You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can manage and authenticate users with the built-in `file` realm. With the `file` realm, users are defined in local files on each node in the cluster.
18
18
19
-
The `file` realm is useful as a fallback or recovery realm. For example in cases where the cluster is unresponsive or the security index is unavailable, or when you forget the password for your administrative users. In this type of scenario, the `file` realm is a convenient workaround: you can define a new `admin` user in the `file` realm and use it to log in and reset the credentials of all other users.
20
-
21
-
You can configure only one file realm on {{es}} nodes.
22
-
23
-
Refer to [enabling a file realm user for recovery](https://www.youtube.com/watch?v=sueO7sz1buw) for a video walkthrough.
19
+
The `file` realm is useful as a fallback or recovery realm. For example, you might use this realm in cases where the cluster is unresponsive or the security index is unavailable, or when you forget the password for your administrative users. In this type of scenario, the `file` realm is a convenient workaround: you can define a new `admin` user in the `file` realm and use it to log in and reset the credentials of all other users. For a walkthrough of this process, refer to [](/troubleshoot/elasticsearch/file-based-recovery.md). Refer to [enabling a file realm user for recovery](https://www.youtube.com/watch?v=sueO7sz1buw) for a video walkthrough.
24
20
25
21
::::{important}
26
22
* In self-managed deployments, as the administrator of the cluster, it is your responsibility to ensure the same users are defined on every node in the cluster. The {{stack}} {{security-features}} do not deliver any mechanism to guarantee this.
@@ -29,33 +25,27 @@ Refer to [enabling a file realm user for recovery](https://www.youtube.com/watch
29
25
30
26
## Configure a file realm [file-realm-configuration]
31
27
32
-
You don’t need to explicitly configure a `file` realm. The `file` and `native` realms are added to the realm chain by default. Unless configured otherwise, the `file` realm is added first, followed by the `native` realm. You can define only one `file` realm per node.
28
+
You don’t need to explicitly configure a `file` realm. The `file` and `native` realms are added to the realm chain by default. Unless configured otherwise, the `file` realm is added first, followed by the `native` realm. You can define only one `file` realm on each node.
33
29
34
30
1. (Optional) Add a realm configuration to [`elasticsearch.yml`](/deploy-manage/stack-settings.md) under the `xpack.security.authc.realms.file` namespace. At a minimum, you must set the realm’s `order` attribute.
35
31
36
32
For example, the following snippet shows a `file` realm configuration that sets the `order` to zero so the realm is checked first:
37
33
38
34
```yaml
39
-
xpack:
40
-
security:
41
-
authc:
42
-
realms:
43
-
file:
44
-
file1:
45
-
order: 0
35
+
xpack.security.authc.realms.file.file1.order: 0
46
36
```
47
37
48
-
2. If you're using a self-managed {{es}} cluster, optionally change how often the `users` and `users_roles` files are checked.
38
+
2. (Optional) For self-managed deployments, you can change how often the `users` and `users_roles` files are checked.
49
39
50
40
By default, {{es}} checks these files for changes every 5 seconds. You can change this default behavior by changing the `resource.reload.interval.high` setting in the [`elasticsearch.yml`](/deploy-manage/stack-settings.md) file.
51
41
52
42
:::{{warning}}
53
43
Because `resource.reload.interval.high` is a common setting in {{es}}, changing its value may effect other schedules in the system.
54
44
:::
55
45
56
-
3. Restart {{es}}.
46
+
3. In self-managed deployments, if either of these settings is modified, perform a [rolling restart](/deploy-manage/maintenance/start-stop-services/full-cluster-restart-rolling-restart-procedures.md#restart-cluster-rolling) of the {{es}} nodes for your changes to take effect.
57
47
58
-
In {{eck}}, this change is propagated automatically.
48
+
In {{eck}}, changes are automatically propagated.
59
49
60
50
61
51
## Add users
@@ -120,13 +110,13 @@ In a self-managed cluster, you can edit the contents of `ES_PATH_CONF/users` and
120
110
:::{tab-item} {{eck}}
121
111
You can pass `users` and `user_roles` files to {{eck}} using a file realm secret:
Copy file name to clipboardExpand all lines: solutions/_snippets/elastic-managed-llm.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,5 +5,5 @@ The Elastic Managed LLM is available out-of-the box; no manual connector setup o
5
5
To learn more about security and data privacy, refer to the [connector documentation](https://www.elastic.co/docs/reference/kibana/connectors-kibana/elastic-managed-llm) and [download the model card](https://raw.githubusercontent.com/elastic/kibana/refs/heads/main/docs/reference/resources/Elastic_Managed_LLM_model_card.pdf).
6
6
7
7
:::{important}
8
-
Using the Elastic Managed LLM incurs additional costs. Refer to [{{ecloud}} pricing](https://www.elastic.co/pricing) for more information.
8
+
Using the Elastic Managed LLM incurs additional costs. Refer to [{{ecloud}} pricing](https://www.elastic.co/pricing/serverless-search) for more information.
Click on an individual rule on the **{{rules-app}}** page to view details including the rule name, status, definition, execution history, related alerts, and more.
@@ -102,3 +101,15 @@ To temporarily suppress notifications for *all* rules, create a [maintenance win
102
101
To import and export rules, use [{{saved-objects-app}}](/explore-analyze/find-and-organize.md).
103
102
104
103
Rules are disabled on export. You are prompted to re-enable the rule on successful import.
104
+
105
+
## Add resources for investigating alerts [observability-create-manage-rules-add-investigation-resources]
106
+
107
+
When creating or editing a rule, add the following resources to help you get started with investigating alerts:
108
+
109
+
* {applies_to}`stack: ga 9.1`**Investigation guide**: Investigation guides can help you respond to alerts more efficiently and consistently. When creating them, you can include instructions for responding to alerts, links to external supporting materials, and more. When the rule generates an alert, the investigation guide can be accessed from the **Investigation guide** tab on the alert's details page.
110
+
111
+
::::{tip}
112
+
Use Markdown to format and structure text in your investigation guide.
113
+
::::
114
+
115
+
* {applies_to}`stack: ga 9.1`**Related and suggested dashboards**: Link to dashboards that provide useful insights about your environment, active events, and any other information that might be relevant during your investigations. When the rule generates an alert, linked dashboards can be accessed from the **Related dashboards** tab on the alert's details page. From the tab, you can also review and add suggested dashboards (available for custom threshold rules only).
Copy file name to clipboardExpand all lines: solutions/observability/incident-management/view-alerts.md
+16Lines changed: 16 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,6 +65,22 @@ To view the alert in the app that triggered it:
65
65
* From the alert detail flyout, click **View in app**.
66
66
* From the **Alerts** table, click the {icon}`eye` icon.
67
67
68
+
## Review related alerts [observability-view-alerts-find-related-alerts]
69
+
```{applies_to}
70
+
stack: ga 9.1
71
+
```
72
+
73
+
Check related alerts to find other alerts that might be related to the same incident. You can add these alerts to a case and investigate them as a group instead of analyzing them individually.
74
+
75
+
To find related alerts, go to the **Related alerts** tab from an alert's details page. Within the table, alerts are ordered from most to least relevant. To only view alerts that were created around the same time as the current alert (+/- 30 minutes), apply the **Triggered around the same time** filter.
76
+
77
+
The relevancy of alerts is determined by how closely they match the current alert and other similiarites that they might share:
78
+
79
+
1. Alerts in the space are filtered down to only include alerts that were created about one day before or after the current alert.
80
+
2. Data from the new subset of alerts is compared against the current alert to identify matching values and similarities. Data such as the time at which alerts were generated or recovered, tags added to the alerts, group values, and more are evaluated.
81
+
3. Alerts are scored based on how closely they match the current alert. Alerts with a score above a certain threshold are considered relevant and are included in the list of related alerts.
Copy file name to clipboardExpand all lines: solutions/search/agent-builder/programmatic-access.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,18 +7,20 @@ applies_to:
7
7
---
8
8
9
9
:::{warning}
10
-
WIP
11
-
12
10
These pages are hidden from the docs TOC and have `noindexed` meta headers.
13
11
:::
14
12
15
13
# Work programmatically with {{agent-builder}}
16
14
17
-
{{agent-builder}} provides comprehensive APIs and additional integration options for programmatic access and automation.
15
+
{{agent-builder}} provides comprehensive integration options for programmatic access and automation.
18
16
19
17
These interfaces enable you to build integrations with other applications and extend Agent Builder's capabilities to fit your specific requirements.
20
18
21
-
-**[Kibana API](kibana-api.md)**: RESTful APIs for working with {{agent-builder}} programmatically
19
+
:::{tip}
20
+
Most users will probably want to integrate with Agent Builder using MCP or A2A, but you can also work programmatically with tools, agents, and conversations using the Kibana APIs.
21
+
:::
22
+
22
23
-**[MCP server](mcp-server.md)**: A standardized interface that allows external MCP clients (such as Claude Desktop or Cursor) to access {{agent-builder}} tools
23
24
-**[A2A server](a2a-server.md)**: Agent-to-agent communication endpoints that follow the A2A protocol specification, enabling external A2A clients to interact with {{agent-builder}} agents
25
+
-**[Kibana API](kibana-api.md)**: RESTful APIs for working with {{agent-builder}} programmatically
Copy file name to clipboardExpand all lines: solutions/search/elastic-agent-builder.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,9 @@ These pages are hidden from the docs TOC and have `noindexed` meta headers.
14
14
15
15
# {{agent-builder}}
16
16
17
-
{{agent-builder}} is an AI-powered conversation framework for working with {{es}} data using natural language. It features both a chat UI for synchronous interaction and extensive programmatic access through APIs, MCP and A2A servers.
17
+
{{agent-builder}} is a set of AI-powered capabilities for developing and interacting with agents that work with your {{es}} data. Agent Builder simplifies building data-driven agents with intuitive UI and programmatic interfaces, so you don't have to compose the different pieces separately.
18
+
19
+
You can use the built-in agent for natural language conversations with any {{es}} data or instance, or work programmatically with tools, agents, and conversations using Elastic APIs, MCP, and A2A.
0 commit comments