github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 09:28:55 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/indices/index-mgmt.asciidoc
gchaps cfa11d2df3
[DOCS] Adds enrich policies and data retention for Index Management (#100922) 
* [DOCS] Adds enrich policies and data retention for Index Management

* Update docs/reference/indices/index-mgmt.asciidoc

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>

* Update docs/reference/indices/index-mgmt.asciidoc

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>

* Update docs/reference/indices/index-mgmt.asciidoc

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>

* Update docs/reference/indices/index-mgmt.asciidoc

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>

* Update docs/reference/indices/index-mgmt.asciidoc

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>

* [DOCS] Incorporates review comments

---------

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
2023-10-19 07:24:52 -07:00

247 lines
8 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[role="xpack"]
[[index-mgmt]]
== Index management in {kib}
{kib}'s *Index Management* features are an easy, convenient way to manage your
cluster's indices, <<data-streams,data streams>>, <<index-templates,index
templates>>, and <<ingest-enriching-data,enrich policies>>. Practicing good index management ensures your data is stored
correctly and in the most cost-effective way possible.
To use these features, go to *Stack Management* > *Index Management*.
[discrete]
[[index-mgmt-wyl]]
[discrete]
[[index-mgm-req-permissions]]
=== Required permissions
If you use {es} {security-features}, the following
<<security-privileges,security privileges>> are required:
* The `monitor` cluster privilege to access {kib}'s *Index Management* features.
* The `view_index_metadata` and `manage` index privileges to view a data stream
or index's data.
* The `manage_index_templates` cluster privilege to manage index templates.
To add these privileges, go to *Stack Management > Security > Roles* or use the <<security-api-put-role,Create or update roles API>>.
[discrete]
[[view-edit-indices]]
=== Manage indices
Investigate your indices and perform operations from the *Indices* view.
[role="screenshot"]
image::images/index-mgmt/management_index_labels.png[Index Management UI]
* To show details and perform operations such as close, forcemerge, and flush,
click the index name. To perform operations
on multiple indices, select their checkboxes and then open the *Manage* menu.
For more information on managing indices, refer to <<indices, Index APIs>>.
* To filter the list of indices, use the search bar or click a badge.
Badges indicate if an index is a <<ccr-put-follow,follower index>>, a
<<rollup-get-rollup-index-caps,rollup index>>, or <<unfreeze-index-api,frozen>>.
* To drill down into the index
<<mapping,mappings>>, <<index-modules-settings,settings>>, and statistics,
click an index name. From this view, you can navigate to *Discover* to
further explore the documents in the index.
+
[role="screenshot"]
image::images/index-mgmt/management_index_details.png[Index Management UI]
[float]
[[manage-data-streams]]
=== Manage data streams
Investigate your data streams and address lifecycle management needs in the *Data Streams* view.
The value in the *Indices* column indicates the number of backing indices. Click this number to drill down into details.
A value in the data retention column indicates that the data stream is managed by a <<data-stream-lifecycle,data stream lifecycle policy>>.
This value is the time period for which your data is guaranteed to be stored. Data older than this period can be deleted by
Elasticsearch at a later time.
[role="screenshot"]
image::images/index-mgmt/management-data-stream.png[Data stream details]
* To view more information about a data stream, such as its generation or its
current index lifecycle policy, click the stream's name. From this view, you can navigate to *Discover* to
further explore data within the data stream.
* preview:[]To edit the data retention value, open the *Manage* menu, and then click *Edit data retention*.
This action is only available if your data stream is not managed by an ILM policy.
[float]
[[manage-index-templates]]
=== Manage index templates
Create,
edit, clone, and delete your index templates in the *Index Templates* view. Changes made to an index template do not
affect existing indices.
[role="screenshot"]
image::images/index-mgmt/management-index-templates.png[Index templates]
[float]
==== Try it: Create an index template
In this tutorial, youll create an index template and use it to configure two
new indices.
*Step 1. Add a name and index pattern*
. In the *Index Templates* view, open the *Create template* wizard.
+
[role="screenshot"]
image::images/index-mgmt/management_index_create_wizard.png[Create wizard]
. In the *Name* field, enter `my-index-template`.
. Set *Index pattern* to `my-index-*` so the template matches any index
with that index pattern.
. Leave *Data Stream*, *Priority*, *Version*, and *_meta field* blank or as-is.
*Step 2. Add settings, mappings, and aliases*
. Add <<indices-component-template,component templates>> to your index template.
+
Component templates are pre-configured sets of mappings, index settings, and
aliases you can reuse across multiple index templates. Badges indicate
whether a component template contains mappings (*M*), index settings (*S*),
aliases (*A*), or a combination of the three.
+
Component templates are optional. For this tutorial, do not add any component
templates.
+
[role="screenshot"]
image::images/index-mgmt/management_index_component_template.png[Component templates page]
. Define index settings. These are optional. For this tutorial, leave this
section blank.
. Define a mapping that contains an <<object,object>> field named `geo` with a
child <<geo-point,`geo_point`>> field named `coordinates`:
+
[role="screenshot"]
image::images/index-mgmt/management-index-templates-mappings.png[Mapped fields page]
+
Alternatively, you can click the *Load JSON* link and define the mapping as JSON:
+
[source,js]
----
{
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
----
// NOTCONSOLE
+
You can create additional mapping configurations in the *Dynamic templates* and
*Advanced options* tabs. For this tutorial, do not create any additional
mappings.
. Define an alias named `my-index`:
+
[source,js]
----
{
"my-index": {}
}
----
// NOTCONSOLE
. On the review page, check the summary. If everything looks right, click
*Create template*.
*Step 3. Create new indices*
Youre now ready to create new indices using your index template.
. Index the following documents to create two indices:
`my-index-000001` and `my-index-000002`.
+
[source,console]
----
POST /my-index-000001/_doc
{
"@timestamp": "2019-05-18T15:57:27.541Z",
"ip": "225.44.217.191",
"extension": "jpg",
"response": "200",
"geo": {
"coordinates": {
"lat": 38.53146222,
"lon": -121.7864906
}
},
"url": "https://media-for-the-masses.theacademyofperformingartsandscience.org/uploads/charles-fullerton.jpg"
}
POST /my-index-000002/_doc
{
"@timestamp": "2019-05-20T03:44:20.844Z",
"ip": "198.247.165.49",
"extension": "php",
"response": "200",
"geo": {
"coordinates": {
"lat": 37.13189556,
"lon": -76.4929875
}
},
"memory": 241720,
"url": "https://theacademyofperformingartsandscience.org/people/type:astronauts/name:laurel-b-clark/profile"
}
----
. Use the <<indices-get-index,get index API>> to view the configurations for the
new indices. The indices were configured using the index template you created
earlier.
+
[source,console]
--------------------------------------------------
GET /my-index-000001,my-index-000002
--------------------------------------------------
// TEST[continued]
[float]
[[manage-enrich-policies]]
=== Manage enrich policies
Use the *Enrich Policies* view to add data from your existing indices to incoming documents during ingest.
An enrich policy contains:
* The policy type that determines how the policy matches the enrich data to incoming documents
* The source indices that store enrich data as documents
* The fields from the source indices used to match incoming documents
* The enrich fields containing enrich data from the source indices that you want to add to incoming documents
* An optional <<query-dsl-match-all-query,query>>.
[role="screenshot"]
image::images/index-mgmt/management-enrich-policies.png[Enrich policies]
When creating an enrich policy, the UI walks you through the configuration setup and selecting the fields.
Before you can use the policy with an enrich processor or {esql} query, you must execute the policy.
When executed, an enrich policy uses enrich data from the policys source indices
to create a streamlined system index called the enrich index. The policy uses this index to match and enrich incoming documents.
Check out these examples:
* <<geo-match-enrich-policy-type>>
* <<match-enrich-policy-type>>
* <<range-enrich-policy-type>>
Reference in a new issue View git blame Copy permalink