elastic · naemono · Oct 3, 2025 · Oct 3, 2025 · pebrc · Oct 6, 2025
@@ -62,7 +62,6 @@
 If you are using the `elastic` user credentials in your own applications, they will fail to connect to {{es}} and {{kib}} after you run this command. It is not recommended to use `elastic` user credentials for production use cases. Always [create your own users with restricted roles](../../../deploy-manage/users-roles/cluster-or-deployment-auth/native.md) to access {{es}}.
 ::::
 
-
 To regenerate all auto-generated credentials in a namespace, run the following command:
 
 ```sh
@@ -99,4 +98,82 @@
 
 ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.
 
-Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
+## Controlling the length of ECK-generated passwords
+
+```{applies_to}
+  eck: ga 3.2
+```
+
+With an enterprise license users can control the password length of the file-based passwords generated by {{eck}}.
+
+:::{note}
+In {{eck}} 3.1 and earlier all file-based passwords are 24 characters long.
+:::
+
+### Controlling the length of passwords in Helm installations
+
+If you installed {{eck}} through the Helm chart commands listed in [](../../deploy/cloud-on-k8s/install-using-helm-chart.md), you can set `config.policies.passwords.length` to control the length of generated file-based passwords.
+
+For example:
+```shell
+helm upgrade -i eck-operator -n elastic-system --set=config.policies.passwords.length=64
+```
+
+This will cause any new file-based passwords that are generated to be a length of 64.
+
+::: {note}
+This will not cause existing passwords to be changed. To change existing password refer to [Rotating credentials](k8s-rotate-credentials)
+:::
+
+### Using the operator manifests
+
+If you installed ECK through using the manifests using the commands listed in [](../../deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md), some additional changes are required to control password length.
+
+1. Set the `password-length` in the `ConfigMap`.
+
+```yaml
+cat <<EOF | kubectl apply -f -
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: elastic-operator
+  namespace: elastic-system
+data:
+  eck.yaml: |-
+    log-verbosity: 0
+    metrics-port: 0
+    metrics-secure: false
+    container-registry: docker.elastic.co
+    max-concurrent-reconciles: 3
+    ca-cert-validity: 8760h
+    ca-cert-rotate-before: 24h
+    cert-validity: 8760h
+    cert-rotate-before: 24h
+    disable-config-watch: false
+    exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
+    set-default-security-context: auto-detect
+    kube-client-timeout: 60s
+    elasticsearch-client-timeout: 180s
+    disable-telemetry: false
+    distribution-channel: all-in-one
+    validate-storage-class: true
+    enable-webhook: false
+    operator-namespace: elastic-system
+    enable-leader-election: true
+    elasticsearch-observation-interval: 10s
+    ubi-only: false
+    password-legnth: 64
-    password-legnth: 64
+    password-length: 64
-    password-legnth: 64
+    password-length: 64
+EOF
+```
+
+2. Restart the ECK operator
+
+```shell
+kubectl delete pod -n elastic-system elastic-operator-0
+```
+
+This will cause any new file-based passwords that are generated to be a length of 64.
+
+::: {note}
+This will not cause existing passwords to be changed. To change existing password refer to [Rotating credentials](k8s-rotate-credentials)
+:::
@@ -130,3 +130,62 @@ FROM kibana_sample_data_ecommerce
 :alt: ESQL query with a custom time field enabled
 :::
 
+### Create and edit lookup indices from queries [discover-esql-lookup-join]
+```{applies_to}
+stack: preview 9.2
+serverless: preview
+```
+
+In **Discover**, LOOKUP JOIN commands include interactive options that let you create or edit lookup indices directly from the editor.
+
+#### Create a lookup index from the editor
+
+You can create a lookup index directly from the ES|QL editor. To populate this index, you can type in data manually or upload a CSV file up to 500 MB.
+
+To create lookup indices, you need the [`create_index`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege on the corresponding pattern.
+
+1. In your {{esql}} query, add a `LOOKUP JOIN` command. For example:
+   ```esql
+   FROM kibana_sample_data_logs
+   | LOOKUP JOIN
+   ```
+   Add a space after the command. The editor suggests existing lookup indices and offers to create one. You can also type an index name in your query. If it doesn't exist, the editor suggests to create it.
+
+2. Select the **Create lookup index** suggestion that appears in the autocomplete menu.
+
+3. Define a name for the lookup index, then validate it. 
+   - It must not contain spaces nor any of the following characters: `\`, `/`, `*`, `?`, `<`, `>`, `|`, `:`, and `#`.
+   - It must not start with `-`, `_`, or `+`.
+
+4. Provide the data of the lookup index. You can choose between:
+   - **Uploading a CSV file up to 500 MB**. When uploading a file, you can preview the data and inspect the file's content before it is imported. If issues are detected, a **File issues** tab with more details also appears before you validate the import.
+   - **Adding data manually**. To do that, you can add rows and columns, and edit cells directly.
+   - **Using a combination of both methods**. You can upload a file after adding data manually, and edit or expand data imported from a file.
+
+   :::{tip}
+   You can explore your index using the search field, or in a new Discover session by selecting **Open in Discover**. If you choose to open it in Discover, a new browser tab opens with a prefilled {{esql}} query on the index.
+   :::
+
+5. **Save** any unsaved changes, then **Close** the index editor to return to your query.
+
+Your new index is automatically added to your query. You can then specify the field to join using `ON <field_to_join>`.
+
+#### View or edit a lookup index from the editor
+
+You can view and modify existing lookup indices referenced in an {{esql}} query directly from the editor, depending on your privileges:
+- To edit lookup indices, you need the [`write`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
+- To view lookup indices in read-only mode, you need the [`view_index_metadata`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
+
+To view or edit an index:
+
+1. In the {{esql}} query, hover over the lookup index name.
+
+2. Select the **Edit lookup index** or **View lookup index** option that appears. A flyout showing the index appears.
+
+3. Depending on your permissions and needs, explore or edit the index.
+
+   :::{note}
+   Editing a lookup index affects all {{esql}} queries that reference it. Make sure that your changes are compatible with existing queries that use this index.
+   :::
+
+4. If you made changes, select **Save** before closing the flyout.
@@ -228,8 +228,11 @@ FROM kibana_sample_data_logs
 
 The ES|QL editor supports [`LOOKUP JOIN`](elasticsearch://reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) commands and suggests lookup mode indices and join condition fields.
 
+{applies_to}`stack: ga 9.2` You can also use lookup indices from your remote clusters.
+
 ![Using the LOOKUP JOIN command to autocomplete an ES|QL query](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte43a30a93241d650/67c23670045f5839e5bfd1e4/lookup-join-demo.gif)
 
+In **Discover**, LOOKUP JOIN commands let you create or edit lookup indices directly from the editor. Find more information in [](/explore-analyze/discover/try-esql.md#discover-esql-lookup-join).
 
 ### Keyboard shortcuts