- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing the Elastic Stack
- Getting Started with Security
- How Security Works
- Setting Up User Authentication
- Configuring SAML Single-Sign-On on the Elastic Stack
- Configuring Role-based Access Control
- Auditing Security Events
- Encrypting Communications
- Restricting Connections with IP Filtering
- Cross Cluster Search, Tribe, Clients and Integrations
- Reference
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.2.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Datafeeds
editDatafeeds
editMachine learning jobs can analyze data that is stored in Elasticsearch or data that is sent from some other source via an API. Datafeeds retrieve data from Elasticsearch for analysis, which is the simpler and more common scenario.
If you create jobs in Kibana, you must use datafeeds. When you create a job, you select an index pattern and Kibana configures the datafeed for you under the covers. If you use machine learning APIs instead, you can create a datafeed by using the create datafeeds API after you create a job. You can associate only one datafeed with each job.
For a description of all the datafeed properties, see Datafeed Resources.
To start retrieving data from Elasticsearch, you must start the datafeed. When you start it, you can optionally specify start and end times. If you do not specify an end time, the datafeed runs continuously. You can start and stop datafeeds in Kibana or use the start datafeeds and stop datafeeds APIs. A datafeed can be started and stopped multiple times throughout its lifecycle.
When X-Pack security is enabled, a datafeed stores the roles of the user who created or updated the datafeed at that time. This means that if those roles are updated, the datafeed subsequently runs with the new permissions that are associated with the roles. However, if the user’s roles are adjusted after creating or updating the datafeed, the datafeed continues to run with the permissions that were associated with the original roles.
One way to update the roles that are stored within the datafeed without changing any other settings is to submit an empty JSON document ({}) to the update datafeed API.
If the data that you want to analyze is not stored in Elasticsearch, you cannot use datafeeds. You can however send batches of data directly to the job by using the post data to jobs API.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now