Merge remote-tracking branch 'origin/main' into structured_source

Author: Tim-Brooks

docs/changelog/130463.yaml

@@ -0,0 +1,5 @@
+pr: 130463
+summary: Refresh potential lost connections at query start for `_search`
+area: Search
+type: enhancement
+issues: []

docs/changelog/131236.yaml

@@ -0,0 +1,6 @@
+pr: 131236
+summary: Correctly handling `download_database_on_pipeline_creation` within a pipeline
+  processor within a default or final pipeline
+area: Ingest Node
+type: bug
+issues: []

docs/changelog/131395.yaml

@@ -0,0 +1,5 @@
+pr: 131395
+summary: Enable failure store for newly created OTel data streams
+area: Data streams
+type: enhancement
+issues: []

docs/changelog/131531.yaml

@@ -0,0 +1,6 @@
+pr: 131531
+summary: Integrate LIKE/RLIKE LIST with `ReplaceStringCasingWithInsensitiveRegexMatch`
+  rule
+area: ES|QL
+type: enhancement
+issues: []

docs/changelog/131541.yaml

@@ -0,0 +1,5 @@
+pr: 131541
+summary: Added Sample operator `NamedWritable` to plugin
+area: ES|QL
+type: bug
+issues: []

docs/reference/elasticsearch/index-settings/slow-log.md

@@ -20,6 +20,7 @@ Events that meet the specified threshold are emitted into [{{es}} logging](docs-
 * If [{{es}} monitoring](docs-content://deploy-manage/monitor/stack-monitoring.md) is enabled, from [Stack Monitoring](docs-content://deploy-manage/monitor/monitoring-data/visualizing-monitoring-data.md). Slow log events have a `logger` value of `index.search.slowlog` or `index.indexing.slowlog`.
 * From local {{es}} service logs directory. Slow log files have a suffix of `_index_search_slowlog.json` or `_index_indexing_slowlog.json`.
 
+See this [this video](https://www.youtube.com/watch?v=ulUPJshB5bU) for a walkthrough of setting and reviewing slow logs.
 
 ## Slow log format [slow-log-format]
 

docs/reference/elasticsearch/jvm-settings.md

@@ -87,10 +87,18 @@ To override the default heap size, set the minimum and maximum heap size setting
 
 The heap size should be based on the available RAM:
 
-* Set `Xms` and `Xmx` to no more than 50% of your total memory. {{es}} requires memory for purposes other than the JVM heap. For example, {{es}} uses off-heap buffers for efficient network communication and relies on the operating system’s filesystem cache for efficient access to files. The JVM itself also requires some memory. It’s normal for {{es}} to use more memory than the limit configured with the `Xmx` setting.
+* Set `Xms` and `Xmx` to no more than 50% of the total memory available to each {{es}} node. {{es}} requires memory for purposes other than the JVM heap. For example, {{es}} uses off-heap buffers for efficient network communication and relies on the operating system’s filesystem cache for efficient access to files. The JVM itself also requires some memory. It’s normal for {{es}} to use more memory than the limit configured with the `Xmx` setting.
 
     ::::{note}
-    When running in a container, such as [Docker](docs-content://deploy-manage/deploy/self-managed/install-elasticsearch-with-docker.md), total memory is defined as the amount of memory visible to the container, not the total system memory on the host.
+    When running in a container, such as [Docker](docs-content://deploy-manage/deploy/self-managed/install-elasticsearch-with-docker.md), the total memory available to {{es}} means the amount of memory available within the container, not the total system memory on the host.
+
+    If you are running multiple {{es}} nodes on the same host, or in the same container, the total of all the nodes' heap sizes should not exceed 50% of the total available memory.
+
+    Account for the memory usage of other processes running on the same host, or in the same container, when computing the total memory available to {{es}}.
+
+    The 50% guideline is intended as a safe upper bound on the heap size. You may find that heap sizes smaller than this maximum offer better performance, for instance by allowing your operating system to use a larger filesystem cache.
+
+    If you set the heap size too large, {{es}} may perform poorly and nodes may be terminated by the operating system.
     ::::
 
 * Set `Xms` and `Xmx` to no more than the threshold for compressed ordinary object pointers (oops). The exact threshold varies but 26GB is safe on most systems and can be as large as 30GB on some systems. To verify you are under the threshold, check the {{es}} log for an entry like this:

docs/reference/elasticsearch/security-privileges.md

@@ -286,22 +286,20 @@ This section lists the privileges that you can assign to a role.
 `create`
 :   Privilege to index documents.
 
-    :::{admonition} Deprecated in 8.0
-    Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
-    :::
-
     ::::{note}
     This privilege does not restrict the index operation to the creation of documents but instead restricts API use to the index API. The index API allows a user to overwrite a previously indexed document. See the `create_doc` privilege for an alternative.
     ::::
 
+    :::{important}
+    Starting from 8.0, this privilege no longer grants the permission to update index mappings.
+    In earlier versions, it implicitly permitted index mapping updates (excluding data stream mappings) via the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or through [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md).
+    Mapping update capabilities will be fully removed in a future major release.
+    :::
+
 
 `create_doc`
 :   Privilege to index documents. It does not grant the permission to update or overwrite existing documents.
 
-    :::{admonition} Deprecated in 8.0
-    Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
-    :::
-
     ::::{note}
     This privilege relies on the `op_type` of indexing requests ([Index](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-create) and [Bulk](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-bulk)). When ingesting documents as a user who has the `create_doc` privilege (and no higher privilege such as `index` or `write`), you must ensure that *op_type* is set to *create* through one of the following:
 
@@ -311,6 +309,12 @@ This section lists the privileges that you can assign to a role.
 
     ::::
 
+    :::{important}
+    Starting from 8.0, this privilege no longer grants the permission to update index mappings.
+    In earlier versions, it implicitly permitted index mapping updates (excluding data stream mappings) via the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or through [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md).
+    Mapping update capabilities will be fully removed in a future major release.
+    :::
+
 
 `create_index`
 :   Privilege to create an index or data stream. A create index request may contain aliases to be added to the index once created. In that case the request requires the `manage` privilege as well, on both the index and the aliases names.
@@ -340,8 +344,10 @@ This section lists the privileges that you can assign to a role.
 `index`
 :   Privilege to index and update documents.
 
-    :::{admonition} Deprecated in 8.0
-    Also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or by relying on [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md). In a future major release, this privilege will not grant any mapping update permissions.
+    :::{important}
+    Starting from 8.0, this privilege no longer grants the permission to update index mappings.
+    In earlier versions, it implicitly permitted index mapping updates (excluding data stream mappings) via the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or through [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md).
+    Mapping update capabilities will be fully removed in a future major release.
     :::
 
 `maintenance`
@@ -389,8 +395,10 @@ This section lists the privileges that you can assign to a role.
 `write`
 :   Privilege to perform all write operations to documents, which includes the permission to index, update, and delete documents as well as performing bulk operations, while also allowing to dynamically update the index mapping.
 
-    :::{admonition} Deprecated in 8.0
-    It also grants the permission to update the index mapping (but not the data streams mapping), using the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping). This will be retracted in a future major release.
+    :::{important}
+    Starting from 8.0, this privilege no longer grants the permission to update index mappings.
+    In earlier versions, it implicitly permitted index mapping updates (excluding data stream mappings) via the [updating mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-mapping) or through [dynamic field mapping](docs-content://manage-data/data-store/mapping/dynamic-mapping.md).
+    Mapping update capabilities will be fully removed in a future major release.
     :::
 
 ## Run as privilege [_run_as_privilege]

docs/reference/query-languages/esql/_snippets/commands/layout/completion.md

@@ -0,0 +1,106 @@
+## `COMPLETION` [esql-completion]
+
+```yaml {applies_to}
+serverless: preview
+stack: preview 9.1.0
+```
+
+The `COMPLETION` command allows you to send prompts and context to a Large Language Model (LLM) directly within your ES|QL queries, to perform text generation tasks.
+
+**Syntax**
+
+```esql
+COMPLETION [column =] prompt WITH inference_id
+```
+
+**Parameters**
+
+`column`
+:   (Optional) The name of the output column containing the LLM's response.
+    If not specified, the results will be stored in a column named `completion`.
+    If the specified column already exists, it will be overwritten with the new results.
+
+`prompt`
+:   The input text or expression used to prompt the LLM.
+    This can be a string literal or a reference to a column containing text.
+
+`inference_id`
+:   The ID of the [inference endpoint](docs-content://explore-analyze/elastic-inference/inference-api.md) to use for the task.
+    The inference endpoint must be configured with the `completion` task type.
+
+**Description**
+
+The `COMPLETION` command provides a general-purpose interface for
+text generation tasks using a Large Language Model (LLM) in ES|QL.
+
+`COMPLETION` supports a wide range of text generation tasks. Depending on your
+prompt and the model you use, you can perform arbitrary text generation tasks
+including:
+
+- Question answering
+- Summarization
+- Translation
+- Content rewriting
+- Creative generation
+
+**Requirements**
+
+To use this command, you must deploy your LLM model in Elasticsearch as
+an [≈inference endpoint](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-inference-put) with the
+task type `completion`.
+
+**Examples**
+
+Use the default column name (results stored in `completion` column):
+
+```esql
+ROW question = "What is Elasticsearch?"
+| COMPLETION question WITH test_completion_model
+| KEEP question, completion
+```
+
+| question:keyword       | completion:keyword                        |
+|------------------------|-------------------------------------------|
+| What is Elasticsearch? | A distributed search and analytics engine |
+
+Specify the output column (results stored in `answer` column):
+
+```esql
+ROW question = "What is Elasticsearch?"
+| COMPLETION answer = question WITH test_completion_model
+| KEEP question, answer
+```
+
+| question:keyword | answer:keyword |
+| --- | --- |
+| What is Elasticsearch? | A distributed search and analytics engine |
+
+Summarize the top 10 highest-rated movies using a prompt:
+
+```esql
+FROM movies
+| SORT rating DESC
+| LIMIT 10
+| EVAL prompt = CONCAT(
+   "Summarize this movie using the following information: \n",
+   "Title: ", title, "\n",
+   "Synopsis: ", synopsis, "\n",
+   "Actors: ", MV_CONCAT(actors, ", "), "\n",
+  )
+| COMPLETION summary = prompt WITH test_completion_model
+| KEEP title, summary, rating
+```
+
+
+| title:keyword | summary:keyword | rating:double |
+| --- | --- | --- |
+| The Shawshank Redemption | A tale of hope and redemption in prison. | 9.3 |
+| The Godfather | A mafia family's rise and fall. | 9.2 |
+| The Dark Knight | Batman battles the Joker in Gotham. | 9.0 |
+| Pulp Fiction | Interconnected crime stories with dark humor. | 8.9 |
+| Fight Club | A man starts an underground fight club. | 8.8 |
+| Inception | A thief steals secrets through dreams. | 8.8 |
+| The Matrix | A hacker discovers reality is a simulation. | 8.7 |
+| Parasite | Class conflict between two families. | 8.6 |
+| Interstellar | A team explores space to save humanity. | 8.6 |
+| The Prestige | Rival magicians engage in dangerous competition. | 8.5 |

docs/reference/query-languages/esql/_snippets/lists/processing-commands.md

@@ -1,4 +1,5 @@
 * [preview] [`CHANGE_POINT`](../../commands/processing-commands.md#esql-change_point)
+* [preview] [`COMPLETION`](../../commands/processing-commands.md#esql-completion)
 * [`DISSECT`](../../commands/processing-commands.md#esql-dissect)
 * [`DROP`](../../commands/processing-commands.md#esql-drop)
 * [`ENRICH`](../../commands/processing-commands.md#esql-enrich)