From b85873a5b9b6f0037f2d61e6f443741a1c40a71c Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Tue, 4 Feb 2025 19:31:40 +0100 Subject: [PATCH 1/4] refine querying section --- explore-analyze/query-filter/filtering.md | 4 +- explore-analyze/query-filter/languages.md | 3 +- ...g_concepts_across_sql_and_elasticsearch.md | 22 -- .../query-filter/languages/sql-concepts.md | 21 ++ .../languages/sql-functions-datetime.md | 2 +- .../languages/sql-getting-started.md | 1 + .../{_api_usage.md => sql-jdbc-api-usage.md} | 0 explore-analyze/query-filter/tools/console.md | 229 +++++++++++++++++- .../query-filter/tools/saved-queries.md | 29 ++- .../query-filter/tools/search-profiler.md | 2 +- .../scripting/modules-scripting-security.md | 2 +- explore-analyze/toc.yml | 4 +- .../visualize/maps/maps-connect-to-ems.md | 2 +- .../maps/reverse-geocoding-tutorial.md | 2 +- .../kibana/kibana/save-load-delete-query.md | 27 --- 15 files changed, 284 insertions(+), 66 deletions(-) delete mode 100644 explore-analyze/query-filter/languages/_mapping_concepts_across_sql_and_elasticsearch.md rename explore-analyze/query-filter/languages/{_api_usage.md => sql-jdbc-api-usage.md} (100%) delete mode 100644 raw-migrated-files/kibana/kibana/save-load-delete-query.md diff --git a/explore-analyze/query-filter/filtering.md b/explore-analyze/query-filter/filtering.md index 9b6e623227..1f463f1877 100644 --- a/explore-analyze/query-filter/filtering.md +++ b/explore-analyze/query-filter/filtering.md @@ -25,7 +25,7 @@ Some apps provide more options, such as [Dashboards](../dashboards.md). Display data within a specified time range when your index contains time-based events, and a time-field is configured for the selected [{{data-source}}](../find-and-organize/data-views.md). The default time range is 15 minutes, but you can customize it in [Advanced Settings](https://www.elastic.co/guide/en/kibana/current/advanced-options.html). -1. Click ![calendar icon](../../../images/kibana-time-filter-icon.png). +1. Click ![calendar icon](../../images/kibana-time-filter-icon.png). 2. Choose one of the following: * **Quick select**. Set a time based on the last or next number of seconds, minutes, hours, or other time unit. @@ -55,4 +55,4 @@ To manually resubmit a search, click the **Refresh** button. This is useful when Structured filters are a more interactive way to create {{es}} queries, and are commonly used when building dashboards that are shared by multiple analysts. Each filter can be disabled, inverted, or pinned across all apps. Each of the structured filters is combined with AND logic on the rest of the query. -![Add filter popup](../../../images/kibana-add-filter-popup.png "") \ No newline at end of file +![Add filter popup](../../images/kibana-add-filter-popup.png "") \ No newline at end of file diff --git a/explore-analyze/query-filter/languages.md b/explore-analyze/query-filter/languages.md index 832fe2ebb0..01392baf95 100644 --- a/explore-analyze/query-filter/languages.md +++ b/explore-analyze/query-filter/languages.md @@ -1,6 +1,5 @@ --- -mapped_pages: - - https://www.elastic.co/guide/en/elasticsearch/reference/current/search-analyze.html + --- # Query languages [search-analyze-query-languages] diff --git a/explore-analyze/query-filter/languages/_mapping_concepts_across_sql_and_elasticsearch.md b/explore-analyze/query-filter/languages/_mapping_concepts_across_sql_and_elasticsearch.md deleted file mode 100644 index 1d9d1bb2cf..0000000000 --- a/explore-analyze/query-filter/languages/_mapping_concepts_across_sql_and_elasticsearch.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -mapped_pages: - - https://www.elastic.co/guide/en/elasticsearch/reference/current/_mapping_concepts_across_sql_and_elasticsearch.html ---- - -# Mapping concepts across SQL and Elasticsearch [_mapping_concepts_across_sql_and_es] - -While SQL and {{es}} have different terms for the way the data is organized (and different semantics), essentially their purpose is the same. - -So let’s start from the bottom; these roughly are: - -| SQL | {{es}} | Description | -| --- | --- | --- | -| `column` | `field` | In both cases, at the lowest level, data is stored in *named* entries, of a variety of [data types](sql-data-types.md), containing *one* value. SQL calls such an entry a *column* while {{es}} a *field*.Notice that in {{es}} a field can contain *multiple* values of the same type (essentially a list) while in SQL, a *column* can contain *exactly* one value of said type.Elasticsearch SQL will do its best to preserve the SQL semantic and, depending on the query, reject those that return fields with more than one value. | -| `row` | `document` | `Column`s and `field`s do *not* exist by themselves; they are part of a `row` or a `document`. The two have slightly different semantics: a `row` tends to be *strict* (and have more enforcements) while a `document` tends to be a bit more flexible or loose (while still having a structure). | -| `table` | `index` | The target against which queries, whether in SQL or {{es}} get executed against. | -| `schema` | *implicit* | In RDBMS, `schema` is mainly a namespace of tables and typically used as a security boundary. {{es}} does not provide an equivalent concept for it. However when security is enabled, {{es}} automatically applies the security enforcement so that a role sees only the data it is allowed to (in SQL jargon, its *schema*). | -| `catalog` or `database` | `cluster` instance | In SQL, `catalog` or `database` are used interchangeably and represent a set of schemas that is, a number of tables.In {{es}} the set of indices available are grouped in a `cluster`. The semantics also differ a bit; a `database` is essentially yet another namespace (which can have some implications on the way data is stored) while an {{es}} `cluster` is a runtime instance, or rather a set of at least one {{es}} instance (typically running distributed).In practice this means that while in SQL one can potentially have multiple catalogs inside an instance, in {{es}} one is restricted to only *one*. | -| `cluster` | `cluster` (federated) | Traditionally in SQL, *cluster* refers to a single RDBMS instance which contains a number of `catalog`s or `database`s (see above). The same word can be reused inside {{es}} as well however its semantic clarified a bit.
While RDBMS tend to have only one running instance, on a single machine (*not* distributed), {{es}} goes the opposite way and by default, is distributed and multi-instance.
Further more, an {{es}} `cluster` can be connected to other `cluster`s in a *federated* fashion thus `cluster` means:
single cluster::Multiple {{es}} instances typically distributed across machines, running within the same namespace.multiple clusters::Multiple clusters, each with its own namespace, connected to each other in a federated setup (see [{{ccs-cap}}](../../../solutions/search/cross-cluster-search.md)). | - -As one can see while the mapping between the concepts are not exactly one to one and the semantics somewhat different, there are more things in common than differences. In fact, thanks to SQL declarative nature, many concepts can move across {{es}} transparently and the terminology of the two likely to be used interchangeably throughout the rest of the material. - diff --git a/explore-analyze/query-filter/languages/sql-concepts.md b/explore-analyze/query-filter/languages/sql-concepts.md index b7d1081ebc..ac6888d161 100644 --- a/explore-analyze/query-filter/languages/sql-concepts.md +++ b/explore-analyze/query-filter/languages/sql-concepts.md @@ -1,6 +1,8 @@ --- +navigation_title: Conventions mapped_pages: - https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-concepts.html + - https://www.elastic.co/guide/en/elasticsearch/reference/current/_mapping_concepts_across_sql_and_elasticsearch.html --- # Conventions and Terminology [sql-concepts] @@ -14,4 +16,23 @@ This documentation while trying to be complete, does assume the reader has *basi As a general rule, Elasticsearch SQL as the name indicates provides a SQL interface to {{es}}. As such, it follows the SQL terminology and conventions first, whenever possible. However the backing engine itself is {{es}} for which Elasticsearch SQL was purposely created hence why features or concepts that are not available, or cannot be mapped correctly, in SQL appear in Elasticsearch SQL. Last but not least, Elasticsearch SQL tries to obey the [principle of least surprise](https://en.wikipedia.org/wiki/Principle_of_least_astonishment), though as all things in the world, everything is relative. +## Mapping concepts across SQL and Elasticsearch [_mapping_concepts_across_sql_and_es] + +While SQL and {{es}} have different terms for the way the data is organized (and different semantics), essentially their purpose is the same. + +So let’s start from the bottom; these roughly are: + +| SQL | {{es}} | Description | +| --- | --- | --- | +| `column` | `field` | In both cases, at the lowest level, data is stored in *named* entries, of a variety of [data types](sql-data-types.md), containing *one* value. SQL calls such an entry a *column* while {{es}} a *field*.Notice that in {{es}} a field can contain *multiple* values of the same type (essentially a list) while in SQL, a *column* can contain *exactly* one value of said type.Elasticsearch SQL will do its best to preserve the SQL semantic and, depending on the query, reject those that return fields with more than one value. | +| `row` | `document` | `Column`s and `field`s do *not* exist by themselves; they are part of a `row` or a `document`. The two have slightly different semantics: a `row` tends to be *strict* (and have more enforcements) while a `document` tends to be a bit more flexible or loose (while still having a structure). | +| `table` | `index` | The target against which queries, whether in SQL or {{es}} get executed against. | +| `schema` | *implicit* | In RDBMS, `schema` is mainly a namespace of tables and typically used as a security boundary. {{es}} does not provide an equivalent concept for it. However when security is enabled, {{es}} automatically applies the security enforcement so that a role sees only the data it is allowed to (in SQL jargon, its *schema*). | +| `catalog` or `database` | `cluster` instance | In SQL, `catalog` or `database` are used interchangeably and represent a set of schemas that is, a number of tables.In {{es}} the set of indices available are grouped in a `cluster`. The semantics also differ a bit; a `database` is essentially yet another namespace (which can have some implications on the way data is stored) while an {{es}} `cluster` is a runtime instance, or rather a set of at least one {{es}} instance (typically running distributed).In practice this means that while in SQL one can potentially have multiple catalogs inside an instance, in {{es}} one is restricted to only *one*. | +| `cluster` | `cluster` (federated) | Traditionally in SQL, *cluster* refers to a single RDBMS instance which contains a number of `catalog`s or `database`s (see above). The same word can be reused inside {{es}} as well however its semantic clarified a bit.
While RDBMS tend to have only one running instance, on a single machine (*not* distributed), {{es}} goes the opposite way and by default, is distributed and multi-instance.
Further more, an {{es}} `cluster` can be connected to other `cluster`s in a *federated* fashion thus `cluster` means:
single cluster::Multiple {{es}} instances typically distributed across machines, running within the same namespace.multiple clusters::Multiple clusters, each with its own namespace, connected to each other in a federated setup (see [{{ccs-cap}}](../../../solutions/search/cross-cluster-search.md)). | + +As one can see while the mapping between the concepts are not exactly one to one and the semantics somewhat different, there are more things in common than differences. In fact, thanks to SQL declarative nature, many concepts can move across {{es}} transparently and the terminology of the two likely to be used interchangeably throughout the rest of the material. + + + diff --git a/explore-analyze/query-filter/languages/sql-functions-datetime.md b/explore-analyze/query-filter/languages/sql-functions-datetime.md index 0873da6983..574b50d07f 100644 --- a/explore-analyze/query-filter/languages/sql-functions-datetime.md +++ b/explore-analyze/query-filter/languages/sql-functions-datetime.md @@ -1038,7 +1038,7 @@ TO_CHAR( **Output**: string -**Description**: Returns the date/datetime/time as a string using the format specified in the 2nd argument. The formatting pattern conforms to [PostgreSQL Template Patterns for Date/Time Formatting](https://www.postgresql.org/docs/13/functions-formatting.md). +**Description**: Returns the date/datetime/time as a string using the format specified in the 2nd argument. The formatting pattern conforms to [PostgreSQL Template Patterns for Date/Time Formatting](https://www.postgresql.org/docs/13/functions-formatting.html). ::::{note} If the 1st argument is of type `time`, then the pattern specified by the 2nd argument cannot contain date related units (e.g. *dd*, *MM*, *YYYY*, etc.). If it contains such units an error is returned.
The result of the patterns `TZ` and `tz` (time zone abbreviations) in some cases differ from the results returned by the `TO_CHAR` in PostgreSQL. The reason is that the time zone abbreviations specified by the JDK are different from the ones specified by PostgreSQL. This function might show an actual time zone abbreviation instead of the generic `LMT` or empty string or offset returned by the PostgreSQL implementation. The summer/daylight markers might also differ between the two implementations (e.g. will show `HT` instead of `HST` for Hawaii).
The `FX`, `TM`, `SP` pattern modifiers are not supported and will show up as `FX`, `TM`, `SP` literals in the output. diff --git a/explore-analyze/query-filter/languages/sql-getting-started.md b/explore-analyze/query-filter/languages/sql-getting-started.md index 068dc56ad8..e6974afe83 100644 --- a/explore-analyze/query-filter/languages/sql-getting-started.md +++ b/explore-analyze/query-filter/languages/sql-getting-started.md @@ -1,4 +1,5 @@ --- +navigation_title: Getting started mapped_pages: - https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-getting-started.html --- diff --git a/explore-analyze/query-filter/languages/_api_usage.md b/explore-analyze/query-filter/languages/sql-jdbc-api-usage.md similarity index 100% rename from explore-analyze/query-filter/languages/_api_usage.md rename to explore-analyze/query-filter/languages/sql-jdbc-api-usage.md diff --git a/explore-analyze/query-filter/tools/console.md b/explore-analyze/query-filter/tools/console.md index d1130186a5..db9dd5ae6a 100644 --- a/explore-analyze/query-filter/tools/console.md +++ b/explore-analyze/query-filter/tools/console.md @@ -1,10 +1,11 @@ --- +navigation_title: Console mapped_urls: - https://www.elastic.co/guide/en/kibana/current/console-kibana.html - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-api-console.html --- -# Console +# Run API requests with Console [console-kibana] % What needs to be done: Refine @@ -19,4 +20,228 @@ mapped_urls: $$$configuring-console$$$ -$$$import-export-console-requests$$$ \ No newline at end of file +$$$import-export-console-requests$$$ + + +**Console** lets you interact with [{{es}} APIs](https://www.elastic.co/guide/en/elasticsearch/reference/current/rest-apis.html) and [{{kib}} APIs](https://www.elastic.co/docs/api) from within {{kib}}. + +:::{image} ../../../images/kibana-console.png +:alt: Console +:class: screenshot +::: + +To go to **Console**, find **Dev Tools** in the navigation menu or use the [global search bar](../../../get-started/the-stack.md#kibana-navigation-search). + +You can also find Console directly on certain Search solution and Elasticsearch serverless project pages, where you can expand it from the footer. This Console, called **Persistent Console**, has the same capabilities and shares the same history as the Console in **Dev Tools**. + +:::{image} ../../../images/kibana-persistent-console.png +:alt: Console +:class: screenshot +::: + + +## Write requests [console-api] + +**Console** understands commands in a cURL-like syntax. For example, the following is a `GET` request to the {{es}} `_search` API. + +```js +GET /_search +{ + "query": { + "match_all": {} + } +} +``` + +Here is the equivalent command in cURL: + +```bash +curl -XGET "http://localhost:9200/_search" -d' +{ + "query": { + "match_all": {} + } +}' +``` + +Prepend requests to a {{kib}} API endpoint with `kbn:` + +```bash +GET kbn:/api/index_management/indices +``` + + +### Autocomplete [console-autocomplete] + +When you’re typing a command, **Console** makes context-sensitive suggestions. These suggestions show you the parameters for each API and speed up your typing. + +You can configure your preferences for autocomplete in the [Console settings](../../../explore-analyze/query-filter/tools/console.md#configuring-console). + + +### Comments [console-comments] + +You can write comments or temporarily disable parts of a request by using double forward slashes or pound signs to create single-line comments. + +```js +# This request searches all of your indices. +GET /_search +{ + // The query parameter indicates query context. + "query": { + "match_all": {} // Matches all documents. + } +} +``` + +You can also use a forward slash followed by an asterisk to mark the beginning of multi-line comments. An asterisk followed by a forward slash marks the end. + +```js +GET /_search +{ + "query": { + /*"match_all": { + "boost": 1.2 + }*/ + "match_none": {} + } +} +``` + + +### Variables [console-variables] + +Click **Variables** to create, edit, and delete variables. + +:::{image} ../../../images/kibana-variables.png +:alt: Variables +:class: screenshot +::: + +You can refer to these variables in the paths and bodies of your requests. Each variable can be referenced multiple times. + +```js +GET ${pathVariable} +{ + "query": { + "match": { + "${bodyNameVariable}": "${bodyValueVariable}" + } + } +} +``` + +By default, variables in the body may be substituted as a boolean, number, array, or object by removing nearby quotes instead of a string with surrounding quotes. Triple quotes overwrite this default behavior and enforce simple replacement as a string. + +```js +GET /locations/_search +{ + "query": { + "bool": { + "must": { + "match": { + // ${shopName} shall be replaced as a string if the variable exists. + "shop.name": """${shopName}""" + } + }, + "filter": { + "geo_distance": { + "distance": "12km", + // "${pinLocation}" may be substituted with an array such as [-70, 40]. + "pin.location": "${pinLocation}" + } + } + } + } +} +``` + + +### Auto-formatting [auto-formatting] + +The auto-formatting capability can help you format requests to be more readable. Select one or more requests that you want to format, open the contextual menu, and then select **Auto indent**. + + +### Keyboard shortcuts [keyboard-shortcuts] + +Go to line number +: `Ctrl/Cmd` + `L` + +Auto-indent current request +: `Ctrl/Cmd` + `I` + +Jump to next request end +: `Ctrl/Cmd` + `↓` + +Jump to previous request end +: `Ctrl/Cmd` + `↑` + +Open documentation for current request +: `Ctrl/Cmd` + `/` + +Run current request +: `Ctrl/Cmd` + `Enter` + +Apply current or topmost term in autocomplete menu +: `Enter` or `Tab` + +Close autocomplete menu +: `Esc` + +Navigate items in autocomplete menu +: `↓` + `↑` + + +### View API docs [console-view-api] + +To view the documentation for an API endpoint, select the request, then open the contextual menu and select **Open API reference**. + + +## Run requests [console-request] + +When you’re ready to run a request, select the request, and click the play button. + +The result of the request execution is displayed in the response panel, where you can see: + +* the JSON response +* the HTTP status code corresponding to the request +* The execution time, in ms. + +::::{tip} +You can select multiple requests and submit them together. **Console** executes the requests one by one. Submitting multiple requests is helpful when you’re debugging an issue or trying query combinations in multiple scenarios. +:::: + + + +## Import and export requests [import-export-console-requests] + +You can export requests: + +* **to a TXT file**, by using the **Export requests** button. When using this method, all content of the input panel is copied, including comments, requests, and payloads. All of the formatting is preserved and allows you to re-import the file later, or to a different environment, using the **Import requests** button. + + ::::{tip} + When importing a TXT file containing Console requests, the current content of the input panel is replaced. Export it first if you don’t want to lose it, or find it in the **History** tab if you already ran the requests. + :::: + +* by copying them individually as **curl**, **JavaScript**, or **Python**. To do this, select a request, then open the contextual menu and select **Copy as**. When using this action, requests are copied individually to your clipboard. You can save your favorite language to make the copy action faster the next time you use it. + + When running copied requests from an external environment, you’ll need to add [authentication information](https://www.elastic.co/docs/api/doc/kibana/authentication) to the request. + + + +## Get your request history [console-history] + +**Console** maintains a list of the last 500 requests that you tried to execute. To view them, open the **History** tab. + +You can run a request from your history again by selecting the request and clicking **Add and run**. If you want to add it back to the Console input panel without running it yet, click **Add** instead. It is added to the editor at the current cursor position. + + +## Configure Console settings [configuring-console] + +Go to the **Config** tab of **Console** to customize its display, autocomplete, and accessibility settings. + + +## Disable Console [disable-console] + +If you don’t want to use **Console**, you can disable it by setting `console.ui.enabled` to `false` in your `kibana.yml` configuration file. Changing this setting causes the server to regenerate assets on the next startup, which might cause a delay before pages start being served. + +You can also choose to only disable the persistent console that shows in the footer of several Kibana pages. To do that, go to **Stack Management** > **Advanced Settings**, and turn off the `devTools:enablePersistentConsole` setting. diff --git a/explore-analyze/query-filter/tools/saved-queries.md b/explore-analyze/query-filter/tools/saved-queries.md index 2d95506fff..3faca9c41b 100644 --- a/explore-analyze/query-filter/tools/saved-queries.md +++ b/explore-analyze/query-filter/tools/saved-queries.md @@ -1,14 +1,37 @@ --- mapped_urls: - - https://www.elastic.co/guide/en/elasticsearch/reference/current/search-analyze.html - https://www.elastic.co/guide/en/kibana/current/save-load-delete-query.html --- -# Saved queries +# Saved queries [save-load-delete-query] % What needs to be done: Refine % Use migrated content from existing pages that map to this page: % - [ ] ./raw-migrated-files/elasticsearch/elasticsearch-reference/search-analyze.md -% - [ ] ./raw-migrated-files/kibana/kibana/save-load-delete-query.md \ No newline at end of file +% - [ ] ./raw-migrated-files/kibana/kibana/save-load-delete-query.md + +Have you ever built a query that you wanted to reuse? With saved queries, you can save your query text, filters, and time range for reuse anywhere a query bar is present. + +For example, suppose you’re in **Discover**, and you’ve put time into building a query that includes query input text, multiple filters, and a specific time range. Save this query, and you can embed the search results in dashboards, use them as a foundation for building a visualization, and share them in a link or CVS form. + +Saved queries are different than [saved Discover sessions](/explore-analyze/discover/save-open-search.md), which include the **Discover** configuration—selected columns in the document table, sort order, and {{data-source}}—in addition to the query. Discover sessions are primarily used for adding search results to a dashboard. + +## Saved query access [_saved_query_access] + +If you have insufficient privileges to manage saved queries, you will be unable to load or save queries from the saved query management popover. For more information, see [Granting access to Kibana](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) + + +## Save a query [_save_a_query] + +1. Once you’ve built a query worth saving, click the save query icon ![save query icon](../../../images/kibana-saved-query-icon.png ""). +2. In the menu, select the item to save the query. +3. Enter a unique name. +4. Choose whether to include or exclude filters and a time range. By default, filters are automatically included, but the time filter is not. +5. Save the query. +6. To load a saved query, select it in the **Saved query** menu. + + The query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is. + +7. To add filters and clear saved queries, use the **Saved query** menu. \ No newline at end of file diff --git a/explore-analyze/query-filter/tools/search-profiler.md b/explore-analyze/query-filter/tools/search-profiler.md index 610ec2124a..6554932796 100644 --- a/explore-analyze/query-filter/tools/search-profiler.md +++ b/explore-analyze/query-filter/tools/search-profiler.md @@ -12,7 +12,7 @@ The **{{searchprofiler}}** tool can transform this JSON output into a visualizat ## Get started [search-profiler-getting-started] -1. Find the **{{searchprofiler}}** by navigating to the **Developer tools** page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). +Find the **{{searchprofiler}}** by navigating to the **Developer tools** page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). **{{searchprofiler}}** displays the names of the indices searched, the shards in each index, and how long it took for the query to complete. To try it out, replace the default `match_all` query with the query you want to profile, and then click **Profile**. diff --git a/explore-analyze/scripting/modules-scripting-security.md b/explore-analyze/scripting/modules-scripting-security.md index bb2cfe71c0..47040180cc 100644 --- a/explore-analyze/scripting/modules-scripting-security.md +++ b/explore-analyze/scripting/modules-scripting-security.md @@ -9,7 +9,7 @@ Painless and {{es}} implement layers of security to build a defense in depth str Painless uses a fine-grained allowlist. Anything that is not part of the allowlist results in a compilation error. This capability is the first layer of security in a defense in depth strategy for scripting. -The second layer of security is the [Java Security Manager](https://www.oracle.com/java/technologies/javase/seccodeguide.md). As part of its startup sequence, {{es}} enables the Java Security Manager to limit the actions that portions of the code can take. [Painless](modules-scripting-painless.md) uses the Java Security Manager as an additional layer of defense to prevent scripts from doing things like writing files and listening to sockets. +The second layer of security is the [Java Security Manager](https://www.oracle.com/java/technologies/javase/seccodeguide.html). As part of its startup sequence, {{es}} enables the Java Security Manager to limit the actions that portions of the code can take. [Painless](modules-scripting-painless.md) uses the Java Security Manager as an additional layer of defense to prevent scripts from doing things like writing files and listening to sockets. {{es}} uses [seccomp](https://en.wikipedia.org/wiki/Seccomp) in Linux, [Seatbelt](https://www.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design) in macOS, and [ActiveProcessLimit](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684147) on Windows as additional security layers to prevent {{es}} from forking or running other processes. diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml index 63bbfd13bc..2ad008c3cc 100644 --- a/explore-analyze/toc.yml +++ b/explore-analyze/toc.yml @@ -24,8 +24,6 @@ toc: - file: query-filter/languages/sql-overview.md - file: query-filter/languages/sql-getting-started.md - file: query-filter/languages/sql-concepts.md - children: - - file: query-filter/languages/_mapping_concepts_across_sql_and_elasticsearch.md - file: query-filter/languages/sql-security.md - file: query-filter/languages/sql-rest.md children: @@ -41,7 +39,7 @@ toc: - file: query-filter/languages/sql-cli.md - file: query-filter/languages/sql-jdbc.md children: - - file: query-filter/languages/_api_usage.md + - file: query-filter/languages/sql-jdbc-api-usage.md - file: query-filter/languages/sql-odbc.md children: - file: query-filter/languages/sql-odbc-installation.md diff --git a/explore-analyze/visualize/maps/maps-connect-to-ems.md b/explore-analyze/visualize/maps/maps-connect-to-ems.md index 524ff0511c..1942c0a280 100644 --- a/explore-analyze/visualize/maps/maps-connect-to-ems.md +++ b/explore-analyze/visualize/maps/maps-connect-to-ems.md @@ -556,7 +556,7 @@ If you cannot connect to Elastic Maps Service from the {{kib}} server or browser | `ssl.certificateAuthorities` | Paths to one or more PEM-encoded X.509 certificate authority (CA) certificates that make up a trusted certificate chain for {{hosted-ems}}. This chain is used by the {{hosted-ems}} to establish trust when receiving inbound SSL/TLS connections from end users. [Equivalent {{kib}} setting](../../../deploy-manage/deploy/self-managed/configure.md#server-ssl-certificateAuthorities). | | `ssl.key`, `ssl.certificate`, and `ssl.keyPassphrase` | Location of yor SSL key and certificate files and the password that decrypts the private key that is specified via `ssl.key`. This password is optional, as the key may not be encrypted. [Equivalent {{kib}} setting](../../../deploy-manage/deploy/self-managed/configure.md#server-ssl-cert-key). | | `ssl.supportedProtocols` | An array of supported protocols with versions.Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`. **Default: `TLSv1.1`, `TLSv1.2`**. [Equivalent {{kib}} setting](../../../deploy-manage/deploy/self-managed/configure.md#server-ssl-supportedProtocols). | -| `ssl.cipherSuites` | Details on the format, and the valid options, are available via the[OpenSSL cipher list format documentation](https://www.openssl.org/docs/man1.1.1/man1/ciphers.md#CIPHER-LIST-FORMAT).**Default: `TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, DHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA256, HIGH,!aNULL, !eNULL, !EXPORT, !DES, !RC4, !MD5, !PSK, !SRP, !CAMELLIA`**. [Equivalent {{kib}} setting](../../../deploy-manage/deploy/self-managed/configure.md#server-ssl-cipherSuites). | +| `ssl.cipherSuites` | Details on the format, and the valid options, are available via the[OpenSSL cipher list format documentation](https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT).**Default: `TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, DHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA256, HIGH,!aNULL, !eNULL, !EXPORT, !DES, !RC4, !MD5, !PSK, !SRP, !CAMELLIA`**. [Equivalent {{kib}} setting](../../../deploy-manage/deploy/self-managed/configure.md#server-ssl-cipherSuites). | #### Bind-mounted configuration [elastic-maps-server-bind-mount-config] diff --git a/explore-analyze/visualize/maps/reverse-geocoding-tutorial.md b/explore-analyze/visualize/maps/reverse-geocoding-tutorial.md index c93ab7720c..6d7dfac373 100644 --- a/explore-analyze/visualize/maps/reverse-geocoding-tutorial.md +++ b/explore-analyze/visualize/maps/reverse-geocoding-tutorial.md @@ -44,7 +44,7 @@ CSAs generally share the same telecom providers and ad networks. New fast food f To get the CSA boundary data: -1. Go to the [Census Bureau’s website](https://www.census.gov/geographies/mapping-files/time-series/geo/carto-boundary-file.md) and download the `cb_2018_us_csa_500k.zip` file. +1. Go to the [Census Bureau’s website](https://www.census.gov/geographies/mapping-files/time-series/geo/carto-boundary-file.html) and download the `cb_2018_us_csa_500k.zip` file. 2. Uncompress the zip file. 3. In Kibana, go to **Maps**. 4. Click **Create map**. diff --git a/raw-migrated-files/kibana/kibana/save-load-delete-query.md b/raw-migrated-files/kibana/kibana/save-load-delete-query.md deleted file mode 100644 index 4f9469a207..0000000000 --- a/raw-migrated-files/kibana/kibana/save-load-delete-query.md +++ /dev/null @@ -1,27 +0,0 @@ -# Save a query [save-load-delete-query] - -Have you ever built a query that you wanted to reuse? With saved queries, you can save your query text, filters, and time range for reuse anywhere a query bar is present. - -For example, suppose you’re in **Discover**, and you’ve put time into building a query that includes query input text, multiple filters, and a specific time range. Save this query, and you can embed the search results in dashboards, use them as a foundation for building a visualization, and share them in a link or CVS form. - -Saved queries are different than [saved Discover sessions](../../../explore-analyze/discover/save-open-search.md), which include the **Discover** configuration—selected columns in the document table, sort order, and {{data-source}}—in addition to the query. Discover sessions are primarily used for adding search results to a dashboard. - -## Saved query access [_saved_query_access] - -If you have insufficient privileges to manage saved queries, you will be unable to load or save queries from the saved query management popover. For more information, see [Granting access to Kibana](../../../deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) - - -## Save a query [_save_a_query] - -1. Once you’ve built a query worth saving, click the save query icon ![save query icon](../../../images/kibana-saved-query-icon.png ""). -2. In the menu, select the item to save the query. -3. Enter a unique name. -4. Choose whether to include or exclude filters and a time range. By default, filters are automatically included, but the time filter is not. -5. Save the query. -6. To load a saved query, select it in the **Saved query** menu. - - The query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is. - -7. To add filters and clear saved queries, use the **Saved query** menu. - - From fc7fbd27b8720231d30754f38f9c97549cb2ebfd Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Tue, 4 Feb 2025 19:39:49 +0100 Subject: [PATCH 2/4] remove empty front matter --- explore-analyze/query-filter/languages.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/explore-analyze/query-filter/languages.md b/explore-analyze/query-filter/languages.md index 01392baf95..f70fa8c96c 100644 --- a/explore-analyze/query-filter/languages.md +++ b/explore-analyze/query-filter/languages.md @@ -1,7 +1,3 @@ ---- - ---- - # Query languages [search-analyze-query-languages] {{es}} provides a number of query languages for interacting with your data. From 94fed7459e0b1d8f81febf2b93b2bd086bc27115 Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Wed, 5 Feb 2025 09:35:11 +0100 Subject: [PATCH 3/4] remove deleted file from toc --- raw-migrated-files/toc.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index 67f4bb0ac7..ab854a0347 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -705,7 +705,6 @@ toc: - file: kibana/kibana/reporting-production-considerations.md - file: kibana/kibana/role-mappings.md - file: kibana/kibana/sample-data.md - - file: kibana/kibana/save-load-delete-query.md - file: kibana/kibana/saved-object-ids.md - file: kibana/kibana/search-ai-assistant.md - file: kibana/kibana/secure-reporting.md From d33a61b1cc60ed582f9dd563bb88addba43138c9 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Wed, 5 Feb 2025 11:19:28 +0100 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com> --- explore-analyze/query-filter/tools/console.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/explore-analyze/query-filter/tools/console.md b/explore-analyze/query-filter/tools/console.md index db9dd5ae6a..180b3b1969 100644 --- a/explore-analyze/query-filter/tools/console.md +++ b/explore-analyze/query-filter/tools/console.md @@ -23,7 +23,7 @@ $$$configuring-console$$$ $$$import-export-console-requests$$$ -**Console** lets you interact with [{{es}} APIs](https://www.elastic.co/guide/en/elasticsearch/reference/current/rest-apis.html) and [{{kib}} APIs](https://www.elastic.co/docs/api) from within {{kib}}. +**Console** is an interactive UI for sending requests to [{{es}} APIs](https://www.elastic.co/guide/en/elasticsearch/reference/current/rest-apis.html) and [{{kib}} APIs](https://www.elastic.co/docs/api) and viewing their responses. :::{image} ../../../images/kibana-console.png :alt: Console @@ -42,7 +42,7 @@ You can also find Console directly on certain Search solution and Elasticsearch ## Write requests [console-api] -**Console** understands commands in a cURL-like syntax. For example, the following is a `GET` request to the {{es}} `_search` API. +**Console** accepts commands in a simplified HTTP request syntax. For example, the following `GET` request calls the {es} `_search` API: ```js GET /_search