Docs
  • Release notes
  • Troubleshoot
  • Reference
  • Elastic fundamentals
  • Solutions and use cases
  • Manage data
  • Explore and analyze
  • Deploy and manage
  • Manage your Cloud account and preferences
  • Troubleshoot
  • Release notes
  • Reference
  • Extend and contribute
  • Contribute to the docs
  • Elasticsearch
    • Get started
      • Find connection details
      • Elasticsearch quickstarts
        • Index and search basics
        • Keyword search with Python
        • Semantic search
    • Ingest for search use cases
      • Ingest pipelines for search use cases
    • Search approaches
    • Full-text search
      • How full-text search works
      • Search with synonyms
        • Create or update synonyms set API examples
      • Text analysis during search
      • Search relevance optimizations
        • Mixing exact search with stemming
        • Getting consistent scoring
        • Incorporating static relevance signals into the score
    • AI-powered search
      • Vector search
        • Dense vector
          • kNN search in Elasticsearch
          • Bring your own dense vectors
        • Sparse vector search in Elasticsearch
        • Tutorial: Manual dense and sparse workflows
      • Semantic search
        • Semantic search with semantic_text
        • Semantic search with the inference API
        • Semantic search with ELSER (ingest pipelines)
        • Using Cohere with Elasticsearch
      • Using OpenAI compatible models
    • Agent Builder
      • Get started
      • Models
      • Chat
      • Agents
      • Tools
        • ES|QL tools
        • Index search tools
      • Programmatic access
        • Kibana APIs
        • A2A server
        • MCP server
      • Limitations & known issues
    • RAG
      • Playground
        • Optimize model context
        • View and modify queries
        • Troubleshooting
      • MCP server
    • Hybrid search
      • Hybrid search with semantic_text
    • Ranking and reranking
      • Semantic reranking
      • Learning To Rank (LTR)
        • Deploy and manage LTR models
        • Search using LTR
    • Cross-cluster search
      • Resolve a cluster before cross-cluster search
    • Build search queries
      • The _search API
      • The async-search API
      • ES|QL for search
      • Retrievers
      • Search templates
    • Add search to your app
      • Client libraries
      • Search UI
      • Search Applications
        • Search API and templates
        • Security
        • Search Application client guide
    • APIs and tools
    • AI Assistant
    • Query rules UI
  • Observability
    • Get started
      • What is Elastic Observability?
      • Elastic Observability quickstarts
        • Quickstart: Monitor hosts with OpenTelemetry
        • Quickstart: Monitor your application performance
        • Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
        • Quickstart: Send OTLP data to Elastic Serverless or Elastic Cloud Hosted
        • Quickstart: Create a Synthetic Monitor
        • Quickstart: Monitor hosts with Elastic Agent
        • Quickstart: Monitor your Kubernetes cluster with Elastic Agent
        • Quickstart: Collect data with AWS Firehose
      • OpenTelemetry quickstarts
        • Self-managed
          • Kubernetes
          • Hosts / VMs
          • Docker
        • Elastic Cloud Serverless
          • Kubernetes
          • Hosts and VMs
          • Docker
        • Elastic Cloud Hosted
          • Kubernetes
          • Hosts and VMs
          • Docker
      • OpenTelemetry use cases
        • Kubernetes observability
          • Prerequisites and compatibility
          • Components description
          • Deployment
          • Instrumenting Applications
          • Upgrade
          • Customization
        • LLM observability
      • Other Observability tutorials
        • Tutorial: Monitor a Java application
        • Add data from Splunk
      • Logs Essentials
    • Applications and services
      • Application performance monitoring (APM)
        • Get started with traces and APM
        • Application data types
          • Spans
          • Transactions
            • Transaction sampling
          • Traces
          • Errors
          • Metrics
          • Metadata
        • Collect application data
          • OpenTelemetry
            • Contrib OpenTelemetry Collectors and language SDKs
            • Collect metrics
            • Centrally configure EDOT SDKs
            • Limitations
            • Attributes and labels
            • Data stream routing
          • APM agents
            • Centrally configure APM agents
            • Real User Monitoring (RUM)
            • Create and upload source maps (RUM)
          • Kubernetes
          • AWS Lambda Functions
          • Jaeger (deprecated)
        • View and analyze data
          • Overviews
            • Services
            • Traces UI
            • Dependencies
            • Service Map
            • Service overview
            • Mobile service overview
          • Drill down into data
            • Transactions UI
            • Trace sample timeline
            • Errors UI
            • Metrics UI
            • Infrastructure
            • Logs
          • Filter and search data
            • Filters
            • Advanced queries
            • Cross-cluster search
          • Interpret data
            • Find transaction latency and failure correlations
            • Track deployments with annotations
            • Explore mobile sessions with Discover
            • Observe Lambda functions
          • Integrate with machine learning
          • APM Agent explorer
          • Settings
        • Act on data
          • Create rules and alerts
          • Create custom links
        • Use APM securely
          • Secure data
            • Control access to APM data
            • Built-in data filters
            • Custom filters
            • Delete sensitive data
          • Secure communication with APM agents
            • APM agent TLS communication
            • API keys
            • Secret token
            • Anonymous authentication
          • Secure communication with the Elastic Stack
            • Use feature roles
            • Grant access using API keys
          • Secure access to the Applications UI
            • Create an APM reader user
            • Create an annotation user
            • Create an API user
            • Create a central config user
            • Create a storage explorer user
        • Manage storage
          • Storage Explorer
          • Data streams
          • Index lifecycle management
          • View the Elasticsearch index template
          • Parse data using ingest pipelines
          • Storage and sizing guide
          • Reduce storage
          • Explore data in Elasticsearch
        • Work with APM Server
          • Set up
            • Fleet-managed APM Server
            • APM Server binary
          • Configure
            • General configuration options
            • Anonymous authentication
            • APM agent authorization
            • Configure APM Agent Central Configuration
            • Instrumentation
            • Kibana endpoint
            • Logging
            • Output
              • Elastic Cloud Hosted
              • Elasticsearch
              • Logstash
              • Kafka
              • Redis
              • Console
            • Project paths
            • Real User Monitoring (RUM)
            • SSL/TLS settings
              • SSL/TLS output settings
              • SSL/TLS input settings
            • Tail-based sampling
            • Use environment variables in the configuration
            • Advanced setup
              • Installation layout
              • Secrets keystore
              • Command reference
              • Tune data ingestion
              • High Availability
              • APM Server and systemd
          • Monitor
            • Fleet-managed
            • APM Server binary
              • Use internal collection
              • Use Metricbeat collection
              • Use local collection
        • APM APIs
          • APM UI API
          • APM Server API
            • APM Server information API
            • Elastic APM events intake API
            • Elastic APM agent configuration API
            • OpenTelemetry intake API
            • Jaeger event intake
          • Managed intake service event API
        • Upgrade
          • APM agent compatibility
          • Upgrade to version 9.0
            • Self-installation standalone
            • Self-installation APM integration
            • Elastic Cloud standalone
            • Elastic Cloud APM integration
          • Switch to the Elastic APM integration
            • Switch a self-installation
            • Switch an Elastic Cloud cluster
      • Synthetic monitoring
        • Get started
          • Use a Synthetics project
          • Use the Synthetics UI
        • Scripting browser monitors
          • Write a synthetic test
          • Configure individual monitors
          • Use the Synthetics Recorder
        • Configure lightweight monitors
        • Manage monitors
        • Work with params and secrets
        • Analyze monitor data
        • Monitor resources on private networks
        • Use the CLI
        • Configure a Synthetics project
        • Multi-factor Authentication
        • Configure Synthetics settings
        • Grant users access to secured resources
          • Setup role
          • Writer role
          • Reader role
        • Manage data retention
        • Use Synthetics with network security
        • Migrate from the Elastic Synthetics integration
        • Scale and architect a deployment
        • Synthetics support matrix
        • Synthetics Encryption and Security
      • Real user monitoring
      • LLM Observability
      • Uptime monitoring (deprecated)
        • Get started
        • Analyze
          • View monitor status
          • Analyze monitors
          • Inspect uptime duration anomalies
        • Configure settings
      • Visualize OTLP data
    • CI/CD
    • Cloud
      • AWS
        • Ingestion options
        • Monitor AWS with Elastic Agent
          • EC2
          • Kinesis data streams
          • S3
          • SQS
        • Monitor AWS with Beats
        • Monitor AWS with Amazon Data Firehose
          • VPC Flow Logs
          • CloudTrail logs
          • Network Firewall logs
          • WAF logs
          • CloudWatch logs
        • Monitor AWS with Elastic Serverless Forwarder
      • Azure
        • Monitor Microsoft Azure with Elastic Agent
        • Monitor Microsoft Azure with Beats
        • Monitor Microsoft Azure with the Azure Native ISV Service
        • Monitor Microsoft Azure OpenAI
      • GCP
        • GCP Dataflow templates
    • Infrastructure and hosts
      • Analyze infrastructure and host metrics
        • Get started with system metrics
        • View infrastructure metrics by resource type
        • Explore metrics data with Discover in Kibana
        • Explore infrastructure metrics over time
        • Analyze and compare hosts
        • Detect metric anomalies
        • Configure settings
      • Universal Profiling
        • Get started
        • Manage data storage
          • Index lifecycle management
          • Configure probabilistic profiling
        • Advanced configuration
          • Tag data for querying
          • Add symbols for native frames
          • Use a proxy
          • Override kernel version check
          • Environment variables to configure the Universal Profiling Agent
          • Configuration file of the Universal Profiling Agent
        • Upgrade
        • Self-hosted infrastructure
        • Install the backend
          • Step 1: Update the stack
          • Step 2: Enable Universal Profiling in Kibana
          • Step 3: Set up Universal Profiling in Kibana
          • Step 4: Run the backend applications
          • Step 5: Next steps
        • Operate the backend
      • Tutorial: Observe your Kubernetes deployments
      • Tutorial: Observe your nginx instances
        • Understanding "no results found" message
    • Logs
      • Get started with system logs
      • Send any log file using Elastic Agent
      • Send any log file using OTel Collector
      • Send application log data
        • Plaintext application logs
        • ECS formatted application logs
        • APM agent log sending
      • Parse and route logs
      • Filter and aggregate logs
      • Explore logs
        • Explore logs in Discover
        • Categorize log entries
        • Inspect log anomalies
      • Run a pattern analysis on log data
      • Configure log data sources
      • Add a service name to logs
      • Logs index template reference
        • Default logs index template
    • Streams
      • Manage data retention
      • Extract fields
        • Date processor
        • Dissect processor
        • Grok processor
        • Set processor
        • Rename processor
        • Append processor
        • Manual pipeline configuration
      • Partition data into child streams
      • Map fields
      • Manage data quality
      • Add significant events
      • Configure advanced settings
      • Wired streams
    • Incident management
      • Alerting
        • Create and manage rules
          • Anomaly detection
          • APM anomaly
          • Custom threshold
          • Degraded docs
          • Elasticsearch query
          • Error count threshold
          • Failed transaction rate threshold
          • Failed docs
          • Inventory
          • Latency threshold
          • Log threshold
          • Metric threshold
          • Monitor Status
          • TLS certificate
          • Uptime duration anomaly
          • SLO burn rate
        • Aggregation options
          • Rate aggregation
        • View and manage alerts
          • SLO burn rate breaches
          • Threshold breaches
      • Cases
        • Configure access to cases
        • Create and manage cases
        • Configure case settings
      • Service-level objectives (SLOs)
        • Configure SLO access
        • Create an SLO
    • Data set quality
    • AI Assistant
      • Connect to a local LLM
      • Large language model performance matrix
    • Serverless feature tiers
  • Security
    • Elastic Security Serverless
    • Get started
      • Elastic Security quickstarts
        • Detect and respond to threats with SIEM
        • Protect your hosts with endpoint security
        • Secure your cloud assets with cloud security posture management
      • Elastic Security requirements
      • Create an Elastic Security Serverless project
      • Elastic Security UI
      • Ingest data to Elastic Security
        • Enable threat intelligence integrations
        • Automatic migration
        • Automatic import
        • Content connectors
        • Agentless integrations
          • Cloud connector authentication for agentless
          • Agentless integrations FAQs
      • Spaces and Elastic Security
        • Spaces and Elastic Defend FAQ
      • Data views and Elastic Security
      • Create runtime fields in Elastic Security
      • Configure advanced settings
    • ES|QL for security
      • Tutorial: Threat hunting with ES|QL
    • AI for security
      • Elastic AI SOC Engine
        • Triage alerts
        • Value report
        • Upgrade from EASE to Elastic Security
      • AI Assistant
        • AI Assistant Knowledge Base
        • Use AI Assistant's Knowledge Base to improve response quality
      • Attack Discovery
      • Enable large language model (LLM) access
        • Large language model performance matrix
        • Connect to Azure OpenAI
        • Connect to Amazon Bedrock
        • Connect to OpenAI
        • Connect to Google Vertex
        • Connect to your own local LLM
      • AI use cases
        • Triage alerts
        • Identify, investigate, and document threats
        • Generate, customize, and learn about ES|QL queries
    • Detections and alerts
      • Detections requirements
      • Using logsdb index mode with Elastic Security
      • About detection rules
      • Create a detection rule
        • Cross-cluster search and detection rules
        • Launch Timeline from investigation guides
        • Exclude cold and frozen data from individual rules
      • Use Elastic prebuilt rules
        • Update modified and unmodified Elastic prebuilt rules
      • Manage detection rules
      • Monitor rule executions
      • Rule exceptions
        • Create and manage value lists
        • Add and manage exceptions
        • Create and manage shared exception lists
      • About building block rules
      • MITRE ATT&CK® coverage
      • Manage detection alerts
        • Visualize detection alerts
        • View detection alert details
        • Add detection alerts to cases
        • Suppress detection alerts
      • Reduce notifications and alerts
      • Query alert indices
      • Tune detection rules
    • Configure endpoint protection with Elastic Defend
      • Elastic Defend requirements
      • Install Elastic Defend
        • Enable access on macOS
        • Deploy on macOS with MDM
        • Prevent Elastic Agent uninstallation
      • Elastic Defend feature privileges
      • Configure an integration policy for Elastic Defend
        • Configure updates for protection artifacts
        • Turn off diagnostic data for Elastic Defend
        • Configure self-healing rollback for Windows endpoints
        • Configure Linux file system monitoring
        • Configure data volume
        • Create an Elastic Defend policy using API
      • Configure offline endpoints and air-gapped environments
      • Uninstall Elastic Agent
    • Manage Elastic Defend
      • Endpoints
      • Policies