Elasticsearch Destination Plugin
Latest: v1.0.0The Elasticsearch plugin syncs data from any CloudQuery source plugin(s) to an Elasticsearch cluster.
Example config
The following config will sync data to an Elasticsearch cluster running on localhost:9200
:
kind: destination
spec:
name: elasticsearch
path: cloudquery/elasticsearch
version: "v1.0.0"
write_mode: "overwrite-delete-stale"
# batch_size: 10000 # optional
# batch_size_bytes: 5242880 # optional
spec:
# elasticsearch plugin spec
addresses: ["http://localhost:9200"] # optional
The Elasticsearch destination utilizes batching, and supports batch_size
and batch_size_bytes
.
It supports append
, overwrite
and overwrite-delete-stale
write modes. The default write mode is overwrite-delete-stale
.
Elasticsearch Spec
This is the spec used by the Elasticsearch destination plugin.
-
addresses
([]string) (optional) (default:["http://localhost:9200"]
)A list of Elasticsearch nodes to use.
-
username
(string) (optional)Username for HTTP Basic Authentication.
-
password
(string) (optional)Password for HTTP Basic Authentication.
-
cloud_id
(string) (optional)Endpoint for the Elastic Service (https://elastic.co/cloud (opens in a new tab)).
-
api_key
(string) (optional)Base64-encoded token for authorization; if set, overrides username/password and service token.
-
service_token
(string) (optional)Service token for authorization; if set, overrides username/password.
-
certificate_fingerprint
(string) (optional)SHA256 hex fingerprint given by Elasticsearch on first launch.
-
ca_cert
(string) (optional)PEM-encoded certificate authorities. When set, an empty certificate pool will be created, and the certificates will be appended to it. See file variable substitution for how to read this value from a file.
-
concurrency
(string) (optional) (default: number of CPUs)Number of concurrent worker goroutines to use for indexing.
Index Creation
The Elasticsearch destination will, by default, create an index template for every table. This template will then be used to create indexes with the format <table_name>-<YYYY-MM-DD>
. It is recommended that you use the generated index templates, as it will automatically create indexes with the correct mappings for the table. However, to skip index template creation (or use your own), you may use the --no-migrate
option when running cloudquery sync
.
Querying From Kibana
To query data from Kibana, you will need to create data views (opens in a new tab) (previously also known as "index patterns"). To query a specific table, the data view's index pattern should be in the format <table_name>-*
. For example, if you have a table named aws_ec2_instances
, you should create a data view with index pattern named aws_ec2_instances-*
. One useful feature of Elasticsearch and Kibana, however, is the ability to query across all data. To do this for the aws
source plugin, for example, you may use an index pattern named aws_*
. This will then allow queries across all tables synced by the aws
source plugin.
Underlying library
We use the official go-elasticsearch (opens in a new tab) package. It is tested against Elasticsearch 8.6.0. Please open an issue (opens in a new tab) if you encounter any problems with this (or another) version.