opendistro
diff --git a/‎check-links.sh‎
Lines changed: 4 additions & 0 deletions b/‎check-links.sh‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/alerting/index.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/alerting/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/alerting/monitors.md‎
Lines changed: 31 additions & 2 deletions b/‎docs/alerting/monitors.md‎
Lines changed: 31 additions & 2 deletions
diff --git a/‎docs/elasticsearch/index-data.md‎
Lines changed: 8 additions & 8 deletions b/‎docs/elasticsearch/index-data.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎docs/elasticsearch/index.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/elasticsearch/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/elasticsearch/snapshot-restore.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/elasticsearch/snapshot-restore.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/install/docker-security.md‎
Lines changed: 25 additions & 6 deletions b/‎docs/install/docker-security.md‎
Lines changed: 25 additions & 6 deletions
diff --git a/‎docs/install/docker.md‎
Lines changed: 22 additions & 11 deletions b/‎docs/install/docker.md‎
Lines changed: 22 additions & 11 deletions
diff --git a/‎docs/install/other-components.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/install/other-components.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/install/plugins.md‎
Lines changed: 4 additions & 4 deletions b/‎docs/install/plugins.md‎
Lines changed: 4 additions & 4 deletions
@@ -0,0 +1,4 @@
+# Checks for broken link in the documentation.
+# Run `bundle exec jekyll serve` first.
+# Uses https://github.com/stevenvachon/broken-link-checker
+blc http://127.0.0.1:4000/for-elasticsearch-docs/ -ro
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Alerting
-nav_order: 8
+nav_order: 30
 has_children: true
 ---
 
 
@@ -53,6 +53,35 @@ Destination | A reusable location for an action, such as Amazon Chime, Slack, or
 
    - Query definition gives you flexibility in terms of what you query for (using [the Elasticsearch query DSL](../../elasticsearch/full-text)) and how you evaluate the results of that query (Painless scripting).
 
+     You can even filter query results using `{% raw %}{{period_start}}{% endraw %}` and `{% raw %}{{period_end}}{% endraw %}`:
+
+     ```json
+     {
+       "size": 0,
+       "query": {
+         "bool": {
+           "filter": [{
+             "range": {
+               "timestamp": {
+                 "from": "{% raw %}{{period_end}}{% endraw %}||-1h",
+                 "to": "{% raw %}{{period_end}}{% endraw %}",
+                 "include_lower": true,
+                 "include_upper": true,
+                 "format": "epoch_millis",
+                 "boost": 1
+               }
+             }
+           }],
+           "adjust_pure_negative": true,
+           "boost": 1
+         }
+       },
+       "aggregations": {}
+     }
+     ```
+
+     "Start" and "end" refer to the interval at which the monitor runs. See [Available variables](#available-variables).
+
 1. To define a monitor visually, choose **Define using visual graph**. Then choose an aggregation (for example, `count()` or `average()`), a set of documents, and a timeframe. Visual definition works well for most monitors.
 
    To use a query, choose **Define using extraction query**, add your query (using [the Elasticsearch query DSL](../../elasticsearch/full-text)), and test it using the **Run** button.
@@ -82,7 +111,7 @@ The line moves up and down as you increase and decrease the threshold. Once this
 
 For **Trigger condition**, specify a Painless script that returns true or false. Painless is the default Elasticsearch scripting language and has a syntax similar to Groovy.
 
-Trigger condition scripts revolve around the `ctx.results[0]` variable, which corresponds to the extraction query response. For example, your script might reference `ctx.results[0].hits.total` or `ctx.results[0].hits.hits[i]._source.error_code`.
+Trigger condition scripts revolve around the `ctx.results[0]` variable, which corresponds to the extraction query response. For example, your script might reference `ctx.results[0].hits.total.value` or `ctx.results[0].hits.hits[i]._source.error_code`.
 
 A return value of true means the trigger condition has been met, and the trigger should execute its actions. Test your script using the **Run** button.
 
@@ -98,7 +127,7 @@ These scripts are Painless, not Groovy, but calling them Groovy in Jekyll gets u
 
 ```groovy
 // Evaluates to true if the query returned any documents
-ctx.results[0].hits.total > 0
+ctx.results[0].hits.total.value > 0
 ```
 
 ```groovy
 
@@ -17,15 +17,15 @@ For situations in which new data arrives incrementally (for example, customer or
 A request to the index API looks like the following:
 
 ```json
-PUT elasticsearch_domain/<index>/_doc/<id>
+PUT cluster_endpoint/<index>/_doc/<id>
 { "A JSON": "document" }
 ```
 
 A request to the `_bulk` API looks a little different, because you specify the index and ID in the bulk data:
 
 ```json
-POST elasticsearch_domain/_bulk
-{ "index": { "_index" : "<index>", "_type" : "_doc", "_id" : "<id>" } }
+POST cluster_endpoint/_bulk
+{ "index": { "_index" : "<index>", "_id" : "<id>" } }
 { "A JSON": "document" }
 
 ```
@@ -46,21 +46,21 @@ The document is optional, because `delete` actions do not require a document. Th
 Elasticsearch features automatic index creation when you add a document to an index that doesn't already exist. It also features automatic ID generation if you don't specify an ID in the request. This simple example automatically creates the movies index, indexes the document, and assigns it a unique ID:
 
 ```json
-POST elasticsearch_domain/movies/_doc
+POST cluster_endpoint/movies/_doc
 {"title": "Spirited Away"}
 ```
 
 Automatic ID generation has a clear downside: because the indexing request didn't specify a document ID, you can't easily update the document at a later time. To specify an ID of 1, use the following request, and note the use of PUT instead of POST:
 
 ```json
-PUT elasticsearch_domain/movies/_doc/1
+PUT cluster_endpoint/movies/_doc/1
 {"title": "Spirited Away"}
 ```
 
-Indices default to five primary shards and one replica. If you want to specify non-default settings, create the index before adding documents:
+Indices default to one primary shard and one replica. If you want to specify non-default settings, create the index before adding documents:
 
 ```json
-PUT elasticsearch_domain/more-movies
+PUT cluster_endpoint/more-movies
 {"settings": {"number_of_shards": 6, "number_of_replicas": 2}}
 ```
 
@@ -73,4 +73,4 @@ Elasticsearch indices have the following naming restrictions:
 - Index names can't begin with `_` (underscore) or `-` (hyphen).
 - Index names can't contain spaces, commas, or the following characters:
 
-  `"`, `*`, `+`, `/`, `\`, `|`, `?`, `#`, `>`, or `<`
+  `:`, `"`, `*`, `+`, `/`, `\`, `|`, `?`, `#`, `>`, or `<`
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Elasticsearch
-nav_order: 3
+nav_order: 10
 has_children: true
 has_toc: false
 ---
 
@@ -101,7 +101,7 @@ readonly | Whether the repository is read-only. Useful when migrating from one c
    If you're using the Docker installation, see [Run with custom plugins](../../install/docker/#run-with-custom-plugins). Your `Dockerfile` should look something like this:
 
    ```
-   FROM amazon/opendistro-for-elasticsearch:0.9.0
+   FROM amazon/opendistro-for-elasticsearch:1.0.0
 
    ENV AWS_ACCESS_KEY_ID <access-key>
    ENV AWS_SECRET_ACCESS_KEY <secret-key>
 
@@ -16,17 +16,23 @@ Before deploying to a production environment, you should replace the demo securi
 version: '3'
 services:
   odfe-node1:
-    image: amazon/opendistro-for-elasticsearch:0.9.0
+    image: amazon/opendistro-for-elasticsearch:1.0.0
     container_name: odfe-node1
     environment:
       - cluster.name=odfe-cluster
+      - node.name=odfe-node1
+      - discovery.seed_hosts=odfe-node1,odfe-node2
+      - cluster.initial_master_nodes=odfe-node1,odfe-node2
       - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
-      - network.host=0.0.0.0 # required if not using the demo Security configuration
+      - network.host=0.0.0.0
     ulimits:
       memlock:
         soft: -1
         hard: -1
+      nofile:
+        soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
+        hard: 65536
     volumes:
       - odfe-data1:/usr/share/elasticsearch/data
       - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
@@ -36,24 +42,33 @@ services:
       - ./kirk-key.pem:/usr/share/elasticsearch/config/kirk-key.pem
       - ./custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+      - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
+      - ./tenants.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml
+      - ./roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml
+      - ./action_groups.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml
     ports:
       - 9200:9200
       - 9600:9600 # required for Performance Analyzer
     networks:
       - odfe-net
   odfe-node2:
-    image: amazon/opendistro-for-elasticsearch:0.9.0
+    image: amazon/opendistro-for-elasticsearch:1.0.0
     container_name: odfe-node2
     environment:
       - cluster.name=odfe-cluster
+      - node.name=odfe-node2
+      - discovery.seed_hosts=odfe-node1,odfe-node2
+      - cluster.initial_master_nodes=odfe-node1,odfe-node2
       - bootstrap.memory_lock=true
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - discovery.zen.ping.unicast.hosts=odfe-node1
       - network.host=0.0.0.0
     ulimits:
       memlock:
         soft: -1
         hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     volumes:
       - odfe-data2:/usr/share/elasticsearch/data
       - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
@@ -63,10 +78,14 @@ services:
       - ./kirk-key.pem:/usr/share/elasticsearch/config/kirk-key.pem
       - ./custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+      - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
+      - ./tenants.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/tenants.yml
+      - ./roles.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml
+      - ./action_groups.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/action_groups.yml
     networks:
       - odfe-net
   kibana:
-    image: amazon/opendistro-for-elasticsearch-kibana:0.9.0
+    image: amazon/opendistro-for-elasticsearch-kibana:1.0.0
     container_name: odfe-kibana
     ports:
       - 5601:5601
@@ -121,7 +140,7 @@ If you encounter any `File /usr/share/elasticsearch/config/elasticsearch.yml has
 
 ## Change passwords for read-only users
 
-After the cluster starts, change the passwords for the [read-only user accounts](../../security-configuration/api/#read-only-and-hidden-resources): `admin` and `kibanaserver`.
+After the cluster starts, change the passwords for the [read-only user accounts](../../security-access-control/api/#read-only-and-hidden-resources): `admin` and `kibanaserver`.
 
 - The `admin` user has full privileges on the cluster.
 - `kibanaserver` user has certain permissions to the `.kibana` index that let it perform management tasks like setting index patterns and retrieving visualizations. This user, or one just like it, is required for Kibana to work properly with the Security plugin. We recommend just using `kibanaserver`.
 
@@ -10,8 +10,8 @@ nav_order: 1
 You can pull the Open Distro for Elasticsearch Docker image just like any other image:
 
 ```bash
-docker pull amazon/opendistro-for-elasticsearch:0.9.0
-docker pull amazon/opendistro-for-elasticsearch-kibana:0.9.0
+docker pull amazon/opendistro-for-elasticsearch:1.0.0
+docker pull amazon/opendistro-for-elasticsearch-kibana:1.0.0
 ```
 
 Open Distro for Elasticsearch images use `centos:7` as the base image.
@@ -31,7 +31,7 @@ Open Distro for Elasticsearch images use `centos:7` as the base image.
 To run the image for local development:
 
 ```bash
-docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" amazon/opendistro-for-elasticsearch:0.9.0
+docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" amazon/opendistro-for-elasticsearch:1.0.0
 ```
 
 Then send requests to the server to verify that Elasticsearch is up and running:
@@ -84,16 +84,22 @@ This sample file starts two data nodes and Kibana. If you're running Docker loca
 version: '3'
 services:
   odfe-node1:
-    image: amazon/opendistro-for-elasticsearch:0.9.0
+    image: amazon/opendistro-for-elasticsearch:1.0.0
     container_name: odfe-node1
     environment:
       - cluster.name=odfe-cluster
+      - node.name=odfe-node1
+      - discovery.seed_hosts=odfe-node1,odfe-node2
+      - cluster.initial_master_nodes=odfe-node1,odfe-node2
       - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
     ulimits:
       memlock:
         soft: -1
         hard: -1
+      nofile:
+        soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
+        hard: 65536
     volumes:
       - odfe-data1:/usr/share/elasticsearch/data
     ports:
@@ -102,23 +108,28 @@ services:
     networks:
       - odfe-net
   odfe-node2:
-    image: amazon/opendistro-for-elasticsearch:0.9.0
+    image: amazon/opendistro-for-elasticsearch:1.0.0
     container_name: odfe-node2
     environment:
       - cluster.name=odfe-cluster
+      - node.name=odfe-node2
+      - discovery.seed_hosts=odfe-node1,odfe-node2
+      - cluster.initial_master_nodes=odfe-node1,odfe-node2
       - bootstrap.memory_lock=true
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - discovery.zen.ping.unicast.hosts=odfe-node1
     ulimits:
       memlock:
         soft: -1
         hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     volumes:
       - odfe-data2:/usr/share/elasticsearch/data
     networks:
       - odfe-net
   kibana:
-    image: amazon/opendistro-for-elasticsearch-kibana:0.9.0
+    image: amazon/opendistro-for-elasticsearch-kibana:1.0.0
     container_name: odfe-kibana
     ports:
       - 5601:5601
@@ -151,7 +162,7 @@ docker run \
 -p 9200:9200 -p 9600:9600 \
 -e "discovery.type=single-node" \
 -v /<full-path-to>/custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-amazon/opendistro-for-elasticsearch:0.9.0
+amazon/opendistro-for-elasticsearch:1.0.0
 ```
 
 You can perform the same operation in `docker-compose.yml` using a relative path:
@@ -199,15 +210,15 @@ vm.max_map_count=262144
 
 Then run `sudo sysctl -p` to reload.
 
-The `docker-compose.yml` file above also contains several key settings: `bootstrap.memory_lock=true`, `ES_JAVA_OPTS=-Xms512m -Xmx512m`, and `9600:9600`. Respectively, these settings disable memory swapping (along with `memlock`), set the size of the Java heap (we recommend half of system RAM), and allow you to access Performance Analyzer on port 9600.
+The `docker-compose.yml` file above also contains several key settings: `bootstrap.memory_lock=true`, `ES_JAVA_OPTS=-Xms512m -Xmx512m`, `nofile 65536` and `port 9600`. Respectively, these settings disable memory swapping (along with `memlock`), set the size of the Java heap (we recommend half of system RAM), set a limit of 65536 open files for the Elasticsearch user, and allow you to access Performance Analyzer on port 9600.
 
 
 ## Run with custom plugins
 
 To run the image with a custom plugin, first create a [`Dockerfile`](https://docs.docker.com/engine/reference/builder/):
 
 ```
-FROM amazon/opendistro-for-elasticsearch:0.9.0
+FROM amazon/opendistro-for-elasticsearch:1.0.0
 RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch <plugin-name-or-url>
 ```
 
@@ -221,7 +232,7 @@ docker run -p 9200:9200 -p 9600:9600 -v /usr/share/elasticsearch/data odfe-custo
 You can also use a `Dockerfile` to pass your own certificates for use with the [Security](../../security-configuration/) plugin, similar to the `-v` argument in [Configure Elasticsearch](#configure-elasticsearch):
 
 ```
-FROM amazon/opendistro-for-elasticsearch:0.9.0
+FROM amazon/opendistro-for-elasticsearch:1.0.0
 COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
 COPY --chown=elasticsearch:elasticsearch my-key-file.pem /usr/share/elasticsearch/config/
 COPY --chown=elasticsearch:elasticsearch my-certificate-chain.pem /usr/share/elasticsearch/config/
 
@@ -12,3 +12,4 @@ Open Distro for Elasticsearch has a number of other components that you might wa
 - [Java Database Connectivity (JDBC) driver](../../sql/jdbc)
 - [PerfTop client for Performance Analyzer](../../pa/)
 - [Job Scheduler plugin](https://github.com/opendistro-for-elasticsearch/job-scheduler), an extensible plugin for running periodic jobs
+- [Alerting CLI](https://github.com/mihirsoni/odfe-monitor-cli), a command line interface that lets you use YAML files to manage your Open Distro for Elasticsearch monitors
@@ -18,7 +18,7 @@ Navigate to the Elasticsearch home directory (likely `/usr/share/elasticsearch`)
 #### Security
 
 ```bash
-sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-0.9.0.0.zip
+sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.0.0.0.zip
 ```
 
 After installing the Security plugin, you can run `sudo sh /usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh` to quickly get started with demo certificates. Otherwise, you must configure it manually.
@@ -27,22 +27,22 @@ After installing the Security plugin, you can run `sudo sh /usr/share/elasticsea
 #### Alerting
 
 ```bash
-sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-0.9.0.0.zip
+sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-1.0.0.0.zip
 ```
 
 
 #### SQL
 
 ```bash
-sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-0.9.0.0.zip
+sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-1.0.0.0.zip
 ```
 
 
 {% comment %}
 #### Performance Analyzer
 
 ```bash
-sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/performance-analyzer/opendistro_performance_analyzer-0.9.0.0.zip
+sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/performance-analyzer/opendistro_performance_analyzer-1.0.0.0.zip
 ```
 
 Performance Analyzer requires so many additional configuration steps that we don't recommend installing it as a standalone plugin. After installing the plugin: