diff --git a/docs/docset.yml b/docs/docset.yml index c84b6ec428521..5281ad753b32d 100644 --- a/docs/docset.yml +++ b/docs/docset.yml @@ -28,6 +28,7 @@ toc: - toc: release-notes - toc: extend subs: + version: 9.0.0 api-request-title: "Request" api-prereq-title: "Prerequisites" api-description-title: "Description" @@ -96,8 +97,8 @@ subs: transforms-cap: "Transforms" dfanalytics-cap: "Data frame analytics" dfanalytics: "data frame analytics" - dfanalytics-job: "'{dataframe} analytics job'" - dfanalytics-jobs: "'{dataframe} analytics jobs'" + dfanalytics-job: "data frame analytics job" + dfanalytics-jobs: "data frame analytics jobs" ctransforms: "continuous transforms" regression: "regression" regression-cap: "Regression" diff --git a/docs/reference/aggregations/search-aggregations-bucket-adjacency-matrix-aggregation.md b/docs/reference/aggregations/search-aggregations-bucket-adjacency-matrix-aggregation.md index eb1bc60441714..c4d72556308a9 100644 --- a/docs/reference/aggregations/search-aggregations-bucket-adjacency-matrix-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-bucket-adjacency-matrix-aggregation.md @@ -94,14 +94,12 @@ The response contains buckets with document counts for each filter and combinati `filters` : (Required, object) Filters used to create buckets. - ::::{dropdown} Properties of `filters` - `` - : (Required, [Query DSL object](/reference/query-languages/querydsl.md)) Query used to filter documents. The key is the filter name. +::::{dropdown} Properties of filters +`` +: (Required, [Query DSL object](/reference/query-languages/querydsl.md)) Query used to filter documents. The key is the filter name. - At least one filter is required. The total number of filters cannot exceed the [`indices.query.bool.max_clause_count`](/reference/elasticsearch/configuration-reference/search-settings.md#indices-query-bool-max-clause-count) setting. See [Filter limits](#adjacency-matrix-agg-filter-limits). - - - :::: + At least one filter is required. The total number of filters cannot exceed the [`indices.query.bool.max_clause_count`](/reference/elasticsearch/configuration-reference/search-settings.md#indices-query-bool-max-clause-count) setting. See [Filter limits](#adjacency-matrix-agg-filter-limits). +:::: `separator` diff --git a/docs/reference/aggregations/search-aggregations-bucket-categorize-text-aggregation.md b/docs/reference/aggregations/search-aggregations-bucket-categorize-text-aggregation.md index 6e7dac9436932..d82dab9798697 100644 --- a/docs/reference/aggregations/search-aggregations-bucket-categorize-text-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-bucket-categorize-text-aggregation.md @@ -26,7 +26,8 @@ The algorithm used for categorization was completely changed in version 8.3.0. A The `categorization_analyzer` field can be specified either as a string or as an object. If it is a string it must refer to a [built-in analyzer](/reference/text-analysis/analyzer-reference.md) or one added by another plugin. If it is an object it has the following properties: - :::::{dropdown} Properties of `categorization_analyzer` + **Properties of `categorization_analyzer`**: + `char_filter` : (array of strings or objects) One or more [character filters](/reference/text-analysis/character-filter-reference.md). In addition to the built-in character filters, other plugins can provide more character filters. This property is optional. If it is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of `categorization_filters` (which are not permitted when some other aspect of the analyzer is customized), add them here as [pattern replace character filters](/reference/text-analysis/analysis-pattern-replace-charfilter.md). @@ -41,8 +42,6 @@ The algorithm used for categorization was completely changed in version 8.3.0. A `filter` : (array of strings or objects) One or more [token filters](/reference/text-analysis/token-filter-reference.md). In addition to the built-in token filters, other plugins can provide more token filters. This property is optional. If it is not specified, no token filters are applied prior to categorization. - ::::: - `categorization_filters` : (Optional, array of strings) This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as `categorization_analyzer`. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the `categorization_analyzer` property instead and include the filters as `pattern_replace` character filters. diff --git a/docs/reference/aggregations/search-aggregations-bucket-correlation-aggregation.md b/docs/reference/aggregations/search-aggregations-bucket-correlation-aggregation.md index 03de824f13e2a..e553c5654ede2 100644 --- a/docs/reference/aggregations/search-aggregations-bucket-correlation-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-bucket-correlation-aggregation.md @@ -11,43 +11,33 @@ A sibling pipeline aggregation which executes a correlation function on the conf ## Parameters [bucket-correlation-agg-syntax] -`buckets_path` -: (Required, string) Path to the buckets that contain one set of values to correlate. For syntax, see [`buckets_path` Syntax](/reference/aggregations/pipeline.md#buckets-path-syntax). +### `buckets_path` -`function` -: (Required, object) The correlation function to execute. +(Required, string) Path to the buckets that contain one set of values to correlate. For syntax, see [`buckets_path` Syntax](/reference/aggregations/pipeline.md#buckets-path-syntax). - ::::{dropdown} Properties of `function` - `count_correlation` - : (Required*, object) The configuration to calculate a count correlation. This function is designed for determining the correlation of a term value and a given metric. Consequently, it needs to meet the following requirements. +### `function` - * The `buckets_path` must point to a `_count` metric. - * The total count of all the `bucket_path` count values must be less than or equal to `indicator.doc_count`. - * When utilizing this function, an initial calculation to gather the required `indicator` values is required. +(Required, object) The correlation function to execute. - ::::{dropdown} Properties of `count_correlation` - `indicator` - : (Required, object) The indicator with which to correlate the configured `bucket_path` values. +#### `count_correlation` - ::::{dropdown} Properties of `indicator` - `doc_count` - : (Required, integer) The total number of documents that initially created the `expectations`. It’s required to be greater than or equal to the sum of all values in the `buckets_path` as this is the originating superset of data to which the term values are correlated. +(Required*, object) The configuration to calculate a count correlation. This function is designed for determining the correlation of a term value and a given metric. Consequently, it needs to meet the following requirements. - `expectations` - : (Required, array) An array of numbers with which to correlate the configured `bucket_path` values. The length of this value must always equal the number of buckets returned by the `bucket_path`. +* The `buckets_path` must point to a `_count` metric. +* The total count of all the `bucket_path` count values must be less than or equal to `indicator.doc_count`. +* When utilizing this function, an initial calculation to gather the required `indicator` values is required. - `fractions` - : (Optional, array) An array of fractions to use when averaging and calculating variance. This should be used if the pre-calculated data and the `buckets_path` have known gaps. The length of `fractions`, if provided, must equal `expectations`. +`indicator` +: (Required, object) The indicator with which to correlate the configured `bucket_path` values. - :::: - - - :::: - - - :::: + `doc_count` + : (Required, integer) The total number of documents that initially created the `expectations`. It’s required to be greater than or equal to the sum of all values in the `buckets_path` as this is the originating superset of data to which the term values are correlated. + `expectations` + : (Required, array) An array of numbers with which to correlate the configured `bucket_path` values. The length of this value must always equal the number of buckets returned by the `bucket_path`. + `fractions` + : (Optional, array) An array of fractions to use when averaging and calculating variance. This should be used if the pre-calculated data and the `buckets_path` have known gaps. The length of `fractions`, if provided, must equal `expectations`. ## Syntax [_syntax_8] diff --git a/docs/reference/aggregations/search-aggregations-bucket-significantterms-aggregation.md b/docs/reference/aggregations/search-aggregations-bucket-significantterms-aggregation.md index 62efb48323145..05486bb5ba2b4 100644 --- a/docs/reference/aggregations/search-aggregations-bucket-significantterms-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-bucket-significantterms-aggregation.md @@ -196,7 +196,7 @@ Picking a free-text field as the subject of a significant terms analysis can be :::: -::::{admonition} Use the *"like this but not this"* pattern +::::{admonition} Use the "like this but not this" pattern You can spot mis-categorized content by first searching a structured field e.g. `category:adultMovie` and use significant_terms on the free-text "movie_description" field. Take the suggested words (I’ll leave them to your imagination) and then search for all movies NOT marked as category:adultMovie but containing these keywords. You now have a ranked list of badly-categorized movies that you should reclassify or at least remove from the "familyFriendly" category. The significance score from each term can also provide a useful `boost` setting to sort matches. Using the `minimum_should_match` setting of the `terms` query with the keywords will help control the balance of precision/recall in the result set i.e a high setting would have a small number of relevant results packed full of keywords and a setting of "1" would produce a more exhaustive results set with all documents containing *any* keyword. diff --git a/docs/reference/aggregations/search-aggregations-bucket-significanttext-aggregation.md b/docs/reference/aggregations/search-aggregations-bucket-significanttext-aggregation.md index 2d1b9ec6aa420..7eaf9b06bd8be 100644 --- a/docs/reference/aggregations/search-aggregations-bucket-significanttext-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-bucket-significanttext-aggregation.md @@ -265,7 +265,7 @@ The numbers returned for scores are primarily intended for ranking different sug :::: -::::{admonition} Use the *"like this but not this"* pattern +::::{admonition} Use the "like this but not this" pattern You can spot mis-categorized content by first searching a structured field e.g. `category:adultMovie` and use significant_text on the text "movie_description" field. Take the suggested words (I’ll leave them to your imagination) and then search for all movies NOT marked as category:adultMovie but containing these keywords. You now have a ranked list of badly-categorized movies that you should reclassify or at least remove from the "familyFriendly" category. The significance score from each term can also provide a useful `boost` setting to sort matches. Using the `minimum_should_match` setting of the `terms` query with the keywords will help control the balance of precision/recall in the result set i.e a high setting would have a small number of relevant results packed full of keywords and a setting of "1" would produce a more exhaustive results set with all documents containing *any* keyword. diff --git a/docs/reference/aggregations/search-aggregations-change-point-aggregation.md b/docs/reference/aggregations/search-aggregations-change-point-aggregation.md index e5dca42a719e0..8db0b62fe590a 100644 --- a/docs/reference/aggregations/search-aggregations-change-point-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-change-point-aggregation.md @@ -46,15 +46,14 @@ A `change_point` aggregation looks like this in isolation: `bucket` : (Optional, object) Values of the bucket that indicates the discovered change point. Not returned if no change point was found. All the aggregations in the bucket are returned as well. - ::::{dropdown} Properties of bucket + **Properties of `bucket**: + `key` : (value) The key of the bucket matched. Could be string or numeric. `doc_count` : (number) The document count of the bucket. - :::: - `type` : (object) The found change point type and its related values. Possible types: diff --git a/docs/reference/aggregations/search-aggregations-metrics-geocentroid-aggregation.md b/docs/reference/aggregations/search-aggregations-metrics-geocentroid-aggregation.md index 26b8e6770f9eb..4a9fa6d76d966 100644 --- a/docs/reference/aggregations/search-aggregations-metrics-geocentroid-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-metrics-geocentroid-aggregation.md @@ -201,7 +201,7 @@ POST /places/_search?size=0 } ``` -::::{admonition} Using `geo_centroid` as a sub-aggregation of `geohash_grid` +::::{admonition} Using geo_centroid as a sub-aggregation of geohash_grid :class: warning The [`geohash_grid`](/reference/aggregations/search-aggregations-bucket-geohashgrid-aggregation.md) aggregation places documents, not individual geopoints, into buckets. If a document’s `geo_point` field contains [multiple values](/reference/elasticsearch/mapping-reference/array.md), the document could be assigned to multiple buckets, even if one or more of its geopoints are outside the bucket boundaries. diff --git a/docs/reference/aggregations/search-aggregations-metrics-max-aggregation.md b/docs/reference/aggregations/search-aggregations-metrics-max-aggregation.md index 7082ee3ac4ebc..9c2776976b973 100644 --- a/docs/reference/aggregations/search-aggregations-metrics-max-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-metrics-max-aggregation.md @@ -10,7 +10,7 @@ mapped_pages: A `single-value` metrics aggregation that keeps track and returns the maximum value among the numeric values extracted from the aggregated documents. ::::{note} -The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2`^`53`^. +The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2^53`. :::: diff --git a/docs/reference/aggregations/search-aggregations-metrics-min-aggregation.md b/docs/reference/aggregations/search-aggregations-metrics-min-aggregation.md index 2e16a2bcde6b9..2c313a3d2dbef 100644 --- a/docs/reference/aggregations/search-aggregations-metrics-min-aggregation.md +++ b/docs/reference/aggregations/search-aggregations-metrics-min-aggregation.md @@ -10,7 +10,7 @@ mapped_pages: A `single-value` metrics aggregation that keeps track and returns the minimum value among numeric values extracted from the aggregated documents. ::::{note} -The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2`^`53`^. +The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2^53`. :::: diff --git a/docs/reference/elasticsearch-plugins/analysis-icu.md b/docs/reference/elasticsearch-plugins/analysis-icu.md index cf2ab06edfa21..dff9496c81fcc 100644 --- a/docs/reference/elasticsearch-plugins/analysis-icu.md +++ b/docs/reference/elasticsearch-plugins/analysis-icu.md @@ -20,11 +20,6 @@ While we restrict ICU upgrades to major versions, you may find that an index cre ## Installation [analysis-icu-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -33,7 +28,7 @@ sudo bin/elasticsearch-plugin install analysis-icu The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip.asc). ## Removal [analysis-icu-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-kuromoji.md b/docs/reference/elasticsearch-plugins/analysis-kuromoji.md index 73442b4fc44a9..a5ac0c56adcd2 100644 --- a/docs/reference/elasticsearch-plugins/analysis-kuromoji.md +++ b/docs/reference/elasticsearch-plugins/analysis-kuromoji.md @@ -10,11 +10,6 @@ The Japanese (kuromoji) analysis plugin integrates Lucene kuromoji analysis modu ## Installation [analysis-kuromoji-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-kuromoji The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip.asc). ## Removal [analysis-kuromoji-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-nori.md b/docs/reference/elasticsearch-plugins/analysis-nori.md index 3cc2e381af8cd..1d7793e9f1e90 100644 --- a/docs/reference/elasticsearch-plugins/analysis-nori.md +++ b/docs/reference/elasticsearch-plugins/analysis-nori.md @@ -10,11 +10,6 @@ The Korean (nori) Analysis plugin integrates Lucene nori analysis module into el ## Installation [analysis-nori-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-nori The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip.asc). ## Removal [analysis-nori-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-phonetic.md b/docs/reference/elasticsearch-plugins/analysis-phonetic.md index 7d4b02c3fa5d2..5a948d577b723 100644 --- a/docs/reference/elasticsearch-plugins/analysis-phonetic.md +++ b/docs/reference/elasticsearch-plugins/analysis-phonetic.md @@ -10,11 +10,6 @@ The Phonetic Analysis plugin provides token filters which convert tokens to thei ## Installation [analysis-phonetic-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-phonetic The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip.asc). ## Removal [analysis-phonetic-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-smartcn.md b/docs/reference/elasticsearch-plugins/analysis-smartcn.md index cfb51121aff79..192983f1eb7ba 100644 --- a/docs/reference/elasticsearch-plugins/analysis-smartcn.md +++ b/docs/reference/elasticsearch-plugins/analysis-smartcn.md @@ -12,11 +12,6 @@ It provides an analyzer for Chinese or mixed Chinese-English text. This analyzer ## Installation [analysis-smartcn-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install analysis-smartcn The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip.asc). ## Removal [analysis-smartcn-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-stempel.md b/docs/reference/elasticsearch-plugins/analysis-stempel.md index c6b392dc89dea..aeee108e96a7f 100644 --- a/docs/reference/elasticsearch-plugins/analysis-stempel.md +++ b/docs/reference/elasticsearch-plugins/analysis-stempel.md @@ -10,11 +10,6 @@ The Stempel analysis plugin integrates Lucene’s Stempel analysis module for Po ## Installation [analysis-stempel-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-stempel The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip.asc). ## Removal [analysis-stempel-remove] diff --git a/docs/reference/elasticsearch-plugins/analysis-ukrainian.md b/docs/reference/elasticsearch-plugins/analysis-ukrainian.md index 53717b1c5e02a..fe23ca2d416ff 100644 --- a/docs/reference/elasticsearch-plugins/analysis-ukrainian.md +++ b/docs/reference/elasticsearch-plugins/analysis-ukrainian.md @@ -12,11 +12,6 @@ It provides stemming for Ukrainian using the [Morfologik project](https://github ## Installation [analysis-ukrainian-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install analysis-ukrainian The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip.asc). ## Removal [analysis-ukrainian-remove] diff --git a/docs/reference/elasticsearch-plugins/discovery-azure-classic.md b/docs/reference/elasticsearch-plugins/discovery-azure-classic.md index 4e8f042c2845a..dd1efbabba70a 100644 --- a/docs/reference/elasticsearch-plugins/discovery-azure-classic.md +++ b/docs/reference/elasticsearch-plugins/discovery-azure-classic.md @@ -17,11 +17,6 @@ This plugin will be removed in the future ## Installation [discovery-azure-classic-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -30,7 +25,7 @@ sudo bin/elasticsearch-plugin install discovery-azure-classic The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip.asc). ## Removal [discovery-azure-classic-remove] diff --git a/docs/reference/elasticsearch-plugins/discovery-ec2.md b/docs/reference/elasticsearch-plugins/discovery-ec2.md index 6bd51772424dc..677f617e39d2a 100644 --- a/docs/reference/elasticsearch-plugins/discovery-ec2.md +++ b/docs/reference/elasticsearch-plugins/discovery-ec2.md @@ -7,16 +7,11 @@ mapped_pages: The EC2 discovery plugin provides a list of seed addresses to the [discovery process](docs-content://deploy-manage/distributed-architecture/discovery-cluster-formation/discovery-hosts-providers.md) by querying the [AWS API](https://github.com/aws/aws-sdk-java) for a list of EC2 instances matching certain criteria determined by the [plugin settings](/reference/elasticsearch-plugins/discovery-ec2-usage.md). -**If you are looking for a hosted solution of {{es}} on AWS, please visit [https://www.elastic.co/cloud.**](https://www.elastic.co/cloud.**) +**If you are looking for a hosted solution of {{es}} on AWS, please visit [https://www.elastic.co/cloud](https://www.elastic.co/cloud).** ## Installation [discovery-ec2-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install discovery-ec2 The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip.asc). ## Removal [discovery-ec2-remove] diff --git a/docs/reference/elasticsearch-plugins/discovery-gce.md b/docs/reference/elasticsearch-plugins/discovery-gce.md index 6eb99dd296eb7..9e0eb3247a59e 100644 --- a/docs/reference/elasticsearch-plugins/discovery-gce.md +++ b/docs/reference/elasticsearch-plugins/discovery-gce.md @@ -10,11 +10,6 @@ The Google Compute Engine Discovery plugin uses the GCE API to identify the addr ## Installation [discovery-gce-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install discovery-gce The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip.asc). ## Removal [discovery-gce-remove] diff --git a/docs/reference/elasticsearch-plugins/mapper-annotated-text.md b/docs/reference/elasticsearch-plugins/mapper-annotated-text.md index 24a510faa7a0a..bdefda489eccd 100644 --- a/docs/reference/elasticsearch-plugins/mapper-annotated-text.md +++ b/docs/reference/elasticsearch-plugins/mapper-annotated-text.md @@ -17,11 +17,6 @@ The elasticsearch markup allows one or more additional tokens to be injected, un ## Installation [mapper-annotated-text-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -30,7 +25,7 @@ sudo bin/elasticsearch-plugin install mapper-annotated-text The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip.asc). ## Removal [mapper-annotated-text-remove] diff --git a/docs/reference/elasticsearch-plugins/mapper-murmur3.md b/docs/reference/elasticsearch-plugins/mapper-murmur3.md index ffb3162626888..9a81e9fea1cfb 100644 --- a/docs/reference/elasticsearch-plugins/mapper-murmur3.md +++ b/docs/reference/elasticsearch-plugins/mapper-murmur3.md @@ -10,11 +10,6 @@ The mapper-murmur3 plugin provides the ability to compute hash of field values a ## Installation [mapper-murmur3-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install mapper-murmur3 The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip.asc). ## Removal [mapper-murmur3-remove] diff --git a/docs/reference/elasticsearch-plugins/mapper-size-usage.md b/docs/reference/elasticsearch-plugins/mapper-size-usage.md index 98ab81350b51c..2a0e6f7ea02c3 100644 --- a/docs/reference/elasticsearch-plugins/mapper-size-usage.md +++ b/docs/reference/elasticsearch-plugins/mapper-size-usage.md @@ -72,7 +72,7 @@ GET my-index-000001/_search 5. Uses a [script field](/reference/elasticsearch/rest-apis/retrieve-selected-fields.md#script-fields) to return the `_size` field in the search response. -::::{admonition} Using `_size` in {kib} +::::{admonition} Using _size in {{kib}} :class: note To use the `_size` field in {{kib}}, update the `metaFields` setting and add `_size` to the list of meta fields. `metaFields` can be configured in {{kib}} from the Advanced Settings page in Management. diff --git a/docs/reference/elasticsearch-plugins/mapper-size.md b/docs/reference/elasticsearch-plugins/mapper-size.md index 5f0414ef69026..029d079a39a9c 100644 --- a/docs/reference/elasticsearch-plugins/mapper-size.md +++ b/docs/reference/elasticsearch-plugins/mapper-size.md @@ -10,11 +10,6 @@ The mapper-size plugin provides the `_size` metadata field which, when enabled, ## Installation [mapper-size-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install mapper-size The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip.asc). ## Removal [mapper-size-remove] diff --git a/docs/reference/elasticsearch-plugins/repository-hdfs.md b/docs/reference/elasticsearch-plugins/repository-hdfs.md index 1b5eded50226f..d7a1fcaee9d6b 100644 --- a/docs/reference/elasticsearch-plugins/repository-hdfs.md +++ b/docs/reference/elasticsearch-plugins/repository-hdfs.md @@ -10,11 +10,6 @@ The HDFS repository plugin adds support for using HDFS File System as a reposito ## Installation [repository-hdfs-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install repository-hdfs The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip.asc). ## Removal [repository-hdfs-remove] diff --git a/docs/reference/elasticsearch-plugins/store-smb-usage.md b/docs/reference/elasticsearch-plugins/store-smb-usage.md index da892eba0f6d0..2f80b82d5732f 100644 --- a/docs/reference/elasticsearch-plugins/store-smb-usage.md +++ b/docs/reference/elasticsearch-plugins/store-smb-usage.md @@ -13,7 +13,9 @@ The Store SMB plugin provides two storage types optimized for SMB: : a SMB specific implementation of the default [mmap fs](/reference/elasticsearch/index-settings/store.md#mmapfs) `smb_simple_fs` -: deprecated::[7.15,"smb_simple_fs is deprecated and will be removed in 8.0. Use smb_nio_fs or other file systems instead."] +: :::{admonition} Deprecated in 7.15 + smb_simple_fs is deprecated and will be removed in 8.0. Use smb_nio_fs or other file systems instead. + ::: `smb_nio_fs` : a SMB specific implementation of the default [nio fs](/reference/elasticsearch/index-settings/store.md#niofs) diff --git a/docs/reference/elasticsearch-plugins/store-smb.md b/docs/reference/elasticsearch-plugins/store-smb.md index f3f35a2dbc5c4..791d370ee91eb 100644 --- a/docs/reference/elasticsearch-plugins/store-smb.md +++ b/docs/reference/elasticsearch-plugins/store-smb.md @@ -10,11 +10,6 @@ The Store SMB plugin works around for a bug in Windows SMB and Java on windows. ## Installation [store-smb-install] -::::{warning} -Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available. -:::: - - This plugin can be installed using the plugin manager: ```sh @@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install store-smb The plugin must be installed on every node in the cluster, and each node must be restarted after installation. -You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip.asc). +You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip.asc). ## Removal [store-smb-remove] diff --git a/docs/reference/elasticsearch/command-line-tools/service-tokens-command.md b/docs/reference/elasticsearch/command-line-tools/service-tokens-command.md index 0bd6b4cc9643f..cbf9af4365529 100644 --- a/docs/reference/elasticsearch/command-line-tools/service-tokens-command.md +++ b/docs/reference/elasticsearch/command-line-tools/service-tokens-command.md @@ -39,58 +39,50 @@ To ensure that {{es}} can read the service account token information at startup, ## Parameters [service-tokens-command-parameters] -`create` -: Creates a service account token for the specified service account. +### `create` - ::::{dropdown} Properties of `create` - `` - : (Required, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. +Creates a service account token for the specified service account. - The service account principal must match a known service account. +**Properties of `create`**: +`` +: (Required, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. - `` - : (Required, string) An identifier for the token name. + The service account principal must match a known service account. - Token names must be at least 1 and no more than 256 characters. They can contain alphanumeric characters (`a-z`, `A-Z`, `0-9`), dashes (`-`), and underscores (`_`), but cannot begin with an underscore. +`` +: (Required, string) An identifier for the token name. - ::::{note} - Token names must be unique in the context of the associated service account. - :::: + Token names must be at least 1 and no more than 256 characters. They can contain alphanumeric characters (`a-z`, `A-Z`, `0-9`), dashes (`-`), and underscores (`_`), but cannot begin with an underscore. + :::::{note} + Token names must be unique in the context of the associated service account. + ::::: - :::: +### `list` +Lists all service account tokens defined in the `service_tokens` file. If you specify a service account principal, the command lists only the tokens that belong to the specified service account. -`list` -: Lists all service account tokens defined in the `service_tokens` file. If you specify a service account principal, the command lists only the tokens that belong to the specified service account. +**Properties of `list`**: - ::::{dropdown} Properties of `list` - `` - : (Optional, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. +`` +: (Optional, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. - The service account principal must match a known service account. + The service account principal must match a known service account. +### `delete` - :::: +Deletes a service account token for the specified service account. +**Properties of `delete`**: -`delete` -: Deletes a service account token for the specified service account. +`` +: (Required, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. - ::::{dropdown} Properties of `delete` - `` - : (Required, string) Service account principal that takes the format of `/`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`. - - The service account principal must match a known service account. - - - :::: - - - `` - : (Required, string) Name of an existing token. + The service account principal must match a known service account. +`` +: (Required, string) Name of an existing token. ## Examples [_examples_21] diff --git a/docs/reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md b/docs/reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md index f24bdeef23308..9b398f675c4d5 100644 --- a/docs/reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md @@ -89,8 +89,10 @@ Rebalancing is important to ensure the cluster returns to a healthy and fully re `cluster.routing.allocation.type` : Selects the algorithm used for computing the cluster balance. Defaults to `desired_balance` which selects the *desired balance allocator*. This allocator runs a background task which computes the desired balance of shards in the cluster. Once this background task completes, {{es}} moves shards to their desired locations. -[8.8] May also be set to `balanced` to select the legacy *balanced allocator*. This allocator was the default allocator in versions of {{es}} before 8.6.0. It runs in the foreground, preventing the master from doing other work in parallel. It works by selecting a small number of shard movements which immediately improve the balance of the cluster, and when those shard movements complete it runs again and selects another few shards to move. Since this allocator makes its decisions based only on the current state of the cluster, it will sometimes move a shard several times while balancing the cluster. +:::{admonition} Deprecated in 8.8 +May also be set to `balanced` to select the legacy *balanced allocator*. This allocator was the default allocator in versions of {{es}} before 8.6.0. It runs in the foreground, preventing the master from doing other work in parallel. It works by selecting a small number of shard movements which immediately improve the balance of the cluster, and when those shard movements complete it runs again and selects another few shards to move. Since this allocator makes its decisions based only on the current state of the cluster, it will sometimes move a shard several times while balancing the cluster. +::: ## Shard balancing heuristics settings [shards-rebalancing-heuristics] diff --git a/docs/reference/elasticsearch/configuration-reference/discovery-cluster-formation-settings.md b/docs/reference/elasticsearch/configuration-reference/discovery-cluster-formation-settings.md index efc691f44c6c1..5458f9a35640a 100644 --- a/docs/reference/elasticsearch/configuration-reference/discovery-cluster-formation-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/discovery-cluster-formation-settings.md @@ -12,11 +12,10 @@ applies_to: `discovery.seed_hosts` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Provides a list of the addresses of the master-eligible nodes in the cluster. May also be a single string containing the addresses separated by commas. Each address has the format `host:port` or `host`. The `host` is either a host name to be resolved by DNS, an IPv4 address, or an IPv6 address. IPv6 addresses must be enclosed in square brackets. If a host name resolves via DNS to multiple addresses, {{es}} uses all of them. DNS lookups are subject to [JVM DNS caching](docs-content://deploy-manage/deploy/self-managed/networkaddress-cache-ttl.md). If the `port` is not given then it is determined by checking the following settings in order: + 1. `transport.profiles.default.port` + 2. `transport.port` -1. `transport.profiles.default.port` -2. `transport.port` - -If neither of these is set then the default port is `9300`. The default value for `discovery.seed_hosts` is `["127.0.0.1", "[::1]"]`. See [`discovery.seed_hosts`](docs-content://deploy-manage/deploy/self-managed/important-settings-configuration.md#unicast.hosts). + If neither of these is set then the default port is `9300`. The default value for `discovery.seed_hosts` is `["127.0.0.1", "[::1]"]`. See [`discovery.seed_hosts`](docs-content://deploy-manage/deploy/self-managed/important-settings-configuration.md#unicast.hosts). `discovery.seed_providers` diff --git a/docs/reference/elasticsearch/configuration-reference/index-lifecycle-management-settings.md b/docs/reference/elasticsearch/configuration-reference/index-lifecycle-management-settings.md index 19ac2b28be424..d1363a3aee318 100644 --- a/docs/reference/elasticsearch/configuration-reference/index-lifecycle-management-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/index-lifecycle-management-settings.md @@ -15,7 +15,11 @@ These are the settings available for configuring [{{ilm}}](docs-content://manage ## Cluster level settings [_cluster_level_settings_3] `xpack.ilm.enabled` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), Boolean) [7.8.0]
This deprecated setting has no effect and will be removed in Elasticsearch 8.0. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), Boolean) + + :::{admonition} Deprecated in 7.8.0 + This deprecated setting has no effect and will be removed in Elasticsearch 8.0. + ::: `indices.lifecycle.history_index_enabled` : ([Dynamic](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#dynamic-cluster-setting), Boolean) Whether ILM’s history index is enabled. If enabled, ILM will record the history of actions taken as part of ILM policies to the `ilm-history-*` indices. Defaults to `true`. diff --git a/docs/reference/elasticsearch/configuration-reference/index-management-settings.md b/docs/reference/elasticsearch/configuration-reference/index-management-settings.md index 620f9478fd9d6..602061e057ee7 100644 --- a/docs/reference/elasticsearch/configuration-reference/index-management-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/index-management-settings.md @@ -93,13 +93,25 @@ $$$reindex-remote-whitelist$$$ : Specifies the path to the PEM encoded private key associated with the certificate used for client authentication (`reindex.ssl.certificate`). You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`. `reindex.ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: Specifies the passphrase to decrypt the PEM encoded private key (`reindex.ssl.key`) if it is encrypted. [7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead. Cannot be used with `reindex.ssl.secure_key_passphrase`. +: Specifies the passphrase to decrypt the PEM encoded private key (`reindex.ssl.key`) if it is encrypted. + + :::{admonition} Deprecated in 7.17.0 + Prefer `reindex.ssl.secure_key_passphrase` instead. Cannot be used with `reindex.ssl.secure_key_passphrase`. + ::: `reindex.ssl.keystore.key_password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: The password for the key in the keystore (`reindex.ssl.keystore.path`). Defaults to the keystore password. [7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_key_password`. +: The password for the key in the keystore (`reindex.ssl.keystore.path`). Defaults to the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `reindex.ssl.keystore.secure_key_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_key_password`. + ::: `reindex.ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: The password to the keystore (`reindex.ssl.keystore.path`). [7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_password`. +: The password to the keystore (`reindex.ssl.keystore.path`). + + :::{admonition} Deprecated in 7.17.0 + Prefer `reindex.ssl.keystore.secure_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_password`. + ::: `reindex.ssl.keystore.path` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : Specifies the path to the keystore that contains a private key and certificate to be used for HTTP client authentication (if required by the remote cluster). This keystore can be in "JKS" or "PKCS#12" format. You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`. @@ -117,7 +129,11 @@ $$$reindex-remote-whitelist$$$ : The password to the keystore (`reindex.ssl.keystore.path`). This setting cannot be used with `reindex.ssl.keystore.password`. `reindex.ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: The password to the truststore (`reindex.ssl.truststore.path`). [7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead. This setting cannot be used with `reindex.ssl.truststore.secure_password`. +: The password to the truststore (`reindex.ssl.truststore.path`). + + :::{admonition} Deprecated in 7.17.0 + Prefer `reindex.ssl.truststore.secure_password` instead. This setting cannot be used with `reindex.ssl.truststore.secure_password`. + ::: `reindex.ssl.truststore.path` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : The path to the Java Keystore file that contains the certificates to trust. This keystore can be in "JKS" or "PKCS#12" format. You cannot specify both `reindex.ssl.certificate_authorities` and `reindex.ssl.truststore.path`. diff --git a/docs/reference/elasticsearch/configuration-reference/index-recovery-settings.md b/docs/reference/elasticsearch/configuration-reference/index-recovery-settings.md index a42602cf4f1fd..a8e07f14ec2b9 100644 --- a/docs/reference/elasticsearch/configuration-reference/index-recovery-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/index-recovery-settings.md @@ -81,7 +81,7 @@ You can use the following *expert* setting to manage resources for peer recoveri ## Recovery settings for managed services [recovery-settings-for-managed-services] ::::{note} -{cloud-only} +{{cloud-only}} :::: diff --git a/docs/reference/elasticsearch/configuration-reference/monitoring-settings.md b/docs/reference/elasticsearch/configuration-reference/monitoring-settings.md index c1902dbff86be..b5ef340fb74b4 100644 --- a/docs/reference/elasticsearch/configuration-reference/monitoring-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/monitoring-settings.md @@ -30,8 +30,11 @@ For more information, see [Monitor a cluster](docs-content://deploy-manage/monit ### General monitoring settings [general-monitoring-settings] `xpack.monitoring.enabled` -: [7.8.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) This deprecated setting has no effect. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) + :::{admonition} Deprecated in 7.8.0 + This deprecated setting has no effect. + ::: ### Monitoring collection settings [monitoring-collection-settings] @@ -39,36 +42,72 @@ $$$monitoring-settings-description$$$ The `xpack.monitoring.collection` settings control how data is collected from your {{es}} nodes. `xpack.monitoring.collection.enabled` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Set to `true` to enable the collection of monitoring data. When this setting is `false` (default), {{es}} monitoring data is not collected and all monitoring data from other sources such as {{kib}}, Beats, and {{ls}} is ignored. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Set to `true` to enable the collection of monitoring data. When this setting is `false` (default), {{es}} monitoring data is not collected and all monitoring data from other sources such as {{kib}}, Beats, and {{ls}} is ignored. $$$xpack-monitoring-collection-interval$$$ `xpack.monitoring.collection.interval` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: [6.3.0] ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Setting to `-1` to disable data collection is no longer supported beginning with 7.0.0. +: :::{admonition} Deprecated in 6.3.0 + This setting was deprecated in 6.3.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Setting to `-1` to disable data collection is no longer supported beginning with 7.0.0. Controls how often data samples are collected. Defaults to `10s`. If you modify the collection interval, set the `xpack.monitoring.min_interval_seconds` option in `kibana.yml` to the same value. `xpack.monitoring.elasticsearch.collection.enabled` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls whether statistics about your {{es}} cluster should be collected. Defaults to `true`. This is different from `xpack.monitoring.collection.enabled`, which allows you to enable or disable all monitoring collection. However, this setting simply disables the collection of {{es}} data while still allowing other data (e.g., {{kib}}, {{ls}}, Beats, or APM Server monitoring data) to pass through this cluster. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls whether statistics about your {{es}} cluster should be collected. Defaults to `true`. This is different from `xpack.monitoring.collection.enabled`, which allows you to enable or disable all monitoring collection. However, this setting simply disables the collection of {{es}} data while still allowing other data (e.g., {{kib}}, {{ls}}, Beats, or APM Server monitoring data) to pass through this cluster. `xpack.monitoring.collection.cluster.stats.timeout` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the cluster statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the cluster statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. `xpack.monitoring.collection.node.stats.timeout` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the node statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the node statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. `xpack.monitoring.collection.indices` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls which indices the {{monitor-features}} collect data from. Defaults to all indices. Specify the index names as a comma-separated list, for example `test1,test2,test3`. Names can include wildcards, for example `test*`. You can explicitly exclude indices by prepending `-`. For example `test*,-test3` will monitor all indexes that start with `test` except for `test3`. System indices like .security* or .kibana* always start with a `.` and generally should be monitored. Consider adding `.*` to the list of indices ensure monitoring of system indices. For example: `.*,test*,-test3` +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls which indices the {{monitor-features}} collect data from. Defaults to all indices. Specify the index names as a comma-separated list, for example `test1,test2,test3`. Names can include wildcards, for example `test*`. You can explicitly exclude indices by prepending `-`. For example `test*,-test3` will monitor all indexes that start with `test` except for `test3`. System indices like .security* or .kibana* always start with a `.` and generally should be monitored. Consider adding `.*` to the list of indices ensure monitoring of system indices. For example: `.*,test*,-test3` `xpack.monitoring.collection.index.stats.timeout` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting index statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting index statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. `xpack.monitoring.collection.index.recovery.active_only` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls whether or not all recoveries are collected. Set to `true` to collect only active recoveries. Defaults to `false`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls whether or not all recoveries are collected. Set to `true` to collect only active recoveries. Defaults to `false`. `xpack.monitoring.collection.index.recovery.timeout` -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the recovery information, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the recovery information, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`. `xpack.monitoring.collection.min_interval_seconds` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the `xpack.monitoring.collection.interval`, use the same value in this setting. @@ -78,7 +117,11 @@ $$$xpack-monitoring-collection-interval$$$ $$$xpack-monitoring-history-duration$$$ `xpack.monitoring.history.duration` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Retention duration beyond which the indices created by a monitoring exporter are automatically deleted, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `7d` (7 days). +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Retention duration beyond which the indices created by a monitoring exporter are automatically deleted, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `7d` (7 days). This setting has a minimum value of `1d` (1 day) to ensure that something is being monitored and it cannot be disabled. @@ -103,17 +146,28 @@ xpack.monitoring.exporters.my_local: ``` `type` -: [7.16.0] The value for a Local exporter must always be `local` and it is required. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + The value for a Local exporter must always be `local` and it is required. `use_ingest` : Whether to supply a placeholder pipeline to the cluster and a pipeline processor with every bulk request. The default value is `true`. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them. `cluster_alerts.management.enabled` -: [7.16.0] Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed. `wait_master.timeout` -: [7.16.0] Time to wait for the master node to setup `local` exporter for monitoring, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). After that wait period, the non-master nodes warn the user for possible missing configuration. Defaults to `30s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: +Time to wait for the master node to setup `local` exporter for monitoring, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). After that wait period, the non-master nodes warn the user for possible missing configuration. Defaults to `30s`. ### HTTP exporter settings [http-exporter-settings] @@ -126,10 +180,18 @@ xpack.monitoring.exporters.my_remote: ``` `type` -: [7.16.0] The value for an HTTP exporter must always be `http` and it is required. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + The value for an HTTP exporter must always be `http` and it is required. `host` -: [7.16.0] Host supports multiple formats, both as an array or as a single value. Supported formats include `hostname`, `hostname:port`, `http://hostname` `http://hostname:port`, `https://hostname`, and `https://hostname:port`. Hosts cannot be assumed. The default scheme is always `http` and the default port is always `9200` if not supplied as part of the `host` string. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Host supports multiple formats, both as an array or as a single value. Supported formats include `hostname`, `hostname:port`, `http://hostname` `http://hostname:port`, `https://hostname`, and `https://hostname:port`. Hosts cannot be assumed. The default scheme is always `http` and the default port is always `9200` if not supplied as part of the `host` string. ```yaml xpack.monitoring.exporters: @@ -149,25 +211,53 @@ xpack.monitoring.exporters.my_remote: `auth.username` -: [7.16.0] The username is required if `auth.secure_password` is supplied. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + The username is required if `auth.secure_password` is supplied. `auth.secure_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md), [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) [7.16.0] The password for the `auth.username`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md), [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the `auth.username`. `connection.timeout` -: [7.16.0] Amount of time that the HTTP connection is supposed to wait for a socket to open for the request, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `6s`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Amount of time that the HTTP connection is supposed to wait for a socket to open for the request, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `6s`. `connection.read_timeout` -: [7.16.0] Amount of time that the HTTP connection is supposed to wait for a socket to send back a response, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `10 * connection.timeout` (`60s` if neither are set). +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Amount of time that the HTTP connection is supposed to wait for a socket to send back a response, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `10 * connection.timeout` (`60s` if neither are set). `ssl` -: [7.16.0] Each HTTP exporter can define its own TLS / SSL settings or inherit them. See [{{monitoring}} TLS/SSL settings](#ssl-monitoring-settings). +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Each HTTP exporter can define its own TLS / SSL settings or inherit them. See [{{monitoring}} TLS/SSL settings](#ssl-monitoring-settings). `proxy.base_path` -: [7.16.0] The base path to prefix any outgoing request, such as `/base/path` (e.g., bulk requests would then be sent as `/base/path/_bulk`). There is no default value. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + The base path to prefix any outgoing request, such as `/base/path` (e.g., bulk requests would then be sent as `/base/path/_bulk`). There is no default value. `headers` -: [7.16.0] Optional headers that are added to every request, which can assist with routing requests through proxies. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Optional headers that are added to every request, which can assist with routing requests through proxies. ```yaml xpack.monitoring.exporters.my_remote: @@ -180,16 +270,28 @@ xpack.monitoring.exporters.my_remote: `index.name.time_format` -: [7.16.0] A mechanism for changing the default date suffix for daily monitoring indices. The default format is `yyyy.MM.dd`. For example, `.monitoring-es-7-2021.08.26`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + A mechanism for changing the default date suffix for daily monitoring indices. The default format is `yyyy.MM.dd`. For example, `.monitoring-es-7-2021.08.26`. `use_ingest` : Whether to supply a placeholder pipeline to the monitoring cluster and a pipeline processor with every bulk request. The default value is `true`. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them. `cluster_alerts.management.enabled` -: [7.16.0] Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed. `cluster_alerts.management.blacklist` -: [7.16.0] Prevents the creation of specific cluster alerts. It also removes any applicable watches that already exist in the current cluster. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Prevents the creation of specific cluster alerts. It also removes any applicable watches that already exist in the current cluster. You can add any of the following watch identifiers to the list of blocked alerts: @@ -208,7 +310,11 @@ xpack.monitoring.exporters.my_remote: You can configure the following TLS/SSL settings. `xpack.monitoring.exporters.$NAME.ssl.supported_protocols` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. {{es}} relies on your JDK’s implementation of SSL and TLS. View [Supported SSL/TLS versions by JDK version](docs-content://deploy-manage/security/supported-ssltls-versions-by-jdk-version.md) for more information. @@ -218,31 +324,29 @@ You can configure the following TLS/SSL settings. `xpack.monitoring.exporters.$NAME.ssl.verification_mode` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Controls the verification of certificates. - - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates. Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.monitoring.exporters.$NAME.ssl.cipher_suites` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. For more information, see Oracle’s [Java Cryptography Architecture documentation](https://docs.oracle.com/en/java/javase/11/security/oracle-providers.md#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2). @@ -257,28 +361,52 @@ The following settings are used to specify a private key, certificate, and the t When using PEM encoded files, use the following settings: `xpack.monitoring.exporters.$NAME.ssl.key` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Path to a PEM encoded file containing the private key. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Path to a PEM encoded file containing the private key. If HTTP client authentication is required, it uses this file. You cannot use this setting and `ssl.keystore.path` at the same time. `xpack.monitoring.exporters.$NAME.ssl.key_passphrase` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. `xpack.monitoring.exporters.$NAME.ssl.secure_key_passphrase` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. `xpack.monitoring.exporters.$NAME.ssl.certificate` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Specifies the path for the PEM encoded certificate (or certificate chain) that is associated with the key. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Specifies the path for the PEM encoded certificate (or certificate chain) that is associated with the key. This setting can be used only if `ssl.key` is set. `xpack.monitoring.exporters.$NAME.ssl.certificate_authorities` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] List of paths to PEM encoded certificate files that should be trusted. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) List of paths to PEM encoded certificate files that should be trusted. This setting and `ssl.truststore.path` cannot be used at the same time. @@ -289,40 +417,72 @@ When using PEM encoded files, use the following settings: When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings: `xpack.monitoring.exporters.$NAME.ssl.keystore.path` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore file that contains a private key and certificate. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore file that contains a private key and certificate. It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.key` at the same time. `xpack.monitoring.exporters.$NAME.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. `xpack.monitoring.exporters.$NAME.ssl.keystore.secure_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the keystore. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.monitoring.exporters.$NAME.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. You cannot use this setting and `ssl.keystore.secure_password` at the same time. `xpack.monitoring.exporters.$NAME.ssl.keystore.secure_key_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the key in the keystore. The default is the keystore password. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password. `xpack.monitoring.exporters.$NAME.ssl.truststore.path` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.certificate_authorities` at the same time. `xpack.monitoring.exporters.$NAME.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. You cannot use this setting and `ssl.truststore.secure_password` at the same time. `xpack.monitoring.exporters.$NAME.ssl.truststore.secure_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] Password for the truststore. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) Password for the truststore. ### PKCS#12 files [monitoring-pkcs12-files] @@ -332,46 +492,94 @@ When using Java keystore files (JKS), which contain the private key, certificate PKCS#12 files are configured in the same way as Java keystore files: `xpack.monitoring.exporters.$NAME.ssl.keystore.path` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore file that contains a private key and certificate. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore file that contains a private key and certificate. It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.key` at the same time. `xpack.monitoring.exporters.$NAME.ssl.keystore.type` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `xpack.monitoring.exporters.$NAME.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `xpack.monitoring.exporters.$NAME.ssl.keystore.secure_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the keystore. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.monitoring.exporters.$NAME.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. `xpack.monitoring.exporters.$NAME.ssl.keystore.secure_key_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the key in the keystore. The default is the keystore password. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password. `xpack.monitoring.exporters.$NAME.ssl.truststore.path` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.certificate_authorities` at the same time. `xpack.monitoring.exporters.$NAME.ssl.truststore.type` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file. `xpack.monitoring.exporters.$NAME.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. `xpack.monitoring.exporters.$NAME.ssl.truststore.secure_password` -: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] Password for the truststore. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + ([Secure](docs-content://deploy-manage/security/secure-settings.md)) Password for the truststore. diff --git a/docs/reference/elasticsearch/configuration-reference/node-settings.md b/docs/reference/elasticsearch/configuration-reference/node-settings.md index 5f0c42080f32a..72de57879007d 100644 --- a/docs/reference/elasticsearch/configuration-reference/node-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/node-settings.md @@ -55,9 +55,7 @@ $$$coordinating-only-node$$$If If you set `node.roles` to an empty array (`node. If you set `node.roles`, ensure you specify every node role your cluster needs. Every cluster requires the following node roles: * `master` -* - - `data_content` and `data_hot`
OR
`data` +* `data_content` and `data_hot` OR `data` Some {{stack}} features also require specific node roles: diff --git a/docs/reference/elasticsearch/configuration-reference/search-settings.md b/docs/reference/elasticsearch/configuration-reference/search-settings.md index 5282743b27068..8b01e979d9dc0 100644 --- a/docs/reference/elasticsearch/configuration-reference/search-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/search-settings.md @@ -13,9 +13,11 @@ The following expert settings can be set to manage global search and aggregation $$$indices-query-bool-max-clause-count$$$ `indices.query.bool.max_clause_count` -: [8.0.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), integer) This deprecated setting has no effect. +: :::{admonition} Deprecated in 8.0.0 + This deprecated setting has no effect. + ::: - {{es}} will now dynamically set the maximum number of allowed clauses in a query, using a heuristic based on the size of the search thread pool and the size of the heap allocated to the JVM. This limit has a minimum value of 1024 and will in most cases be larger (for example, a node with 30Gb RAM and 48 CPUs will have a maximum clause count of around 27,000). Larger heaps lead to higher values, and larger thread pools result in lower values. + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), integer) {{es}} will now dynamically set the maximum number of allowed clauses in a query, using a heuristic based on the size of the search thread pool and the size of the heap allocated to the JVM. This limit has a minimum value of 1024 and will in most cases be larger (for example, a node with 30Gb RAM and 48 CPUs will have a maximum clause count of around 27,000). Larger heaps lead to higher values, and larger thread pools result in lower values. Queries with many clauses should be avoided whenever possible. If you previously bumped this setting to accommodate heavy queries, you might need to increase the amount of memory available to {{es}}, or to reduce the size of your search thread pool so that more memory is available to each concurrent search. diff --git a/docs/reference/elasticsearch/configuration-reference/security-settings.md b/docs/reference/elasticsearch/configuration-reference/security-settings.md index 98828db3af0dd..d83ee1ed25803 100644 --- a/docs/reference/elasticsearch/configuration-reference/security-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/security-settings.md @@ -280,7 +280,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The DN of the user that is used to bind to the LDAP and perform searches. Only applicable in user search mode. If not specified, an anonymous bind is attempted. Defaults to Empty. Due to its potential security impact, `bind_dn` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). `bind_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [6.3] Use `secure_bind_password` instead. The password for the user that is used to bind to the LDAP directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). +: :::{admonition} Deprecated in 6.3 + Use `secure_bind_password` instead. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the user that is used to bind to the LDAP directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). `secure_bind_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md), [Reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the user that is used to bind to the LDAP directory. Defaults to Empty. @@ -315,7 +319,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Specifies the filter used to search the directory in attempts to match an entry with the username provided by the user. Defaults to `(uid={{0}})`. `{{0}}` is substituted with the username provided when searching. `user_search.attribute` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [5.6] Use `user_search.filter` instead. The attribute to match with the username sent with the request. Defaults to `uid`. +: :::{admonition} Deprecated in 5.6 + Use `user_search.filter` instead. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The attribute to match with the username sent with the request. Defaults to `uid`. `user_search.pool.enabled` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Enables or disables connection pooling for user search. If set to `false`, a new connection is created for every search. The default is `true` when `bind_dn` is set. @@ -363,7 +371,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP connect timeout period for establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to `5s` (5 seconds ). `timeout.tcp_read` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.7] The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds. +: :::{admonition} Deprecated in 7.7 + This setting was deprecated in 7.7. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds. `timeout.response` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The time interval to wait for the response from the LDAP server. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`. @@ -380,7 +392,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can `ssl.key_passphrase` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -416,13 +432,21 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -439,7 +463,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can `ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -453,26 +481,16 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can `ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Indicates the type of verification when using `ldaps` to protect against man in the middle attacks and certificate forgery. - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `ssl.supported_protocols` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. The default is `TLSv1.3,TLSv1.2`. @@ -530,7 +548,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The DN of the user that is used to bind to Active Directory and perform searches. Defaults to Empty. Due to its potential security impact, `bind_dn` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). `bind_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [6.3] Use `secure_bind_password` instead. The password for the user that is used to bind to Active Directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the user that is used to bind to Active Directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info). + + :::{admonition} Deprecated in 6.3 + Use `secure_bind_password` instead. + ::: `secure_bind_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md), [Reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the user that is used to bind to Active Directory. Defaults to Empty. @@ -587,7 +609,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP connect timeout period for establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to `5s` (5 seconds ). `timeout.tcp_read` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.7] The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`. +: :::{admonition} Deprecated in 7.7 + This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP read timeout period after establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`. `timeout.response` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The time interval to wait for the response from the AD server. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`. @@ -620,7 +646,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) `ssl.key_passphrase` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -629,7 +659,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. `ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -638,7 +672,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password. `ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `ssl.secure_keystore.password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. @@ -655,7 +693,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -677,26 +719,16 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) `ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Indicates the type of verification when using `ldaps` to protect against man in the middle attacks and certificate forgery. - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + Defaults to `full`. - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `ssl.supported_protocols` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. @@ -744,7 +776,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings) : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Algorithm for the truststore. Defaults to `SunX509`. `truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -950,7 +986,11 @@ These settings are not used for any purpose other than loading metadata over htt `ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -983,7 +1023,11 @@ These settings are not used for any purpose other than loading metadata over htt : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. @@ -992,7 +1036,11 @@ These settings are not used for any purpose other than loading metadata over htt `ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1014,7 +1062,11 @@ You cannot use this setting and `ssl.keystore.key_password` at the same time. : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`. `ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1028,26 +1080,16 @@ You cannot use this setting and `ssl.keystore.key_password` at the same time. `ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates. - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. @@ -1230,7 +1272,11 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -1263,7 +1309,11 @@ These settings are *only* used for the back-channel communication between {{es}} : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. @@ -1272,7 +1322,11 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1295,7 +1349,11 @@ These settings are *only* used for the back-channel communication between {{es}} : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`. `ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1309,26 +1367,16 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates. - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. @@ -1488,7 +1536,11 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -1521,7 +1573,11 @@ These settings are *only* used for the back-channel communication between {{es}} : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. @@ -1530,7 +1586,11 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1553,7 +1613,11 @@ These settings are *only* used for the back-channel communication between {{es}} : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`. `ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1567,26 +1631,16 @@ These settings are *only* used for the back-channel communication between {{es}} `ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates. - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVM’s SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`. @@ -1655,26 +1709,16 @@ You can configure the following TLS/SSL settings. `xpack.security.http.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The SSL settings in `xpack.security.http.ssl` control a *server context* for TLS, which defines the settings for the TLS connection. The use of `verification_mode` in a TLS *server* is discouraged. Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.security.http.ssl.cipher_suites` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. @@ -1698,7 +1742,11 @@ When using PEM encoded files, use the following settings: `xpack.security.http.ssl.key_passphrase` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -1730,13 +1778,21 @@ When using Java keystore files (JKS), which contain the private key, certificate `xpack.security.http.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `xpack.security.http.ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.security.http.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1751,7 +1807,11 @@ When using Java keystore files (JKS), which contain the private key, certificate `xpack.security.http.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1776,13 +1836,21 @@ PKCS#12 files are configured in the same way as Java keystore files: : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `xpack.security.http.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `xpack.security.http.ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.security.http.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1800,7 +1868,11 @@ PKCS#12 files are configured in the same way as Java keystore files: : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file. `xpack.security.http.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1833,26 +1905,16 @@ You can configure the following TLS/SSL settings. `xpack.security.transport.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.security.transport.ssl.cipher_suites` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. @@ -1879,7 +1941,11 @@ When using PEM encoded files, use the following settings: `xpack.security.transport.ssl.key_passphrase` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.secure_key_passphrase` instead. + ::: You cannot use this setting and `ssl.secure_key_passphrase` at the same time. @@ -1913,13 +1979,21 @@ When using Java keystore files (JKS), which contain the private key, certificate `xpack.security.transport.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `xpack.security.transport.ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.security.transport.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1934,7 +2008,11 @@ When using Java keystore files (JKS), which contain the private key, certificate `xpack.security.transport.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -1959,13 +2037,21 @@ PKCS#12 files are configured in the same way as Java keystore files: : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`. `xpack.security.transport.ssl.keystore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_password` instead. + ::: `xpack.security.transport.ssl.keystore.secure_password` : ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore. `xpack.security.transport.ssl.keystore.key_password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.keystore.secure_key_password` instead. + ::: You cannot use this setting and `ssl.keystore.secure_password` at the same time. @@ -1983,7 +2069,11 @@ PKCS#12 files are configured in the same way as Java keystore files: : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file. `xpack.security.transport.ssl.truststore.password` -: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead. +: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. + + :::{admonition} Deprecated in 7.17.0 + Prefer `ssl.truststore.secure_password` instead. + ::: You cannot use this setting and `ssl.truststore.secure_password` at the same time. @@ -2016,26 +2106,16 @@ You can configure the following TLS/SSL settings. `xpack.security.remote_cluster_server.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The SSL settings in `xpack.security.remote_cluster_server.ssl` control a *server context* for TLS, which defines the settings for the TLS connection. The use of `verification_mode` in a TLS *server* is discouraged. Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.security.remote_cluster_server.ssl.cipher_suites` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. @@ -2155,26 +2235,16 @@ You can configure the following TLS/SSL settings. `xpack.security.remote_cluster_client.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.security.remote_cluster_client.ssl.cipher_suites` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. @@ -2315,67 +2385,66 @@ Certain realms store user credentials in memory. To limit exposure to credential $$$cache-hash-algo$$$ -| | | | | -| --- | --- | --- | --- | -| Algorithm | | | Description | -| `ssha256` | | | Uses a salted `sha-256` algorithm (default). | -| `md5` | | | Uses `MD5` algorithm. | -| `sha1` | | | Uses `SHA1` algorithm. | -| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | -| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. | -| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. | -| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. | -| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. | -| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. | -| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. | -| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | -| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | -| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | -| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | -| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | -| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | -| `noop`,`clear_text` | | | Doesn’t hash the credentials and keeps it in clear text in memory. CAUTION: keeping clear text is considered insecure and can be compromised at the OS level (for example through memory dumps and using `ptrace`). | +| Algorithm | Description | +| --- | --- | +| `ssha256` | Uses a salted `sha-256` algorithm (default). | +| `md5` | Uses `MD5` algorithm. | +| `sha1` | Uses `SHA1` algorithm. | +| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | +| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. | +| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. | +| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. | +| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. | +| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. | +| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. | +| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | +| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | +| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | +| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | +| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | +| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | +| `noop`,`clear_text` | Doesn’t hash the credentials and keeps it in clear text in memory. CAUTION: keeping clear text is considered insecure and can be compromised at the OS level (for example through memory dumps and using `ptrace`). | Likewise, realms that store passwords hash them using cryptographically strong and password-specific salt values. You can configure the algorithm for password hashing by setting the [static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting) `xpack.security.authc.password_hashing.algorithm` setting to one of the following: $$$password-hashing-algorithms$$$ -| Algorithm | | | Description | -| --- | --- | --- | --- | -| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. (default) | -| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. | -| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. | -| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. | -| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. | -| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. | -| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. | -| `bcrypt10` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | -| `bcrypt11` | | | Uses `bcrypt` algorithm with salt generated in 2048 rounds. | -| `bcrypt12` | | | Uses `bcrypt` algorithm with salt generated in 4096 rounds. | -| `bcrypt13` | | | Uses `bcrypt` algorithm with salt generated in 8192 rounds. | -| `bcrypt14` | | | Uses `bcrypt` algorithm with salt generated in 16384 rounds. | -| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | -| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | -| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | -| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | -| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | -| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | +| Algorithm | Description | +| --- | --- | +| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. (default) | +| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. | +| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. | +| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. | +| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. | +| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. | +| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. | +| `bcrypt10` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | +| `bcrypt11` | Uses `bcrypt` algorithm with salt generated in 2048 rounds. | +| `bcrypt12` | Uses `bcrypt` algorithm with salt generated in 4096 rounds. | +| `bcrypt13` | Uses `bcrypt` algorithm with salt generated in 8192 rounds. | +| `bcrypt14` | Uses `bcrypt` algorithm with salt generated in 16384 rounds. | +| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | +| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | +| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | +| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | +| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | +| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | Furthermore, {{es}} supports authentication via securely-generated high entropy tokens, for instance [API keys](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-api-key). Analogous to passwords, only the tokens' hashes are stored. Since the tokens are guaranteed to have sufficiently high entropy to resist offline attacks, secure salted hash functions are supported in addition to the password-hashing algorithms mentioned above. @@ -2383,35 +2452,35 @@ You can configure the algorithm for API key stored credential hashing by setting $$$secure-token-hashing-algorithms$$$ -| Algorithm | | | Description | -| --- | --- | --- | --- | -| `ssha256` | | | Uses a salted `sha-256` algorithm. (default) | -| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | -| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. | -| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. | -| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. | -| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. | -| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. | -| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. | -| `bcrypt10` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | -| `bcrypt11` | | | Uses `bcrypt` algorithm with salt generated in 2048 rounds. | -| `bcrypt12` | | | Uses `bcrypt` algorithm with salt generated in 4096 rounds. | -| `bcrypt13` | | | Uses `bcrypt` algorithm with salt generated in 8192 rounds. | -| `bcrypt14` | | | Uses `bcrypt` algorithm with salt generated in 16384 rounds. | -| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | -| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | -| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | -| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | -| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | -| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | -| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | -| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | +| Algorithm | Description | +| --- | --- | +| `ssha256` | Uses a salted `sha-256` algorithm. (default) | +| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | +| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. | +| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. | +| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. | +| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. | +| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. | +| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. | +| `bcrypt10` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. | +| `bcrypt11` | Uses `bcrypt` algorithm with salt generated in 2048 rounds. | +| `bcrypt12` | Uses `bcrypt` algorithm with salt generated in 4096 rounds. | +| `bcrypt13` | Uses `bcrypt` algorithm with salt generated in 8192 rounds. | +| `bcrypt14` | Uses `bcrypt` algorithm with salt generated in 16384 rounds. | +| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. | +| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. | +| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. | +| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. | +| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. | +| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. | +| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. | +| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. | diff --git a/docs/reference/elasticsearch/configuration-reference/transforms-settings.md b/docs/reference/elasticsearch/configuration-reference/transforms-settings.md index 4a69385a1eaa0..e8b2953b162fd 100644 --- a/docs/reference/elasticsearch/configuration-reference/transforms-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/transforms-settings.md @@ -26,7 +26,11 @@ You do not need to configure any settings to use {{transforms}}. It is enabled b `xpack.transform.enabled` -: [7.8.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) This deprecated setting no longer has any effect. +: :::{admonition} Deprecated in 7.8.0 + This deprecated setting no longer has any effect. + ::: + + ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) `xpack.transform.num_transform_failure_retries` : ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) The number of times that a {{transform}} retries when it experiences a non-fatal error. Once the number of retries is exhausted, the {{transform}} task is marked as `failed`. The default value is `10` with a valid minimum of `0` and maximum of `100`. If a {{transform}} is already running, it has to be restarted to use the changed setting. The `num_failure_retries` setting can also be specified on an individual {{transform}} level. Specifying this setting for each {{transform}} individually is recommended. diff --git a/docs/reference/elasticsearch/configuration-reference/watcher-settings.md b/docs/reference/elasticsearch/configuration-reference/watcher-settings.md index fc6ae6340967f..e49ce56c38767 100644 --- a/docs/reference/elasticsearch/configuration-reference/watcher-settings.md +++ b/docs/reference/elasticsearch/configuration-reference/watcher-settings.md @@ -83,26 +83,16 @@ You can configure the following TLS/SSL settings. `xpack.http.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values** + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.http.ssl.cipher_suites` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted") : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. @@ -339,26 +329,16 @@ You can configure the following TLS/SSL settings. `xpack.notification.email.ssl.verification_mode` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection: - ::::{dropdown} Valid values - `full` - : Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. - - `certificate` - : Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. - - `none` - : Performs no certificate validation. - - ::::{important} - Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. - :::: - - - :::: - - Defaults to `full`. + **Valid values**: + * `full`: Validates that the provided certificate: has an issue date that’s within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate. + * `certificate`: Validates the provided certificate and verifies that it’s signed by a trusted authority (CA), but doesn’t check the certificate `hostname`. + * `none`: Performs no certificate validation. + + ::::{important} + Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors. + :::: `xpack.notification.email.ssl.cipher_suites` : ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`. diff --git a/docs/reference/elasticsearch/index-lifecycle-actions/ilm-searchable-snapshot.md b/docs/reference/elasticsearch/index-lifecycle-actions/ilm-searchable-snapshot.md index 3fb5eb466beb6..df12e0f94e344 100644 --- a/docs/reference/elasticsearch/index-lifecycle-actions/ilm-searchable-snapshot.md +++ b/docs/reference/elasticsearch/index-lifecycle-actions/ilm-searchable-snapshot.md @@ -40,12 +40,11 @@ By default, this snapshot is deleted by the [delete action](/reference/elasticse `force_merge_index` : (Optional, Boolean) Force merges the managed index to one segment. Defaults to `true`. If the managed index was already force merged using the [force merge action](/reference/elasticsearch/index-lifecycle-actions/ilm-forcemerge.md) in a previous action the `searchable snapshot` action force merge step will be a no-op. -::::{note} -Shards that are relocating during a `forcemerge` will not be merged. The `searchable_snapshot` action will continue executing even if not all shards are force merged. -:::: - + ::::{note} + Shards that are relocating during a `forcemerge` will not be merged. The `searchable_snapshot` action will continue executing even if not all shards are force merged. + :::: -This force merging occurs in the phase that the index is in **prior** to the `searchable_snapshot` action. For example, if using a `searchable_snapshot` action in the `hot` phase, the force merge will be performed on the hot nodes. If using a `searchable_snapshot` action in the `cold` phase, the force merge will be performed on whatever tier the index is **prior** to the `cold` phase (either `hot` or `warm`). + This force merging occurs in the phase that the index is in **prior** to the `searchable_snapshot` action. For example, if using a `searchable_snapshot` action in the `hot` phase, the force merge will be performed on the hot nodes. If using a `searchable_snapshot` action in the `cold` phase, the force merge will be performed on whatever tier the index is **prior** to the `cold` phase (either `hot` or `warm`). `total_shards_per_node` : The maximum number of shards (replicas and primaries) that will be allocated to a single node for the searchable snapshot index. Defaults to unbounded. diff --git a/docs/reference/elasticsearch/index-settings/history-retention.md b/docs/reference/elasticsearch/index-settings/history-retention.md index fa39ffd391433..ec057c66ff41d 100644 --- a/docs/reference/elasticsearch/index-settings/history-retention.md +++ b/docs/reference/elasticsearch/index-settings/history-retention.md @@ -20,7 +20,11 @@ If a shard copy fails then it stops updating its shard history retention lease, ## History retention settings [_history_retention_settings] `index.soft_deletes.enabled` -: [7.6.0] Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`. +: :::{admonition} Deprecated in 7.6.0 + This setting was deprecated in 7.6.0. + ::: + + Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`. `index.soft_deletes.retention_lease.period` : The maximum period to retain a shard history retention lease before it is considered expired. Shard history retention leases ensure that soft deletes are retained during merges on the Lucene index. If a soft delete is merged away before it can be replicated to a follower the following process will fail due to incomplete history on the leader. Defaults to `12h`. diff --git a/docs/reference/elasticsearch/index-settings/index-block.md b/docs/reference/elasticsearch/index-settings/index-block.md index e292f3f0e303c..71f303a6a4ae3 100644 --- a/docs/reference/elasticsearch/index-settings/index-block.md +++ b/docs/reference/elasticsearch/index-settings/index-block.md @@ -65,7 +65,8 @@ PUT /my-index-000001/_block/write `` : (Required, string) Block type to add to the index. - ::::{dropdown} Valid values for `` + **Valid values**: + `metadata` : Disable metadata changes, such as closing the index. diff --git a/docs/reference/elasticsearch/index-settings/index-modules.md b/docs/reference/elasticsearch/index-settings/index-modules.md index 393f4d30c9392..5c88c693693ce 100644 --- a/docs/reference/elasticsearch/index-settings/index-modules.md +++ b/docs/reference/elasticsearch/index-settings/index-modules.md @@ -89,7 +89,11 @@ $$$routing-partition-size$$$ `index.routing_partition_size` $$$ccr-index-soft-deletes$$$ `index.soft_deletes.enabled` -: [7.6.0] Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`. +: :::{admonition} Deprecated in 7.6.0 + This setting was deprecated in 7.6.0. + ::: + + Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`. $$$ccr-index-soft-deletes-retention-period$$$ @@ -100,24 +104,22 @@ $$$load-fixed-bitset-filters-eagerly$$$ `index.load_fixed_bitset_filters_eagerly : Indicates whether [cached filters](/reference/query-languages/query-dsl/query-filter-context.md) are pre-loaded for nested queries. Possible values are `true` (default) and `false`. $$$index-shard-check-on-startup$$$ `index.shard.check_on_startup` -: :::::{admonition} -::::{warning} -Expert users only. This setting enables some very expensive processing at shard startup and is only ever useful while diagnosing a problem in your cluster. If you do use it, you should do so only temporarily and remove it once it is no longer needed. -:::: - +: ::::{warning} + Expert users only. This setting enables some very expensive processing at shard startup and is only ever useful while diagnosing a problem in your cluster. If you do use it, you should do so only temporarily and remove it once it is no longer needed. + :::: -{{es}} automatically performs integrity checks on the contents of shards at various points during their lifecycle. For instance, it verifies the checksum of every file transferred when recovering a replica or taking a snapshot. It also verifies the integrity of many important files when opening a shard, which happens when starting up a node and when finishing a shard recovery or relocation. You can therefore manually verify the integrity of a whole shard while it is running by taking a snapshot of it into a fresh repository or by recovering it onto a fresh node. + {{es}} automatically performs integrity checks on the contents of shards at various points during their lifecycle. For instance, it verifies the checksum of every file transferred when recovering a replica or taking a snapshot. It also verifies the integrity of many important files when opening a shard, which happens when starting up a node and when finishing a shard recovery or relocation. You can therefore manually verify the integrity of a whole shard while it is running by taking a snapshot of it into a fresh repository or by recovering it onto a fresh node. -This setting determines whether {{es}} performs additional integrity checks while opening a shard. If these checks detect corruption then they will prevent the shard from being opened. It accepts the following values: + This setting determines whether {{es}} performs additional integrity checks while opening a shard. If these checks detect corruption then they will prevent the shard from being opened. It accepts the following values: -`false` -: Don’t perform additional checks for corruption when opening a shard. This is the default and recommended behaviour. + `false` + : Don’t perform additional checks for corruption when opening a shard. This is the default and recommended behaviour. -`checksum` -: Verify that the checksum of every file in the shard matches its contents. This will detect cases where the data read from disk differ from the data that {{es}} originally wrote, for instance due to undetected disk corruption or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth and may affect cluster performance by evicting important data from your filesystem cache. + `checksum` + : Verify that the checksum of every file in the shard matches its contents. This will detect cases where the data read from disk differ from the data that {{es}} originally wrote, for instance due to undetected disk corruption or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth and may affect cluster performance by evicting important data from your filesystem cache. -`true` -: Performs the same checks as `checksum` and also checks for logical inconsistencies in the shard, which could for instance be caused by the data being corrupted while it was being written due to faulty RAM or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth, and then performing various checks on the contents of the shard which take substantial time, CPU and memory. + `true` + : Performs the same checks as `checksum` and also checks for logical inconsistencies in the shard, which could for instance be caused by the data being corrupted while it was being written due to faulty RAM or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth, and then performing various checks on the contents of the shard which take substantial time, CPU and memory. ::::: diff --git a/docs/reference/elasticsearch/index-settings/store.md b/docs/reference/elasticsearch/index-settings/store.md index 233338c80fe47..a75123ecdd1ca 100644 --- a/docs/reference/elasticsearch/index-settings/store.md +++ b/docs/reference/elasticsearch/index-settings/store.md @@ -46,9 +46,11 @@ The following sections lists all the different storage types supported. : Default file system implementation. This will pick the best implementation depending on the operating environment, which is currently `hybridfs` on all supported systems but is subject to change. $$$simplefs$$$`simplefs` -: deprecated::[7.15,"simplefs is deprecated and will be removed in 8.0. Use niofs or other file systems instead. Elasticsearch 7.15 or later uses niofs for the simplefs store type as it offers superior or equivalent performance to simplefs."] +: :::{admonition} Deprecated in 7.15 + simplefs is deprecated and will be removed in 8.0. Use niofs or other file systems instead. Elasticsearch 7.15 or later uses niofs for the simplefs store type as it offers superior or equivalent performance to simplefs. + ::: -The Simple FS type is a straightforward implementation of file system storage (maps to Lucene `SimpleFsDirectory`) using a random access file. This implementation has poor concurrent performance (multiple threads will bottleneck) and disables some optimizations for heap memory usage. + The Simple FS type is a straightforward implementation of file system storage (maps to Lucene `SimpleFsDirectory`) using a random access file. This implementation has poor concurrent performance (multiple threads will bottleneck) and disables some optimizations for heap memory usage. $$$niofs$$$`niofs` : The NIO FS type stores the shard index on the file system (maps to Lucene `NIOFSDirectory`) using NIO. It allows multiple threads to read from the same file concurrently. It is not recommended on Windows because of a bug in the SUN Java implementation and disables some optimizations for heap memory usage. diff --git a/docs/reference/elasticsearch/mapping-reference/aggregate-metric-double.md b/docs/reference/elasticsearch/mapping-reference/aggregate-metric-double.md index bd27b239d60b6..44095745e30ba 100644 --- a/docs/reference/elasticsearch/mapping-reference/aggregate-metric-double.md +++ b/docs/reference/elasticsearch/mapping-reference/aggregate-metric-double.md @@ -42,16 +42,14 @@ PUT my-index `time_series_metric` : (Optional, string) Marks the field as a [time series metric](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric). The value is the metric type. You can’t update this parameter for existing fields. - ::::{dropdown} Valid `time_series_metric` values for `aggregate_metric_double` fields + **Valid `time_series_metric` values for `aggregate_metric_double` fields**: + `gauge` : A metric that represents a single numeric that can arbitrarily increase or decrease. For example, a temperature or available disk space. `null` (Default) : Not a time series metric. - :::: - - ## Uses [aggregate-metric-double-uses] diff --git a/docs/reference/elasticsearch/mapping-reference/array.md b/docs/reference/elasticsearch/mapping-reference/array.md index f2660e84bea62..c53fd182abec5 100644 --- a/docs/reference/elasticsearch/mapping-reference/array.md +++ b/docs/reference/elasticsearch/mapping-reference/array.md @@ -12,7 +12,7 @@ In Elasticsearch, there is no dedicated `array` data type. Any field can contain * an array of arrays: [ `1`, [ `2`, `3` ]] which is the equivalent of [ `1`, `2`, `3` ] * an array of objects: [ `{ "name": "Mary", "age": 12 }`, `{ "name": "John", "age": 10 }`] -::::{admonition} Arrays with `object` field type vs `nested` type +::::{admonition} Arrays with object field type vs nested type :class: note Arrays of objects in Elasticsearch do not behave as you would expect: queries may match fields across different objects in the array, leading to unexpected results. By default, arrays of objects are [flattened](/reference/elasticsearch/mapping-reference/nested.md#nested-arrays-flattening-objects) during indexing. To ensure queries match values within the same object, use the [`nested`](/reference/elasticsearch/mapping-reference/nested.md) data type instead of the [`object`](/reference/elasticsearch/mapping-reference/object.md) data type. diff --git a/docs/reference/elasticsearch/mapping-reference/dense-vector.md b/docs/reference/elasticsearch/mapping-reference/dense-vector.md index ddd8d0c342bed..76f7156e50b94 100644 --- a/docs/reference/elasticsearch/mapping-reference/dense-vector.md +++ b/docs/reference/elasticsearch/mapping-reference/dense-vector.md @@ -190,7 +190,7 @@ $$$dense-vector-element-type$$$ `element_type` : (Optional, string) The data type used to encode vectors. The supported data types are `float` (default), `byte`, and bit. -::::{dropdown} Valid values for `element_type` +::::{dropdown} Valid values for element_type `float` : indexes a 4-byte floating-point value per dimension. This is the default value. @@ -211,15 +211,15 @@ $$$dense-vector-element-type$$$ $$$dense-vector-similarity$$$ `similarity` -: (Optional*, string) The vector similarity metric to use in kNN search. Documents are ranked by their vector field’s similarity to the query vector. The `_score` of each document will be derived from the similarity, in a way that ensures scores are positive and that a larger score corresponds to a higher ranking. Defaults to `l2_norm` when `element_type: bit` otherwise defaults to `cosine`. +: (Optional[¹](#footnote-1), string) The vector similarity metric to use in kNN search. Documents are ranked by their vector field’s similarity to the query vector. The `_score` of each document will be derived from the similarity, in a way that ensures scores are positive and that a larger score corresponds to a higher ranking. Defaults to `l2_norm` when `element_type: bit` otherwise defaults to `cosine`. - * This parameter can only be specified when `index` is `true`. + ¹ $$$footnote-1$$$ This parameter can only be specified when `index` is `true`. ::::{note} `bit` vectors only support `l2_norm` as their similarity metric. :::: -::::{dropdown} Valid values for `similarity` +::::{dropdown} Valid values for similarity `l2_norm` : Computes similarity based on the L2 distance (also known as Euclidean distance) between the vectors. The document `_score` is computed as `1 / (1 + l2_norm(query, vector)^2)`. @@ -247,41 +247,41 @@ Although they are conceptually related, the `similarity` parameter is different $$$dense-vector-index-options$$$ `index_options` -: (Optional*, object) An optional section that configures the kNN indexing algorithm. The HNSW algorithm has two internal parameters that influence how the data structure is built. These can be adjusted to improve the accuracy of results, at the expense of slower indexing speed. - - * This parameter can only be specified when `index` is `true`. - - ::::{dropdown} Properties of `index_options` - `type` - : (Required, string) The type of kNN algorithm to use. Can be either any of: - * `hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) for scalable approximate kNN search. This supports all `element_type` values. - * `int8_hnsw` - The default index type for float vectors. This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 4x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). - * `int4_hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 8x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). - * `bbq_hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically binary quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 32x at the cost of accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). - * `flat` - This utilizes a brute-force search algorithm for exact kNN search. This supports all `element_type` values. - * `int8_flat` - This utilizes a brute-force search algorithm in addition to automatically scalar quantization. Only supports `element_type` of `float`. - * `int4_flat` - This utilizes a brute-force search algorithm in addition to automatically half-byte scalar quantization. Only supports `element_type` of `float`. - * `bbq_flat` - This utilizes a brute-force search algorithm in addition to automatically binary quantization. Only supports `element_type` of `float`. - - `m` - : (Optional, integer) The number of neighbors each node will be connected to in the HNSW graph. Defaults to `16`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types. - - `ef_construction` - : (Optional, integer) The number of candidates to track while assembling the list of nearest neighbors for each new node. Defaults to `100`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types. - - `confidence_interval` - : (Optional, float) Only applicable to `int8_hnsw`, `int4_hnsw`, `int8_flat`, and `int4_flat` index types. The confidence interval to use when quantizing the vectors. Can be any value between and including `0.90` and `1.0` or exactly `0`. When the value is `0`, this indicates that dynamic quantiles should be calculated for optimized quantization. When between `0.90` and `1.0`, this value restricts the values used when calculating the quantization thresholds. For example, a value of `0.95` will only use the middle 95% of the values when calculating the quantization thresholds (e.g. the highest and lowest 2.5% of values will be ignored). Defaults to `1/(dims + 1)` for `int8` quantized vectors and `0` for `int4` for dynamic quantile calculation. - - - `rescore_vector` - : (Optional, object) An optional section that configures automatic vector rescoring on knn queries for the given field. Only applicable to quantized index types. - :::::{dropdown} Properties of `rescore_vector` - `oversample` - : (required, float) The amount to oversample the search results by. This value should be greater than `1.0` and less than `10.0` or exactly `0` to indicate no oversampling & rescoring should occur. The higher the value, the more vectors will be gathered and rescored with the raw values per shard. - : In case a knn query specifies a `rescore_vector` parameter, the query `rescore_vector` parameter will be used instead. - : See [oversampling and rescoring quantized vectors](docs-content://solutions/search/vector/knn.md#dense-vector-knn-search-rescoring) for details. - ::::: - :::: +: (Optional[²](#footnote-2), object) An optional section that configures the kNN indexing algorithm. The HNSW algorithm has two internal parameters that influence how the data structure is built. These can be adjusted to improve the accuracy of results, at the expense of slower indexing speed. + + ² $$$footnote-2$$$ This parameter can only be specified when `index` is `true`. + +::::{dropdown} Properties of index_options +`type` +: (Required, string) The type of kNN algorithm to use. Can be either any of: + * `hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) for scalable approximate kNN search. This supports all `element_type` values. + * `int8_hnsw` - The default index type for float vectors. This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 4x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). + * `int4_hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 8x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). + * `bbq_hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically binary quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 32x at the cost of accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization). + * `flat` - This utilizes a brute-force search algorithm for exact kNN search. This supports all `element_type` values. + * `int8_flat` - This utilizes a brute-force search algorithm in addition to automatically scalar quantization. Only supports `element_type` of `float`. + * `int4_flat` - This utilizes a brute-force search algorithm in addition to automatically half-byte scalar quantization. Only supports `element_type` of `float`. + * `bbq_flat` - This utilizes a brute-force search algorithm in addition to automatically binary quantization. Only supports `element_type` of `float`. + +`m` +: (Optional, integer) The number of neighbors each node will be connected to in the HNSW graph. Defaults to `16`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types. + +`ef_construction` +: (Optional, integer) The number of candidates to track while assembling the list of nearest neighbors for each new node. Defaults to `100`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types. + +`confidence_interval` +: (Optional, float) Only applicable to `int8_hnsw`, `int4_hnsw`, `int8_flat`, and `int4_flat` index types. The confidence interval to use when quantizing the vectors. Can be any value between and including `0.90` and `1.0` or exactly `0`. When the value is `0`, this indicates that dynamic quantiles should be calculated for optimized quantization. When between `0.90` and `1.0`, this value restricts the values used when calculating the quantization thresholds. For example, a value of `0.95` will only use the middle 95% of the values when calculating the quantization thresholds (e.g. the highest and lowest 2.5% of values will be ignored). Defaults to `1/(dims + 1)` for `int8` quantized vectors and `0` for `int4` for dynamic quantile calculation. + + +`rescore_vector` +: (Optional, object) An optional section that configures automatic vector rescoring on knn queries for the given field. Only applicable to quantized index types. +:::::{dropdown} Properties of rescore_vector +`oversample` +: (required, float) The amount to oversample the search results by. This value should be greater than `1.0` and less than `10.0` or exactly `0` to indicate no oversampling & rescoring should occur. The higher the value, the more vectors will be gathered and rescored with the raw values per shard. + : In case a knn query specifies a `rescore_vector` parameter, the query `rescore_vector` parameter will be used instead. + : See [oversampling and rescoring quantized vectors](docs-content://solutions/search/vector/knn.md#dense-vector-knn-search-rescoring) for details. +::::: +:::: diff --git a/docs/reference/elasticsearch/mapping-reference/keyword.md b/docs/reference/elasticsearch/mapping-reference/keyword.md index 8ce4642e1ea88..c392a71b59499 100644 --- a/docs/reference/elasticsearch/mapping-reference/keyword.md +++ b/docs/reference/elasticsearch/mapping-reference/keyword.md @@ -113,11 +113,8 @@ The following parameters are accepted by `keyword` fields: The `index.mapping.dimension_fields.limit` [index setting](/reference/elasticsearch/index-settings/time-series.md) limits the number of dimensions in an index. Dimension fields have the following constraints: - * The `doc_values` and `index` mapping parameters must be `true`. - * Dimension values are used to identify a document’s time series. If dimension values are altered in any way during indexing, the document will be stored as belonging to different from intended time series. As a result there are additional constraints: - - * The field cannot use a [`normalizer`](/reference/elasticsearch/mapping-reference/normalizer.md). + * Dimension values are used to identify a document’s time series. If dimension values are altered in any way during indexing, the document will be stored as belonging to different from intended time series. As a result there are additional constraints: the field cannot use a [`normalizer`](/reference/elasticsearch/mapping-reference/normalizer.md). ## Synthetic `_source` [keyword-synthetic-source] diff --git a/docs/reference/elasticsearch/mapping-reference/mapping-source-field.md b/docs/reference/elasticsearch/mapping-reference/mapping-source-field.md index a5e0b95af48e3..931909d1cb371 100644 --- a/docs/reference/elasticsearch/mapping-reference/mapping-source-field.md +++ b/docs/reference/elasticsearch/mapping-reference/mapping-source-field.md @@ -305,7 +305,7 @@ PUT my-index-000001 } ``` -::::{admonition} Think before disabling the `_source` field +::::{admonition} Think before disabling the _source field :class: warning Users often disable the `_source` field without thinking about the consequences, and then live to regret it. If the `_source` field isn’t available then a number of features are not supported: diff --git a/docs/reference/elasticsearch/mapping-reference/number.md b/docs/reference/elasticsearch/mapping-reference/number.md index 0ec553db48d66..7613810421345 100644 --- a/docs/reference/elasticsearch/mapping-reference/number.md +++ b/docs/reference/elasticsearch/mapping-reference/number.md @@ -10,10 +10,10 @@ mapped_pages: The following numeric types are supported: `long` -: A signed 64-bit integer with a minimum value of `-2`^`63`^ and a maximum value of `2`^`63`^`-1`. +: A signed 64-bit integer with a minimum value of `-2^63` and a maximum value of `2^63 - 1`. `integer` -: A signed 32-bit integer with a minimum value of `-2`^`31`^ and a maximum value of `2`^`31`^`-1`. +: A signed 32-bit integer with a minimum value of `-2^31` and a maximum value of `2^31 - 1`. `short` : A signed 16-bit integer with a minimum value of `-32,768` and a maximum value of `32,767`. @@ -34,7 +34,7 @@ The following numeric types are supported: : A floating point number that is backed by a `long`, scaled by a fixed `double` scaling factor. `unsigned_long` -: An unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2`^`64`^`-1`. +: An unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2^64 - 1`. Below is an example of configuring a mapping with numeric fields: @@ -75,9 +75,9 @@ $$$floating_point$$$ | Type | Minimum value | Maximum value | Significant
bits / digits | Example precision loss | | --- | --- | --- | --- | --- | -| `double` | `2`^`-1074`^ | `(2-2`^`-52`^`)·2`^`1023`^ | `53` / `15.95` | `1.2345678912345678`→
`1.234567891234568` | -| `float` | `2`^`-149`^ | `(2-2`^`-23`^`)·2`^`127`^ | `24` / `7.22` | `1.23456789`→
`1.2345679` | -| `half_float` | `2`^`-24`^ | `65504` | `11` / `3.31` | `1.2345`→
`1.234375` | +| `double` | `2^-1074` | `(2 - 2^-52) * 2^1023` | `53 / 15.95` | `1.2345678912345678`→
`1.234567891234568` | +| `float` | `2^-149` | `(2 - 2^-23) * 2^127` | `24 / 7.22` | `1.23456789`→
`1.2345679` | +| `half_float` | `2^-24` | `65504` | `11 / 3.31` | `1.2345`→
`1.234375` | ::::{admonition} Mapping numeric identifiers :class: tip @@ -147,7 +147,8 @@ The following parameters are accepted by numeric types: `time_series_metric` : (Optional, string) Marks the field as a [time series metric](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric). The value is the metric type. You can’t update this parameter for existing fields. - ::::{dropdown} Valid `time_series_metric` values for numeric fields + **Valid `time_series_metric` values for numeric fields**: + `counter` : A cumulative metric that only monotonically increases or resets to `0` (zero). For example, a count of errors or completed tasks. @@ -157,9 +158,6 @@ The following parameters are accepted by numeric types: `null` (Default) : Not a time series metric. - :::: - - For a numeric time series metric, the `doc_values` parameter must be `true`. A numeric field can’t be both a time series dimension and a time series metric. diff --git a/docs/reference/elasticsearch/mapping-reference/range.md b/docs/reference/elasticsearch/mapping-reference/range.md index 3b727cdac3d54..4fb7fd0b96b17 100644 --- a/docs/reference/elasticsearch/mapping-reference/range.md +++ b/docs/reference/elasticsearch/mapping-reference/range.md @@ -12,13 +12,13 @@ Range field types represent a continuous range of values between an upper and lo The following range types are supported: `integer_range` -: A range of signed 32-bit integers with a minimum value of `-2`^`31`^ and maximum of `2`^`31`^`-1`. +: A range of signed 32-bit integers with a minimum value of `-2^31` and maximum of `2^31 - 1`. `float_range` : A range of single-precision 32-bit IEEE 754 floating point values. `long_range` -: A range of signed 64-bit integers with a minimum value of `-2`^`63`^ and maximum of `2`^`63`^`-1`. +: A range of signed 64-bit integers with a minimum value of `-2^63` and maximum of `2^63 - 1`. `double_range` : A range of double-precision 64-bit IEEE 754 floating point values. diff --git a/docs/reference/elasticsearch/mapping-reference/rank-vectors.md b/docs/reference/elasticsearch/mapping-reference/rank-vectors.md index 826fb94fb44dd..2acd08faa0c32 100644 --- a/docs/reference/elasticsearch/mapping-reference/rank-vectors.md +++ b/docs/reference/elasticsearch/mapping-reference/rank-vectors.md @@ -92,7 +92,7 @@ $$$rank-vectors-element-type$$$ `element_type` : (Optional, string) The data type used to encode vectors. The supported data types are `float` (default), `byte`, and bit. -::::{dropdown} Valid values for `element_type` +::::{dropdown} Valid values for element_type `float` : indexes a 4-byte floating-point value per dimension. This is the default value. diff --git a/docs/reference/elasticsearch/mapping-reference/semantic-text.md b/docs/reference/elasticsearch/mapping-reference/semantic-text.md index f8e11c6269c9f..6728a1d1ee9b9 100644 --- a/docs/reference/elasticsearch/mapping-reference/semantic-text.md +++ b/docs/reference/elasticsearch/mapping-reference/semantic-text.md @@ -110,29 +110,28 @@ to create the endpoint. If not specified, the {{infer}} endpoint defined by `chunking_settings` : (Optional, object) Settings for chunking text into smaller passages. -If specified, these will override the chunking settings set in the {infer-cap} +If specified, these will override the chunking settings set in the {{infer-cap}} endpoint associated with `inference_id`. If chunking settings are updated, they will not be applied to existing documents until they are reindexed. -::::{dropdown} Valid values for `chunking_settings` -`type` -: Indicates the type of chunking strategy to use. Valid values are `word` or -`sentence`. Required. + **Valid values for `chunking_settings`**: -`max_chunk_size` -: The maximum number of works in a chunk. Required. + `type` + : Indicates the type of chunking strategy to use. Valid values are `word` or + `sentence`. Required. -`overlap` -: The number of overlapping words allowed in chunks. This cannot be defined as -more than half of the `max_chunk_size`. Required for `word` type chunking -settings. + `max_chunk_size` + : The maximum number of works in a chunk. Required. -`sentence_overlap` -: The number of overlapping sentences allowed in chunks. Valid values are `0` -or `1`. Required for `sentence` type chunking settings + `overlap` + : The number of overlapping words allowed in chunks. This cannot be defined as + more than half of the `max_chunk_size`. Required for `word` type chunking + settings. -:::: + `sentence_overlap` + : The number of overlapping sentences allowed in chunks. Valid values are `0` + or `1`. Required for `sentence` type chunking settings ## {{infer-cap}} endpoint validation [infer-endpoint-validation] diff --git a/docs/reference/elasticsearch/mapping-reference/unsigned-long.md b/docs/reference/elasticsearch/mapping-reference/unsigned-long.md index 12589cab85ca8..e76c8289ce636 100644 --- a/docs/reference/elasticsearch/mapping-reference/unsigned-long.md +++ b/docs/reference/elasticsearch/mapping-reference/unsigned-long.md @@ -7,7 +7,7 @@ mapped_pages: # Unsigned long field type [unsigned-long] -Unsigned long is a numeric field type that represents an unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2`^`64`^`-1` (from 0 to 18446744073709551615 inclusive). +Unsigned long is a numeric field type that represents an unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2^64 - 1` (from 0 to 18446744073709551615 inclusive). ```console PUT my_index diff --git a/docs/reference/elasticsearch/rest-apis/api-conventions.md b/docs/reference/elasticsearch/rest-apis/api-conventions.md index 774c818b00c68..dcddd77cde791 100644 --- a/docs/reference/elasticsearch/rest-apis/api-conventions.md +++ b/docs/reference/elasticsearch/rest-apis/api-conventions.md @@ -232,33 +232,17 @@ PUT /%3Cmy-index-%7Bnow%2Fd%7D%3E The special characters used for date rounding must be URI encoded as follows: -`<` -: `%3C` - -`>` -: `%3E` - -`/` -: `%2F` - -`{` -: `%7B` - -`}` -: `%7D` - -`|` -: `%7C` - -`+` -: `%2B` - -`:` -: `%3A` - -`,` -: `%2C` - +| | | +|---|---| +| `<` | `%3C` | +| `>` | `%3E` | +| `/` | `%2F` | +| `{` | `%7B` | +| `}` | `%7D` | +| `|` | `%7C` | +| `+` | `%2B` | +| `:` | `%3A` | +| `,` | `%2C` | :::: @@ -340,8 +324,9 @@ Some multi-target APIs that can target indices also support the following query `ignore_throttled` : (Optional, Boolean) If `true`, concrete, expanded or aliased indices are ignored when frozen. Defaults to `true`. - [7.16.0] - + :::{admonition} Deprecated in 7.16.0 + This parameter was deprecated in 7.16.0. + ::: ::::{note} APIs with a single target, such as the [get document API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-get), do not support multi-target syntax. diff --git a/docs/reference/elasticsearch/rest-apis/compatibility.md b/docs/reference/elasticsearch/rest-apis/compatibility.md index dbef296f80559..d2d4a19e6081f 100644 --- a/docs/reference/elasticsearch/rest-apis/compatibility.md +++ b/docs/reference/elasticsearch/rest-apis/compatibility.md @@ -55,12 +55,12 @@ To enable REST API compatibility for all requests received by {{es}} set the env ## REST API compatibility workflow [_rest_api_compatibility_workflow] -To leverage REST API compatibility during an upgrade from the last 8.x to 9.0.0-beta1: +To leverage REST API compatibility during an upgrade from the last 8.x to {{version}}: 1. Upgrade your [{{es}} clients](https://www.elastic.co/guide/en/elasticsearch/client/index.html) to the latest 8.x version and enable REST API compatibility. 2. Use the [Upgrade Assistant](docs-content://deploy-manage/upgrade/prepare-to-upgrade/upgrade-assistant.md) to review all critical issues and explore the deprecation logs. Some critical issues might be mitigated by REST API compatibility. 3. Resolve all critical issues before proceeding with the upgrade. -4. Upgrade Elasticsearch to 9.0.0-beta1. +4. Upgrade Elasticsearch to {{version}}. 5. Review the deprecation logs for entries with the category `compatible_api`. Review the workflow associated with the requests that relied on compatibility mode. 6. Upgrade your {{es}} clients to 9.x and resolve compatibility issues manually where needed. diff --git a/docs/reference/elasticsearch/rest-apis/highlighting.md b/docs/reference/elasticsearch/rest-apis/highlighting.md index 96f0481fa47bc..93f58eeb6f14e 100644 --- a/docs/reference/elasticsearch/rest-apis/highlighting.md +++ b/docs/reference/elasticsearch/rest-apis/highlighting.md @@ -108,7 +108,6 @@ boundary_scanner `sentence` : Break highlighted fragments at the next sentence boundary, as determined by Java’s [BreakIterator](https://docs.oracle.com/javase/8/docs/api/java/text/BreakIterator.md). You can specify the locale to use with `boundary_scanner_locale`. - ::::{note} When used with the `unified` highlighter, the `sentence` scanner splits sentences bigger than `fragment_size` at the first word boundary next to `fragment_size`. You can set `fragment_size` to 0 to never split any sentence. :::: diff --git a/docs/reference/elasticsearch/rest-apis/reindex-data-stream.md b/docs/reference/elasticsearch/rest-apis/reindex-data-stream.md index 2b4795e149702..60638dbfac987 100644 --- a/docs/reference/elasticsearch/rest-apis/reindex-data-stream.md +++ b/docs/reference/elasticsearch/rest-apis/reindex-data-stream.md @@ -18,7 +18,7 @@ For the most up-to-date API details, refer to [Migration APIs](https://www.elast ::::{tip} -These APIs are designed for indirect use by {{kib}}'s **Upgrade Assistant**. We strongly recommend you use the **Upgrade Assistant** to upgrade from 8.17 to 9.0.0-beta1. For upgrade instructions, refer to [Upgrading to Elastic 9.0.0-beta1](docs-content://deploy-manage/upgrade/deployment-or-cluster.md). +These APIs are designed for indirect use by {{kib}}'s **Upgrade Assistant**. We strongly recommend you use the **Upgrade Assistant** to upgrade from 8.17 to {{version}}. For upgrade instructions, refer to [Upgrading to Elastic {{version}}](docs-content://deploy-manage/upgrade/deployment-or-cluster.md). :::: diff --git a/docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md b/docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md index fb429337e3d63..d39aaa3f0c21e 100644 --- a/docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md +++ b/docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md @@ -480,7 +480,7 @@ GET /_search ### Other methods of retrieving data [field-retrieval-methods] -::::{admonition} Using `fields` is typically better +::::{admonition} Using fields is typically better These options are usually not required. Using the `fields` option is typically the better choice, unless you absolutely need to force loading a stored or `docvalue_fields`. :::: diff --git a/docs/reference/elasticsearch/rest-apis/retrievers.md b/docs/reference/elasticsearch/rest-apis/retrievers.md index 4cca5a3bad0cc..9f437f10bd7fb 100644 --- a/docs/reference/elasticsearch/rest-apis/retrievers.md +++ b/docs/reference/elasticsearch/rest-apis/retrievers.md @@ -263,15 +263,18 @@ A retriever that normalizes and linearly combines the scores of other retrievers Each entry specifies the following parameters: -* `retriever`:: (Required, a `retriever` object) +`retriever` +: (Required, a `retriever` object) Specifies the retriever for which we will compute the top documents for. The retriever will produce `rank_window_size` results, which will later be merged based on the specified `weight` and `normalizer`. -* `weight`:: (Optional, float) +`weight` +: (Optional, float) The weight that each score of this retriever’s top docs will be multiplied with. Must be greater or equal to 0. Defaults to 1.0. -* `normalizer`:: (Optional, String) +`normalizer` +: (Optional, String) Specifies how we will normalize the retriever’s scores, before applying the specified `weight`. Available values are: `minmax`, and `none`. Defaults to `none`. diff --git a/docs/reference/elasticsearch/security-privileges.md b/docs/reference/elasticsearch/security-privileges.md index 15434a3336277..6e0fd02b2c3b8 100644 --- a/docs/reference/elasticsearch/security-privileges.md +++ b/docs/reference/elasticsearch/security-privileges.md @@ -79,7 +79,11 @@ This section lists the privileges that you can assign to a role. `manage_data_frame_transforms` -: All operations related to managing {{transforms}}. [7.5] Use `manage_transform` instead. +: :::{admonition} Deprecated in 7.5 + Use `manage_transform` instead. + ::: + + All operations related to managing {{transforms}}. This privilege is not available in {{serverless-full}}. @@ -163,8 +167,9 @@ This section lists the privileges that you can assign to a role. This privilege is not available in {{serverless-full}}. - [8.15] Also grants the permission to start and stop {{Ilm}}, using the [ILM start](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-start) and [ILM stop](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-stop) APIs. In a future major release, this privilege will not grant any {{Ilm}} permissions. - + :::{admonition} Deprecated in 8.15 + Also grants the permission to start and stop {{Ilm}}, using the [ILM start](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-start) and [ILM stop](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-stop) APIs. In a future major release, this privilege will not grant any {{Ilm}} permissions. + ::: `manage_token` : All security-related operations on tokens that are generated by the {{es}} Token Service. @@ -256,8 +261,9 @@ This section lists the privileges that you can assign to a role. This privilege is not available in {{serverless-full}}. - [8.15] Also grants the permission to get the {{Ilm}} status, using the [ILM get status API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-get-status). In a future major release, this privilege will not grant any {{Ilm}} permissions. - + :::{admonition} Deprecated in 8.15 + Also grants the permission to get the {{Ilm}} status, using the [ILM get status API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-get-status). In a future major release, this privilege will not grant any {{Ilm}} permissions. + ::: `read_security` : All read-only security-related operations, such as getting users, user profiles, {{es}} API keys, {{es}} service accounts, roles and role mappings. Allows [querying](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-query-api-keys) and [retrieving information](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-get-api-key) on all {{es}} API keys. @@ -280,7 +286,9 @@ This section lists the privileges that you can assign to a role. `create` : Privilege to index documents. - [8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. + :::{admonition} Deprecated in 8.0 + Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. + ::: ::::{note} This privilege does not restrict the index operation to the creation of documents but instead restricts API use to the index API. The index API allows a user to overwrite a previously indexed document. See the `create_doc` privilege for an alternative. @@ -290,7 +298,9 @@ This section lists the privileges that you can assign to a role. `create_doc` : Privilege to index documents. It does not grant the permission to update or overwrite existing documents. - [8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. + :::{admonition} Deprecated in 8.0 + Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. + ::: ::::{note} This privilege relies on the `op_type` of indexing requests ([Index](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-create) and [Bulk](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-bulk)). When ingesting documents as a user who has the `create_doc` privilege (and no higher privilege such as `index` or `write`), you must ensure that *op_type* is set to *create* through one of the following: @@ -330,8 +340,9 @@ This section lists the privileges that you can assign to a role. `index` : Privilege to index and update documents. - [8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. - + :::{admonition} Deprecated in 8.0 + Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions. + ::: `maintenance` : Permits refresh, flush, synced flush and force merge index administration operations. No privilege to read or write index data or otherwise manage the index. @@ -378,9 +389,9 @@ This section lists the privileges that you can assign to a role. `write` : Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations, while also allowing to dynamically update the index mapping. - [8.0] It also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping). This will be retracted in a future major release. - - + :::{admonition} Deprecated in 8.0 + It also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping). This will be retracted in a future major release. + ::: ## Run as privilege [_run_as_privilege] diff --git a/docs/reference/enrich-processor/inference-processor.md b/docs/reference/enrich-processor/inference-processor.md index ca83de627e3e8..7bff37201b26b 100644 --- a/docs/reference/enrich-processor/inference-processor.md +++ b/docs/reference/enrich-processor/inference-processor.md @@ -130,54 +130,54 @@ Classification configuration for inference. * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - ::::{dropdown} Properties of tokenization - `bert` - : (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of bert - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `deberta_v2` - : (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. - ::::{dropdown} Properties of deberta_v2 - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - :::: - `roberta` - : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of roberta - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `mpnet` - : (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of mpnet - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: +::::{dropdown} Properties of tokenization +`bert` +: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of bert + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: + ::::: +`deberta_v2` +: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. + ::::{dropdown} Properties of deberta_v2 + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + :::: +`roberta` +: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of roberta + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`mpnet` +: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of mpnet + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +:::: ## NER configuration options [inference-processor-ner-opt] @@ -194,54 +194,54 @@ Classification configuration for inference. * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - ::::{dropdown} Properties of tokenization - `bert` - : (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of bert - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `deberta_v2` - : (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. - ::::{dropdown} Properties of deberta_v2 - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - :::: - `roberta` - : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of roberta - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `mpnet` - : (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of mpnet - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: +::::{dropdown} Properties of tokenization +`bert` +: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of bert + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`deberta_v2` +: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. + ::::{dropdown} Properties of deberta_v2 + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. :::: +`roberta` +: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of roberta + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`mpnet` +: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of mpnet + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +:::: ## {{regression-cap}} configuration options [inference-processor-regression-opt] @@ -274,72 +274,72 @@ Regression configuration for inference. * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - ::::{dropdown} Properties of tokenization - `bert` - : (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of bert - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `deberta_v2` - : (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of deberta_v2 - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::: - `roberta` - : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of roberta - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `mpnet` - : (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of mpnet - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: +::::{dropdown} Properties of tokenization +`bert` +: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of bert + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. + :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`deberta_v2` +: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of deberta_v2 + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. + :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::: +`roberta` +: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of roberta + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`mpnet` +: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of mpnet + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +:::: ## Text embedding configuration options [inference-processor-text-embedding-opt] @@ -356,54 +356,54 @@ Regression configuration for inference. * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - ::::{dropdown} Properties of tokenization - `bert` - : (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of bert - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `deberta_v2` - : (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. - ::::{dropdown} Properties of deberta_v2 - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - :::: - `roberta` - : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of roberta - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `mpnet` - : (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of mpnet - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: +::::{dropdown} Properties of tokenization +`bert` +: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of bert + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`deberta_v2` +: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. + ::::{dropdown} Properties of deberta_v2 + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + :::: +`roberta` +: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of roberta + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: + ::::: +`mpnet` +: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of mpnet + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +:::: ## Text expansion configuration options [inference-processor-text-expansion-opt] @@ -420,93 +420,94 @@ Regression configuration for inference. * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - ::::{dropdown} Properties of tokenization - `bert` - : (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of bert - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `deberta_v2` - : (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of deberta_v2 - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::: - `roberta` - : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of roberta - `span` - (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. - The default value is `-1`, indicating no windowing or spanning occurs. - ::::{note} - When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. - :::: - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: - `mpnet` - : (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. - :::::{dropdown} Properties of mpnet - `truncate` - (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. - ::::{note} - For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. - :::: - ::::: +::::{dropdown} Properties of tokenization +`bert` +: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of bert + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. + :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`deberta_v2` +: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of deberta_v2 + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. + :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::: +`roberta` +: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of roberta + `span` + (Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence. + The default value is `-1`, indicating no windowing or spanning occurs. + ::::{note} + When your typical input is just slightly larger than `max_sequence_length`, it may be best to simply truncate; there will be very little information in the second subsequence. + :::: + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. + :::: + ::::: +`mpnet` +: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings. + :::::{dropdown} Properties of mpnet + `truncate` + (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + ::::{note} + For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: + ::::: +:::: ## Text similarity configuration options [inference-processor-text-similarity-opt] `text_similarity` : (Object, optional) Text similarity takes an input sequence and compares it with another input sequence. This is commonly referred to as cross-encoding. This task is useful for ranking document text when comparing it to another provided text input. - ::::{dropdown} Properties of text_similarity inference - `span_score_combination_function` - : (Optional, string) Identifies how to combine the resulting similarity score when a provided text passage is longer than `max_sequence_length` and must be automatically separated for multiple calls. This only is applicable when `truncate` is `none` and `span` is a non-negative number. The default value is `max`. Available options are: - * `max`: The maximum score from all the spans is returned. - * `mean`: The mean score over all the spans is returned. - `tokenization` - : (Optional, object) Indicates the tokenization to perform and the desired settings. The default tokenization configuration is `bert`. Valid tokenization values are - * `bert`: Use for BERT-style models - * `deberta_v2`: Use for DeBERTa v2 and v3-style models - * `mpnet`: Use for MPNet-style models - * `roberta`: Use for RoBERTa-style and BART-style models - * [preview] `xlm_roberta`: Use for XLMRoBERTa-style models - * [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. - Refer to [Properties of `tokenizaton`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ml-put-trained-model) to review the properties of the `tokenization` object. - :::: +::::{dropdown} Properties of text_similarity inference +`span_score_combination_function` +: (Optional, string) Identifies how to combine the resulting similarity score when a provided text passage is longer than `max_sequence_length` and must be automatically separated for multiple calls. This only is applicable when `truncate` is `none` and `span` is a non-negative number. The default value is `max`. Available options are: +* `max`: The maximum score from all the spans is returned. +* `mean`: The mean score over all the spans is returned. + +`tokenization` +: (Optional, object) Indicates the tokenization to perform and the desired settings. The default tokenization configuration is `bert`. Valid tokenization values are +* `bert`: Use for BERT-style models +* `deberta_v2`: Use for DeBERTa v2 and v3-style models +* `mpnet`: Use for MPNet-style models +* `roberta`: Use for RoBERTa-style and BART-style models +* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models +* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language. +Refer to [Properties of `tokenizaton`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ml-put-trained-model) to review the properties of the `tokenization` object. +:::: ## Zero shot classification configuration options [inference-processor-zero-shot-opt] @@ -535,9 +536,9 @@ Regression configuration for inference. :::::{dropdown} Properties of bert `truncate` (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. ::::{note} For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: @@ -547,19 +548,19 @@ Regression configuration for inference. ::::{dropdown} Properties of deberta_v2 `truncate` (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + * `balanced`: One or both of the first and second sequences may be truncated so as to balance the tokens included from both sequences. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. :::: `roberta` : (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings. :::::{dropdown} Properties of roberta `truncate` (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. ::::{note} For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: @@ -569,9 +570,9 @@ Regression configuration for inference. :::::{dropdown} Properties of mpnet `truncate` (Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`. - * `none`: No truncation occurs; the inference request receives an error. - * `first`: Only the first sequence is truncated. - * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. + * `none`: No truncation occurs; the inference request receives an error. + * `first`: Only the first sequence is truncated. + * `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated. ::::{note} For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case. :::: diff --git a/docs/reference/query-languages/eql/eql-function-ref.md b/docs/reference/query-languages/eql/eql-function-ref.md index d79d0ffd44126..1158074cd96ed 100644 --- a/docs/reference/query-languages/eql/eql-function-ref.md +++ b/docs/reference/query-languages/eql/eql-function-ref.md @@ -219,7 +219,7 @@ Returns the quotient of a provided dividend and divisor. If both the dividend and divisor are integers, the `divide` function *rounds down* any returned floating point numbers to the nearest integer. To avoid rounding, convert either the dividend or divisor to a float. -::::{dropdown} **Example** +::::{dropdown} Example The `process.args_count` field is a [`long`](/reference/elasticsearch/mapping-reference/number.md) integer field containing a count of process arguments. A user might expect the following EQL query to only match events with a `process.args_count` value of `4`. diff --git a/docs/reference/query-languages/query-dsl/query-dsl-mlt-query.md b/docs/reference/query-languages/query-dsl/query-dsl-mlt-query.md index e6f5825689af0..4096eaa28f7de 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-mlt-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-mlt-query.md @@ -150,7 +150,7 @@ The only required parameter is `like`, all other parameters have sensible defaul : The minimum document frequency below which the terms will be ignored from the input document. Defaults to `5`. `max_doc_freq` -: The maximum document frequency above which the terms will be ignored from the input document. This could be useful in order to ignore highly frequent words such as stop words. Defaults to unbounded (`Integer.MAX_VALUE`, which is `2`^`31`^`-1` or 2147483647). +: The maximum document frequency above which the terms will be ignored from the input document. This could be useful in order to ignore highly frequent words such as stop words. Defaults to unbounded (`Integer.MAX_VALUE`, which is `2^31 - 1` or 2147483647). `min_word_length` : The minimum word length below which the terms will be ignored. Defaults to `0`. diff --git a/docs/reference/query-languages/query-dsl/query-dsl-multi-match-query.md b/docs/reference/query-languages/query-dsl/query-dsl-multi-match-query.md index 166c62b4b1324..8d1e4c9c15369 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-multi-match-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-multi-match-query.md @@ -139,7 +139,7 @@ Normally the `best_fields` type uses the score of the **single** best matching f Also, accepts `analyzer`, `boost`, `operator`, `minimum_should_match`, `fuzziness`, `lenient`, `prefix_length`, `max_expansions`, `fuzzy_rewrite`, `zero_terms_query`, `auto_generate_synonyms_phrase_query` and `fuzzy_transpositions`, as explained in [match query](/reference/query-languages/query-dsl/query-dsl-match-query.md). -::::{admonition} `operator` and `minimum_should_match` +::::{admonition} operator and minimum_should_match :class: important :name: operator-min @@ -257,7 +257,7 @@ GET /_search Also, accepts `analyzer`, `boost`, `lenient` and `zero_terms_query` as explained in [Match](/reference/query-languages/query-dsl/query-dsl-match-query.md), as well as `slop` which is explained in [Match phrase](/reference/query-languages/query-dsl/query-dsl-match-query-phrase.md). Type `phrase_prefix` additionally accepts `max_expansions`. -::::{admonition} `phrase`, `phrase_prefix` and `fuzziness` +::::{admonition} phrase, phrase_prefix and fuzziness :class: important :name: phrase-fuzziness @@ -438,7 +438,7 @@ By default, each per-term `blended` query will use the best score returned by an `0.0 < n < 1.0` : Take the single best score plus `tie_breaker` multiplied by each of the scores from other matching fields/ groups -::::{admonition} `cross_fields` and `fuzziness` +::::{admonition} cross_fields and fuzziness :class: important :name: crossfields-fuzziness diff --git a/docs/reference/query-languages/query-dsl/query-dsl-prefix-query.md b/docs/reference/query-languages/query-dsl/query-dsl-prefix-query.md index 30b315453d214..2caa29861f8fe 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-prefix-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-prefix-query.md @@ -41,8 +41,12 @@ GET /_search `rewrite` : (Optional, string) Method used to rewrite the query. For valid values and more information, see the [`rewrite` parameter](/reference/query-languages/query-dsl/query-dsl-multi-term-rewrite.md). -`case_insensitive` [7.10.0] -: (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. +`case_insensitive` +: :::{admonition} Added in 7.10.0 + This parameter was added in 7.10.0. + ::: + + (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. ## Notes [prefix-query-notes] diff --git a/docs/reference/query-languages/query-dsl/query-dsl-range-query.md b/docs/reference/query-languages/query-dsl/query-dsl-range-query.md index 99825e4a2cb62..47f98a080237e 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-range-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-range-query.md @@ -31,30 +31,30 @@ GET /_search ## Top-level parameters for `range` [range-query-top-level-params] `` -     (Required, object) Field you wish to search. +: (Required, object) Field you wish to search. ## Parameters for `` [range-query-field-params] `gt` -     (Optional) Greater than. +: (Optional) Greater than. `gte` -     (Optional) Greater than or equal to. +: (Optional) Greater than or equal to. `lt` -     (Optional) Less than. +: (Optional) Less than. `lte` -     (Optional) Less than or equal to. +: (Optional) Less than or equal to. `format` -     (Optional, string) Date format used to convert `date` values in the query. +: (Optional, string) Date format used to convert `date` values in the query. -     By default, {{es}} uses the [date `format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md) provided in the ``'s -     mapping. This value overrides that mapping format. + By default, {{es}} uses the [date `format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md) provided in the ``'s + mapping. This value overrides that mapping format. -     For valid syntax, see [`format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md). + For valid syntax, see [`format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md). ::::{warning} If a format or date value is incomplete, the range query replaces any missing components with default values. See [Missing date components](#missing-date-components). @@ -65,29 +65,28 @@ If a format or date value is incomplete, the range query replaces any missing co $$$querying-range-fields$$$ `relation` -     (Optional, string) Indicates how the range query matches values for `range` -     fields. Valid values are: +: (Optional, string) Indicates how the range query matches values for `range` + fields. Valid values are: -     `INTERSECTS` (Default) -         Matches documents with a range field value that intersects the query’s range. + `INTERSECTS` (Default) + : Matches documents with a range field value that intersects the query’s range. -     `CONTAINS` -         Matches documents with a range field value that entirely contains the -     query’s range. + `CONTAINS` + : Matches documents with a range field value that entirely contains the query’s range. -     `WITHIN` -         Matches documents with a range field value entirely within the query’s range. + `WITHIN` + : Matches documents with a range field value entirely within the query’s range. `time_zone` -     (Optional, string) [Coordinated Universal Time (UTC) offset](https://en.wikipedia.org/wiki/List_of_UTC_time_offsets) or [IANA time zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) -     used to convert `date` values in the query to UTC. +: (Optional, string) [Coordinated Universal Time (UTC) offset](https://en.wikipedia.org/wiki/List_of_UTC_time_offsets) or [IANA time zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) + used to convert `date` values in the query to UTC. -     Valid values are ISO 8601 UTC offsets, such as `+01:00` or -`08:00`, and IANA -     time zone IDs, such as `America/Los_Angeles`. + Valid values are ISO 8601 UTC offsets, such as `+01:00` or -`08:00`, and IANA + time zone IDs, such as `America/Los_Angeles`. -     For an example query using the `time_zone` parameter, see -     [Time zone in `range` queries](#range-query-time-zone). + For an example query using the `time_zone` parameter, see + [Time zone in `range` queries](#range-query-time-zone). ::::{note} The `time_zone` parameter does **not** affect the [date math](/reference/elasticsearch/rest-apis/common-options.md#date-math) value of `now`. `now` is always the current system time in UTC. @@ -99,15 +98,15 @@ However, the `time_zone` parameter does convert dates calculated using `now` and `boost` -     (Optional, float) Floating point number used to decrease or increase the -     [relevance scores](/reference/query-languages/query-dsl/query-filter-context.md#relevance-scores) of a query. Defaults to `1.0`. +: (Optional, float) Floating point number used to decrease or increase the + [relevance scores](/reference/query-languages/query-dsl/query-filter-context.md#relevance-scores) of a query. Defaults to `1.0`. -     You can use the `boost` parameter to adjust relevance scores for searches -     containing two or more queries. + You can use the `boost` parameter to adjust relevance scores for searches + containing two or more queries. -     Boost values are relative to the default value of `1.0`. A boost value between `0` -     and `1.0` decreases the relevance score. A value greater than `1.0` -     increases the relevance score. + Boost values are relative to the default value of `1.0`. A boost value between `0` + and `1.0` decreases the relevance score. A value greater than `1.0` + increases the relevance score. @@ -169,31 +168,31 @@ When no date format is specified and the range query is targeting a date field, {{es}} rounds [date math](/reference/elasticsearch/rest-apis/common-options.md#date-math) values in parameters as follows: `gt` -     Rounds up to the first millisecond not covered by the rounded date. +: Rounds up to the first millisecond not covered by the rounded date. -     For example, `2014-11-18||/M` rounds up to `2014-12-01T00:00:00.000`, -     excluding the entire month of November. + For example, `2014-11-18||/M` rounds up to `2014-12-01T00:00:00.000`, + excluding the entire month of November. `gte` -     Rounds down to the first millisecond. +: Rounds down to the first millisecond. -     For example, `2014-11-18||/M` rounds down to `2014-11-01T00:00:00.000`, -     including the entire month. + For example, `2014-11-18||/M` rounds down to `2014-11-01T00:00:00.000`, + including the entire month. `lt` -     Rounds down to the last millisecond before the rounded value. +: Rounds down to the last millisecond before the rounded value. -     For example, `2014-11-18||/M` rounds down to `2014-10-31T23:59:59.999`, -     excluding the entire month of November. + For example, `2014-11-18||/M` rounds down to `2014-10-31T23:59:59.999`, + excluding the entire month of November. `lte` -     Rounds up to the latest millisecond in the rounding interval. +: Rounds up to the latest millisecond in the rounding interval. -     For example, `2014-11-18||/M` rounds up to `2014-11-30T23:59:59.999`, -     including the entire month. + For example, `2014-11-18||/M` rounds up to `2014-11-30T23:59:59.999`, + including the entire month. diff --git a/docs/reference/query-languages/query-dsl/query-dsl-regexp-query.md b/docs/reference/query-languages/query-dsl/query-dsl-regexp-query.md index 149a25c3fb7d7..6f37c8a07d9b5 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-regexp-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-regexp-query.md @@ -55,8 +55,12 @@ GET /_search `flags` : (Optional, string) Enables optional operators for the regular expression. For valid values and more information, see [Regular expression syntax](/reference/query-languages/query-dsl/regexp-syntax.md#regexp-optional-operators). -`case_insensitive` [7.10.0] -: (Optional, Boolean) Allows case insensitive matching of the regular expression value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. +`case_insensitive` +: :::{admonition} Added in 7.10.0 + This parameter was added in 7.10.0. + ::: + + (Optional, Boolean) Allows case insensitive matching of the regular expression value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. `max_determinized_states` : (Optional, integer) Maximum number of [automaton states](https://en.wikipedia.org/wiki/Deterministic_finite_automaton) required for the query. Default is `10000`. diff --git a/docs/reference/query-languages/query-dsl/query-dsl-term-query.md b/docs/reference/query-languages/query-dsl/query-dsl-term-query.md index 82ff33c708311..f19a48ef86009 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-term-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-term-query.md @@ -57,8 +57,12 @@ GET /_search Boost values are relative to the default value of `1.0`. A boost value between `0` and `1.0` decreases the relevance score. A value greater than `1.0` increases the relevance score. -`case_insensitive` [7.10.0] -: (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. +`case_insensitive` +: :::{admonition} Added in 7.10.0 + This parameter was added in 7.10.0. + ::: + + (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. ## Notes [term-query-notes] diff --git a/docs/reference/query-languages/query-dsl/query-dsl-weighted-tokens-query.md b/docs/reference/query-languages/query-dsl/query-dsl-weighted-tokens-query.md index ab37210892a8d..500655d058586 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-weighted-tokens-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-weighted-tokens-query.md @@ -47,26 +47,27 @@ POST _search ## Top level parameters for `weighted_token` [weighted-token-query-params] -`` -: (Required, dictionary) A dictionary of token-weight pairs. +### `` - `pruning_config` - : (Optional, object) Optional pruning configuration. If enabled, this will omit non-significant tokens from the query in order to improve query performance. Default: Disabled. +(Required, dictionary) A dictionary of token-weight pairs. - Parameters for `` are: +`pruning_config` +: (Optional, object) Optional pruning configuration. If enabled, this will omit non-significant tokens from the query in order to improve query performance. Default: Disabled. - `tokens_freq_ratio_threshold` - : (Optional, integer) Tokens whose frequency is more than `tokens_freq_ratio_threshold` times the average frequency of all tokens in the specified field are considered outliers and pruned. This value must between 1 and 100. Default: `5`. + Parameters for `` are: - `tokens_weight_threshold` - : (Optional, float) Tokens whose weight is less than `tokens_weight_threshold` are considered insignificant and pruned. This value must be between 0 and 1. Default: `0.4`. + `tokens_freq_ratio_threshold` + : (Optional, integer) Tokens whose frequency is more than `tokens_freq_ratio_threshold` times the average frequency of all tokens in the specified field are considered outliers and pruned. This value must between 1 and 100. Default: `5`. - `only_score_pruned_tokens` - : (Optional, boolean) If `true` we only input pruned tokens into scoring, and discard non-pruned tokens. It is strongly recommended to set this to `false` for the main query, but this can be set to `true` for a rescore query to get more relevant results. Default: `false`. + `tokens_weight_threshold` + : (Optional, float) Tokens whose weight is less than `tokens_weight_threshold` are considered insignificant and pruned. This value must be between 0 and 1. Default: `0.4`. - ::::{note} - The default values for `tokens_freq_ratio_threshold` and `tokens_weight_threshold` were chosen based on tests using ELSER that provided the most optimal results. - :::: + `only_score_pruned_tokens` + : (Optional, boolean) If `true` we only input pruned tokens into scoring, and discard non-pruned tokens. It is strongly recommended to set this to `false` for the main query, but this can be set to `true` for a rescore query to get more relevant results. Default: `false`. + + ::::{note} + The default values for `tokens_freq_ratio_threshold` and `tokens_weight_threshold` were chosen based on tests using ELSER that provided the most optimal results. + :::: diff --git a/docs/reference/query-languages/query-dsl/query-dsl-wildcard-query.md b/docs/reference/query-languages/query-dsl/query-dsl-wildcard-query.md index e4066f9d70544..6b854124cf9a1 100644 --- a/docs/reference/query-languages/query-dsl/query-dsl-wildcard-query.md +++ b/docs/reference/query-languages/query-dsl/query-dsl-wildcard-query.md @@ -47,8 +47,12 @@ GET /_search Boost values are relative to the default value of `1.0`. A boost value between `0` and `1.0` decreases the relevance score. A value greater than `1.0` increases the relevance score. -`case_insensitive` [7.10.0] -: (Optional, Boolean) Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. +`case_insensitive` +: :::{admonition} Added in 7.10.0 + This parameter was added in 7.10.0. + ::: + + (Optional, Boolean) Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying field’s mapping. `rewrite` : (Optional, string) Method used to rewrite the query. For valid values and more information, see the [`rewrite` parameter](/reference/query-languages/query-dsl/query-dsl-multi-term-rewrite.md). diff --git a/docs/reference/query-languages/sql/sql-data-types.md b/docs/reference/query-languages/sql/sql-data-types.md index fc6f04c9e7852..b8c91e5294619 100644 --- a/docs/reference/query-languages/sql/sql-data-types.md +++ b/docs/reference/query-languages/sql/sql-data-types.md @@ -5,10 +5,10 @@ mapped_pages: # Data Types [sql-data-types] -| | | | | -| --- | --- | --- | --- | +**Core types** + | **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** | -| Core types | +| --- | --- | --- | --- | | [`null`](/reference/elasticsearch/mapping-reference/null-value.md) | `null` | NULL | 0 | | [`boolean`](/reference/elasticsearch/mapping-reference/boolean.md) | `boolean` | BOOLEAN | 1 | | [`byte`](/reference/elasticsearch/mapping-reference/number.md) | `byte` | TINYINT | 3 | @@ -26,14 +26,22 @@ mapped_pages: | [`date`](/reference/elasticsearch/mapping-reference/date.md) | `datetime` | TIMESTAMP | 29 | | [`ip`](/reference/elasticsearch/mapping-reference/ip.md) | `ip` | VARCHAR | 39 | | [`version`](/reference/elasticsearch/mapping-reference/version.md) | `version` | VARCHAR | 32,766 | -| Complex types | + +**Complex types** + +| **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** | +| --- | --- | --- | --- | | [`object`](/reference/elasticsearch/mapping-reference/object.md) | `object` | STRUCT | 0 | | [`nested`](/reference/elasticsearch/mapping-reference/nested.md) | `nested` | STRUCT | 0 | -| Unsupported types | + +**Unsupported types** + +| **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** | +| --- | --- | --- | --- | | *types not mentioned above* | `unsupported` | OTHER | 0 | ::::{note} -Most of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are available in Elasticsearch SQL, as indicated above. As one can see, all of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are mapped to the data type with the same name in Elasticsearch SQL, with the exception of **date** data type which is mapped to **datetime*** in Elasticsearch SQL. This is to avoid confusion with the ANSI SQL types ***DATE** (date only) and **TIME** (time only), which are also supported by Elasticsearch SQL in queries (with the use of [`CAST`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-cast)/[`CONVERT`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-convert)), but don’t correspond to an actual mapping in {{es}} (see the [`table`](#es-sql-only-types) below). +Most of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are available in Elasticsearch SQL, as indicated above. As one can see, all of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are mapped to the data type with the same name in Elasticsearch SQL, with the exception of **date** data type which is mapped to **datetime** in Elasticsearch SQL. This is to avoid confusion with the ANSI SQL types **DATE** (date only) and **TIME** (time only), which are also supported by Elasticsearch SQL in queries (with the use of [`CAST`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-cast)/[`CONVERT`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-convert)), but don’t correspond to an actual mapping in {{es}} (see the [`table`](#es-sql-only-types) below). :::: @@ -44,9 +52,8 @@ In addition to the types above, Elasticsearch SQL also supports at *runtime* SQL $$$es-sql-only-types$$$ The table below indicates these types: -| | | -| --- | --- | | **SQL type** | **SQL precision** | +| --- | --- | | `date` | 29 | | `time` | 18 | | `interval_year` | 7 | diff --git a/docs/reference/query-languages/sql/sql-functions-aggs.md b/docs/reference/query-languages/sql/sql-functions-aggs.md index 3d21d7215354f..a0be1b140eda0 100644 --- a/docs/reference/query-languages/sql/sql-functions-aggs.md +++ b/docs/reference/query-languages/sql/sql-functions-aggs.md @@ -164,9 +164,8 @@ SELECT FIRST(a) FROM t will result in: -| | -| --- | | **FIRST(a)** | +| --- | | 1 | and @@ -177,9 +176,8 @@ SELECT FIRST(a, b) FROM t will result in: -| | -| --- | | **FIRST(a, b)** | +| --- | | 100 | ```sql @@ -285,9 +283,8 @@ SELECT LAST(a) FROM t will result in: -| | -| --- | | **LAST(a)** | +| --- | | 200 | and @@ -298,9 +295,8 @@ SELECT LAST(a, b) FROM t will result in: -| | -| --- | | **LAST(a, b)** | +| --- | | 2 | ```sql diff --git a/docs/reference/query-languages/sql/sql-functions-datetime.md b/docs/reference/query-languages/sql/sql-functions-datetime.md index 3be67c3c29afb..7ac05a1731344 100644 --- a/docs/reference/query-languages/sql/sql-functions-datetime.md +++ b/docs/reference/query-languages/sql/sql-functions-datetime.md @@ -15,9 +15,8 @@ A common requirement when dealing with date/time in general revolves around the The table below shows the mapping between {{es}} and Elasticsearch SQL: -| | | -| --- | --- | | **{{es}}** | **Elasticsearch SQL** | +| --- | --- | | Index/Table datetime math | | `` | | Query date/time math | @@ -38,9 +37,8 @@ Elasticsearch SQL accepts also the plural for each time unit (e.g. both `YEAR` a Example of the possible combinations below: -| | | -| --- | --- | | **Interval** | **Description** | +| --- | --- | | `INTERVAL '1-2' YEAR TO MONTH` | 1 year and 2 months | | `INTERVAL '3 4' DAYS TO HOURS` | 3 days and 4 hours | | `INTERVAL '5 6:12' DAYS TO MINUTES` | 5 days, 6 hours and 12 minutes | diff --git a/docs/reference/query-languages/sql/sql-index-patterns.md b/docs/reference/query-languages/sql/sql-index-patterns.md index f9a76665cd6b7..c3902f3088f1c 100644 --- a/docs/reference/query-languages/sql/sql-index-patterns.md +++ b/docs/reference/query-languages/sql/sql-index-patterns.md @@ -85,9 +85,8 @@ Notice how now `emp%` does not match any tables because `%`, which means match z In a nutshell, the differences between the two type of patterns are: -| | | | -| --- | --- | --- | | **Feature** | **Multi index** | **SQL `LIKE`** | +| --- | --- | --- | | Type of quoting | `"` | `'` | | Inclusion | Yes | Yes | | Exclusion | Yes | No | diff --git a/docs/reference/query-languages/sql/sql-lexical-structure.md b/docs/reference/query-languages/sql/sql-lexical-structure.md index 1879b7c7d7571..64611d89bb154 100644 --- a/docs/reference/query-languages/sql/sql-lexical-structure.md +++ b/docs/reference/query-languages/sql/sql-lexical-structure.md @@ -123,9 +123,8 @@ To escape single or double quotes, one needs to use that specific quote one more A few characters that are not alphanumeric have a dedicated meaning different from that of an operator. For completeness these are specified below: -| | | -| --- | --- | | **Char** | **Description** | +| --- | --- | | `*` | The asterisk (or wildcard) is used in some contexts to denote all fields for a table. Can be also used as an argument to some aggregate functions. | | `,` | Commas are used to enumerate the elements of a list. | | `.` | Used in numeric constants or to separate identifiers qualifiers (catalog, table, column names, etc…​). | @@ -138,9 +137,8 @@ Most operators in Elasticsearch SQL have the same precedence and are left-associ The following table indicates the supported operators and their precedence (highest to lowest); -| | | | -| --- | --- | --- | | **Operator/Element** | **Associativity** | **Description** | +| --- | --- | --- | | `.` | left | qualifier separator | | `::` | left | PostgreSQL-style type cast | | `+ -` | right | unary plus and minus (numeric literal sign) | diff --git a/docs/reference/query-languages/sql/sql-like-rlike-operators.md b/docs/reference/query-languages/sql/sql-like-rlike-operators.md index f03c702663d89..a39b392bed173 100644 --- a/docs/reference/query-languages/sql/sql-like-rlike-operators.md +++ b/docs/reference/query-languages/sql/sql-like-rlike-operators.md @@ -93,9 +93,8 @@ When using `LIKE`/`RLIKE`, do consider using [full-text search predicates](/refe