github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

[docs] Fix various syntax and rendering errors (#127062)

Browse source 
* fix syntax and rendering errors

* clean up

* fix versions

* more clean up

* more fixes

* more fixes

* more fixes
This commit is contained in:
Colleen McGinnis 2025-04-24 10:57:03 -05:00 committed by GitHub
parent 41eefb62d3
commit 08552f1c2e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
95 changed files with 1439 additions and 1195 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/docset.yml
View file

@ -28,6 +28,7 @@ toc:
- toc: release-notes
- toc: extend
subs:
version: 9.0.0
api-request-title: "Request"
api-prereq-title: "Prerequisites"
api-description-title: "Description"
@ -96,8 +97,8 @@ subs:
transforms-cap: "Transforms"
dfanalytics-cap: "Data frame analytics"
dfanalytics: "data frame analytics"
dfanalytics-job: "'{dataframe} analytics job'"
dfanalytics-jobs: "'{dataframe} analytics jobs'"
dfanalytics-job: "data frame analytics job"
dfanalytics-jobs: "data frame analytics jobs"
ctransforms: "continuous transforms"
regression: "regression"
regression-cap: "Regression"

10
docs/reference/aggregations/search-aggregations-bucket-adjacency-matrix-aggregation.md
View file

@ -94,14 +94,12 @@ The response contains buckets with document counts for each filter and combinati
`filters`
: (Required, object) Filters used to create buckets.
::::{dropdown} Properties of `filters`
`<filter>`
: (Required, [Query DSL object](/reference/query-languages/querydsl.md)) Query used to filter documents. The key is the filter name.
::::{dropdown} Properties of filters
`<filter>`
: (Required, [Query DSL object](/reference/query-languages/querydsl.md)) Query used to filter documents. The key is the filter name.
At least one filter is required. The total number of filters cannot exceed the [`indices.query.bool.max_clause_count`](/reference/elasticsearch/configuration-reference/search-settings.md#indices-query-bool-max-clause-count) setting. See [Filter limits](#adjacency-matrix-agg-filter-limits).
::::
::::
`separator`

5
docs/reference/aggregations/search-aggregations-bucket-categorize-text-aggregation.md
View file

@ -26,7 +26,8 @@ The algorithm used for categorization was completely changed in version 8.3.0. A
The `categorization_analyzer` field can be specified either as a string or as an object. If it is a string it must refer to a [built-in analyzer](/reference/text-analysis/analyzer-reference.md) or one added by another plugin. If it is an object it has the following properties:
:::::{dropdown} Properties of `categorization_analyzer`
**Properties of `categorization_analyzer`**:
`char_filter`
: (array of strings or objects) One or more [character filters](/reference/text-analysis/character-filter-reference.md). In addition to the built-in character filters, other plugins can provide more character filters. This property is optional. If it is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of `categorization_filters` (which are not permitted when some other aspect of the analyzer is customized), add them here as [pattern replace character filters](/reference/text-analysis/analysis-pattern-replace-charfilter.md).
@ -41,8 +42,6 @@ The algorithm used for categorization was completely changed in version 8.3.0. A
`filter`
: (array of strings or objects) One or more [token filters](/reference/text-analysis/token-filter-reference.md). In addition to the built-in token filters, other plugins can provide more token filters. This property is optional. If it is not specified, no token filters are applied prior to categorization.
:::::
`categorization_filters`
: (Optional, array of strings) This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as `categorization_analyzer`. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the `categorization_analyzer` property instead and include the filters as `pattern_replace` character filters.

38
docs/reference/aggregations/search-aggregations-bucket-correlation-aggregation.md
View file

@ -11,25 +11,25 @@ A sibling pipeline aggregation which executes a correlation function on the conf
## Parameters [bucket-correlation-agg-syntax]
`buckets_path`
: (Required, string) Path to the buckets that contain one set of values to correlate. For syntax, see [`buckets_path` Syntax](/reference/aggregations/pipeline.md#buckets-path-syntax).
### `buckets_path`
`function`
: (Required, object) The correlation function to execute.
(Required, string) Path to the buckets that contain one set of values to correlate. For syntax, see [`buckets_path` Syntax](/reference/aggregations/pipeline.md#buckets-path-syntax).
::::{dropdown} Properties of `function`
`count_correlation`
: (Required*, object) The configuration to calculate a count correlation. This function is designed for determining the correlation of a term value and a given metric. Consequently, it needs to meet the following requirements.
### `function`
* The `buckets_path` must point to a `_count` metric.
* The total count of all the `bucket_path` count values must be less than or equal to `indicator.doc_count`.
* When utilizing this function, an initial calculation to gather the required `indicator` values is required.
(Required, object) The correlation function to execute.
::::{dropdown} Properties of `count_correlation`
`indicator`
: (Required, object) The indicator with which to correlate the configured `bucket_path` values.
#### `count_correlation`
(Required*, object) The configuration to calculate a count correlation. This function is designed for determining the correlation of a term value and a given metric. Consequently, it needs to meet the following requirements.
* The `buckets_path` must point to a `_count` metric.
* The total count of all the `bucket_path` count values must be less than or equal to `indicator.doc_count`.
* When utilizing this function, an initial calculation to gather the required `indicator` values is required.
`indicator`
: (Required, object) The indicator with which to correlate the configured `bucket_path` values.
::::{dropdown} Properties of `indicator`
`doc_count`
: (Required, integer) The total number of documents that initially created the `expectations`. Its required to be greater than or equal to the sum of all values in the `buckets_path` as this is the originating superset of data to which the term values are correlated.
@ -39,16 +39,6 @@ A sibling pipeline aggregation which executes a correlation function on the conf
`fractions`
: (Optional, array) An array of fractions to use when averaging and calculating variance. This should be used if the pre-calculated data and the `buckets_path` have known gaps. The length of `fractions`, if provided, must equal `expectations`.
::::
::::
::::
## Syntax [_syntax_8]
A `bucket_correlation` aggregation looks like this in isolation:

2
docs/reference/aggregations/search-aggregations-bucket-significantterms-aggregation.md
View file

@ -196,7 +196,7 @@ Picking a free-text field as the subject of a significant terms analysis can be
::::
::::{admonition} Use the *"like this but not this"* pattern
::::{admonition} Use the "like this but not this" pattern
You can spot mis-categorized content by first searching a structured field e.g. `category:adultMovie` and use significant_terms on the free-text "movie_description" field. Take the suggested words (Ill leave them to your imagination) and then search for all movies NOT marked as category:adultMovie but containing these keywords. You now have a ranked list of badly-categorized movies that you should reclassify or at least remove from the "familyFriendly" category.
The significance score from each term can also provide a useful `boost` setting to sort matches. Using the `minimum_should_match` setting of the `terms` query with the keywords will help control the balance of precision/recall in the result set i.e a high setting would have a small number of relevant results packed full of keywords and a setting of "1" would produce a more exhaustive results set with all documents containing *any* keyword.

2
docs/reference/aggregations/search-aggregations-bucket-significanttext-aggregation.md
View file

@ -265,7 +265,7 @@ The numbers returned for scores are primarily intended for ranking different sug
::::
::::{admonition} Use the *"like this but not this"* pattern
::::{admonition} Use the "like this but not this" pattern
You can spot mis-categorized content by first searching a structured field e.g. `category:adultMovie` and use significant_text on the text "movie_description" field. Take the suggested words (Ill leave them to your imagination) and then search for all movies NOT marked as category:adultMovie but containing these keywords. You now have a ranked list of badly-categorized movies that you should reclassify or at least remove from the "familyFriendly" category.
The significance score from each term can also provide a useful `boost` setting to sort matches. Using the `minimum_should_match` setting of the `terms` query with the keywords will help control the balance of precision/recall in the result set i.e a high setting would have a small number of relevant results packed full of keywords and a setting of "1" would produce a more exhaustive results set with all documents containing *any* keyword.

5
docs/reference/aggregations/search-aggregations-change-point-aggregation.md
View file

@ -46,15 +46,14 @@ A `change_point` aggregation looks like this in isolation:
`bucket`
: (Optional, object) Values of the bucket that indicates the discovered change point. Not returned if no change point was found. All the aggregations in the bucket are returned as well.
::::{dropdown} Properties of bucket
**Properties of `bucket**:
`key`
: (value) The key of the bucket matched. Could be string or numeric.
`doc_count`
: (number) The document count of the bucket.
::::
`type`
: (object) The found change point type and its related values. Possible types:

2
docs/reference/aggregations/search-aggregations-metrics-geocentroid-aggregation.md
View file

@ -201,7 +201,7 @@ POST /places/_search?size=0
}
```
::::{admonition} Using `geo_centroid` as a sub-aggregation of `geohash_grid`
::::{admonition} Using geo_centroid as a sub-aggregation of geohash_grid
:class: warning
The [`geohash_grid`](/reference/aggregations/search-aggregations-bucket-geohashgrid-aggregation.md) aggregation places documents, not individual geopoints, into buckets. If a documents `geo_point` field contains [multiple values](/reference/elasticsearch/mapping-reference/array.md), the document could be assigned to multiple buckets, even if one or more of its geopoints are outside the bucket boundaries.

2
docs/reference/aggregations/search-aggregations-metrics-max-aggregation.md
View file

@ -10,7 +10,7 @@ mapped_pages:
A `single-value` metrics aggregation that keeps track and returns the maximum value among the numeric values extracted from the aggregated documents.
::::{note}
The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2`^`53`^.
The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2^53`.
::::

2
docs/reference/aggregations/search-aggregations-metrics-min-aggregation.md
View file

@ -10,7 +10,7 @@ mapped_pages:
A `single-value` metrics aggregation that keeps track and returns the minimum value among numeric values extracted from the aggregated documents.
::::{note}
The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2`^`53`^.
The `min` and `max` aggregation operate on the `double` representation of the data. As a consequence, the result may be approximate when running on longs whose absolute value is greater than `2^53`.
::::

7
docs/reference/elasticsearch-plugins/analysis-icu.md
View file

@ -20,11 +20,6 @@ While we restrict ICU upgrades to major versions, you may find that an index cre
## Installation [analysis-icu-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -33,7 +28,7 @@ sudo bin/elasticsearch-plugin install analysis-icu
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-icu/analysis-icu-{{version}}.zip.asc).
## Removal [analysis-icu-remove]

7
docs/reference/elasticsearch-plugins/analysis-kuromoji.md
View file

@ -10,11 +10,6 @@ The Japanese (kuromoji) analysis plugin integrates Lucene kuromoji analysis modu
## Installation [analysis-kuromoji-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-kuromoji
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-kuromoji/analysis-kuromoji-{{version}}.zip.asc).
## Removal [analysis-kuromoji-remove]

7
docs/reference/elasticsearch-plugins/analysis-nori.md
View file

@ -10,11 +10,6 @@ The Korean (nori) Analysis plugin integrates Lucene nori analysis module into el
## Installation [analysis-nori-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-nori
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-nori/analysis-nori-{{version}}.zip.asc).
## Removal [analysis-nori-remove]

7
docs/reference/elasticsearch-plugins/analysis-phonetic.md
View file

@ -10,11 +10,6 @@ The Phonetic Analysis plugin provides token filters which convert tokens to thei
## Installation [analysis-phonetic-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-phonetic
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-{{version}}.zip.asc).
## Removal [analysis-phonetic-remove]

7
docs/reference/elasticsearch-plugins/analysis-smartcn.md
View file

@ -12,11 +12,6 @@ It provides an analyzer for Chinese or mixed Chinese-English text. This analyzer
## Installation [analysis-smartcn-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install analysis-smartcn
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-smartcn/analysis-smartcn-{{version}}.zip.asc).
## Removal [analysis-smartcn-remove]

7
docs/reference/elasticsearch-plugins/analysis-stempel.md
View file

@ -10,11 +10,6 @@ The Stempel analysis plugin integrates Lucenes Stempel analysis module for Po
## Installation [analysis-stempel-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install analysis-stempel
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-stempel/analysis-stempel-{{version}}.zip.asc).
## Removal [analysis-stempel-remove]

7
docs/reference/elasticsearch-plugins/analysis-ukrainian.md
View file

@ -12,11 +12,6 @@ It provides stemming for Ukrainian using the [Morfologik project](https://github
## Installation [analysis-ukrainian-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install analysis-ukrainian
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-ukrainian/analysis-ukrainian-{{version}}.zip.asc).
## Removal [analysis-ukrainian-remove]

7
docs/reference/elasticsearch-plugins/discovery-azure-classic.md
View file

@ -17,11 +17,6 @@ This plugin will be removed in the future
## Installation [discovery-azure-classic-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -30,7 +25,7 @@ sudo bin/elasticsearch-plugin install discovery-azure-classic
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-azure-classic/discovery-azure-classic-{{version}}.zip.asc).
## Removal [discovery-azure-classic-remove]

9
docs/reference/elasticsearch-plugins/discovery-ec2.md
View file

@ -7,16 +7,11 @@ mapped_pages:
The EC2 discovery plugin provides a list of seed addresses to the [discovery process](docs-content://deploy-manage/distributed-architecture/discovery-cluster-formation/discovery-hosts-providers.md) by querying the [AWS API](https://github.com/aws/aws-sdk-java) for a list of EC2 instances matching certain criteria determined by the [plugin settings](/reference/elasticsearch-plugins/discovery-ec2-usage.md).
**If you are looking for a hosted solution of {{es}} on AWS, please visit [https://www.elastic.co/cloud.**](https://www.elastic.co/cloud.**)
**If you are looking for a hosted solution of {{es}} on AWS, please visit [https://www.elastic.co/cloud](https://www.elastic.co/cloud).**
## Installation [discovery-ec2-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -25,7 +20,7 @@ sudo bin/elasticsearch-plugin install discovery-ec2
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-ec2/discovery-ec2-{{version}}.zip.asc).
## Removal [discovery-ec2-remove]

7
docs/reference/elasticsearch-plugins/discovery-gce.md
View file

@ -10,11 +10,6 @@ The Google Compute Engine Discovery plugin uses the GCE API to identify the addr
## Installation [discovery-gce-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install discovery-gce
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-gce/discovery-gce-{{version}}.zip.asc).
## Removal [discovery-gce-remove]

7
docs/reference/elasticsearch-plugins/mapper-annotated-text.md
View file

@ -17,11 +17,6 @@ The elasticsearch markup allows one or more additional tokens to be injected, un
## Installation [mapper-annotated-text-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -30,7 +25,7 @@ sudo bin/elasticsearch-plugin install mapper-annotated-text
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-annotated-text/mapper-annotated-text-{{version}}.zip.asc).
## Removal [mapper-annotated-text-remove]

7
docs/reference/elasticsearch-plugins/mapper-murmur3.md
View file

@ -10,11 +10,6 @@ The mapper-murmur3 plugin provides the ability to compute hash of field values a
## Installation [mapper-murmur3-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install mapper-murmur3
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-murmur3/mapper-murmur3-{{version}}.zip.asc).
## Removal [mapper-murmur3-remove]

2
docs/reference/elasticsearch-plugins/mapper-size-usage.md
View file

@ -72,7 +72,7 @@ GET my-index-000001/_search
5. Uses a [script field](/reference/elasticsearch/rest-apis/retrieve-selected-fields.md#script-fields) to return the `_size` field in the search response.
::::{admonition} Using `_size` in {kib}
::::{admonition} Using _size in {{kib}}
:class: note
To use the `_size` field in {{kib}}, update the `metaFields` setting and add `_size` to the list of meta fields. `metaFields` can be configured in {{kib}} from the Advanced Settings page in Management.

7
docs/reference/elasticsearch-plugins/mapper-size.md
View file

@ -10,11 +10,6 @@ The mapper-size plugin provides the `_size` metadata field which, when enabled,
## Installation [mapper-size-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install mapper-size
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-{{version}}.zip.asc).
## Removal [mapper-size-remove]

7
docs/reference/elasticsearch-plugins/repository-hdfs.md
View file

@ -10,11 +10,6 @@ The HDFS repository plugin adds support for using HDFS File System as a reposito
## Installation [repository-hdfs-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install repository-hdfs
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-hdfs/repository-hdfs-{{version}}.zip.asc).
## Removal [repository-hdfs-remove]

4
docs/reference/elasticsearch-plugins/store-smb-usage.md
View file

@ -13,7 +13,9 @@ The Store SMB plugin provides two storage types optimized for SMB:
: a SMB specific implementation of the default [mmap fs](/reference/elasticsearch/index-settings/store.md#mmapfs)
`smb_simple_fs`
: deprecated::[7.15,"smb_simple_fs is deprecated and will be removed in 8.0. Use smb_nio_fs or other file systems instead."]
: :::{admonition} Deprecated in 7.15
smb_simple_fs is deprecated and will be removed in 8.0. Use smb_nio_fs or other file systems instead.
:::
`smb_nio_fs`
: a SMB specific implementation of the default [nio fs](/reference/elasticsearch/index-settings/store.md#niofs)

7
docs/reference/elasticsearch-plugins/store-smb.md
View file

@ -10,11 +10,6 @@ The Store SMB plugin works around for a bug in Windows SMB and Java on windows.
## Installation [store-smb-install]
::::{warning}
Version 9.0.0-beta1 of the Elastic Stack has not yet been released. The plugin might not be available.
::::
This plugin can be installed using the plugin manager:
```sh
@ -23,7 +18,7 @@ sudo bin/elasticsearch-plugin install store-smb
The plugin must be installed on every node in the cluster, and each node must be restarted after installation.
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-9.0.0-beta1.zip.asc).
You can download this plugin for [offline install](/reference/elasticsearch-plugins/plugin-management-custom-url.md) from [https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip). To verify the `.zip` file, use the [SHA hash](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip.sha512) or [ASC key](https://artifacts.elastic.co/downloads/elasticsearch-plugins/store-smb/store-smb-{{version}}.zip.asc).
## Removal [store-smb-remove]

54
docs/reference/elasticsearch/command-line-tools/service-tokens-command.md
View file

@ -39,58 +39,50 @@ To ensure that {{es}} can read the service account token information at startup,
## Parameters [service-tokens-command-parameters]
`create`
: Creates a service account token for the specified service account.
### `create`
::::{dropdown} Properties of `create`
`<service_account_principal>`
: (Required, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
Creates a service account token for the specified service account.
**Properties of `create`**:
`<service_account_principal>`
: (Required, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
The service account principal must match a known service account.
`<token_name>`
: (Required, string) An identifier for the token name.
`<token_name>`
: (Required, string) An identifier for the token name.
Token names must be at least 1 and no more than 256 characters. They can contain alphanumeric characters (`a-z`, `A-Z`, `0-9`), dashes (`-`), and underscores (`_`), but cannot begin with an underscore.
::::{note}
:::::{note}
Token names must be unique in the context of the associated service account.
::::
:::::
### `list`
::::
Lists all service account tokens defined in the `service_tokens` file. If you specify a service account principal, the command lists only the tokens that belong to the specified service account.
**Properties of `list`**:
`list`
: Lists all service account tokens defined in the `service_tokens` file. If you specify a service account principal, the command lists only the tokens that belong to the specified service account.
::::{dropdown} Properties of `list`
`<service_account_principal>`
: (Optional, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
`<service_account_principal>`
: (Optional, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
The service account principal must match a known service account.
### `delete`
::::
Deletes a service account token for the specified service account.
**Properties of `delete`**:
`delete`
: Deletes a service account token for the specified service account.
::::{dropdown} Properties of `delete`
`<service_account_principal>`
: (Required, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
`<service_account_principal>`
: (Required, string) Service account principal that takes the format of `<namespace>/<service>`, where the `namespace` is a top-level grouping of service accounts, and `service` is the name of the service. For example, `elastic/fleet-server`.
The service account principal must match a known service account.
::::
`<token_name>`
: (Required, string) Name of an existing token.
`<token_name>`
: (Required, string) Name of an existing token.
## Examples [_examples_21]

4
docs/reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md
View file

@ -89,8 +89,10 @@ Rebalancing is important to ensure the cluster returns to a healthy and fully re
`cluster.routing.allocation.type`
: Selects the algorithm used for computing the cluster balance. Defaults to `desired_balance` which selects the *desired balance allocator*. This allocator runs a background task which computes the desired balance of shards in the cluster. Once this background task completes, {{es}} moves shards to their desired locations.
[8.8] May also be set to `balanced` to select the legacy *balanced allocator*. This allocator was the default allocator in versions of {{es}} before 8.6.0. It runs in the foreground, preventing the master from doing other work in parallel. It works by selecting a small number of shard movements which immediately improve the balance of the cluster, and when those shard movements complete it runs again and selects another few shards to move. Since this allocator makes its decisions based only on the current state of the cluster, it will sometimes move a shard several times while balancing the cluster.
:::{admonition} Deprecated in 8.8
May also be set to `balanced` to select the legacy *balanced allocator*. This allocator was the default allocator in versions of {{es}} before 8.6.0. It runs in the foreground, preventing the master from doing other work in parallel. It works by selecting a small number of shard movements which immediately improve the balance of the cluster, and when those shard movements complete it runs again and selects another few shards to move. Since this allocator makes its decisions based only on the current state of the cluster, it will sometimes move a shard several times while balancing the cluster.
:::
## Shard balancing heuristics settings [shards-rebalancing-heuristics]

7
docs/reference/elasticsearch/configuration-reference/discovery-cluster-formation-settings.md
View file

@ -12,11 +12,10 @@ applies_to:
`discovery.seed_hosts`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Provides a list of the addresses of the master-eligible nodes in the cluster. May also be a single string containing the addresses separated by commas. Each address has the format `host:port` or `host`. The `host` is either a host name to be resolved by DNS, an IPv4 address, or an IPv6 address. IPv6 addresses must be enclosed in square brackets. If a host name resolves via DNS to multiple addresses, {{es}} uses all of them. DNS lookups are subject to [JVM DNS caching](docs-content://deploy-manage/deploy/self-managed/networkaddress-cache-ttl.md). If the `port` is not given then it is determined by checking the following settings in order:
1. `transport.profiles.default.port`
2. `transport.port`
1. `transport.profiles.default.port`
2. `transport.port`
If neither of these is set then the default port is `9300`. The default value for `discovery.seed_hosts` is `["127.0.0.1", "[::1]"]`. See [`discovery.seed_hosts`](docs-content://deploy-manage/deploy/self-managed/important-settings-configuration.md#unicast.hosts).
If neither of these is set then the default port is `9300`. The default value for `discovery.seed_hosts` is `["127.0.0.1", "[::1]"]`. See [`discovery.seed_hosts`](docs-content://deploy-manage/deploy/self-managed/important-settings-configuration.md#unicast.hosts).
`discovery.seed_providers`

6
docs/reference/elasticsearch/configuration-reference/index-lifecycle-management-settings.md
View file

@ -15,7 +15,11 @@ These are the settings available for configuring [{{ilm}}](docs-content://manage
## Cluster level settings [_cluster_level_settings_3]
`xpack.ilm.enabled`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), Boolean) [7.8.0]<br> This deprecated setting has no effect and will be removed in Elasticsearch 8.0.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), Boolean)
:::{admonition} Deprecated in 7.8.0
This deprecated setting has no effect and will be removed in Elasticsearch 8.0.
:::
`indices.lifecycle.history_index_enabled`
: ([Dynamic](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#dynamic-cluster-setting), Boolean) Whether ILMs history index is enabled. If enabled, ILM will record the history of actions taken as part of ILM policies to the `ilm-history-*` indices. Defaults to `true`.

24
docs/reference/elasticsearch/configuration-reference/index-management-settings.md
View file

@ -93,13 +93,25 @@ $$$reindex-remote-whitelist$$$
: Specifies the path to the PEM encoded private key associated with the certificate used for client authentication (`reindex.ssl.certificate`). You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
`reindex.ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: Specifies the passphrase to decrypt the PEM encoded private key (`reindex.ssl.key`) if it is encrypted. [7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead. Cannot be used with `reindex.ssl.secure_key_passphrase`.
: Specifies the passphrase to decrypt the PEM encoded private key (`reindex.ssl.key`) if it is encrypted.
:::{admonition} Deprecated in 7.17.0
Prefer `reindex.ssl.secure_key_passphrase` instead. Cannot be used with `reindex.ssl.secure_key_passphrase`.
:::
`reindex.ssl.keystore.key_password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: The password for the key in the keystore (`reindex.ssl.keystore.path`). Defaults to the keystore password. [7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
: The password for the key in the keystore (`reindex.ssl.keystore.path`). Defaults to the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `reindex.ssl.keystore.secure_key_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
:::
`reindex.ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: The password to the keystore (`reindex.ssl.keystore.path`). [7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_password`.
: The password to the keystore (`reindex.ssl.keystore.path`).
:::{admonition} Deprecated in 7.17.0
Prefer `reindex.ssl.keystore.secure_password` instead. This setting cannot be used with `reindex.ssl.keystore.secure_password`.
:::
`reindex.ssl.keystore.path` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: Specifies the path to the keystore that contains a private key and certificate to be used for HTTP client authentication (if required by the remote cluster). This keystore can be in "JKS" or "PKCS#12" format. You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
@ -117,7 +129,11 @@ $$$reindex-remote-whitelist$$$
: The password to the keystore (`reindex.ssl.keystore.path`). This setting cannot be used with `reindex.ssl.keystore.password`.
`reindex.ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: The password to the truststore (`reindex.ssl.truststore.path`). [7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead. This setting cannot be used with `reindex.ssl.truststore.secure_password`.
: The password to the truststore (`reindex.ssl.truststore.path`).
:::{admonition} Deprecated in 7.17.0
Prefer `reindex.ssl.truststore.secure_password` instead. This setting cannot be used with `reindex.ssl.truststore.secure_password`.
:::
`reindex.ssl.truststore.path` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: The path to the Java Keystore file that contains the certificates to trust. This keystore can be in "JKS" or "PKCS#12" format. You cannot specify both `reindex.ssl.certificate_authorities` and `reindex.ssl.truststore.path`.

2
docs/reference/elasticsearch/configuration-reference/index-recovery-settings.md
View file

@ -81,7 +81,7 @@ You can use the following *expert* setting to manage resources for peer recoveri
## Recovery settings for managed services [recovery-settings-for-managed-services]
::::{note}
{cloud-only}
{{cloud-only}}
::::

340
docs/reference/elasticsearch/configuration-reference/monitoring-settings.md
View file

@ -30,8 +30,11 @@ For more information, see [Monitor a cluster](docs-content://deploy-manage/monit
### General monitoring settings [general-monitoring-settings]
`xpack.monitoring.enabled`
: [7.8.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) This deprecated setting has no effect.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting))
:::{admonition} Deprecated in 7.8.0
This deprecated setting has no effect.
:::
### Monitoring collection settings [monitoring-collection-settings]
@ -39,36 +42,72 @@ $$$monitoring-settings-description$$$
The `xpack.monitoring.collection` settings control how data is collected from your {{es}} nodes.
`xpack.monitoring.collection.enabled`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Set to `true` to enable the collection of monitoring data. When this setting is `false` (default), {{es}} monitoring data is not collected and all monitoring data from other sources such as {{kib}}, Beats, and {{ls}} is ignored.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Set to `true` to enable the collection of monitoring data. When this setting is `false` (default), {{es}} monitoring data is not collected and all monitoring data from other sources such as {{kib}}, Beats, and {{ls}} is ignored.
$$$xpack-monitoring-collection-interval$$$
`xpack.monitoring.collection.interval` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: [6.3.0] ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Setting to `-1` to disable data collection is no longer supported beginning with 7.0.0.
: :::{admonition} Deprecated in 6.3.0
This setting was deprecated in 6.3.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Setting to `-1` to disable data collection is no longer supported beginning with 7.0.0.
Controls how often data samples are collected. Defaults to `10s`. If you modify the collection interval, set the `xpack.monitoring.min_interval_seconds` option in `kibana.yml` to the same value.
`xpack.monitoring.elasticsearch.collection.enabled`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls whether statistics about your {{es}} cluster should be collected. Defaults to `true`. This is different from `xpack.monitoring.collection.enabled`, which allows you to enable or disable all monitoring collection. However, this setting simply disables the collection of {{es}} data while still allowing other data (e.g., {{kib}}, {{ls}}, Beats, or APM Server monitoring data) to pass through this cluster.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls whether statistics about your {{es}} cluster should be collected. Defaults to `true`. This is different from `xpack.monitoring.collection.enabled`, which allows you to enable or disable all monitoring collection. However, this setting simply disables the collection of {{es}} data while still allowing other data (e.g., {{kib}}, {{ls}}, Beats, or APM Server monitoring data) to pass through this cluster.
`xpack.monitoring.collection.cluster.stats.timeout`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the cluster statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the cluster statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
`xpack.monitoring.collection.node.stats.timeout`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the node statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the node statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
`xpack.monitoring.collection.indices`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls which indices the {{monitor-features}} collect data from. Defaults to all indices. Specify the index names as a comma-separated list, for example `test1,test2,test3`. Names can include wildcards, for example `test*`. You can explicitly exclude indices by prepending `-`. For example `test*,-test3` will monitor all indexes that start with `test` except for `test3`. System indices like .security* or .kibana* always start with a `.` and generally should be monitored. Consider adding `.*` to the list of indices ensure monitoring of system indices. For example: `.*,test*,-test3`
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls which indices the {{monitor-features}} collect data from. Defaults to all indices. Specify the index names as a comma-separated list, for example `test1,test2,test3`. Names can include wildcards, for example `test*`. You can explicitly exclude indices by prepending `-`. For example `test*,-test3` will monitor all indexes that start with `test` except for `test3`. System indices like .security* or .kibana* always start with a `.` and generally should be monitored. Consider adding `.*` to the list of indices ensure monitoring of system indices. For example: `.*,test*,-test3`
`xpack.monitoring.collection.index.stats.timeout`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting index statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting index statistics, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
`xpack.monitoring.collection.index.recovery.active_only`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Controls whether or not all recoveries are collected. Set to `true` to collect only active recoveries. Defaults to `false`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Controls whether or not all recoveries are collected. Set to `true` to collect only active recoveries. Defaults to `false`.
`xpack.monitoring.collection.index.recovery.timeout`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Timeout for collecting the recovery information, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Timeout for collecting the recovery information, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `10s`.
`xpack.monitoring.collection.min_interval_seconds` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the `xpack.monitoring.collection.interval`, use the same value in this setting.
@ -78,7 +117,11 @@ $$$xpack-monitoring-collection-interval$$$
$$$xpack-monitoring-history-duration$$$
`xpack.monitoring.history.duration` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) [7.16.0] Retention duration beyond which the indices created by a monitoring exporter are automatically deleted, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `7d` (7 days).
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) Retention duration beyond which the indices created by a monitoring exporter are automatically deleted, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). Defaults to `7d` (7 days).
This setting has a minimum value of `1d` (1 day) to ensure that something is being monitored and it cannot be disabled.
@ -103,17 +146,28 @@ xpack.monitoring.exporters.my_local:
```
`type`
: [7.16.0] The value for a Local exporter must always be `local` and it is required.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
The value for a Local exporter must always be `local` and it is required.
`use_ingest`
: Whether to supply a placeholder pipeline to the cluster and a pipeline processor with every bulk request. The default value is `true`. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them.
`cluster_alerts.management.enabled`
: [7.16.0] Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed.
`wait_master.timeout`
: [7.16.0] Time to wait for the master node to setup `local` exporter for monitoring, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). After that wait period, the non-master nodes warn the user for possible missing configuration. Defaults to `30s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Time to wait for the master node to setup `local` exporter for monitoring, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). After that wait period, the non-master nodes warn the user for possible missing configuration. Defaults to `30s`.
### HTTP exporter settings [http-exporter-settings]
@ -126,10 +180,18 @@ xpack.monitoring.exporters.my_remote:
```
`type`
: [7.16.0] The value for an HTTP exporter must always be `http` and it is required.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
The value for an HTTP exporter must always be `http` and it is required.
`host`
: [7.16.0] Host supports multiple formats, both as an array or as a single value. Supported formats include `hostname`, `hostname:port`, `http://hostname` `http://hostname:port`, `https://hostname`, and `https://hostname:port`. Hosts cannot be assumed. The default scheme is always `http` and the default port is always `9200` if not supplied as part of the `host` string.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Host supports multiple formats, both as an array or as a single value. Supported formats include `hostname`, `hostname:port`, `http://hostname` `http://hostname:port`, `https://hostname`, and `https://hostname:port`. Hosts cannot be assumed. The default scheme is always `http` and the default port is always `9200` if not supplied as part of the `host` string.
```yaml
xpack.monitoring.exporters:
@ -149,25 +211,53 @@ xpack.monitoring.exporters.my_remote:
`auth.username`
: [7.16.0] The username is required if `auth.secure_password` is supplied.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
The username is required if `auth.secure_password` is supplied.
`auth.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md), [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) [7.16.0] The password for the `auth.username`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md), [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the `auth.username`.
`connection.timeout`
: [7.16.0] Amount of time that the HTTP connection is supposed to wait for a socket to open for the request, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `6s`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Amount of time that the HTTP connection is supposed to wait for a socket to open for the request, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `6s`.
`connection.read_timeout`
: [7.16.0] Amount of time that the HTTP connection is supposed to wait for a socket to send back a response, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `10 * connection.timeout` (`60s` if neither are set).
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Amount of time that the HTTP connection is supposed to wait for a socket to send back a response, in [time units](/reference/elasticsearch/rest-apis/api-conventions.md#time-units). The default value is `10 * connection.timeout` (`60s` if neither are set).
`ssl`
: [7.16.0] Each HTTP exporter can define its own TLS / SSL settings or inherit them. See [{{monitoring}} TLS/SSL settings](#ssl-monitoring-settings).
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Each HTTP exporter can define its own TLS / SSL settings or inherit them. See [{{monitoring}} TLS/SSL settings](#ssl-monitoring-settings).
`proxy.base_path`
: [7.16.0] The base path to prefix any outgoing request, such as `/base/path` (e.g., bulk requests would then be sent as `/base/path/_bulk`). There is no default value.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
The base path to prefix any outgoing request, such as `/base/path` (e.g., bulk requests would then be sent as `/base/path/_bulk`). There is no default value.
`headers`
: [7.16.0] Optional headers that are added to every request, which can assist with routing requests through proxies.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Optional headers that are added to every request, which can assist with routing requests through proxies.
```yaml
xpack.monitoring.exporters.my_remote:
@ -180,16 +270,28 @@ xpack.monitoring.exporters.my_remote:
`index.name.time_format`
: [7.16.0] A mechanism for changing the default date suffix for daily monitoring indices. The default format is `yyyy.MM.dd`. For example, `.monitoring-es-7-2021.08.26`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
A mechanism for changing the default date suffix for daily monitoring indices. The default format is `yyyy.MM.dd`. For example, `.monitoring-es-7-2021.08.26`.
`use_ingest`
: Whether to supply a placeholder pipeline to the monitoring cluster and a pipeline processor with every bulk request. The default value is `true`. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them.
`cluster_alerts.management.enabled`
: [7.16.0] Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Whether to create cluster alerts for this cluster. The default value is `true`. To use this feature, {{watcher}} must be enabled. If you have a basic license, cluster alerts are not displayed.
`cluster_alerts.management.blacklist`
: [7.16.0] Prevents the creation of specific cluster alerts. It also removes any applicable watches that already exist in the current cluster.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
Prevents the creation of specific cluster alerts. It also removes any applicable watches that already exist in the current cluster.
You can add any of the following watch identifiers to the list of blocked alerts:
@ -208,7 +310,11 @@ xpack.monitoring.exporters.my_remote:
You can configure the following TLS/SSL settings.
`xpack.monitoring.exporters.$NAME.ssl.supported_protocols`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
{{es}} relies on your JDKs implementation of SSL and TLS. View [Supported SSL/TLS versions by JDK version](docs-content://deploy-manage/security/supported-ssltls-versions-by-jdk-version.md) for more information.
@ -218,31 +324,29 @@ You can configure the following TLS/SSL settings.
`xpack.monitoring.exporters.$NAME.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Controls the verification of certificates.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
Defaults to `full`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.monitoring.exporters.$NAME.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
For more information, see Oracles [Java Cryptography Architecture documentation](https://docs.oracle.com/en/java/javase/11/security/oracle-providers.md#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2).
@ -257,28 +361,52 @@ The following settings are used to specify a private key, certificate, and the t
When using PEM encoded files, use the following settings:
`xpack.monitoring.exporters.$NAME.ssl.key`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Path to a PEM encoded file containing the private key.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Path to a PEM encoded file containing the private key.
If HTTP client authentication is required, it uses this file. You cannot use this setting and `ssl.keystore.path` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.key_passphrase`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.secure_key_passphrase`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
`xpack.monitoring.exporters.$NAME.ssl.certificate`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Specifies the path for the PEM encoded certificate (or certificate chain) that is associated with the key.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Specifies the path for the PEM encoded certificate (or certificate chain) that is associated with the key.
This setting can be used only if `ssl.key` is set.
`xpack.monitoring.exporters.$NAME.ssl.certificate_authorities`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] List of paths to PEM encoded certificate files that should be trusted.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) List of paths to PEM encoded certificate files that should be trusted.
This setting and `ssl.truststore.path` cannot be used at the same time.
@ -289,40 +417,72 @@ When using PEM encoded files, use the following settings:
When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
`xpack.monitoring.exporters.$NAME.ssl.keystore.path`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore file that contains a private key and certificate.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore file that contains a private key and certificate.
It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.key` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: :::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
`xpack.monitoring.exporters.$NAME.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the keystore.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.monitoring.exporters.$NAME.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: :::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.keystore.secure_key_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the key in the keystore. The default is the keystore password.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password.
`xpack.monitoring.exporters.$NAME.ssl.truststore.path`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file.
You cannot use this setting and `ssl.certificate_authorities` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: :::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.truststore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] Password for the truststore.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) Password for the truststore.
### PKCS#12 files [monitoring-pkcs12-files]
@ -332,46 +492,94 @@ When using Java keystore files (JKS), which contain the private key, certificate
PKCS#12 files are configured in the same way as Java keystore files:
`xpack.monitoring.exporters.$NAME.ssl.keystore.path`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore file that contains a private key and certificate.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore file that contains a private key and certificate.
It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this setting and `ssl.key` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.keystore.type`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`xpack.monitoring.exporters.$NAME.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`xpack.monitoring.exporters.$NAME.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the keystore.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.monitoring.exporters.$NAME.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.keystore.secure_key_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] The password for the key in the keystore. The default is the keystore password.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password.
`xpack.monitoring.exporters.$NAME.ssl.truststore.path`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file.
You cannot use this setting and `ssl.certificate_authorities` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.truststore.type`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file.
`xpack.monitoring.exporters.$NAME.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.16.0] The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
`xpack.monitoring.exporters.$NAME.ssl.truststore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) [7.16.0] Password for the truststore.
: :::{admonition} Deprecated in 7.16.0
This setting was deprecated in 7.16.0.
:::
([Secure](docs-content://deploy-manage/security/secure-settings.md)) Password for the truststore.

4
docs/reference/elasticsearch/configuration-reference/node-settings.md
View file

@ -55,9 +55,7 @@ $$$coordinating-only-node$$$If If you set `node.roles` to an empty array (`node.
If you set `node.roles`, ensure you specify every node role your cluster needs. Every cluster requires the following node roles:
* `master`
*
`data_content` and `data_hot`<br> OR<br> `data`
* `data_content` and `data_hot` OR `data`
Some {{stack}} features also require specific node roles:

6
docs/reference/elasticsearch/configuration-reference/search-settings.md
View file

@ -13,9 +13,11 @@ The following expert settings can be set to manage global search and aggregation
$$$indices-query-bool-max-clause-count$$$
`indices.query.bool.max_clause_count`
: [8.0.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), integer) This deprecated setting has no effect.
: :::{admonition} Deprecated in 8.0.0
This deprecated setting has no effect.
:::
{{es}} will now dynamically set the maximum number of allowed clauses in a query, using a heuristic based on the size of the search thread pool and the size of the heap allocated to the JVM. This limit has a minimum value of 1024 and will in most cases be larger (for example, a node with 30Gb RAM and 48 CPUs will have a maximum clause count of around 27,000). Larger heaps lead to higher values, and larger thread pools result in lower values.
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting), integer) {{es}} will now dynamically set the maximum number of allowed clauses in a query, using a heuristic based on the size of the search thread pool and the size of the heap allocated to the JVM. This limit has a minimum value of 1024 and will in most cases be larger (for example, a node with 30Gb RAM and 48 CPUs will have a maximum clause count of around 27,000). Larger heaps lead to higher values, and larger thread pools result in lower values.
Queries with many clauses should be avoided whenever possible. If you previously bumped this setting to accommodate heavy queries, you might need to increase the amount of memory available to {{es}}, or to reduce the size of your search thread pool so that more memory is available to each concurrent search.

589
docs/reference/elasticsearch/configuration-reference/security-settings.md
View file

@ -280,7 +280,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The DN of the user that is used to bind to the LDAP and perform searches. Only applicable in user search mode. If not specified, an anonymous bind is attempted. Defaults to Empty. Due to its potential security impact, `bind_dn` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
`bind_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [6.3] Use `secure_bind_password` instead. The password for the user that is used to bind to the LDAP directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
: :::{admonition} Deprecated in 6.3
Use `secure_bind_password` instead.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the user that is used to bind to the LDAP directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
`secure_bind_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md), [Reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the user that is used to bind to the LDAP directory. Defaults to Empty.
@ -315,7 +319,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Specifies the filter used to search the directory in attempts to match an entry with the username provided by the user. Defaults to `(uid={{0}})`. `{{0}}` is substituted with the username provided when searching.
`user_search.attribute`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [5.6] Use `user_search.filter` instead. The attribute to match with the username sent with the request. Defaults to `uid`.
: :::{admonition} Deprecated in 5.6
Use `user_search.filter` instead.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The attribute to match with the username sent with the request. Defaults to `uid`.
`user_search.pool.enabled`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Enables or disables connection pooling for user search. If set to `false`, a new connection is created for every search. The default is `true` when `bind_dn` is set.
@ -363,7 +371,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP connect timeout period for establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to `5s` (5 seconds ).
`timeout.tcp_read`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.7] The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds.
: :::{admonition} Deprecated in 7.7
This setting was deprecated in 7.7.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds.
`timeout.response`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The time interval to wait for the response from the LDAP server. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`.
@ -380,7 +392,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
`ssl.key_passphrase`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -416,13 +432,21 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -439,7 +463,11 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
`ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -453,27 +481,17 @@ In addition to the [Settings valid for all realms](#ref-realm-settings), you can
`ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Indicates the type of verification when using `ldaps` to protect against man in the middle attacks and certificate forgery.
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`ssl.supported_protocols`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. The default is `TLSv1.3,TLSv1.2`.
@ -530,7 +548,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The DN of the user that is used to bind to Active Directory and perform searches. Defaults to Empty. Due to its potential security impact, `bind_dn` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
`bind_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [6.3] Use `secure_bind_password` instead. The password for the user that is used to bind to Active Directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the user that is used to bind to Active Directory. Defaults to Empty. Due to its potential security impact, `bind_password` is not exposed via the [nodes info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-nodes-info).
:::{admonition} Deprecated in 6.3
Use `secure_bind_password` instead.
:::
`secure_bind_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md), [Reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings)) The password for the user that is used to bind to Active Directory. Defaults to Empty.
@ -587,7 +609,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP connect timeout period for establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to `5s` (5 seconds ).
`timeout.tcp_read`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) [7.7] The TCP read timeout period after establishing an LDAP connection. This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`.
: :::{admonition} Deprecated in 7.7
This is equivalent to and is deprecated in favor of `timeout.response` and they cannot be used simultaneously.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The TCP read timeout period after establishing an LDAP connection. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`.
`timeout.response`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The time interval to wait for the response from the AD server. An `s` at the end indicates seconds, or `ms` indicates milliseconds. Defaults to the value of `timeout.ldap_search`.
@ -620,7 +646,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
`ssl.key_passphrase`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -629,7 +659,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
`ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -638,7 +672,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the key in the keystore. The default is the keystore password.
`ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`ssl.secure_keystore.password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
@ -655,7 +693,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -677,27 +719,17 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
`ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Indicates the type of verification when using `ldaps` to protect against man in the middle attacks and certificate forgery.
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`ssl.supported_protocols`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
@ -744,7 +776,11 @@ In addition to the [settings that are valid for all realms](#ref-realm-settings)
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Algorithm for the truststore. Defaults to `SunX509`.
`truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -950,7 +986,11 @@ These settings are not used for any purpose other than loading metadata over htt
`ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -983,7 +1023,11 @@ These settings are not used for any purpose other than loading metadata over htt
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
@ -992,7 +1036,11 @@ These settings are not used for any purpose other than loading metadata over htt
`ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1014,7 +1062,11 @@ You cannot use this setting and `ssl.keystore.key_password` at the same time.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1028,27 +1080,17 @@ You cannot use this setting and `ssl.keystore.key_password` at the same time.
`ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates.
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
@ -1230,7 +1272,11 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -1263,7 +1309,11 @@ These settings are *only* used for the back-channel communication between {{es}}
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
@ -1272,7 +1322,11 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1295,7 +1349,11 @@ These settings are *only* used for the back-channel communication between {{es}}
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1309,27 +1367,17 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates.
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
@ -1488,7 +1536,11 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.key_passphrase` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -1521,7 +1573,11 @@ These settings are *only* used for the back-channel communication between {{es}}
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.keystore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
@ -1530,7 +1586,11 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1553,7 +1613,11 @@ These settings are *only* used for the back-channel communication between {{es}}
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the truststore file. It must be either `jks` or `PKCS12`. If the file name ends in ".p12", ".pfx" or "pkcs12", the default is `PKCS12`. Otherwise, it defaults to `jks`.
`ssl.truststore.password` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1567,27 +1631,17 @@ These settings are *only* used for the back-channel communication between {{es}}
`ssl.verification_mode` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Controls the verification of certificates.
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`ssl.supported_protocols` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported protocols with versions. Valid protocols: `SSLv2Hello`, `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`. If the JVMs SSL provider supports TLSv1.3, the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is `TLSv1.2,TLSv1.1`.
@ -1655,27 +1709,17 @@ You can configure the following TLS/SSL settings.
`xpack.security.http.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The SSL settings in `xpack.security.http.ssl` control a *server context* for TLS, which defines the settings for the TLS connection. The use of `verification_mode` in a TLS *server* is discouraged. Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.security.http.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
@ -1698,7 +1742,11 @@ When using PEM encoded files, use the following settings:
`xpack.security.http.ssl.key_passphrase`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -1730,13 +1778,21 @@ When using Java keystore files (JKS), which contain the private key, certificate
`xpack.security.http.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`xpack.security.http.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.security.http.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1751,7 +1807,11 @@ When using Java keystore files (JKS), which contain the private key, certificate
`xpack.security.http.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1776,13 +1836,21 @@ PKCS#12 files are configured in the same way as Java keystore files:
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`xpack.security.http.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`xpack.security.http.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.security.http.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1800,7 +1868,11 @@ PKCS#12 files are configured in the same way as Java keystore files:
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file.
`xpack.security.http.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1833,27 +1905,17 @@ You can configure the following TLS/SSL settings.
`xpack.security.transport.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.security.transport.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
@ -1879,7 +1941,11 @@ When using PEM encoded files, use the following settings:
`xpack.security.transport.ssl.key_passphrase`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional. [7.17.0] Prefer `ssl.secure_key_passphrase` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The passphrase that is used to decrypt the private key. Since the key might not be encrypted, this value is optional.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.secure_key_passphrase` instead.
:::
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
@ -1913,13 +1979,21 @@ When using Java keystore files (JKS), which contain the private key, certificate
`xpack.security.transport.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`xpack.security.transport.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.security.transport.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1934,7 +2008,11 @@ When using Java keystore files (JKS), which contain the private key, certificate
`xpack.security.transport.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -1959,13 +2037,21 @@ PKCS#12 files are configured in the same way as Java keystore files:
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The format of the keystore file. It must be either `jks` or `PKCS12`. If the keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`xpack.security.transport.ssl.keystore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore. [7.17.0] Prefer `ssl.keystore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the keystore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_password` instead.
:::
`xpack.security.transport.ssl.keystore.secure_password`
: ([Secure](docs-content://deploy-manage/security/secure-settings.md)) The password for the keystore.
`xpack.security.transport.ssl.keystore.key_password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password. [7.17.0] Prefer `ssl.keystore.secure_key_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the key in the keystore. The default is the keystore password.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.keystore.secure_key_password` instead.
:::
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
@ -1983,7 +2069,11 @@ PKCS#12 files are configured in the same way as Java keystore files:
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Set this to `PKCS12` to indicate that the truststore is a PKCS#12 file.
`xpack.security.transport.ssl.truststore.password`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore. [7.17.0] Prefer `ssl.truststore.secure_password` instead.
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The password for the truststore.
:::{admonition} Deprecated in 7.17.0
Prefer `ssl.truststore.secure_password` instead.
:::
You cannot use this setting and `ssl.truststore.secure_password` at the same time.
@ -2016,27 +2106,17 @@ You can configure the following TLS/SSL settings.
`xpack.security.remote_cluster_server.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) The SSL settings in `xpack.security.remote_cluster_server.ssl` control a *server context* for TLS, which defines the settings for the TLS connection. The use of `verification_mode` in a TLS *server* is discouraged. Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.security.remote_cluster_server.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
@ -2155,27 +2235,17 @@ You can configure the following TLS/SSL settings.
`xpack.security.remote_cluster_client.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.security.remote_cluster_client.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
@ -2315,67 +2385,66 @@ Certain realms store user credentials in memory. To limit exposure to credential
$$$cache-hash-algo$$$
| | | | |
| --- | --- | --- | --- |
| Algorithm | | | Description |
| `ssha256` | | | Uses a salted `sha-256` algorithm (default). |
| `md5` | | | Uses `MD5` algorithm. |
| `sha1` | | | Uses `SHA1` algorithm. |
| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |
| `noop`,`clear_text` | | | Doesnt hash the credentials and keeps it in clear text in memory. CAUTION: keeping clear text is considered insecure and can be compromised at the OS level (for example through memory dumps and using `ptrace`). |
| Algorithm | Description |
| --- | --- |
| `ssha256` | Uses a salted `sha-256` algorithm (default). |
| `md5` | Uses `MD5` algorithm. |
| `sha1` | Uses `SHA1` algorithm. |
| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |
| `noop`,`clear_text` | Doesnt hash the credentials and keeps it in clear text in memory. CAUTION: keeping clear text is considered insecure and can be compromised at the OS level (for example through memory dumps and using `ptrace`). |
Likewise, realms that store passwords hash them using cryptographically strong and password-specific salt values. You can configure the algorithm for password hashing by setting the [static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting) `xpack.security.authc.password_hashing.algorithm` setting to one of the following:
$$$password-hashing-algorithms$$$
| Algorithm | | | Description |
| --- | --- | --- | --- |
| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. (default) |
| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `bcrypt10` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt11` | | | Uses `bcrypt` algorithm with salt generated in 2048 rounds. |
| `bcrypt12` | | | Uses `bcrypt` algorithm with salt generated in 4096 rounds. |
| `bcrypt13` | | | Uses `bcrypt` algorithm with salt generated in 8192 rounds. |
| `bcrypt14` | | | Uses `bcrypt` algorithm with salt generated in 16384 rounds. |
| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |
| Algorithm | Description |
| --- | --- |
| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. (default) |
| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `bcrypt10` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt11` | Uses `bcrypt` algorithm with salt generated in 2048 rounds. |
| `bcrypt12` | Uses `bcrypt` algorithm with salt generated in 4096 rounds. |
| `bcrypt13` | Uses `bcrypt` algorithm with salt generated in 8192 rounds. |
| `bcrypt14` | Uses `bcrypt` algorithm with salt generated in 16384 rounds. |
| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |
Furthermore, {{es}} supports authentication via securely-generated high entropy tokens, for instance [API keys](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-api-key). Analogous to passwords, only the tokens' hashes are stored. Since the tokens are guaranteed to have sufficiently high entropy to resist offline attacks, secure salted hash functions are supported in addition to the password-hashing algorithms mentioned above.
@ -2383,35 +2452,35 @@ You can configure the algorithm for API key stored credential hashing by setting
$$$secure-token-hashing-algorithms$$$
| Algorithm | | | Description |
| --- | --- | --- | --- |
| `ssha256` | | | Uses a salted `sha-256` algorithm. (default) |
| `bcrypt` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt4` | | | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | | | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | | | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | | | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | | | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | | | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `bcrypt10` | | | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt11` | | | Uses `bcrypt` algorithm with salt generated in 2048 rounds. |
| `bcrypt12` | | | Uses `bcrypt` algorithm with salt generated in 4096 rounds. |
| `bcrypt13` | | | Uses `bcrypt` algorithm with salt generated in 8192 rounds. |
| `bcrypt14` | | | Uses `bcrypt` algorithm with salt generated in 16384 rounds. |
| `pbkdf2` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | | | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |
| Algorithm | Description |
| --- | --- |
| `ssha256` | Uses a salted `sha-256` algorithm. (default) |
| `bcrypt` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt4` | Uses `bcrypt` algorithm with salt generated in 16 rounds. |
| `bcrypt5` | Uses `bcrypt` algorithm with salt generated in 32 rounds. |
| `bcrypt6` | Uses `bcrypt` algorithm with salt generated in 64 rounds. |
| `bcrypt7` | Uses `bcrypt` algorithm with salt generated in 128 rounds. |
| `bcrypt8` | Uses `bcrypt` algorithm with salt generated in 256 rounds. |
| `bcrypt9` | Uses `bcrypt` algorithm with salt generated in 512 rounds. |
| `bcrypt10` | Uses `bcrypt` algorithm with salt generated in 1024 rounds. |
| `bcrypt11` | Uses `bcrypt` algorithm with salt generated in 2048 rounds. |
| `bcrypt12` | Uses `bcrypt` algorithm with salt generated in 4096 rounds. |
| `bcrypt13` | Uses `bcrypt` algorithm with salt generated in 8192 rounds. |
| `bcrypt14` | Uses `bcrypt` algorithm with salt generated in 16384 rounds. |
| `pbkdf2` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations. |
| `pbkdf2_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations. |
| `pbkdf2_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations. |
| `pbkdf2_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations. |
| `pbkdf2_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations. |
| `pbkdf2_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations. |
| `pbkdf2_stretch` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_10000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 10000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_50000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 50000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_100000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 100000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_500000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 500000 iterations, after hashing the initial input with SHA512 first. |
| `pbkdf2_stretch_1000000` | Uses `PBKDF2` key derivation function with `HMAC-SHA512` as a pseudorandom function using 1000000 iterations, after hashing the initial input with SHA512 first. |

6
docs/reference/elasticsearch/configuration-reference/transforms-settings.md
View file

@ -26,7 +26,11 @@ You do not need to configure any settings to use {{transforms}}. It is enabled b
`xpack.transform.enabled`
: [7.8.0] ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) This deprecated setting no longer has any effect.
: :::{admonition} Deprecated in 7.8.0
This deprecated setting no longer has any effect.
:::
([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting))
`xpack.transform.num_transform_failure_retries`
: ([Dynamic](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings)) The number of times that a {{transform}} retries when it experiences a non-fatal error. Once the number of retries is exhausted, the {{transform}} task is marked as `failed`. The default value is `10` with a valid minimum of `0` and maximum of `100`. If a {{transform}} is already running, it has to be restarted to use the changed setting. The `num_failure_retries` setting can also be specified on an individual {{transform}} level. Specifying this setting for each {{transform}} individually is recommended.

40
docs/reference/elasticsearch/configuration-reference/watcher-settings.md
View file

@ -83,27 +83,17 @@ You can configure the following TLS/SSL settings.
`xpack.http.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.http.ssl.cipher_suites` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on Elastic Cloud Hosted")
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
@ -339,27 +329,17 @@ You can configure the following TLS/SSL settings.
`xpack.notification.email.ssl.verification_mode`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Defines how to verify the certificates presented by another party in the TLS connection:
::::{dropdown} Valid values
`full`
: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
Defaults to `full`.
`certificate`
: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
`none`
: Performs no certificate validation.
**Valid values**:
* `full`: Validates that the provided certificate: has an issue date thats within the `not_before` and `not_after` dates; chains to a trusted Certificate Authority (CA); has a `hostname` or IP address that matches the names within the certificate.
* `certificate`: Validates the provided certificate and verifies that its signed by a trusted authority (CA), but doesnt check the certificate `hostname`.
* `none`: Performs no certificate validation.
::::{important}
Setting certificate validation to `none` disables many security benefits of SSL/TLS, which is very dangerous. Only set this value if instructed by Elastic Support as a temporary diagnostic mechanism when attempting to resolve TLS errors.
::::
::::
Defaults to `full`.
`xpack.notification.email.ssl.cipher_suites`
: ([Static](docs-content://deploy-manage/deploy/self-managed/configure-elasticsearch.md#static-cluster-setting)) Supported cipher suites vary depending on which version of Java you use. For example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`, `TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.

9
docs/reference/elasticsearch/index-lifecycle-actions/ilm-searchable-snapshot.md
View file

@ -40,12 +40,11 @@ By default, this snapshot is deleted by the [delete action](/reference/elasticse
`force_merge_index`
: (Optional, Boolean) Force merges the managed index to one segment. Defaults to `true`. If the managed index was already force merged using the [force merge action](/reference/elasticsearch/index-lifecycle-actions/ilm-forcemerge.md) in a previous action the `searchable snapshot` action force merge step will be a no-op.
::::{note}
Shards that are relocating during a `forcemerge` will not be merged. The `searchable_snapshot` action will continue executing even if not all shards are force merged.
::::
::::{note}
Shards that are relocating during a `forcemerge` will not be merged. The `searchable_snapshot` action will continue executing even if not all shards are force merged.
::::
This force merging occurs in the phase that the index is in **prior** to the `searchable_snapshot` action. For example, if using a `searchable_snapshot` action in the `hot` phase, the force merge will be performed on the hot nodes. If using a `searchable_snapshot` action in the `cold` phase, the force merge will be performed on whatever tier the index is **prior** to the `cold` phase (either `hot` or `warm`).
This force merging occurs in the phase that the index is in **prior** to the `searchable_snapshot` action. For example, if using a `searchable_snapshot` action in the `hot` phase, the force merge will be performed on the hot nodes. If using a `searchable_snapshot` action in the `cold` phase, the force merge will be performed on whatever tier the index is **prior** to the `cold` phase (either `hot` or `warm`).
`total_shards_per_node`
: The maximum number of shards (replicas and primaries) that will be allocated to a single node for the searchable snapshot index. Defaults to unbounded.

6
docs/reference/elasticsearch/index-settings/history-retention.md
View file

@ -20,7 +20,11 @@ If a shard copy fails then it stops updating its shard history retention lease,
## History retention settings [_history_retention_settings]
`index.soft_deletes.enabled`
: [7.6.0] Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`.
: :::{admonition} Deprecated in 7.6.0
This setting was deprecated in 7.6.0.
:::
Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`.
`index.soft_deletes.retention_lease.period`
: The maximum period to retain a shard history retention lease before it is considered expired. Shard history retention leases ensure that soft deletes are retained during merges on the Lucene index. If a soft delete is merged away before it can be replicated to a follower the following process will fail due to incomplete history on the leader. Defaults to `12h`.

3
docs/reference/elasticsearch/index-settings/index-block.md
View file

@ -65,7 +65,8 @@ PUT /my-index-000001/_block/write
`<block>`
: (Required, string) Block type to add to the index.
::::{dropdown} Valid values for `<block>`
**Valid values**:
`metadata`
: Disable metadata changes, such as closing the index.

30
docs/reference/elasticsearch/index-settings/index-modules.md
View file

@ -77,7 +77,11 @@ $$$routing-partition-size$$$ `index.routing_partition_size`
$$$ccr-index-soft-deletes$$$
`index.soft_deletes.enabled`
: [7.6.0] Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`.
: :::{admonition} Deprecated in 7.6.0
This setting was deprecated in 7.6.0.
:::
Indicates whether soft deletes are enabled on the index. Soft deletes can only be configured at index creation and only on indices created on or after {{es}} 6.5.0. Defaults to `true`.
$$$ccr-index-soft-deletes-retention-period$$$
@ -88,24 +92,22 @@ $$$load-fixed-bitset-filters-eagerly$$$ `index.load_fixed_bitset_filters_eagerly
: Indicates whether [cached filters](/reference/query-languages/query-dsl/query-filter-context.md) are pre-loaded for nested queries. Possible values are `true` (default) and `false`.
$$$index-shard-check-on-startup$$$ `index.shard.check_on_startup`
: :::::{admonition}
::::{warning}
Expert users only. This setting enables some very expensive processing at shard startup and is only ever useful while diagnosing a problem in your cluster. If you do use it, you should do so only temporarily and remove it once it is no longer needed.
::::
: ::::{warning}
Expert users only. This setting enables some very expensive processing at shard startup and is only ever useful while diagnosing a problem in your cluster. If you do use it, you should do so only temporarily and remove it once it is no longer needed.
::::
{{es}} automatically performs integrity checks on the contents of shards at various points during their lifecycle. For instance, it verifies the checksum of every file transferred when recovering a replica or taking a snapshot. It also verifies the integrity of many important files when opening a shard, which happens when starting up a node and when finishing a shard recovery or relocation. You can therefore manually verify the integrity of a whole shard while it is running by taking a snapshot of it into a fresh repository or by recovering it onto a fresh node.
{{es}} automatically performs integrity checks on the contents of shards at various points during their lifecycle. For instance, it verifies the checksum of every file transferred when recovering a replica or taking a snapshot. It also verifies the integrity of many important files when opening a shard, which happens when starting up a node and when finishing a shard recovery or relocation. You can therefore manually verify the integrity of a whole shard while it is running by taking a snapshot of it into a fresh repository or by recovering it onto a fresh node.
This setting determines whether {{es}} performs additional integrity checks while opening a shard. If these checks detect corruption then they will prevent the shard from being opened. It accepts the following values:
This setting determines whether {{es}} performs additional integrity checks while opening a shard. If these checks detect corruption then they will prevent the shard from being opened. It accepts the following values:
`false`
: Dont perform additional checks for corruption when opening a shard. This is the default and recommended behaviour.
`false`
: Dont perform additional checks for corruption when opening a shard. This is the default and recommended behaviour.
`checksum`
: Verify that the checksum of every file in the shard matches its contents. This will detect cases where the data read from disk differ from the data that {{es}} originally wrote, for instance due to undetected disk corruption or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth and may affect cluster performance by evicting important data from your filesystem cache.
`checksum`
: Verify that the checksum of every file in the shard matches its contents. This will detect cases where the data read from disk differ from the data that {{es}} originally wrote, for instance due to undetected disk corruption or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth and may affect cluster performance by evicting important data from your filesystem cache.
`true`
: Performs the same checks as `checksum` and also checks for logical inconsistencies in the shard, which could for instance be caused by the data being corrupted while it was being written due to faulty RAM or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth, and then performing various checks on the contents of the shard which take substantial time, CPU and memory.
`true`
: Performs the same checks as `checksum` and also checks for logical inconsistencies in the shard, which could for instance be caused by the data being corrupted while it was being written due to faulty RAM or other hardware failures. These checks require reading the entire shard from disk which takes substantial time and IO bandwidth, and then performing various checks on the contents of the shard which take substantial time, CPU and memory.
:::::

6
docs/reference/elasticsearch/index-settings/store.md
View file

@ -46,9 +46,11 @@ The following sections lists all the different storage types supported.
: Default file system implementation. This will pick the best implementation depending on the operating environment, which is currently `hybridfs` on all supported systems but is subject to change.
$$$simplefs$$$`simplefs`
: deprecated::[7.15,"simplefs is deprecated and will be removed in 8.0. Use niofs or other file systems instead. Elasticsearch 7.15 or later uses niofs for the simplefs store type as it offers superior or equivalent performance to simplefs."]
: :::{admonition} Deprecated in 7.15
simplefs is deprecated and will be removed in 8.0. Use niofs or other file systems instead. Elasticsearch 7.15 or later uses niofs for the simplefs store type as it offers superior or equivalent performance to simplefs.
:::
The Simple FS type is a straightforward implementation of file system storage (maps to Lucene `SimpleFsDirectory`) using a random access file. This implementation has poor concurrent performance (multiple threads will bottleneck) and disables some optimizations for heap memory usage.
The Simple FS type is a straightforward implementation of file system storage (maps to Lucene `SimpleFsDirectory`) using a random access file. This implementation has poor concurrent performance (multiple threads will bottleneck) and disables some optimizations for heap memory usage.
$$$niofs$$$`niofs`
: The NIO FS type stores the shard index on the file system (maps to Lucene `NIOFSDirectory`) using NIO. It allows multiple threads to read from the same file concurrently. It is not recommended on Windows because of a bug in the SUN Java implementation and disables some optimizations for heap memory usage.

6
docs/reference/elasticsearch/mapping-reference/aggregate-metric-double.md
View file

@ -42,16 +42,14 @@ PUT my-index
`time_series_metric`
: (Optional, string) Marks the field as a [time series metric](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric). The value is the metric type. You cant update this parameter for existing fields.
::::{dropdown} Valid `time_series_metric` values for `aggregate_metric_double` fields
**Valid `time_series_metric` values for `aggregate_metric_double` fields**:
`gauge`
: A metric that represents a single numeric that can arbitrarily increase or decrease. For example, a temperature or available disk space.
`null` (Default)
: Not a time series metric.
::::
## Uses [aggregate-metric-double-uses]

2
docs/reference/elasticsearch/mapping-reference/array.md
View file

@ -12,7 +12,7 @@ In Elasticsearch, there is no dedicated `array` data type. Any field can contain
* an array of arrays: [ `1`, [ `2`, `3` ]] which is the equivalent of [ `1`, `2`, `3` ]
* an array of objects: [ `{ "name": "Mary", "age": 12 }`, `{ "name": "John", "age": 10 }`]
::::{admonition} Arrays with `object` field type vs `nested` type
::::{admonition} Arrays with object field type vs nested type
:class: note
Arrays of objects in Elasticsearch do not behave as you would expect: queries may match fields across different objects in the array, leading to unexpected results. By default, arrays of objects are [flattened](/reference/elasticsearch/mapping-reference/nested.md#nested-arrays-flattening-objects) during indexing. To ensure queries match values within the same object, use the [`nested`](/reference/elasticsearch/mapping-reference/nested.md) data type instead of the [`object`](/reference/elasticsearch/mapping-reference/object.md) data type.

44
docs/reference/elasticsearch/mapping-reference/dense-vector.md
View file

@ -190,7 +190,7 @@ $$$dense-vector-element-type$$$
`element_type`
: (Optional, string) The data type used to encode vectors. The supported data types are `float` (default), `byte`, and bit.
::::{dropdown} Valid values for `element_type`
::::{dropdown} Valid values for element_type
`float`
: indexes a 4-byte floating-point value per dimension. This is the default value.
@ -211,15 +211,15 @@ $$$dense-vector-element-type$$$
$$$dense-vector-similarity$$$
`similarity`
: (Optional*, string) The vector similarity metric to use in kNN search. Documents are ranked by their vector fields similarity to the query vector. The `_score` of each document will be derived from the similarity, in a way that ensures scores are positive and that a larger score corresponds to a higher ranking. Defaults to `l2_norm` when `element_type: bit` otherwise defaults to `cosine`.
: (Optional[¹](#footnote-1), string) The vector similarity metric to use in kNN search. Documents are ranked by their vector fields similarity to the query vector. The `_score` of each document will be derived from the similarity, in a way that ensures scores are positive and that a larger score corresponds to a higher ranking. Defaults to `l2_norm` when `element_type: bit` otherwise defaults to `cosine`.
* This parameter can only be specified when `index` is `true`.
¹ $$$footnote-1$$$ This parameter can only be specified when `index` is `true`.
::::{note}
`bit` vectors only support `l2_norm` as their similarity metric.
::::
::::{dropdown} Valid values for `similarity`
::::{dropdown} Valid values for similarity
`l2_norm`
: Computes similarity based on the L2 distance (also known as Euclidean distance) between the vectors. The document `_score` is computed as `1 / (1 + l2_norm(query, vector)^2)`.
@ -247,13 +247,13 @@ Although they are conceptually related, the `similarity` parameter is different
$$$dense-vector-index-options$$$
`index_options`
: (Optional*, object) An optional section that configures the kNN indexing algorithm. The HNSW algorithm has two internal parameters that influence how the data structure is built. These can be adjusted to improve the accuracy of results, at the expense of slower indexing speed.
: (Optional[²](#footnote-2), object) An optional section that configures the kNN indexing algorithm. The HNSW algorithm has two internal parameters that influence how the data structure is built. These can be adjusted to improve the accuracy of results, at the expense of slower indexing speed.
* This parameter can only be specified when `index` is `true`.
² $$$footnote-2$$$ This parameter can only be specified when `index` is `true`.
::::{dropdown} Properties of `index_options`
`type`
: (Required, string) The type of kNN algorithm to use. Can be either any of:
::::{dropdown} Properties of index_options
`type`
: (Required, string) The type of kNN algorithm to use. Can be either any of:
* `hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) for scalable approximate kNN search. This supports all `element_type` values.
* `int8_hnsw` - The default index type for float vectors. This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 4x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization).
* `int4_hnsw` - This utilizes the [HNSW algorithm](https://arxiv.org/abs/1603.09320) in addition to automatically scalar quantization for scalable approximate kNN search with `element_type` of `float`. This can reduce the memory footprint by 8x at the cost of some accuracy. See [Automatically quantize vectors for kNN search](#dense-vector-quantization).
@ -263,25 +263,25 @@ $$$dense-vector-index-options$$$
* `int4_flat` - This utilizes a brute-force search algorithm in addition to automatically half-byte scalar quantization. Only supports `element_type` of `float`.
* `bbq_flat` - This utilizes a brute-force search algorithm in addition to automatically binary quantization. Only supports `element_type` of `float`.
`m`
: (Optional, integer) The number of neighbors each node will be connected to in the HNSW graph. Defaults to `16`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types.
`m`
: (Optional, integer) The number of neighbors each node will be connected to in the HNSW graph. Defaults to `16`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types.
`ef_construction`
: (Optional, integer) The number of candidates to track while assembling the list of nearest neighbors for each new node. Defaults to `100`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types.
`ef_construction`
: (Optional, integer) The number of candidates to track while assembling the list of nearest neighbors for each new node. Defaults to `100`. Only applicable to `hnsw`, `int8_hnsw`, `int4_hnsw` and `bbq_hnsw` index types.
`confidence_interval`
: (Optional, float) Only applicable to `int8_hnsw`, `int4_hnsw`, `int8_flat`, and `int4_flat` index types. The confidence interval to use when quantizing the vectors. Can be any value between and including `0.90` and `1.0` or exactly `0`. When the value is `0`, this indicates that dynamic quantiles should be calculated for optimized quantization. When between `0.90` and `1.0`, this value restricts the values used when calculating the quantization thresholds. For example, a value of `0.95` will only use the middle 95% of the values when calculating the quantization thresholds (e.g. the highest and lowest 2.5% of values will be ignored). Defaults to `1/(dims + 1)` for `int8` quantized vectors and `0` for `int4` for dynamic quantile calculation.
`confidence_interval`
: (Optional, float) Only applicable to `int8_hnsw`, `int4_hnsw`, `int8_flat`, and `int4_flat` index types. The confidence interval to use when quantizing the vectors. Can be any value between and including `0.90` and `1.0` or exactly `0`. When the value is `0`, this indicates that dynamic quantiles should be calculated for optimized quantization. When between `0.90` and `1.0`, this value restricts the values used when calculating the quantization thresholds. For example, a value of `0.95` will only use the middle 95% of the values when calculating the quantization thresholds (e.g. the highest and lowest 2.5% of values will be ignored). Defaults to `1/(dims + 1)` for `int8` quantized vectors and `0` for `int4` for dynamic quantile calculation.
`rescore_vector`
: (Optional, object) An optional section that configures automatic vector rescoring on knn queries for the given field. Only applicable to quantized index types.
:::::{dropdown} Properties of `rescore_vector`
`oversample`
: (required, float) The amount to oversample the search results by. This value should be greater than `1.0` and less than `10.0` or exactly `0` to indicate no oversampling & rescoring should occur. The higher the value, the more vectors will be gathered and rescored with the raw values per shard.
`rescore_vector`
: (Optional, object) An optional section that configures automatic vector rescoring on knn queries for the given field. Only applicable to quantized index types.
:::::{dropdown} Properties of rescore_vector
`oversample`
: (required, float) The amount to oversample the search results by. This value should be greater than `1.0` and less than `10.0` or exactly `0` to indicate no oversampling & rescoring should occur. The higher the value, the more vectors will be gathered and rescored with the raw values per shard.
: In case a knn query specifies a `rescore_vector` parameter, the query `rescore_vector` parameter will be used instead.
: See [oversampling and rescoring quantized vectors](docs-content://solutions/search/vector/knn.md#dense-vector-knn-search-rescoring) for details.
:::::
::::
:::::
::::

5
docs/reference/elasticsearch/mapping-reference/keyword.md
View file

@ -113,11 +113,8 @@ The following parameters are accepted by `keyword` fields:
The `index.mapping.dimension_fields.limit` [index setting](/reference/elasticsearch/index-settings/time-series.md) limits the number of dimensions in an index.
Dimension fields have the following constraints:
* The `doc_values` and `index` mapping parameters must be `true`.
* Dimension values are used to identify a documents time series. If dimension values are altered in any way during indexing, the document will be stored as belonging to different from intended time series. As a result there are additional constraints:
* The field cannot use a [`normalizer`](/reference/elasticsearch/mapping-reference/normalizer.md).
* Dimension values are used to identify a documents time series. If dimension values are altered in any way during indexing, the document will be stored as belonging to different from intended time series. As a result there are additional constraints: the field cannot use a [`normalizer`](/reference/elasticsearch/mapping-reference/normalizer.md).
## Synthetic `_source` [keyword-synthetic-source]

2
docs/reference/elasticsearch/mapping-reference/mapping-source-field.md
View file

@ -305,7 +305,7 @@ PUT my-index-000001
}
```
::::{admonition} Think before disabling the `_source` field
::::{admonition} Think before disabling the _source field
:class: warning
Users often disable the `_source` field without thinking about the consequences, and then live to regret it. If the `_source` field isnt available then a number of features are not supported:

18
docs/reference/elasticsearch/mapping-reference/number.md
View file

@ -10,10 +10,10 @@ mapped_pages:
The following numeric types are supported:
`long`
: A signed 64-bit integer with a minimum value of `-2`^`63`^ and a maximum value of `2`^`63`^`-1`.
: A signed 64-bit integer with a minimum value of `-2^63` and a maximum value of `2^63 - 1`.
`integer`
: A signed 32-bit integer with a minimum value of `-2`^`31`^ and a maximum value of `2`^`31`^`-1`.
: A signed 32-bit integer with a minimum value of `-2^31` and a maximum value of `2^31 - 1`.
`short`
: A signed 16-bit integer with a minimum value of `-32,768` and a maximum value of `32,767`.
@ -34,7 +34,7 @@ The following numeric types are supported:
: A floating point number that is backed by a `long`, scaled by a fixed `double` scaling factor.
`unsigned_long`
: An unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2`^`64`^`-1`.
: An unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2^64 - 1`.
Below is an example of configuring a mapping with numeric fields:
@ -75,9 +75,9 @@ $$$floating_point$$$
| Type | Minimum value | Maximum value | Significant<br> bits / digits | Example precision loss |
| --- | --- | --- | --- | --- |
| `double` | `2`^`-1074`^ | `(2-2`^`-52`^`)·2`^`1023`^ | `53` / `15.95` | `1.2345678912345678`<br> `1.234567891234568` |
| `float` | `2`^`-149`^ | `(2-2`^`-23`^`)·2`^`127`^ | `24` / `7.22` | `1.23456789`<br> `1.2345679` |
| `half_float` | `2`^`-24`^ | `65504` | `11` / `3.31` | `1.2345`<br> `1.234375` |
| `double` | `2^-1074` | `(2 - 2^-52) * 2^1023` | `53 / 15.95` | `1.2345678912345678`<br>`1.234567891234568` |
| `float` | `2^-149` | `(2 - 2^-23) * 2^127` | `24 / 7.22` | `1.23456789`<br>`1.2345679` |
| `half_float` | `2^-24` | `65504` | `11 / 3.31` | `1.2345`<br>`1.234375` |
::::{admonition} Mapping numeric identifiers
:class: tip
@ -147,7 +147,8 @@ The following parameters are accepted by numeric types:
`time_series_metric`
: (Optional, string) Marks the field as a [time series metric](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric). The value is the metric type. You cant update this parameter for existing fields.
::::{dropdown} Valid `time_series_metric` values for numeric fields
**Valid `time_series_metric` values for numeric fields**:
`counter`
: A cumulative metric that only monotonically increases or resets to `0` (zero). For example, a count of errors or completed tasks.
@ -157,9 +158,6 @@ The following parameters are accepted by numeric types:
`null` (Default)
: Not a time series metric.
::::
For a numeric time series metric, the `doc_values` parameter must be `true`. A numeric field cant be both a time series dimension and a time series metric.

4
docs/reference/elasticsearch/mapping-reference/range.md
View file

@ -12,13 +12,13 @@ Range field types represent a continuous range of values between an upper and lo
The following range types are supported:
`integer_range`
: A range of signed 32-bit integers with a minimum value of `-2`^`31`^ and maximum of `2`^`31`^`-1`.
: A range of signed 32-bit integers with a minimum value of `-2^31` and maximum of `2^31 - 1`.
`float_range`
: A range of single-precision 32-bit IEEE 754 floating point values.
`long_range`
: A range of signed 64-bit integers with a minimum value of `-2`^`63`^ and maximum of `2`^`63`^`-1`.
: A range of signed 64-bit integers with a minimum value of `-2^63` and maximum of `2^63 - 1`.
`double_range`
: A range of double-precision 64-bit IEEE 754 floating point values.

2
docs/reference/elasticsearch/mapping-reference/rank-vectors.md
View file

@ -92,7 +92,7 @@ $$$rank-vectors-element-type$$$
`element_type`
: (Optional, string) The data type used to encode vectors. The supported data types are `float` (default), `byte`, and bit.
::::{dropdown} Valid values for `element_type`
::::{dropdown} Valid values for element_type
`float`
: indexes a 4-byte floating-point value per dimension. This is the default value.

29
docs/reference/elasticsearch/mapping-reference/semantic-text.md
View file

@ -110,29 +110,28 @@ to create the endpoint. If not specified, the {{infer}} endpoint defined by
`chunking_settings`
: (Optional, object) Settings for chunking text into smaller passages.
If specified, these will override the chunking settings set in the {infer-cap}
If specified, these will override the chunking settings set in the {{infer-cap}}
endpoint associated with `inference_id`.
If chunking settings are updated, they will not be applied to existing documents
until they are reindexed.
::::{dropdown} Valid values for `chunking_settings`
`type`
: Indicates the type of chunking strategy to use. Valid values are `word` or
`sentence`. Required.
**Valid values for `chunking_settings`**:
`max_chunk_size`
: The maximum number of works in a chunk. Required.
`type`
: Indicates the type of chunking strategy to use. Valid values are `word` or
`sentence`. Required.
`overlap`
: The number of overlapping words allowed in chunks. This cannot be defined as
more than half of the `max_chunk_size`. Required for `word` type chunking
settings.
`max_chunk_size`
: The maximum number of works in a chunk. Required.
`sentence_overlap`
: The number of overlapping sentences allowed in chunks. Valid values are `0`
or `1`. Required for `sentence` type chunking settings
`overlap`
: The number of overlapping words allowed in chunks. This cannot be defined as
more than half of the `max_chunk_size`. Required for `word` type chunking
settings.
::::
`sentence_overlap`
: The number of overlapping sentences allowed in chunks. Valid values are `0`
or `1`. Required for `sentence` type chunking settings
## {{infer-cap}} endpoint validation [infer-endpoint-validation]

2
docs/reference/elasticsearch/mapping-reference/unsigned-long.md
View file

@ -7,7 +7,7 @@ mapped_pages:
# Unsigned long field type [unsigned-long]
Unsigned long is a numeric field type that represents an unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2`^`64`^`-1` (from 0 to 18446744073709551615 inclusive).
Unsigned long is a numeric field type that represents an unsigned 64-bit integer with a minimum value of 0 and a maximum value of `2^64 - 1` (from 0 to 18446744073709551615 inclusive).
```console
PUT my_index

43
docs/reference/elasticsearch/rest-apis/api-conventions.md
View file

@ -232,33 +232,17 @@ PUT /%3Cmy-index-%7Bnow%2Fd%7D%3E
The special characters used for date rounding must be URI encoded as follows:
`<`
: `%3C`
`>`
: `%3E`
`/`
: `%2F`
`{`
: `%7B`
`}`
: `%7D`
`|`
: `%7C`
`+`
: `%2B`
`:`
: `%3A`
`,`
: `%2C`
| | |
|---|---|
| `<` | `%3C` |
| `>` | `%3E` |
| `/` | `%2F` |
| `{` | `%7B` |
| `}` | `%7D` |
| `|` | `%7C` |
| `+` | `%2B` |
| `:` | `%3A` |
| `,` | `%2C` |
::::
@ -340,8 +324,9 @@ Some multi-target APIs that can target indices also support the following query
`ignore_throttled`
: (Optional, Boolean) If `true`, concrete, expanded or aliased indices are ignored when frozen. Defaults to `true`.
[7.16.0]
:::{admonition} Deprecated in 7.16.0
This parameter was deprecated in 7.16.0.
:::
::::{note}
APIs with a single target, such as the [get document API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-get), do not support multi-target syntax.

4
docs/reference/elasticsearch/rest-apis/compatibility.md
View file

@ -55,12 +55,12 @@ To enable REST API compatibility for all requests received by {{es}} set the env
## REST API compatibility workflow [_rest_api_compatibility_workflow]
To leverage REST API compatibility during an upgrade from the last 8.x to 9.0.0-beta1:
To leverage REST API compatibility during an upgrade from the last 8.x to {{version}}:
1. Upgrade your [{{es}} clients](https://www.elastic.co/guide/en/elasticsearch/client/index.html) to the latest 8.x version and enable REST API compatibility.
2. Use the [Upgrade Assistant](docs-content://deploy-manage/upgrade/prepare-to-upgrade/upgrade-assistant.md) to review all critical issues and explore the deprecation logs. Some critical issues might be mitigated by REST API compatibility.
3. Resolve all critical issues before proceeding with the upgrade.
4. Upgrade Elasticsearch to 9.0.0-beta1.
4. Upgrade Elasticsearch to {{version}}.
5. Review the deprecation logs for entries with the category `compatible_api`. Review the workflow associated with the requests that relied on compatibility mode.
6. Upgrade your {{es}} clients to 9.x and resolve compatibility issues manually where needed.

1
docs/reference/elasticsearch/rest-apis/highlighting.md
View file

@ -108,7 +108,6 @@ boundary_scanner
`sentence`
: Break highlighted fragments at the next sentence boundary, as determined by Javas [BreakIterator](https://docs.oracle.com/javase/8/docs/api/java/text/BreakIterator.md). You can specify the locale to use with `boundary_scanner_locale`.
::::{note}
When used with the `unified` highlighter, the `sentence` scanner splits sentences bigger than `fragment_size` at the first word boundary next to `fragment_size`. You can set `fragment_size` to 0 to never split any sentence.
::::

2
docs/reference/elasticsearch/rest-apis/reindex-data-stream.md
View file

@ -18,7 +18,7 @@ For the most up-to-date API details, refer to [Migration APIs](https://www.elast
::::{tip}
These APIs are designed for indirect use by {{kib}}'s **Upgrade Assistant**. We strongly recommend you use the **Upgrade Assistant** to upgrade from 8.17 to 9.0.0-beta1. For upgrade instructions, refer to [Upgrading to Elastic 9.0.0-beta1](docs-content://deploy-manage/upgrade/deployment-or-cluster.md).
These APIs are designed for indirect use by {{kib}}'s **Upgrade Assistant**. We strongly recommend you use the **Upgrade Assistant** to upgrade from 8.17 to {{version}}. For upgrade instructions, refer to [Upgrading to Elastic {{version}}](docs-content://deploy-manage/upgrade/deployment-or-cluster.md).
::::

2
docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md
View file

@ -480,7 +480,7 @@ GET /_search
### Other methods of retrieving data [field-retrieval-methods]
::::{admonition} Using `fields` is typically better
::::{admonition} Using fields is typically better
These options are usually not required. Using the `fields` option is typically the better choice, unless you absolutely need to force loading a stored or `docvalue_fields`.
::::

9
docs/reference/elasticsearch/rest-apis/retrievers.md
View file

@ -263,15 +263,18 @@ A retriever that normalizes and linearly combines the scores of other retrievers
Each entry specifies the following parameters:
* `retriever`:: (Required, a `retriever` object)
`retriever`
: (Required, a `retriever` object)
Specifies the retriever for which we will compute the top documents for. The retriever will produce `rank_window_size` results, which will later be merged based on the specified `weight` and `normalizer`.
* `weight`:: (Optional, float)
`weight`
: (Optional, float)
The weight that each score of this retrievers top docs will be multiplied with. Must be greater or equal to 0. Defaults to 1.0.
* `normalizer`:: (Optional, String)
`normalizer`
: (Optional, String)
Specifies how we will normalize the retrievers scores, before applying the specified `weight`. Available values are: `minmax`, and `none`. Defaults to `none`.

35
docs/reference/elasticsearch/security-privileges.md
View file

@ -79,7 +79,11 @@ This section lists the privileges that you can assign to a role.
`manage_data_frame_transforms`
: All operations related to managing {{transforms}}. [7.5] Use `manage_transform` instead.
: :::{admonition} Deprecated in 7.5
Use `manage_transform` instead.
:::
All operations related to managing {{transforms}}.
This privilege is not available in {{serverless-full}}.
@ -163,8 +167,9 @@ This section lists the privileges that you can assign to a role.
This privilege is not available in {{serverless-full}}.
[8.15] Also grants the permission to start and stop {{Ilm}}, using the [ILM start](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-start) and [ILM stop](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-stop) APIs. In a future major release, this privilege will not grant any {{Ilm}} permissions.
:::{admonition} Deprecated in 8.15
Also grants the permission to start and stop {{Ilm}}, using the [ILM start](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-start) and [ILM stop](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-stop) APIs. In a future major release, this privilege will not grant any {{Ilm}} permissions.
:::
`manage_token`
: All security-related operations on tokens that are generated by the {{es}} Token Service.
@ -256,8 +261,9 @@ This section lists the privileges that you can assign to a role.
This privilege is not available in {{serverless-full}}.
[8.15] Also grants the permission to get the {{Ilm}} status, using the [ILM get status API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-get-status). In a future major release, this privilege will not grant any {{Ilm}} permissions.
:::{admonition} Deprecated in 8.15
Also grants the permission to get the {{Ilm}} status, using the [ILM get status API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ilm-get-status). In a future major release, this privilege will not grant any {{Ilm}} permissions.
:::
`read_security`
: All read-only security-related operations, such as getting users, user profiles, {{es}} API keys, {{es}} service accounts, roles and role mappings. Allows [querying](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-query-api-keys) and [retrieving information](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-get-api-key) on all {{es}} API keys.
@ -280,7 +286,9 @@ This section lists the privileges that you can assign to a role.
`create`
: Privilege to index documents.
[8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::{admonition} Deprecated in 8.0
Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::
::::{note}
This privilege does not restrict the index operation to the creation of documents but instead restricts API use to the index API. The index API allows a user to overwrite a previously indexed document. See the `create_doc` privilege for an alternative.
@ -290,7 +298,9 @@ This section lists the privileges that you can assign to a role.
`create_doc`
: Privilege to index documents. It does not grant the permission to update or overwrite existing documents.
[8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::{admonition} Deprecated in 8.0
Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::
::::{note}
This privilege relies on the `op_type` of indexing requests ([Index](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-create) and [Bulk](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-bulk)). When ingesting documents as a user who has the `create_doc` privilege (and no higher privilege such as `index` or `write`), you must ensure that *op_type* is set to *create* through one of the following:
@ -330,8 +340,9 @@ This section lists the privileges that you can assign to a role.
`index`
: Privilege to index and update documents.
[8.0] Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::{admonition} Deprecated in 8.0
Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
:::
`maintenance`
: Permits refresh, flush, synced flush and force merge index administration operations. No privilege to read or write index data or otherwise manage the index.
@ -378,9 +389,9 @@ This section lists the privileges that you can assign to a role.
`write`
: Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations, while also allowing to dynamically update the index mapping.
[8.0] It also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping). This will be retracted in a future major release.
:::{admonition} Deprecated in 8.0
It also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping). This will be retracted in a future major release.
:::
## Run as privilege [_run_as_privilege]

131
docs/reference/enrich-processor/inference-processor.md
View file

@ -130,9 +130,9 @@ Classification configuration for inference.
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of bert
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -143,8 +143,8 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of deberta_v2
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -153,8 +153,8 @@ Classification configuration for inference.
* `first`: Only the first sequence is truncated.
* `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated.
::::
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of roberta
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -165,8 +165,8 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of mpnet
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -177,7 +177,7 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
::::
::::
## NER configuration options [inference-processor-ner-opt]
@ -194,9 +194,9 @@ Classification configuration for inference.
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of bert
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -207,8 +207,8 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of deberta_v2
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -217,8 +217,8 @@ Classification configuration for inference.
* `first`: Only the first sequence is truncated.
* `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated.
::::
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of roberta
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -229,8 +229,8 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of mpnet
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -241,7 +241,7 @@ Classification configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
::::
::::
## {{regression-cap}} configuration options [inference-processor-regression-opt]
@ -274,9 +274,9 @@ Regression configuration for inference.
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of bert
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -293,8 +293,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of deberta_v2
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -309,8 +309,8 @@ Regression configuration for inference.
* `first`: Only the first sequence is truncated.
* `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated.
:::::
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of roberta
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -327,8 +327,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of mpnet
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -339,7 +339,7 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
::::
::::
## Text embedding configuration options [inference-processor-text-embedding-opt]
@ -356,9 +356,9 @@ Regression configuration for inference.
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of bert
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -369,8 +369,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of deberta_v2
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -379,8 +379,8 @@ Regression configuration for inference.
* `first`: Only the first sequence is truncated.
* `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated.
::::
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of roberta
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -391,8 +391,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of mpnet
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -403,7 +403,7 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
::::
::::
## Text expansion configuration options [inference-processor-text-expansion-opt]
@ -420,9 +420,9 @@ Regression configuration for inference.
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
::::{dropdown} Properties of tokenization
`bert`
: (Optional, object) BERT-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of bert
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -439,8 +439,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
`deberta_v2`
: (Optional, object) DeBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of deberta_v2
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -455,8 +455,8 @@ Regression configuration for inference.
* `first`: Only the first sequence is truncated.
* `second`: Only the second sequence is truncated. If there is just one sequence, that sequence is truncated.
:::::
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
`roberta`
: (Optional, object) RoBERTa-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of roberta
`span`
(Optional, integer) When `truncate` is `none`, you can partition longer text sequences for inference. The value indicates how many tokens overlap between each subsequence.
@ -473,8 +473,8 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
`mpnet`
: (Optional, object) MPNet-style tokenization is to be performed with the enclosed settings.
:::::{dropdown} Properties of mpnet
`truncate`
(Optional, string) Indicates how tokens are truncated when they exceed `max_sequence_length`. The default value is `first`.
@ -485,28 +485,29 @@ Regression configuration for inference.
For `zero_shot_classification`, the hypothesis sequence is always the second sequence. Therefore, do not use `second` in this case.
::::
:::::
::::
::::
## Text similarity configuration options [inference-processor-text-similarity-opt]
`text_similarity`
: (Object, optional) Text similarity takes an input sequence and compares it with another input sequence. This is commonly referred to as cross-encoding. This task is useful for ranking document text when comparing it to another provided text input.
::::{dropdown} Properties of text_similarity inference
`span_score_combination_function`
: (Optional, string) Identifies how to combine the resulting similarity score when a provided text passage is longer than `max_sequence_length` and must be automatically separated for multiple calls. This only is applicable when `truncate` is `none` and `span` is a non-negative number. The default value is `max`. Available options are:
* `max`: The maximum score from all the spans is returned.
* `mean`: The mean score over all the spans is returned.
`tokenization`
: (Optional, object) Indicates the tokenization to perform and the desired settings. The default tokenization configuration is `bert`. Valid tokenization values are
* `bert`: Use for BERT-style models
* `deberta_v2`: Use for DeBERTa v2 and v3-style models
* `mpnet`: Use for MPNet-style models
* `roberta`: Use for RoBERTa-style and BART-style models
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
Refer to [Properties of `tokenizaton`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ml-put-trained-model) to review the properties of the `tokenization` object.
::::
::::{dropdown} Properties of text_similarity inference
`span_score_combination_function`
: (Optional, string) Identifies how to combine the resulting similarity score when a provided text passage is longer than `max_sequence_length` and must be automatically separated for multiple calls. This only is applicable when `truncate` is `none` and `span` is a non-negative number. The default value is `max`. Available options are:
* `max`: The maximum score from all the spans is returned.
* `mean`: The mean score over all the spans is returned.
`tokenization`
: (Optional, object) Indicates the tokenization to perform and the desired settings. The default tokenization configuration is `bert`. Valid tokenization values are
* `bert`: Use for BERT-style models
* `deberta_v2`: Use for DeBERTa v2 and v3-style models
* `mpnet`: Use for MPNet-style models
* `roberta`: Use for RoBERTa-style and BART-style models
* [preview] `xlm_roberta`: Use for XLMRoBERTa-style models
* [preview] `bert_ja`: Use for BERT-style models trained for the Japanese language.
Refer to [Properties of `tokenizaton`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ml-put-trained-model) to review the properties of the `tokenization` object.
::::
## Zero shot classification configuration options [inference-processor-zero-shot-opt]

2
docs/reference/query-languages/eql/eql-function-ref.md
View file

@ -219,7 +219,7 @@ Returns the quotient of a provided dividend and divisor.
If both the dividend and divisor are integers, the `divide` function *rounds down* any returned floating point numbers to the nearest integer. To avoid rounding, convert either the dividend or divisor to a float.
::::{dropdown} **Example**
::::{dropdown} Example
The `process.args_count` field is a [`long`](/reference/elasticsearch/mapping-reference/number.md) integer field containing a count of process arguments.
A user might expect the following EQL query to only match events with a `process.args_count` value of `4`.

2
docs/reference/query-languages/query-dsl/query-dsl-mlt-query.md
View file

@ -150,7 +150,7 @@ The only required parameter is `like`, all other parameters have sensible defaul
: The minimum document frequency below which the terms will be ignored from the input document. Defaults to `5`.
`max_doc_freq`
: The maximum document frequency above which the terms will be ignored from the input document. This could be useful in order to ignore highly frequent words such as stop words. Defaults to unbounded (`Integer.MAX_VALUE`, which is `2`^`31`^`-1` or 2147483647).
: The maximum document frequency above which the terms will be ignored from the input document. This could be useful in order to ignore highly frequent words such as stop words. Defaults to unbounded (`Integer.MAX_VALUE`, which is `2^31 - 1` or 2147483647).
`min_word_length`
: The minimum word length below which the terms will be ignored. Defaults to `0`.

6
docs/reference/query-languages/query-dsl/query-dsl-multi-match-query.md
View file

@ -139,7 +139,7 @@ Normally the `best_fields` type uses the score of the **single** best matching f
Also, accepts `analyzer`, `boost`, `operator`, `minimum_should_match`, `fuzziness`, `lenient`, `prefix_length`, `max_expansions`, `fuzzy_rewrite`, `zero_terms_query`, `auto_generate_synonyms_phrase_query` and `fuzzy_transpositions`, as explained in [match query](/reference/query-languages/query-dsl/query-dsl-match-query.md).
::::{admonition} `operator` and `minimum_should_match`
::::{admonition} operator and minimum_should_match
:class: important
:name: operator-min
@ -257,7 +257,7 @@ GET /_search
Also, accepts `analyzer`, `boost`, `lenient` and `zero_terms_query` as explained in [Match](/reference/query-languages/query-dsl/query-dsl-match-query.md), as well as `slop` which is explained in [Match phrase](/reference/query-languages/query-dsl/query-dsl-match-query-phrase.md). Type `phrase_prefix` additionally accepts `max_expansions`.
::::{admonition} `phrase`, `phrase_prefix` and `fuzziness`
::::{admonition} phrase, phrase_prefix and fuzziness
:class: important
:name: phrase-fuzziness
@ -438,7 +438,7 @@ By default, each per-term `blended` query will use the best score returned by an
`0.0 < n < 1.0`
: Take the single best score plus `tie_breaker` multiplied by each of the scores from other matching fields/ groups
::::{admonition} `cross_fields` and `fuzziness`
::::{admonition} cross_fields and fuzziness
:class: important
:name: crossfields-fuzziness

8
docs/reference/query-languages/query-dsl/query-dsl-prefix-query.md
View file

@ -41,8 +41,12 @@ GET /_search
`rewrite`
: (Optional, string) Method used to rewrite the query. For valid values and more information, see the [`rewrite` parameter](/reference/query-languages/query-dsl/query-dsl-multi-term-rewrite.md).
`case_insensitive` [7.10.0]
: (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`case_insensitive`
: :::{admonition} Added in 7.10.0
This parameter was added in 7.10.0.
:::
(Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
## Notes [prefix-query-notes]

85
docs/reference/query-languages/query-dsl/query-dsl-range-query.md
View file

@ -31,30 +31,30 @@ GET /_search
## Top-level parameters for `range` [range-query-top-level-params]
`<field>`
&nbsp;&nbsp;&nbsp;&nbsp; (Required, object) Field you wish to search.
: (Required, object) Field you wish to search.
## Parameters for `<field>` [range-query-field-params]
`gt`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional) Greater than.
: (Optional) Greater than.
`gte`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional) Greater than or equal to.
: (Optional) Greater than or equal to.
`lt`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional) Less than.
: (Optional) Less than.
`lte`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional) Less than or equal to.
: (Optional) Less than or equal to.
`format`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional, string) Date format used to convert `date` values in the query.
: (Optional, string) Date format used to convert `date` values in the query.
&nbsp;&nbsp;&nbsp;&nbsp; By default, {{es}} uses the [date `format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md) provided in the `<field>`'s
&nbsp;&nbsp;&nbsp;&nbsp; mapping. This value overrides that mapping format.
By default, {{es}} uses the [date `format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md) provided in the `<field>`'s
mapping. This value overrides that mapping format.
&nbsp;&nbsp;&nbsp;&nbsp; For valid syntax, see [`format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md).
For valid syntax, see [`format`](/reference/elasticsearch/mapping-reference/mapping-date-format.md).
::::{warning}
If a format or date value is incomplete, the range query replaces any missing components with default values. See [Missing date components](#missing-date-components).
@ -65,29 +65,28 @@ If a format or date value is incomplete, the range query replaces any missing co
$$$querying-range-fields$$$
`relation`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional, string) Indicates how the range query matches values for `range`
&nbsp;&nbsp;&nbsp;&nbsp; fields. Valid values are:
: (Optional, string) Indicates how the range query matches values for `range`
fields. Valid values are:
&nbsp;&nbsp;&nbsp;&nbsp; `INTERSECTS` (Default)
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Matches documents with a range field value that intersects the querys range.
`INTERSECTS` (Default)
: Matches documents with a range field value that intersects the querys range.
&nbsp;&nbsp;&nbsp;&nbsp; `CONTAINS`
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Matches documents with a range field value that entirely contains the
&nbsp;&nbsp;&nbsp;&nbsp; querys range.
`CONTAINS`
: Matches documents with a range field value that entirely contains the querys range.
&nbsp;&nbsp;&nbsp;&nbsp; `WITHIN`
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Matches documents with a range field value entirely within the querys range.
`WITHIN`
: Matches documents with a range field value entirely within the querys range.
`time_zone`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional, string) [Coordinated Universal Time (UTC) offset](https://en.wikipedia.org/wiki/List_of_UTC_time_offsets) or [IANA time zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
&nbsp;&nbsp;&nbsp;&nbsp; used to convert `date` values in the query to UTC.
: (Optional, string) [Coordinated Universal Time (UTC) offset](https://en.wikipedia.org/wiki/List_of_UTC_time_offsets) or [IANA time zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
used to convert `date` values in the query to UTC.
&nbsp;&nbsp;&nbsp;&nbsp; Valid values are ISO 8601 UTC offsets, such as `+01:00` or -`08:00`, and IANA
&nbsp;&nbsp;&nbsp;&nbsp; time zone IDs, such as `America/Los_Angeles`.
Valid values are ISO 8601 UTC offsets, such as `+01:00` or -`08:00`, and IANA
time zone IDs, such as `America/Los_Angeles`.
&nbsp;&nbsp;&nbsp;&nbsp; For an example query using the `time_zone` parameter, see
&nbsp;&nbsp;&nbsp;&nbsp; [Time zone in `range` queries](#range-query-time-zone).
For an example query using the `time_zone` parameter, see
[Time zone in `range` queries](#range-query-time-zone).
::::{note}
The `time_zone` parameter does **not** affect the [date math](/reference/elasticsearch/rest-apis/common-options.md#date-math) value of `now`. `now` is always the current system time in UTC.
@ -99,15 +98,15 @@ However, the `time_zone` parameter does convert dates calculated using `now` and
`boost`
&nbsp;&nbsp;&nbsp;&nbsp; (Optional, float) Floating point number used to decrease or increase the
&nbsp;&nbsp;&nbsp;&nbsp; [relevance scores](/reference/query-languages/query-dsl/query-filter-context.md#relevance-scores) of a query. Defaults to `1.0`.
: (Optional, float) Floating point number used to decrease or increase the
[relevance scores](/reference/query-languages/query-dsl/query-filter-context.md#relevance-scores) of a query. Defaults to `1.0`.
&nbsp;&nbsp;&nbsp;&nbsp; You can use the `boost` parameter to adjust relevance scores for searches
&nbsp;&nbsp;&nbsp;&nbsp; containing two or more queries.
You can use the `boost` parameter to adjust relevance scores for searches
containing two or more queries.
&nbsp;&nbsp;&nbsp;&nbsp; Boost values are relative to the default value of `1.0`. A boost value between `0`
&nbsp;&nbsp;&nbsp;&nbsp; and `1.0` decreases the relevance score. A value greater than `1.0`
&nbsp;&nbsp;&nbsp;&nbsp; increases the relevance score.
Boost values are relative to the default value of `1.0`. A boost value between `0`
and `1.0` decreases the relevance score. A value greater than `1.0`
increases the relevance score.
@ -169,31 +168,31 @@ When no date format is specified and the range query is targeting a date field,
{{es}} rounds [date math](/reference/elasticsearch/rest-apis/common-options.md#date-math) values in parameters as follows:
`gt`
&nbsp;&nbsp;&nbsp;&nbsp; Rounds up to the first millisecond not covered by the rounded date.
: Rounds up to the first millisecond not covered by the rounded date.
&nbsp;&nbsp;&nbsp;&nbsp; For example, `2014-11-18||/M` rounds up to `2014-12-01T00:00:00.000`,
&nbsp;&nbsp;&nbsp;&nbsp; excluding the entire month of November.
For example, `2014-11-18||/M` rounds up to `2014-12-01T00:00:00.000`,
excluding the entire month of November.
`gte`
&nbsp;&nbsp;&nbsp;&nbsp; Rounds down to the first millisecond.
: Rounds down to the first millisecond.
&nbsp;&nbsp;&nbsp;&nbsp; For example, `2014-11-18||/M` rounds down to `2014-11-01T00:00:00.000`,
&nbsp;&nbsp;&nbsp;&nbsp; including the entire month.
For example, `2014-11-18||/M` rounds down to `2014-11-01T00:00:00.000`,
including the entire month.
`lt`
&nbsp;&nbsp;&nbsp;&nbsp; Rounds down to the last millisecond before the rounded value.
: Rounds down to the last millisecond before the rounded value.
&nbsp;&nbsp;&nbsp;&nbsp; For example, `2014-11-18||/M` rounds down to `2014-10-31T23:59:59.999`,
&nbsp;&nbsp;&nbsp;&nbsp; excluding the entire month of November.
For example, `2014-11-18||/M` rounds down to `2014-10-31T23:59:59.999`,
excluding the entire month of November.
`lte`
&nbsp;&nbsp;&nbsp;&nbsp; Rounds up to the latest millisecond in the rounding interval.
: Rounds up to the latest millisecond in the rounding interval.
&nbsp;&nbsp;&nbsp;&nbsp; For example, `2014-11-18||/M` rounds up to `2014-11-30T23:59:59.999`,
&nbsp;&nbsp;&nbsp;&nbsp; including the entire month.
For example, `2014-11-18||/M` rounds up to `2014-11-30T23:59:59.999`,
including the entire month.

8
docs/reference/query-languages/query-dsl/query-dsl-regexp-query.md
View file

@ -55,8 +55,12 @@ GET /_search
`flags`
: (Optional, string) Enables optional operators for the regular expression. For valid values and more information, see [Regular expression syntax](/reference/query-languages/query-dsl/regexp-syntax.md#regexp-optional-operators).
`case_insensitive` [7.10.0]
: (Optional, Boolean) Allows case insensitive matching of the regular expression value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`case_insensitive`
: :::{admonition} Added in 7.10.0
This parameter was added in 7.10.0.
:::
(Optional, Boolean) Allows case insensitive matching of the regular expression value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`max_determinized_states`
: (Optional, integer) Maximum number of [automaton states](https://en.wikipedia.org/wiki/Deterministic_finite_automaton) required for the query. Default is `10000`.

8
docs/reference/query-languages/query-dsl/query-dsl-term-query.md
View file

@ -57,8 +57,12 @@ GET /_search
Boost values are relative to the default value of `1.0`. A boost value between `0` and `1.0` decreases the relevance score. A value greater than `1.0` increases the relevance score.
`case_insensitive` [7.10.0]
: (Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`case_insensitive`
: :::{admonition} Added in 7.10.0
This parameter was added in 7.10.0.
:::
(Optional, Boolean) Allows ASCII case insensitive matching of the value with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
## Notes [term-query-notes]

9
docs/reference/query-languages/query-dsl/query-dsl-weighted-tokens-query.md
View file

@ -47,11 +47,12 @@ POST _search
## Top level parameters for `weighted_token` [weighted-token-query-params]
`<tokens>`
: (Required, dictionary) A dictionary of token-weight pairs.
### `<tokens>`
`pruning_config`
: (Optional, object) Optional pruning configuration. If enabled, this will omit non-significant tokens from the query in order to improve query performance. Default: Disabled.
(Required, dictionary) A dictionary of token-weight pairs.
`pruning_config`
: (Optional, object) Optional pruning configuration. If enabled, this will omit non-significant tokens from the query in order to improve query performance. Default: Disabled.
Parameters for `<pruning_config>` are:

8
docs/reference/query-languages/query-dsl/query-dsl-wildcard-query.md
View file

@ -47,8 +47,12 @@ GET /_search
Boost values are relative to the default value of `1.0`. A boost value between `0` and `1.0` decreases the relevance score. A value greater than `1.0` increases the relevance score.
`case_insensitive` [7.10.0]
: (Optional, Boolean) Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`case_insensitive`
: :::{admonition} Added in 7.10.0
This parameter was added in 7.10.0.
:::
(Optional, Boolean) Allows case insensitive matching of the pattern with the indexed field values when set to true. Default is false which means the case sensitivity of matching depends on the underlying fields mapping.
`rewrite`
: (Optional, string) Method used to rewrite the query. For valid values and more information, see the [`rewrite` parameter](/reference/query-languages/query-dsl/query-dsl-multi-term-rewrite.md).

23
docs/reference/query-languages/sql/sql-data-types.md
View file

@ -5,10 +5,10 @@ mapped_pages:
# Data Types [sql-data-types]
| | | | |
| --- | --- | --- | --- |
**Core types**
| **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** |
| Core types |
| --- | --- | --- | --- |
| [`null`](/reference/elasticsearch/mapping-reference/null-value.md) | `null` | NULL | 0 |
| [`boolean`](/reference/elasticsearch/mapping-reference/boolean.md) | `boolean` | BOOLEAN | 1 |
| [`byte`](/reference/elasticsearch/mapping-reference/number.md) | `byte` | TINYINT | 3 |
@ -26,14 +26,22 @@ mapped_pages:
| [`date`](/reference/elasticsearch/mapping-reference/date.md) | `datetime` | TIMESTAMP | 29 |
| [`ip`](/reference/elasticsearch/mapping-reference/ip.md) | `ip` | VARCHAR | 39 |
| [`version`](/reference/elasticsearch/mapping-reference/version.md) | `version` | VARCHAR | 32,766 |
| Complex types |
**Complex types**
| **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** |
| --- | --- | --- | --- |
| [`object`](/reference/elasticsearch/mapping-reference/object.md) | `object` | STRUCT | 0 |
| [`nested`](/reference/elasticsearch/mapping-reference/nested.md) | `nested` | STRUCT | 0 |
| Unsupported types |
**Unsupported types**
| **{{es}} type** | **Elasticsearch SQL type** | **SQL type** | **SQL precision** |
| --- | --- | --- | --- |
| *types not mentioned above* | `unsupported` | OTHER | 0 |
::::{note}
Most of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are available in Elasticsearch SQL, as indicated above. As one can see, all of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are mapped to the data type with the same name in Elasticsearch SQL, with the exception of **date** data type which is mapped to **datetime*** in Elasticsearch SQL. This is to avoid confusion with the ANSI SQL types ***DATE** (date only) and **TIME** (time only), which are also supported by Elasticsearch SQL in queries (with the use of [`CAST`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-cast)/[`CONVERT`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-convert)), but dont correspond to an actual mapping in {{es}} (see the [`table`](#es-sql-only-types) below).
Most of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are available in Elasticsearch SQL, as indicated above. As one can see, all of {{es}} [data types](/reference/elasticsearch/mapping-reference/field-data-types.md) are mapped to the data type with the same name in Elasticsearch SQL, with the exception of **date** data type which is mapped to **datetime** in Elasticsearch SQL. This is to avoid confusion with the ANSI SQL types **DATE** (date only) and **TIME** (time only), which are also supported by Elasticsearch SQL in queries (with the use of [`CAST`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-cast)/[`CONVERT`](/reference/query-languages/sql/sql-functions-type-conversion.md#sql-functions-type-conversion-convert)), but dont correspond to an actual mapping in {{es}} (see the [`table`](#es-sql-only-types) below).
::::
@ -44,9 +52,8 @@ In addition to the types above, Elasticsearch SQL also supports at *runtime* SQL
$$$es-sql-only-types$$$
The table below indicates these types:
| | |
| --- | --- |
| **SQL type** | **SQL precision** |
| --- | --- |
| `date` | 29 |
| `time` | 18 |
| `interval_year` | 7 |

12
docs/reference/query-languages/sql/sql-functions-aggs.md
View file

@ -164,9 +164,8 @@ SELECT FIRST(a) FROM t
will result in:
| |
| --- |
| **FIRST(a)** |
| --- |
| 1 |
and
@ -177,9 +176,8 @@ SELECT FIRST(a, b) FROM t
will result in:
| |
| --- |
| **FIRST(a, b)** |
| --- |
| 100 |
```sql
@ -285,9 +283,8 @@ SELECT LAST(a) FROM t
will result in:
| |
| --- |
| **LAST(a)** |
| --- |
| 200 |
and
@ -298,9 +295,8 @@ SELECT LAST(a, b) FROM t
will result in:
| |
| --- |
| **LAST(a, b)** |
| --- |
| 2 |
```sql

6
docs/reference/query-languages/sql/sql-functions-datetime.md
View file

@ -15,9 +15,8 @@ A common requirement when dealing with date/time in general revolves around the
The table below shows the mapping between {{es}} and Elasticsearch SQL:
| | |
| --- | --- |
| **{{es}}** | **Elasticsearch SQL** |
| --- | --- |
| Index/Table datetime math |
| `<index-{now/M{YYYY.MM}}>` |
| Query date/time math |
@ -38,9 +37,8 @@ Elasticsearch SQL accepts also the plural for each time unit (e.g. both `YEAR` a
Example of the possible combinations below:
| | |
| --- | --- |
| **Interval** | **Description** |
| --- | --- |
| `INTERVAL '1-2' YEAR TO MONTH` | 1 year and 2 months |
| `INTERVAL '3 4' DAYS TO HOURS` | 3 days and 4 hours |
| `INTERVAL '5 6:12' DAYS TO MINUTES` | 5 days, 6 hours and 12 minutes |

3
docs/reference/query-languages/sql/sql-index-patterns.md
View file

@ -85,9 +85,8 @@ Notice how now `emp%` does not match any tables because `%`, which means match z
In a nutshell, the differences between the two type of patterns are:
| | | |
| --- | --- | --- |
| **Feature** | **Multi index** | **SQL `LIKE`** |
| --- | --- | --- |
| Type of quoting | `"` | `'` |
| Inclusion | Yes | Yes |
| Exclusion | Yes | No |

6
docs/reference/query-languages/sql/sql-lexical-structure.md
View file

@ -123,9 +123,8 @@ To escape single or double quotes, one needs to use that specific quote one more
A few characters that are not alphanumeric have a dedicated meaning different from that of an operator. For completeness these are specified below:
| | |
| --- | --- |
| **Char** | **Description** |
| --- | --- |
| `*` | The asterisk (or wildcard) is used in some contexts to denote all fields for a table. Can be also used as an argument to some aggregate functions. |
| `,` | Commas are used to enumerate the elements of a list. |
| `.` | Used in numeric constants or to separate identifiers qualifiers (catalog, table, column names, etc…). |
@ -138,9 +137,8 @@ Most operators in Elasticsearch SQL have the same precedence and are left-associ
The following table indicates the supported operators and their precedence (highest to lowest);
| | | |
| --- | --- | --- |
| **Operator/Element** | **Associativity** | **Description** |
| --- | --- | --- |
| `.` | left | qualifier separator |
| `::` | left | PostgreSQL-style type cast |
| `+ -` | right | unary plus and minus (numeric literal sign) |

3
docs/reference/query-languages/sql/sql-like-rlike-operators.md
View file

@ -93,9 +93,8 @@ When using `LIKE`/`RLIKE`, do consider using [full-text search predicates](/refe
<!--
For example:
| | |
| --- | --- |
| **LIKE/RLIKE** | **QUERY/MATCH** |
| --- | --- |
| ``foo LIKE 'bar'`` | ``MATCH(foo, 'bar')`` |
| ``foo LIKE 'bar' AND tar LIKE 'goo'`` | ``MATCH('foo^2, tar^5', 'bar goo', 'operator=and')`` |
| ``foo LIKE 'barr'`` | ``QUERY('foo: bar~')`` |

3
docs/reference/query-languages/sql/sql-syntax-reserved.md
View file

@ -13,9 +13,8 @@ The following table lists all of the keywords that are reserved in Elasticsearch
SELECT "AS" FROM index
```
| | | |
| --- | --- | --- |
| **Keyword** | **SQL:2016** | **SQL-92** |
| --- | --- | --- |
| `ALL` | reserved | reserved |
| `AND` | reserved | reserved |
| `ANY` | reserved | reserved |

6
docs/reference/scripting-languages/painless/painless-api-examples.md
View file

@ -42,7 +42,7 @@ Each context requires a script, but additional parameters depend on the context
The `emit` method cannot accept `null` values. Do not call this method if the referenced fields do not have any values.
:::
::::{dropdown} Signatures of `emit`
::::{dropdown} Signatures of emit
The signature for `emit` depends on the `type` of the field.
`boolean`
@ -72,7 +72,7 @@ $$$_contexts$$$
`context`
: (Optional, string) The context that the script should run in. Defaults to `painless_test` if no context is specified.
::::::{dropdown} Properties of `context`
::::::{dropdown} Properties of context
`painless_test`
: The default context if no other context is specified. See [test context](#painless-execute-test).
@ -130,7 +130,7 @@ Result ordering in the field contexts is not guaranteed.
::::
:::::{dropdown} Properties of `context_setup`
:::::{dropdown} Properties of context_setup
`document`
: (Required, string) Document thats temporarily indexed in-memory and accessible from the script.

3
docs/reference/scripting-languages/painless/painless-operators.md
View file

@ -7,9 +7,8 @@ mapped_pages:
An operator is the most basic action that can be taken to evaluate values in a script. An expression is one-to-many consecutive operations. Precedence is the order in which an operator will be evaluated relative to another operator. Associativity is the direction within an expression in which a specific operator is evaluated. The following table lists all available operators:
| | | | | |
| --- | --- | --- | --- | --- |
| **Operator** | **Category** | **Symbol(s)** | **Precedence** | **Associativity** |
| --- | --- | --- | --- | --- |
| [Precedence](/reference/scripting-languages/painless/painless-operators-general.md#precedence-operator) | [General](/reference/scripting-languages/painless/painless-operators-general.md) | () | 0 | left → right |
| [Method Call](/reference/scripting-languages/painless/painless-operators-reference.md#method-call-operator) | [Reference](/reference/scripting-languages/painless/painless-operators-reference.md) | . () | 1 | left → right |
| [Field Access](/reference/scripting-languages/painless/painless-operators-reference.md#field-access-operator) | [Reference](/reference/scripting-languages/painless/painless-operators-reference.md) | . | 1 | left → right |

8
docs/reference/scripting-languages/painless/painless-runtime-fields-context.md
View file

@ -23,7 +23,7 @@ $$$runtime-emit-method$$$
::::
::::{dropdown} Signatures of `emit`
::::{dropdown} Signatures of emit
The signature for `emit` depends on the `type` of the field.
`boolean`
@ -53,20 +53,18 @@ $$$runtime-emit-method$$$
`grok`
: Defines a [grok pattern](/reference/enrich-processor/grok-processor.md) to extract structured fields out of a single text field within a document. A grok pattern is like a regular expression that supports aliased expressions that can be reused. See [Define a runtime field with a grok pattern](docs-content://manage-data/data-store/mapping/explore-data-with-runtime-fields.md#runtime-examples-grok).
::::{dropdown} Properties of `grok`
::::{dropdown} Properties of grok
`extract`
: Indicates the values to return. This method applies only to `grok` and `dissect` methods.
::::
`dissect`
: Defines a [dissect pattern](/reference/enrich-processor/dissect-processor.md). Dissect operates much like grok, but does not accept regular expressions. See [Define a runtime field with a dissect pattern](docs-content://manage-data/data-store/mapping/explore-data-with-runtime-fields.md#runtime-examples-dissect).
::::{dropdown} Properties of `dissect`
::::{dropdown} Properties of dissect
`extract`
: Indicates the values to return. This method applies only to `grok` and `dissect` methods.
::::

4
docs/reference/scripting-languages/painless/painless-types.md
View file

@ -28,10 +28,10 @@ The following primitive types are available. The corresponding reference type is
: 16-bit, unsigned, Unicode character. Range: [`0`, `65535`]. Default: `0` or `\u0000`.
`int` (`Integer`)
: 32-bit, signed, twos complement integer. Range: [`-2`^`31`^, `2`^`31`^`-1`]. Default: `0`.
: 32-bit, signed, twos complement integer. Range: [`-2^31`, `2^31 - 1`]. Default: `0`.
`long` (`Long`)
: 64-bit, signed, twos complement integer. Range: [`-2`^`63`^, `2`^`63`^`-1`]. Default: `0`.
: 64-bit, signed, twos complement integer. Range: [`-2^63`, `2^63 - 1`]. Default: `0`.
`float (`Float`)`
: 32-bit, signed, single-precision, IEEE 754 floating point number. Default `0.0`.

3
docs/reference/search-connectors/es-connectors-known-issues.md
View file

@ -25,9 +25,8 @@ The connector service has the following known issues:
::::{dropdown} RAM sizing guidelines
The following table shows the estimated RAM usage for loading IDs into memory.
| | |
| --- | --- |
| **Number of IDs** | **Memory Usage in MB (2X buffer)** |
| --- | --- |
| 1,000,000 | ≈ 45.78 MB |
| 10,000,000 | ≈ 457.76 MB |
| 50,000,000 | ≈ 2288.82 MB (≈ 2.29 GB) |

2
docs/reference/search-connectors/es-connectors-ms-sql.md
View file

@ -174,7 +174,7 @@ The following configuration fields are required to set up the connector:
`ssl_ca`
: Content of SSL certificate. If SSL is disabled, the `ssl_ca` value will be ignored.
::::{dropdown} **Expand** to see an example certificate
::::{dropdown} Expand to see an example certificate
```
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT

2
docs/reference/search-connectors/es-connectors-mysql.md
View file

@ -163,7 +163,7 @@ Enable SSL
SSL Certificate
: Content of SSL certificate. If SSL is disabled, the SSL certificate value will be ignored.
::::{dropdown} **Expand** to see an example certificate
::::{dropdown} Expand to see an example certificate
```
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT

2
docs/reference/search-connectors/es-connectors-postgresql.md
View file

@ -171,7 +171,7 @@ Set the following configuration fields:
`ssl_ca`
: Content of SSL certificate (if SSL is enabled). If SSL is disabled, the `ssl_ca` value will be ignored.
::::{dropdown} **Expand** to see an example certificate
::::{dropdown} Expand to see an example certificate
```
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT

2
docs/reference/search-connectors/es-connectors-run-from-source.md
View file

@ -44,7 +44,7 @@ Follow these steps:
* Open the `config.yml` configuration file in your editor of choice.
* Replace the values for `host` (your Elasticsearch endpoint), `api_key`, `connector_id`, and `service_type`.
:::::{dropdown} **Expand** to see an example `config.yml` file
:::::{dropdown} Expand to see an example config.yml file
Replace the values for `api_key`, `connector_id`, and `service_type` with the values you copied earlier.
```yaml

2
docs/reference/search-connectors/es-postgresql-connector-client-tutorial.md
View file

@ -102,7 +102,7 @@ Once youve created an index, you can set up the connector. You will be guided
* Open the `config.yml` configuration file in your editor of choice.
* Replace the values for `host`, `api_key`, and `connector_id` with the values you gathered [earlier](#es-postgresql-connector-client-tutorial-gather-elastic-details). Use the `service_type` value `postgresql` for this connector.
::::{dropdown} **Expand** to see an example `config.yml` file
::::{dropdown} Expand to see an example config.yml file
Replace the values for `host`, `api_key`, and `connector_id` with your own values. Use the `service_type` value `postgresql` for this connector.
```yaml

6
docs/reference/text-analysis/analysis-edgengram-tokenfilter.md
View file

@ -82,9 +82,11 @@ See [Limitations of the `max_gram` parameter](#analysis-edgengram-tokenfilter-ma
: (Optional, Boolean) Emits original token when set to `true`. Defaults to `false`.
`side`
: (Optional, string) [8.16.0]. Indicates whether to truncate tokens from the `front` or `back`. Defaults to `front`.
: :::{admonition} Deprecated in 8.16.0
This setting was deprecated in 8.16.0.
:::
(Optional, string) Indicates whether to truncate tokens from the `front` or `back`. Defaults to `front`.
## Customize [analysis-edgengram-tokenfilter-customize]

6
docs/reference/text-analysis/analysis-keyword-repeat-tokenfilter.md
View file

@ -49,7 +49,7 @@ GET /_analyze
The API returns the following response. Note that one version of each token has a `keyword` attribute of `true`.
::::{dropdown} **Response**
::::{dropdown} Response
```console-result
{
"detail": {
@ -155,7 +155,7 @@ The API returns the following response. Note the following changes:
* The non-keyword version of `running` was stemmed to `run`.
* The non-keyword version of `jumping` was stemmed to `jump`.
::::{dropdown} **Response**
::::{dropdown} Response
```console-result
{
"detail": {
@ -265,7 +265,7 @@ GET /_analyze
The API returns the following response. Note that the duplicate tokens for `fox` and `and` have been removed.
::::{dropdown} **Response**
::::{dropdown} Response
```console-result
{
"detail": {

2
docs/reference/text-analysis/analysis-length-tokenfilter.md
View file

@ -70,7 +70,7 @@ PUT length_example
: (Optional, integer) Minimum character length of a token. Shorter tokens are excluded from the output. Defaults to `0`.
`max`
: (Optional, integer) Maximum character length of a token. Longer tokens are excluded from the output. Defaults to `Integer.MAX_VALUE`, which is `2`^`31`^`-1` or `2147483647`.
: (Optional, integer) Maximum character length of a token. Longer tokens are excluded from the output. Defaults to `Integer.MAX_VALUE`, which is `2^31 - 1` or `2147483647`.
## Customize [analysis-length-tokenfilter-customize]

2
docs/reference/text-analysis/analysis-predicatefilter-tokenfilter.md
View file

@ -39,7 +39,7 @@ The filter produces the following tokens.
The API response contains the position and offsets of each output token. Note the `predicate_token_filter` filter does not change the tokens' original positions or offsets.
::::{dropdown} **Response**
::::{dropdown} Response
```console-result
{
"tokens" : [

2
docs/reference/text-analysis/analysis-shingle-tokenfilter.md
View file

@ -146,7 +146,7 @@ PUT /my-index-000001
Some token filters, such as the `stop` filter, create empty positions when removing stop words with a position increment greater than one.
::::{dropdown} **Example**
::::{dropdown} Example
In the following [analyze API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-analyze) request, the `stop` filter removes the stop word `a` from `fox jumps a lazy dog`, creating an empty position. The subsequent `shingle` filter replaces this empty position with a plus sign (`+`) in shingles.
```console

123
docs/reference/text-analysis/analysis-stemmer-tokenfilter.md
View file

@ -56,49 +56,96 @@ PUT /my-index-000001
$$$analysis-stemmer-tokenfilter-language-parm$$$
`language`: (Optional, string) Language-dependent stemming algorithm used to stem tokens. If both this and the `name` parameter are specified, the `language` parameter argument is used.
`language`
: (Optional, string) Language-dependent stemming algorithm used to stem tokens. If both this and the `name` parameter are specified, the `language` parameter argument is used.
:::{dropdown} Valid values for `language`
:::{dropdown} Valid values for language
Valid values are sorted by language. Defaults to [**`english`**](https://snowballstem.org/algorithms/porter/stemmer.html). Recommended algorithms are **bolded**.
Arabic: [**`arabic`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/ar/ArabicStemmer.md)
Armenian: [**`armenian`**](https://snowballstem.org/algorithms/armenian/stemmer.md)
Basque: [**`basque`**](https://snowballstem.org/algorithms/basque/stemmer.md)
Bengali:[**`bengali`**](https://www.tandfonline.com/doi/abs/10.1080/02564602.1993.11437284)
Brazilian Portuguese:[**`brazilian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/br/BrazilianStemmer.md)
Bulgarian:[**`bulgarian`**](http://members.unine.ch/jacques.savoy/Papers/BUIR.pdf)
Catalan:[**`catalan`**](https://snowballstem.org/algorithms/catalan/stemmer.md)
Czech:[**`czech`**](https://dl.acm.org/doi/10.1016/j.ipm.2009.06.001)
Danish:[**`danish`**](https://snowballstem.org/algorithms/danish/stemmer.md)
Dutch:[**`dutch`**](https://snowballstem.org/algorithms/dutch/stemmer.md), [`dutch_kp`](https://snowballstem.org/algorithms/kraaij_pohlmann/stemmer.md) [8.16.0]
English:[**`english`**](https://snowballstem.org/algorithms/porter/stemmer.html), [`light_english`](https://ciir.cs.umass.edu/pubfiles/ir-35.pdf), [`lovins`](https://snowballstem.org/algorithms/lovins/stemmer.md) [8.16.0], [`minimal_english`](https://www.researchgate.net/publication/220433848_How_effective_is_suffixing), [`porter2`](https://snowballstem.org/algorithms/english/stemmer.html), [`possessive_english`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/en/EnglishPossessiveFilter.html)
Estonian:[**`estonian`**](https://lucene.apache.org/core/10_0_0/analyzers-common/org/tartarus/snowball/ext/EstonianStemmer.md)
Finnish:[**`finnish`**](https://snowballstem.org/algorithms/finnish/stemmer.html), [`light_finnish`](http://clef.isti.cnr.it/2003/WN_web/22.pdf)
French:[**`light_french`**](https://dl.acm.org/citation.cfm?id=1141523), [`french`](https://snowballstem.org/algorithms/french/stemmer.html), [`minimal_french`](https://dl.acm.org/citation.cfm?id=318984)
Galician:[**`galician`**](http://bvg.udc.es/recursos_lingua/stemming.jsp), [`minimal_galician`](http://bvg.udc.es/recursos_lingua/stemming.jsp) (Plural step only)
German:[**`light_german`**](https://dl.acm.org/citation.cfm?id=1141523), [`german`](https://snowballstem.org/algorithms/german/stemmer.html), [`minimal_german`](http://members.unine.ch/jacques.savoy/clef/morpho.pdf)
Greek:[**`greek`**](https://sais.se/mthprize/2007/ntais2007.pdf)
Hindi:[**`hindi`**](http://computing.open.ac.uk/Sites/EACLSouthAsia/Papers/p6-Ramanathan.pdf)
Hungarian:[**`hungarian`**](https://snowballstem.org/algorithms/hungarian/stemmer.html), [`light_hungarian`](https://dl.acm.org/citation.cfm?id=1141523&dl=ACM&coll=DL&CFID=179095584&CFTOKEN=80067181)
Indonesian:[**`indonesian`**](http://www.illc.uva.nl/Publications/ResearchReports/MoL-2003-02.text.pdf)
Irish:[**`irish`**](https://snowballstem.org/otherapps/oregan/)
Italian:[**`light_italian`**](https://www.ercim.eu/publication/ws-proceedings/CLEF2/savoy.pdf), [`italian`](https://snowballstem.org/algorithms/italian/stemmer.html)
Kurdish (Sorani):[**`sorani`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/ckb/SoraniStemmer.md)
Latvian:[**`latvian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/lv/LatvianStemmer.md)
Lithuanian:[**`lithuanian`**](https://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_3/lucene/analysis/common/src/java/org/apache/lucene/analysis/lt/stem_ISO_8859_1.sbl?view=markup)
Norwegian (Bokmål):[**`norwegian`**](https://snowballstem.org/algorithms/norwegian/stemmer.html), [**`light_norwegian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianLightStemmer.md), [`minimal_norwegian`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianMinimalStemmer.md)
Norwegian:(Nynorsk)[**`light_nynorsk`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianLightStemmer.md), [`minimal_nynorsk`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianMinimalStemmer.md)
Persian:[**`persian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/fa/PersianStemmer.md)
Portuguese:[**`light_portuguese`**](https://dl.acm.org/citation.cfm?id=1141523&dl=ACM&coll=DL&CFID=179095584&CFTOKEN=80067181), [`minimal_portuguese`](http://www.inf.ufrgs.br/~buriol/papers/Orengo_CLEF07.pdf), [`portuguese`](https://snowballstem.org/algorithms/portuguese/stemmer.html), [`portuguese_rslp`](https://www.inf.ufrgs.br/\~viviane/rslp/index.htm)
Romanian:[**`romanian`**](https://snowballstem.org/algorithms/romanian/stemmer.html)
Russian:[**`russian`**](https://snowballstem.org/algorithms/russian/stemmer.html), [`light_russian`](https://doc.rero.ch/lm.php?url=1000%2C43%2C4%2C20091209094227-CA%2FDolamic_Ljiljana_-_Indexing_and_Searching_Strategies_for_the_Russian_20091209.pdf)
Serbian:[**`serbian`**](https://snowballstem.org/algorithms/serbian/stemmer.html)
Spanish:[**`light_spanish`**](https://www.ercim.eu/publication/ws-proceedings/CLEF2/savoy.pdf), [`spanish`](https://snowballstem.org/algorithms/spanish/stemmer.html) [`spanish_plural`](https://www.wikilengua.org/index.php/Plural_(formaci%C3%B3n))
Swedish:[**`swedish`**](https://snowballstem.org/algorithms/swedish/stemmer.html), [`light_swedish`](http://clef.isti.cnr.it/2003/WN_web/22.pdf)
Turkish:[**`turkish`**](https://snowballstem.org/algorithms/turkish/stemmer.html)
* Arabic: [**`arabic`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/ar/ArabicStemmer.md)
* Armenian: [**`armenian`**](https://snowballstem.org/algorithms/armenian/stemmer.md)
* Basque: [**`basque`**](https://snowballstem.org/algorithms/basque/stemmer.md)
* Bengali:[**`bengali`**](https://www.tandfonline.com/doi/abs/10.1080/02564602.1993.11437284)
* Brazilian Portuguese:[**`brazilian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/br/BrazilianStemmer.md)
* Bulgarian:[**`bulgarian`**](http://members.unine.ch/jacques.savoy/Papers/BUIR.pdf)
* Catalan:[**`catalan`**](https://snowballstem.org/algorithms/catalan/stemmer.md)
* Czech:[**`czech`**](https://dl.acm.org/doi/10.1016/j.ipm.2009.06.001)
* Danish:[**`danish`**](https://snowballstem.org/algorithms/danish/stemmer.md)
* Dutch
* [**`dutch`**](https://snowballstem.org/algorithms/dutch/stemmer.md)
* [`dutch_kp`](https://snowballstem.org/algorithms/kraaij_pohlmann/stemmer.md)
:::{admonition} Deprecated in 8.16.0
This language was deprecated in 8.16.0.
:::
* English:
* [**`english`**](https://snowballstem.org/algorithms/porter/stemmer.html)
* [`light_english`](https://ciir.cs.umass.edu/pubfiles/ir-35.pdf)
* [`lovins`](https://snowballstem.org/algorithms/lovins/stemmer.md)
:::{admonition} Deprecated in 8.16.0
This language was deprecated in 8.16.0.
:::
* [`minimal_english`](https://www.researchgate.net/publication/220433848_How_effective_is_suffixing)
* [`porter2`](https://snowballstem.org/algorithms/english/stemmer.html)
* [`possessive_english`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/en/EnglishPossessiveFilter.html)
* Estonian:[**`estonian`**](https://lucene.apache.org/core/10_0_0/analyzers-common/org/tartarus/snowball/ext/EstonianStemmer.md)
* Finnish:
* [**`finnish`**](https://snowballstem.org/algorithms/finnish/stemmer.html)
* [`light_finnish`](http://clef.isti.cnr.it/2003/WN_web/22.pdf)
* French:
* [**`light_french`**](https://dl.acm.org/citation.cfm?id=1141523)
* [`french`](https://snowballstem.org/algorithms/french/stemmer.html)
* [`minimal_french`](https://dl.acm.org/citation.cfm?id=318984)
* Galician:
* [**`galician`**](http://bvg.udc.es/recursos_lingua/stemming.jsp)
* [`minimal_galician`](http://bvg.udc.es/recursos_lingua/stemming.jsp) (Plural step only)
* German:
* [**`light_german`**](https://dl.acm.org/citation.cfm?id=1141523),
* [`german`](https://snowballstem.org/algorithms/german/stemmer.html)
* [`minimal_german`](http://members.unine.ch/jacques.savoy/clef/morpho.pdf)
* Greek:[**`greek`**](https://sais.se/mthprize/2007/ntais2007.pdf)
* Hindi:[**`hindi`**](http://computing.open.ac.uk/Sites/EACLSouthAsia/Papers/p6-Ramanathan.pdf)
* Hungarian:
* [**`hungarian`**](https://snowballstem.org/algorithms/hungarian/stemmer.html)
* [`light_hungarian`](https://dl.acm.org/citation.cfm?id=1141523&dl=ACM&coll=DL&CFID=179095584&CFTOKEN=80067181)
* Indonesian:[**`indonesian`**](http://www.illc.uva.nl/Publications/ResearchReports/MoL-2003-02.text.pdf)
* Irish:[**`irish`**](https://snowballstem.org/otherapps/oregan/)
* Italian:
* [**`light_italian`**](https://www.ercim.eu/publication/ws-proceedings/CLEF2/savoy.pdf)
* [`italian`](https://snowballstem.org/algorithms/italian/stemmer.html)
* Kurdish (Sorani):[**`sorani`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/ckb/SoraniStemmer.md)
* Latvian:[**`latvian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/lv/LatvianStemmer.md)
* Lithuanian:[**`lithuanian`**](https://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_3/lucene/analysis/common/src/java/org/apache/lucene/analysis/lt/stem_ISO_8859_1.sbl?view=markup)
* Norwegian (Bokmål):
* [**`norwegian`**](https://snowballstem.org/algorithms/norwegian/stemmer.html)
* [**`light_norwegian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianLightStemmer.md)
* [`minimal_norwegian`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianMinimalStemmer.md)
* Norwegian (Nynorsk):
* [**`light_nynorsk`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianLightStemmer.md)
* [`minimal_nynorsk`](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/no/NorwegianMinimalStemmer.md)
* Persian:[**`persian`**](https://lucene.apache.org/core/10_0_0/analysis/common/org/apache/lucene/analysis/fa/PersianStemmer.md)
* Portuguese:
* [**`light_portuguese`**](https://dl.acm.org/citation.cfm?id=1141523&dl=ACM&coll=DL&CFID=179095584&CFTOKEN=80067181)
* [`minimal_portuguese`](http://www.inf.ufrgs.br/~buriol/papers/Orengo_CLEF07.pdf)
* [`portuguese`](https://snowballstem.org/algorithms/portuguese/stemmer.html)
* [`portuguese_rslp`](https://www.inf.ufrgs.br/\~viviane/rslp/index.htm)
* Romanian:[**`romanian`**](https://snowballstem.org/algorithms/romanian/stemmer.html)
* Russian:
* [**`russian`**](https://snowballstem.org/algorithms/russian/stemmer.html)
* [`light_russian`](https://doc.rero.ch/lm.php?url=1000%2C43%2C4%2C20091209094227-CA%2FDolamic_Ljiljana_-_Indexing_and_Searching_Strategies_for_the_Russian_20091209.pdf)
* Serbian:[**`serbian`**](https://snowballstem.org/algorithms/serbian/stemmer.html)
* Spanish:
* [**`light_spanish`**](https://www.ercim.eu/publication/ws-proceedings/CLEF2/savoy.pdf)
* [`spanish`](https://snowballstem.org/algorithms/spanish/stemmer.html)
* [`spanish_plural`](https://www.wikilengua.org/index.php/Plural_(formaci%C3%B3n))
* Swedish:
* [**`swedish`**](https://snowballstem.org/algorithms/swedish/stemmer.html)
* [`light_swedish`](http://clef.isti.cnr.it/2003/WN_web/22.pdf)
* Turkish:[**`turkish`**](https://snowballstem.org/algorithms/turkish/stemmer.html)
:::
`name`: An alias for the [`language`](#analysis-stemmer-tokenfilter-language-parm) parameter. If both this and the `language` parameter are specified, the `language` parameter argument is used.
`name`
: An alias for the [`language`](#analysis-stemmer-tokenfilter-language-parm) parameter. If both this and the `language` parameter are specified, the `language` parameter argument is used.
## Customize [analysis-stemmer-tokenfilter-customize]

2
docs/reference/text-analysis/analysis-word-delimiter-graph-tokenfilter.md
View file

@ -279,7 +279,7 @@ While indexing does not support token graphs containing multi-position tokens, q
To see how token graphs produced by the `word_delimiter` and `word_delimiter_graph` filters differ, check out the following example.
:::::{dropdown} **Example**
:::::{dropdown} Example
$$$analysis-word-delimiter-graph-basic-token-graph$$$
**Basic token graph**