Elasticsearch Destination PluginLatest: v1.1.4
The Elasticsearch plugin syncs data from any CloudQuery source plugin(s) to an Elasticsearch cluster.
The following config will sync data to an Elasticsearch cluster running on
kind: destination spec: name: elasticsearch path: cloudquery/elasticsearch version: "v1.1.4" write_mode: "overwrite-delete-stale" # batch_size: 10000 # optional # batch_size_bytes: 5242880 # optional spec: # elasticsearch plugin spec addresses: ["http://localhost:9200"] # optional
The Elasticsearch destination utilizes batching, and supports
overwrite-delete-stale write modes. The default write mode is
This is the spec used by the Elasticsearch destination plugin.
addresses(string) (optional) (default:
A list of Elasticsearch nodes to use.
Username for HTTP Basic Authentication.
Password for HTTP Basic Authentication.
Endpoint for the Elastic Service (https://elastic.co/cloud (opens in a new tab)).
Base64-encoded token for authorization; if set, overrides username/password and service token.
Service token for authorization; if set, overrides username/password.
SHA256 hex fingerprint given by Elasticsearch on first launch.
PEM-encoded certificate authorities. When set, an empty certificate pool will be created, and the certificates will be appended to it. See file variable substitution for how to read this value from a file.
concurrency(string) (optional) (default: number of CPUs)
Number of concurrent worker goroutines to use for indexing.
Index Template Creation
The Elasticsearch destination will create an index template for every table during the migration step. It is recommended that you use the generated index templates, as it will automatically create indexes with the correct mappings for the table. However, to skip index template creation (or use your own), you may use the
--no-migrate option when running
Index names will be formatted according to the selected write mode:
append: indexes will be named using the format
<table_name>-<YYYY-MM-DD>. In other words, a new index will be created every day the table is synced. Entries will never be overwritten.
overwrite: indexes will be named using the format
<table_name>. Objects with duplicate primary keys will be overwritten.
overwrite-delete-stale: indexes will be named using the format
<table_name>. Objects with duplicate primary keys will be overwritten, and any objects that are not present in the current sync will be deleted.
Index templates will also be created such that they match the index names generated by the selected write mode.
Querying From Kibana
To query data from Kibana, you will need to create data views (opens in a new tab) (previously also known as "index patterns"). To query a specific table, the data view's index pattern should be in the format
<table_name>-*. For example, if you have a table named
aws_ec2_instances, you should create a data view with index pattern named
aws_ec2_instances-*. One useful feature of Elasticsearch and Kibana, however, is the ability to query across all data. To do this for the
aws source plugin, for example, you may use an index pattern named
aws_*. This will then allow queries across all tables synced by the
aws source plugin.
We use the official go-elasticsearch (opens in a new tab) package. It is tested against Elasticsearch 8.6.0. Please open an issue (opens in a new tab) if you encounter any problems with this (or another) version.