Back to plugin list
Official
Elasticsearch
This plugin is in preview.
The Elasticsearch plugin syncs data from any CloudQuery source plugin(s) to an Elasticsearch cluster
Price
Free
Overview
Elasticsearch Destination Plugin
The Elasticsearch plugin syncs data from any CloudQuery source plugin(s) to an Elasticsearch cluster.
Example config
The following config will sync data to an Elasticsearch cluster running on
localhost:9200:kind: destination
spec:
name: elasticsearch
path: cloudquery/elasticsearch
registry: cloudquery
version: "v3.2.14"
write_mode: "overwrite-delete-stale"
spec:
# Elastic Cloud configuration parameters
cloud_id: "${ELASTICSEARCH_CLOUD_ID}"
api_key: "${ELASTICSEARCH_API_KEY}"
# Self-hosted Elasticsearch configuration parameters
# addresses: ["http://localhost:9200"]
# username: ""
# password: ""
# service_token: ""
# certificate_fingerprint: ""
# ca_cert: ""
# Optional parameters
# concurrency: 5 # default: number of CPUs
# batch_size: 1000
# batch_size_bytes: 5242880 # 5 MiBThe Elasticsearch destination utilizes batching, and supports
batch_size and batch_size_bytes.It supports
append, overwrite and overwrite-delete-stale write modes. The default write mode is overwrite-delete-stale.Elasticsearch Spec
This is the spec used by the Elasticsearch destination plugin.
addresses([]string) (optional) (default:["http://localhost:9200"])A list of Elasticsearch nodes to use. Mutually exclusive withcloud_id.username(string) (optional)Username for HTTP Basic Authentication.password(string) (optional)Password for HTTP Basic Authentication.cloud_id(string) (optional) (example:MyDeployment:abcdefgh)Endpoint for the Elasticsearch Service (https://elastic.co/cloud). Mutually exclusive withaddresses.api_key(string) (optional)Base64-encoded token for authorization; if set, overrides username/password and service token.service_token(string) (optional)Service token for authorization; if set, overrides username/password.certificate_fingerprint(string) (optional)SHA256 hex fingerprint given by Elasticsearch on first launch.ca_cert(string) (optional)PEM-encoded certificate authorities. When set, an empty certificate pool will be created, and the certificates will be appended to it. See file variable substitution for how to read this value from a file.concurrency(string) (optional) (default: number of CPUs)Number of concurrent worker goroutines to use for indexing.batch_size(integer) (optional) (default:1000)Maximum number of items that may be grouped together to be written in a single write.batch_size_bytes(integer) (optional) (default:5242880(5 MiB))Maximum size of items that may be grouped together to be written in a single write.
Index Template Creation
The Elasticsearch destination will create an index template for every table during the migration step. It is recommended that you use the generated index templates, as it will automatically create indexes with the correct mappings for the table. However, to skip index template creation (or use your own), you may use the
--no-migrate option when running cloudquery sync.Index Naming
Index names will be formatted according to the selected write mode:
append: indexes will be named using the format<table_name>-<YYYY-MM-DD>. In other words, a new index will be created every day the table is synced. Entries will never be overwritten.overwrite: indexes will be named using the format<table_name>. Objects with duplicate primary keys will be overwritten.overwrite-delete-stale: indexes will be named using the format<table_name>. Objects with duplicate primary keys will be overwritten, and any objects that are not present in the current sync will be deleted.
Index templates will also be created such that they match the index names generated by the selected write mode.
Querying From Kibana
To query data from Kibana, you will need to create data views (previously also known as "index patterns"). To query a specific table, the data view's index pattern should be in the format
<table_name>-*. For example, if you have a table named aws_ec2_instances, you should create a data view with index pattern named aws_ec2_instances-*. One useful feature of Elasticsearch and Kibana, however, is the ability to query across all data. To do this for the aws source plugin, for example, you may use an index pattern named aws_*. This will then allow queries across all tables synced by the aws source plugin.Underlying library
We use the official go-elasticsearch package. It is tested against Elasticsearch 8.6.0. Please open an issue if you encounter any problems with this (or another) version.
Types
Elasticsearch Types
The Elasticsearch destination (
v2.0.0 and later) supports most Apache Arrow types. The following table shows the supported types and how they are mapped to Elasticsearch field data types.| Arrow Column Type | Supported? | Elasticsearch Type |
|---|---|---|
| Binary | ✅ Yes | binary |
| Boolean | ✅ Yes | boolean |
| Date32 | ✅ Yes | date with format yyyy-MM-dd |
| Date64 | ✅ Yes | date with format yyyy-MM-dd |
| Decimal | ✅ Yes | text |
| Dense Union | ✅ Yes | text |
| Dictionary | ✅ Yes | text |
| Duration[ms] | ✅ Yes | text |
| Duration[ns] | ✅ Yes | text |
| Duration[s] | ✅ Yes | text |
| Duration[us] | ✅ Yes | text |
| Fixed Size List | ✅ Yes | Uses type from list elements |
| Float16 | ✅ Yes | half_float |
| Float32 | ✅ Yes | float |
| Float64 | ✅ Yes | double |
| Inet | ✅ Yes | text |
| Int8 | ✅ Yes | byte |
| Int16 | ✅ Yes | short |
| Int32 | ✅ Yes | integer |
| Int64 | ✅ Yes | long |
| Interval[DayTime] | ✅ Yes | object |
| Interval[MonthDayNano] | ✅ Yes | object |
| Interval[Month] | ✅ Yes | object |
| JSON | ✅ Yes | text |
| Large Binary | ✅ Yes | byte |
| Large List | ✅ Yes | Uses type from list elements |
| Large String | ✅ Yes | text |
| List | ✅ Yes | Uses type from list elements |
| MAC | ✅ Yes | text |
| Map | ✅ Yes | object with key and value fields |
| String | ✅ Yes | text |
| Struct | ✅ Yes | object |
| Time32[s] | ✅ Yes | date with format HH:mm:ss |
| Time32[ms] | ✅ Yes | date with format HH:mm:ss.SSS |
| Time64[us] | ✅ Yes | text |
| Time64[ns] | ✅ Yes | text |
| Timestamp[s] | ✅ Yes | date with format 2006-01-02T15:04:05Z |
| Timestamp[ms] | ✅ Yes | date with format 2006-01-02T15:04:05.999Z |
| Timestamp[us] | ✅ Yes | date with format 2006-01-02T15:04:05.999999Z" |
| Timestamp[ns] | ✅ Yes | date_nanos with format 2006-01-02T15:04:05.99999999Z |
| UUID | ✅ Yes | text |
| Uint8 | ✅ Yes | unsigned_long |
| Uint16 | ✅ Yes | unsigned_long |
| Uint32 | ✅ Yes | unsigned_long |
| Uint64 | ✅ Yes | unsigned_long |
| Union | ✅ Yes | text |