- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- CSS Service Permission Management
-
Using Elasticsearch for Data Search
- Procedure for Using Elasticsearch
- Elasticsearch Cluster Planning Suggestions
- Creating an Elasticsearch Cluster
-
Accessing Elasticsearch Clusters
- Elasticsearch Cluster Access Methods
- Logging In to an Elasticsearch Cluster Using Kibana
- Logging In to an Elasticsearch Cluster Through Cerebro
- Accessing an Elasticsearch Cluster Using cURL Commands
- Accessing an Elasticsearch Cluster Using Java
- Accessing an Elasticsearch Cluster Using Python
- Accessing an Elasticsearch Cluster Through the MRS Hive Client
- Accessing an Elasticsearch Cluster Using Go
- Accessing an Elasticsearch Cluster Using LDAP
- Importing Data to an Elasticsearch Cluster
- Searching Data in an Elasticsearch Cluster
-
Enhancing Search Capabilities for Elasticsearch Clusters
- Search Enhancement Features for Elasticsearch Clusters
-
Configuring Vector Search for Elasticsearch Clusters
- About Vector Search
- Creating Vector Indexes in an Elasticsearch Cluster
- Using Vector Indexes for Data Search in an Elasticsearch Cluster
- Using a Vector Index with Nested Fields
- Optimizing the Write and Query Performance of Vector Search
- Managing the Vector Index Cache
- Client Code Sample for Vector Search (Python)
- Client Code Sample for Vector Search (Java)
- Configuring Storage-Compute Decoupling for an Elasticsearch Cluster
- Configuring Flow Control 2.0 for an Elasticsearch Cluster
- Configuring Flow Control 1.0 for an Elasticsearch Cluster
- Configuring Large Query Isolation for an Elasticsearch Cluster
- Configuring Enhanced Aggregation for an Elasticsearch Cluster
- Configuring Read/Write Splitting Between Two Elasticsearch Clusters
- Switching Between Hot and Cold Storage for an Elasticsearch Cluster
- Configuring an Index Recycle Bin for an Elasticsearch Cluster
- Configuring Networking for an Elasticsearch Cluster
- Backing up and Restoring the Data of an Elasticsearch Cluster
- Scaling an Elasticsearch Cluster
- Upgrading the Version of an Elasticsearch Cluster
-
Managing Elasticsearch Clusters
- Viewing Elasticsearch Cluster Information
- Creating Users for an Elasticsearch Cluster and Granting Cluster Access
- Setting Tags for an Elasticsearch Cluster
- Configuring Default Parameters in the .yml Configuration File of an Elasticsearch Cluster
- Binding an Elasticsearch Cluster to an Enterprise Project
- Changing the Node Specifications of an Elasticsearch Cluster
- Replacing Specified Nodes for an Elasticsearch Cluster
- Changing the Security Mode of an Elasticsearch Cluster
- Switching AZs for an Elasticsearch Cluster
- Configuring Custom Word Dictionaries for an Elasticsearch Cluster
- Switching Between Simplified and Traditional Chinese for Data Search in an Elasticsearch Cluster
- Restarting an Elasticsearch Cluster
- Deleting an Elasticsearch Cluster
- Managing Index Policies for an Elasticsearch Cluster
- Elasticsearch Cluster Monitoring and Log Management
- Viewing Elasticsearch Cluster Audit Logs
-
Using OpenSearch for Data Search
- Procedure for Using OpenSearch
- OpenSearch Cluster Planning Suggestions
- Creating an OpenSearch Cluster
- Accessing an OpenSearch Cluster
-
Importing Data to an OpenSearch Cluster
- Different Ways to Import Data to an OpenSearch Cluster
- Using In-house Built Logstash to Import Data to an OpenSearch Cluster
- Using Open Source OpenSearch APIs to Import Data to an OpenSearch Cluster
- Using CDM to Import Data to an OpenSearch Cluster
- Enhancing the Data Import Performance of OpenSearch Clusters
- Searching Data in an OpenSearch Cluster
-
Enhancing Search Capabilities for OpenSearch Clusters
- Search Enhancement Features for OpenSearch Clusters
-
Configuring Vector Search for OpenSearch Clusters
- About Vector Search
- Creating Vector Indexes in an OpenSearch Cluster
- Using Vector Indexes for Data Search in an OpenSearch Cluster
- Optimizing the Write and Query Performance of Vector Search
- Managing the Vector Index Cache
- Client Code Sample for Vector Search (Python)
- Client Code Sample for Vector Search (Java)
- Configuring Storage-Compute Decoupling for an OpenSearch Cluster
- Switching Between Hot and Cold Storage for an OpenSearch Cluster
- Configuring Networking for an OpenSearch Cluster
- Backing up and Restoring the Data of an OpenSearch Cluster
- Scaling an OpenSearch Cluster
- Upgrading the Version of an OpenSearch Cluster
-
Managing OpenSearch Clusters
- Viewing OpenSearch Cluster Information
- Creating Users for an OpenSearch Cluster and Granting Cluster Access
- Setting Tags for an OpenSearch Cluster
- Configuring Default Parameters in the .yml Configuration File of an OpenSearch Cluster
- Binding an OpenSearch Cluster to an Enterprise Project
- Changing the Node Specifications of an OpenSearch Cluster
- Replacing Specified Nodes for an OpenSearch Cluster
- Changing the Security Mode of an OpenSearch Cluster
- Switching AZs for an OpenSearch Cluster
- Configuring Custom Word Dictionaries for an OpenSearch Cluster
- Switching Between Simplified and Traditional Chinese for Data Search in an OpenSearch Cluster
- Restarting an OpenSearch Cluster
- Deleting an OpenSearch Cluster
- Managing Index Policies for OpenSearch Clusters
- OpenSearch Cluster Monitoring and Log Management
- Viewing OpenSearch Cluster Audit Logs
-
Using Logstash for Data Migration
- Procedure for Using Logstash
- Logstash Cluster Planning Suggestions
- Creating a Logstash Cluster
- Configuring Routes for a Logstash Cluster
- Configuring a Logstash Migration Task
- Scaling a Logstash Cluster
- Managing Logstash Clusters
- Logstash Cluster Monitoring and Log Management
- Viewing Logstash Cluster Audit Logs
- CSS Resource Monitoring
-
Best Practices
-
Elasticsearch Data Migration
- About Elasticsearch Cluster Migration Solutions
- Migrating Data Between Elasticsearch Clusters Using Huawei Cloud Logstash
- Migrating Data Between Huawei Cloud Elasticsearch Clusters Using Backup and Restoration
- Migrating Data from an On-premises Elasticsearch Cluster to Huawei Cloud Using the S3 Plugin
- Migrating Data from a Third-Party Elasticsearch Cluster to Huawei Cloud Using Backup and Restoration
- Migrating Data Between Huawei Cloud Elasticsearch Clusters Using the Read/Write Splitting Plugin
- Migrating Data Between Elasticsearch Clusters Using the Reindex API
- Migrating Data Between Elasticsearch Clusters Using ESM
- Migrating Kibana Saved Objects Between Elasticsearch Clusters
- Optimizing the Performance of Elasticsearch and OpenSearch Clusters
- Testing the Performance of CSS's Elasticsearch Vector Search
- Using Elasticsearch to Accelerate Query and Analysis for Relational Databases
- Using Elasticsearch, In-House Built Logstash, and Kibana to Build a Log Management Platform
- Ranking Search Results Using Elasticsearch Custom Rules
- Synchronizing Data from RDS for MySQL to Elasticsearch Through Logstash
-
Elasticsearch Data Migration
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Cluster Management
- Creating a cluster
- Querying the Cluster List
- Querying Cluster Details
- Deleting a Cluster
- Changing the Cluster Billing Mode from Pay-per-use to Yearly/Monthly
- Renaming a Cluster
- Changing the Password of a Cluster
- Restarting a Cluster (Deprecated)
- Scaling Out a Cluster
- Adding Instances and Expanding Instance Storage Capacity
- Changing Specifications
- Obtaining the Instance Specifications List
- Querying All Tags
- Querying Tags of a Specified Cluster
- Adding Tags to a Cluster
- Deleting a Cluster Tag
- Adding or Deleting Cluster Tags in Batches
- Scaling In a Cluster by Removing a Specific Node
- Change the specifications of a specified node type.
- Scaling In Nodes of a Specific Type
- Downloading a Security Certificate
- Replacing a Node
- Configuring the Security Mode.
- Adding Independent Masters and Clients
- Upgrading a Cluster Kernel
- Obtaining the ID of the Target Image to Upgrade To
- Obtaining Details About a Cluster Upgrade or AZ Switchover
- Retrying a Failed Upgrade Task
- Changing the Security Group
- Changing the AZ of a Cluster Instance
- Creating a Cluster (V2)
- Restarting a Cluster (V2)
- Rolling Restart
- Word Dictionary Management
- Kibana Public Network Access
-
Logstash
- Creating a Configuration File
- Updating a Configuration File
- Starting Pipeline Data Migration
- Stopping Pipeline Data Migration
- Adding a Custom Template
- Performing a Connectivity Test
- Querying the Template List
- Querying the Configuration File List
- Querying the Pipeline List
- Querying Operation Records
- Querying the Configuration File Content
- Deleting a Configuration File
- Deleting a Custom Template
- Hot Starting Pipeline Data Migration
- Hot Stopping Pipeline Data Migration
- Updating Cluster Routes
- Obtaining a Cluster Route
- Uploading a Certificate
- Querying the Certificate List
- Querying Certificate Information
- Deleting a Certificate
- Delete a Configuration File (V2)
- Delete a Custom Template V2
- Log Management
- Public Network Access
-
Snapshot Management
- (Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot
- Modifying Basic Configurations of a Cluster Snapshot
- Manually Creating a Snapshot
- Restoring a Snapshot
- Deleting a Snapshot
- Configuring the Automatic Snapshot Creation Policy
- Querying the Automatic Snapshot Creation Policy
- Querying a Snapshot List
- Disabling the Snapshot Function
- Enabling Automatic Snapshot Creation
- Disabling Automatic Snapshot Creation
- VPC Endpoint
- Parameter Configuration
- Intelligent O&M
- Load Balancing
-
Cluster Management
- Examples
- Permissions and Supported Actions
- Appendixes
- SDK Reference
-
FAQs
- General Consulting
-
Accessing CSS Clusters
- How Do I Reset the Administrator Password of a Security-mode Cluster in CSS?
- Are Ports 9200 and 9300 Open for Access to Elasticsearch Clusters?
- How Do I Use a NAT Gateway to Access CSS from the Internet?
- How Do I Connect In-house Developed Kibana to an Elasticsearch Cluster in CSS?
- How Do I Connect In-house Developed OpenSearch Dashboards to an OpenSearch Cluster in CSS?
- Migrating CSS Clusters
-
Using CSS Cluster Search Engines
- Why Are Newly Created Index Shards Allocated to a Single Node in CSS?
- How Do I Create a Type Under an Index in an Elasticsearch 7.x Cluster of CSS?
- How Do I Change the Number of Replicas for Elasticsearch Indexes in CSS?
- What Are the Impacts If an Elasticsearch Cluster of CSS Has Too Many Shards?
- How Do I Check the Number of Shards and Replicas in a CSS Cluster?
- What Does the Value i for node.roles Mean for Nodes in an Elasticsearch Cluster of CSS?
- How Do I Change the Maximum Number of Results Returned for Searches to an Index in an Elasticsearch Cluster of CSS?
- How Do I Update Index Lifecycle Policies for an Elasticsearch Cluster of CSS?
- How Do I Set Slow Query Log Thresholds for an Elasticsearch Cluster of CSS?
- How Do I Clear Elasticsearch Indexes in CSS?
- How Do I Clear Elasticsearch Cache in CSS?
- Why Does the Disk Usage Increase After the delete_by_query Command Was Executed to Delete Data in an Elasticsearch Cluster?
- Do CSS Elasticsearch Clusters Support script dotProduct?
-
Managing CSS Clusters
- How Do I Check the AZ Where a CSS Cluster Is Located?
- What Is the Relationship Between the Filebeat Version and Cluster Version in CSS?
- How Do I Obtain the Security Certificate of CSS?
- How Do I Convert the Format of a CER Security Certificate in CSS?
- Can I Modify the Security Group for Elasticsearch and OpenSearch Clusters in CSS?
- How Do I Set search.max_buckets for an Elasticsearch Cluster of CSS?
- Can I Modify the TLS Algorithm of an Elasticsearch or OpenSearch Cluster in CSS?
- How Do I Enable Audit Logs for an Elasticsearch or OpenSearch Cluster of CSS?
- Can I Stop a CSS Cluster?
- How Do I Query the Index Size on OBS After the Freezing of Indexes for a CSS Cluster?
- How Do I Check the List of Default Plugins for Elasticsearch and OpenSearch Clusters?
- CSS Cluster Backup and Restoration
- CSS Cluster Monitoring and O&M
-
Troubleshooting
-
Clusters
- Failed to Open Kibana
- How Can I Improve Filebeat Performance?
- How Do I Handle the Error "Connection reset by peer" That Occurs When Spring Boot Uses Elasticsearch?
- Why Does Cluster Creation Fail?
- What Do I Do If "Bulk Reject" Is Displayed in an Elasticsearch Cluster?
- What Do I Do If I Failed to Create an Index Pattern in an Elasticsearch Cluster?
- What Do I Do If a Message Indicating that the System Is Busy Is Displayed on the CSS Console?
- An Elasticsearch Cluster Reports An Error Message "unassigned shards all indices"
- A Cross-Domain Error Is Reported When I Connect the es-head Plugin to an Elasticsearch Cluster
- An Alarm Is Displayed When I Access Cerebro Through a Single-Node Cluster
- Why Does My ECS Fail to Connect to a Cluster?
-
Unavailable Clusters
- What Do I Do If My Cluster Status Is Unavailable?
- A Cluster Is Frozen and Unavailable
- What Can I Do If My Custer Is Unavailable Due to an X-pack Parameter Configuration?
- A Cluster Is Unavailable Due to Improper Security Group Policy
- A Cluster is Unavailable Due to Plugin Incompatibility
- A Cluster is Unavailable Due to Improper Shard Allocation
- A Cluster is Unavailable Due to Incompatible Data Types
- A Cluster is Unavailable Due to Heavy Load
- Data Import and Export
-
Functions
- Why Does Index Backup Fail?
- Why Is the Word Dictionary Function Not Working?
- What Do I Do If the Snapshot Repository Cannot Be Found?
- What Do I Do If a Cluster Is Always in the Snapshot Creation State?
- How Do I Back Up Large Amounts of Data Using Snapshots?
- How Can I Troubleshoot a Cluster With an Abnormally Heavy Load?
- Why "I/O Reactor STOPPED" Is Reported When I Use the Elasticsearch HLRC?
- The Peak Heap Memory of an Elasticsearch Cluster Remains High (Over 90%)
- Failed to Modify the Elasticsearch Cluster Specifications
- An Error Message Is Displayed When I Change the Read-Only Status of an Index
- A Node in an Elasticsearch Cluster Has No Shards Allocated
- Failed to Insert Data into a Cluster Index
- Error Message "maximum shards open" Is Displayed When Users Try to Create an Index
- Error Message "403 Forbidden" Is Displayed When I Delete All Indexes
- Error Message "Forbidden" Is Displayed When I Delete an Index Pattern
- Error Message "Trying to create too many scroll contexts" Is Displayed When the update-by-query Command Is Executed
- Failed to Create a Pattern in an Elasticsearch Cluster
- Ports
-
Clusters
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Permissions Management
- Creating and Accessing a Cluster
- Scaling In/Out a Cluster
- Importing Data to Elasticsearch
-
Managing Elasticsearch Clusters
- Cluster and Storage Capacity Statuses
- Introduction to the Cluster List
- Index Backup and Restoration
- Binding an Enterprise Project
- Restarting a Cluster
- Migrating Cluster Data
- Deleting a Cluster
- Managing Tags
- Public Network Access
- Managing Logs
- Managing Plugins
- Hot and Cold Data Storage
- Configuring Parameters
- Vector Retrieval
- Working with Kibana
- Elasticsearch SQL
- Enhanced Features
- Monitoring
- Auditing
-
FAQs
-
General Consulting
- What Are Regions and AZs?
- How Does CSS Ensure Data and Service Security?
- Which CSS Metrics Should I Focus On?
- What Storage Options Does CSS Provide?
- What Is the Maximum Storage Capacity of CSS?
- How Can I Manage CSS?
- What Can the Disk Space of a CSS Cluster Be Used For?
- How Do I Check the Numbers of Shards and Replicas in a Cluster on the CSS Console?
- What Data Compression Algorithms Does CSS Use?
-
Functions
- Can Elasticsearch Data Be Migrated Between VPCs?
- How Do I Migrate a CSS Cluster Across Regions?
- How Do I Configure the Threshold for CSS Slow Query Logs?
- How Do I Update the CSS Lifecycle Policy?
- How Do I Set the Numbers of Index Copies to 0 in Batches?
- Why All New Index Shards Are Allocated to the Same Node?
- How Do I Query Snapshot Information?
- Can I Upgrade a Cluster from an Earlier Version to a Later Version?
- Can I Restore a Deleted Cluster?
- Can I Modify the TLS Algorithm of an Elasticsearch Cluster?
- How Do I Set the search.max_buckets Parameter for an ES Cluster?
- Does the Value i of node.roles Indicate an Injest Node?
- How Do I Create a Type Under an Index in an Elasticsearch 7.x Cluster?
- Clusters in Security Mode
-
Resource Usage and Change
- How Do I Clear Expired Data to Release Storage Space?
- How Do I Configure a Two-Replica CSS Cluster?
- How Do I Delete Index Data?
- Can I Change the Number of Shards to Four with Two Replicas When There Is One Shard Set in the JSON File?
- What Are the Impacts If an Elasticsearch Cluster Has Too Many Shards?
- How Do I Set the Default Maximum Number of Records Displayed on a Page for an Elasticsearch Cluster
- Why Does the Disk Usage Increase After the delete_by_query Command Was Executed to Delete Data?
- How Do I Clear the Cache of a CSS Cluster?
- The Average Memory Usage of an Elasticsearch Cluster Reaches 98%
- Components
- Kibana
- Clusters
- Ports
-
General Consulting
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
Cluster Management
- Creating a cluster
- Querying the Cluster List
- Querying Cluster Details
- Deleting a Cluster
- Renaming a Cluster
- Changing the Password of a Cluster
- Restarting a Cluster
- Scaling Out a Cluster
- Adding Instances and Expanding Instance Storage Capacity
- Changing Specifications
- Obtaining the Instance Specifications List
- Querying All Tags
- Querying Tags of a Specified Cluster
- Adding Tags to a Cluster
- Deleting a Cluster Tag
- Adding or Deleting Cluster Tags in Batches
- Changing the Specifications of a Specified Node Type
- Scaling In a Cluster by Removing a Specific Node
- Scaling In Nodes of a Specific Type
- Downloading a Security Certificate
- Log Management
- Public Network Access
-
Snapshot Management
- (Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot
- Modifying Basic Configurations of a Cluster Snapshot
- Manually Creating a Snapshot
- Restoring a Snapshot
- Deleting a Snapshot
- Configuring the Automatic Snapshot Creation Policy
- Querying the Automatic Snapshot Creation Policy
- Querying a Snapshot List
- Disabling the Snapshot Function
- Parameter Configuration
- Permissions Policies and Supported Actions
- Common Parameters
- Change History
-
User Guide (Paris and Amsterdam Regions)
- Overview
- Getting Started
- Permissions Management
- Creating and Accessing a Cluster
- Scaling In/Out a Cluster
- Importing Data to Elasticsearch
-
Managing Elasticsearch Clusters
- Cluster and Storage Capacity Statuses
- Introduction to the Cluster List
- Index Backup and Restoration
- Binding an Enterprise Project
- Restarting a Cluster
- Migrating Cluster Data
- Deleting a Cluster
- Managing Tags
- Public Network Access
- Managing Logs
- Managing Plugins
- Hot and Cold Data Storage
- Configuring Parameters
- VPC Endpoint Service
- Kibana Public Access
- Vector Retrieval
- Working with Kibana
- Elasticsearch SQL
- Enhanced Features
- Monitoring
- Auditing
- Best Practices
-
FAQs
-
General Consulting
- What Are Regions and AZs?
- How Does CSS Ensure Data and Service Security?
- Which CSS Metrics Should I Focus On?
- What Storage Options Does CSS Provide?
- What Is the Maximum Storage Capacity of CSS?
- How Can I Manage CSS?
- What Can the Disk Space of a CSS Cluster Be Used For?
- How Do I Check the Numbers of Shards and Replicas in a Cluster on the CSS Console?
- What Data Compression Algorithms Does CSS Use?
-
Functions
- Can Elasticsearch Data Be Migrated Between VPCs?
- How Do I Migrate a CSS Cluster Across Regions?
- How Do I Configure the Threshold for CSS Slow Query Logs?
- How Do I Update the CSS Lifecycle Policy?
- How Do I Set the Numbers of Index Copies to 0 in Batches?
- Why All New Index Shards Are Allocated to the Same Node?
- How Do I Query Snapshot Information?
- Can I Upgrade a Cluster from an Earlier Version to a Later Version?
- Can I Restore a Deleted Cluster?
- Can I Modify the TLS Algorithm of an Elasticsearch Cluster?
- How Do I Set the search.max_buckets Parameter for an ES Cluster?
- Does the Value i of node.roles Indicate an Injest Node?
- How Do I Create a Type Under an Index in an Elasticsearch 7.x Cluster?
- Clusters in Security Mode
-
Resource Usage and Change
- How Do I Clear Expired Data to Release Storage Space?
- How Do I Configure a Two-Replica CSS Cluster?
- How Do I Delete Index Data?
- Can I Change the Number of Shards to Four with Two Replicas When There Is One Shard Set in the JSON File?
- What Are the Impacts If an Elasticsearch Cluster Has Too Many Shards?
- How Do I Set the Default Maximum Number of Records Displayed on a Page for an Elasticsearch Cluster
- Why Does the Disk Usage Increase After the delete_by_query Command Was Executed to Delete Data?
- How Do I Clear the Cache of a CSS Cluster?
- The Average Memory Usage of an Elasticsearch Cluster Reaches 98%
- Components
- Kibana
- Clusters
- Ports
-
General Consulting
- Change History
-
API Reference (Paris and Amsterdam Regions)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
Cluster Management
- Creating a cluster
- Querying the Cluster List
- Querying Cluster Details
- Deleting a Cluster
- Renaming a Cluster
- Changing the Password of a Cluster
- Restarting a Cluster
- Scaling Out a Cluster
- Adding Instances and Expanding Instance Storage Capacity
- Changing Specifications
- Obtaining the Instance Specifications List
- Querying All Tags
- Querying Tags of a Specified Cluster
- Adding Tags to a Cluster
- Deleting a Cluster Tag
- Adding or Deleting Cluster Tags in Batches
- Changing the Specifications of a Specified Node Type
- Scaling In a Cluster by Removing a Specific Node
- Scaling In Nodes of a Specific Type
- Downloading a Security Certificate
- Kibana Public Network Access
- Log Management
- Public Network Access
-
Snapshot Management
- (Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot
- Modifying Basic Configurations of a Cluster Snapshot
- Manually Creating a Snapshot
- Restoring a Snapshot
- Deleting a Snapshot
- Configuring the Automatic Snapshot Creation Policy
- Querying the Automatic Snapshot Creation Policy
- Querying a Snapshot List
- Disabling the Snapshot Function
- VPC Endpoint
- Parameter Configuration
- Common Parameters
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Permissions Management
- Creating and Accessing a Cluster
- Scaling In/Out a Cluster
- Importing Data to Elasticsearch
-
Managing Elasticsearch Clusters
- Cluster and Storage Capacity Statuses
- Introduction to the Cluster List
- Index Backup and Restoration
- Binding an Enterprise Project
- Restarting a Cluster
- Migrating Cluster Data
- Deleting a Cluster
- Managing Tags
- Public Network Access
- Managing Logs
- Managing Plugins
- Hot and Cold Data Storage
- Configuring Parameters
- Vector Retrieval
- Working with Kibana
- Elasticsearch SQL
- Enhanced Features
- Monitoring
- Auditing
-
FAQs
-
General Consulting
- What Are Regions and AZs?
- How Does CSS Ensure Data and Service Security?
- Which CSS Metrics Should I Focus On?
- What Storage Options Does CSS Provide?
- What Is the Maximum Storage Capacity of CSS?
- How Can I Manage CSS?
- What Can the Disk Space of a CSS Cluster Be Used For?
- How Do I Check the Numbers of Shards and Replicas in a Cluster on the CSS Console?
- What Data Compression Algorithms Does CSS Use?
-
Functions
- Can Elasticsearch Data Be Migrated Between VPCs?
- How Do I Migrate a CSS Cluster Across Regions?
- How Do I Configure the Threshold for CSS Slow Query Logs?
- How Do I Update the CSS Lifecycle Policy?
- How Do I Set the Numbers of Index Copies to 0 in Batches?
- Why All New Index Shards Are Allocated to the Same Node?
- How Do I Query Snapshot Information?
- Can I Upgrade a Cluster from an Earlier Version to a Later Version?
- Can I Restore a Deleted Cluster?
- Can I Modify the TLS Algorithm of an Elasticsearch Cluster?
- How Do I Set the search.max_buckets Parameter for an ES Cluster?
- Does the Value i of node.roles Indicate an Injest Node?
- How Do I Create a Type Under an Index in an Elasticsearch 7.x Cluster?
- Clusters in Security Mode
-
Resource Usage and Change
- How Do I Clear Expired Data to Release Storage Space?
- How Do I Configure a Two-Replica CSS Cluster?
- How Do I Delete Index Data?
- Can I Change the Number of Shards to Four with Two Replicas When There Is One Shard Set in the JSON File?
- What Are the Impacts If an Elasticsearch Cluster Has Too Many Shards?
- How Do I Set the Default Maximum Number of Records Displayed on a Page for an Elasticsearch Cluster
- Why Does the Disk Usage Increase After the delete_by_query Command Was Executed to Delete Data?
- How Do I Clear the Cache of a CSS Cluster?
- The Average Memory Usage of an Elasticsearch Cluster Reaches 98%
- Components
- Kibana
- Clusters
- Ports
-
General Consulting
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
Cluster Management
- Creating a cluster
- Querying the Cluster List
- Querying Cluster Details
- Deleting a Cluster
- Renaming a Cluster
- Changing the Password of a Cluster
- Restarting a Cluster
- Scaling Out a Cluster
- Adding Instances and Expanding Instance Storage Capacity
- Changing Specifications
- Obtaining the Instance Specifications List
- Querying All Tags
- Querying Tags of a Specified Cluster
- Adding Tags to a Cluster
- Deleting a Cluster Tag
- Adding or Deleting Cluster Tags in Batches
- Changing the Specifications of a Specified Node Type
- Scaling In a Cluster by Removing a Specific Node
- Scaling In Nodes of a Specific Type
- Downloading a Security Certificate
- Log Management
- Public Network Access
-
Snapshot Management
- (Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot
- Modifying Basic Configurations of a Cluster Snapshot
- Manually Creating a Snapshot
- Restoring a Snapshot
- Deleting a Snapshot
- Configuring the Automatic Snapshot Creation Policy
- Querying the Automatic Snapshot Creation Policy
- Querying a Snapshot List
- Disabling the Snapshot Function
- Parameter Configuration
- Permissions Policies and Supported Actions
- Common Parameters
- Change History
-
User Guide (Ankara Region)
- Product Overview
- Getting Started
- Permissions Management
- Viewing the Cluster Runtime Status and Storage Capacity Status
- Cluster List Overview
- Deploying a Cross-AZ Cluster
-
Elasticsearch
- Managing Elasticsearch Clusters
- Accessing an Elasticsearch Cluster
- Index Backup and Restoration
- Changing the Elasticsearch Cluster Form
- Configuring an Elasticsearch Cluster
- Managing Logs
- Managing Plugins
- Kibana Platform
- Enhanced Cluster Features
- Intelligent O&M
- Importing Data to Elasticsearch
- Monitoring
- Auditing
-
FAQs
-
General Consulting
- What Are Regions and AZs?
- How Does CSS Ensure Data and Service Security?
- Which CSS Metrics Should I Focus On?
- What Storage Options Does CSS Provide?
- What Is the Maximum Storage Capacity of CSS?
- Which Tools Can I Adopt to Use Cloud Search Service?
- What Can the Disk Space of a CSS Cluster Be Used For?
- How Do I Check the Numbers of Shards and Replicas in a Cluster on the CSS Console?
- What Data Compression Algorithms Does CSS Use?
-
Functions
- Can Elasticsearch Data Be Migrated Between VPCs?
- How Do I Migrate a CSS Cluster Across Regions?
- How Do I Configure the Threshold for CSS Slow Query Logs?
- How Do I Update the CSS Lifecycle Policy?
- How Do I Set the Numbers of Index Copies to 0 in Batches?
- Why All New Index Shards Are Allocated to the Same Node?
- How Do I Query Snapshot Information?
- Can I Upgrade a Cluster from an Earlier Version to a Later Version?
- Can I Restore a Deleted Cluster?
- Can I Modify the TLS Algorithm of an Elasticsearch Cluster?
- How Do I Set the search.max_buckets Parameter for an Elasticsearch Cluster?
- Does the Value i of node.roles Indicate an Ingest Node?
- How Do I Create a Type Under an Index in an Elasticsearch 7.x Cluster?
- Clusters in Security Mode
-
Resource Usage and Change
- How Do I Clear Expired Data to Release Storage Space?
- How Do I Configure a Two-Replica CSS Cluster?
- How Do I Delete Index Data?
- Can I Change the Number of Shards to Four with Two Replicas When There Is One Shard Set in the JSON File?
- What Are the Impacts If an Elasticsearch Cluster Has Too Many Shards?
- How Do I Set the Default Maximum Number of Records Displayed on a Page for an Elasticsearch Cluster
- Why Does the Disk Usage Increase After the delete_by_query Command Was Executed to Delete Data?
- How Do I Clear the Cache of a CSS Cluster?
- The Average Memory Usage of an Elasticsearch Cluster Reaches 98%
- Component Usage
- Kibana Usage
- Cluster Access
- Port Usage
-
General Consulting
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
Cluster Management
- Creating a Cluster
- Querying the Cluster List
- Querying Cluster Details
- Deleting a Cluster
- Renaming a Cluster
- Changing the Password of a Cluster
- Restarting a Cluster
- Scaling Out a Cluster
- Adding Instances and Expanding Instance Storage Capacity
- Changing Specifications
- Obtaining the Instance Specifications List
- Querying All Tags
- Querying Tags of a Specified Cluster
- Adding Tags to a Cluster
- Deleting a Cluster Tag
- Adding or Deleting Cluster Tags in Batches
- Scaling In a Cluster by Removing a Specific Node
- Changing the Specifications of a Specified Node Type
- Scaling In Nodes of a Specific Type
- Downloading a Security Certificate
- Replacing a Node
- Changing the Security Mode
- Adding Dedicated Master and Client Nodes
- Changing the Security Group
- Creating a Cluster (V2)
- Restarting a Cluster (V2)
- Rolling Restart
- Kibana Public Network Access
- Log Management
- Public Network Access
-
Snapshot Management
- (Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot
- Modifying Basic Configurations of a Cluster Snapshot
- Manually Creating a Snapshot
- Restoring a Snapshot
- Deleting a Snapshot
- Configuring the Automatic Snapshot Creation Policy
- Querying the Automatic Snapshot Creation Policy
- Querying a Snapshot List
- Disabling the Snapshot Function
- Enabling Automatic Snapshot Creation
- Disabling Automatic Snapshot Creation
- Parameter Configuration
- Intelligent O&M
- Permissions Policies and Supported Actions
- Common Parameters
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Creating Users for an Elasticsearch Cluster and Granting Cluster Access
CSS limits access to security-mode clusters to authorized users only. When creating a security-mode cluster, an administrator account must be created. This administrator account can later use Kibana to add new users for the cluster and grant them the required permissions. This topic uses Kibana 7.10.2 as an example to describe how to use Kibana to grant users access to a security-mode cluster.
Background
CSS uses the opendistro_security plug-in to provide security cluster capabilities. The opendistro_security plug-in is built based on the RBAC model. RBAC involves three core concepts: user, action, and role. RBAC simplifies the relationship between users and actions, simplifies permission management, and facilitates permission expansion and maintenance. Figure 1 shows the relationship between the three.
Concept |
Description |
---|---|
User |
A user can send operation requests to an Elasticsearch cluster. The user has credentials such as username and password, and zero or multiple backend roles and custom attributes. |
Role |
A role is a combination of permissions or action groups, including operation permissions on clusters, indexes, documents, or fields. |
Permission |
A single permission, for example, creating an index (for example, indices:admin/create). |
Role mapping |
A user will be assigned one or multiple roles after successful authentication. Role mapping is to map a role to a user (or a backend role). For example, the mapping from kibana_user (role) to jdoe (user) means that John Doe obtains all permissions of kibana_user after being authenticated by kibana_user. Similarly, the mapping from all_access (role) to admin (backend role) means that any user with the backend role admin (from the LDAP/Active Directory server) has all the permissions of role all_access after being authenticated. You can map each role to multiple users or backend roles. |
Action group |
An action group is a group of permissions. For example, the predefined SEARCH action group grants roles permissions to use _search and _msearchAPI. |
In addition to the RBAC model, Elasticsearch also uses a concept called tenant. The RBAC model addresses the problem of user-level authorization, while the tenant model addresses the problem of data and resource sharing between different tenants. Within a tenant space, tenants can share information such as dashboards and index patterns.
By default, users can only see the index patterns and dashboards in their own private tenant space. When a new user test is added, the system automatically generates an index named .kibana_xxx_test. The data in this user's private space will be stored in this index. Similarly, the data of the administrator's private tenant space is stored in the .kibana_xxx_admin index. To share an index pattern or dashboard with other tenants, you can create them in the global tenant space. Other users can access the shared resource only by switching to the global tenant space.
On the Kibana console, you can configure user permissions on an Elasticsearch cluster under Security to implement fine-grained access control at four levels: cluster, index, document, and field.
Users can be added or deleted for a cluster, and mapped to roles. This way, you assign roles to users.
With role mapping, you can configure the members of each role and assign roles to users based on usernames, backend roles, and host names. For each role, you can configure cluster, index, and document permissions, as well as the permission to use Kibana.
For more about security configuration for a security-mode cluster and the detailed guide, see the official Elasticsearch document here.
Constraints
- You can customize the username, role name, and tenant name in Kibana.
- The Kibana GUI varies depending on the Kibana version. Kibana 7.10.2 is used as an example here.
Creating a User and Granting Permissions
- Log in to the CSS management console.
- Choose Clusters in the navigation pane. On the Clusters page, locate the target cluster and click Access Kibana in the Operation column.
- Log in to Kibana using an administrator account.
- Username: admin (default administrator account name)
- Password: Enter the administrator password you set when creating the cluster in security mode.
- After a successful login, choose Security in the navigation tree on the left of the Kibana operation page. The Security page is displayed.
- Add a new user test for the security-mode cluster.
- Click Internal users in the navigation area.
- On the Internal users page, click Create internal user. The page for creating a new user is displayed.
Figure 2 Create internal user
- On the displayed page, set Username, Password, and Re-enter password. The username test is used as an example here.
The following two parameters are optional. You can click Learn more on the page to learn more about them.
- Backend roles: used to map external users (such as those from LDAP or SAML) to Open Distro security roles.
- Attributes: used to further describe users. More importantly, they can be used to enable document-level access control on top of the index permissions of a role. This makes it possible to conduct dynamic document-level security (DLS) queries based on user attributes.
- Click Create. Upon successful creation, the new user is displayed in the user list.
- Create a role named role_test and assign permissions to it.
- Click Roles under Security. The system has preset roles. For the permissions of each role, click Learn more on the page. If the preset roles can already meet your needs, you are advised to use these preset roles.
- On the Roles page, click Create Role.
- Set the role name, for example, role_test.
Figure 3 Setting the role name
- On the Cluster Permissions page, set cluster permissions based on service requirements. If they are not configured for a role, the role will not have any cluster-level permissions. Here, cluster_monitor is used as an example.
NOTE:
In Elasticsearch, the cluster_monitor permission allows users to monitor and observe cluster status, but not to perform any operations that may alter the cluster status. Specifically, the cluster_monitor permission enables users to perform the following operations:
- Check a cluster's status and health.
- Check the nodes of a cluster.
- View cluster statistics.
- Check the pending tasks of a cluster.
- Check information about cluster recovery, segments, and indexes.
Figure 4 Cluster Permissions - Configure index permissions on the Index Permissions page. This configuration is optional. It allows you to define the permissions of users assigned this role on specific indexes.
- Index: Set the index name. For example, my_store.
NOTE:
Use different names for the index and the user.
- Index permissions: Set the index permissions to grant.
- Index: Set the index name. For example, my_store.
- Tenant Permissions: Set tenant permissions. This configuration is optional. Tenants in Kibana are spaces for saving index patterns, visualizations, dashboards, and other Kibana objects. By default, all Kibana users have access to two tenants: Private and Global. The global tenant is shared between every Kibana user. The private tenant is exclusive to each user and cannot be shared. For more on tenant permissions, click Learn more on the page.
- Click Create to save the role settings. The new role is displayed in the Roles list.
- Map a role to a user to assign permissions to that user.
- Choose Security > Roles, and click role_test. The role details page is displayed.
- Click the Mapped users tab, then click Map user.
- On the Map user page, select user test created earlier from the Users list.
- Click Map.
- Verify that the user permissions have taken effect.
- Log in to Kibana as user test.
- Click Dev Tools in the navigation tree on the left.
- Run the GET /_cluster/health?pretty command to check the cluster health. The code 200 is returned. Basic information about the cluster can be queried, indicating that the user has the permission to check cluster status.
- Run the PUT /my_test command to create an index. The code 403 is returned, indicating that the user is not authorized to create indexes.
We can see that user test only has the permission check cluster status but cannot create indexes. The configuration is successful.
If necessary, you can add the index creation permission for the role later. The returned error message provides tips on adding role permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot