In Kibana, the Use the API ingestion method enables you to programmatically add documents to your search-optimized Elasticsearch index.
Enterprise Search now writes directly to Elasticsearch indices. We recommend using Elasticsearch APIs for optimized ingestion. Get up and running quickly with these APIs by using an Elasticsearch programming language client.
If you prefer to use App Search ingestion tools, refer to the App Search documentation.
Create an Elasticsearch indexedit
To use the API ingestion method, first create an Elasticsearch index:
- In Kibana, navigate to Enterprise Search > Content > Elasticsearch indices.
- Select Create new index.
Name your index and (optionally) select a language analyzer.
The index name will be automatically prefixed with
- Select Create index.
Once created, you will see an example cURL command to add a sample document to your index. This will include your deployment’s endpoint which will look something like this:
Create an API keyedit
You’ll need an API key to authenticate your requests to the ingestion API.
Select Manage API keys to view existing API keys, or to create a new one. Follow the UI instructions if you need to create a new API key.
Refer to the Kibana documentation for more information about API keys.
Elasticsearch HTTP APIsedit
Use the following Elasticsearch Document APIs to index documents:
Bulk API: Performs multiple indexing or delete operations in a single API call. This reduces overhead and can greatly increase indexing speed. We generally recommend using the bulk API to index documents.
Some officially supported clients provide helpers for bulk requests and reindexing. Refer to the bulk API documentation for more information.
- Index API: Adds a JSON document to the specified data stream or index and makes it searchable.
- Update API: Enables you to script document updates. The script can update, delete, or skip modifying the document.
- Update By Query API: Updates documents that match a specified query.
Elasticsearch limits the maximum size of a HTTP request to 100mb by default. It is impossible to index a single document which exceeds the size limit. Pre-process larger documents into smaller chunks before sending them to Elasticsearch. For more information, refer to the Bulk API description information.
Programming language clientsedit
Elasticsearch programming language clientsedit
Elasticsearch provides official clients for many programming languages. This enables you to use the Elasticsearch APIs in your application, without having to write your own HTTP requests.
See the full list of Elasticsearch programming language clients.
Enterprise Search programming language clientsedit
These client libraries provide programming language native APIs for Enterprise Search, App Search, and Workplace Search.
See the full list of Enterprise Search programming language clients.
- Tune for indexing speed: How to optimize indexing speed into Elasticsearch
- Reading and writing documents to Elasticsearch
- Elasticsearch API conventions
- Elasticsearch Document APIs
- App Search Documents API Reference
Intro to Kibana
ELK for Logs & Metrics