diff --git a/deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md b/deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md index 731d25329..11c89ecb5 100644 --- a/deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md +++ b/deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md @@ -5,7 +5,7 @@ mapped_pages: # Saved object migrations [saved-object-migrations] -Each time you upgrade {{kib}}, an upgrade migration is performed to ensure that all [saved objects](../../../explore-analyze/find-and-organize/saved-objects.md) are compatible with the new version. +Each time you upgrade {{kib}}, an upgrade migration is performed to ensure that all [saved objects](/explore-analyze/find-and-organize/saved-objects.md) are compatible with the new version. ::::{note} {{kib}} includes an [**Upgrade Assistant**](../prepare-to-upgrade/upgrade-assistant.md) to help you prepare for an upgrade. To access the assistant, go to **Stack Management > Upgrade Assistant**. diff --git a/explore-analyze/find-and-organize.md b/explore-analyze/find-and-organize.md index 980fd1dce..d8e11de9a 100644 --- a/explore-analyze/find-and-organize.md +++ b/explore-analyze/find-and-organize.md @@ -1,6 +1,5 @@ --- mapped_urls: - - https://www.elastic.co/guide/en/serverless/current/saved-objects.html - https://www.elastic.co/guide/en/serverless/current/project-settings-content.html --- @@ -17,4 +16,15 @@ mapped_urls: $$$saved-objects-copy-to-other-spaces$$$ -$$$saved-objects-import-and-export$$$ \ No newline at end of file +$$$saved-objects-import-and-export$$$ + +When using Elastic, you create, manage, and export various types of content, called objects. From data views that let your organize your {{es}} data into logical subsets, to dashboards and reports that let you visualize and share insights with others. + +This section describes what those objects are, how you can organize them, and how you can find them quickly when navigating the user interface. + +- [Data views](find-and-organize/data-views.md) +- [Saved objects](find-and-organize/saved-objects.md) +- [Files](find-and-organize/files.md) +- [Reports](find-and-organize/reports.md) +- [Tags](find-and-organize/tags.md) +- [Finding apps and objects](find-and-organize/find-apps-and-objects.md) \ No newline at end of file diff --git a/explore-analyze/find-and-organize/data-views.md b/explore-analyze/find-and-organize/data-views.md index 52d950c7e..548ac0ac4 100644 --- a/explore-analyze/find-and-organize/data-views.md +++ b/explore-analyze/find-and-organize/data-views.md @@ -5,7 +5,7 @@ mapped_urls: - https://www.elastic.co/guide/en/kibana/current/managing-data-views.html --- -# Data views +# Data views [data-views] % What needs to be done: Align serverless/stateful @@ -25,4 +25,656 @@ $$$runtime-fields$$$ $$$management-cross-cluster-search$$$ -$$$data-views-read-only-access$$$ \ No newline at end of file +$$$data-views-read-only-access$$$ + + +By default, analytics features such as Discover require a {{data-source}} to access the {{es}} data that you want to explore. A {{data-source}} can point to one or more indices, [data streams](../../manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). For example, a {{data-source}} can point to your log data from yesterday, or all indices that contain your data. + +::::{note} +In certain apps, you can also query your {{es}} data using [{{esql}}](../query-filter/languages/esql.md). With {{esql}}, data views aren't required. +:::: + + +## Permissions [data-views-read-only-access] + +* Creating and managing data views requires [a role](../../deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) with the following permissions: + - `Data View Management` {{kib}} privilege. + - `view_index_metadata` {{es}} privilege. +* If a read-only indicator appears, you have insufficient privileges to create or save {{data-sources}}. In addition, the buttons to create {{data-sources}} or save existing {{data-sources}} are not visible. + + +## Create a data view [settings-create-pattern] + +If you collected data using one of the {{kib}} [ingest options](../../manage-data/ingest.md), uploaded a file, or added sample data, you get a {{data-source}} created automatically, and can start exploring your data. If you loaded your own data, follow these steps to create a {{data-source}}. + +1. Open **Lens** or **Discover**, and then open the data view menu. + + :::{image} ../../images/kibana-discover-data-view.png + :alt: How to set the {{data-source}} in Discover + :class: screenshot + :width: 50% + ::: + +2. Click **Create a {{data-source}}**. +3. Give your {{data-source}} a name. +4. Start typing in the **Index pattern** field, and {{kib}} looks for the names of indices, data streams, and aliases that match your input. You can view all available sources or only the sources that the data view targets. + ![Create data view](../../images/kibana-create-data-view.png "") + + * To match multiple sources, use a wildcard (*). `filebeat-*` matches `filebeat-apache-a`, `filebeat-apache-b`, and so on. + * To match multiple single sources, enter their names, separated by a comma. Do not include a space after the comma. `filebeat-a,filebeat-b` matches two indices. + * To exclude a source, use a minus sign (-), for example, `-test3`. + +5. Open the **Timestamp field** dropdown, and then select the default field for filtering your data by time. + + * If you don’t set a default time field, you can’t use global time filters on your dashboards. This is useful if you have multiple time fields and want to create dashboards that combine visualizations based on different timestamps. + * If your index doesn’t have time-based data, choose **I don’t want to use the time filter**. + +6. Click **Show advanced settings** to: + + * Display hidden and system indices. + * Specify your own {{data-source}} name. For example, enter your {{es}} index alias name. + +7. $$$reload-fields$$$ Click **Save {{data-source}} to {{kib}}**. + + You can manage your data views from the **Management** menu. + + + +### Create a temporary {{data-source}} [_create_a_temporary_data_source] + +Want to explore your data or create a visualization without saving it as a data view? Select **Use without saving** in the **Create {{data-source}}** form in **Discover** or **Lens**. With a temporary {{data-source}}, you can add fields and create an {{es}} query alert, just like you would a regular {{data-source}}. Your work won’t be visible to others in your space. + +A temporary {{data-source}} remains in your space until you change apps, or until you save it. + +:::{image} https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3a4f3994c44c0cc/637eb0c95834861044c21a25/ad-hoc-data-view.gif +:alt: how to create an ad-hoc data view +:class: screenshot +::: + +::::{note} +Temporary {{data-sources}} are not available in the **Management** menu. +:::: + + + +### Use {{data-sources}} with rolled up data [rollup-data-view] +::::{applies} +:serverless: unavailable +:stack: deprecated +:::: + +::::{admonition} +:class: warning + +Rollups are deprecated. Use [downsampling](../../manage-data/data-store/index-types/downsampling-time-series-data-stream.md) instead. +:::: + + +A {{data-source}} can match one rollup index. For a combination rollup {{data-source}} with both raw and rolled up data, use the standard notation: + +```ts +rollup_logstash,kibana_sample_data_logs +``` + +For an example, refer to [Create and visualize rolled up data](../../manage-data/lifecycle/rollup.md#rollup-data-tutorial). + + +### Use {{data-sources}} with {{ccs}} [management-cross-cluster-search] +::::{applies} +:serverless: unavailable +:stack: ga +:::: + +If your {{es}} clusters are configured for [{{ccs}}](../../solutions/search/cross-cluster-search.md), you can create a {{data-source}} to search across the clusters of your choosing. Specify data streams, indices, and aliases in a remote cluster using the following syntax: + +```ts +: +``` + +To query {{ls}} indices across two {{es}} clusters that you set up for {{ccs}}, named `cluster_one` and `cluster_two`: + +```ts + cluster_one:logstash-*,cluster_two:logstash-* +``` + +Use wildcards in your cluster names to match any number of clusters. To search {{ls}} indices across clusters named `cluster_foo`, `cluster_bar`, and so on: + +```ts +cluster_*:logstash-* +``` + +To query across all {{es}} clusters that have been configured for {{ccs}}, use a standalone wildcard for your cluster name: + +```ts +*:logstash-* +``` + +To match indices starting with `logstash-`, but exclude those starting with `logstash-old`, from all clusters having a name starting with `cluster_`: + +```ts +cluster_*:logstash-*,cluster_*:-logstash-old* +``` + +Excluding a cluster avoids sending any network calls to that cluster. To exclude a cluster with the name `cluster_one`: + +```ts +cluster_*:logstash-*,-cluster_one:* +``` + +Once you configure a {{data-source}} to use the {{ccs}} syntax, all searches and aggregations using that {{data-source}} in {{kib}} take advantage of {{ccs}}. + +For more information, refer to [Excluding clusters or indicies from cross-cluster search](../../solutions/search/cross-cluster-search.md#exclude-problematic-clusters). + + +## Delete a {{data-source}} [delete-data-view] + +When you delete a {{data-source}}, you cannot recover the associated field formatters, runtime fields, source filters, and field popularity data. Deleting a {{data-source}} does not remove any indices or data documents from {{es}}. + +::::{warning} +Deleting a {{data-source}} breaks all visualizations, saved Discover sessions, and other saved objects that reference the data view. +:::: + + +1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). +2. Find the {{data-source}} that you want to delete, and then click ![Delete icon](../../images/kibana-delete.png "") in the **Actions** column. + + +## {{data-source}} field cache [data-view-field-cache] + +The browser caches {{data-source}} field lists for increased performance. This is particularly impactful for {{data-sources}} with a high field count that span a large number of indices and clusters. The field list is updated every couple of minutes in typical {{kib}} usage. Alternatively, use the refresh button on the {{data-source}} management detail page to get an updated field list. A force reload of {{kib}} has the same effect. + +The field list may be impacted by changes in indices and user permissions. + +## Manage data views [managing-data-views] + +To customize the data fields in your data view, you can add runtime fields to the existing documents, add scripted fields to compute data on the fly, and change how {{kib}} displays the data fields. + + +### Explore your data with runtime fields [runtime-fields] + +Runtime fields are fields that you add to documents after you’ve ingested your data, and are evaluated at query time. With runtime fields, you allow for a smaller index and faster ingest time so that you can use less resources and reduce your operating costs. You can use runtime fields anywhere data views are used, for example, you can explore runtime fields in **Discover** and create visualizations with runtime fields for your dashboard. + +With runtime fields, you can: + +* Define fields for a specific use case without modifying the underlying schema. +* Override the returned values from index fields. +* Start working on your data without understanding the structure. +* Add fields to existing documents without reindexing your data. + +::::{warning} +Runtime fields can impact {{kib}} performance. When you run a query, {{es}} uses the fields you index first to shorten the response time. Index the fields that you commonly search for and filter on, such as `timestamp`, then use runtime fields to limit the number of fields {{es}} uses to calculate values. +:::: + + +For detailed information on how to use runtime fields with {{es}}, refer to [Runtime fields](../../manage-data/data-store/mapping/runtime-fields.md). + + +#### Add runtime fields [create-runtime-fields] + +To add runtime fields to your data views, open the data view you want to change, then define the field values by emitting a single value using the [Painless scripting language](../../explore-analyze/scripting/modules-scripting-painless.md). You can also add runtime fields in [**Discover**](../../explore-analyze/discover/discover-get-started.md#add-field-in-discover) and [**Lens**](../../explore-analyze/visualize/lens.md#change-the-fields). + +1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). +2. Select the data view that you want to add the runtime field to, then click **Add field**. +3. Enter the field **Name**, then select the **Type**. +4. Select **Set custom label**, then enter the label you want to display where the data view is used, such as **Discover**. +5. Select **Set value**, then define the script. The script must match the **Type**, or the data view fails anywhere it is used. +6. To help you define the script, use the **Preview**: + + * To view the other available fields, use the **Document ID** arrows. + * To filter the fields list, enter the keyword in **Filter fields**. + * To pin frequently used fields to the top of the list, hover over the field, then click ![Icon to pin field to the top of the list](../../images/kibana-stackManagement-indexPatterns-pinRuntimeField-7.15.png ""). + +7. Click **Create field**. + + +#### Runtime field examples [runtime-field-examples] + +Try the runtime field examples on your own using the [**Sample web logs**](../../explore-analyze/overview/kibana-quickstart.md#gs-get-data-into-kibana) data. + + +#### Return a keyword value [simple-hello-world-example] + +Return `Hello World!`: + +```text +emit("Hello World!"); +``` + +![Runtime field with keyword type](../../images/kibana-runtime_field.png "") + + +#### Perform a calculation on a single field [perform-a-calculation-on-a-single-field] + +Calculate kilobytes from bytes: + +```text +emit(doc['bytes'].value / 1024) +``` + + +#### Return a substring [return-substring] + +Return the string that appears after the last slash in the URL: + +```text +def path = doc["url.keyword"].value; +if (path != null) { + int lastSlashIndex = path.lastIndexOf('/'); + if (lastSlashIndex > 0) { + emit(path.substring(lastSlashIndex+1)); + return; + } +} +emit(""); +``` + + +#### Return multiple fields with a composite runtime field [composite-runtime-field] + +A single runtime field can also produce multiple subfields when the type `Composite` is selected. The script editor provides default types that can be customized for each subfields. + +Return `keyword` and `double` type subfields. Note that the first argument for `emit` is the name of the subfield. + +```text +emit('subfield_a', 'Hello'); +emit('subfield_b', 42); +``` + +![Runtime field with composite type](../../images/kibana-runtime_field_composite.png "") + + +#### Replace nulls with blanks [replace-nulls-with-blanks] + +Replace `null` values with `None`: + +```text +def source = doc['referer'].value; +if (source != null) { + emit(source); + return; +} +else { + emit("None"); +} +``` + +Specify the operating system condition: + +```text +def source = doc['machine.os.keyword'].value; +if (source != "") { + emit(source); +} +else { + emit("None"); +} +``` + + +#### Manage runtime fields [manage-runtime-fields] + +Edit the settings for runtime fields, or remove runtime fields from data views. + +1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). +2. Select the data view that contains the runtime field you want to manage, then open the runtime field edit options or delete the runtime field. + + +### Add scripted fields to data views [scripted-fields] + +::::{admonition} Deprecated in 7.13. +:class: warning + +Use [runtime fields](../../manage-data/data-store/mapping/runtime-fields.md) instead of scripted fields. Runtime fields support Painless scripting and provide greater flexibility. You can also use the [Elasticsearch Query Language (ES|QL)](../../explore-analyze/query-filter/languages/esql.md) to compute values directly at query time. +:::: + + +Scripted fields compute data on the fly from the data in your {{es}} indices. The data is shown on the Discover tab as part of the document data, and you can use scripted fields in your visualizations. You query scripted fields with the [{{kib}} query language](../../explore-analyze/query-filter/languages/kql.md), and can filter them using the filter bar. The scripted field values are computed at query time, so they aren’t indexed and cannot be searched using the {{kib}} default query language. + +::::{warning} +Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on {{kib}} performance. Keep in mind that there’s no built-in validation of a scripted field. If your scripts are buggy, you’ll get exceptions whenever you try to view the dynamically generated data. +:::: + + +When you define a scripted field in {{kib}}, you have a choice of the [Lucene expressions](../../explore-analyze/scripting/modules-scripting-expression.md) or the [Painless](../../explore-analyze/scripting/modules-scripting-painless.md) scripting language. + +You can reference any single value numeric field in your expressions, for example: + +``` +doc['field_name'].value +``` + +For more information on scripted fields and additional examples, refer to [Using Painless in {{kib}} scripted fields](https://www.elastic.co/blog/using-painless-kibana-scripted-fields) + + +#### Migrate to runtime fields or ES|QL queries [migrate-off-scripted-fields] + +The following code snippets demonstrate how an example scripted field called `computed_values` on the Kibana Sample Data Logs data view could be migrated to either a runtime field or an ES|QL query, highlighting the differences between each approach. + + +##### Scripted field [scripted-field-example] + +In the scripted field example, variables are created to track all values the script will need to access or return. Since scripted fields can only return a single value, the created variables must be returned together as an array at the end of the script. + +```text +def hour_of_day = $('@timestamp', ZonedDateTime.parse('1970-01-01T00:00:00Z')).getHour(); +def time_of_day = ''; + +if (hour_of_day >= 22 || hour_of_day < 5) + time_of_day = 'Night'; +else if (hour_of_day < 12) + time_of_day = 'Morning'; +else if (hour_of_day < 18) + time_of_day = 'Afternoon'; +else + time_of_day = 'Evening'; + +def response_int = Integer.parseInt($('response.keyword', '200')); +def response_category = ''; + +if (response_int < 200) + response_category = 'Informational'; +else if (response_int < 300) + response_category = 'Successful'; +else if (response_int < 400) + response_category = 'Redirection'; +else if (response_int < 500) + response_category = 'Client Error'; +else + response_category = 'Server Error'; + +return [time_of_day, response_category]; +``` + + +##### Runtime field [runtime-field-example] + +Unlike scripted fields, runtime fields do not need to return a single value and can emit values at any point in the script, which will be combined and returned as a multi-value field. This allows for more flexibility in the script logic and removes the need to manually manage an array of values. + +```text +def hour_of_day = $('@timestamp', ZonedDateTime.parse('1970-01-01T00:00:00Z')).getHour(); + +if (hour_of_day >= 22 || hour_of_day < 5) + emit('Night'); +else if (hour_of_day < 12) + emit('Morning'); +else if (hour_of_day < 18) + emit('Afternoon'); +else + emit('Evening'); + +def response_int = Integer.parseInt($('response.keyword', '200')); + +if (response_int < 200) + emit('Informational'); +else if (response_int < 300) + emit('Successful'); +else if (response_int < 400) + emit('Redirection'); +else if (response_int < 500) + emit('Client Error'); +else + emit('Server Error'); +``` + + +##### ES|QL query [esql-example] + +Alternatively, ES|QL can be used to skip the need for data view management entirely and simply compute the values you need at query time. ES|QL supports computing multiple field values in a single query, using computed values with its rich set of commands and functions, and even aggregations against computed values. This makes it an excellent solution for one-off queries and realtime data analysis. + +```esql +FROM kibana_sample_data_logs + | EVAL hour_of_day = DATE_EXTRACT("HOUR_OF_DAY", @timestamp) + | EVAL time_of_day = CASE( + hour_of_day >= 22 OR hour_of_day < 5, "Night", + hour_of_day < 12, "Morning", + hour_of_day < 18, "Afternoon", + "Evening" + ) + | EVAL response_int = TO_INTEGER(response) + | EVAL response_category = CASE( + response_int < 200, "Informational", + response_int < 300, "Successful", + response_int < 400, "Redirection", + response_int < 500, "Client Error", + "Server Error" + ) + | EVAL computed_values = MV_APPEND(time_of_day, response_category) + | DROP hour_of_day, time_of_day, response_int, response_category +``` + + +#### Manage scripted fields [update-scripted-field] + +::::{warning} +The ability to create new scripted fields has been removed from the **Data Views** management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to `/app/management/kibana/dataViews/dataView/{{dataViewId}}/create-field`, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal. +:::: + + +1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). +2. Select the data view that contains the scripted field you want to manage. +3. Select the **Scripted fields** tab, then open the scripted field edit options or delete the scripted field. + +For more information about scripted fields in {{es}}, refer to [Scripting](../../explore-analyze/scripting.md). + +::::{warning} +Built-in validation is unsupported for scripted fields. When your scripts contain errors, you receive exceptions when you view the dynamically generated data. +:::: + + + +### Format data fields [managing-fields] + +{{kib}} uses the same field types as {{es}}, however, some {{es}} field types are unsupported in {{kib}}. To customize how {{kib}} displays data fields, use the formatting options. + +1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). +2. Click the data view that contains the field you want to change. +3. Find the field, then open the edit options (![Data field edit icon](../../images/kibana-edit_icon.png "")). +4. Select **Set custom label**, then enter a **Custom label** for the field. +5. Select **Set format**, then enter the **Format** for the field. + +::::{note} +For numeric fields the default field formatters are based on the `meta.unit` field. The unit is associated with a [time unit](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#time-units), percent, or byte. The convention for percents is to use value 1 to mean 100%. +:::: + + + +#### String field formatters [string-field-formatters] + +String fields support **String** and **Url** formatters. + +The **String** field formatter enables you to apply transforms to the field. + +Supported transformations include: + +* Convert to lowercase +* Convert to uppercase +* Convert to title case +* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: + +**Original** +: **Becomes** + +`com.organizations.project.ClassName` +: `c.o.p.ClassName` + + * Base64 decode + * URL param decode + + +You can specify the following types to the `Url` field formatter: + +* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. +* **Image** — Specifies the image directory. +* **Audio** — Specify the audio directory. + +To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. + +For example, when: + +* A field contains a user ID +* A field uses the `Url` field formatter +* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` + +The resulting URL replaces `{{value}}` with the user ID from the field. + +The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. + +When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. + +When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. + +To pass unescaped values directly to the URL, use the `{{rawValue}}` string. + +A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. + + +#### Date field formatters [field-formatters-date] + +Date fields support **Date**, **String**, and **Url** formatters. + +The **Date** formatter enables you to choose the display format of date stamps using the [moment.js](https://momentjs.com/) standard format definitions. + +The **String** field formatter enables you to apply transforms to the field. + +Supported transformations include: + +* Convert to lowercase +* Convert to uppercase +* Convert to title case +* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: + +**Original** +: **Becomes** + +`com.organizations.project.ClassName` +: `c.o.p.ClassName` + + * Base64 decode + * URL param decode + + +You can specify the following types to the `Url` field formatter: + +* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. +* **Image** — Specifies the image directory. +* **Audio** — Specify the audio directory. + +To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. + +For example, when: + +* A field contains a user ID +* A field uses the `Url` field formatter +* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` + +The resulting URL replaces `{{value}}` with the user ID from the field. + +The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. + +When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. + +When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. + +To pass unescaped values directly to the URL, use the `{{rawValue}}` string. + +A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. + + +#### Geographic point field formatters [field-formatters-geopoint] + +Geographic point fields support the **String** formatter. + +The **String** field formatter enables you to apply transforms to the field. + +Supported transformations include: + +* Convert to lowercase +* Convert to uppercase +* Convert to title case +* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: + +**Original** +: **Becomes** + +`com.organizations.project.ClassName` +: `c.o.p.ClassName` + + * Base64 decode + * URL param decode + + + +#### Number field formatters [field-formatters-numeric] + +Numeric fields support **Bytes**, **Color**, **Duration**, **Histogram**, **Number**, **Percentage**, **String**, and **Url** formatters. + +The **Bytes**, **Number**, and **Percentage** formatters enable you to choose the display formats of numbers in the field using the [Elastic numeral pattern](../../explore-analyze/numeral-formatting.md) syntax that {{kib}} maintains. + +The **Histogram** formatter is used only for the [histogram field type](https://www.elastic.co/guide/en/elasticsearch/reference/current/histogram.html). When you use the **Histogram** formatter, you can apply the **Bytes**, **Number**, or **Percentage** format to aggregated data. + +You can specify the following types to the `Url` field formatter: + +* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. +* **Image** — Specifies the image directory. +* **Audio** — Specify the audio directory. + +To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. + +For example, when: + +* A field contains a user ID +* A field uses the `Url` field formatter +* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` + +The resulting URL replaces `{{value}}` with the user ID from the field. + +The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. + +When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. + +When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. + +To pass unescaped values directly to the URL, use the `{{rawValue}}` string. + +A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. + +The **String** field formatter enables you to apply transforms to the field. + +Supported transformations include: + +* Convert to lowercase +* Convert to uppercase +* Convert to title case +* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: + +**Original** +: **Becomes** + +`com.organizations.project.ClassName` +: `c.o.p.ClassName` + + * Base64 decode + * URL param decode + + +The **Duration** field formatter displays the numeric value of a field in the following increments: + +* Picoseconds +* Nanoseconds +* Microseconds +* Milliseconds +* Seconds +* Minutes +* Hours +* Days +* Weeks +* Months +* Years + +You can specify these increments with up to 20 decimal places for input and output formats. + +The **Color** field formatter enables you to specify colors with ranges of values for a number field. + +When you select the **Color** formatter, click **Add Color**, then specify the **Range**, **Text color**, and **Background color**. + + diff --git a/explore-analyze/find-and-organize/files.md b/explore-analyze/find-and-organize/files.md index 898a787b6..f268a5feb 100644 --- a/explore-analyze/find-and-organize/files.md +++ b/explore-analyze/find-and-organize/files.md @@ -5,11 +5,9 @@ mapped_pages: # Files [files] -This content applies to: [![Elasticsearch](../../images/serverless-es-badge.svg "")](../../solutions/search.md) [![Observability](../../images/serverless-obs-badge.svg "")](../../solutions/observability.md) [![Security](../../images/serverless-sec-badge.svg "")](../../solutions/security/elastic-security-serverless.md) +Several features let you upload files. For example, you can add files to [cases](../../solutions/observability/incident-management/cases.md) or upload a logo to an **Image** panel in a [Dashboard](../dashboards.md). -Several {{serverless-full}} features let you upload files. For example, you can add files to [cases](../../solutions/observability/incident-management/cases.md) or upload a logo to an **Image** panel in a [Dashboard](../dashboards.md). - -You can access these uploaded files in **{{project-settings}} → {{manage-app}} → {{files-app}}**. +You can access and manage all of the files currently stored in {{kib}} from the **Files** page. :::{image} ../../images/serverless-file-management.png :alt: Files UI diff --git a/explore-analyze/find-and-organize/find-apps-and-objects.md b/explore-analyze/find-and-organize/find-apps-and-objects.md index f4e4f2f82..f6ca8a73b 100644 --- a/explore-analyze/find-and-organize/find-apps-and-objects.md +++ b/explore-analyze/find-and-organize/find-apps-and-objects.md @@ -1,153 +1,21 @@ --- -navigation_title: "What is Kibana?" mapped_pages: - https://www.elastic.co/guide/en/kibana/current/introduction.html#kibana-navigation-search --- - - -# Find apps and objects [introduction] - - -{{kib}} enables you to give shape to your data and navigate the Elastic Stack. With {{kib}}, you can: - -* **Search, observe, and protect your data.** From discovering documents to analyzing logs to finding security vulnerabilities, {{kib}} is your portal for accessing these capabilities and more. -* **Analyze your data.** Search for hidden insights, visualize what you’ve found in charts, gauges, maps, graphs, and more, and combine them in a dashboard. -* **Manage, monitor, and secure the Elastic Stack.** Manage your data, monitor the health of your Elastic Stack cluster, and control which users have access to which features. - -:::{image} ../../images/kibana-analytics-home-page.png -:alt: Analytics home page -:name: kibana-home-page -:class: screenshot -::: - -**{{kib}} is for administrators, analysts, and business users.** As an admin, your role is to manage the Elastic Stack, from creating your deployment to getting {{es}} data into {{kib}}, and then managing the data. As an analyst, you’re looking to discover insights in the data, visualize your data on dashboards, and share your findings. As a business user, you want to view existing dashboards and drill down into details. - -**{{kib}} works with all types of data.** Your data can be structured or unstructured text, numerical data, time series data, geospatial data, logs, metrics, security events, and more. No matter your data, {{kib}} can help you uncover patterns and relationships and visualize the results. - - -## Search, observe, and protect [extend-your-use-case] - -Being able to search, observe, and protect your data is a requirement for any analyst. {{kib}} provides solutions for each of these use cases. - -* [**Enterprise Search**](https://www.elastic.co/guide/en/enterprise-search/current/index.html) enables you to create a search experience for your app, workplace, and website. -* [**Elastic Observability**](../../solutions/observability/get-started/what-is-elastic-observability.md) enables you to monitor and apply analytics in real time to events happening across all your environments. You can analyze log events, monitor the performance metrics for the host or container that it ran in, trace the transaction, and check the overall service availability. -* Designed for security analysts, [**Elastic Security**](../../solutions/security.md) provides an overview of the events and alerts from your environment. Elastic Security helps you defend your organization from threats before damage and loss occur. - - -## Analyze [visualize-and-analyze] - -With {{kib}} [**Analytics**](../overview/kibana-quickstart.md), you can quickly search through large amounts of data, explore fields and values, and then use the drag-and-drop interface to rapidly build charts, tables, metrics, and more. - -:::{image} ../../images/kibana-visualization-journey.png -:alt: User data analysis journey -:class: screenshot -::: - -$$$get-data-into-kibana$$$ - -| | | -| --- | --- | -| **1** | **Add data.** The best way to add data to the Elastic Stack is to use one of our many [integrations](../../manage-data/ingest.md).On the **Integrations** page, you can also find options to add sample data sets or to upload a file. | -| **2** | **Explore.** With [**Discover**](../discover.md), you can search your data for hiddeninsights and relationships. Ask your questions, and then filter the results to just the data you want.You can limit your results to the most recent documents added to {{es}}. | -| **3** | **Visualize.** {{kib}} provides many options to create visualizations of your data, fromaggregation-based data to time series data to geo data.[**Dashboard**](../dashboards.md) is your starting point to create visualizations,and then pulling them together to show your data from multiple perspectives.Use [**Canvas**](../visualize/canvas.md),to give your datathe “wow” factor for display on a big screen. Use **Graph** to explore patterns and relationships. | -| **4** | **Model data behavior.**Use [**{{ml-cap}}**](../machine-learning/machine-learning-in-kibana.md) to model the behavior of your data—forecast unusual behavior andperform outlier detection, regression, and classification analysis. | -| **5** | **Share.** Ready to [share](../report-and-share.md) your findings with a larger audience? {{kib}} offers many options—embeda dashboard, share a link, export to PDF, and more. | - - -## Manage your data [_manage_your_data] - -{{kib}} helps you perform your data management tasks from the convenience of a UI. You can: - -* Refresh, flush, and clear the cache of your indices. -* Define the lifecycle of an index as it ages. -* Define a policy for taking snapshots of your cluster. -* Roll up data from one or more indices into a new, compact index. -* Replicate indices on a remote cluster and copy them to a local cluster. - -For a full list of data management UIs, refer to [**Stack Management**](../../deploy-manage/index.md). - -:::{image} ../../images/kibana-stack-management.png -:alt: Index Management view in Stack Management -:class: screenshot -::: - - -## Alert and take action [_alert_and_take_action] - -Detecting and acting on significant shifts and signals in your data is a need that exists in almost every use case. Alerting allows you to detect conditions in different {{kib}} apps and trigger actions when those conditions are met. For example, you might trigger an alert when a shift occurs in your business critical KPIs or when memory, CPU, or disk space take a dip. When the alert triggers, you can send a notification to a system that is part of your daily workflow: email, Slack, PagerDuty, ServiceNow, and other third party integrations. - -A dedicated view for creating, searching, and editing rules is in [**{{rules-ui}}**](../alerts-cases/alerts/create-manage-rules.md). - - -## Organize content [organize-and-secure] - -You might be managing tens, hundreds, or even thousands of dashboards, visualizations, and other {{kib}} assets. {{kib}} has several features for keeping your content organized. - - -### Collect related items in a space [organize-in-spaces] - -{{kib}} provides [spaces](../../deploy-manage/manage-spaces.md) for organizing your visualizations, dashboards, {{data-sources}}, and more. Think of a space as its own mini {{kib}} installation—it’s isolated from all other spaces, so you can tailor it to your specific needs without impacting others. - -:::{image} ../../images/kibana-select-your-space.png -:alt: Space selector view -:class: screenshot -::: - - -### Organize your content with tags [_organize_your_content_with_tags] - -Tags are keywords or labels that you assign to saved objects, such as dashboards and visualizations, so you can classify them in a way that is meaningful to you. For example, if you tag objects with “design”, you can search and filter on the tag to see all related objects. Tags are also good for grouping content into categories within a space. - -Don’t worry if you have hundreds of dashboards that need to be tagged. Use [**Tags**](tags.md) in **Stack Management** to create your tags, then assign and delete them in bulk operations. - - -## Secure {{kib}} [intro-kibana-Security] - -{{kib}} offers a range of security features for you to control who has access to what. [Security is enabled automatically](../../deploy-manage/deploy/self-managed/installing-elasticsearch.md) when you enroll {{kib}} with a secured {{es}} cluster. For a description of all available configuration options, refer to [Security settings in {{kib}}](https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html). - - -### Log in [_log_in] - -{{kib}} supports several [authentication providers](../../deploy-manage/users-roles/cluster-or-deployment-auth/user-authentication.md), allowing you to login using {{es}}’s built-in realms, or with your own single sign-on provider. - -:::{image} ../../images/kibana-kibana-login.png -:alt: Login page -:class: screenshot -::: - - -### Secure access [_secure_access] - -{{kib}} provides roles and privileges for controlling which users can view and manage {{kib}} features. Privileges grant permission to view an application or perform a specific action and are assigned to roles. Roles allow you to describe a “template” of capabilities that you can grant to many users, without having to redefine what each user should be able to do. - -When you create a role, you can scope the assigned {{kib}} privileges to specific spaces. This makes it possible to grant users different access levels in different spaces, or even give users their very own private space. For example, power users might have privileges to create and edit visualizations and dashboards, while analysts or executives might have **Dashboard** and **Canvas** with read-only privileges. - -The {{kib}} role management interface allows you to describe these various access levels, or you can automate role creation by using [role APIs](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-roles). - -:::{image} ../../images/kibana-spaces-roles.png -:alt: {kib privileges} -:class: screenshot -::: - - -### Audit access [_audit_access] - -Once you have your users and roles configured, you might want to maintain a record of who did what, when. The {{kib}} audit log will record this information for you, which can then be correlated with {{es}} audit logs to gain more insights into your users’ behavior. For more information, see [{{kib}} audit logging](../../deploy-manage/monitor/logging-configuration/enabling-kibana-audit-logs.md). - - -## Find apps and objects [kibana-navigation-search] +# Find apps and objects [kibana-navigation-search] To quickly find apps and the objects you create, use the search field in the global header. Search suggestions include deep links into applications, allowing you to directly navigate to the views you need most. :::{image} ../../images/kibana-app-navigation-search.png :alt: Example of searching for apps :class: screenshot +:width: 60% ::: You can search for objects by type, name, and tag. To get the most from the search feature, follow these tips: -* Use the keyboard shortcut—Ctrl+/ on Windows and Linux, Command+/ on MacOS—to focus on the input at any time. +* Use the keyboard shortcut—**Ctrl**+**/** on Windows and Linux, **Command**+**/** on MacOS—to focus on the input at any time. * Use the provided syntax keywords. | | | @@ -163,16 +31,6 @@ This example searches for visualizations with the tag `design` . :::{image} ../../images/kibana-tags-search.png :alt: Example of searching for tags :class: screenshot +:width: 60% ::: - -## View all {{kib}} has to offer [_view_all_kib_has_to_offer] - -To view the full list of apps and features, go to [{{kib}} features](https://www.elastic.co/kibana/features). - - -## Get help [try-kibana] - -Click ![Help icon in navigation bar](../../images/kibana-intro-help-icon.png "") for help with questions or to provide feedback. - -To keep up with what’s new and changed in Elastic, click the celebration icon in the global header. diff --git a/explore-analyze/find-and-organize/reports.md b/explore-analyze/find-and-organize/reports.md index be19fe476..27a8309ce 100644 --- a/explore-analyze/find-and-organize/reports.md +++ b/explore-analyze/find-and-organize/reports.md @@ -5,13 +5,11 @@ mapped_pages: # Reports [reports] -This content applies to: [![Elasticsearch](../../images/serverless-es-badge.svg "")](../../solutions/search.md) [![Observability](../../images/serverless-obs-badge.svg "")](../../solutions/observability.md) [![Security](../../images/serverless-sec-badge.svg "")](../../solutions/security/elastic-security-serverless.md) - {{kib}} provides you with several options to share saved searches, dashboards, and visualizations. For example, in **Discover**, you can create and download comma-separated values (CSV) files for saved searches. -To view and manage reports, go to **{{project-settings}} → {{manage-app}} → {{reports-app}}**. +To view and manage reports, go to **Management** > **Reporting**. :::{image} ../../images/serverless-reports-management.png :alt: {reports-app} diff --git a/explore-analyze/find-and-organize/saved-objects.md b/explore-analyze/find-and-organize/saved-objects.md index 31027ea62..d79c3a319 100644 --- a/explore-analyze/find-and-organize/saved-objects.md +++ b/explore-analyze/find-and-organize/saved-objects.md @@ -5,7 +5,7 @@ mapped_urls: - https://www.elastic.co/guide/en/kibana/current/saved-object-ids.html --- -# Saved objects +# Saved objects [saved-objects] % What needs to be done: Refine @@ -21,4 +21,153 @@ $$$managing-saved-objects-copy-to-space$$$ $$$managing-saved-objects-export-objects$$$ -$$$managing-saved-objects-share-to-space$$$ \ No newline at end of file +$$$managing-saved-objects-share-to-space$$$ + + +Edit, import, export, and copy your saved objects. These objects include dashboards, visualizations, maps, {{data-sources}}, **Canvas** workpads, and other saved objects. + +You can find the **Saved Objects** page using the navigation menu or the [global search field](/get-started/the-stack.md#kibana-navigation-search). + +:::{image} ../../images/kibana-management-saved-objects.png +:alt: Saved Objects +:class: screenshot +::: + +## Permissions [_required_permissions_5] + +To access **Saved Objects**, you must have a role with the `Saved Objects Management` {{kib}} privilege. + +::::{note} +Granting access to `Saved Objects Management` authorizes users to manage all saved objects in {{kib}}, including objects that are managed by applications they may not otherwise be authorized to access. +:::: + + +## View and delete [saved-objects-view-and-delete] + +* To view and edit a saved object in its associated application, click the object title. +* To show objects that use this object, so you know the impact of deleting it, click the actions icon ![More actions](../../images/serverless-boxesHorizontal.svg "") and then select **Relationships**. +* To delete one or more objects, select their checkboxes, and then click **Delete**. + + +## Import and export [saved-objects-import-and-export] + +Use import and export to move objects between different {{kib}} instances. These actions are useful when you have multiple environments for development and production. Import and export also work well when you have a large number of objects to update and want to batch the process. + +{{kib}} also provides import and export saved objects APIs for your [Elastic Stack deployments](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-saved-objects) and [serverless projects](https://www.elastic.co/docs/api/doc/serverless/operation/operation-exportsavedobjectsdefault) to automate this process. + + +### Import [saved-objects-import] + +Import multiple objects in a single operation. + +1. In the toolbar, click **Import**. +2. Select the NDJSON file that includes the objects you want to import. +3. Select the import options. By default, saved objects already in {{kib}} are overwritten. +4. Click **Import**. + +::::{note} +The [`savedObjects.maxImportExportSize`](/deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportExportSize) configuration setting limits the number of saved objects to include in the file. The [`savedObjects.maxImportPayloadBytes`](/deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportPayloadBytes) setting limits the overall size of the file that you can import. +:::: + + +### Export [saved-objects-export] + +Export objects by selection or type. + +* To export specific objects, select them in the table, and then click **Export**. +* To export objects by type, click **Export objects** in the toolbar. + +{{kib}} creates an NDJSON with all your saved objects. By default, the NDJSON includes child objects related to the saved objects. Exported dashboards include their associated {{data-sources}}. + +::::{note} +The [`savedObjects.maxImportExportSize`](/deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportExportSize) configuration setting limits the number of saved objects that you can export. +:::: + + +## Copy to other spaces [saved-objects-copy-to-other-spaces] + +Copy saved objects and their related objects between spaces. + +1. Click the actions icon ![Actions](../../images/serverless-boxesHorizontal.svg ""). +2. Click **Copy to spaces**. +3. Specify whether to automatically overwrite any objects that already exist in the target spaces, or resolve them on a per-object basis. +4. Select the spaces in which to copy the object. + +The copy operation automatically includes child objects that are related to the saved object. + + +## Compatibility across versions [_compatibility_across_versions] + +With each release, {{kib}} introduces changes to the way saved objects are stored. When importing a saved object, {{kib}} runs the necessary migrations to ensure that the imported saved objects are compatible with the current version. + +However, saved objects can only be imported into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backward compatible and cannot be imported into an older version of {{kib}}. For example: + +| | | | +| --- | --- | --- | +| Exporting version | Importing version | Compatible? | +| 8.7.0 | 8.8.1 | Yes | +| 7.8.1 | 8.3.0 | Yes | +| 8.3.0 | 8.11.1 | Yes | +| 8.11.1 | 8.6.0 | No | +| 7.8.1 | 9.0.0 | No | + +## Saved Object IDs [saved-object-ids] +::::{applies} +:stack: +:::: + +In the past, many saved object types could have the same ID in different [spaces](/deploy-manage/manage-spaces.md). For example, if you copied dashboard "123" from the one space to another space, the second dashboard would also have an ID of "123". While the saved object ID is not something that users would interact with directly, many aspects of {{kib}} rely on it, notably URLs. If you have a "deep link" URL to a saved dashboard, that URL includes the saved object ID. + +**Since version 8.0**, {{kib}} requires most saved objects to have *globally unique* IDs. This is a change that we needed to make to support sharing saved objects to multiple spaces. Most saved objects cannot be shared to multiple spaces *yet*, but we needed to start enforcing globally unique object IDs first. + +We have made several enhancements to minimize the impact, and this document describes what you need to know about the changes and how it will affect you. + +### Impact upon upgrading to version 8.x or later [saved-object-ids-impact-upon-upgrading] + +Every time you upgrade {{kib}}, [saved objects are migrated to a new format](/deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md). When you first upgrade to version 8.x or later, this migration process will start enforcing globally unique saved object IDs. + +In practical terms, **any old saved objects that exist in a custom space will have their IDs changed to a new UUID**, while saved objects in the Default space will be unchanged. This is how we can ensure that every saved object ID is unique. For example: if you had dashboard "123" in the Default space and dashboard "123" in Another space, after the upgrade you would have dashboard "123" in the Default space and dashboard "456" in Another space. + + +### Impact when using version 8.x or later [saved-object-ids-impact-when-using] + +After you upgrade, or if you set up a new {{kib}} instance using version 8.x or later, there are a few more things that behave differently. + +#### Accessing saved objects using old URLs [saved-object-ids-impact-when-using-legacy-urls] + +When you upgrade {{kib}} and saved object IDs change, the "deep link" URLs to access those saved objects will also change. To reduce the impact, each existing URL is preserved with a special [legacy URL alias](https://www.elastic.co/guide/en/kibana/current/legacy-url-aliases.html). This means that if you use a bookmark for a saved object ID that was changed, you’ll be redirected to the new URL for that saved object. + + +#### Importing and copying saved objects [saved-object-ids-impact-when-using-import-and-copy] + +When you [copy a saved object to another space](/explore-analyze/find-and-organize/saved-objects.md#saved-objects-copy-to-other-spaces), {{kib}} effectively [exports it and imports it into that space](/explore-analyze/find-and-organize/saved-objects.md#saved-objects-export). In this way, copying a saved object has always behaved like an import. In this document when we say "import", it applies to both features. + +Historically, whether you imported or copied a saved object, {{kib}} would create *at most* one copy of a saved object in that space. If you imported the saved object multiple times, {{kib}} would overwrite the existing object, because it used the same ID. Since saved object IDs are now globally unique, {{kib}} maintains this functionality by tracking each saved object’s *origin*. When you import an object in version 8.x or later, {{kib}} uses either the saved object ID *or* the origin to determine its destination. + +If you import a saved object using the "Check for existing objects" option, {{kib}} will take the following steps: + +1. If {{kib}} finds a matching saved object with the exact same ID in the target space, that will be the import destination — you can **overwrite** that destination or **skip** it. +2. Otherwise, if {{kib}} finds a matching saved object with a *different* ID that has the same origin, that will be the import destination — again, you can **overwrite** that destination or **skip** it. +3. Otherwise, if a saved object with the exact same ID exists in a *different* space, then {{kib}} will generate a random ID for the import destination, preserving the saved object’s origin. +4. Otherwise, {{kib}} creates the saved object with the given ID. + +For example, you have a saved object in an `export.ndjson` file, and you set up a brand new {{kib}} instance. You attempt to import the saved object using the "Check for existing objects" and "Automatically overwrite conflicts" options. The first time you import the saved object, {{kib}} will create a new object with the same ID (step 4 above). If you import it again, {{kib}} will find that object and overwrite it (step 1 above). If you then create a *different* space and import it there, {{kib}} will create a new object with a random ID (step 3 above). Finally, if you import it into the second space again, {{kib}} will find the second object with a matching origin and overwrite it (step 2 above). + +::::{warning} +When you import a saved object and it is created with a different ID, if 1. it contains weak links to other saved objects (such as a dashboard with a Markdown URL to navigate to another dashboard) and 2. the object’s ID has changed (step 3 above), those weak links will be broken. For more information, refer to [the changelog](https://www.elastic.co/guide/en/kibana/8.0/release-notes-8.0.0.html#known-issue-8.0.0). +:::: + + + +#### Using the saved objects APIs [saved-object-ids-impact-when-using-apis] + +If you are using the saved objects APIs directly, you should be aware of these changes: + +::::{warning} +Some of the saved objects APIs are deprecated since version 8.7.0. For more information, refer to the [API docs](https://www.elastic.co/guide/en/kibana/current/saved-objects-api.html) +:::: + + +* When using the create or bulk create API, you may encounter conflict errors that **cannot** be overridden using the `overwrite: true` option. This can occur if there is already a saved object with this ID in a *different* space, or if there is a legacy URL alias for this ID in the same space. +* When using the import or copy to space API, objects can potentially be created with a different ID as described above. +* When using the delete API, if the saved object exists in multiple spaces, it can only be deleted by using the `force` option. diff --git a/explore-analyze/find-and-organize/tags.md b/explore-analyze/find-and-organize/tags.md index f46cb188d..a0a55dd28 100644 --- a/explore-analyze/find-and-organize/tags.md +++ b/explore-analyze/find-and-organize/tags.md @@ -4,11 +4,77 @@ mapped_urls: - https://www.elastic.co/guide/en/kibana/current/managing-tags.html --- -# Tags +# Tags [managing-tags] % What needs to be done: Refine % Use migrated content from existing pages that map to this page: % - [ ] ./raw-migrated-files/docs-content/serverless/tags.md -% - [ ] ./raw-migrated-files/kibana/kibana/managing-tags.md \ No newline at end of file +% - [ ] ./raw-migrated-files/kibana/kibana/managing-tags.md + + +Use tags to categorize your saved objects, then filter for related objects based on shared tags. + +To get started, go to the **Tags** management page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search). + +:::{image} ../../images/kibana-tag-management-section.png +:alt: Tags management +:class: screenshot +::: + + +## Permissions [_required_permissions_10] + +To create tags, you must meet the minimum requirements. + +* Access to **Tags** requires a role with the the `Tag Management` Kibana privilege. +* The `read` privilege allows to assign tags to the saved objects for which you have write permission. +* The `write` privilege allows to create, edit, and delete tags. + +::::{note} +Having the `Tag Management` {{kib}} privilege is not required to view tags assigned on objects you have `read` access to, or to filter objects by tags from the global search. +:::: + + +## Create a tag [settings-create-tag] + +Create a tag to assign to your saved objects. + +1. Click **Create tag**. +2. Enter a name and select a color for the new tag. + + The name cannot be longer than 50 characters. + +3. Click **Create tag**. + + +## Assign a tag to an object [settings-assign-tag] + +To assign and remove tags, you must have `write` permission on the objects to which you assign the tags. + +1. Find the tag you want to assign. +2. Click the actions icon ![Actions icon](../../images/kibana-actions_icon.png ""), and then select **Manage assignments**. +3. Select the objects to which you want to assign or remove tags. + + :::{image} ../../images/kibana-manage-assignments-flyout.png + :alt: Assign flyout + :class: screenshot + :width: 50% + ::: + +4. Click **Save tag assignments**. + + +## Delete a tag [settings-delete-tag] + +When you delete a tag, you remove it from all saved objects that use it. + +1. Click the actions icon ![Actions icon](../../images/kibana-actions_icon.png ""), and then select **Delete**. +2. Click **Delete tag**. + +::::{tip} +To assign, delete, or clear multiple tags, select them in the **Tags** view, and then select the action from the **selected tags** menu. +:::: + + diff --git a/explore-analyze/query-filter/languages/sql-odbc-setup.md b/explore-analyze/query-filter/languages/sql-odbc-setup.md index 56b802974..db81a4a86 100644 --- a/explore-analyze/query-filter/languages/sql-odbc-setup.md +++ b/explore-analyze/query-filter/languages/sql-odbc-setup.md @@ -88,12 +88,11 @@ This new window has three tabs, each responsible for a set of configuration para This tab allows configuration for the following items: * Name + This is the name the DSN will be referred by. - This is the name the DSN will be referred by. - - ::::{note} - The characters available for this field are limited to the set permitted for a Registry key. - :::: + ::::{note} + The characters available for this field are limited to the set permitted for a Registry key. + :::: Example: *localhost* @@ -106,11 +105,11 @@ This tab allows configuration for the following items: * Cloud ID - The *Cloud ID* is a string that simplifies the configuration when connecting to Elastic’s Cloud {{ess}}; it is obtained from within the Cloud console of each {{es}} cluster and encodes the connection parameters to that cluster. + The *Cloud ID* is a string that simplifies the configuration when connecting to Elastic’s Cloud {{ess}}; it is obtained from within the Cloud console of each {{es}} cluster and encodes the connection parameters to that cluster. - ::::{note} - When this field is provisioned, the *Hostname*, *Port* and the security settings are provisioned as well and their respective inputs disabled. - :::: + ::::{note} + When this field is provisioned, the *Hostname*, *Port* and the security settings are provisioned as well and their respective inputs disabled. + :::: * Hostname @@ -120,11 +119,11 @@ This tab allows configuration for the following items: * Port - The port on which the {{es}} listens on. + The port on which the {{es}} listens on. - ::::{note} - If left empty, the default **9200** port number will be used. - :::: + ::::{note} + If left empty, the default **9200** port number will be used. + :::: * Username, Password @@ -145,29 +144,29 @@ One of the following SSL options can be chosen: * Disabled. All communications unencrypted. - The communication between the driver and the {{es}} instance is performed over a clear-text connection. + The communication between the driver and the {{es}} instance is performed over a clear-text connection. - ::::{warning} - This setting can expose the access credentials to a 3rd party intercepting the network traffic and is not recommended. - :::: + ::::{warning} + This setting can expose the access credentials to a 3rd party intercepting the network traffic and is not recommended. + :::: * Enabled. Certificate not validated. - The connection encryption is enabled, but the certificate of the server is not validated. + The connection encryption is enabled, but the certificate of the server is not validated. - This is currently the default setting. + This is currently the default setting. - ::::{note} - This setting allows a 3rd party to act with ease as a man-in-the-middle and thus intercept all communications. - :::: + ::::{note} + This setting allows a 3rd party to act with ease as a man-in-the-middle and thus intercept all communications. + :::: * Enabled. Certificate is validated; hostname not validated. - The connection encryption is enabled and the driver verifies that server’s certificate is valid, but it does **not** verify if the certificate is running on the server it was meant for. + The connection encryption is enabled and the driver verifies that server’s certificate is valid, but it does **not** verify if the certificate is running on the server it was meant for. - ::::{note} - This setting allows a 3rd party that had access to server’s certificate to act as a man-in-the-middle and thus intercept all the communications. - :::: + ::::{note} + This setting allows a 3rd party that had access to server’s certificate to act as a man-in-the-middle and thus intercept all the communications. + :::: * Enabled. Certificate is validated; hostname validated. @@ -179,19 +178,19 @@ One of the following SSL options can be chosen: * Certificate File - In case the server uses a certificate that is not part of the PKI, for example using a self-signed certificate, you can configure the path to a X.509 certificate file that will be used by the driver to validate server’s offered certificate. + In case the server uses a certificate that is not part of the PKI, for example using a self-signed certificate, you can configure the path to a X.509 certificate file that will be used by the driver to validate server’s offered certificate. - The driver will only read the contents of the file just before a connection is attempted. See [2.7 Testing the connection](#connection_testing) section further on how to check the validity of the provided parameters. + The driver will only read the contents of the file just before a connection is attempted. See [2.7 Testing the connection](#connection_testing) section further on how to check the validity of the provided parameters. - ::::{note} - The certificate file can not be bundled or password protected since the driver will not prompt for a password. - :::: + ::::{note} + The certificate file can not be bundled or password protected since the driver will not prompt for a password. + :::: - If using the file browser to locate the certificate - by pressing the *Browse…​* button - only files with *.pem* and *.der* extensions will be considered by default. Choose *All Files (*.*)* from the drop down, if your file ends with a different extension: + If using the file browser to locate the certificate - by pressing the *Browse…​* button - only files with *.pem* and *.der* extensions will be considered by default. Choose *All Files (*.*)* from the drop down, if your file ends with a different extension: - $$$dsn_editor_cert$$$ - ![dsn editor security cert](../../../images/elasticsearch-reference-dsn_editor_security_cert.png "") + $$$dsn_editor_cert$$$ + ![dsn editor security cert](../../../images/elasticsearch-reference-dsn_editor_security_cert.png "") @@ -315,11 +314,11 @@ However, this only logs the ODBC API calls made by the application into the *Dri * Log Directory - Here is to specify which directory to write the log files in. + Here is to specify which directory to write the log files in. - ::::{note} - The driver will create **one log file per connection**, for those connections that generate logging messages. - :::: + ::::{note} + The driver will create **one log file per connection**, for those connections that generate logging messages. + :::: * Log Level diff --git a/explore-analyze/query-filter/tools/grok-debugger.md b/explore-analyze/query-filter/tools/grok-debugger.md index a2c884bae..58fd99d5c 100644 --- a/explore-analyze/query-filter/tools/grok-debugger.md +++ b/explore-analyze/query-filter/tools/grok-debugger.md @@ -40,12 +40,12 @@ If you’re using {{stack-security-features}}, you must have the `manage_pipelin 4. Click **Simulate**. - You’ll see the simulated event that results from applying the grok pattern. + You’ll see the simulated event that results from applying the grok pattern. - :::{image} ../../../images/kibana-grok-debugger-overview.png - :alt: Grok Debugger - :class: screenshot - ::: + :::{image} ../../../images/kibana-grok-debugger-overview.png + :alt: Grok Debugger + :class: screenshot + ::: @@ -82,11 +82,11 @@ Follow this example to define a custom pattern. 4. Click **Simulate**. - You’ll see the simulated output event that results from applying the grok pattern that contains the custom pattern: + You’ll see the simulated output event that results from applying the grok pattern that contains the custom pattern: - :::{image} ../../../images/kibana-grok-debugger-custom-pattern.png - :alt: Debugging a custom pattern - :class: screenshot - ::: + :::{image} ../../../images/kibana-grok-debugger-custom-pattern.png + :alt: Debugging a custom pattern + :class: screenshot + ::: - If an error occurs, you can continue iterating over the custom pattern until the output matches the event that you expect. + If an error occurs, you can continue iterating over the custom pattern until the output matches the event that you expect. diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 988443ddd..7c1b5bfaf 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -134,9 +134,9 @@ The response payload of a request to generate a report includes the path to down * **`200` (OK)**: As expected, Kibana returns `200` status in the response for successful requests to queue or download reports. - ::::{note} - Kibana will send a `200` response status for successfully queuing a Reporting job via the POST URL. This is true even if the job somehow fails later, since report generation happens asynchronously from queuing. - :::: + ::::{note} + Kibana will send a `200` response status for successfully queuing a Reporting job via the POST URL. This is true even if the job somehow fails later, since report generation happens asynchronously from queuing. + :::: * **`400` (Bad Request)**: When sending requests to the POST URL, if you don’t use `POST` as the HTTP method, or if your request is missing the `kbn-xsrf` header, Kibana will return a code `400` status response for the request. * **`503` (Service Unavailable)**: When using the `path` to request the download, you will get a `503` status response if report generation hasn’t completed yet. The response will include a `Retry-After` header. You can set the script to wait the number of seconds in the `Retry-After` header, and then repeat if needed, until the report is complete. diff --git a/explore-analyze/visualize/maps/asset-tracking-tutorial.md b/explore-analyze/visualize/maps/asset-tracking-tutorial.md index 135e52949..409955f18 100644 --- a/explore-analyze/visualize/maps/asset-tracking-tutorial.md +++ b/explore-analyze/visualize/maps/asset-tracking-tutorial.md @@ -42,318 +42,318 @@ To get to the fun of visualizing and alerting on Portland public transport vehic 1. In Kibana, go to **Developer tools** using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). 2. In **Console**, create the `tri_met_tracks` index lifecyle policy. This policy will keep the events in the hot data phase for 7 days. The data then moves to the warm phase. After 365 days in the warm phase, the data is deleted. - ::::{dropdown} ILM policy definition - ```js - PUT _ilm/policy/tri_met_tracks - { - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "7d" - }, - "set_priority": { - "priority": 100 - } - } - }, - "warm": { - "min_age": "0d", - "actions": { - "set_priority": { - "priority": 50 - } - } - }, - "delete": { - "min_age": "365d", - "actions": { - "delete": { - "delete_searchable_snapshot": true - } - } - } - } - } + ::::{dropdown} ILM policy definition + ```js + PUT _ilm/policy/tri_met_tracks + { + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "7d" + }, + "set_priority": { + "priority": 100 + } + } + }, + "warm": { + "min_age": "0d", + "actions": { + "set_priority": { + "priority": 50 + } + } + }, + "delete": { + "min_age": "365d", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } + } + } } - ``` + } + ``` - :::: + :::: 3. In **Console**, add the `tri_met_tracks_for_elastic_agent` ingest pipeline. - ::::{dropdown} Ingest policy definition - ```js - PUT _ingest/pipeline/tri_met_tracks_for_elastic_agent - { - "processors": [ - { - "set": { - "field": "trimet.inCongestion", - "value": "false", - "if": "ctx?.trimet?.inCongestion == null" - } - }, - { - "convert": { - "field": "trimet.bearing", - "type": "float" - } - }, - { - "convert": { - "field": "trimet.inCongestion", - "type": "boolean" - } - }, - { - "script": { - "source": """ - double lat=Math.round(ctx['trimet']['latitude']*1e6)/1e6; - double lon=Math.round(ctx['trimet']['longitude']*1e6)/1e6; - ctx['trimet']['location'] = lat + "," + lon - """, - "description": "Generate the geometry rounding to six decimals" - } - }, - { - "script": { - "source": """ctx['_id'] = ctx['trimet']['vehicleID'] + "_" + ctx['trimet']['time']""", - "description": "Generate documentID" - } - }, - { - "remove": { - "field": [ - "message", - "input", - "agent", - "ecs", - "host", - "event", - "trimet.longitude", - "trimet.latitude" - ] - } - } - ] - } - ``` + ::::{dropdown} Ingest policy definition + ```js + PUT _ingest/pipeline/tri_met_tracks_for_elastic_agent + { + "processors": [ + { + "set": { + "field": "trimet.inCongestion", + "value": "false", + "if": "ctx?.trimet?.inCongestion == null" + } + }, + { + "convert": { + "field": "trimet.bearing", + "type": "float" + } + }, + { + "convert": { + "field": "trimet.inCongestion", + "type": "boolean" + } + }, + { + "script": { + "source": """ + double lat=Math.round(ctx['trimet']['latitude']*1e6)/1e6; + double lon=Math.round(ctx['trimet']['longitude']*1e6)/1e6; + ctx['trimet']['location'] = lat + "," + lon + """, + "description": "Generate the geometry rounding to six decimals" + } + }, + { + "script": { + "source": """ctx['_id'] = ctx['trimet']['vehicleID'] + "_" + ctx['trimet']['time']""", + "description": "Generate documentID" + } + }, + { + "remove": { + "field": [ + "message", + "input", + "agent", + "ecs", + "host", + "event", + "trimet.longitude", + "trimet.latitude" + ] + } + } + ] + } + ``` - :::: + :::: 4. In **Console**, create the component and index template, which is configured to use datastreams and the previous ILM policy and ingest pipeline: - ::::{dropdown} Index component template - ```js - PUT _component_template/logs-httpjson.trimet@package - { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "tri_met_tracks" - }, - "codec": "best_compression", - "default_pipeline": "tri_met_tracks_for_elastic_agent" - } - }, - "mappings": { - "_routing": { - "required": false - }, - "numeric_detection": false, - "dynamic_date_formats": [ - "strict_date_optional_time", - "yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z" - ], - "dynamic": true, - "_source": { - "excludes": [], - "includes": [], - "enabled": true - }, - "dynamic_templates": [], - "date_detection": true, - "properties": { - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "ignore_malformed": false, - "type": "date" - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "module": { - "type": "constant_keyword", - "value": "httpjson" - }, - "dataset": { - "type": "constant_keyword", - "value": "httpjson.trimet" - } - } - }, - "message": { - "type": "match_only_text" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "trimet": { - "type": "object", - "properties": { - "expires": { - "type": "date" - }, - "signMessage": { - "type": "text" - }, - "serviceDate": { - "type": "date" - }, - "loadPercentage": { - "type": "float" - }, - "nextStopSeq": { - "type": "integer" - }, - "source": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "blockID": { - "type": "integer" - }, - "signMessageLong": { - "type": "text" - }, - "lastLocID": { - "type": "keyword" - }, - "nextLocID": { - "type": "keyword" - }, - "locationInScheduleDay": { - "type": "integer" - }, - "newTrip": { - "type": "boolean" - }, - "direction": { - "type": "integer" - }, - "inCongestion": { - "type": "boolean" - }, - "routeNumber": { - "type": "integer" - }, - "bearing": { - "type": "integer" - }, - "garage": { - "type": "keyword" - }, - "tripID": { - "type": "keyword" - }, - "delay": { - "type": "integer" - }, - "extraBlockID": { - "type": "keyword" - }, - "messageCode": { - "type": "integer" - }, - "lastStopSeq": { - "type": "integer" - }, - "location": { - "type": "geo_point" - }, - "time": { - "index": true, - "ignore_malformed": false, - "store": false, - "type": "date", - "doc_values": true - }, - "vehicleID": { - "type": "keyword" - }, - "offRoute": { - "type": "boolean" - } - } - } - } - } - } + ::::{dropdown} Index component template + ```js + PUT _component_template/logs-httpjson.trimet@package + { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "tri_met_tracks" + }, + "codec": "best_compression", + "default_pipeline": "tri_met_tracks_for_elastic_agent" + } + }, + "mappings": { + "_routing": { + "required": false + }, + "numeric_detection": false, + "dynamic_date_formats": [ + "strict_date_optional_time", + "yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z" + ], + "dynamic": true, + "_source": { + "excludes": [], + "includes": [], + "enabled": true + }, + "dynamic_templates": [], + "date_detection": true, + "properties": { + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "ignore_malformed": false, + "type": "date" + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "module": { + "type": "constant_keyword", + "value": "httpjson" + }, + "dataset": { + "type": "constant_keyword", + "value": "httpjson.trimet" + } + } + }, + "message": { + "type": "match_only_text" + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "trimet": { + "type": "object", + "properties": { + "expires": { + "type": "date" + }, + "signMessage": { + "type": "text" + }, + "serviceDate": { + "type": "date" + }, + "loadPercentage": { + "type": "float" + }, + "nextStopSeq": { + "type": "integer" + }, + "source": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "blockID": { + "type": "integer" + }, + "signMessageLong": { + "type": "text" + }, + "lastLocID": { + "type": "keyword" + }, + "nextLocID": { + "type": "keyword" + }, + "locationInScheduleDay": { + "type": "integer" + }, + "newTrip": { + "type": "boolean" + }, + "direction": { + "type": "integer" + }, + "inCongestion": { + "type": "boolean" + }, + "routeNumber": { + "type": "integer" + }, + "bearing": { + "type": "integer" + }, + "garage": { + "type": "keyword" + }, + "tripID": { + "type": "keyword" + }, + "delay": { + "type": "integer" + }, + "extraBlockID": { + "type": "keyword" + }, + "messageCode": { + "type": "integer" + }, + "lastStopSeq": { + "type": "integer" + }, + "location": { + "type": "geo_point" + }, + "time": { + "index": true, + "ignore_malformed": false, + "store": false, + "type": "date", + "doc_values": true + }, + "vehicleID": { + "type": "keyword" + }, + "offRoute": { + "type": "boolean" + } + } + } + } + } } - ``` - - :::: - - - ::::{dropdown} Index template - ```js - PUT _index_template/logs-httpjson.trimet - { - "index_patterns": [ - "logs-httpjson.trimet-*" - ], - "composed_of": [ - "logs-httpjson.trimet@package", - ".fleet_globals-1", - ".fleet_agent_id_verification-1" - ], - "priority": 200, - "data_stream": { - "hidden": false, - "allow_custom_routing": false - } + } + ``` + + :::: + + + ::::{dropdown} Index template + ```js + PUT _index_template/logs-httpjson.trimet + { + "index_patterns": [ + "logs-httpjson.trimet-*" + ], + "composed_of": [ + "logs-httpjson.trimet@package", + ".fleet_globals-1", + ".fleet_agent_id_verification-1" + ], + "priority": 200, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } - ``` + } + ``` - :::: + :::: @@ -632,41 +632,41 @@ For this example, you will set the rule to check every minute. However, when run 1. In the {{kib}} **Console** create a new index and Data view - ::::{dropdown} Create an index and Data View for the alerts - ```js - # Create the alerts index - PUT trimet_alerts - { - "settings": { - "number_of_replicas": 1, - "number_of_shards": 1 - }, - "mappings": { - "properties": { - "vehicleId": {"type": "keyword"}, - "documentId": {"type": "text"}, - "vehicleTime": {"type": "date"}, - "detectionTime": {"type": "date"}, - "location": {"type": "geo_point"}, - "boundaryId": {"type": "keyword"}, - "message": {"type": "text"} - } - } + ::::{dropdown} Create an index and Data View for the alerts + ```js + # Create the alerts index + PUT trimet_alerts + { + "settings": { + "number_of_replicas": 1, + "number_of_shards": 1 + }, + "mappings": { + "properties": { + "vehicleId": {"type": "keyword"}, + "documentId": {"type": "text"}, + "vehicleTime": {"type": "date"}, + "detectionTime": {"type": "date"}, + "location": {"type": "geo_point"}, + "boundaryId": {"type": "keyword"}, + "message": {"type": "text"} + } } + } - # Create the alerts index data view - POST kbn:/api/data_views/data_view - { - "data_view": { - "title": "trimet_alerts", - "name": "TriMet Alerts", - "timeFieldName": "detectionTime" - } + # Create the alerts index data view + POST kbn:/api/data_views/data_view + { + "data_view": { + "title": "trimet_alerts", + "name": "TriMet Alerts", + "timeFieldName": "detectionTime" } - ``` + } + ``` - :::: + :::: 2. Open **{{stack-manage-app}}**, and then click **{{rules-ui}}**. 3. Click **Create rule**. diff --git a/raw-migrated-files/docs-content/serverless/data-views.md b/raw-migrated-files/docs-content/serverless/data-views.md deleted file mode 100644 index b9d291c64..000000000 --- a/raw-migrated-files/docs-content/serverless/data-views.md +++ /dev/null @@ -1,70 +0,0 @@ -# {{data-sources-cap}} [data-views] - -This content applies to: [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md) [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) - -A {{data-source}} can point to one or more indices, [data streams](../../../manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). For example, a {{data-source}} can point to your log data from yesterday or all indices that contain your data. - - -## Create a data view [data-views-create-a-data-view] - -After you’ve loaded your data, follow these steps to create a {{data-source}}: - -1. Go to **{{project-settings}} → {{manage-app}} → {{data-views-app}}**. Alternatively, go to **Discover** and open the data view menu. - - ![How to set the {{data-source}} in Discover](../../../images/serverless-discover-find-data-view.png "") - -2. Click **Create a {{data-source}}**. -3. Give your {{data-source}} a name. -4. Start typing in the **Index pattern** field, and Elastic looks for the names of indices, data streams, and aliases that match your input. You can view all available sources or only the sources that the data view targets. - - :::{image} ../../../images/serverless-discover-create-data-view.png - :alt: Create data view - :class: screenshot - ::: - - * To match multiple sources, use a wildcard (*). `filebeat-*` matches `filebeat-apache-a`, `filebeat-apache-b`, and so on. - * To match multiple single sources, enter their names, separated by a comma. Do not include a space after the comma. `filebeat-a,filebeat-b` matches two indices. - * To exclude a source, use a minus sign (-), for example, `-test3`. - -5. Open the **Timestamp field** dropdown, and then select the default field for filtering your data by time. - - * If you don’t set a default time field, you can’t use global time filters on your dashboards. This is useful if you have multiple time fields and want to create dashboards that combine visualizations based on different timestamps. - * If your index doesn’t have time-based data, choose **I don’t want to use the time filter**. - -6. Click **Show advanced settings** to: - - * Display hidden and system indices. - * Specify your own {{data-source}} name. For example, enter your {{es}} index alias name. - -7. Click **Save {{data-source}} to Elastic**. - -You can manage your data views in **{{project-settings}} → {{manage-app}} → {{data-views-app}}**. - - -### Create a temporary {{data-source}} [data-views-create-a-temporary-data-source] - -Want to explore your data or create a visualization without saving it as a data view? Select **Use without saving** in the **Create {{data-source}}** form in **Discover**. With a temporary {{data-source}}, you can add fields and create an {{es}} query alert, just like you would a regular {{data-source}}. Your work won’t be visible to others in your space. - -A temporary {{data-source}} remains in your space until you change apps, or until you save it. - -::::{admonition} Temporary {{data-sources}} are not available in the {{data-views-app}} app. -:class: note - - -:::: - - - -## Delete a {{data-source}} [data-views-delete-a-data-source] - -When you delete a {{data-source}}, you cannot recover the associated field formatters, runtime fields, source filters, and field popularity data. Deleting a {{data-source}} does not remove any indices or data documents from {{es}}. - -::::{admonition} Deleting a {{data-source}} breaks all visualizations, saved searches, and other saved objects that reference the data view. -:class: important - - -:::: - - -1. Go to **{{project-settings}} → {{manage-app}} → {{data-views-app}}**. -2. Find the {{data-source}} that you want to delete, and then click ![Delete](../../../images/serverless-trash.svg "") in the **Actions** column. diff --git a/raw-migrated-files/docs-content/serverless/observability-create-a-new-case.md b/raw-migrated-files/docs-content/serverless/observability-create-a-new-case.md index 975e09ee9..e36ed73b7 100644 --- a/raw-migrated-files/docs-content/serverless/observability-create-a-new-case.md +++ b/raw-migrated-files/docs-content/serverless/observability-create-a-new-case.md @@ -49,7 +49,7 @@ To download or delete the file or copy the file hash to your clipboard, open the When you upload a file, a comment is added to the case activity log. To view an image, click its name in the activity or file list. ::::{note} -Uploaded files are also accessible under **Project settings** → **Management** → **Files**. When you export cases as [saved objects](../../../explore-analyze/find-and-organize/saved-objects.md), the case files are not exported. +Uploaded files are also accessible under **Project settings** → **Management** → **Files**. When you export cases as [saved objects](/explore-analyze/find-and-organize/saved-objects.md), the case files are not exported. :::: diff --git a/raw-migrated-files/docs-content/serverless/saved-objects.md b/raw-migrated-files/docs-content/serverless/saved-objects.md deleted file mode 100644 index f50059196..000000000 --- a/raw-migrated-files/docs-content/serverless/saved-objects.md +++ /dev/null @@ -1,54 +0,0 @@ -# Saved objects [saved-objects] - -This content applies to: [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md) [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) - -To get started, go to **{{project-settings}} → {{manage-app}} → {{saved-objects-app}}**: - -:::{image} ../../../images/serverless-saved-object-management.png -:alt: {saved-objects-app} -:class: screenshot -::: - - -## View and delete [saved-objects-view-and-delete] - -* To view and edit a saved object in its associated application, click the object title. -* To show objects that use this object, so you know the impact of deleting it, click the actions icon ![More actions](../../../images/serverless-boxesHorizontal.svg "") and then select **Relationships**. -* To delete one or more objects, select their checkboxes, and then click **Delete**. - - -## Import and export [saved-objects-import-and-export] - -Use import and export to move objects between different {{kib}} instances. These actions are useful when you have multiple environments for development and production. Import and export also work well when you have a large number of objects to update and want to batch the process. - - -### Import [saved-objects-import] - -Import multiple objects in a single operation. - -1. In the toolbar, click **Import**. -2. Select the NDJSON file that includes the objects you want to import. -3. Select the import options. By default, saved objects already in {{kib}} are overwritten. -4. Click **Import**. - - -### Export [saved-objects-export] - -Export objects by selection or type. - -* To export specific objects, select them in the table, and then click **Export**. -* To export objects by type, click **Export objects** in the toolbar. - -{{kib}} creates an NDJSON with all your saved objects. By default, the NDJSON includes child objects related to the saved objects. Exported dashboards include their associated {{data-sources}}. - - -## Copy to other spaces [saved-objects-copy-to-other-spaces] - -Copy saved objects and their related objects between spaces. - -1. Click the actions icon ![Actions](../../../images/serverless-boxesHorizontal.svg ""). -2. Click **Copy to spaces**. -3. Specify whether to automatically overwrite any objects that already exist in the target spaces, or resolve them on a per-object basis. -4. Select the spaces in which to copy the object. - -The copy operation automatically includes child objects that are related to the saved object. diff --git a/raw-migrated-files/docs-content/serverless/tags.md b/raw-migrated-files/docs-content/serverless/tags.md deleted file mode 100644 index 1e4ff9424..000000000 --- a/raw-migrated-files/docs-content/serverless/tags.md +++ /dev/null @@ -1,46 +0,0 @@ -# {{tags-app}} [tags] - -This content applies to: [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md) [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) - -To get started, go to **{{project-settings}} → {{manage-app}} → {{tags-app}}**: - -:::{image} ../../../images/serverless-tag-management.png -:alt: Tags management -:class: screenshot -::: - - -## Create a tag [tags-create-a-tag] - -Create a tag to assign to your saved objects. - -1. Click **Create tag**. -2. Enter a name and select a color for the new tag. - - The name cannot be longer than 50 characters. - -3. Click **Create tag**. - - -## Assign a tag to an object [tags-assign-a-tag-to-an-object] - -1. Find the tag you want to assign. -2. Click the actions icon and then select **Manage assignments**. -3. Select the objects to which you want to assign or remove tags. - - :::{image} ../../../images/serverless-tag-assignment.png - :alt: Assign tags to saved objects - :class: screenshot - ::: - -4. Click **Save tag assignments**. - - -## Delete a tag [tags-delete-a-tag] - -When you delete a tag, you remove it from all saved objects that use it. - -1. Click the actions icon, and then select **Delete**. -2. Click **Delete tag**. - -To assign, delete, or clear multiple tags, select them in the **Tags** view, and then select the action from the **selected tags** menu. diff --git a/raw-migrated-files/kibana/kibana/action-types.md b/raw-migrated-files/kibana/kibana/action-types.md index 3f5422968..8caf54d4e 100644 --- a/raw-migrated-files/kibana/kibana/action-types.md +++ b/raw-migrated-files/kibana/kibana/action-types.md @@ -101,7 +101,7 @@ You can also manage connectors as resources with the [Elasticstack provider](htt ## Importing and exporting connectors [importing-and-exporting-connectors] -To import and export connectors, use the [Saved Objects Management UI](../../../explore-analyze/find-and-organize/saved-objects.md). +To import and export connectors, use the [Saved Objects Management UI](/explore-analyze/find-and-organize/saved-objects.md). :::{image} ../../../images/kibana-connectors-import-banner.png :alt: Connectors import banner diff --git a/raw-migrated-files/kibana/kibana/data-views.md b/raw-migrated-files/kibana/kibana/data-views.md deleted file mode 100644 index fa09d3b49..000000000 --- a/raw-migrated-files/kibana/kibana/data-views.md +++ /dev/null @@ -1,145 +0,0 @@ -# Create a {{data-source}} [data-views] - -{{kib}} requires a {{data-source}} to access the {{es}} data that you want to explore. A {{data-source}} can point to one or more indices, [data streams](../../../manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). For example, a {{data-source}} can point to your log data from yesterday, or all indices that contain your data. - - -## Required permissions [data-views-read-only-access] - -* Access to **Data Views** requires the [{{kib}} privilege](../../../deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) `Data View Management`. -* To create a {{data-source}}, you must have the [{{es}} privilege](../../../deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) `view_index_metadata`. -* If a read-only indicator appears in {{kib}}, you have insufficient privileges to create or save {{data-sources}}. In addition, the buttons to create {{data-sources}} or save existing {{data-sources}} are not visible. For more information, refer to [Granting access to {{kib}}](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md). - - -## Create a data view [settings-create-pattern] - -If you collected data using one of the {{kib}} [ingest options](../../../manage-data/ingest.md), uploaded a file, or added sample data, you get a {{data-source}} for free, and can start exploring your data. If you loaded your own data, follow these steps to create a {{data-source}}. - -1. Open **Lens** or **Discover**, and then open the data view menu. - - :::{image} ../../../images/kibana-discover-data-view.png - :alt: How to set the {{data-source}} in Discover - :class: screenshot - ::: - -2. Click **Create a {{data-source}}**. -3. Give your {{data-source}} a name. -4. Start typing in the **Index pattern** field, and {{kib}} looks for the names of indices, data streams, and aliases that match your input. You can view all available sources or only the sources that the data view targets. - - ![Create data view](../../../images/kibana-create-data-view.png "") - - * To match multiple sources, use a wildcard (*). `filebeat-*` matches `filebeat-apache-a`, `filebeat-apache-b`, and so on. - * To match multiple single sources, enter their names, separated by a comma. Do not include a space after the comma. `filebeat-a,filebeat-b` matches two indices. - * To exclude a source, use a minus sign (-), for example, `-test3`. - -5. Open the **Timestamp field** dropdown, and then select the default field for filtering your data by time. - - * If you don’t set a default time field, you can’t use global time filters on your dashboards. This is useful if you have multiple time fields and want to create dashboards that combine visualizations based on different timestamps. - * If your index doesn’t have time-based data, choose **I don’t want to use the time filter**. - -6. Click **Show advanced settings** to: - - * Display hidden and system indices. - * Specify your own {{data-source}} name. For example, enter your {{es}} index alias name. - -7. $$$reload-fields$$$ Click **Save {{data-source}} to {{kib}}**. - - You can manage your data view from **Stack Management**. - - - -### Create a temporary {{data-source}} [_create_a_temporary_data_source] - -Want to explore your data or create a visualization without saving it as a data view? Select **Use without saving** in the **Create {{data-source}}** form in **Discover** or **Lens**. With a temporary {{data-source}}, you can add fields and create an {{es}} query alert, just like you would a regular {{data-source}}. Your work won’t be visible to others in your space. - -A temporary {{data-source}} remains in your space until you change apps, or until you save it. - -:::{image} https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3a4f3994c44c0cc/637eb0c95834861044c21a25/ad-hoc-data-view.gif -:alt: how to create an ad-hoc data view -:class: screenshot -::: - -::::{note} -Temporary {{data-sources}} are not available in **Stack Management.** -:::: - - - -### Use {{data-sources}} with rolled up data [rollup-data-view] - -::::{admonition} Deprecated in 8.11.0. -:class: warning - -Rollups are deprecated and will be removed in a future version. Use [downsampling](../../../manage-data/data-store/index-types/downsampling-time-series-data-stream.md) instead. -:::: - - -A {{data-source}} can match one rollup index. For a combination rollup {{data-source}} with both raw and rolled up data, use the standard notation: - -```ts -rollup_logstash,kibana_sample_data_logs -``` - -For an example, refer to [Create and visualize rolled up data](../../../manage-data/lifecycle/rollup.md#rollup-data-tutorial). - - -### Use {{data-sources}} with {{ccs}} [management-cross-cluster-search] - -If your {{es}} clusters are configured for [{{ccs}}](../../../solutions/search/cross-cluster-search.md), you can create a {{data-source}} to search across the clusters of your choosing. Specify data streams, indices, and aliases in a remote cluster using the following syntax: - -```ts -: -``` - -To query {{ls}} indices across two {{es}} clusters that you set up for {{ccs}}, named `cluster_one` and `cluster_two`: - -```ts - cluster_one:logstash-*,cluster_two:logstash-* -``` - -Use wildcards in your cluster names to match any number of clusters. To search {{ls}} indices across clusters named `cluster_foo`, `cluster_bar`, and so on: - -```ts -cluster_*:logstash-* -``` - -To query across all {{es}} clusters that have been configured for {{ccs}}, use a standalone wildcard for your cluster name: - -```ts -*:logstash-* -``` - -To match indices starting with `logstash-`, but exclude those starting with `logstash-old`, from all clusters having a name starting with `cluster_`: - -```ts -cluster_*:logstash-*,cluster_*:-logstash-old* -``` - -Excluding a cluster avoids sending any network calls to that cluster. To exclude a cluster with the name `cluster_one`: - -```ts -cluster_*:logstash-*,-cluster_one:* -``` - -Once you configure a {{data-source}} to use the {{ccs}} syntax, all searches and aggregations using that {{data-source}} in {{kib}} take advantage of {{ccs}}. - -For more information, refer to [Excluding clusters or indicies from cross-cluster search](../../../solutions/search/cross-cluster-search.md#exclude-problematic-clusters). - - -## Delete a {{data-source}} [delete-data-view] - -When you delete a {{data-source}}, you cannot recover the associated field formatters, runtime fields, source filters, and field popularity data. Deleting a {{data-source}} does not remove any indices or data documents from {{es}}. - -::::{warning} -Deleting a {{data-source}} breaks all visualizations, saved Discover sessions, and other saved objects that reference the data view. -:::: - - -1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -2. Find the {{data-source}} that you want to delete, and then click ![Delete icon](../../../images/kibana-delete.png "") in the **Actions** column. - - -## {{data-source}} field cache [data-view-field-cache] - -The browser caches {{data-source}} field lists for increased performance. This is particularly impactful for {{data-sources}} with a high field count that span a large number of indices and clusters. The field list is updated every couple of minutes in typical {{kib}} usage. Alternatively, use the refresh button on the {{data-source}} management detail page to get an updated field list. A force reload of {{kib}} has the same effect. - -The field list may be impacted by changes in indices and user permissions. diff --git a/raw-migrated-files/kibana/kibana/kibana-concepts-analysts.md b/raw-migrated-files/kibana/kibana/kibana-concepts-analysts.md index d401bdb69..2b061e988 100644 --- a/raw-migrated-files/kibana/kibana/kibana-concepts-analysts.md +++ b/raw-migrated-files/kibana/kibana/kibana-concepts-analysts.md @@ -75,7 +75,7 @@ Structured filters are a more interactive way to create {{es}} queries, and are ## Saving objects [_saving_objects] -{{kib}} lets you save objects for your own future use or for sharing with others. Each [saved object](../../../explore-analyze/find-and-organize/saved-objects.md) type has different abilities. For example, you can save your search queries made with **Discover**, which lets you: +{{kib}} lets you save objects for your own future use or for sharing with others. Each [saved object](/explore-analyze/find-and-organize/saved-objects.md) type has different abilities. For example, you can save your search queries made with **Discover**, which lets you: * Share a link to your search * Download the full search results in CSV form diff --git a/raw-migrated-files/kibana/kibana/management.md b/raw-migrated-files/kibana/kibana/management.md index 6e8fd91a5..798a3683a 100644 --- a/raw-migrated-files/kibana/kibana/management.md +++ b/raw-migrated-files/kibana/kibana/management.md @@ -54,7 +54,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | | | | --- | --- | | [Data Views](../../../explore-analyze/find-and-organize/data-views.md) | Manage the fields in the data views that retrieve your data from {{es}}. | -| [Saved Objects](../../../explore-analyze/find-and-organize/saved-objects.md) | Copy, edit, delete, import, and export your saved objects.These include dashboards, visualizations, maps, data views, Canvas workpads, and more. | +| [Saved Objects](/explore-analyze/find-and-organize/saved-objects.md) | Copy, edit, delete, import, and export your saved objects.These include dashboards, visualizations, maps, data views, Canvas workpads, and more. | | [Tags](../../../explore-analyze/find-and-organize/tags.md) | Create, manage, and assign tags to your saved objects. | | [Search Sessions](../../../explore-analyze/discover/search-sessions.md) | Manage your saved search sessions, groups of queries that run in the background.Search sessions are useful when your queries take longer than usual to process,for example, when you have a large volume of data or when the performance of your storage location is slow. | | [Spaces](../../../deploy-manage/manage-spaces.md) | Create spaces to organize your dashboards and other saved objects into categories.A space is isolated from all other spaces,so you can tailor it to your needs without impacting others. | diff --git a/raw-migrated-files/kibana/kibana/managing-data-views.md b/raw-migrated-files/kibana/kibana/managing-data-views.md deleted file mode 100644 index c117d6d62..000000000 --- a/raw-migrated-files/kibana/kibana/managing-data-views.md +++ /dev/null @@ -1,492 +0,0 @@ -# Manage data views [managing-data-views] - -To customize the data fields in your data view, you can add runtime fields to the existing documents, add scripted fields to compute data on the fly, and change how {{kib}} displays the data fields. - - -## Explore your data with runtime fields [runtime-fields] - -Runtime fields are fields that you add to documents after you’ve ingested your data, and are evaluated at query time. With runtime fields, you allow for a smaller index and faster ingest time so that you can use less resources and reduce your operating costs. You can use runtime fields anywhere data views are used, for example, you can explore runtime fields in **Discover** and create visualizations with runtime fields for your dashboard. - -With runtime fields, you can: - -* Define fields for a specific use case without modifying the underlying schema. -* Override the returned values from index fields. -* Start working on your data without understanding the structure. -* Add fields to existing documents without reindexing your data. - -::::{warning} -Runtime fields can impact {{kib}} performance. When you run a query, {{es}} uses the fields you index first to shorten the response time. Index the fields that you commonly search for and filter on, such as `timestamp`, then use runtime fields to limit the number of fields {{es}} uses to calculate values. -:::: - - -For detailed information on how to use runtime fields with {{es}}, refer to [Runtime fields](../../../manage-data/data-store/mapping/runtime-fields.md). - - -### Add runtime fields [create-runtime-fields] - -To add runtime fields to your data views, open the data view you want to change, then define the field values by emitting a single value using the [Painless scripting language](../../../explore-analyze/scripting/modules-scripting-painless.md). You can also add runtime fields in [**Discover**](../../../explore-analyze/discover/discover-get-started.md#add-field-in-discover) and [**Lens**](../../../explore-analyze/visualize/lens.md#change-the-fields). - -1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -2. Select the data view that you want to add the runtime field to, then click **Add field**. -3. Enter the field **Name**, then select the **Type**. -4. Select **Set custom label**, then enter the label you want to display where the data view is used, such as **Discover**. -5. Select **Set value**, then define the script. The script must match the **Type**, or the data view fails anywhere it is used. -6. To help you define the script, use the **Preview**: - - * To view the other available fields, use the **Document ID** arrows. - * To filter the fields list, enter the keyword in **Filter fields**. - * To pin frequently used fields to the top of the list, hover over the field, then click ![Icon to pin field to the top of the list](../../../images/kibana-stackManagement-indexPatterns-pinRuntimeField-7.15.png ""). - -7. Click **Create field**. - - -### Runtime field examples [runtime-field-examples] - -Try the runtime field examples on your own using the [**Sample web logs**](../../../explore-analyze/overview/kibana-quickstart.md#gs-get-data-into-kibana) data. - - -### Return a keyword value [simple-hello-world-example] - -Return `Hello World!`: - -```text -emit("Hello World!"); -``` - -![Runtime field with keyword type](../../../images/kibana-runtime_field.png "") - - -### Perform a calculation on a single field [perform-a-calculation-on-a-single-field] - -Calculate kilobytes from bytes: - -```text -emit(doc['bytes'].value / 1024) -``` - - -### Return a substring [return-substring] - -Return the string that appears after the last slash in the URL: - -```text -def path = doc["url.keyword"].value; -if (path != null) { - int lastSlashIndex = path.lastIndexOf('/'); - if (lastSlashIndex > 0) { - emit(path.substring(lastSlashIndex+1)); - return; - } -} -emit(""); -``` - - -### Return multiple fields with a composite runtime field [composite-runtime-field] - -A single runtime field can also produce multiple subfields when the type `Composite` is selected. The script editor provides default types that can be customized for each subfields. - -Return `keyword` and `double` type subfields. Note that the first argument for `emit` is the name of the subfield. - -```text -emit('subfield_a', 'Hello'); -emit('subfield_b', 42); -``` - -![Runtime field with composite type](../../../images/kibana-runtime_field_composite.png "") - - -### Replace nulls with blanks [replace-nulls-with-blanks] - -Replace `null` values with `None`: - -```text -def source = doc['referer'].value; -if (source != null) { - emit(source); - return; -} -else { - emit("None"); -} -``` - -Specify the operating system condition: - -```text -def source = doc['machine.os.keyword'].value; -if (source != "") { - emit(source); -} -else { - emit("None"); -} -``` - - -### Manage runtime fields [manage-runtime-fields] - -Edit the settings for runtime fields, or remove runtime fields from data views. - -1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -2. Select the data view that contains the runtime field you want to manage, then open the runtime field edit options or delete the runtime field. - - -## Add scripted fields to data views [scripted-fields] - -::::{admonition} Deprecated in 7.13. -:class: warning - -Use [runtime fields](../../../manage-data/data-store/mapping/runtime-fields.md) instead of scripted fields. Runtime fields support Painless scripting and provide greater flexibility. You can also use the [Elasticsearch Query Language (ES|QL)](../../../explore-analyze/query-filter/languages/esql.md) to compute values directly at query time. -:::: - - -Scripted fields compute data on the fly from the data in your {{es}} indices. The data is shown on the Discover tab as part of the document data, and you can use scripted fields in your visualizations. You query scripted fields with the [{{kib}} query language](../../../explore-analyze/query-filter/languages/kql.md), and can filter them using the filter bar. The scripted field values are computed at query time, so they aren’t indexed and cannot be searched using the {{kib}} default query language. - -::::{warning} -Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on {{kib}} performance. Keep in mind that there’s no built-in validation of a scripted field. If your scripts are buggy, you’ll get exceptions whenever you try to view the dynamically generated data. -:::: - - -When you define a scripted field in {{kib}}, you have a choice of the [Lucene expressions](../../../explore-analyze/scripting/modules-scripting-expression.md) or the [Painless](../../../explore-analyze/scripting/modules-scripting-painless.md) scripting language. - -You can reference any single value numeric field in your expressions, for example: - -``` -doc['field_name'].value -``` - -For more information on scripted fields and additional examples, refer to [Using Painless in {{kib}} scripted fields](https://www.elastic.co/blog/using-painless-kibana-scripted-fields) - - -### Migrate to runtime fields or ES|QL queries [migrate-off-scripted-fields] - -The following code snippets demonstrate how an example scripted field called `computed_values` on the Kibana Sample Data Logs data view could be migrated to either a runtime field or an ES|QL query, highlighting the differences between each approach. - - -#### Scripted field [scripted-field-example] - -In the scripted field example, variables are created to track all values the script will need to access or return. Since scripted fields can only return a single value, the created variables must be returned together as an array at the end of the script. - -```text -def hour_of_day = $('@timestamp', ZonedDateTime.parse('1970-01-01T00:00:00Z')).getHour(); -def time_of_day = ''; - -if (hour_of_day >= 22 || hour_of_day < 5) - time_of_day = 'Night'; -else if (hour_of_day < 12) - time_of_day = 'Morning'; -else if (hour_of_day < 18) - time_of_day = 'Afternoon'; -else - time_of_day = 'Evening'; - -def response_int = Integer.parseInt($('response.keyword', '200')); -def response_category = ''; - -if (response_int < 200) - response_category = 'Informational'; -else if (response_int < 300) - response_category = 'Successful'; -else if (response_int < 400) - response_category = 'Redirection'; -else if (response_int < 500) - response_category = 'Client Error'; -else - response_category = 'Server Error'; - -return [time_of_day, response_category]; -``` - - -#### Runtime field [runtime-field-example] - -Unlike scripted fields, runtime fields do not need to return a single value and can emit values at any point in the script, which will be combined and returned as a multi-value field. This allows for more flexibility in the script logic and removes the need to manually manage an array of values. - -```text -def hour_of_day = $('@timestamp', ZonedDateTime.parse('1970-01-01T00:00:00Z')).getHour(); - -if (hour_of_day >= 22 || hour_of_day < 5) - emit('Night'); -else if (hour_of_day < 12) - emit('Morning'); -else if (hour_of_day < 18) - emit('Afternoon'); -else - emit('Evening'); - -def response_int = Integer.parseInt($('response.keyword', '200')); - -if (response_int < 200) - emit('Informational'); -else if (response_int < 300) - emit('Successful'); -else if (response_int < 400) - emit('Redirection'); -else if (response_int < 500) - emit('Client Error'); -else - emit('Server Error'); -``` - - -#### ES|QL query [esql-example] - -Alternatively, ES|QL can be used to skip the need for data view management entirely and simply compute the values you need at query time. ES|QL supports computing multiple field values in a single query, using computed values with its rich set of commands and functions, and even aggregations against computed values. This makes it an excellent solution for one-off queries and realtime data analysis. - -```esql -FROM kibana_sample_data_logs - | EVAL hour_of_day = DATE_EXTRACT("HOUR_OF_DAY", @timestamp) - | EVAL time_of_day = CASE( - hour_of_day >= 22 OR hour_of_day < 5, "Night", - hour_of_day < 12, "Morning", - hour_of_day < 18, "Afternoon", - "Evening" - ) - | EVAL response_int = TO_INTEGER(response) - | EVAL response_category = CASE( - response_int < 200, "Informational", - response_int < 300, "Successful", - response_int < 400, "Redirection", - response_int < 500, "Client Error", - "Server Error" - ) - | EVAL computed_values = MV_APPEND(time_of_day, response_category) - | DROP hour_of_day, time_of_day, response_int, response_category -``` - - -### Manage scripted fields [update-scripted-field] - -::::{warning} -The ability to create new scripted fields has been removed from the **Data Views** management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to `/app/management/kibana/dataViews/dataView/{{dataViewId}}/create-field`, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal. -:::: - - -1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -2. Select the data view that contains the scripted field you want to manage. -3. Select the **Scripted fields** tab, then open the scripted field edit options or delete the scripted field. - -For more information about scripted fields in {{es}}, refer to [Scripting](../../../explore-analyze/scripting.md). - -::::{warning} -Built-in validation is unsupported for scripted fields. When your scripts contain errors, you receive exceptions when you view the dynamically generated data. -:::: - - - -## Format data fields [managing-fields] - -{{kib}} uses the same field types as {{es}}, however, some {{es}} field types are unsupported in {{kib}}. To customize how {{kib}} displays data fields, use the formatting options. - -1. Go to the **Data Views** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -2. Click the data view that contains the field you want to change. -3. Find the field, then open the edit options (![Data field edit icon](../../../images/kibana-edit_icon.png "")). -4. Select **Set custom label**, then enter a **Custom label** for the field. -5. Select **Set format**, then enter the **Format** for the field. - -::::{note} -For numeric fields the default field formatters are based on the `meta.unit` field. The unit is associated with a [time unit](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#time-units), percent, or byte. The convention for percents is to use value 1 to mean 100%. -:::: - - - -### String field formatters [string-field-formatters] - -String fields support **String** and **Url** formatters. - -The **String** field formatter enables you to apply transforms to the field. - -Supported transformations include: - -* Convert to lowercase -* Convert to uppercase -* Convert to title case -* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: - -**Original** -: **Becomes** - -`com.organizations.project.ClassName` -: `c.o.p.ClassName` - - * Base64 decode - * URL param decode - - -You can specify the following types to the `Url` field formatter: - -* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. -* **Image** — Specifies the image directory. -* **Audio** — Specify the audio directory. - -To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. - -For example, when: - -* A field contains a user ID -* A field uses the `Url` field formatter -* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` - -The resulting URL replaces `{{value}}` with the user ID from the field. - -The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. - -When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. - -When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. - -To pass unescaped values directly to the URL, use the `{{rawValue}}` string. - -A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. - - -### Date field formatters [field-formatters-date] - -Date fields support **Date**, **String**, and **Url** formatters. - -The **Date** formatter enables you to choose the display format of date stamps using the [moment.js](https://momentjs.com/) standard format definitions. - -The **String** field formatter enables you to apply transforms to the field. - -Supported transformations include: - -* Convert to lowercase -* Convert to uppercase -* Convert to title case -* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: - -**Original** -: **Becomes** - -`com.organizations.project.ClassName` -: `c.o.p.ClassName` - - * Base64 decode - * URL param decode - - -You can specify the following types to the `Url` field formatter: - -* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. -* **Image** — Specifies the image directory. -* **Audio** — Specify the audio directory. - -To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. - -For example, when: - -* A field contains a user ID -* A field uses the `Url` field formatter -* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` - -The resulting URL replaces `{{value}}` with the user ID from the field. - -The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. - -When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. - -When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. - -To pass unescaped values directly to the URL, use the `{{rawValue}}` string. - -A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. - - -### Geographic point field formatters [field-formatters-geopoint] - -Geographic point fields support the **String** formatter. - -The **String** field formatter enables you to apply transforms to the field. - -Supported transformations include: - -* Convert to lowercase -* Convert to uppercase -* Convert to title case -* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: - -**Original** -: **Becomes** - -`com.organizations.project.ClassName` -: `c.o.p.ClassName` - - * Base64 decode - * URL param decode - - - -### Number field formatters [field-formatters-numeric] - -Numeric fields support **Bytes**, **Color**, **Duration**, **Histogram**, **Number**, **Percentage**, **String**, and **Url** formatters. - -The **Bytes**, **Number**, and **Percentage** formatters enable you to choose the display formats of numbers in the field using the [Elastic numeral pattern](../../../explore-analyze/numeral-formatting.md) syntax that {{kib}} maintains. - -The **Histogram** formatter is used only for the [histogram field type](https://www.elastic.co/guide/en/elasticsearch/reference/current/histogram.html). When you use the **Histogram** formatter, you can apply the **Bytes**, **Number**, or **Percentage** format to aggregated data. - -You can specify the following types to the `Url` field formatter: - -* **Link** — Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. When the image is smaller than the specified parameters, the image is unable to upscale. -* **Image** — Specifies the image directory. -* **Audio** — Specify the audio directory. - -To customize URL field formats, use templates. An **URL template** enables you to add values to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string. - -For example, when: - -* A field contains a user ID -* A field uses the `Url` field formatter -* The URI template is `http://company.net/profiles?user_id={­{{value}}­}` - -The resulting URL replaces `{{value}}` with the user ID from the field. - -The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For example, field contents `users/admin` result in the URL template adding `users%2Fadmin`. - -When the formatter type is **Image**, the `{{value}}` template string specifies the name of an image at the specified URI. - -When the formatter type is **Audio**, the `{{value}}` template string specifies the name of an audio file at the specified URI. - -To pass unescaped values directly to the URL, use the `{{rawValue}}` string. - -A **Label template** enables you to specify a text string that appears instead of the raw URL. You can use the `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display the formatted URL. - -The **String** field formatter enables you to apply transforms to the field. - -Supported transformations include: - -* Convert to lowercase -* Convert to uppercase -* Convert to title case -* Apply the short dots transformation, which replaces the content before the `.` character with the first character of the content. For example: - -**Original** -: **Becomes** - -`com.organizations.project.ClassName` -: `c.o.p.ClassName` - - * Base64 decode - * URL param decode - - -The **Duration** field formatter displays the numeric value of a field in the following increments: - -* Picoseconds -* Nanoseconds -* Microseconds -* Milliseconds -* Seconds -* Minutes -* Hours -* Days -* Weeks -* Months -* Years - -You can specify these increments with up to 20 decimal places for input and output formats. - -The **Color** field formatter enables you to specify colors with ranges of values for a number field. - -When you select the **Color** formatter, click **Add Color**, then specify the **Range**, **Text color**, and **Background color**. - diff --git a/raw-migrated-files/kibana/kibana/managing-saved-objects.md b/raw-migrated-files/kibana/kibana/managing-saved-objects.md deleted file mode 100644 index b08d66e73..000000000 --- a/raw-migrated-files/kibana/kibana/managing-saved-objects.md +++ /dev/null @@ -1,185 +0,0 @@ -# Manage saved objects [managing-saved-objects] - -Edit, import, export, and copy your saved objects. These objects include dashboards, visualizations, maps, {{data-sources}}, **Canvas** workpads, and other saved objects. - -You can find the **Saved Objects** page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). - -:::{image} ../../../images/kibana-management-saved-objects.png -:alt: Saved Objects -:class: screenshot -::: - - -## Required permissions [_required_permissions_5] - -To access **Saved Objects**, you must have the required `Saved Objects Management` {{kib}} privilege. - -To add the privilege, go to the **Roles** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). - -::::{note} -Granting access to `Saved Objects Management` authorizes users to manage all saved objects in {{kib}}, including objects that are managed by applications they may not otherwise be authorized to access. -:::: - - - -## View and delete [managing-saved-objects-view] - -* To view and edit a saved object in its associated application, click the object title. -* To show objects that use this object, so you know the impact of deleting it, click the actions icon ![Actions icon](../../../images/kibana-actions_icon.png "") and then select **Relationships**. -* To delete one or more objects, select their checkboxes, and then click **Delete**. - - -## Import and export [managing-saved-objects-export-objects] - -Use import and export to move objects between different {{kib}} instances. These actions are useful when you have multiple environments for development and production. Import and export also work well when you have a large number of objects to update and want to batch the process. - -{{kib}} also provides import and export [saved objects APIs](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-saved-objects) to automate this process. - - -### Import [_import] - -Import multiple objects in a single operation. - -1. In the toolbar, click **Import**. -2. Select the NDJSON file that includes the objects you want to import. -3. Select the import options. By default, saved objects already in {{kib}} are overwritten. -4. Click **Import**. - -::::{note} -The [`savedObjects.maxImportExportSize`](../../../deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportExportSize) configuration setting limits the number of saved objects to include in the file. The [`savedObjects.maxImportPayloadBytes`](../../../deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportPayloadBytes) setting limits the overall size of the file that you can import. -:::: - - - -### Export [_export] - -Export objects by selection or type. - -* To export specific objects, select them in the table, and then click **Export**. -* To export objects by type, click **Export objects** in the toolbar. - -{{kib}} creates an NDJSON with all your saved objects. By default, the NDJSON includes child objects related to the saved objects. Exported dashboards include their associated {{data-sources}}. - -::::{note} -The [`savedObjects.maxImportExportSize`](../../../deploy-manage/deploy/self-managed/configure.md#savedObjects-maxImportExportSize) configuration setting limits the number of saved objects that you can export. -:::: - - - -### Compatibility across versions [_compatibility_across_versions] - -With each release, {{kib}} introduces changes to the way saved objects are stored. When importing a saved object, {{kib}} runs the necessary migrations to ensure that the imported saved objects are compatible with the current version. - -However, saved objects can only be imported into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backward compatible and cannot be imported into an older version of {{kib}}. For example: - -| | | | -| --- | --- | --- | -| Exporting version | Importing version | Compatible? | -| 6.7.0 | 6.8.1 | Yes | -| 6.8.1 | 7.3.0 | Yes | -| 7.3.0 | 7.11.1 | Yes | -| 7.11.1 | 7.6.0 | No | -| 6.8.1 | 8.0.0 | No | - - -## Copy to other {{kib}} spaces [managing-saved-objects-copy-to-space] - -Copy saved objects and their related objects between spaces. - -1. Click the actions icon ![Actions icon](../../../images/kibana-actions_icon.png ""). -2. Click **Copy to spaces**. -3. Select the spaces in which to copy the object. -4. Specify whether to automatically overwrite any objects that already exist in the target spaces, or resolve them on a per-object basis. - - The copy operation automatically includes child objects that are related to the saved object. If you don’t want this behavior, use the [copy saved objects to space API](https://www.elastic.co/guide/en/kibana/current/spaces-api-copy-saved-objects.html) instead. - - - -## Share to other {{kib}} spaces [managing-saved-objects-share-to-space] - -Make a single saved object available in multiple spaces. - -1. Click the actions icon ![Actions icon](../../../images/kibana-actions_icon.png ""). -2. Select **Share to spaces**. -3. Select the spaces in which to share the object. Or, indicate that you want the object to be shared to *all spaces*, which includes those that exist now and any created in the future. - - Not all saved object types are shareable. If an object is shareable, the **Spaces** column shows where the object exists. You can click those space icons to open the Share UI. - - The share operation automatically includes child objects that are related to the saved objects. - - -$$$spaces-api-update-objects-spaces-example-1$$$ -To share a saved object to a space programmatically with the [spaces APIs](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-spaces), follow these steps: - -1. Collect reference graph and spaces context for each saved object that you want to share using get shareable references API: - - ```sh - $ curl -X POST /api/spaces/_get_shareable_references - { - "objects": [ - { - "type": "index-pattern", - "id": "90943e30-9a47-11e8-b64d-95841ca0b247" - } - ] - } - ``` - - The API returns the following: - - ```json - { - "objects": [ - { - "type": "index-pattern", - "id": "90943e30-9a47-11e8-b64d-95841ca0b247", - "spaces": ["default"], - "inboundReferences": [], - "spacesWithMatchingOrigins": ["default"] - } - ] - } - ``` - -2. Check each saved object for `spacesWithMatchingOrigins` conflicts. - - Objects should not be shared to spaces with matching origins or you will create URL conflicts (causing the same URL to point to different saved objects). - -3. Check each saved object for `spacesWithMatchingAliases` conflicts. - - If these match the spaces that these saved objects will be shared to you should disable legacy URL aliases for them using the disable legacy URL aliases API. - - When sharing to all spaces (`*`) all entries in `spacesWithMatchingAliases` should be checked. - -4. Update spaces of each saved object and all its references: - - ```sh - $ curl -X POST /api/spaces/_update_objects_spaces - { - "objects": [ - { - "type": "index-pattern", - "id": "90943e30-9a47-11e8-b64d-95841ca0b247" - } - ], - "spacesToAdd": ["test"], - "spacesToRemove": [] - } - ``` - - The API returns the following: - - ```json - { - "objects": [ - { - "type": "index-pattern", - "id": "90943e30-9a47-11e8-b64d-95841ca0b247", - "spaces": ["default", "test"] - } - ] - } - ``` - - - diff --git a/raw-migrated-files/kibana/kibana/managing-tags.md b/raw-migrated-files/kibana/kibana/managing-tags.md deleted file mode 100644 index 587fb8b49..000000000 --- a/raw-migrated-files/kibana/kibana/managing-tags.md +++ /dev/null @@ -1,66 +0,0 @@ -# Tags [managing-tags] - -Use tags to categorize your saved objects, then filter for related objects based on shared tags. - -To get started, go to the **Tags** management page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). - -:::{image} ../../../images/kibana-tag-management-section.png -:alt: Tags management -:class: screenshot -::: - - -## Required permissions [_required_permissions_10] - -To create tags, you must meet the minimum requirements. - -* Access to **Tags** requires the `Tag Management` Kibana privilege. To add the privilege, go to the **Roles** page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). -* The `read` privilege allows you to assign tags to the saved objects for which you have write permission. -* The `write` privilege enables you to create, edit, and delete tags. - -::::{note} -Having the `Tag Management` {{kib}} privilege is not required to view tags assigned on objects you have `read` access to, or to filter objects by tags from the global search. -:::: - - - -## Create a tag [settings-create-tag] - -Create a tag to assign to your saved objects. - -1. Click **Create tag**. -2. Enter a name and select a color for the new tag. - - The name cannot be longer than 50 characters. - -3. Click **Create tag**. - - -## Assign a tag to an object [settings-assign-tag] - -To assign and remove tags, you must have `write` permission on the objects to which you assign the tags. - -1. Find the tag you want to assign. -2. Click the actions icon ![Actions icon](../../../images/kibana-actions_icon.png ""), and then select **Manage assignments**. -3. Select the objects to which you want to assign or remove tags. - - :::{image} ../../../images/kibana-manage-assignments-flyout.png - :alt: Assign flyout - :class: screenshot - ::: - -4. Click **Save tag assignments**. - - -## Delete a tag [settings-delete-tag] - -When you delete a tag, you remove it from all saved objects that use it. - -1. Click the actions icon ![Actions icon](../../../images/kibana-actions_icon.png ""), and then select **Delete**. -2. Click **Delete tag**. - -::::{tip} -To assign, delete, or clear multiple tags, select them in the **Tags** view, and then select the action from the **selected tags** menu. -:::: - - diff --git a/raw-migrated-files/kibana/kibana/saved-object-ids.md b/raw-migrated-files/kibana/kibana/saved-object-ids.md deleted file mode 100644 index a15c4ee34..000000000 --- a/raw-migrated-files/kibana/kibana/saved-object-ids.md +++ /dev/null @@ -1,57 +0,0 @@ -# Saved Object IDs [saved-object-ids] - -In the past, many saved object types could have the same ID in different [spaces](../../../deploy-manage/manage-spaces.md). For example, if you copied dashboard "123" from the one space to another space, the second dashboard would also have an ID of "123". While the saved object ID is not something that users would interact with directly, many aspects of {{kib}} rely on it, notably URLs. If you have a "deep link" URL to a saved dashboard, that URL includes the saved object ID. - -**Starting in the 8.0 release**, {{kib}} requires most saved objects to have *globally unique* IDs. This is a change that we needed to make to support sharing saved objects to multiple spaces. Most saved objects cannot be shared to multiple spaces *yet*, but we needed to start enforcing globally unique object IDs first. - -We have made several enhancements to minimize the impact, and this document describes what you need to know about the changes and how it will affect you. - -## Impact upon upgrading to 8.x [saved-object-ids-impact-upon-upgrading] - -Every time you upgrade {{kib}}, [saved objects are migrated to a new format](../../../deploy-manage/upgrade/internal-upgrade-processes/saved-object-migrations.md). When you first upgrade from 7.x to 8.x, this migration process will start enforcing globally unique saved object IDs. - -In practical terms, **any old saved objects that exist in a custom space will have their IDs changed to a new UUID**, while saved objects in the Default space will be unchanged. This is how we can ensure that every saved object ID is unique. For example: if you had dashboard "123" in the Default space and dashboard "123" in Another space, after the upgrade you would have dashboard "123" in the Default space and dashboard "456" in Another space. - - -## Impact when using 8.x [saved-object-ids-impact-when-using] - -After you upgrade, or if you set up a new {{kib}} instance using 8.x, there are a few more things that behave differently. - -### Accessing saved objects using old URLs [saved-object-ids-impact-when-using-legacy-urls] - -When you upgrade {{kib}} and saved object IDs change, the "deep link" URLs to access those saved objects will also change. To reduce the impact, each existing URL is preserved with a special [legacy URL alias](https://www.elastic.co/guide/en/kibana/current/legacy-url-aliases.html). This means that if you use a bookmark for a saved object ID that was changed, you’ll be redirected to the new URL for that saved object. - - -### Importing and copying saved objects [saved-object-ids-impact-when-using-import-and-copy] - -When you [copy a saved object to another space](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-copy-to-space), {{kib}} effectively [exports it and imports it into that space](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-export-objects). In this way, copying a saved object has always behaved like an import. In this document when we say "import", it applies to both features. - -Historically, whether you imported or copied a saved object, {{kib}} would create *at most* one copy of a saved object in that space. If you imported the saved object multiple times, {{kib}} would overwrite the existing object, because it used the same ID. Since saved object IDs are now globally unique, {{kib}} maintains this functionality by tracking each saved object’s *origin*. When you import an object in 8.x, {{kib}} uses either the saved object ID *or* the origin to determine its destination. - -If you import a saved object using the "Check for existing objects" option — whether it was exported from 7.x or 8.x — {{kib}} will take the following steps: - -1. If {{kib}} finds a matching saved object with the exact same ID in the target space, that will be the import destination — you can **overwrite** that destination or **skip** it. -2. Otherwise, if {{kib}} finds a matching saved object with a *different* ID that has the same origin, that will be the import destination — again, you can **overwrite** that destination or **skip** it. -3. Otherwise, if a saved object with the exact same ID exists in a *different* space, then {{kib}} will generate a random ID for the import destination, preserving the saved object’s origin. -4. Otherwise, {{kib}} creates the saved object with the given ID. - -For example, you have a saved object in an `export.ndjson` file, and you set up a brand new {{kib}} instance. You attempt to import the saved object using the "Check for existing objects" and "Automatically overwrite conflicts" options. The first time you import the saved object, {{kib}} will create a new object with the same ID (step 4 above). If you import it again, {{kib}} will find that object and overwrite it (step 1 above). If you then create a *different* space and import it there, {{kib}} will create a new object with a random ID (step 3 above). Finally, if you import it into the second space again, {{kib}} will find the second object with a matching origin and overwrite it (step 2 above). - -::::{warning} -When you import a saved object and it is created with a different ID, if 1. it contains weak links to other saved objects (such as a dashboard with a Markdown URL to navigate to another dashboard) and 2. the object’s ID has changed (step 3 above), those weak links will be broken. For more information, refer to [the known issue in the changelog](https://www.elastic.co/guide/en/kibana/8.0/release-notes-8.0.0.html#known-issue-8.0.0). -:::: - - - -### Using the saved objects APIs [saved-object-ids-impact-when-using-apis] - -If you are using the saved objects APIs directly, you should be aware of these changes: - -::::{warning} -Some of the saved objects APIs are deprecated in 8.7.0. For more information, refer to the [API docs](https://www.elastic.co/guide/en/kibana/current/saved-objects-api.html) -:::: - - -* When using the create or bulk create API, you may encounter conflict errors that **cannot** be overridden using the `overwrite: true` option. This can occur if there is already a saved object with this ID in a *different* space, or if there is a legacy URL alias for this ID in the same space. -* When using the import or copy to space API, objects can potentially be created with a different ID as described above. -* When using the delete API, if the saved object exists in multiple spaces, it can only be deleted by using the `force` option. diff --git a/raw-migrated-files/kibana/kibana/xpack-spaces.md b/raw-migrated-files/kibana/kibana/xpack-spaces.md index 8b2893922..7435fefaf 100644 --- a/raw-migrated-files/kibana/kibana/xpack-spaces.md +++ b/raw-migrated-files/kibana/kibana/xpack-spaces.md @@ -66,7 +66,7 @@ Deleting a space permanently removes the space and all of its contents. Find the ## Move saved objects between spaces [spaces-moving-objects] -To move saved objects between spaces, you can [copy objects](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-copy-to-space), or [export and import objects](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-export-objects). +To move saved objects between spaces, you can [copy objects](/explore-analyze/find-and-organize/saved-objects.md#saved-objects-copy-to-other-spaces), or [export and import objects](/explore-analyze/find-and-organize/saved-objects.md#saved-objects-export). ## Configure a space-level landing page [spaces-default-route] diff --git a/raw-migrated-files/observability-docs/observability/manage-cases.md b/raw-migrated-files/observability-docs/observability/manage-cases.md index 80e81940d..f9b8601d4 100644 --- a/raw-migrated-files/observability-docs/observability/manage-cases.md +++ b/raw-migrated-files/observability-docs/observability/manage-cases.md @@ -63,7 +63,7 @@ To download or delete the file or copy the file hash to your clipboard, open the When you upload a file, a comment is added to the case activity log. To view an image, click its name in the activity or file list. ::::{note} -Uploaded files are also accessible on the **Files** page. To open **Files**, find **Stack Management** in the main menu or use the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). When you export cases as [saved objects](../../../explore-analyze/find-and-organize/saved-objects.md), the case files are not exported. +Uploaded files are also accessible on the **Files** page. To open **Files**, find **Stack Management** in the main menu or use the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). When you export cases as [saved objects](/explore-analyze/find-and-organize/saved-objects.md), the case files are not exported. :::: diff --git a/raw-migrated-files/security-docs/security/cases-open-manage.md b/raw-migrated-files/security-docs/security/cases-open-manage.md index ad2177bba..522c01a01 100644 --- a/raw-migrated-files/security-docs/security/cases-open-manage.md +++ b/raw-migrated-files/security-docs/security/cases-open-manage.md @@ -243,7 +243,7 @@ Each case has a universally unique identifier (UUID) that you can copy and share ## Export and import cases [cases-export-import] -Cases can be [exported](../../../solutions/security/investigate/open-manage-cases.md#cases-export) and [imported](../../../solutions/security/investigate/open-manage-cases.md#cases-import) as saved objects using the {{kib}} [Saved Objects](../../../explore-analyze/find-and-organize/saved-objects.md) UI. +Cases can be [exported](../../../solutions/security/investigate/open-manage-cases.md#cases-export) and [imported](../../../solutions/security/investigate/open-manage-cases.md#cases-import) as saved objects using the {{kib}} [Saved Objects](/explore-analyze/find-and-organize/saved-objects.md) UI. ::::{important} Before importing Lens visualizations, Timelines, or alerts into a space, ensure their data is present. Without it, they won’t work after being imported. diff --git a/raw-migrated-files/security-docs/security/rules-ui-management.md b/raw-migrated-files/security-docs/security/rules-ui-management.md index 758776291..d21d5887c 100644 --- a/raw-migrated-files/security-docs/security/rules-ui-management.md +++ b/raw-migrated-files/security-docs/security/rules-ui-management.md @@ -185,14 +185,14 @@ If you try to export with both prebuilt and custom rules selected, only the cust The `.ndjson` file also includes any actions, connectors, and exception lists related to the exported rules. However, other configuration items require additional handling when exporting and importing rules: -* **Data views**: For rules that use a {{kib}} data view as a data source, the exported file contains the associated `data_view_id`, but does *not* include any other data view configuration. To export/import between {{kib}} spaces, first use the [Saved Objects](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-share-to-space) UI to share the data view with the destination space. +* **Data views**: For rules that use a {{kib}} data view as a data source, the exported file contains the associated `data_view_id`, but does *not* include any other data view configuration. To export/import between {{kib}} spaces, first use the [Saved Objects](/explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-share-to-space) UI to share the data view with the destination space. To import into a different {{stack}} deployment, the destination cluster must include a data view with a matching data view ID (configured in the [data view’s advanced settings](../../../explore-analyze/find-and-organize/data-views.md)). Alternatively, after importing, you can manually reconfigure the rule to use an appropriate data view in the destination system. * **Actions and connectors**: Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) *is not* included. You must re-add missing connector details after importing detection rules. ::::{tip} - You can also use {{kib}}'s [Saved Objects](../../../explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-export-objects) UI to export and import necessary connectors before importing detection rules. + You can also use {{kib}}'s [Saved Objects](/explore-analyze/find-and-organize/saved-objects.md#saved-objects-export) UI to export and import necessary connectors before importing detection rules. :::: * **Value lists**: Any value lists used for rule exceptions are *not* included in rule exports or imports. Use the [Manage value lists](../../../solutions/security/detect-and-alert/create-manage-value-lists.md#edit-value-lists) UI to export and import value lists separately. diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index aec710452..d902109f8 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -269,7 +269,6 @@ toc: - file: docs-content/serverless/connect-to-byo-llm.md - file: docs-content/serverless/cspm-required-permissions.md - file: docs-content/serverless/custom-roles.md - - file: docs-content/serverless/data-views.md - file: docs-content/serverless/detections-logsdb-index-mode-impact.md - file: docs-content/serverless/elasticsearch-clients.md - file: docs-content/serverless/elasticsearch-dev-tools.md @@ -423,7 +422,6 @@ toc: - file: docs-content/serverless/project-settings-content.md - file: docs-content/serverless/quickstart-monitor-hosts-with-otel.md - file: docs-content/serverless/rules.md - - file: docs-content/serverless/saved-objects.md - file: docs-content/serverless/security-about-rules.md - file: docs-content/serverless/security-add-exceptions.md - file: docs-content/serverless/security-add-manage-notes.md @@ -567,7 +565,6 @@ toc: - file: docs-content/serverless/security-vuln-management-overview.md - file: docs-content/serverless/slo-troubleshoot-slos.md - file: docs-content/serverless/spaces.md - - file: docs-content/serverless/tags.md - file: docs-content/serverless/what-is-observability-serverless.md - file: elasticsearch-hadoop/elasticsearch-hadoop/index.md children: @@ -673,7 +670,6 @@ toc: - file: kibana/kibana/connect-to-elasticsearch.md - file: kibana/kibana/console-kibana.md - file: kibana/kibana/data-rollups.md - - file: kibana/kibana/data-views.md - file: kibana/kibana/elasticsearch-mutual-tls.md - file: kibana/kibana/esql.md - file: kibana/kibana/get-started.md @@ -686,16 +682,12 @@ toc: - file: kibana/kibana/logging-settings.md - file: kibana/kibana/maintenance-windows.md - file: kibana/kibana/management.md - - file: kibana/kibana/managing-data-views.md - - file: kibana/kibana/managing-saved-objects.md - - file: kibana/kibana/managing-tags.md - file: kibana/kibana/osquery.md - file: kibana/kibana/playground.md - file: kibana/kibana/reporting-getting-started.md - file: kibana/kibana/reporting-production-considerations.md - file: kibana/kibana/role-mappings.md - file: kibana/kibana/sample-data.md - - file: kibana/kibana/saved-object-ids.md - file: kibana/kibana/search-ai-assistant.md - file: kibana/kibana/secure-reporting.md - file: kibana/kibana/secure-settings.md