Elasticsearch data output
This article provides an introduction to Elasticsearch along with a guide on creating an Elasticsearch data output using Upsolver.
You can send data in the form of JSON documents to Elasticsearch using the API or ingestion tools such as Logstash and Amazon Kinesis Firehose. Elasticsearch automatically stores the original document and adds a searchable reference to the document in the cluster’s index.
You can then search and retrieve the document using the Elasticsearch API. You can also use Kibana, an open-source visualization tool, with Elasticsearch to visualize your data and build interactive dashboards.
Supported Versions
These are the versions supported by Upsolver for direct output into Elasticsearch:
6.x
7.x
8.x
OpenSearch is a fork of Elasticsearch. While it isn't officially supported, some versions may still function properly as targets for this output. Specifically, versions 1.3.0 and 2.3.0 have been tested successfully but future versions may not work. We recommend testing new versions of OpenSearch with a standalone output before updating existing clusters.
Create an Elasticsearch data output
1. Go to the Outputs page and click New.
2. Select Elasticseaarch as your output type.
3. Name your output and select your Data Sources, then click Next.
Click Properties to review this output's properties. See: Output properties
How many of the events in this data source include this field, expressed as a percentage (e.g. 20.81%).
The percentage distribution of the field values. These distribution values can be exported by clicking Export.
The number of fields in the selected hierarchy.
Toggle from UI to SQL at any point to view the corresponding SQL code for your selected output.
You can also edit your output directly in SQL. See: Transform with SQL
7. Add any required calculated fields and review them in the Calculated Fields tab. See: Adding Calculated Fields
8. Add any required lookups and review them under the Calculated Fields tab.
9. Through the Filters tab, add a filter like WHERE in SQL to the data source.
See: Adding Filters
10. Click Make Aggregated to turn the output into an aggregated output. Read the warning before clicking OK and then add the required aggregation. This aggregation field will then be added to the Schema tab. See: Aggregation Functions
11. In the Aggregation Calculated Fields area under the Calculated Fields tab, add any required calculated fields on aggregations. See: Functions, Aggregation Functions
Click Preview at any time to view a preview of your current output.
12. Click Run and fill out the following fields:
Connection: How to create an Elasticsearch connection
Index Name: See warning below
Index Partition Size
S3 connection: Select an intermediate storage location where Upsolver will store the intermediate bulk files before loading it into Elasticsearch
See: Running an output
The index name must be that of a pre-existing index (Upsolver will not automatically create a new index) and the name should be suffixed with the year (e.g. upsolver → upsolver_2020).
13. Click Next and complete the following:
Select the compute cluster to run the calculation on. Alternatively, click the drop-down and create a new compute cluster.
14. Finally, click Deploy to run the output. It will show as Running in the output panel and is now live in production and consumes compute resources.
You have now successfully outputted your data to Elasticsearch.
Limitations
Upsolver writes to Elasticsearch using Bulk requests.
For versions 7 and above Upsolver does not currently report the status of the internal requests inside such bulks. The only indication recieved is if the bulk request succeeded or not. It is therefore possible for some items within these bulk requests to fail, without getting notified about this in the Upsolver UI.
Last updated
