@@ -54,6 +55,7 @@ The following request clears the query cache only: ````json POST /my-index/_cache/clear?query=true ```` +{% include copy-curl.html %}
@@ -62,6 +64,7 @@ The following request clears the request cache only: ````json POST /my-index/_cache/clear?request=true ```` +{% include copy-curl.html %} ##### Clear the cache for specific fields @@ -70,6 +73,7 @@ The following request clears the fields caches of `fielda` and `fieldb`: ````json POST /my-index/_cache/clear?fields=fielda,fieldb ```` +{% include copy-curl.html %} ##### Clear caches for specific data streams and indexes @@ -78,6 +82,7 @@ The following request clears the cache for two specific indexes: ````json POST /my-index,my-index2/_cache/clear ```` +{% include copy-curl.html %} ##### Clear caches for all data streams and indexes @@ -86,6 +91,7 @@ The following request clears the cache for all data streams and indexes: ````json POST /_cache/clear ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/index-apis/clone.md b/_api-reference/index-apis/clone.md index a9fa7cf8545..07391ce8f1e 100644 --- a/_api-reference/index-apis/clone.md +++ b/_api-reference/index-apis/clone.md @@ -25,6 +25,7 @@ PUT /sample-index1/_clone/cloned-index1 } } ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/close-index.md b/_api-reference/index-apis/close-index.md index 7ed65e9e618..a914a7ea677 100644 --- a/_api-reference/index-apis/close-index.md +++ b/_api-reference/index-apis/close-index.md @@ -16,6 +16,7 @@ The close index API operation closes an index. Once an index is closed, you cann ```json POST /sample-index/_close ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/dangling-index.md b/_api-reference/index-apis/dangling-index.md index a34c5bf0238..f654b108141 100644 --- a/_api-reference/index-apis/dangling-index.md +++ b/_api-reference/index-apis/dangling-index.md @@ -56,12 +56,14 @@ The following are sample requests and a sample response. ````bash GET /_dangling ```` +{% include copy-curl.html %} #### Sample import ````bash POST /_dangling/msdjernajxAT23RT-BupMB?accept_data_loss=true ```` +{% include copy-curl.html %} #### Sample delete diff --git a/_api-reference/index-apis/delete-index.md b/_api-reference/index-apis/delete-index.md index f66b415ae9b..e938b5ea7c2 100644 --- a/_api-reference/index-apis/delete-index.md +++ b/_api-reference/index-apis/delete-index.md @@ -16,6 +16,7 @@ If you no longer need an index, you can use the delete index API operation to de ```json DELETE /sample-index ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/exists.md b/_api-reference/index-apis/exists.md index 2b2407b87be..45e68793bbb 100644 --- a/_api-reference/index-apis/exists.md +++ b/_api-reference/index-apis/exists.md @@ -16,6 +16,7 @@ The index exists API operation returns whether or not an index already exists. ```json HEAD /sample-index ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/get-index.md b/_api-reference/index-apis/get-index.md index 3a45fd0a234..60b5976d18e 100644 --- a/_api-reference/index-apis/get-index.md +++ b/_api-reference/index-apis/get-index.md @@ -16,6 +16,7 @@ You can use the get index API operation to return information about an index. ```json GET /sample-index ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/get-settings.md b/_api-reference/index-apis/get-settings.md index 4974ea50901..6fa558a7609 100644 --- a/_api-reference/index-apis/get-settings.md +++ b/_api-reference/index-apis/get-settings.md @@ -16,6 +16,7 @@ The get settings API operation returns all the settings in your index. ```json GET /sample-index1/_settings ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/open-index.md b/_api-reference/index-apis/open-index.md index fa2c8e73bc1..9df21b597cf 100644 --- a/_api-reference/index-apis/open-index.md +++ b/_api-reference/index-apis/open-index.md @@ -16,6 +16,7 @@ The open index API operation opens a closed index, letting you add or search for ```json POST /sample-index/_open ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/put-mapping.md b/_api-reference/index-apis/put-mapping.md index db06d32c758..7bf9b243e74 100644 --- a/_api-reference/index-apis/put-mapping.md +++ b/_api-reference/index-apis/put-mapping.md @@ -78,6 +78,7 @@ PUT /sample-index/_mapping } } ``` +{% include copy-curl.html %} #### Sample Response diff --git a/_api-reference/index-apis/shrink-index.md b/_api-reference/index-apis/shrink-index.md index 3a723914873..1df92699499 100644 --- a/_api-reference/index-apis/shrink-index.md +++ b/_api-reference/index-apis/shrink-index.md @@ -23,6 +23,7 @@ POST /my-old-index/_shrink/my-new-index } } ``` +{% include copy-curl.html %} ## Path and HTTP methods @@ -56,10 +57,21 @@ timeout | Time | How long to wait for the request to return a response. Default You can use the request body to configure some index settings for the target index. All fields are optional. Field | Type | Description -alias | Object | Sets an alias for the target index. Can have the fields `filter`, `index_routing`, `is_hidden`, `is_write_index`, `routing`, and `search_routing`. See [Index Aliases]({{site.url}}{{site.baseurl}}/api-reference/alias/#request-body). +:--- | :--- | :--- +alias | Object | Sets an alias for the target index. Can have the fields `filter`, `index_routing`, `is_hidden`, `is_write_index`, `routing`, or `search_routing`. See [Index Aliases]({{site.url}}{{site.baseurl}}/api-reference/alias/#request-body). settings | Object | Index settings you can apply to your target index. See [Index Settings]({{site.url}}{{site.baseurl}}/api-reference/index-apis/create-index/#index-settings). +[max_shard_size](#the-max_shard_size-parameter) | Bytes | Specifies the maximum size of a primary shard in the target index. Because `max_shard_size` conflicts with the `index.number_of_shards` setting, you cannot set both of them at the same time. + +### The `max_shard_size` parameter + +The `max_shard_size` parameter specifies the maximum size of a primary shard in the target index. OpenSearch uses `max_shard_size` and the total storage for all primary shards in the source index to calculate the number of primary shards and their size for the target index. + +The primary shard count of the target index is the smallest factor of the source index's primary shard count for which the shard size does not exceed `max_shard_size`. For example, if the source index has 8 primary shards, they occupy a total of 400 GB of storage, and the `max_shard_size` is equal to 150 GB, OpenSearch calculates the number of primary shards in the target index using the following algorithm: + +1. Calculate the minimum number of primary shards as 400/150, rounded to the nearest whole integer. The minimum number of primary shards is 3. +1. Calculate the number of primary shards as the smallest factor of 8 that is greater than 3. The number of primary shards is 4. + +The maximum number of primary shards for the target index is equal to the number of primary shards in the source index because the shrink operation is used to reduce the primary shard count. As an example, consider a source index with 5 primary shards that occupy a total of 600 GB of storage. If `max_shard_size` is 100 GB, the minimum number of primary shards is 600/100, which is 6. However, because the number of primary shards in the source index is smaller than 6, the number of primary shards in the target index is set to 5. -{% comment %} -The new parameter to be called max_shard_size. -max_primary_shard_size | Bytes | Sets the maximum size of a primary shard in the target index. For example, if this field is set to 100 GB, and the source index's primary shards total to 300 GB, then the target index has 3 primary shards of 100 GB each. -{% endcomment %} +The minimum number of primary shards for the target index is 1. +{: .note} \ No newline at end of file diff --git a/_api-reference/index-apis/split.md b/_api-reference/index-apis/split.md index 03c9ec41831..96032d0915e 100644 --- a/_api-reference/index-apis/split.md +++ b/_api-reference/index-apis/split.md @@ -25,6 +25,7 @@ PUT /sample-index1/_split/split-index1 } } ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/index-apis/update-settings.md b/_api-reference/index-apis/update-settings.md index 410e6bd92b8..fd507fd19d7 100644 --- a/_api-reference/index-apis/update-settings.md +++ b/_api-reference/index-apis/update-settings.md @@ -24,6 +24,7 @@ PUT /sample-index1/_settings } } ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/ingest-apis/create-update-ingest.md b/_api-reference/ingest-apis/create-update-ingest.md index 767c747411c..03e5d1f3fd7 100644 --- a/_api-reference/ingest-apis/create-update-ingest.md +++ b/_api-reference/ingest-apis/create-update-ingest.md @@ -25,6 +25,7 @@ PUT _ingest/pipeline/12345 ] } ``` +{% include copy-curl.html %} ## Path and HTTP methods ``` diff --git a/_api-reference/ingest-apis/delete-ingest.md b/_api-reference/ingest-apis/delete-ingest.md index 1dcae3c87d2..0f2b6e950c6 100644 --- a/_api-reference/ingest-apis/delete-ingest.md +++ b/_api-reference/ingest-apis/delete-ingest.md @@ -14,6 +14,7 @@ If you no longer want to use an ingest pipeline, use the delete ingest pipeline ``` DELETE _ingest/pipeline/12345 ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/ingest-apis/get-ingest.md b/_api-reference/ingest-apis/get-ingest.md index b91838df4a6..c92d8e5101e 100644 --- a/_api-reference/ingest-apis/get-ingest.md +++ b/_api-reference/ingest-apis/get-ingest.md @@ -14,6 +14,7 @@ After you create a pipeline, use the get ingest pipeline API operation to return ``` GET _ingest/pipeline/12345 ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/ingest-apis/simulate-ingest.md b/_api-reference/ingest-apis/simulate-ingest.md index e37304aa48b..db22336aa5b 100644 --- a/_api-reference/ingest-apis/simulate-ingest.md +++ b/_api-reference/ingest-apis/simulate-ingest.md @@ -32,6 +32,7 @@ POST /_ingest/pipeline/35678/_simulate ] } ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/multi-search.md b/_api-reference/multi-search.md index 1680fe73b0a..b895f0c5f0b 100644 --- a/_api-reference/multi-search.md +++ b/_api-reference/multi-search.md @@ -21,6 +21,7 @@ GET _msearch { "query": { "match_all": {} } } ``` +{% include copy-curl.html %} ## Path and HTTP methods diff --git a/_api-reference/nodes-apis/index.md b/_api-reference/nodes-apis/index.md index 2a93233c4de..c6574f96615 100644 --- a/_api-reference/nodes-apis/index.md +++ b/_api-reference/nodes-apis/index.md @@ -50,12 +50,14 @@ To get statistics from the elected cluster manager node only, use the following ```json GET /_nodes/_cluster_manager/stats ``` +{% include copy-curl.html %} To get statistics from nodes that are data-only nodes, use the following query: ```json GET /_nodes/data:true/stats ``` +{% include copy-curl.html %} ### Order of resolution mechanisms @@ -66,9 +68,11 @@ To get statistics from all the nodes except the cluster manager node, use the fo ```json GET /_nodes/_all,cluster_manager:false/stats ``` +{% include copy-curl.html %} However, if you switch the resolution mechanisms, the result will include all the cluster nodes, including the cluster manager node: ```json GET /_nodes/cluster_manager:false,_all/stats -``` \ No newline at end of file +``` +{% include copy-curl.html %} \ No newline at end of file diff --git a/_api-reference/nodes-apis/nodes-hot-threads.md b/_api-reference/nodes-apis/nodes-hot-threads.md index 98a12e3bee8..23019d800fd 100644 --- a/_api-reference/nodes-apis/nodes-hot-threads.md +++ b/_api-reference/nodes-apis/nodes-hot-threads.md @@ -14,6 +14,7 @@ The nodes hot threads endpoint provides information about busy JVM threads for s ```json GET /_nodes/hot_threads ``` +{% include copy-curl.html %} ## Path and HTTP methods @@ -48,6 +49,7 @@ timeout | Time | Sets the time limit for node response. Default value is `30s`. ```json GET /_nodes/hot_threads ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/nodes-apis/nodes-info.md b/_api-reference/nodes-apis/nodes-info.md index e2469f1336f..b04f06ec46d 100644 --- a/_api-reference/nodes-apis/nodes-info.md +++ b/_api-reference/nodes-apis/nodes-info.md @@ -23,12 +23,14 @@ To get information about all nodes in a cluster, use the following query: ```json GET /_nodes ``` +{% include copy-curl.html %} To get thread pool information about the cluster manager node only, use the following query: ```json GET /_nodes/master:true/thread_pool ``` +{% include copy-curl.html %} ## Path and HTTP methods @@ -82,6 +84,7 @@ The following query requests the `process` and `transport` metrics from the clus ```json GET /_nodes/cluster_manager:true/process,transport ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/nodes-apis/nodes-reload-secure.md b/_api-reference/nodes-apis/nodes-reload-secure.md index 24415ce3386..467df77060e 100644 --- a/_api-reference/nodes-apis/nodes-reload-secure.md +++ b/_api-reference/nodes-apis/nodes-reload-secure.md @@ -41,6 +41,7 @@ The following is an example API request: ``` POST _nodes/reload_secure_settings ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/nodes-apis/nodes-stats.md b/_api-reference/nodes-apis/nodes-stats.md index f582a67be2c..fbd0511bfb7 100644 --- a/_api-reference/nodes-apis/nodes-stats.md +++ b/_api-reference/nodes-apis/nodes-stats.md @@ -57,6 +57,7 @@ GET _nodes/stats/ GET _nodes/stats/_all GET _nodes/stats/indices ``` + The following index metrics are supported: - docs @@ -80,6 +81,7 @@ For example, the following query requests statistics for `docs` and `search`: ```json GET _nodes/stats/indices/docs,search ``` +{% include copy-curl.html %} ## Query parameters @@ -100,6 +102,7 @@ include_segment_file_sizes | Boolean | If segment statistics are requested, this ```json GET _nodes/stats/ ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/nodes-apis/nodes-usage.md b/_api-reference/nodes-apis/nodes-usage.md index 5cfa25b77b0..d9a1af24495 100644 --- a/_api-reference/nodes-apis/nodes-usage.md +++ b/_api-reference/nodes-apis/nodes-usage.md @@ -43,6 +43,7 @@ The following request returns usage details for all nodes: ``` GET _nodes/usage ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/rank-eval.md b/_api-reference/rank-eval.md index 5ed5ca6261c..f2c5d931b8b 100644 --- a/_api-reference/rank-eval.md +++ b/_api-reference/rank-eval.md @@ -72,6 +72,7 @@ GET shakespeare/_rank_eval ] } ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/reload-search-analyzer.md b/_api-reference/reload-search-analyzer.md index 291efe6712e..d8e217396f8 100644 --- a/_api-reference/reload-search-analyzer.md +++ b/_api-reference/reload-search-analyzer.md @@ -34,6 +34,7 @@ The following are an example request and response. ````json POST /shakespeare/_reload_search_analyzers ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/remote-info.md b/_api-reference/remote-info.md index 9275459d08e..9f2e702923a 100644 --- a/_api-reference/remote-info.md +++ b/_api-reference/remote-info.md @@ -18,7 +18,7 @@ The response is more comprehensive and useful than a call to `_cluster/settings` ``` GET _remote/info ``` - +{% include copy-curl.html %} ## Response diff --git a/_api-reference/script-apis/create-stored-script.md b/_api-reference/script-apis/create-stored-script.md index 1f73b09ed86..f50e6d504ce 100644 --- a/_api-reference/script-apis/create-stored-script.md +++ b/_api-reference/script-apis/create-stored-script.md @@ -75,6 +75,8 @@ PUT _scripts/my-first-script } } ```` +{% include copy.html %} + The example above uses the syntax of the Dev Tools console in OpenSearch Dashboards. You can also use a curl request. {: .note } @@ -89,6 +91,7 @@ curl -XPUT "http://opensearch:9200/_scripts/my-first-script" -H 'Content-Type: a } }' ```` +{% include copy.html %} See [Execute Painless stored script]({{site.url}}{{site.baseurl}}/api-reference/script-apis/exec-stored-script/) for information about running the script. diff --git a/_api-reference/script-apis/delete-script.md b/_api-reference/script-apis/delete-script.md index 2c075ac2706..be53a08182a 100644 --- a/_api-reference/script-apis/delete-script.md +++ b/_api-reference/script-apis/delete-script.md @@ -31,6 +31,7 @@ The following request deletes the `my-first-script` script: ````json DELETE _scripts/my-script ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/script-apis/exec-script.md b/_api-reference/script-apis/exec-script.md index 30aa8e47a08..073eae4bcca 100644 --- a/_api-reference/script-apis/exec-script.md +++ b/_api-reference/script-apis/exec-script.md @@ -40,6 +40,7 @@ GET /_scripts/painless/_execute } } ``` +{% include copy-curl.html %} #### Sample response @@ -94,6 +95,7 @@ PUT /testindex1 } } ``` +{% include copy-curl.html %} Run a script to determine if a student is eligible to graduate with honors: @@ -116,6 +118,7 @@ POST /_scripts/painless/_execute } } ``` +{% include copy-curl.html %} The response contains the result: @@ -151,6 +154,7 @@ PUT /testindex1 } } ``` +{% include copy-curl.html %} Run a script that converts a GPA on a 4.0 scale into a different scale that is provided as a parameter: @@ -172,6 +176,7 @@ POST /_scripts/painless/_execute } } ``` +{% include copy-curl.html %} The response contains the result: diff --git a/_api-reference/script-apis/exec-stored-script.md b/_api-reference/script-apis/exec-stored-script.md index cbef9baa993..9a640365a54 100644 --- a/_api-reference/script-apis/exec-stored-script.md +++ b/_api-reference/script-apis/exec-stored-script.md @@ -44,6 +44,7 @@ GET books/_search } } ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/script-apis/get-script-contexts.md b/_api-reference/script-apis/get-script-contexts.md index 679893a84a2..e39dadc0dff 100644 --- a/_api-reference/script-apis/get-script-contexts.md +++ b/_api-reference/script-apis/get-script-contexts.md @@ -14,6 +14,7 @@ Retrieves all contexts for stored scripts. ````json GET _script_context ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/script-apis/get-script-language.md b/_api-reference/script-apis/get-script-language.md index 2a94b225a8b..1405191ea28 100644 --- a/_api-reference/script-apis/get-script-language.md +++ b/_api-reference/script-apis/get-script-language.md @@ -14,6 +14,7 @@ The get script language API operation retrieves all supported script languages a ```json GET _script_language ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/script-apis/get-stored-script.md b/_api-reference/script-apis/get-stored-script.md index b781f79484f..35eba7b2e6a 100644 --- a/_api-reference/script-apis/get-stored-script.md +++ b/_api-reference/script-apis/get-stored-script.md @@ -28,6 +28,7 @@ The following retrieves the `my-first-script` stored script. ````json GET _scripts/my-first-script ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/scroll.md b/_api-reference/scroll.md index 96b4cc2ed7f..4f373627c52 100644 --- a/_api-reference/scroll.md +++ b/_api-reference/scroll.md @@ -25,6 +25,7 @@ GET shakespeare/_search?scroll=10m "size": 10000 } ``` +{% include copy-curl.html %} OpenSearch caches the results and returns a scroll ID to access them in batches: @@ -41,6 +42,7 @@ GET _search/scroll "scroll_id": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAAUWdmpUZDhnRFBUcWFtV21nMmFwUGJEQQ==" } ``` +{% include copy-curl.html %} Using this scroll ID, you get results in batches of 10,000 as long as the search context is still open. Typically, the scroll ID does not change between requests, but it *can* change, so make sure to always use the latest scroll ID. If you don't send the next scroll request within the set search context, the `scroll` operation does not return any results. @@ -59,6 +61,7 @@ GET shakespeare/_search?scroll=10m } } ``` +{% include copy-curl.html %} With a single scroll ID, you get back 10 results. You can have up to 10 IDs. @@ -68,12 +71,14 @@ Close the search context when you’re done scrolling, because the `scroll` oper ```json DELETE _search/scroll/DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAAcWdmpUZDhnRFBUcWFtV21nMmFwUGJEQQ== ``` +{% include copy-curl.html %} To close all open scroll contexts: ```json DELETE _search/scroll/_all ``` +{% include copy-curl.html %} The `scroll` operation corresponds to a specific timestamp. It doesn't consider documents added after that timestamp as potential results. diff --git a/_api-reference/search.md b/_api-reference/search.md index aaff20b6675..4422afa50f0 100644 --- a/_api-reference/search.md +++ b/_api-reference/search.md @@ -22,6 +22,7 @@ GET /movies/_search } } ``` +{% include copy-curl.html %} ## Path and HTTP Methods diff --git a/_api-reference/snapshots/create-repository.md b/_api-reference/snapshots/create-repository.md index 912bdfb1714..22c96152e16 100644 --- a/_api-reference/snapshots/create-repository.md +++ b/_api-reference/snapshots/create-repository.md @@ -73,6 +73,7 @@ PUT _snapshot/my-opensearch-repo } } ``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/snapshots/create-snapshot.md b/_api-reference/snapshots/create-snapshot.md index d4c720bb195..f0cbed4ac3b 100644 --- a/_api-reference/snapshots/create-snapshot.md +++ b/_api-reference/snapshots/create-snapshot.md @@ -53,6 +53,7 @@ The following request creates a snapshot called `my-first-snapshot` in an S3 rep ```json POST _snapshot/my-s3-repository/my-first-snapshot ``` +{% include copy-curl.html %} ##### Request with a body @@ -67,6 +68,7 @@ PUT _snapshot/my-s3-repository/2 "partial": false } ``` +{% include copy-curl.html %} #### Sample responses @@ -120,6 +122,7 @@ The snapshot definition is returned. } } ``` + #### Response fields | Field | Data type | Description | diff --git a/_api-reference/snapshots/delete-snapshot-repository.md b/_api-reference/snapshots/delete-snapshot-repository.md index 440e0311aae..49173bc6255 100644 --- a/_api-reference/snapshots/delete-snapshot-repository.md +++ b/_api-reference/snapshots/delete-snapshot-repository.md @@ -26,6 +26,7 @@ The following request deletes the `my-opensearch-repo` repository: ````json DELETE _snapshot/my-opensearch-repo ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/snapshots/delete-snapshot.md b/_api-reference/snapshots/delete-snapshot.md index 67b3627197d..a3f896e7c13 100644 --- a/_api-reference/snapshots/delete-snapshot.md +++ b/_api-reference/snapshots/delete-snapshot.md @@ -24,9 +24,12 @@ snapshot | String | Snapshot to delete. | #### Sample request -The following request deletes a snapshot called `my-first-snapshot` from the `my-opensearch-repo` repository. +The following request deletes a snapshot called `my-first-snapshot` from the `my-opensearch-repo` repository: -`DELETE _snapshot/my-opensearch-repo/my-first-snapshot` +```json +DELETE _snapshot/my-opensearch-repo/my-first-snapshot +``` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/snapshots/get-snapshot-repository.md b/_api-reference/snapshots/get-snapshot-repository.md index da30dbc4766..d365b93dfe1 100644 --- a/_api-reference/snapshots/get-snapshot-repository.md +++ b/_api-reference/snapshots/get-snapshot-repository.md @@ -34,6 +34,7 @@ The following request retrieves information for the `my-opensearch-repo` reposit ````json GET /_snapshot/my-opensearch-repo ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/snapshots/get-snapshot-status.md b/_api-reference/snapshots/get-snapshot-status.md index ba9e51345a9..a79c3c14d28 100644 --- a/_api-reference/snapshots/get-snapshot-status.md +++ b/_api-reference/snapshots/get-snapshot-status.md @@ -50,6 +50,7 @@ GET _snapshot/my-opensearch-repo/my-first-snapshot/_status "ignore_unavailable": true } ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/snapshots/get-snapshot.md b/_api-reference/snapshots/get-snapshot.md index 89bda2d2515..f65a43eb78a 100644 --- a/_api-reference/snapshots/get-snapshot.md +++ b/_api-reference/snapshots/get-snapshot.md @@ -30,6 +30,7 @@ The following request retrieves information for the `my-first-snapshot` located ````json GET _snapshot/my-opensearch-repo/my-first-snapshot ```` +{% include copy-curl.html %} #### Sample response diff --git a/_api-reference/tasks.md b/_api-reference/tasks.md index 029c2415b79..54dbe62a221 100644 --- a/_api-reference/tasks.md +++ b/_api-reference/tasks.md @@ -15,12 +15,14 @@ The following request returns information about all of your tasks: ``` GET _tasks ``` +{% include copy-curl.html %} By including a task ID, you can get information specific to a particular task. Note that a task ID consists of a node's identifying string and the task's numerical ID. For example, if your node's identifying string is `nodestring` and the task's numerical ID is `1234`, then your task ID is `nodestring:1234`. You can find this information by running the `tasks` operation: ``` GET _tasks/
+
+Before you can search data in Dashboards, you must index it. In OpenSearch, the basic unit of data is a JSON document. Within an index, OpenSearch identifies each document using a unique ID. To learn more about indexing in OpenSearch, see [Index data]({{site.url}}{{site.baseurl}}/opensearch/index-data).
+{: .note purple}
+
+## Searching with terms queries
+
+The most basic query specifies the search term, for example:
+
+```
+host:www.example.com
+```
+
+To access an object's nested field, list the complete path to the field separated by periods. For example, use the following path to retrieve the `lat` field in the `coordinates` object:
+
+```
+coordinates.lat:43.7102
+```
+
+DQL supports leading and trailing wildcards, so you can search for any terms that match your pattern, for example:
+
+```
+host.keyword:*.example.com/*
+```
+
+To check whether a field exists or has any data, use a wildcard to see whether Dashboards returns any results,for example:
+
+```
+host.keyword:*
+```
+
+## Searching with Boolean queries
+
+To mix and match or combine multiple queries for more refined results, you can use the Boolean operators `and`, `or`, and `not`. DQL is not case sensitive, so `AND` and `and` are the same, for example:
+
+```
+host.keyword:www.example.com and response.keyword:200
+```
+
+You also can use multiple Boolean operators in one query, for example:
+
+```
+geo.dest:US or response.keyword:200 and host.keyword:www.example.com
+```
+
+Remember that Boolean operators follow the logical precedence order of `not`, `and`, and `or`, so if you have an expression like the one in the preceding example, `response.keyword:200 and host.keyword:www.example.com` is evaluated first.
+
+To avoid confusion, use parentheses to dictate the order in which you want to evaluate operands. If you want to evaluate `geo.dest:US or response.keyword:200` first, you can use an expression like the following:
+
+```
+(geo.dest:US or response.keyword:200) and host.keyword:www.example.com
+```
+
+## Querying dates and ranges
+
+DQL supports numeric inequalities, for example, `bytes >= 15 and memory < 15`.
+
+You can use the same method to find a date before or after the date specified in the query. `>` indicates a search for a date after the specified date, and `<` returns dates before the specified date, for example, `@timestamp > "2020-12-14T09:35:33`.
+
+## Querying nested fields
+
+Searching a document with [nested fields]({{site.url}}{{site.baseurl}}/opensearch/supported-field-types/nested/) requires you to specify the full path of the field to be retrieved. In the following example document, the `superheroes` field has nested objects:
+
+```json
+{
+ "superheroes":[
+ {
+ "hero-name": "Superman",
+ "real-identity": "Clark Kent",
+ "age": 28
+ },
+ {
+ "hero-name": "Batman",
+ "real-identity": "Bruce Wayne",
+ "age": 26
+ },
+ {
+ "hero-name": "Flash",
+ "real-identity": "Barry Allen",
+ "age": 28
+ },
+ {
+ "hero-name": "Robin",
+ "real-identity": "Dick Grayson",
+ "age": 15
+ }
+ ]
+}
+```
+{% include copy.html %}
+
+To retrieve documents that match a specific field using DQL, specify the field, for example:
+
+```
+superheroes: {hero-name: Superman}
+```
+{% include copy.html %}
+
+To retrieve documents that match multiple fields, specify all the fields, for example:
+
+```
+superheroes: {hero-name: Superman} and superheroes: {hero-name: Batman}
+```
+{% include copy.html %}
+
+You can combine multiple Boolean and range queries to create a more refined query, for example:
+
+```
+superheroes: {hero-name: Superman and age < 50}
+```
+{% include copy.html %}
+
+## Querying doubly nested objects
+
+If a document has doubly nested objects (objects nested inside other objects), retrieve a field value by specifying the full path to the field. In the following example document, the `superheroes` object is nested inside the `justice-league` object:
+
+```json
+{
+"justice-league": [
+{
+"superheroes":[
+{
+"hero-name": "Superman",
+"real-identity": "Clark Kent",
+"age": 28
+},
+{
+"hero-name": "Batman",
+"real-identity": "Bruce Wayne",
+"age": 26
+},
+{
+"hero-name": "Flash",
+"real-identity": "Barry Allen",
+"age": 28
+},
+{
+"hero-name": "Robin",
+"real-identity": "Dick Grayson",
+"age": 15
+}
+]
+}
+]
+}
+```
+{% include copy.html %}
+
+The following image shows the query result using the example notation `justice-league.superheroes: {hero-name:Superman}`.
+
+
diff --git a/_dashboards/discover/index-discover.md b/_dashboards/discover/index-discover.md
new file mode 100644
index 00000000000..ebf46b8c234
--- /dev/null
+++ b/_dashboards/discover/index-discover.md
@@ -0,0 +1,104 @@
+---
+layout: default
+title: Exploring data with Discover
+nav_order: 20
+has_children: true
+---
+
+# Exploring data with Discover
+
+**Discover** in OpenSearch Dashboards helps you extract insights and get value out of data assets across your organization. Discover enables you to:
+
+1. **Explore data**. You can explore, customize, and filter data as well as search data using [Dashboards Query Language (DQL)]({{site.url}}{{site.baseurl}}/dashboards/dql/).
+2. **Analyze data**. You can analyze data, view individual documents, and create tables summarizing data contents.
+3. **Visualize data**. You can display findings from your saved searches in a single dashboard that combines different data visualization types.
+
+## Try it: Exploring sample data with Discover
+
+This tutorial shows you how to use Discover to analyze and understand a sample dataset. At the end of this tutorial, you should be ready to use Discover with your own data.
+
+Before starting this tutorial, make sure you've added the **Sample flight data**. See [Quickstart guide for OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/dashboards/quickstart/) for information about how to get started.
+{: .warning}
+
+### Setting up data
+
+Watch the following short video or start with the tutorial steps to learn how to set up a sample dataset in Discover.
+
+
+
+1. Verify access to OpenSearch Dashboards by connecting to [http://localhost:5601](http://localhost:5601) from a browser. The default username and password are `admin`.
+1. On the **Home** page, choose **Discover** in the navigation pane.
+1. On the index pattern toolbar, select the **opensearch_dashboards_sample_data_flights** dataset.
+1. On the time filter toolbar, choose the calendar icon and then change the time range to **Last 7 days**.
+
+### Exploring the data fields
+
+In the **Discover** panel, you'll see a table that shows all the documents that match your search. The table includes a list of data fields that are available in the document table, as shown in the following image.
+
+
+
+Follow these steps to explore the data fields:
+
+1. View the list of **Available fields**.
+1. Choose **Cancelled** to view the values (`true` and `false`).
+1. Choose the plus (+) sign to add the field to the document table. The field will be automatically added to **Selected fields** and the document table.
+1. Select **FlightDelay** from the **Available fields** list, and then choose the plus (+) sign to add the field to the document table.
+1. Optional: Rearrange the table columns by selecting the table header and then choosing **Move left** or **Move right**.
+
+## Searching data
+
+You can use the search toolbar or enter a DQL query in the **DevTools** console to search data in Dashboards, as shown in the following image. The search toolbar is best for basic queries, such as searching by a field name. DQL is best for complex queries, such as searching data using a term, string, Boolean, date, range, or nested query.
+
+
+
+Follow these steps to search data:
+
+1. In the search toolbar, enter the Boolean query. For example, enter `FlightDelay:true AND FlightDelayMin >= 60` to search the data for flights delayed by 60 minutes or more.
+1. Choose **Update**.
+1. Optional: Choose the arrow (`>`) in a table row to expand the row and view the document table details.
+
+## Filtering data
+
+Filters allow you to refine sets of documents to subsets of those documents. For example, you can filter data to include or exclude certain fields, as shown in the following image.
+
+
+
+Follow these steps to filter data:
+
+1. In the filter bar, choose **Add filter**.
+1. Select options from the **Field**, **Operator**, and **Value** dropdown lists. For example, `Cancelled`, `is`, and `true`.
+1. Choose **Save**.
+1. To remove the filter, choose the close icon (x) next to the filter name.
+1. Optional: Add more filters to further explore the data.
+
+## Analyzing data in the document table
+
+You can view the document table fields to better understand the data and gather insights for more informed decision-making:
+
+1. Choose the arrow icon (>) to expand a table row.
+1. View the fields and details.
+1. Switch between the **Table** and **JSON** tabs to view the different formats, as shown in the following image.
+
+
+
+## Saving the search
+
+Saving a search saves the query text, filters, and current data view. To save your search to use it later, generate a report, or build visualizations and dashboards:
+
+1. Choose the save icon in the toolbar.
+1. Give the search a title, and then choose **Save**.
+1. Choose the save icon to access the saved search, as shown in the following image.
+
+
+
+## Visualizing the search
+
+You can quickly visualize an aggregated field from **Discover**:
+
+1. From the **Available fields** list, select `FlightDelayType` and then choose **Visualize**, as shown in the following image.
+
+
+
+Dashboards creates a visualization for this field, which in this case is a basic bar chart, as shown in the following image.
+
+
diff --git a/_dashboards/discover/index.md b/_dashboards/discover/index.md
deleted file mode 100644
index e8ffcef7442..00000000000
--- a/_dashboards/discover/index.md
+++ /dev/null
@@ -1,17 +0,0 @@
----
-layout: default
-title: Discover
-nav_order: 10
-has_children: true
----
-
-# Discover
-
-**Discover** in OpenSearch Dashboards helps you extract insights and get value out of data assets across your organization. You can quickly ingest and query your data, display that data in visualizations and interactive dashboards, and deliver insights to your organization.
-
-
-
-## What's next?
-
-- [Running queries in the console]({{site.url}}{{site.baseurl}}/dashboards/run-queries/)
-- [Creating a dashboard with multiple data sources]({{site.url}}{{site.baseurl}}/)
diff --git a/_dashboards/discover/multi-data-sources.md b/_dashboards/discover/multi-data-sources.md
index 629d9305165..0b19007d01a 100644
--- a/_dashboards/discover/multi-data-sources.md
+++ b/_dashboards/discover/multi-data-sources.md
@@ -1,11 +1,11 @@
---
layout: default
-title: Multiple data sources
-parent: Discover
+title: Adding multiple data sources
+parent: Exploring data with Discover
nav_order: 5
---
-# Multiple data sources
+# Adding multiple data sources
The multiple data sources feature is an experimental feature released in OpenSearch 2.4. It can't be used in a production environment. For updates on the feature’s progress or to leave feedback on improving the feature, see the [OpenSearch Forum discussion](https://forum.opensearch.org/t/feedback-experimental-feature-connect-to-external-data-sources/11144).
{: .warning }
@@ -14,14 +14,14 @@ You can add multiple data sources to a single dashboard. OpenSearch Dashboards a
In this tutorial we provide the steps for enabling the `data_source` setting in Dashboards; adding credentials, data source connections, and index patterns; and combining visualizations in a single dashboard.
-## Try out the multiple data sources feature in your local environment
+## Try it: Exploring the multiple data sources feature in your local environment
This tutorial uses a preconfigured data source and index pattern, and you aren’t required to configure settings. However, you’ll need to enable the `data_source` setting in the configuration file before before getting started with exploring this feature.
{: .note }
The multiple data sources feature is experimental and can't be deployed into production. You can try it out with a sample data source and a sample index pattern. Before getting started, you must first edit the YAML configuration. The following section provides the steps for enabling the feature.
-## Edit the YAML configuration to enable the multiple data sources feature
+## Modifying the multiple data sources settings
Dashboards is configured in the cluster settings, and the multiple data sources feature is disabled by default. To enable it, you need to edit the configuration in `opensearch_dashboards.yml` and then restart the cluster.
@@ -33,7 +33,7 @@ To enable the feature:
4. Restart the Dashboards container.
5. Verify the feature configuration settings were created and configured properly by connecting to Dashboards through [http://localhost:5601](http://localhost:5601/) and viewing the **Stack Management** console. **Data Sources `Experimental`** will appear in the sidebar. Alternatively, you can open on [http://localhost:5601/app/management/opensearch-dashboards/dataSources](http://localhost:5601/app/management/opensearch-dashboards/dataSource).
-## Create a data source connection
+## Creating a data source connection
A data source connection specifies the parameters needed to connect to a data source. These parameters form a connection string for the data source. In Dashboards, you can add new data source connections or edit existing connections.
@@ -41,90 +41,103 @@ To create a new data source connection:
1. Open Dashboards. If you’re not running the security plugin, go to [`http://localhost:5601`](http://localhost:5601/). If you’re running the security plugin, go to [`https://localhost:5601`](https://localhost:5601/) and log in with the username `admin` and password `admin`.
-2. In the Dashboards console, select **Stack Management > Data Sources `Experimental` > Data Sources > Create data source connection**.
-
+1. In the Dashboards console, choose **Stack Management** > **Data Sources `Experimental`** > **Data Sources** > **Create data source connection**, as shown in the following image.
-3. Add information to each field to configure **Connection Details**, **Endpoint**, and **Authentication** to connect to a data source. For this tutorial, the **Endpoint URL** is `http://localhost:5601/app/management/opensearch-dashboards/dataSources`.
-
+
-4. Select **Create data source connection** to save your settings.
+1. Add information to each field to configure **Connection Details**, **Endpoint**, and **Authentication** to connect to a data source, as shown in the following image. For this tutorial, the **Endpoint URL** is `http://localhost:5601/app/management/opensearch-dashboards/dataSources`.
-5. Return to the **Data Sources** main page to confirm that the newly created data source is listed under **Data Sources**.
-
+
-6. (Optional): Select the data source to verify that the settings are configured properly.
-
+1. Choose **Create data source connection** to save your settings.
+1. Return to the **Data Sources** main page to confirm that the newly created data source is listed under **Data Sources**, as shown in the following image.
-## Create an index pattern
+
+
+1. Optional: Select the data source to verify that the settings are configured properly, as shown in the following image.
+
+
+
+## Creating an index pattern
Index patterns allow you to access the OpenSearch data that you want to explore. An index pattern selects the data to use and allows you to define the field properties. Learn how to load your own data and create an index pattern following these steps. This tutorial uses the preconfigured index pattern `opensearch_dashboards_sample_data_ecommerce Default`.
-1. In the Dashboards console, select **Index Patterns > Create index pattern**.
-
+1. In the Dashboards console, choose **Index Patterns** > **Create index pattern**, as shown in the following image.
+
+
+
+1. Choose **Use external data source connection**.
+1. Start typing in the **Search data sources** field to search for the data source you created earlier and then select the data source and **Next step**, as shown in the following image.
+
+ 
-2. Select **Use external data source connection**.
-3. Start typing in the Search data sources field to search for the data source you created earlier and then select the data source and **Next step**.
-
+1. Add an **Index pattern name** to define the index pattern and then choose **Next step**, as shown in the following image.
-4. Add an **Index pattern name** to define the index pattern and then select **Next step**.
-
+
-5. Select an option for the **Time field** and then choose **Create index pattern**.
-
+1. Select an option for the **Time field** and then choose **Create index pattern**, as shown in the following image.
-## Search data
+
-Before you start searching for data, set up the time filter. The sample index pattern used for this tutorial contains time-based data. You can set a time filter that displays only the data within a specified time range, and you can select the time filter to change the time range or select a specific time range in the histogram.
+## Searching data
-### Use the time filter
+Before you start searching for data, set up the time filter. The sample index pattern used for this tutorial contains time-based data. You can set a time filter that displays only the data within a specified time range, and you can choose the time filter to change the time range or select a specific time range in the histogram.
-1. In the Dashboards console, select **Discover** and confirm the index pattern being used is `opensearch_dashboards_sample_data_ecommerce`.
-2. Select the calendar icon to change the time field. The default is **Last 15 minutes**.
-3. Change the time field to **Last 7 days** and select **Refresh**.
-
+### Adjusting the time filter
-4. To set the start and end times, select the bar next to the time filter. In the popup, select **Absolute**, **Relative**, or **Now** and then specify the required options.
-
+To adjust the time filter:
-### Select a time range from the histogram
+1. In the Dashboards console, choose **Discover** and confirm that the index pattern being used is `opensearch_dashboards_sample_data_ecommerce`.
+2. Choose the calendar icon to change the time field. The default is **Last 15 minutes**.
+3. Change the time field to **Last 7 days** and choose **Refresh**, as shown in the following image.
+
+
+
+4. To set the start and end times, choose the bar next to the time filter. In the popup, select **Absolute**, **Relative**, or **Now** and then specify the required options, as shown in the following image.
+
+
+
+### Selecting a time range from the histogram
To select a time range for the histogram, you can do one of the following:
* Select the bar that represents the time range you want to zoom in on.
-* Select the bar and drag to view a specific time range. You must start the selection with the cursor over the background of the chart—the cursor changes to a plus sign when you hover over a valid start point.
+* Select the bar and drag to view a specific time range. You must start the selection with the cursor over the background of the chart (the cursor changes to a plus sign when you hover over a valid start point).
* Select the dropdown and then select an interval.
+The following image shows a date histogram with an interval dropdown list.
+
-## Create visualizations
+## Creating data visualizations for a dashboard
-Follow these steps to learn how to connect your visualizations in a single dashboard:
+Follow these steps to learn how to create data visualizations for a dashboard:
-1. In the Dashboards console, select **Visualize** > **Create visualization**.
-2. Select the visualization type. For this tutorial, select **Line**.
-3. Choose a source. For this tutorial, select the index pattern `opensearch_dashboards_sample_data_ecommerce`.
-4. Under **Buckets**, select **Add > X-axis**.
-5. In the **Aggregation** field, select **Date Histogram** and then **Update**.
-6. Select **Save** and add the file name. This tutorial uses preconfigured visualizations, so you won’t be able to save your visualization.
+1. In the Dashboards console, choose **Visualize** > **Create visualization**.
+2. Select the visualization type. For this tutorial, choose **Line**.
+3. Select a source. For this tutorial, choose the index pattern `opensearch_dashboards_sample_data_ecommerce`.
+4. Under **Buckets**, choose **Add** > **X-axis**.
+5. In the **Aggregation** field, choose **Date Histogram** and then choose **Update**.
+6. Optional: Choose **Save** and add the file name. This tutorial uses preconfigured data visualizations, so you can't save the file for this tutorial.
-## Connect visualizations in a single dashboard
+## Connecting visualizations in a single dashboard
Follow these steps to connect your visualizations in a single dashboard:
-1. In the Dashboards console, select **Dashboard > Create dashboard**.
-2. Select **Add an existing** and then select the data you want to add.
-3. Select **Save** and add the dashboard name in the **Title field**. This tutorial uses preconfigured dashboards, so you won’t be able to save your dashboard.
+1. In the Dashboards console, choose **Dashboard** > **Create dashboard**.
+2. Choose **Add an existing** and then select the data you want to add.
+3. Choose **Save** and add the dashboard name in the **Title field**. This tutorial uses preconfigured dashboards, so you won’t be able to save your dashboard.
4. Click on the white space left of **Add panels** to view the visualizations in a single dashboard.
-Your dashboard might look like this:
+Your dashboard might look like the one in the following image.
-
+
-You have now explored the data sources experimental feature. We look forward to your feedback on how we can improve this feature ahead of its release for production use.
+You have now explored the data sources experimental feature. To provide feedback on how this feature can be improved ahead of its release for production use, comment in the [OpenSearch forum](https://forum.opensearch.org/).
-## Limitations
+## Understanding feature limitations
-The following limitations apply to the OpenSearch 2.4 release of this experimental feature:
+The following limitations apply to this experimental feature:
* The multiple data sources feature is supported for index-pattern-based visualizations only.
* The visualization types Time Series Visual Builder (TSVB), Vega and Vega-Lite, and timeline are not supported.
@@ -132,5 +145,4 @@ The following limitations apply to the OpenSearch 2.4 release of this experiment
## Related topics
-* [OpenSearch 2.4.0 is ready for download](https://opensearch.org/blog/)
-* [OpenSearch Forum](https://forum.opensearch.org/)
\ No newline at end of file
+* [OpenSearch Forum](https://forum.opensearch.org/)
diff --git a/_dashboards/discover/time-filter.md b/_dashboards/discover/time-filter.md
new file mode 100644
index 00000000000..fe910aba132
--- /dev/null
+++ b/_dashboards/discover/time-filter.md
@@ -0,0 +1,33 @@
+---
+layout: default
+title: Setting the time filter
+parent: Exploring data with Discover
+nav_order: 10
+---
+
+# Setting the time filter
+
+You can change the time range to display dashboard data over minutes, hours, days, weeks, months, or years.
+
+The default time range is **Last 15 minutes**. You can change the time range at the dashboard level or under **Stack Management > Advanced Settings > Time filter defaults**.
+{: .note}
+
+To change the time range at the dashboard level, perform the following steps:
+
+1. Select the calendar icon.
+2. Select one of the time filter options, as shown in the following image:
+ - **Quick select:** Choose a time based on the last or next number of seconds, minutes, hours, days, or another time unit.
+ - **Commonly used:** Choose a common time range like **Today**, **Last 7 days**, or **Last 30 days**.
+ - **Recently used date ranges:** Select a previously used time range.
+ - **Refresh every:** Set an automatic refresh period.
+
+ 
+
+3. Choose **Show dates** to set start and end times, and then select anywhere inside the toolbar to access the time filter pop-up window, as shown in the following image.
+
+ 
+
+4. Select **Absolute**, **Relative**, or **Now** and specify ranges.
+5. Choose **Update** to apply changes, as shown in the following image.
+
+ 
diff --git a/_dashboards/dql.md b/_dashboards/dql.md
deleted file mode 100644
index c0b4fcf523c..00000000000
--- a/_dashboards/dql.md
+++ /dev/null
@@ -1,142 +0,0 @@
----
-layout: default
-title: Dashboards query language
-nav_order: 90
----
-
-# Dashboards Query Language
-
-Similar to the [Query DSL]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/index) that lets you use the HTTP request body to search for data, you can use the Dashboards Query Language (DQL) in OpenSearch Dashboards to search for data and visualizations.
-
-For example, if you want to see all visualizations of visits to a host based in the US, enter `geo.dest:US` into the search field, and Dashboards refreshes to display all related data.
-
-Just like the query DSL, DQL has a handful of query types, so use whichever best fits your use case.
-
-This section uses the OpenSearch Dashboards sample web log data. To add sample data in Dashboards, log in to OpenSearch Dashboards, choose **Home**, **Add sample data**, and then **Add data**.
-
----
-
-#### Table of contents
-1. TOC
-{:toc}
-
----
-
-## Terms query
-
-The most basic query is to just specify the term you're searching for.
-
-```
-host:www.example.com
-```
-
-To access an object's nested field, list the complete path to the field separated by periods. For example, to retrieve the `lat` field in the `coordinates` object:
-
-```
-coordinates.lat:43.7102
-```
-
-DQL also supports leading and trailing wildcards, so you can search for any terms that match your pattern.
-
-```
-host.keyword:*.example.com/*
-```
-
-To check if a field exists or has any data, use a wildcard to see if Dashboards returns any results.
-
-```
-host.keyword:*
-```
-
-## Boolean query
-
-To mix and match, or even combine, multiple queries for more refined results, you can use the boolean operators `and`, `or`, and `not`. DQL is not case sensitive, so `AND` and `and` are the same.
-
-```
-host.keyword:www.example.com and response.keyword:200
-```
-
-The following example demonstrates how to use multiple operators in one query.
-
-```
-geo.dest:US or response.keyword:200 and host.keyword:www.example.com
-```
-
-Remember that boolean operators follow the logical precedence order of `not`, `and`, and `or`, so if you have an expression like the previous example, `response.keyword:200 and host.keyword:www.example.com` gets evaluated first, and then Dashboards uses that result to compare with `geo.dest:US`.
-
-To avoid confusion, we recommend using parentheses to dictate the order you want to evaluate in. If you want to evaluate `geo.dest:US or response.keyword:200` first, your expression becomes:
-
-```
-(geo.dest:US or response.keyword:200) and host.keyword:www.example.com
-```
-
-## Date and range queries
-
-DQL also supports inequalities if you're using numeric inequalities.
-
-```
-bytes >= 15 and memory < 15
-```
-
-Similarly, you can use the same method to find a date before or after your query. `>` indicates a search for a date after your specified date, and `<` returns dates before.
-
-```
-@timestamp > "2020-12-14T09:35:33"
-```
-
-## Nested field query
-
-If you have a document with nested fields, you have to specify which parts of the document you want to retrieve.
-
-Suppose that you have the following document:
-
-```json
-{
- "superheroes":[
- {
- "hero-name": "Superman",
- "real-identity": "Clark Kent",
- "age": 28
- },
- {
- "hero-name": "Batman",
- "real-identity": "Bruce Wayne",
- "age": 26
- },
- {
- "hero-name": "Flash",
- "real-identity": "Barry Allen",
- "age": 28
- },
- {
- "hero-name": "Robin",
- "real-identity": "Dick Grayson",
- "age": 15
- }
- ]
-}
-```
-
-The following example demonstrates how to use DQL to retrieve a specific field.
-
-```
-superheroes: {hero-name: Superman}
-```
-
-If you want to retrieve multiple objects from your document, just specify all of the fields you want to retrieve.
-
-```
-superheroes: {hero-name: Superman} and superheroes: {hero-name: Batman}
-```
-
-The previous boolean and range queries still work, so you can submit a more refined query.
-
-```
-superheroes: {hero-name: Superman and age < 50}
-```
-
-If your document has an object nested within another object, you can still retrieve data by specifying all of the levels.
-
-```
-justice-league.superheroes: {hero-name:Superman}
-```
diff --git a/_dashboards/get-started/quickstart-dashboards.md b/_dashboards/get-started/quickstart-dashboards.md
new file mode 100644
index 00000000000..5cae8b05fa0
--- /dev/null
+++ b/_dashboards/get-started/quickstart-dashboards.md
@@ -0,0 +1,117 @@
+---
+layout: default
+title: Quickstart guide for OpenSearch Dashboards
+nav_order: 20
+has_children: false
+---
+
+# Quickstart guide for OpenSearch Dashboards
+
+This quickstart guide covers the core concepts that you need to understand to get started with OpenSearch Dashboards. You'll learn how to:
+
+- Add sample data.
+- Explore and inspect data with **Discover**.
+- Visualize data with **Dashboard**.
+- Add sample data.
+- Explore and inspect data with **Discover**.
+- Visualize data with **Dashboard**.
+
+Before you get started, make sure you've installed OpenSearch and OpenSearch Dashboards. For information on installation and configuration, see [Install and configure OpenSearch]({{site.url}}{{site.baseurl}}/install-and-configure/install-opensearch/index/) and [Install and configure OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/index/).
+{: .note}
+
+# Adding sample data
+
+Sample datasets come with visualizations, dashboards, and other tools to help you explore Dashboards before you add your own data. To add sample data, perform the following steps:
+
+1. Verify access to OpenSearch Dashboards by connecting to [http://localhost:5601](http://localhost:5601) from a browser. The default username and password are `admin`.
+1. On the OpenSearch Dashboards **Home** page, choose **Add sample data**.
+2. Choose **Add data** to add the datasets, as shown in the following image.
+
+ 
+
+# Exploring and inspecting data
+
+In [**Discover**](discover/index.md), you can:
+
+- Choose data to explore, set a time range for that data, search it using [Dashboards Query Language (DQL)]({{site.url}}{{site.baseurl}}/dashboards/dql/), and filter the results.
+- Explore the data, view individual documents, and create tables summarizing the data's contents.
+- Visualize your findings.
+
+## Try it: Getting familiar with Discover
+
+1. On the OpenSearch Dashboards **Home** page, choose **Discover**.
+1. Change the [time filter](time-filter.md) to **Last 7 days**, as shown in the following image.
+
+ 
+
+2. Search using the DQL query `FlightDelay:true AND DestCountry: US AND FlightDelayMin >= 60` and then choose **Update**. You should see results for US-bound flights delayed by 60 minutes or more, as shown in the following image.
+
+ 
+
+3. To filter data, choose **Add filter** and then select an **Available field**. For example, select `FlightDelayType`, **is**, and **Weather delay** from the **Field**, **Operator**, and **Value** dropdown lists, as shown in the following image.
+
+ 
+
+# Visualizing data
+
+Raw data can be difficult to comprehend and use. Data visualizations help you prepare and present data in a visual form. In **Dashboard** you can:
+
+- Display data in a single view.
+- Build dynamic dashboards.
+- Create and share reports.
+- Embed analytics to differentiate your applications.
+
+## Try it: Getting familiar with Dashboard
+
+1. On the OpenSearch Dashboards **Home** page, choose **Dashboard**.
+1. Choose **[Flights] Global Flight Data** in the **Dashboards** window, as shown in the following image.
+
+ 
+
+1. To add panels to the dashboard, choose **Edit** and then **Add** from the toolbar.
+1. In the **Add panels** window, choose the existing panel **[Flights] Delay Buckets**. You'll see a pop-up window on the lower right confirming that you've added the panel.
+1. Select `x` to close the **Add panels** window.
+1. View the added panel **[Flights] Delay Buckets**, which is added as the last panel on the dashboard, as shown in the following image.
+
+ 
+
+## Try it: Creating a visualization panel
+
+Continuing with the preceding dashboard, you'll create a bar chart comparing the number of canceled flights and delayed flights to delay type and then add the panel to the dashboard:
+
+1. Change the default [time range]({{site.url}}{{site.baseurl}}/dashboards/get-started/time-filter/) from **24 hours** to **Last 7 days**.
+1. In the toolbar, choose **Edit**, then **Create new**.
+1. Select **VisBuilder** in the **New Visualizations** window.
+1. In the **Data Source** dropdown list, choose `opensearch_dashboards_sample_data_flights`.
+1. Drag the fields **Cancelled** and **FlightDelay** to the y-axis column.
+1. Drag the field **FlightDelayType** to the x-axis column.
+1. Choose **Save** and name the visualization in the **Title** field.
+2. Choose **Save and return**. The following bar chart is added as the last panel on the dashboard, as shown in the following image.
+
+
+
+# Interacting with data
+
+Interactive dashboards allow you analyze data in more depth and filter it in several ways. In Dashboards, you can interact directly with data on a dashboard by using dashboard-level filters. For example, continuing with the preceding dashboard, you can filter to show delays and cancellations for a specific airline.
+
+## Try it: Interacting with the sample flight data
+
+1. On the **[Flights] Airline Carrier** panel, choose **OpenSearch-Air**. The dashboard updates automatically.
+1. Choose **Save** to save the customized dashboard.
+
+Alternatively, you can apply filters using the dashboard toolbar:
+
+1. In the dashboard toolbar, choose **Add filter**.
+1. From the **Field**, **Operator**, and **Value** dropdown lists, choose **Carrier**, **is**, and **OpenSearch-Air**, respectively, as shown in the following image.
+
+ 
+
+1. Choose **Save**. The dashboard updates automatically, and the result is the dashboard shown in the following image.
+
+ 
+
+# Next steps
+
+- **Visualize data**. To learn more about data visualizations in OpenSearch Dashboards, see [**Building data visualizations with Visualize**]({{site.url}}{{site.baseurl}}/dashboards/visualize/viz-index/).
+- **Create dashboards**. To learn more about creating dashboards in OpenSearch Dashboards, see [**Creating dashboards with Dashboard**]({{site.url}}{{site.baseurl}}/dashboards/dashboard/).
+- **Explore data**. To learn more about exploring data in OpenSearch Dashboards, see [**Exploring data with Discover**]({{site.url}}{{site.baseurl}}/dashboards/discover/).
\ No newline at end of file
diff --git a/_dashboards/index.md b/_dashboards/index.md
deleted file mode 100644
index 1c0d5a433b6..00000000000
--- a/_dashboards/index.md
+++ /dev/null
@@ -1,60 +0,0 @@
----
-layout: default
-title: Getting started with OpenSearch Dashboards
-nav_order: 1
-has_children: false
-has_toc: false
-redirect_from:
- - /docs/opensearch-dashboards/
- - /dashboards/
----
-
-{%- comment -%}The `/docs/opensearch-dashboards/` redirect is specifically to support the UI links in OpenSearch Dashboards 1.0.0.{%- endcomment -%}
-
-# Getting started with OpenSearch Dashboards
-
-OpenSearch Dashboards is an open-source, integrated visualization tool that makes it easy for users to explore their data in OpenSearch. From real-time application monitoring, threat detection, and incident management to personalized search, OpenSearch Dashboards gives you the data visualizations needed to graphically represent trends, outliers, and patterns in your data. The image below shows a sample of data visualizations in OpenSearch Dashboards.
-
-
-
-## Use cases for OpenSearch Dashboards
-
-In OpenSearch Dashboards, a data dashboard is a collection of charts, graphs, gauges, and other visualizations that gives you a snapshot of the data that you're interested in and that you interact with. You can track, analyze, and display real-time search, monitoring, and analysis of business and operational data for use cases like application monitoring, log analytics, observability, and website search. The image below shows data visualization use cases for OpenSearch Dashboards.
-
-Visualize log and trace data with interactive log analytics. |
-Detect and mitigate issues faster with anomaly detection. |
-
Diagnose performance issues and reduce application downtime. |
-Unlock real-time search, monitoring, and analysis of business and operational data. |
-
-
-## Next steps
-
-You can run OpenSearch Dashboards on a local host after installing OpenSearch. See [Install and configure OpenSearch]({{site.url}}{{site.baseurl}}/install-and-configure/install-opensearch/index/) and [Install and configure OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/index/) for installation instructions.
-
-## Related links
-- [Getting Started with OpenSearch]({{site.url}}{{site.baseurl}}).
-- [Launch Highlight: OpenSearch Playground](https://www.opensearch.org/blog/community/2022/10/opensearch-playground/)
-- [Upgrade from Kibana OSS to OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/upgrade-to/dashboards-upgrade-to/)
-- [OpenSearch Frequently Asked Questions]({{site.url}}/faq/)
-- [OpenSearch Dashboards Developer Guide](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/DEVELOPER_GUIDE.md)
\ No newline at end of file
diff --git a/_dashboards/visualize/maptiles.md b/_dashboards/visualize/maptiles.md
new file mode 100644
index 00000000000..077b23466b4
--- /dev/null
+++ b/_dashboards/visualize/maptiles.md
@@ -0,0 +1,34 @@
+---
+layout: default
+title: WMS map server
+nav_order: 20
+redirect_from:
+ - /docs/opensearch-dashboards/maptiles/
+ - /dashboards/maptiles/
+---
+
+{%- comment -%}The `/docs/opensearch-dashboards/maptiles/` redirect is specifically to support the UI links in OpenSearch Dashboards 1.0.0.{%- endcomment -%}
+
+# Configure WMS map server
+
+OpenSearch Dashboards includes default map tiles, but if you need more specialized maps, you can configure OpenSearch Dashboards to use a WMS map server:
+
+1. Open OpenSearch Dashboards at `https://
+
You can skip the next step for mapping rules if you are satisfied with those automatically populated by the system. Otherwise, go to the next step to specify select rules.
{: .note }
1. In the **Detection rules** section, specify only those rules you want mapped to the detector.
-
+
* Use the toggle to the left of the rule name to select or deselect rules.
-* Use the **Log type**, **Rule severity**, and **Source** dropdown menus to filter the rules you want to select from.
+* Use the **Log type**, **Rule severity**, and **Source** dropdown lists to filter the rules you want to select from.
* Use the **Search** bar to search for specific rules.
To quickly select one or more known rules and dismiss others, first deselect all rules by moving the **Rule name** toggle to the left, then search for your target rule names and select each individually by moving its toggle to the right.
{: .tip }
1. In the **Detector schedule** section, set how often the detector will run. Specify a unit of time and a corresponding number to set the interval.
-1. Select the **Next** button in the lower-right corner of the screen to continue. The Configure field mapping page appears.
+1. Select the **Next** button in the lower-right corner of the screen to continue. The **Configure field mapping** page appears.
## Step 2. Create field mappings
@@ -40,6 +40,8 @@ The field mapping step matches field names from the rule with field names from t
The data source (log index), log type, and detection rules specified in the first step determine which fields are available for mapping. For example, when "Windows logs" is selected as the log type, this parameter, along with the specific detection rules, determines the list of rule field names available for the mapping. Similarly, the selected data source (log index) determines the list of log field names that are available for the mapping.
+Because the system uses prepackaged Sigma rules for detector creation, it can automatically map important fields for a specific log type with the corresponding fields in the Sigma rules. The field mapping step presents a view of automatically mapped fields while also providing the option to customize, change, or add new field mappings. When a detector includes custom rules, you can follow this step to manually map rule field names to log field names.
+
#### A note on field names
The field mapping process requires that you are familiar with the field names in the log index and have an understanding of the data contained in those fields. If you have an understanding of the log fields in the index, the mapping is typically a straightforward process.
@@ -48,9 +50,16 @@ Security Analytics takes advantage of prepackaged Sigma rules for security event
Although the ECS rule field names are largely self-explanatory, you can find predefined mappings of the Sigma rule field names with ECS rule field names, for all supported log types, in the GitHub Security Analytics repository. Navigate to the [OSMappings](https://github.com/opensearch-project/security-analytics/tree/main/src/main/resources/OSMapping) folder, select the folder named for the log type, and open the `fieldmappings.yml` file. For example, to see the Sigma rule fields that correspond to ECS rule fields for the Windows log type, open the [fieldmappings.yml file](https://github.com/opensearch-project/security-analytics/blob/main/src/main/resources/OSMapping/windows/fieldmappings.yml) in the **windows** folder.
+### Default field mappings
+
+Once you navigate to the **Configure field mapping** page, the system attempts to automatically map fields between the two sources. The **Default mapped fields** table contains mappings that the system created automatically after defining the detector. As shown in the image that follows, when the field names are similar to one another the system can successfully match the two.
+
+
+Although these automatic matches are normally dependable, it's still a good idea to review the mappings in the **Default mapped fields** table and verify that they are correct and matched as expected. If you find a mapping that doesn't appear to be accurate, you can use the dropdown list as described in the [Pending field mappings](#pending-field-mappings) section that follows to correct the field mapping.
+
### Pending field mappings
-Once you navigate to the **Configure field mapping** page, the system attempts to automatically map fields between the two sources. Those field names that are not automatically mapped appear in the **Pending field mapping** table. In this table you can manually map rule fields to log fields, as shown in the following image.
+The field names that are not automatically mapped appear in the **Pending field mappings** table. In this table you can manually map rule fields to log fields, as shown in the following image.
While mapping fields, consider the following:
@@ -59,35 +68,30 @@ While mapping fields, consider the following:
* To map a rule field name to a log field name, use the dropdown arrow to open the list of log fields and select the log field name from the list. To search for names in the log field list, enter text in the **Select a mapping field** box.
* Once the log field name is selected and mapped to the rule field name, the icon in the Status column to the right changes to a green check mark.
-* Make as many matches between field names as possible to complete an accurate mapping for rule and log fields.
-
-### Default field mappings
-
-The **Default mapped fields** table contains mappings that the system created automatically after defining the detector. As shown in the image that follows, when the field names are similar to one another the system can successfully match the two.
-
-
-Although these automatic matches are normally dependable, it's still a good idea to review the mappings and verify that they are correct and matched as expected. If you find a mapping that doesn't appear to be accurate, you can use the dropdown list as described in the [Pending field mappings](#pending-field-mappings) section above to correct the field mapping.
+* Make as many matches between field names as possible to complete an accurate mapping for rule and log fields.
After completing the mappings, select the **Next** button in the lower-right corner of the screen. The **Set up alerts** page appears and displays settings for an alert trigger.
## Step 3. Set up alerts
-At this stage, setting up alerts is optional for creating a new detector. Alerts can be configured at any time, including from the Findings window. This section describes the process for defining the alert conditions during creation of a detector. To see how to initiate creation of alerts from the Findings window, see [The findings list]({{site.url}}{{site.baseurl}}/security-analytics/usage/findings/#the-findings-list).
+The third step in creating a detector involves setting up alerts. Alerts are configured to create triggers that, when matched with a set of detection rule criteria, send a notification of a possible security event. You can select rule names, rule severity, and tags in any combination to define a trigger. Once a trigger is defined, the alert setup lets you choose the channel on which to be notified and provides options for customizing a message for the notification.
+
+At least one alert condition is required before a detector can begin generating findings.
+{: .note }
-To skip directly to generating findings from the detector, select the **Remove alert trigger** button and then the **Next** button in the lower-right corner of the screen. Review the detector's definition and then select the **Create** button in the lower-right corner of the screen. The detector is created.
-{: .tip }
+You can also configure alerts from the **Findings** window. To see how to set up alerts from the **Findings** window, see [The findings list]({{site.url}}{{site.baseurl}}/security-analytics/usage/findings/#the-findings-list). A final option for adding additional alerts is to edit a detector and navigate to the **Alert triggers** tab, where you can edit existing alerts as well as add new ones. For details, see [Editing a detector]({{site.url}}{{site.baseurl}}security-analytics/usage/detectors/#editing-a-detector).
-To set up an alert for the detector at this stage of detector creation, continue with the following steps:
+To set up an alert for a detector, continue with the following steps:
1. In the **Trigger name** box, enter a name for the trigger.
1. To define rule matches for the alert, select security rules, severity levels, and tags.
-
-* Select one rule or multiple rules that will trigger the alert. Put the cursor in the **Rule names** box and type a name to search for it. To remove a rule name, select the **X** beside the name. To remove all rule names, select the **X** beside the dropdown menu's down arrow.
-
+
+* Select one rule or multiple rules that will trigger the alert. Put the cursor in the **Rule names** box and type a name to search for it. To remove a rule name, select the **X** beside the name. To remove all rule names, select the **X** beside the dropdown list's down arrow.
+
* Select one or more rule severities as conditions for the alert.
* Select from a list of tags to include as conditions for the alert.
1. To define a notification for the alert, assign an alert severity, select a channel for the notification, and customize a message generated for the alert.
-
+
* Assign a level of severity for the alert to give the recipient an indication of its urgency.
* Select a channel for the notification. Examples include Slack, Chime, or email. Select the **Manage channels** link to the right of the field to link the notification to a preferred channel.
* Select the **Show notify message** label to expand message preferences. You can add a subject for the message and a note to inform recipients of the nature of the message.
diff --git a/_security-analytics/sec-analytics-config/index.md b/_security-analytics/sec-analytics-config/index.md
index 7d63010d129..1925a97262b 100644
--- a/_security-analytics/sec-analytics-config/index.md
+++ b/_security-analytics/sec-analytics-config/index.md
@@ -21,4 +21,4 @@ Before Security Analytics can begin generating findings and sending alerts, admi
1. To get started, select the top menu on the Dashboards home page and then select **Security Analytics**. The Overview page for Security Analytics is displayed.
1. From the options on the left side of the page, select **Detectors** to begin creating a detector.
-
+
diff --git a/_security-analytics/usage/alerts.md b/_security-analytics/usage/alerts.md
index b21e823366f..1d2e24e34e0 100644
--- a/_security-analytics/usage/alerts.md
+++ b/_security-analytics/usage/alerts.md
@@ -15,21 +15,21 @@ You can select the **Refresh** button at any time to refresh information on the
## The Alerts graph
-The Alerts graph can display alerts by their status or severity. Use the **Group by** dropdown menu to specify either Alert status or Alert severity.
+The Alerts graph can display alerts by their status or severity. Use the **Group by** dropdown list to specify either Alert status or Alert severity.
To specify the date range you would like the graph to display, first select the calendar dropdown arrow. The date selector window opens.
-
+
You can use the **Quick select** settings to specify an exact window of time.
-* Select either **Last** or **Next** in the first dropdown menu to set the window of time behind the current setting or ahead of the current setting.
-* Select a number in the second dropdown menu to define a value for the range.
-* Select a unit of time in the third dropdown menu. Available options are seconds, minutes, hours, days, weeks, months, and years.
+* Select either **Last** or **Next** in the first dropdown list to set the window of time behind the current setting or ahead of the current setting.
+* Select a number in the second dropdown list to define a value for the range.
+* Select a unit of time in the third dropdown list. Available options are seconds, minutes, hours, days, weeks, months, and years.
Select the **Apply** button to apply the range of dates to the graph. Information on the graph changes accordingly.
-
+
You can use the left and right arrows to move the window of time behind the current range of dates or ahead of the current range of dates. When you use these arrows, the start date and end date appear in the date range field. You can then select each one to set an absolute, relative, or current date and time. For absolute and relative changes, select the **Update** button to apply the changes. -
+
-As an alternative, you can select an option in the **Commonly used** section (see the preceding image of the calendar dropdown menu) to conveniently set a window of time. Options include date ranges such as **Today**, **Yesterday**, **this week**, and **week to date**.
+As an alternative, you can select an option in the **Commonly used** section (see the preceding image of the calendar dropdown list) to conveniently set a window of time. Options include date ranges such as **Today**, **Yesterday**, **this week**, and **week to date**.
When one of the commonly used windows of time is selected, you can select the **Show dates** label in the date range field to populate the range of dates. Following that, you can select either the start date or end date to specify by an absolute, relative, or current date and time setting. For absolute and relative changes, select the **Update** button to apply the changes.
@@ -38,5 +38,5 @@ As one more alternative, you can select an option from the **Recently used date
## The Alerts list
The Alerts list displays all findings according to the time when the alert was triggered, the alert's trigger name, the detector that triggered the alert, the alert status, and alert severity.
-Use the **Alert severity** dropdown menu to filter the list of alerts by severity. Use the **Status** dropdown menu to filter the list by alert status.
+Use the **Alert severity** dropdown list to filter the list of alerts by severity. Use the **Status** dropdown list to filter the list by alert status.
diff --git a/_security-analytics/usage/detectors.md b/_security-analytics/usage/detectors.md
index 1570bd19944..1c692d66eea 100644
--- a/_security-analytics/usage/detectors.md
+++ b/_security-analytics/usage/detectors.md
@@ -8,24 +8,24 @@ nav_order: 30
# Working with detectors
After creating a detector, it appears on the Threat detectors page along with others saved to the system. You can then perform a number of actions for each detector, from editing its details to changing its status. See the following sections for description of the available actions.
-
+
## Threat detector list
-The list of threat detectors includes the search bar, the **Status** dropdown menu, and the **Log type** dropdown menu.
+The list of threat detectors includes the search bar, the **Status** dropdown list, and the **Log type** dropdown list.
* Use the search bar to filter by detector name.
-* Select the **Status** dropdown menu to filter detectors in the list by Active and Inactive status.
-* Select the **Log type** dropdown menu to filter detectors by any log type that appears in the list (the options depend on the detectors present in the list and their log types).
+* Select the **Status** dropdown list to filter detectors in the list by Active and Inactive status.
+* Select the **Log type** dropdown list to filter detectors by any log type that appears in the list (the options depend on the detectors present in the list and their log types).
### Editing a detector
To edit a detector, begin by selecting the link to the detector in the Detector name column of the list. The detector's details window opens and shows details about the detector's configuration.
-
+
* In the upper-left portion of the window, the details window shows the name of the detector and its status, either Active or Inactive.
* In the upper-right corner of the window, you can select **View alerts** to go to the Alerts window or **View findings** to go to the Findings window. You can also select **Actions** to perform actions for the detector. See [Detector actions]({{site.url}}{{site.baseurl}}/security-analytics/usage/detectors/#detector-actions).
* In the lower portion of the window, select the **Edit** button for either Detector details or Detection rules to make changes accordingly.
* Finally, you can select the **Field mappings** tab to edit field mappings for the detector, or select the **Alert triggers** tab to make edits to alerts associated with the detector.
-
+
After you select the **Alert triggers** tab, you also have the option to add additional alerts for the detector by selecting **Add another alert condition** at the bottom of the page.
{: .tip }
@@ -33,16 +33,16 @@ To edit a detector, begin by selecting the link to the detector in the Detector
## Detector actions
Threat detector actions allow you to stop and start detectors or delete a detector. To enable actions, first select the checkbox beside one or more detectors in the list.
-
+
### Changing detector status
-1. Select the detector or detectors in the list whose status you would like to change. The **Actions** dropdown menu becomes enabled.
+1. Select the detector or detectors in the list whose status you would like to change. The **Actions** dropdown list becomes enabled.
1. Depending on whether the detector is currently active or inactive, select either **Stop detector** or **Start detector**. After a moment, the change in status of the detector appears in the detector list as either Inactive or Active.
### Deleting a detector
-1. Select the detector or detectors in the list that you would like to delete. The **Actions** dropdown menu becomes enabled.
-1. Select **Delete** in the dropdown menu. The Delete detector popup window opens and asks you to verify that you want to delete the detector or detectors.
+1. Select the detector or detectors in the list that you would like to delete. The **Actions** dropdown list becomes enabled.
+1. Select **Delete** in the dropdown list. The Delete detector popup window opens and asks you to verify that you want to delete the detector or detectors.
1. Select **Cancel** to decline the action. Select **Delete detector** to delete the detector or detectors permanently from the list.
diff --git a/_security-analytics/usage/findings.md b/_security-analytics/usage/findings.md
index 9eee29c6da1..432e87079bd 100644
--- a/_security-analytics/usage/findings.md
+++ b/_security-analytics/usage/findings.md
@@ -15,21 +15,21 @@ You can select the **Refresh** button at any time to refresh information on the
## The Findings graph
-The findings graph can display findings by log type or rule severity. Use the **Group by** dropdown menu to specify either log type or rule severity.
+The findings graph can display findings by log type or rule severity. Use the **Group by** dropdown list to specify either log type or rule severity.
-To specify the date range you would like the graph to display, first select the calendar dropdown menu. The date selector window opens.
-
+To specify the date range you would like the graph to display, first select the calendar dropdown list. The date selector window opens.
+
You can use the **Quick select** settings to specify an exact window of time.
-* Select either **Last** or **Next** in the first dropdown menu to set the window of time behind the current setting or ahead of the current setting.
-* Select a number in the second dropdown menu to define a value for the range.
-* Select a unit of time in the third dropdown menu. Available options are seconds, minutes, hours, days, weeks, months, and years.
+* Select either **Last** or **Next** in the first dropdown list to set the window of time behind the current setting or ahead of the current setting.
+* Select a number in the second dropdown list to define a value for the range.
+* Select a unit of time in the third dropdown list. Available options are seconds, minutes, hours, days, weeks, months, and years.
Select the **Apply** button to apply the range of dates to the graph. Information on the graph changes accordingly.
-
+
You can use the left and right arrows to move the window of time behind the current range of dates or ahead of the current range of dates. When you use these arrows, the start date and end date appear in the date range field. You can then select each one to set an absolute, relative, or current date and time. For absolute and relative changes, select the **Update** button to apply the changes. -
+
-As an alternative, you can select an option in the **Commonly used** section (see the preceding image of the calendar dropdown menu) to conveniently set a window of time. Options include date ranges such as **Today**, **Yesterday**, **this week**, and **week to date**.
+As an alternative, you can select an option in the **Commonly used** section (see the preceding image of the calendar dropdown list) to conveniently set a window of time. Options include date ranges such as **Today**, **Yesterday**, **this week**, and **week to date**.
When one of the commonly used windows of time is selected, you can select the **Show dates** label in the date range field to populate the range of dates. Following that, you can select either the start date or end date to specify by an absolute, relative, or current date and time setting. For absolute and relative changes, select the **Update** button to apply the changes.
@@ -38,8 +38,8 @@ As one more alternative, you can select an option from the **Recently used date
## The Findings list
The Findings list displays all findings according to time of the finding, the finding ID, the rule name that generated the finding, the detector that captured the finding, and other details.
-
-Use the **Rule severity** dropdown menu to filter the list of findings by severity. Use the **log type** dropdown menu to filter the list by log type.
+
+Use the **Rule severity** dropdown list to filter the list of findings by severity. Use the **log type** dropdown list to filter the list by log type.
Each finding in the list includes a finding ID. You can select the ID to open the Finding details pane, which describes the finding by parameters defined when creating the detector.
The Actions column includes two options for each finding:
* The diagonal arrow provides another way to open the Findings detail pane.
diff --git a/_security-analytics/usage/overview.md b/_security-analytics/usage/overview.md
index d32fef9588f..ac7d8eb6ed7 100644
--- a/_security-analytics/usage/overview.md
+++ b/_security-analytics/usage/overview.md
@@ -21,7 +21,7 @@ Each section provides a summary description for each element of Security Analyti
The upper portion of the Overview page contains two control buttons for refreshing information and getting started with Security Analytics. You can select the **Refresh** button to refresh all of the information on the page.
You can also select the **Getting started** link to expand the Get started with Security Analytics window, which includes a summary of the setup steps as well as control buttons that allow you to jump to any of the steps.
-
+
* In step 1 of setup, select **Create detector** to define a detector.
* In step 2, select **View findings** to go to the Findings page. For details about this page, see [Working with findings]({{site.url}}{{site.baseurl}}/security-analytics/usage/findings/).
* In step 3, select **View alerts** to go to the Security alerts page. For details about this page, see [Working with alerts]({{site.url}}{{site.baseurl}}/security-analytics/usage/alerts/).
@@ -29,7 +29,7 @@ You can also select the **Getting started** link to expand the Get started with
## Findings and alert count
-The Findings and alert count section provides a graph showing data on the latest findings. Use the **Group by** menu to select either **All findings** or **Log type**.
+The Findings and alert count section provides a graph showing data on the latest findings. Use the **Group by** dropdown list to select either **All findings** or **Log type**.
## Recent alerts
@@ -42,9 +42,9 @@ The Recent findings table displays recent findings by time, rule name, rule seve
## Most frequent detection rules
This section provides a graphical representation of detection rules that trigger findings most often and how they compare to others as a percentage of the whole. The rule names represented by the graph are listed to the right.
-
+
## Detectors
-Detectors displays a list of available detectors by detector name, status (active/inactive), and log type. Select **View all detectors** to go to the Detectors page. Select **Create detector** to go directly to the Define detector page.
+The Detectors section displays a list of available detectors by detector name, status (active/inactive), and log type. Select **View all detectors** to go to the Detectors page. Select **Create detector** to go directly to the Define detector page.
diff --git a/_security-analytics/usage/rules.md b/_security-analytics/usage/rules.md
index 5c3666f1aaf..feed0f9f2d9 100644
--- a/_security-analytics/usage/rules.md
+++ b/_security-analytics/usage/rules.md
@@ -8,29 +8,29 @@ nav_order: 40
# Working with rules
The Rules window lists all security rules and provides options for filtering the list and viewing details for each rule. Further options let you import rules and create new rules by first duplicating a Sigma rule then modifying it. This section covers navigation of the Rules page and description of the actions you can perform.
-
+
## Viewing and filtering rules
When you open the Rules page, all rules are listed in the table. Use the search bar to search for specific rules by entering a full or partial name and pressing **Return/Enter** on your keyboard. The list is filtered and displays matching results.
-Alternatively, you can use the **Rule type**, **Rule severity**, and **Source** dropdown menus to drill down in the list of alerts and filter for preferred results. You can select multiple options from each menu and use all three menus in combination to narrow results.
-
+Alternatively, you can use the **Rule type**, **Rule severity**, and **Source** dropdown lists to drill down in the alerts and filter for preferred results. You can select multiple options from each list and use all three in combination to narrow results.
+
### Rule details
To see rule details, select the rule in the Rule name column of the list. The rule details pane opens.
-
+
In Visual view, rule details are arranged in fields, and the links are active. Select **YAML** to display the rule in YAML file format.
-
+
* Rule details are formatted as a YAML file according to the Sigma rule specification.
* To copy the rule, select the copy icon in the top right corner of the rule. To quickly create a new and customized rule, you can paste the rule into the YAML editor and make any modifications before saving it. See [Customizing rules](#customizing-rules) for details.
## Creating rules
There are several ways to create rules on the Rules page. The first is to manually fill in the necessary fields that complete the rule, using either the Visual Editor or YAML Editor. To do this, select the **Create new rule** button in the uppper-right corner of the Rules window. The Create a rule window opens.
-
+
If you choose to create the rule manually, you can refer to Sigma's [Rule Creation Guide](https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide) to help understand details for each field.
* By default, the Visual Editor is displayed. Enter the appropriate content in each field and select **Create** in the lower-right corner of the window to save the rule.
@@ -75,6 +75,7 @@ author:
- David ANDRE
status: experimental
```
+{% include copy.html %}
1. To begin, select the **Import rule** button in the upper-right corner of the page. The Import rule page opens.
1. Either drag a YAML-formatted Sigma rule into the window or browse for the file by selecting the link and opening it. The Import a rule window opens and the rule definition fields are automatically populated in both the Visual Editor and YAML Editor.
@@ -84,15 +85,15 @@ status: experimental
## Customizing rules
An alternative to importing a rule is duplicating a Sigma rule and then modifying it to create a custom rule. First search for or filter rules in the Rules list to locate the rule you want to duplicate.
-
+
1. To begin, select the rule in the Rule name column. The rule details pane opens.
-
+
1. Select the **Duplicate** button in the upper-right corner of the pane. The Duplicate rule window opens in Visual Editor view and all of the fields are automatically populated with the rule's details. Details are also populated in YAML Editor view.
-
+
1. In either Visual Editor view or YAML Editor view, modify any of the fields to customize the rule.
1. After performing any modifications to the rule, select the **Create** button in the lower-right corner of the window. A new and customized rule is created, and it appears in the list of rules on the main page of the Rules window.
-
+
You cannot modify the Sigma rule itself. The original Sigma rule always remains in the system. Its duplicate, after modification, becomes the custom rule that is added to the list of rules.
{: .note }
diff --git a/_security/access-control/index.md b/_security/access-control/index.md
index 4a23e9f07b2..48e7b53e2c4 100644
--- a/_security/access-control/index.md
+++ b/_security/access-control/index.md
@@ -5,7 +5,7 @@ nav_order: 75
has_children: true
has_toc: false
redirect_from:
- - /security/access-control/
+ - /security-plugin/access-control/index/
---
# Access control
diff --git a/_security/access-control/permissions.md b/_security/access-control/permissions.md
index bdfeaf39189..47f2becacc6 100644
--- a/_security/access-control/permissions.md
+++ b/_security/access-control/permissions.md
@@ -3,6 +3,8 @@ layout: default
title: Permissions
parent: Access control
nav_order: 110
+redirect_from:
+ - /security-plugin/access-control/permissions/
---
# Permissions
diff --git a/_security/configuration/configuration.md b/_security/configuration/configuration.md
index 073fd73d16b..a76f18cfa5f 100755
--- a/_security/configuration/configuration.md
+++ b/_security/configuration/configuration.md
@@ -3,6 +3,8 @@ layout: default
title: Configuring the Security backend
parent: Configuration
nav_order: 5
+redirect_from:
+ - /security-plugin/configuration/yaml
---
# Configuring the Security backend
diff --git a/_security/configuration/disable.md b/_security/configuration/disable.md
index 036acc95884..b9f9923baf7 100755
--- a/_security/configuration/disable.md
+++ b/_security/configuration/disable.md
@@ -3,6 +3,8 @@ layout: default
title: Disabling security
parent: Configuration
nav_order: 40
+redirect_from:
+ - /security-plugin/configuration/generate-certificates/
---
# Disabling security
diff --git a/_security/configuration/index.md b/_security/configuration/index.md
index 88e535cec5e..81e43b134f5 100644
--- a/_security/configuration/index.md
+++ b/_security/configuration/index.md
@@ -5,7 +5,8 @@ nav_order: 2
has_children: true
has_toc: false
redirect_from:
- - /security/configuration/
+ - /security-plugin/configuration/
+ - /security-plugin/configuration/index/
---
# Security configuration
diff --git a/_security/configuration/security-admin.md b/_security/configuration/security-admin.md
index e3415b93f0d..d88c35d1173 100755
--- a/_security/configuration/security-admin.md
+++ b/_security/configuration/security-admin.md
@@ -3,6 +3,8 @@ layout: default
title: Applying changes to configuration files
parent: Configuration
nav_order: 25
+redirect_from:
+ - /security-plugin/configuration/security-admin/
---
# Applying changes to configuration files
diff --git a/_security/configuration/tls.md b/_security/configuration/tls.md
index 2a332feef6b..8d99cd651d0 100755
--- a/_security/configuration/tls.md
+++ b/_security/configuration/tls.md
@@ -3,6 +3,8 @@ layout: default
title: Configuring TLS certificates
parent: Configuration
nav_order: 15
+redirect_from:
+ - /security-plugin/configuration/tls/
---
# Configuring TLS certificates
diff --git a/_security/configuration/yaml.md b/_security/configuration/yaml.md
index 0138df3f3e2..b37c528fc89 100644
--- a/_security/configuration/yaml.md
+++ b/_security/configuration/yaml.md
@@ -3,6 +3,8 @@ layout: default
title: Modifying the YAML files
parent: Configuration
nav_order: 10
+redirect_from:
+ - /security-plugin/configuration/yaml/
---
# Modifying the YAML files
diff --git a/_security/index.md b/_security/index.md
index 900f7a26cae..a76a3593d85 100755
--- a/_security/index.md
+++ b/_security/index.md
@@ -6,6 +6,7 @@ has_children: false
has_toc: false
redirect_from:
- /security/
+ - /security-plugin/index/
---
# About Security in OpenSearch
diff --git a/_tuning-your-cluster/availability-and-recovery/index.md b/_tuning-your-cluster/availability-and-recovery/index.md
new file mode 100644
index 00000000000..3a68fd4c22e
--- /dev/null
+++ b/_tuning-your-cluster/availability-and-recovery/index.md
@@ -0,0 +1,9 @@
+---
+layout: default
+title: Availability and Recovery
+nav_order: 20
+has_children: true
+has_toc: true
+---
+
+The following OpenSearch features help ensure consistent uptime so that your cluster can complete and scale based on your use case, as well as creating snapshots.
\ No newline at end of file
diff --git a/_opensearch/remote.md b/_tuning-your-cluster/availability-and-recovery/remote.md
similarity index 99%
rename from _opensearch/remote.md
rename to _tuning-your-cluster/availability-and-recovery/remote.md
index e39e43334a4..1d2977b8926 100644
--- a/_opensearch/remote.md
+++ b/_tuning-your-cluster/availability-and-recovery/remote.md
@@ -1,7 +1,10 @@
---
layout: default
title: Remote-backed storage
-nav_order: 19
+nav_order: 40
+parent: Availability and Recovery
+redirect_from:
+ - /opensearch/remote/
---
# Remote-backed storage
diff --git a/_opensearch/search-backpressure.md b/_tuning-your-cluster/availability-and-recovery/search-backpressure.md
similarity index 99%
rename from _opensearch/search-backpressure.md
rename to _tuning-your-cluster/availability-and-recovery/search-backpressure.md
index ea45d84c9b6..1133a7d41f9 100644
--- a/_opensearch/search-backpressure.md
+++ b/_tuning-your-cluster/availability-and-recovery/search-backpressure.md
@@ -1,8 +1,11 @@
---
layout: default
title: Search backpressure
-nav_order: 63
+nav_order: 60
has_children: false
+parent: Availability and Recovery
+redirect_from:
+ - /opensearch/search-backpressure/
---
# Search backpressure
diff --git a/_opensearch/segment-replication/configuration.md b/_tuning-your-cluster/availability-and-recovery/segment-replication/configuration.md
similarity index 98%
rename from _opensearch/segment-replication/configuration.md
rename to _tuning-your-cluster/availability-and-recovery/segment-replication/configuration.md
index 22aeeb9cfda..b336df6985a 100644
--- a/_opensearch/segment-replication/configuration.md
+++ b/_tuning-your-cluster/availability-and-recovery/segment-replication/configuration.md
@@ -3,6 +3,7 @@ layout: default
title: Segment replication configuration
nav_order: 12
parent: Segment replication
+grand_parent: Availability and Recovery
---
# Segment replication configuration
diff --git a/_opensearch/segment-replication/index.md b/_tuning-your-cluster/availability-and-recovery/segment-replication/index.md
similarity index 93%
rename from _opensearch/segment-replication/index.md
rename to _tuning-your-cluster/availability-and-recovery/segment-replication/index.md
index b7ff27655ee..b7641f81920 100644
--- a/_opensearch/segment-replication/index.md
+++ b/_tuning-your-cluster/availability-and-recovery/segment-replication/index.md
@@ -1,10 +1,12 @@
---
layout: default
title: Segment replication
-nav_order: 64
+nav_order: 70
has_children: true
+parent: Availability and Recovery
redirect_from:
- /opensearch/segment-replication/
+ - /opensearch/segment-replication/index/
---
# Segment replication
diff --git a/_opensearch/shard-indexing-backpressure.md b/_tuning-your-cluster/availability-and-recovery/shard-indexing-backpressure.md
similarity index 94%
rename from _opensearch/shard-indexing-backpressure.md
rename to _tuning-your-cluster/availability-and-recovery/shard-indexing-backpressure.md
index ac58c7d358a..cde2f125cb6 100644
--- a/_opensearch/shard-indexing-backpressure.md
+++ b/_tuning-your-cluster/availability-and-recovery/shard-indexing-backpressure.md
@@ -3,6 +3,9 @@ layout: default
title: Shard indexing backpressure
nav_order: 62
has_children: true
+parent: Availability and Recovery
+redirect_from:
+ - /opensearch/shard-indexing-backpressure/
---
# Shard indexing backpressure
diff --git a/_opensearch/shard-indexing-settings.md b/_tuning-your-cluster/availability-and-recovery/shard-indexing-settings.md
similarity index 97%
rename from _opensearch/shard-indexing-settings.md
rename to _tuning-your-cluster/availability-and-recovery/shard-indexing-settings.md
index 8726906352b..88b0ea70b4c 100644
--- a/_opensearch/shard-indexing-settings.md
+++ b/_tuning-your-cluster/availability-and-recovery/shard-indexing-settings.md
@@ -2,8 +2,10 @@
layout: default
title: Settings
parent: Shard indexing backpressure
-nav_order: 1
-has_children: false
+nav_order: 50
+grand_parent: Availability and Recovery
+redirect_from:
+ - /opensearch/shard-indexing-settings/
---
# Settings
diff --git a/_opensearch/snapshots/index.md b/_tuning-your-cluster/availability-and-recovery/snapshots/index.md
similarity index 75%
rename from _opensearch/snapshots/index.md
rename to _tuning-your-cluster/availability-and-recovery/snapshots/index.md
index 192f6f02ec8..43ceec1d7b9 100644
--- a/_opensearch/snapshots/index.md
+++ b/_tuning-your-cluster/availability-and-recovery/snapshots/index.md
@@ -1,9 +1,12 @@
---
layout: default
title: Snapshots
-nav_order: 65
+nav_order: 30
has_children: true
-redirect_from: /opensearch/snapshots/
+parent: Availability and Recovery
+redirect_from:
+ - /opensearch/snapshots/
+ - /opensearch/snapshots/index/
has_toc: false
---
@@ -24,4 +27,4 @@ Snapshots have two main uses:
You can take and restore snapshots using the [snapshot API]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore).
-If you need to automate taking snapshots, you can use the [Snapshot Management]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-management) feature.
+If you need to automate taking snapshots, you can use the [snapshot management]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-management) feature.
diff --git a/_opensearch/snapshots/searchable_snapshot.md b/_tuning-your-cluster/availability-and-recovery/snapshots/searchable_snapshot.md
similarity index 98%
rename from _opensearch/snapshots/searchable_snapshot.md
rename to _tuning-your-cluster/availability-and-recovery/snapshots/searchable_snapshot.md
index deab138c83b..f7ef3c981da 100644
--- a/_opensearch/snapshots/searchable_snapshot.md
+++ b/_tuning-your-cluster/availability-and-recovery/snapshots/searchable_snapshot.md
@@ -3,7 +3,9 @@ layout: default
title: Searchable snapshots
parent: Snapshots
nav_order: 40
-has_children: false
+grand_parent: Availability and Recovery
+redirect_from:
+ - /opensearch/snapshots/searchable_snapshot/
---
# Searchable snapshots
diff --git a/_opensearch/snapshots/sm-api.md b/_tuning-your-cluster/availability-and-recovery/snapshots/sm-api.md
similarity index 97%
rename from _opensearch/snapshots/sm-api.md
rename to _tuning-your-cluster/availability-and-recovery/snapshots/sm-api.md
index 70b779ef05a..0db74993d27 100644
--- a/_opensearch/snapshots/sm-api.md
+++ b/_tuning-your-cluster/availability-and-recovery/snapshots/sm-api.md
@@ -1,14 +1,17 @@
---
layout: default
-title: Snapshot Management API
+title: Snapshot management API
parent: Snapshots
nav_order: 30
has_children: false
+grand_parent: Availability and Recovery
+redirect_from:
+ - /opensearch/snapshots/sm-api/
---
# Snapshot Management API
-Use the [Snapshot Management (SM)]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots) API to automate [taking snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots).
+Use the [snapshot management (SM)]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots) API to automate [taking snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots).
---
@@ -182,7 +185,7 @@ Parameter | Type | Description
`snapshot_config.indices` | String | The names of the indexes in the snapshot. Multiple index names are separated by `,`. Supports wildcards (`*`). Optional. Default is `*` (all indexes).
`snapshot_config.repository` | String | The repository in which to store snapshots. Required.
`snapshot_config.ignore_unavailable` | Boolean | Do you want to ignore unavailable indexes? Optional. Default is `false`.
-`snapshot_config.include_global_state` | Boolean | Do you want to include cluster state? Optional. Default is `true` because of [Security plugin considerations]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore/#security-plugin-considerations).
+`snapshot_config.include_global_state` | Boolean | Do you want to include cluster state? Optional. Default is `true` because of [Security plugin considerations]({{site.url}}{{site.baseurl}}/tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore#security-considerations).
`snapshot_config.partial` | Boolean | Do you want to allow partial snapshots? Optional. Default is `false`.
`snapshot_config.metadata` | Object | Metadata in the form of key/value pairs. Optional.
`creation` | Object | Configuration for snapshot creation. Required.
diff --git a/_tuning-your-cluster/availability-and-recovery/snapshots/sm-dashboards.md b/_tuning-your-cluster/availability-and-recovery/snapshots/sm-dashboards.md
new file mode 100644
index 00000000000..9da90a7855f
--- /dev/null
+++ b/_tuning-your-cluster/availability-and-recovery/snapshots/sm-dashboards.md
@@ -0,0 +1,176 @@
+---
+layout: default
+title: Snapshot management
+parent: Index and snapshot management in OpenSearch Dashboards
+nav_order: 17
+---
+
+# Snapshot management
+
+You can set up Snapshot Management (SM) in OpenSearch Dashboards.
+
+[Snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/index/) are backups of a cluster’s indexes and state. The state includes cluster settings, node information, index metadata (mappings, settings, templates), and shard allocation.
+
+Snapshots have two main uses:
+
+1. Recovering from failure
+
+ For example, if cluster health goes red, you might restore the red indexes from a snapshot.
+
+2. Migrating from one cluster to another
+
+ For example, if you’re moving from a proof of concept to a production cluster, you might take a snapshot of the former and restore it on the latter.
+
+You can take and restore snapshots using snapshot management in OpenSearch Dashboards.
+
+If you need to automate snapshots creation, you can use a snapshot policy.
+
+## Creating a repository
+
+Before you create an SM policy, you need to set up a repository for snapshots.
+
+1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**.
+1. In the left panel, under **Snapshot Management**, select **Repositories**.
+1. Choose the **Create Repository** button.
+1. Enter the repository name, type, and location.
+1. (Optional) Select **Advanced Settings** and enter additional settings for this repository as a JSON object. Example:
+ ```json
+ {
+ "chunk_size": null,
+ "compress": false,
+ "max_restore_bytes_per_sec": "40m",
+ "max_snapshot_bytes_per_sec": "40m",
+ "readonly": false
+ }
+ ```
+1. Choose the **Add** button.
+
+## Deleting a repository
+
+To delete a snapshot repository configuration, select the repository from the **Repositories** list and then choose the **Delete** button.
+
+## Creating an SM policy
+
+Create an SM policy to set up automatic snapshots. An SM policy defines an automated snapshot creation schedule and an optional automated deletion schedule.
+
+1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**.
+1. In the left panel, under **Snapshot Management**, select **Snapshot Policies**.
+1. Select the **Create Policy** button.
+1. In the **Policy settings** section:
+ 1. Enter the policy name.
+ 1. (Optional) Enter the policy description.
+1. In the **Source and destination** section:
+ 1. Select or enter source indexes either as a list or as an index pattern.
+ 1. Select a repository for snapshots. To [create a new repository](#creating-a-repository), select the **Create** button.
+1. In the **Snapshot schedule** section:
+ 1. Select the desired snapshot frequency or enter a custom cron expression for snapshot frequency.
+ 1. Select the start time and time zone.
+1. In the **Retention period** section:
+ 1. Choose to retain all snapshots or specify retention conditions (the maximum age of retained snapshots).
+ 1. (Optional) In **Additional settings**, select the minimum and maximum number of retained snapshots, deletion frequency, and deletion start time.
+1. In the **Notifications** section, select the snapshot activities you want to be notified about.
+1. (Optional) In the **Advanced settings** section, select the desired options:
+ - **Include cluster state in snapshots**
+ - **Ignore unavailable indices**
+ - **Allow partial snapshots**
+1. Select the **Create** button.
+
+## View, edit, or delete an SM policy
+
+You can view, edit, or delete an SM policy on the policy details page.
+
+1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**.
+1. In the left panel, under **Snapshot Management**, select **Snapshot Policies**.
+1. Click on the **Policy name** of the policy you want to view, edit, or delete. +The policy settings, snapshot schedule, snapshot retention period, notifications, and last creation and deletion are displayed in the policy details page.
If a snapshot creation or deletion fails, you can view information about the failure in the **Last Creation/Deletion** section. To view the failure message, click on the **cause** in the **Info** column. +1. To edit or delete the SM policy, select the **Edit** or **Delete** button. + +## Enable, disable, or delete SM policies + +1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**. +1. In the left panel, under **Snapshot Management**, select **Snapshot Policies**. +1. Select one or more policies in the list. +1. To enable or disable selected SM policies, select the **Enable** or **Disable** button. To delete selected SM policies, in the **Actions** list, select the **Delete** option. + +## View snapshots + +1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**. +1. In the left panel, under **Snapshot Management**, select **Snapshots**. +All automatically or manually taken snapshots appear in the list. +1. To view a snapshot, click on its **Name**. + +## Take a snapshot + +Use the steps below to take a snapshot manually: + +1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**. +1. In the left panel, under **Snapshot Management**, select **Snapshots**. +1. Select the **Take snapshot** button. +1. Enter the snapshot name. +1. Select or enter source indexes either as a list or as an index pattern. +1. Select a repository for the snapshot. +1. (Optional) In the **Advanced options** section, select the desired options: + - **Include cluster state in snapshots** + - **Ignore unavailable indices** + - **Allow partial snapshots** +1. Choose the **Add** button. + +## Deleting a snapshot + +The **Delete** button [deletes]({{site.url}}{{site.baseurl}}/api-reference/snapshots/delete-snapshot/) a snapshot from a repository. + +1. To view a list of your repositories, choose **Repositories** under the **Snapshot Management** section. +2. To view a list of your snapshots, choose **Snapshots** under the **Snapshot Management** section. + +## Restoring a snapshot + +1. On the top menu bar, go to **OpenSearch Plugins > Snapshot Management**. +1. In the left panel, under **Snapshot Management**, select **Snapshots**. The **Snapshots** tab is selected by default. +1. Select the checkbox next to the snapshot you want to restore, as shown in the following image: +
{: .img-fluid}
+
+ You can only restore snapshots with the status of `Success` or `Partial`. The status of the snapshot is displayed in the **Snapshot status** column.
+ {: .note}
+1. In the **Restore snapshot** flyout, select the options for restoring the snapshot.
+
+ The **Restore snapshot** flyout lists the snapshot name and status. To view the list of indexes in the snapshot, select the number under **Indices** (for example, `27` in the following image). This number represents the number of indexes in the snapshot.
+
+ 
+
+ For more information about the options in the **Restore snapshot** flyout, see [Restore snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#restore-snapshots).
+
+ **Ignoring missing indexes**
+
+ If you specify which indexes you want to restore from the snapshot and select the **Ignore unavailable indices** option, the restore operation ignores the indexes that are missing from the snapshot. For example, if you want to restore the `log1` and `log2` indexes, but `log2` is not in the snapshot, `log1` is restored and `log2` is ignored. If you don't select **Ignore unavailable indices**, the entire restore operation fails if an index to be restored is missing from a snapshot.
+
+ **Custom index settings**
+
+ You can choose to customize some settings for the indexes restored from a snapshot:+ • Select the **Customize index settings** checkbox to provide new values for the specified index settings. All newly restored indexes will use these values instead of the ones in the snapshot.
+ • Select the **Ignore index settings** checkbox to specify the settings in the snapshot to ignore. All newly restored indexes will use the cluster defaults for these settings. + + The examples in the following image set `index.number_of_replicas` to `0`, `index.auto_expand_replicas` to `true`, and `index.refresh_interval` and `index.max_script_fields` to the cluster default values for all newly restored indexes. + +
+
+ For more information about index settings, see [Index settings]({{site.url}}{{site.baseurl}}/api-reference/index-apis/create-index/#index-settings).
+
+ For a list of settings that you cannot change or ignore, see [Restore snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#restore-snapshots).
+
+ After choosing the options, select the **Restore snapshot** button.
+1. (Optional) To monitor the restore progress, select **View restore activities** in the confirmation dialog. You can also monitor the restore progress at any time by selecting the **Restore activities in progress** tab, as shown in the following image.
+
+ 
{: .img-fluid}
+
+ You can view the percentage of the job that has been completed in the **Status** column. Once the snapshot restore is complete, the **Status** changes to `Completed (100%)`.
+
+ The **Restore activities in progress** panel is not persistent. It displays only the progress of the current restore operation. If multiple restore operations are running, the panel displays the most recent one.
+ {: .note }
+ To view the status of each index being restored, select the link in the **Indices being restored** column (in the preceding image, the `27 Indices` link). The **Indices being restored** flyout (shown in the following image) displays each index and its restore status.
+
+ 
{: .img-fluid}
+
+ After the restore operation is complete, the restored indexes are listed in the **Indices** panel. To view the indexes, in the left panel, under **Index Management**, choose **Indices**.
+
+
{: .img-fluid}
+
\ No newline at end of file
diff --git a/_opensearch/snapshots/snapshot-management.md b/_tuning-your-cluster/availability-and-recovery/snapshots/snapshot-management.md
similarity index 86%
rename from _opensearch/snapshots/snapshot-management.md
rename to _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-management.md
index 8cedd0b4d51..1a6ddfaf6f2 100644
--- a/_opensearch/snapshots/snapshot-management.md
+++ b/_tuning-your-cluster/availability-and-recovery/snapshots/snapshot-management.md
@@ -1,14 +1,17 @@
---
layout: default
-title: Snapshot Management
+title: Snapshot management
parent: Snapshots
nav_order: 20
has_children: false
+grand_parent: Availability and Recovery
+redirect_from:
+ - /opensearch/snapshots/snapshot-management/
---
-# Snapshot Management
+# Snapshot management
-Snapshot Management (SM) lets you automate [taking snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots). To use this feature, you need to install the [Index Management (IM) Plugin]({{site.url}}{{site.baseurl}}/im-plugin). Snapshots store only incremental changes since the last snapshot. Thus, while taking an initial snapshot may be a heavy operation, subsequent snapshots have minimal overhead. To set up automatic snapshots, you have to create an SM policy with a desired SM schedule and configuration.
+Snapshot management (SM) lets you automate [taking snapshots]({{site.url}}{{site.baseurl}}/opensearch/snapshots/snapshot-restore#take-snapshots). To use this feature, you need to install the [Index Management (IM) Plugin]({{site.url}}{{site.baseurl}}/im-plugin). Snapshots store only incremental changes since the last snapshot. Thus, while taking an initial snapshot may be a heavy operation, subsequent snapshots have minimal overhead. To set up automatic snapshots, you have to create an SM policy with a desired SM schedule and configuration.
When you create an SM policy, its document ID is given the name `