www.elastic.co Open in urlscan Pro
2a04:4e42:200::729  Public Scan

URL: https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html
Submission: On June 11 via api from CA — Scanned from CA

Form analysis 3 forms found in the DOM

<form role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-labelledby="downshift-0-label">
  <div class="sui-search-box search-box">
    <div class="sui-search-box__wrapper">
      <div class="icon"> </div><input aria-autocomplete="list" aria-labelledby="downshift-0-label" autocomplete="off" id="downshift-0-input" placeholder="" class="sui-search-box__text-input " value="" style="padding-left: 468px;">
    </div><a href="#" class="header-search-cancel"></a>
  </div>
</form>

<form id="mktoForm_1398" class="jsx-3812957129 mktoForm mktoHasWidth mktoLayoutAbove" novalidate="novalidate" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); width: 276px;">
  <style type="text/css"></style>
  <div class="mktoFormRow">
    <div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
      <div class="mktoOffset" style="width: 5px;"></div>
      <div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 270px;">
          <div class="mktoAsterix">*</div>
        </label>
        <div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Email address" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
          class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 270px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
        <div class="mktoClear"></div>
      </div>
      <div class="mktoClear"></div>
    </div>
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="Internal_CTA__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Internal_Page__c"
      class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Internal_Placement__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input
      type="hidden" name="Ad_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Ad_technology__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-"
      style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Internal_Search__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Page__c"
      class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_CTA__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden"
      name="Marketing_Placement__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Technology__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-"
      style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Content__c"
      class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden"
      name="Marketing_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-" style="margin-bottom: 5px;"><input type="hidden" name="Marketing_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="-"
      style="margin-bottom: 5px;"><input type="hidden" name="Form_Source" class="mktoField mktoFieldDescriptor mktoFormCol" value="Web.co Newsletter" style="margin-bottom: 5px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;"><input type="hidden" name="Ad_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol"
      value="-" style="margin-bottom: 5px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow">
    <div class="mktoFormCol" style="margin-bottom: 5px;">
      <div class="mktoOffset mktoHasWidth" style="width: 5px;"></div>
      <div class="mktoFieldWrap">
        <div class="mktoHtmlText mktoHasWidth" style="width: 255px;">
          <div id="gdpr">&nbsp;</div>
        </div>
        <div class="mktoClear"></div>
      </div>
      <div class="mktoClear"></div>
    </div>
    <div class="mktoClear"></div>
  </div>
  <div class="mktoFormRow"><input type="hidden" name="Elastic_Cookie_UUID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;"><input type="hidden" name="Form_Fill_Referrer__c"
      class="mktoField mktoFieldDescriptor mktoFormCol" value="https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html" style="margin-bottom: 5px;">
    <div class="mktoClear"></div>
  </div>
  <div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Sign up</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
    value="1398"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="813-MAM-392">
</form>

<form class="jsx-3812957129 mktoForm mktoHasWidth mktoLayoutAbove" novalidate="novalidate" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;">
</form>

Text Content

 * Products
 * Customers
 * Learn
 * Company
 * Pricing

Try Free

Already have an account?Log in

Have questions?Contact us

Products


SOLUTIONS


Elastic Enterprise Search

Workplace, website, and app search


Elastic Observability

Unified logs, metrics, and APM data


Elastic Security

SIEM, endpoint, and threat hunting


ELASTIC (ELK) STACK

Elasticsearch

Store, search, analyze

Kibana

Visualize, navigate, share


Elastic Cloud

Managed Elasticsearch service


NEW

8.2 Release

Deploy now

View integrations

View all products

Learn
Blogs

Tutorials, updates, people

Docs

Product guides

Events

ElasticON, meetups, virtual events

Videos

Tutorials and customer testimonials

Community

Groups, forums, code

Consulting

Project acceleration packages

Customer success

Customer guidance and resources

Training

Critical skill-building and certification


FEATURED TOPICS

Elastic (ELK) Stack Upgrading
Elastic Stack Getting Started
Kibana Getting Started
App Search Getting Started
Workplace Search Getting Started
APM Overview


Upgrade the Elastic Stack.

Watch video

Company
About

Our story, teams, Source Code

Customers

Case studies, videos, blogs

Careers

Peruse our opportunities

Partners

Find or become a partner

Investor Relations

Results, filings, resources

Awards

Recognizing remarkable work


NEWS

Elastic 8.2 released
What’s new in Elastic Enterprise Search 8.2
What’s new in Elastic Observability 8.2
What’s new in Elastic Security 8.2
What’s new in Elastic Platform 8.2


Elastic is a search company.

Watch video

 * Contact
 * Login
 * Try Free
 * 

 * Documentation
 * Elasticsearch
 * 7.16






Docs
IMPORTANT: No additional bug fixes or documentation updates will be released for
this version. For the latest information, see the current release documentation.
Elasticsearch Guide [7.16] » Secure the Elastic Stack » Configure security for
the Elastic Stack » Set up minimal security for Elasticsearch
« Configure security for the Elastic Stack Set up basic security for the Elastic
Stack »


SET UP MINIMAL SECURITY FOR ELASTICSEARCHEDIT

You enable the Elasticsearch security features and then create passwords for
built-in users. You can add more users later, but using the built-in users
simplifies the process of enabling security for your cluster.

The minimal security scenario is not sufficient for production mode clusters. If
your cluster has multiple nodes, you must enable minimal security and then
configure Transport Layer Security (TLS) between nodes.


PREREQUISITESEDIT

 1. Install and configure Elasticsearch and Kibana. See Getting started with the
    Elastic Stack.

 2. Verify that you are using a license that includes the specific security
    features you want.
    
    The basic license includes minimal security settings for the Elastic Stack,
    so you can just download the distribution and get to work. You can also
    enable a free trial license to access all features of the Elastic Stack. See
    subscriptions and license management.


ENABLE ELASTICSEARCH SECURITY FEATURESEDIT

When you use the basic license, the Elasticsearch security features are disabled
by default. Enabling the Elasticsearch security features enables basic
authentication so that you can run a local cluster with username and password
authentication.

 1. On every node in your cluster, stop both Kibana and Elasticsearch if they
    are running.

 2. On every node in your cluster, add the xpack.security.enabled setting to the
    $ES_PATH_CONF/elasticsearch.yml file and set the value to true:
    
    xpack.security.enabled: true
    
    The $ES_PATH_CONF variable is the path for the Elasticsearch configuration
    files. If you installed Elasticsearch using archive distributions (zip or
    tar.gz), the variable defaults to $ES_HOME/config. If you used package
    distributions (Debian or RPM), the variable defaults to /etc/elasticsearch.

 3. If your cluster has a single node, add the discovery.type setting in the
    $ES_PATH_CONF/elasticsearch.yml file and set the value to single-node. This
    setting ensures that your node does not inadvertently connect to other
    clusters that might be running on your network.
    
    discovery.type: single-node


CREATE PASSWORDS FOR BUILT-IN USERSEDIT

To communicate with the cluster, you must configure a username for the built-in
users. Unless you enable anonymous access, all requests that don’t include a
user name and password are rejected.

You only need to set passwords for the elastic and kibana_system users when
enabling minimal or basic security.

 1. On every node in your cluster, start Elasticsearch. For example, if you
    installed Elasticsearch with a .tar.gz package, run the following command
    from the ES_HOME directory:
    
    ./bin/elasticsearch

 2. In another terminal window, set the passwords for the built-in users by
    running the elasticsearch-setup-passwords utility.
    
    You can run the elasticsearch-setup-passwords utility against any node in
    your cluster. However, you should only run this utility one time for the
    entire cluster.
    
    Using the auto parameter outputs randomly-generated passwords to the console
    that you can change later if necessary:
    
    ./bin/elasticsearch-setup-passwords auto
    
    If you want to use your own passwords, run the command with the interactive
    parameter instead of the auto parameter. Using this mode steps you through
    password configuration for all of the built-in users.
    
    ./bin/elasticsearch-setup-passwords interactive

 3. Save the generated passwords. You’ll need them to add the built-in user to
    Kibana.

After you set a password for the elastic user, you cannot run the
elasticsearch-setup-passwords command a second time.

Next: Configure Kibana to connect to Elasticsearch with a password


CONFIGURE KIBANA TO CONNECT TO ELASTICSEARCH WITH A PASSWORDEDIT

When the Elasticsearch security features are enabled, users must log in to
Kibana with a valid username and password.

You’ll configure Kibana to use the built-in kibana_system user and the password
that you created earlier. Kibana performs some background tasks that require use
of the kibana_system user.

This account is not meant for individual users and does not have permission to
log in to Kibana from a browser. Instead, you’ll log in to Kibana as the elastic
superuser.

 1. Add the elasticsearch.username setting to the KIB_PATH_CONF/kibana.yml file
    and set the value to the kibana_system user:
    
    elasticsearch.username: "kibana_system"
    
    The KIB_PATH_CONF variable is the path for the Kibana configuration files.
    If you installed Kibana using archive distributions (zip or tar.gz), the
    variable defaults to KIB_HOME/config. If you used package distributions
    (Debian or RPM), the variable defaults to /etc/kibana.

 2. From the directory where you installed Kibana, run the following commands to
    create the Kibana keystore and add the secure settings:
    
     1. Create the Kibana keystore:
        
        ./bin/kibana-keystore create
    
     2. Add the password for the kibana_system user to the Kibana keystore:
        
        ./bin/kibana-keystore add elasticsearch.password
        
        When prompted, enter the password for the kibana_system user.

 3. Restart Kibana. For example, if you installed Kibana with a .tar.gz package,
    run the following command from the Kibana directory:
    
    ./bin/kibana

 4. Log in to Kibana as the elastic user. Use this superuser account to manage
    spaces, create new users, and assign roles. If you’re running Kibana
    locally, go to http://localhost:5601 to view the login page.


WHAT’S NEXT?EDIT

Congratulations! You enabled password protection for your local cluster to
prevent unauthorized access. You can log in to Kibana securely as the elastic
user and create additional users and roles. If you’re running a single-node
cluster, then you can stop here.

If your cluster has multiple nodes, then you must configure Transport Layer
Security (TLS) between nodes. Production mode clusters will not start if you do
not enable TLS.

Set up basic security for the Elastic Stack to secure all internal communication
between nodes in your cluster.

« Configure security for the Elastic Stack Set up basic security for the Elastic
Stack »


ON THIS PAGE

 * Prerequisites
 * Enable Elasticsearch security features
 * Create passwords for built-in users
 * Configure Kibana to connect to Elasticsearch with a password
 * What’s next?


MIGRATE TO ELASTIC ACROSS ANY CLOUD




Realize a faster time to insights and ingest data seamlessly with Elastic on
your favorite public cloud provider.

Learn more


RECOMMENDED FOR YOU

Accelerate app development and defend against novel attacks with Elastic 8.

Distributed Elastic Architectures

Install Elasticsearch with Docker | Elasticsearch

Elastic 8.0: A new era of speed, scale, relevance, and simplicity

Query string query | Elasticsearch

 * Elasticsearch Guide: master8.2 (current)7.177.16other versionsother versions:
   master8.38.2
   (current)8.18.07.177.167.157.147.137.127.117.107.97.87.77.67.57.47.37.27.17.06.86.76.66.56.46.36.26.16.05.65.55.45.35.25.15.02.42.32.22.12.01.71.61.51.41.30.90
 * What is Elasticsearch?
   * Data in: documents and indices
   * Information out: search and analyze
   * Scalability and resilience
 * What’s new in 7.16
 * Quick start
 * Set up Elasticsearch
   * Installing Elasticsearch
     * Install Elasticsearch from archive on Linux or MacOS
     * Install Elasticsearch with .zip on Windows
     * Install Elasticsearch with Debian Package
     * Install Elasticsearch with RPM
     * Install Elasticsearch with Windows MSI Installer
     * Install Elasticsearch with Docker
     * Install Elasticsearch on macOS with Homebrew
   * Configuring Elasticsearch
     * Important Elasticsearch configuration
     * Secure settings
     * Auditing settings
     * Circuit breaker settings
     * Cluster-level shard allocation and routing settings
     * Cross-cluster replication settings
     * Discovery and cluster formation settings
     * Field data cache settings
     * Index lifecycle management settings
     * Index management settings
     * Index recovery settings
     * Indexing buffer settings
     * License settings
     * Local gateway settings
     * Logging
     * Machine learning settings
     * Monitoring settings
     * Node
     * Networking
     * Node query cache settings
     * Search settings
     * Security settings
     * Shard request cache settings
     * Snapshot and restore settings
     * Transforms settings
     * Thread pools
     * Watcher settings
     * Advanced configuration
   * Important system configuration
     * Configuring system settings
     * Disable swapping
     * File Descriptors
     * Virtual memory
     * Number of threads
     * DNS cache settings
     * Ensure JNA temporary directory permits executables
     * TCP retransmission timeout
   * Bootstrap Checks
     * Heap size check
     * File descriptor check
     * Memory lock check
     * Maximum number of threads check
     * Max file size check
     * Maximum size virtual memory check
     * Maximum map count check
     * Client JVM check
     * Use serial collector check
     * System call filter check
     * OnError and OnOutOfMemoryError checks
     * Early-access check
     * G1GC check
     * All permission check
     * Discovery configuration check
   * Bootstrap Checks for X-Pack
   * Starting Elasticsearch
   * Stopping Elasticsearch
   * Discovery and cluster formation
     * Discovery
     * Quorum-based decision making
     * Voting configurations
     * Bootstrapping a cluster
     * Publishing the cluster state
     * Cluster fault detection
   * Add and remove nodes in your cluster
   * Full-cluster restart and rolling restart
   * Remote clusters
     * Configure remote clusters with security
     * Connect to remote clusters
     * Configure roles and users for remote clusters
     * Remote cluster settings
   * Set up X-Pack
   * Configuring X-Pack Java Clients
   * Plugins
 * Upgrade Elasticsearch
   * Rolling upgrades
   * Full cluster restart upgrade
   * Reindex before upgrading
     * Reindex in place
     * Reindex from a remote cluster
   * Archived settings
 * Index modules
   * Analysis
   * Index Shard Allocation
     * Index-level shard allocation filtering
     * Delaying allocation when a node leaves
     * Index recovery prioritization
     * Total shards per node
     * Index-level data tier allocation filtering
   * Index blocks
   * Mapper
   * Merge
   * Similarity module
   * Slow Log
   * Store
     * Preloading data into the file system cache
   * Translog
   * History retention
   * Index Sorting
     * Use index sorting to speed up conjunctions
   * Indexing pressure
 * Mapping
   * Dynamic mapping
     * Dynamic field mapping
     * Dynamic templates
   * Explicit mapping
   * Runtime fields
     * Map a runtime field
     * Define runtime fields in a search request
     * Override field values at query time
     * Retrieve a runtime field
     * Index a runtime field
     * Explore your data with runtime fields
   * Field data types
     * Aggregate metric
     * Alias
     * Arrays
     * Binary
     * Boolean
     * Date
     * Date nanoseconds
     * Dense vector
     * Flattened
     * Geopoint
     * Geoshape
     * Histogram
     * IP
     * Join
     * Keyword
     * Nested
     * Numeric
     * Object
     * Percolator
     * Point
     * Range
     * Rank feature
     * Rank features
     * Search-as-you-type
     * Shape
     * Sparse vector
     * Text
     * Token count
     * Unsigned long
     * Version
   * Metadata fields
     * _doc_count field
     * _field_names field
     * _ignored field
     * _id field
     * _index field
     * _meta field
     * _routing field
     * _source field
     * _tier field
     * _type field
   * Mapping parameters
     * analyzer
     * boost
     * coerce
     * copy_to
     * doc_values
     * dynamic
     * eager_global_ordinals
     * enabled
     * format
     * ignore_above
     * ignore_malformed
     * index
     * index_options
     * index_phrases
     * index_prefixes
     * meta
     * fields
     * normalizer
     * norms
     * null_value
     * position_increment_gap
     * properties
     * search_analyzer
     * similarity
     * store
     * term_vector
   * Mapping limit settings
   * Removal of mapping types
 * Text analysis
   * Overview
   * Concepts
     * Anatomy of an analyzer
     * Index and search analysis
     * Stemming
     * Token graphs
   * Configure text analysis
     * Test an analyzer
     * Configuring built-in analyzers
     * Create a custom analyzer
     * Specify an analyzer
   * Built-in analyzer reference
     * Fingerprint
     * Keyword
     * Language
     * Pattern
     * Simple
     * Standard
     * Stop
     * Whitespace
   * Tokenizer reference
     * Character group
     * Classic
     * Edge n-gram
     * Keyword
     * Letter
     * Lowercase
     * N-gram
     * Path hierarchy
     * Pattern
     * Simple pattern
     * Simple pattern split
     * Standard
     * Thai
     * UAX URL email
     * Whitespace
   * Token filter reference
     * Apostrophe
     * ASCII folding
     * CJK bigram
     * CJK width
     * Classic
     * Common grams
     * Conditional
     * Decimal digit
     * Delimited payload
     * Dictionary decompounder
     * Edge n-gram
     * Elision
     * Fingerprint
     * Flatten graph
     * Hunspell
     * Hyphenation decompounder
     * Keep types
     * Keep words
     * Keyword marker
     * Keyword repeat
     * KStem
     * Length
     * Limit token count
     * Lowercase
     * MinHash
     * Multiplexer
     * N-gram
     * Normalization
     * Pattern capture
     * Pattern replace
     * Phonetic
     * Porter stem
     * Predicate script
     * Remove duplicates
     * Reverse
     * Shingle
     * Snowball
     * Stemmer
     * Stemmer override
     * Stop
     * Synonym
     * Synonym graph
     * Trim
     * Truncate
     * Unique
     * Uppercase
     * Word delimiter
     * Word delimiter graph
   * Character filters reference
     * HTML strip
     * Mapping
     * Pattern replace
   * Normalizers
 * Index templates
   * Simulate multi-component templates
 * Data streams
   * Set up a data stream
   * Use a data stream
   * Change mappings and settings for a data stream
 * Ingest pipelines
   * Example: Parse logs
   * Enrich your data
     * Set up an enrich processor
     * Example: Enrich your data based on geolocation
     * Example: Enrich your data based on exact values
     * Example: Enrich your data by matching a value to a range
   * Processor reference
     * Append
     * Bytes
     * Circle
     * Community ID
     * Convert
     * CSV
     * Date
     * Date index name
     * Dissect
     * Dot expander
     * Drop
     * Enrich
     * Fail
     * Fingerprint
     * Foreach
     * GeoIP
     * Grok
     * Gsub
     * HTML strip
     * Inference
     * Join
     * JSON
     * KV
     * Lowercase
     * Network direction
     * Pipeline
     * Registered domain
     * Remove
     * Rename
     * Script
     * Set
     * Set security user
     * Sort
     * Split
     * Trim
     * Uppercase
     * URL decode
     * URI parts
     * User agent
 * Aliases
 * Search your data
   * Collapse search results
   * Filter search results
   * Highlighting
   * Long-running searches
   * Near real-time search
   * Paginate search results
   * Retrieve inner hits
   * Retrieve selected fields
   * Search across clusters
   * Search multiple data streams and indices
   * Search shard routing
   * Search templates
   * Sort search results
 * Query DSL
   * Query and filter context
   * Compound queries
     * Boolean
     * Boosting
     * Constant score
     * Disjunction max
     * Function score
   * Full text queries
     * Intervals
     * Match
     * Match boolean prefix
     * Match phrase
     * Match phrase prefix
     * Combined fields
     * Multi-match
     * Common Terms Query
     * Query string
     * Simple query string
   * Geo queries
     * Geo-bounding box
     * Geo-distance
     * Geo-polygon
     * Geoshape
   * Shape queries
     * Shape
   * Joining queries
     * Nested
     * Has child
     * Has parent
     * Parent ID
   * Match all
   * Span queries
     * Span containing
     * Span field masking
     * Span first
     * Span multi-term
     * Span near
     * Span not
     * Span or
     * Span term
     * Span within
   * Specialized queries
     * Distance feature
     * More like this
     * Percolate
     * Rank feature
     * Script
     * Script score
     * Wrapper
     * Pinned Query
   * Term-level queries
     * Exists
     * Fuzzy
     * IDs
     * Prefix
     * Range
     * Regexp
     * Term
     * Terms
     * Terms set
     * Type Query
     * Wildcard
   * minimum_should_match parameter
   * rewrite parameter
   * Regular expression syntax
 * Aggregations
   * Bucket aggregations
     * Adjacency matrix
     * Auto-interval date histogram
     * Categorize text
     * Children
     * Composite
     * Date histogram
     * Date range
     * Diversified sampler
     * Filter
     * Filters
     * Geo-distance
     * Geohash grid
     * Geotile grid
     * Global
     * Histogram
     * IP range
     * Missing
     * Multi Terms
     * Nested
     * Parent
     * Range
     * Rare terms
     * Reverse nested
     * Sampler
     * Significant terms
     * Significant text
     * Terms
     * Variable width histogram
     * Subtleties of bucketing range fields
   * Metrics aggregations
     * Avg
     * Boxplot
     * Cardinality
     * Extended stats
     * Geo-bounds
     * Geo-centroid
     * Geo-Line
     * Matrix stats
     * Max
     * Median absolute deviation
     * Min
     * Percentile ranks
     * Percentiles
     * Rate
     * Scripted metric
     * Stats
     * String stats
     * Sum
     * T-test
     * Top hits
     * Top metrics
     * Value count
     * Weighted avg
   * Pipeline aggregations
     * Average bucket
     * Bucket script
     * Bucket count K-S test
     * Bucket correlation
     * Bucket selector
     * Bucket sort
     * Cumulative cardinality
     * Cumulative sum
     * Derivative
     * Extended stats bucket
     * Inference bucket
     * Max bucket
     * Min bucket
     * Moving average
     * Moving function
     * Moving percentiles
     * Normalize
     * Percentiles bucket
     * Serial differencing
     * Stats bucket
     * Sum bucket
 * EQL
   * Syntax reference
   * Function reference
   * Pipe reference
   * Example: Detect threats with EQL
 * SQL
   * Overview
   * Getting Started with SQL
   * Conventions and Terminology
     * Mapping concepts across SQL and Elasticsearch
   * Security
   * SQL REST API
     * Overview
     * Response Data Formats
     * Paginating through a large response
     * Filtering using Elasticsearch Query DSL
     * Columnar results
     * Passing parameters to a query
     * Use runtime fields
     * Run an async SQL search
   * SQL Translate API
   * SQL CLI
   * SQL JDBC
     * API usage
   * SQL ODBC
     * Driver installation
     * Configuration
   * SQL Client Applications
     * DBeaver
     * DbVisualizer
     * Microsoft Excel
     * Microsoft Power BI Desktop
     * Microsoft PowerShell
     * MicroStrategy Desktop
     * Qlik Sense Desktop
     * SQuirreL SQL
     * SQL Workbench/J
     * Tableau Desktop
     * Tableau Server
   * SQL Language
     * Lexical Structure
     * SQL Commands
     * DESCRIBE TABLE
     * SELECT
     * SHOW CATALOGS
     * SHOW COLUMNS
     * SHOW FUNCTIONS
     * SHOW TABLES
     * Data Types
     * Index patterns
     * Frozen Indices
   * Functions and Operators
     * Comparison Operators
     * Logical Operators
     * Math Operators
     * Cast Operators
     * LIKE and RLIKE Operators
     * Aggregate Functions
     * Grouping Functions
     * Date/Time and Interval Functions and Operators
     * Full-Text Search Functions
     * Mathematical Functions
     * String Functions
     * Type Conversion Functions
     * Geo Functions
     * Conditional Functions And Expressions
     * System Functions
   * Reserved keywords
   * SQL Limitations
 * Scripting
   * Painless scripting language
   * How to write scripts
     * Scripts, caching, and search speed
     * Dissecting data
     * Grokking grok
   * Common scripting use cases
     * Field extraction
   * Accessing document fields and special variables
   * Scripting and security
   * Lucene expressions language
   * Advanced scripts using script engines
 * Data management
   * Data tiers
   * Index management
 * ILM: Manage the index lifecycle
   * Overview
   * Concepts
     * Index lifecycle
     * Rollover
     * Policy updates
   * Automate rollover
   * Customize built-in ILM policies
   * Index lifecycle actions
     * Allocate
     * Delete
     * Force merge
     * Freeze
     * Migrate
     * Read only
     * Rollover
     * Searchable snapshot
     * Set priority
     * Shrink
     * Unfollow
     * Wait for snapshot
   * Configure a lifecycle policy
   * Migrate index allocation filters to node roles
   * Troubleshooting index lifecycle management errors
   * Start and stop index lifecycle management
   * Manage existing indices
   * Skip rollover
   * Restore a managed data stream or index
 * Autoscaling
   * Autoscaling deciders
     * Reactive storage decider
     * Proactive storage decider
     * Frozen shards decider
     * Frozen storage decider
     * Frozen existence decider
     * Machine learning decider
     * Fixed decider
 * Monitor a cluster
   * Overview
   * How it works
   * Monitoring in a production environment
   * Collecting monitoring data with Metricbeat
   * Collecting log data with Filebeat
   * Configuring indices for monitoring
   * Legacy collection methods
     * Collectors
     * Exporters
     * Local exporters
     * HTTP exporters
     * Pausing data collection
   * Troubleshooting
 * Roll up or transform your data
   * Rolling up historical data
     * Overview
     * API quick reference
     * Getting started
     * Understanding groups
     * Rollup aggregation limitations
     * Rollup search limitations
   * Transforming data
     * Overview
     * Setup
     * When to use transforms
     * Generating alerts for transforms
     * Transforms at scale
     * How checkpoints work
     * API quick reference
     * Tutorial: Transforming the eCommerce sample data
     * Examples
     * Painless examples
     * Troubleshooting
     * Limitations
 * Set up a cluster for high availability
   * Designing for resilience
     * Resilience in small clusters
     * Resilience in larger clusters
   * Cross-cluster replication
     * Set up cross-cluster replication
     * Manage cross-cluster replication
     * Manage auto-follow patterns
     * Upgrading clusters
 * Snapshot and restore
   * Register a repository
   * Create a snapshot
   * Restore a snapshot
   * Searchable snapshots
 * Secure the Elastic Stack
   * Elasticsearch security principles
   * Configuring security
     * Set up minimal security
     * Set up basic security
     * Set up basic security plus HTTPS
     * Encrypting communications in an Elasticsearch Docker Container
     * Enabling cipher suites for stronger encryption
     * Supported SSL/TLS versions by JDK version
     * Security files
     * FIPS 140-2
   * Updating node security certificates
     * With the same CA
     * With a different CA
   * User authentication
     * Built-in users
     * Service accounts
     * Internal users
     * Token-based authentication services
     * Realms
     * Realm chains
     * Active Directory user authentication
     * File-based user authentication
     * LDAP user authentication
     * Native user authentication
     * OpenID Connect authentication
     * PKI user authentication
     * SAML authentication
     * Kerberos authentication
     * Integrating with other authentication systems
     * Enabling anonymous access
     * Controlling the user cache
     * Configuring SAML single-sign-on on the Elastic Stack
     * Configuring single sign-on to the Elastic Stack using OpenID Connect
   * User authorization
     * Built-in roles
     * Defining roles
     * Security privileges
     * Document level security
     * Field level security
     * Granting privileges for data streams and aliases
     * Mapping users and groups to roles
     * Setting up field and document level security
     * Submitting requests on behalf of other users
     * Configuring authorization delegation
     * Customizing roles and authorization
   * Enable audit logging
     * Audit events
     * Logfile audit output
     * Logfile audit events ignore policies
     * Auditing search queries
   * Restricting connections with IP filtering
     * Separating node-to-node and client traffic
   * Securing clients and integrations
     * HTTP/REST clients and security
     * Java Client and security
     * ES-Hadoop and Security
     * Monitoring and security
   * Operator privileges
     * Configure operator privileges
     * Operator-only functionality
     * Operator privileges for snapshot and restore
   * Troubleshooting
     * Some settings are not returned via the nodes settings API
     * Authorization exceptions
     * Users command fails due to extra arguments
     * Users are frequently locked out of Active Directory
     * Certificate verification fails for curl on Mac
     * SSLHandshakeException causes connections to fail
     * Common SSL/TLS exceptions
     * Common Kerberos exceptions
     * Common SAML issues
     * Internal Server Error in Kibana
     * Setup-passwords command fails due to connection failure
     * Failures due to relocation of the configuration files
   * Limitations
 * Watcher
   * Getting started with Watcher
   * How Watcher works
   * Encrypting sensitive data in Watcher
   * Inputs
     * Simple input
     * Search input
     * HTTP input
     * Chain input
   * Triggers
     * Schedule trigger
   * Conditions
     * Always condition
     * Never condition
     * Compare condition
     * Array compare condition
     * Script condition
   * Actions
     * Running an action for each element in an array
     * Adding conditions to actions
     * Email action
     * Webhook action
     * Index action
     * Logging action
     * Slack action
     * PagerDuty action
     * Jira action
   * Transforms
     * Search payload transform
     * Script payload transform
     * Chain payload transform
   * Java API
   * Managing watches
   * Example watches
     * Watching the status of an Elasticsearch cluster
     * Watching event data
   * Troubleshooting
   * Limitations
 * Command line tools
   * elasticsearch-certgen
   * elasticsearch-certutil
   * elasticsearch-croneval
   * elasticsearch-keystore
   * elasticsearch-migrate
   * elasticsearch-node
   * elasticsearch-saml-metadata
   * elasticsearch-service-tokens
   * elasticsearch-setup-passwords
   * elasticsearch-shard
   * elasticsearch-syskeygen
   * elasticsearch-users
 * How to
   * General recommendations
   * Recipes
     * Mixing exact search with stemming
     * Getting consistent scoring
     * Incorporating static relevance signals into the score
   * Tune for indexing speed
   * Tune for search speed
     * Tune your queries with the Profile API
     * Faster phrase queries with index_phrases
     * Faster prefix queries with index_prefixes
     * Use constant_keyword to speed up filtering
   * Tune for disk usage
   * Fix common cluster issues
   * Size your shards
   * Use Elasticsearch for time series data
 * REST APIs
   * API conventions
     * Multi-target syntax
     * Date math support in index and index alias names
     * Cron expressions
     * Common options
     * URL-based access control
   * Autoscaling APIs
     * Create or update autoscaling policy
     * Get autoscaling capacity
     * Delete autoscaling policy
     * Get autoscaling policy
   * Compact and aligned text (CAT) APIs
     * cat aliases
     * cat allocation
     * cat anomaly detectors
     * cat count
     * cat data frame analytics
     * cat datafeeds
     * cat fielddata
     * cat health
     * cat indices
     * cat master
     * cat nodeattrs
     * cat nodes
     * cat pending tasks
     * cat plugins
     * cat recovery
     * cat repositories
     * cat segments
     * cat shards
     * cat snapshots
     * cat task management
     * cat templates
     * cat thread pool
     * cat trained model
     * cat transforms
   * Cluster APIs
     * Cluster allocation explain
     * Cluster get settings
     * Cluster health
     * Cluster reroute
     * Cluster state
     * Cluster stats
     * Cluster update settings
     * Nodes feature usage
     * Nodes hot threads
     * Nodes info
     * Nodes reload secure settings
     * Nodes stats
     * Pending cluster tasks
     * Remote cluster info
     * Task management
     * Voting configuration exclusions
   * Cross-cluster replication APIs
     * Get CCR stats
     * Create follower
     * Pause follower
     * Resume follower
     * Unfollow
     * Forget follower
     * Get follower stats
     * Get follower info
     * Create auto-follow pattern
     * Delete auto-follow pattern
     * Get auto-follow pattern
     * Pause auto-follow pattern
     * Resume auto-follow pattern
   * Data stream APIs
     * Create data stream
     * Delete data stream
     * Get data stream
     * Migrate to data stream
     * Data stream stats
     * Promote data stream
     * Modify data streams
   * Document APIs
     * Reading and Writing documents
     * Index
     * Get
     * Delete
     * Delete by query
     * Update
     * Update by query
     * Multi get
     * Bulk
     * Reindex
     * Term vectors
     * Multi term vectors
     * ?refresh
     * Optimistic concurrency control
   * Enrich APIs
     * Create enrich policy
     * Delete enrich policy
     * Get enrich policy
     * Execute enrich policy
     * Enrich stats
   * EQL APIs
     * Delete async EQL search
     * EQL search
     * Get async EQL search
     * Get async EQL search status
   * Features APIs
     * Get features
     * Reset features
   * Fleet APIs
     * Get global checkpoints
     * Fleet search
     * Fleet search
   * Find structure API
   * Graph explore API
   * Index APIs
     * Alias exists
     * Aliases
     * Analyze
     * Analyze index disk usage
     * Clear cache
     * Clone index
     * Close index
     * Create index
     * Create or update alias
     * Create or update component template
     * Create or update index template
     * Create or update index template (legacy)
     * Delete component template
     * Delete dangling index
     * Delete alias
     * Delete index
     * Delete index template
     * Delete index template (legacy)
     * Exists
     * Field usage stats
     * Flush
     * Force merge
     * Freeze index
     * Get alias
     * Get component template
     * Get field mapping
     * Get index
     * Get index settings
     * Get index template
     * Get index template (legacy)
     * Get mapping
     * Import dangling index
     * Index recovery
     * Index segments
     * Index shard stores
     * Index stats
     * Index template exists (legacy)
     * List dangling indices
     * Open index
     * Refresh
     * Resolve index
     * Rollover
     * Shrink index
     * Simulate index
     * Simulate template
     * Split index
     * Synced flush
     * Type exists
     * Unfreeze index
     * Update index settings
     * Update mapping
   * Index lifecycle management APIs
     * Create or update lifecycle policy
     * Get policy
     * Delete policy
     * Move to step
     * Remove policy
     * Retry policy
     * Get index lifecycle management status
     * Explain lifecycle
     * Start index lifecycle management
     * Stop index lifecycle management
     * Migrate indices and ILM policies to data tiers routing
   * Ingest APIs
     * Create or update pipeline
     * Delete pipeline
     * GeoIP stats
     * Get pipeline
     * Simulate pipeline
   * Info API
   * Licensing APIs
     * Delete license
     * Get license
     * Get trial status
     * Start trial
     * Get basic status
     * Start basic
     * Update license
   * Logstash APIs
     * Create or update Logstash pipeline
     * Delete Logstash pipeline
     * Get Logstash pipeline
   * Machine learning anomaly detection APIs
     * Add events to calendar
     * Add jobs to calendar
     * Close jobs
     * Create jobs
     * Create calendars
     * Create datafeeds
     * Create filters
     * Delete calendars
     * Delete datafeeds
     * Delete events from calendar
     * Delete filters
     * Delete forecasts
     * Delete jobs
     * Delete jobs from calendar
     * Delete model snapshots
     * Delete expired data
     * Estimate model memory
     * Find file structure
     * Flush jobs
     * Forecast jobs
     * Get buckets
     * Get calendars
     * Get categories
     * Get datafeeds
     * Get datafeed statistics
     * Get influencers
     * Get jobs
     * Get job statistics
     * Get machine learning info
     * Get model snapshots
     * Get model snapshot upgrade statistics
     * Get overall buckets
     * Get scheduled events
     * Get filters
     * Get records
     * Open jobs
     * Post data to jobs
     * Preview datafeeds
     * Reset jobs
     * Revert model snapshots
     * Set upgrade mode
     * Start datafeeds
     * Stop datafeeds
     * Update datafeeds
     * Update filters
     * Update jobs
     * Update model snapshots
     * Upgrade model snapshots
   * Machine learning data frame analytics APIs
     * Create data frame analytics jobs
     * Delete data frame analytics jobs
     * Evaluate data frame analytics
     * Explain data frame analytics
     * Get data frame analytics jobs
     * Get data frame analytics jobs stats
     * Preview data frame analytics
     * Start data frame analytics jobs
     * Stop data frame analytics jobs
     * Update data frame analytics jobs
   * Machine learning trained model APIs
     * Create or update trained model aliases
     * Create trained models
     * Delete trained model aliases
     * Delete trained models
     * Get trained models
     * Get trained models stats
   * Migration APIs
     * Deprecation info
     * Feature upgrade APIs
   * Node lifecycle APIs
     * Put shutdown API
     * Get shutdown API
     * Delete shutdown API
   * Reload search analyzers API
   * Repositories metering APIs
     * Get repositories metering information
     * Clear repositories metering archive
   * Rollup APIs
     * Create rollup jobs
     * Delete rollup jobs
     * Get job
     * Get rollup caps
     * Get rollup index caps
     * Rollup search
     * Start rollup jobs
     * Stop rollup jobs
   * Script APIs
     * Create or update stored script
     * Delete stored script
     * Get script contexts
     * Get script languages
     * Get stored script
   * Search APIs
     * Search
     * Async search
     * Point in time
     * Scroll
     * Clear scroll
     * Search template
     * Multi search template
     * Render search template
     * Search shards
     * Suggesters
     * Multi search
     * Count
     * Validate
     * Terms enum
     * Explain
     * Profile
     * Field capabilities
     * Ranking evaluation
     * Vector tile search
   * Searchable snapshots APIs
     * Mount snapshot
     * Cache stats
     * Searchable snapshot statistics
     * Clear cache
   * Security APIs
     * Authenticate
     * Change passwords
     * Clear cache
     * Clear roles cache
     * Clear privileges cache
     * Clear API key cache
     * Clear service account token caches
     * Create API keys
     * Create or update application privileges
     * Create or update role mappings
     * Create or update roles
     * Create or update users
     * Create service account tokens
     * Delegate PKI authentication
     * Delete application privileges
     * Delete role mappings
     * Delete roles
     * Delete service account token
     * Delete users
     * Disable users
     * Enable users
     * Get API key information
     * Get application privileges
     * Get builtin privileges
     * Get role mappings
     * Get roles
     * Get service accounts
     * Get service account credentials
     * Get token
     * Get user privileges
     * Get users
     * Grant API keys
     * Has privileges
     * Invalidate API key
     * Invalidate token
     * OpenID Connect prepare authentication
     * OpenID Connect authenticate
     * OpenID Connect logout
     * Query API key information
     * SAML prepare authentication
     * SAML authenticate
     * SAML logout
     * SAML invalidate
     * SAML complete logout
     * SAML service provider metadata
     * SSL certificate
   * Snapshot and restore APIs
     * Create or update snapshot repository
     * Verify snapshot repository
     * Repository analysis
     * Get snapshot repository
     * Delete snapshot repository
     * Clean up snapshot repository
     * Clone snapshot
     * Create snapshot
     * Get snapshot
     * Get snapshot status
     * Restore snapshot
     * Delete snapshot
   * Snapshot lifecycle management APIs
     * Create or update policy
     * Get policy
     * Delete policy
     * Execute snapshot lifecycle policy
     * Execute snapshot retention policy
     * Get snapshot lifecycle management status
     * Get snapshot lifecycle stats
     * Start snapshot lifecycle management
     * Stop snapshot lifecycle management
   * SQL APIs
     * Clear SQL cursor
     * Delete async SQL search
     * Get async SQL search
     * Get async SQL search status
     * SQL search
     * SQL translate
   * Transform APIs
     * Create transform
     * Delete transform
     * Get transforms
     * Get transform statistics
     * Preview transform
     * Start transform
     * Stop transforms
     * Update transform
     * Upgrade transforms
   * Usage API
   * Watcher APIs
     * Ack watch
     * Activate watch
     * Deactivate watch
     * Delete watch
     * Execute watch
     * Get watch
     * Get Watcher stats
     * Query watches
     * Create or update watch
     * Start watch service
     * Stop watch service
   * Definitions
     * Role mapping resources
 * Migration guide
   * 7.16
     * Transient settings migration guide
   * 7.15
   * 7.14
   * 7.13
   * 7.12
   * 7.11
   * 7.10
   * 7.9
   * 7.8
   * 7.7
   * 7.6
   * 7.5
   * 7.4
   * 7.3
   * 7.2
   * 7.1
   * 7.0
     * Java time migration guide
 * Release notes
   * Elasticsearch version 7.16.3
   * Elasticsearch version 7.16.2
   * Elasticsearch version 7.16.1
   * Elasticsearch version 7.16.0
   * Elasticsearch version 7.15.2
   * Elasticsearch version 7.15.1
   * Elasticsearch version 7.15.0
   * Elasticsearch version 7.14.2
   * Elasticsearch version 7.14.1
   * Elasticsearch version 7.14.0
   * Elasticsearch version 7.13.4
   * Elasticsearch version 7.13.3
   * Elasticsearch version 7.13.2
   * Elasticsearch version 7.13.1
   * Elasticsearch version 7.13.0
   * Elasticsearch version 7.12.1
   * Elasticsearch version 7.12.0
   * Elasticsearch version 7.11.2
   * Elasticsearch version 7.11.1
   * Elasticsearch version 7.11.0
   * Elasticsearch version 7.10.2
   * Elasticsearch version 7.10.1
   * Elasticsearch version 7.10.0
   * Elasticsearch version 7.9.3
   * Elasticsearch version 7.9.2
   * Elasticsearch version 7.9.1
   * Elasticsearch version 7.9.0
   * Elasticsearch version 7.8.1
   * Elasticsearch version 7.8.0
   * Elasticsearch version 7.7.1
   * Elasticsearch version 7.7.0
   * Elasticsearch version 7.6.2
   * Elasticsearch version 7.6.1
   * Elasticsearch version 7.6.0
   * Elasticsearch version 7.5.2
   * Elasticsearch version 7.5.1
   * Elasticsearch version 7.5.0
   * Elasticsearch version 7.4.2
   * Elasticsearch version 7.4.1
   * Elasticsearch version 7.4.0
   * Elasticsearch version 7.3.2
   * Elasticsearch version 7.3.1
   * Elasticsearch version 7.3.0
   * Elasticsearch version 7.2.1
   * Elasticsearch version 7.2.0
   * Elasticsearch version 7.1.1
   * Elasticsearch version 7.1.0
   * Elasticsearch version 7.0.0
   * Elasticsearch version 7.0.0-rc2
   * Elasticsearch version 7.0.0-rc1
   * Elasticsearch version 7.0.0-beta1
   * Elasticsearch version 7.0.0-alpha2
   * Elasticsearch version 7.0.0-alpha1
 * Dependencies and versions

SUBSCRIBE TO OUR NEWSLETTER

MarketoFEForm

*






 




Sign up

Follow us
 * 
 * 
 * 
 * 


PRODUCTS & SOLUTIONS

 * Enterprise Search
 * Observability
 * Security
 * Elastic Stack
 * Elasticsearch
 * Kibana
 * Integrations
 * Subscriptions
 * Pricing


COMPANY

 * Careers
   
   
   WE'RE HIRING

 * Board of Directors
 * Contact


RESOURCES

 * Documentation
 * What is the ELK Stack?
 * What is Elasticsearch?
 * Migrating from Splunk
 * Compare AWS Elasticsearch
 * Public Sector

Follow us
 * 
 * 
 * 
 * 

Language

DeutschEnglishEspañolFrançais日本語한국어简体中文PortuguêsEnglish

 * Trademarks
 * Terms of Use
 * Privacy
 * Sitemap

© 2022. Elasticsearch B.V. All Rights Reserved

Elasticsearch is a trademark of Elasticsearch B.V., registered in the U.S. and
in other countries.

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo
are trademarks of the Apache Software Foundation in the United States and/or
other countries.

© 2022. Elasticsearch B.V. All Rights Reserved