely but
possible that a shard snapshot starts and ends on separate clock ticks and that breaks the test.
Just allowing any value here seems fine to me (seems we can't match for integer specifically).
2020-07-20 18:43:40 +02:00
Igor Motov 96a5284484
Add hard_bounds documentation (#59809) (#59883)
Fixes #59774
2020-07-20 10:51:23 -04:00
Nik Everett fe10141108
Document supported scenarios for CCS (#58120) (#59886)
Documents the supported scenarios for CCS.

Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-07-20 10:41:53 -04:00
David Turner b75207a09f Remove sporadic min/max usage estimates from stats (#59755)
Today `GET _nodes/stats/fs` includes `{least,most}_usage_estimate`
fields for some nodes. These fields have rather strange semantics. They
are only reported on the elected master and on nodes that have been the
elected master since they were last restarted; when a node stops being
the elected master these stats remain in place but we stop updating them
so they may become arbitrarily stale.

This means that these statistics are pretty meaningless and impossible
to use correctly. Even if they were kept up to date they're never
reported for data-only nodes anyway, despite the fact that data nodes
are the ones where we care most about disk usage. The information needed
to compute the path with the least/most available space is already
provided in the rest the stats output, so we can treat the inclusion of
these stats as a bug and fix it by simply removing them in this commit.
Since these stats were always optional and mostly omitted (for opaque
reasons) this is not considered a breaking change.
2020-07-20 15:22:04 +01:00
James Rodewig e7c7ed6493
[DOCS] Fix `requests_per_second` reindex param (#59871) (#59876)
Corrects the `requests_per_second` query parameter used in the reindex,
delete by query, and update by query API docs.

The parameter defaults to `-1` (no throttle). `0` is not an allowed value.
2020-07-20 10:08:51 -04:00
James Rodewig 76b2dd23e2
[DOCS] Document data stream stats API (#59435) (#59874) 2020-07-20 09:50:26 -04:00
James Rodewig 32c8df68ba
[DOCS] Fix erroneous data stream ref (#59805) (#59868)
Removes an erroneous data stream reference added in #58513.

While technically possible, we don't encourage using date math to name
data streams.
2020-07-20 09:30:30 -04:00
James Rodewig 82a8d9aa0c
[DOCS] Fix keyword marker docs (#59834) (#59863)
Co-authored-by: Rui Almeida <ruial@outlook.com>
2020-07-20 09:27:42 -04:00
James Rodewig 828aa6f640
[DOCS] EQL: Remove collapsible sections from EQL search docs (#59819) (#59861) 2020-07-20 09:26:32 -04:00
James Rodewig a160daa5d9
[DOCS] Remove collapsible examples (#59820) (#59857)
Snippets are now visible without additional clicks.
2020-07-20 09:14:36 -04:00
Nik Everett 514b2f3414
Clean up a few of vwh's rough edges (#59341) (#59807)
This cleans up a few rough edged in the `variable_width_histogram`,
mostly found by @wwang500:
1. Setting its tuning parameters in an unexpected order could cause the
   request to fail.
2. We checked that the maximum number of buckets was both less than
   50000 and MAX_BUCKETS. This drops the 50000.
3. Fixes a divide by 0 that can occur of the `shard_size` is 1.
4. Fixes a divide by 0 that can occur if the `shard_size * 3` overflows
   a signed int.
5. Requires `shard_size * 3 / 4` to be at least `buckets`. If it is less
   than `buckets` we will very consistently return fewer buckets than
   requested. For the most part we expect folks to leave it at the
   default. If they change it, we expect it to be much bigger than
   `buckets`.
6. Allocate a smaller `mergeMap` in when initially bucketing requests
   that don't use the entire `shard_size * 3 / 4`. Its just a waste.
7. Default `shard_size` to `10 * buckets` rather than `100`. It *looks*
   like that was our intention the whole time. And it feels like it'd
   keep the algorithm humming along more smoothly.
8. Default the `initial_buffer` to `min(10 * shard_size, 50000)` like
   we've documented it rather than `5000`. Like the point above, this
   feels like the right thing to do to keep the algorithm happy.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-07-17 15:16:09 -04:00
Adam Locke 29ff05cbac
[7.x] [DOCS] Update snapshot/restore docs to align with API changes (#59730) (#59803)
* [DOCS] Updating snapshot/restore pages to align with API changes (#59730)

* Updating snapshot/restore pages to align with API changes.

* Fixing texts in delete snapshot page.

* Removing duplicate code sample and making editorial changes.

* Change "deleted" to "delete"

* Incorporating review feedback and making minor editorial changes.

* Remove titleabbrev

* Add paragraph break

* Remove titleabbrev from restore page

* Remove titleabbrev from create page

* Change "Create" to lowercase

* Change API names to lowercase

* Remove extraneous delimiters

* Change "Delete" to lowercase

* Single-sourcing warning and clarifying warning text.

* Fixing tests and removing erroneous example.
2020-07-17 14:33:18 -04:00
Dan Hermann 48df9b1a0e
Update regex file for es user agent node processor (#59697) (#59794) 2020-07-17 11:04:01 -05:00
Adam Locke 6ccf3548e7
Fix Snapshot Status API Docs Test (#59775) (#59787)
Introduce a fix to tests by snapshotting a single index+shard in the snapshot that
we get the status for and verifying consistency instead of equality
for total file counts.

Co-authored-by: Armin Braun <me@obrown.io>
2020-07-17 11:11:23 -04:00
James Rodewig a672a2a2d4
[DOCS] Move highlighting docs to separate page (#59768) (#59781)
Moves the highlighting docs from the deprecated 'Request Body Search'
chapter to the new subpage of the 'Run a search chapter' section.

No substantive changes were made to the content.
2020-07-17 10:57:00 -04:00
Benjamin Trent b7f30fc929
[7.x] Adding new `require_alias` option to indexing requests (#58917) (#59769)
* Adding new `require_alias` option to indexing requests (#58917)

This commit adds the `require_alias` flag to requests that create new documents.

This flag, when `true` prevents the request from automatically creating an index. Instead, the destination of the request MUST be an alias.

When the flag is not set, or `false`, the behavior defaults to the `action.auto_create_index` settings.

This is useful when an alias is required instead of a concrete index.

closes https://github.com/elastic/elasticsearch/issues/55267
2020-07-17 10:24:58 -04:00
James Rodewig fa2167af0a
[7.x] [DOCS] Update upgrade docs and release highlights for 7.9 (#59674) 2020-07-16 15:58:40 -04:00
James Rodewig da85a40e7e
[DOCS] Reformat `predicate_token_filter` tokenfilter (#57705) (#59714) 2020-07-16 13:35:09 -04:00
lcawl f2b530dbdb [DOCS] Re-adds coming macro in release notes 2020-07-16 09:12:39 -07:00
István Zoltán Szabó 35512a9284 [DOCS] Adds security privilege info to inference bucket aggregation (#59604) 2020-07-16 18:03:19 +02:00
Marios Trivyzas c7efbc1b83
SQL: Implement DATE_PARSE function for parsing strings into DATE values (#57391) (#59699)
Implement DATE_PARSE(<date_str>, <pattern_str>) function
which allows to parse a date string according to the specified
pattern into a date object. The patterns allowed are those of
java.time.format.DateTimeFormatter.

Closes #54962

Co-authored-by: Marios Trivyzas <matriv@users.noreply.github.com>
Co-authored-by: Patrick Jiang(白泽) <dreamlike.sky@foxmail.com>

(cherry picked from commit 647a413d9b21bd3938f1716bb19f8407e1334125)
2020-07-16 17:24:30 +02:00
Adam Locke 305b46c7cd
[DOCS] Adding get snapshot status API docs (#59355) (#59670)
* Adding get snapshot status API docs.

* Adding more fields and a link to the new page.

* Adding missing spaces in TESTRESPONSES

* Adding more parameters and making some edits.

* Marking snapshot as optional

* Marking repository as optional

* Add data type for stats

* Add data type for shard_stats

* Incorporating review feedback.

* Lots of review feedback incorporated.

* Fixing tests to unbreak CI builds.

* Changing indices to index.
2020-07-16 11:21:17 -04:00
Benjamin Trent a28547c4b4
[7.x] [ML] add new `custom` field to trained model processors (#59542) (#59700)
* [ML] add new `custom` field to trained model processors (#59542)

This commit adds the new configurable field `custom`.

`custom` indicates if the preprocessor was submitted by a user or automatically created by the analytics job.

Eventually, this field will be used in calculating feature importance. When `custom` is true, the feature importance for
the processed fields is calculated. When `false` the current behavior is the same (we calculate the importance for the originating field/feature).

This also adds new required methods to the preprocessor interface. If users are to supply their own preprocessors
in the analytics job configuration, we need to know the input and output field names.
2020-07-16 10:57:38 -04:00
István Zoltán Szabó 76fbe0a6d9 [DOCS] Sorts agg and grouping names alphabetically in PUT Transforms API docs. (#59688) 2020-07-16 12:45:29 +02:00
Przemysław Witek df4fea79cb
Add a "verbose" option to the data frame analytics stats endpoint (#59589) (#59621) 2020-07-16 09:51:31 +02:00
lcawl 4ad8bef33b [DOCS] Removes docs PR from release notes 2020-07-15 16:07:43 -07:00
James Rodewig 43481441e9
[DOCS] EQL: Update EQL search response format (#59554) (#59668) 2020-07-15 17:23:48 -04:00
James Rodewig e30af2fc35
[DOCS] Fix syntax and wording in EQL docs (#59623) (#59650) 2020-07-15 14:45:56 -04:00
Adam Locke 776e9507fb
[DOCS] Update similarity.asciidoc (#59400) (#59644)
Community contribution to fix linking issues in the Similarity module docs.

Co-authored-by: Xin Yan <SHU_Yanx@hotmail.com>
2020-07-15 14:12:00 -04:00
James Rodewig ef9b14b07e
[DOCS] Add `write_index_only` param to ds mapping tutorials (#59618) (#59639) 2020-07-15 13:02:01 -04:00
Rory Hunter b8d73a1e7e
Default gateway.auto_import_dangling_indices to false (#59302)
Backport of #58898.

Part of #48366. Now that there is a dedicated API for dangling indices, the auto-import
behaviour can default to off. Also add a note to the breaking changes for 7.9.0.
2020-07-15 17:10:42 +01:00
James Rodewig 8cac702171 [DOCS] Note that EQL timestamp field can also be date_nanos 2020-07-15 09:55:55 -04:00
James Rodewig 4e58f967de
[DOCS] Update ds overview for optional `@timestamp` mapping (#59558) (#59614) 2020-07-15 09:46:55 -04:00
Martijn Laarman a699c89133 [DOCS] Add release notes for 7.8.1 (#59594)
(cherry picked from commit f43a233948f13e487d4d0f4be668687c404a71f4)
2020-07-15 11:42:03 +02:00
Armin Braun ecf97e9415
Remove Outdated Documentation On Snapshots (#59358) (#59585)
* We now have concurrent repository operations so the one at a time limit does not apply any longer
* Initialization was never slow solely due to loading information about all existing snaphots (though this contributed)
but also because two cluster state updates and a few writes to the repository had to happen before initialization could return
   * Repo data necessary for a snapshot create operation is now cached on heap so loading it is effectively instant
   * Snapshot initialization is just a single CS update now
   * Initialization does no writes to the repository whatsoever
* Fixed missing `repository`
2020-07-15 07:49:18 +02:00
James Rodewig e5baacbe2e
[DOCS] Simplify index template snippets for data streams (#59533) (#59553)
Removes the `@timestamp` field mapping from several data stream index
template snippets.

With #59317, the `@timestamp` field defaults to a `date` field data type
for data streams.
2020-07-14 17:28:43 -04:00
James Rodewig be4483034c
[DOCS] Add example of ds index template with date_nanos mapping (#59535) (#59570) 2020-07-14 17:28:31 -04:00
Costin Leau 679619c798 EQL: Improve retrieval of results (#59552)
Instead of retrieving an entire SearchHit, get just a reference and
postpone the document retrieval when assembling the final results.
Remove sort information from results to make them consistent.
Move TumblingWindow under the sequence package.

Co-authored-by: James Rodewig <james.rodewig@elastic.co>
(cherry picked from commit bccfbcd81f2f1d3552e95e4a9ee2618fb3059bd9)
2020-07-14 23:53:57 +03:00
Julie Tibshirani 3ccc767003 Expand docs for component template merging. (#59466)
This change clarifies the order in which components are merged. It also adds
information on mapping merging, now that this has been implemented.
2020-07-14 11:08:34 -07:00
James Rodewig f4c46075b4
[DOCS] Add data streams to index template API docs (#59462) (#59549) 2020-07-14 12:51:47 -04:00
Tim Brooks a46e5e0f04
Increase default write queue size (#59464)
This commit increases the default write queue size to 10000. This is to
allow a greater number of pending indexing requests. This work is safe
as we have added additional memory limits. Relates to #59263.
2020-07-14 10:35:25 -06:00
Andrei Dan 7dcdaeae49
Default to @timestamp in composable template datastream definition (#59317) (#59516)
This makes the data_stream timestamp field specification optional when
defining a composable template.
When there isn't one specified it will default to `@timestamp`.

(cherry picked from commit 5609353c5d164e15a636c22019c9c17fa98aac30)
Signed-off-by: Andrei Dan <andrei.dan@elastic.co>
2020-07-14 12:36:54 +01:00
Andrei Dan 4180333bbc
[7.x] Composable templates: add a default mapping for @timestamp (#59244) (#59510)
This adds a low precendece mapping for the `@timestamp` field with
type `date`.
This will aid with the bootstrapping of data streams as a timestamp
mapping can be omitted when nanos precision is not needed.

(cherry picked from commit 4e72f43d62edfe52a934367ce9809b5efbcdb531)
Signed-off-by: Andrei Dan <andrei.dan@elastic.co>
2020-07-14 11:29:33 +01:00
debadair 7d20d32a8c
Update node.asciidoc (#59201) (#59479)
TIP block was missing due to the lack of line break prior to the "TIP"

Co-authored-by: Leaf-Lin <39002973+Leaf-Lin@users.noreply.github.com>
2020-07-13 16:51:14 -07:00
James Rodewig db89764539
[DOCS] Add data streams to rollup APIs (#59423) (#59465) 2020-07-13 16:57:40 -04:00
James Rodewig a1cf955dbd
[DOCS] Clarify that passwords are not preserved for `kibana_system` user (#59449) (#59460) 2020-07-13 16:34:11 -04:00
Lee Hinman bf1a60130d
[7.x] Add telemetery for data streams (#59433) (#59454)
This commit adds data stream info to the `/_xpack` and `/_xpack/usage` APIs. Currently the usage is
pretty minimal, returning only the number of data streams and the number of indices currently
abstracted by a data stream:

```
  ...
  "data_streams" : {
    "available" : true,
    "enabled" : true,
    "data_streams" : 3,
    "indices_count" : 17
  }
  ...
```
2020-07-13 14:30:11 -06:00
Adam Locke aa260636e5
Indicating that the size parameter defaults to 10. (#59438) (#59461) 2020-07-13 16:27:20 -04:00
James Rodewig d293e1ae36
[DOCS] Add data streams to reload search analyzers API (#59422) (#59437) 2020-07-13 12:50:47 -04:00
James Rodewig 0a7664e190
[DOCS] Add data streams to validate query API (#59420) (#59436) 2020-07-13 12:50:34 -04:00
homersimpsons f95658d1f8 [DOCS] MatchQuery: `transpositions` to `fuzzy_transpositions` (#59371) 2020-07-13 12:37:30 -04:00
Christos Soulios 3868bcc7b8
[7.x] Histogram integration on Histogram field type (#59431)
Backports #58930 to 7.x
Implements histogram aggregation over histogram fields as requested in #53285.
2020-07-13 19:36:33 +03:00
Dan Hermann c228532ebd
Update docs for delete data stream API to show that multiple names are supported 2020-07-13 09:11:25 -05:00
James Rodewig 27a87c9d0c
[DOCS] Update snapshot/restore and SLM docs for data streams (#58513) (#59403)
Updates the existing snapshot/restore and SLM docs to make them
aware of data streams.
2020-07-13 09:26:51 -04:00
James Rodewig 2629a95e14
[DOCS] EQL: Document `until` keyword support (#59320) (#59408) 2020-07-13 09:05:47 -04:00
James Rodewig 85101fa487
[DOCS] Add data streams to searchable snapshot API docs (#59325) (#59409) 2020-07-13 09:05:27 -04:00
James Rodewig a357ec59f2
[DOCS] Add data streams to index APIs (#59329) (#59410) 2020-07-13 09:05:03 -04:00
James Rodewig 35a78b88ab
[DOCS] Add data streams to ILM explain API (#59343) (#59411) 2020-07-13 09:04:42 -04:00
James Rodewig 896d0ffd9b
[DOCS] EQL: Prepare docs for release (#59259) (#59407)
Changes:

* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
  released branches
2020-07-13 09:04:15 -04:00
James Rodewig 9d5c091f7a
[DOCS] Add data streams to EQL search docs (#58611) (#59404) 2020-07-13 09:03:55 -04:00
James Rodewig 39bcc4a1a7
[DOCS] Add ingest pipeline ex to data stream docs (#58343) (#59402) 2020-07-13 09:03:36 -04:00
Kartika Prasad 8ab0c1b4a0 Update indexing-speed.asciidoc (#59347)
typo fix
2020-07-13 12:19:43 +01:00
István Zoltán Szabó cdf6a054c6 [DOCS] Fixes getting time features example in Painless in Transforms (#59379) 2020-07-13 10:57:59 +02:00
David Roberts 2f9d4a1c7a [DOCS] Adds extra ml-cpp PRs to release notes (#59354)
Following the rebuild of 7.8.1 two extra ml-cpp PRs will
now be released in 7.8.1.
2020-07-13 09:36:21 +01:00
James Rodewig 1402f787f8
[DOCS] Add data streams to field caps API docs (#59326) (#59340) 2020-07-09 16:54:33 -04:00
James Rodewig 41345d4dd3
[DOCS] Add data streams to clear cache API docs (#59324) (#59339) 2020-07-09 16:54:04 -04:00
James Rodewig 77e227bf9b
[DOCS] Document custom routing support for data streams (#59323) (#59338) 2020-07-09 16:52:30 -04:00
James Rodewig ef74a68bcc
[DOCS] Document index aliases do not support data streams (#59321) (#59337) 2020-07-09 16:51:58 -04:00
Lisa Cawley 54483394ae
[DOCS] Clarify subscription requirements (#58958) (#59307) 2020-07-09 12:24:45 -07:00
James Rodewig fca722cee1
[DOCS] Add x-pack tag to data stream docs (#59241) (#59299) 2020-07-09 13:12:38 -04:00
Dimitris Athanasiou b2243337d8
[7.x][ML] Data frame analytics max_num_threads setting (#59254) (#59308)
This adds a setting to data frame analytics jobs called
`max_number_threads`. The setting expects a positive integer.
When used the user specifies the max number of threads that may
be used by the analysis. Note that the actual number of threads
used is limited by the number of processors on the node where
the job is assigned. Also, the process may use a couple more threads
for operational functionality that is not the analysis itself.

This setting may also be updated for a stopped job.

More threads may reduce the time it takes to complete the job at the cost
of using more CPU.

Backport of #59254 and #57274
2020-07-09 19:15:46 +03:00
Rory Hunter 5debd09808 Dangling indices documentation (#58751)
Part of #48366. Add documentation for the dangling indices
API added in #58176.

Co-authored-by: David Turner <david.turner@elastic.co>
Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-07-09 14:02:23 +01:00
Andrei Stefan c0e0bca84c
Remove search_after and implicit_join_key_field (#59232) (#59280)
(cherry picked from commit 6ede6c59eff321b9fedad30e19508b9e4f788b54)
2020-07-09 12:34:01 +03:00
Bogdan Pintea acfff7b896
Add sample versions of standard deviation and variance funcs (#59093) (#59274)
* Add sample versions of standard deviation and variance functions (#59093)

* Add STDDEV_SAMP, VAR_SAMP

This commit adds the sampling variations of the standard deviation and
variance agg functions.

(cherry picked from commit 8b29817b49e386215f29cb5b3356d0183fd5d9de)

* Fix: workaround for lack of Map#of() in Java8

Replace Map#of() with a HashMap static init.
2020-07-09 10:17:13 +02:00
Adam Locke 96a06685cf
[7.x] [DOCS] Adding get snapshot api docs (#59238)
* [DOCS] Adding get snapshot API docs (#59098)

* Adding page for get snapshot API.

* Adding values for state and cleaning up some other formatting.

* Adding missing forward slash to GET request.

* Updating values for start_time and end_time in TESTRESPONSE.

* Swap "return" for "retrieve"

* Swap "return" for "retrieve" 2

* Change .snapshot to .response

* Adding response parameters and incorporating edits from review.

* Update response example to include repository info

* Change dash to underscore

* Add data type for snapshot in response

* Incorporating review comments and adding missing response definitions.

* Minor rewording in description.

* Removing multi-snapshot support for 7.x.

* Changing end_time value from build error.

* Removing .response from snippet testing.
2020-07-08 16:40:35 -04:00
James Rodewig d2c5a4c5e9
[7.x] [DOCS] Update get data stream API response (#59197) (#59221)
Updates docs and snippets for changes made to the get data stream API with
PR #59128.
2020-07-08 14:04:14 -04:00
James Rodewig 838f717e5f
[DOCS] Add data streams to security docs (#59084) (#59237) 2020-07-08 12:53:56 -04:00
James Rodewig 93a5eb0688
[DOCS] EQL: Document `size` limit for pipes (#59085) (#59236)
Changes:
* Documents the `size` default as `10`.
* Updates `size` param def to note its relation to pipes.
* Updates the `head` and `tail` pipe docs to modify sequences.
* Documents the `fetch_size` parameter.

Relates to #59014 and #59063
2020-07-08 12:22:57 -04:00
Martijn van Groningen 17bd559253
Fix the timestamp field of a data stream to @timestamp (#59210)
Backport of #59076 to 7.x branch.

The commit makes the following changes:
* The timestamp field of a data stream definition in a composable
  index template can only be set to '@timestamp'.
* Removed custom data stream timestamp field validation and reuse the validation from `TimestampFieldMapper` and
  instead only check that the _timestamp field mapping has been defined on a backing index of a data stream.
* Moved code that injects _timestamp meta field mapping from `MetadataCreateIndexService#applyCreateIndexRequestWithV2Template58956(...)` method
  to `MetadataIndexTemplateService#collectMappings(...)` method.
* Fixed a bug (#58956) that cases timestamp field validation to be performed
  for each template and instead of the final mappings that is created.
* only apply _timestamp meta field if index is created as part of a data stream or data stream rollover,
this fixes a docs test, where a regular index creation matches (logs-*) with a template with a data stream definition.

Relates to #58642
Relates to #53100
Closes #58956
Closes #58583
2020-07-08 17:30:46 +02:00
James Rodewig b27de36b5d
[DOCS] EQL: Document `maxspan` keyword (#58931) (#59223) 2020-07-08 11:04:28 -04:00
James Rodewig 37be56ab97
[DOCS] EQL: Document unsupported var comparison (#58941) (#59224)
ES EQL queries do not support the comparison of a variable, such as
a field value, to another variable.

This adds a related para and example to the EQL syntax docs.
2020-07-08 11:04:05 -04:00