• This repository has been archived on 24/Jun/2022
  • Stars
    star
    1,567
  • Rank 29,877 (Top 0.6 %)
  • Language
    Ruby
  • License
    Other
  • Created over 9 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Ansible playbook for Elasticsearch

ARCHIVED

This project is no longer maintained.

You are welcomed to keep using it and adapting it to work for your own needs, including with Elasticsearch 8.x.

For alternative getting started experiences, you may want to try one of these options:

ansible-elasticsearch

Ansible Galaxy

THIS ROLE IS FOR 7.x & 6.x, but should still work with 8.x (see note).

Ansible role for 7.x/6.x Elasticsearch - tests used to run and pass on the below platforms:

  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 20.04
  • Debian 8
  • Debian 9
  • Debian 10
  • CentOS 7
  • Amazon Linux 2

BREAKING CHANGES

Notice about multi-instance support

  • If you use only one instance but want to upgrade from an older ansible-elasticsearch version, follow upgrade procedure
  • If you install more than one instance of Elasticsearch on the same host (with different ports, directory and config files), do not update to ansible-elasticsearch >= 7.1.1, please follow this workaround instead.
  • For multi-instances use cases, we are now recommending Docker containers using our official images (https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html).

Removing the MAX_THREAD settings

Ansible-elasticsearch 7.5.2 is removing the option to customize the maximum number of threads the process can start in #637. We discovered that this option wasn't working anymore since multi-instance support removal in ansible-elasticsearch 7.1.1. This option will be added back in a following release if it's still relevant regarding latest Elasticsearch evolutions.

Changes about configuration files

Ansible-elasticsearch 7.5.2 is updating the configuration files provided by this role in #637 which contained some options deprecated in 6.x and 7.x:

  • /etc/default/elasticsearch|/etc/sysconfig/elasticsearch: the new template reflect the configuration file provided by Elasticsearch >= 6.x, the parameters we removed were already not used in 6.x and 7.x
  • /etc/elasticsearch/jvm.options: the new template reflect the configuration files provided by Elasticsearch >= 6.x
  • /etc/elasticsearch/log4j2.properties:
    • We removed log4j2.properties.j2 template from this Ansible role as it was a static file not bringing any customization specific to some ansible variable.
    • Deployment of this Ansible role on new servers will get the default log4j2.properties provided by Elasticsearch without any override.
    • WARNING: For upgrade scenarios where this file was already managed by previous versions of ansible-elasticsearch, this file will become unmanaged and won't be updated by default. If you wish to update it to 7.5 version, you can retrieve it here and use this file with es_config_log4j2 Ansible variable (see below).

Removing OSS distribution for versions >= 7.11.0

Starting from Elasticsearch 7.11.0, OSS distributions will no longer be provided following the recent Elasticsearch license change.

This Ansible role will fail if oss_version is set to true and es_version is greater than 7.11.0.

See Doubling down on open, Part II blog post for more details.

How to override configuration files provided by ansible-elasticsearch?

You can now override the configuration files with your own versions by using the following Ansible variables:

  • es_config_default: "elasticsearch.j2": replace elasticsearch.j2 by your own template to use a custom /etc/default/elasticsearch|/etc/sysconfig/elasticsearch configuration file
  • es_config_jvm: "jvm.options.j2": replace jvm.options.j2 by your own template to use a custom /etc/elasticsearch/jvm.options configuration file
  • es_config_log4j2: "": set this variable to the path of your own template to use a custom /etc/elasticsearch/log4j2.properties configuration file

Dependency

This role uses the json_query filter which requires jmespath on the local machine.

Usage

Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook.

ansible-galaxy install elastic.elasticsearch,v7.17.0

Then create your playbook yaml adding the role elasticsearch. The application of the elasticsearch role results in the installation of a node on a host.

The simplest configuration therefore consists of:

- name: Simple Example
  hosts: localhost
  roles:
    - role: elastic.elasticsearch
  vars:
    es_version: 7.17.0

The above installs Elasticsearch 7.17.0 in a single node 'node1' on the hosts 'localhost'.

Note: Elasticsearch default version is described in es_version. You can override this variable in your playbook to install another version. While we are testing this role only with one 7.x and one 6.x version (respectively 7.17.0 and 6.8.23 at the time of writing), this role should work with other versions also in most cases.

This role also uses Ansible tags. Run your playbook with the --list-tasks flag for more information.

Testing

This playbook uses Kitchen for CI and local testing.

Requirements

  • Ruby
  • Bundler
  • Docker
  • Make

Running the tests

  • Ensure you have checked out this repository to elasticsearch, not ansible-elasticsearch.
  • If you don't have a Gold or Platinum license to test with you can run the trial versions of the xpack-upgrade suites by appending -trial to the PATTERN variable.
  • You may need to explicitly specify VERSION=7.x if some suites are failing.

Install the ruby dependencies with bundler

make setup

If you want to test X-Pack features with a license you will first need to export the ES_XPACK_LICENSE_FILE variable.

export ES_XPACK_LICENSE_FILE="$(pwd)/license.json"

To converge an Ubuntu 16.04 host running X-Pack

$ make converge

To run the tests

$ make verify

To list all of the different test suits

$ make list

The default test suite is Ubuntu 16.04 with X-Pack. If you want to test another suite you can override this with the PATTERN variable

$ make converge PATTERN=security-centos-7

The PATTERN is a kitchen pattern which can match multiple suites. To run all tests for CentOS

$ make converge PATTERN=centos-7

The default version is 7.x. If you want to test 6.x you can override it with the VERSION variable, for example:

$ make converge VERSION=6.x PATTERN=security-centos-7

When you are finished testing you can clean up everything with

$ make destroy-all

Basic Elasticsearch Configuration

All Elasticsearch configuration parameters are supported. This is achieved using a configuration map parameter 'es_config' which is serialized into the elasticsearch.yml file. The use of a map ensures the Ansible playbook does not need to be updated to reflect new/deprecated/plugin configuration parameters.

In addition to the es_config map, several other parameters are supported for additional functions e.g. script installation. These can be found in the role's defaults/main.yml file.

The following illustrates applying configuration parameters to an Elasticsearch instance.

- name: Elasticsearch with custom configuration
  hosts: localhost
  roles:
    - role: elastic.elasticsearch
  vars:
    es_data_dirs:
      - "/opt/elasticsearch/data"
    es_log_dir: "/opt/elasticsearch/logs"
    es_config:
      node.name: "node1"
      cluster.name: "custom-cluster"
      discovery.seed_hosts: "localhost:9301"
      http.port: 9201
      transport.port: 9301
      node.data: false
      node.master: true
      bootstrap.memory_lock: true
    es_heap_size: 1g
    es_api_port: 9201

Whilst the role installs Elasticsearch with the default configuration parameters, the following should be configured to ensure a cluster successfully forms:

  • es_config['http.port'] - the http port for the node
  • es_config['transport.port'] - the transport port for the node
  • es_config['discovery.seed_hosts'] - the unicast discovery list, in the comma separated format "<host>:<port>,<host>:<port>" (typically the clusters dedicated masters)
  • es_config['cluster.initial_master_nodes'] - for 7.x and above the list of master-eligible nodes to boostrap the cluster, in the comma separated format "<node.name>:<port>,<node.name>:<port>" (typically the node names of the clusters dedicated masters)
  • es_config['network.host'] - sets both network.bind_host and network.publish_host to the same host value. The network.bind_host setting allows to control the host different network components will bind on.

The network.publish_host setting allows to control the host the node will publish itself within the cluster so other nodes will be able to connect to it.

See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html for further details on default binding behavior and available options. The role makes no attempt to enforce the setting of these are requires users to specify them appropriately. It is recommended master nodes are listed and thus deployed first where possible.

A more complex example:

- name: Elasticsearch with custom configuration
  hosts: localhost
  roles:
    - role: elastic.elasticsearch
  vars:
    es_data_dirs:
      - "/opt/elasticsearch/data"
    es_log_dir: "/opt/elasticsearch/logs"
    es_config:
      node.name: "node1"
      cluster.name: "custom-cluster"
      discovery.seed_hosts: "localhost:9301"
      http.port: 9201
      transport.port: 9301
      node.data: false
      node.master: true
      bootstrap.memory_lock: true
    es_heap_size: 1g
    es_start_service: false
    es_api_port: 9201
    es_plugins:
      - plugin: ingest-attachment

Important Notes

The role uses es_api_host and es_api_port to communicate with the node for actions only achievable via http e.g. to install templates and to check the NODE IS ACTIVE. These default to "localhost" and 9200 respectively. If the node is deployed to bind on either a different host or port, these must be changed.

Only use es_data_dirs and es_log_dir for customizing the data and log dirs respectively. When using together with es_config['path.data'] and es_config['path.logs'] it would result in generating duplicate data- and logs-keys in elasticsearch.yml and thus let fail to start elasticsearch.

Multi Node Server Installations

The application of the elasticsearch role results in the installation of a node on a host. Specifying the role multiple times for a host therefore results in the installation of multiple nodes for the host.

An example of a three server deployment is shown below. The first server holds the master and is thus declared first. Whilst not mandatory, this is recommended in any multi node cluster configuration. The two others servers hosts data nodes.

Note that we do not support anymore installation of more than one node in the same host

- hosts: master_node
  roles:
    - role: elastic.elasticsearch
  vars:
    es_heap_size: "1g"
    es_config:
      cluster.name: "test-cluster"
      cluster.initial_master_nodes: "elastic02"
      discovery.seed_hosts: "elastic02:9300"
      http.host: 0.0.0.0
      http.port: 9200
      node.data: false
      node.master: true
      transport.host: 0.0.0.0
      transport.port: 9300
      bootstrap.memory_lock: false
    es_plugins:
     - plugin: ingest-attachment

- hosts: data_node_1
  roles:
    - role: elastic.elasticsearch
  vars:
    es_data_dirs:
      - "/opt/elasticsearch"
    es_config:
      cluster.name: "test-cluster"
      cluster.initial_master_nodes: "elastic02"
      discovery.seed_hosts: "elastic02:9300"
      http.host: 0.0.0.0
      http.port: 9200
      node.data: true
      node.master: false
      transport.host: 0.0.0.0
      transport.port: 9300
      bootstrap.memory_lock: false
    es_plugins:
      - plugin: ingest-attachment

- hosts: data_node_2
  roles:
    - role: elastic.elasticsearch
  vars:
    es_config:
      cluster.name: "test-cluster"
      discovery.seed_hosts: "elastic02:9300"
      http.host: 0.0.0.0
      http.port: 9200
      node.data: true
      node.master: false
      transport.host: 0.0.0.0
      transport.port: 9300
      bootstrap.memory_lock: false
    es_plugins:
      - plugin: ingest-attachment

Parameters can additionally be assigned to hosts using the inventory file if desired.

Make sure your hosts are defined in your inventory file with the appropriate ansible_ssh_host, ansible_ssh_user and ansible_ssh_private_key_file values.

Then run it:

ansible-playbook -i hosts ./your-playbook.yml

Installing X-Pack Features

  • es_role_mapping Role mappings file declared as yml as described here
es_role_mapping:
  power_user:
    - "cn=admins,dc=example,dc=com"
  user:
    - "cn=users,dc=example,dc=com"
    - "cn=admins,dc=example,dc=com"
  • es_users - Users can be declared here as yml. Two sub keys 'native' and 'file' determine the realm under which the user is created. Beneath each of these keys users should be declared as yml entries. e.g.
es_users:
  native:
    kibana4_server:
      password: changeMe
      roles:
        - kibana4_server
  file:
    es_admin:
      password: changeMe
      roles:
        - admin
    testUser:
      password: changeMeAlso!
      roles:
        - power_user
        - user
  • es_roles - Elasticsearch roles can be declared here as yml. Two sub keys 'native' and 'file' determine how the role is created i.e. either through a file or http(native) call. Beneath each key list the roles with appropriate permissions, using the file based format described here e.g.
es_roles:
  file:
    admin:
      cluster:
        - all
      indices:
        - names: '*'
          privileges:
            - all
    power_user:
      cluster:
        - monitor
      indices:
        - names: '*'
          privileges:
            - all
    user:
      indices:
        - names: '*'
          privileges:
            - read
    kibana4_server:
      cluster:
          - monitor
      indices:
        - names: '.kibana'
          privileges:
            - all
  native:
    logstash:
      cluster:
        - manage_index_templates
      indices:
        - names: 'logstash-*'
          privileges:
            - write
            - delete
            - create_index
  • es_xpack_license - X-Pack license. The license is a json blob. Set the variable directly (possibly protected by Ansible vault) or from a file in the Ansible project on the control machine via a lookup:
es_xpack_license: "{{ lookup('file', playbook_dir + '/files/' + es_cluster_name + '/license.json') }}"

If you don't have a license you can enable the 30-day trial by setting es_xpack_trial to true.

X-Pack configuration parameters can be added to the elasticsearch.yml file using the normal es_config parameter.

For a full example see here

Important Note for Native Realm Configuration

In order for native users and roles to be configured, the role calls the Elasticsearch API. Given security is installed this requires definition of two parameters:

  • es_api_basic_auth_username - admin username
  • es_api_basic_auth_password - admin password

These can either be set to a user declared in the file based realm, with admin permissions, or the default "elastic" superuser (default password is changeme).

X-Pack Security SSL/TLS

  • To configure your cluster with SSL/TLS for HTTP and/or transport communications follow the SSL/TLS setup procedure

Additional Configuration

In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behavior. Options include:

  • oss_version Default false. Setting this to true will install the oss release of Elasticsearch (for version <7.11.0 only).

  • es_xpack_trial Default false. Setting this to true will start the 30-day trail once the cluster starts.

  • es_version (e.g. "7.17.0").

  • es_api_host The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost".

  • es_api_port The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. CHANGE IF THE HTTP PORT IS NOT 9200

  • es_api_basic_auth_username The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin.

  • es_api_basic_auth_password The password associated with the user declared in es_api_basic_auth_username

  • es_delete_unmanaged_file Default true. Set to false to keep file realm users that have been added outside of ansible.

  • es_delete_unmanaged_native Default true. Set to false to keep native realm users that have been added outside of ansible.

  • es_start_service (true (default) or false)

  • es_plugins_reinstall (true or false (default) )

  • es_plugins an array of plugin definitions e.g.:

      es_plugins:
        - plugin: ingest-attachment
  • es_path_repo Sets the whitelist for allowing local back-up repositories

  • es_action_auto_create_index Sets the value for auto index creation, use the syntax below for specifying indexes (else true/false): es_action_auto_create_index: '[".watches", ".triggered_watches", ".watcher-history-*"]'

  • es_allow_downgrades For development purposes only. (true or false (default) )

  • es_java_install If set to true, Java will be installed. (false (default for 7.x) or true (default for 6.x))

  • update_java Updates Java to the latest version. (true or false (default))

  • es_max_map_count maximum number of VMA (Virtual Memory Areas) a process can own. Defaults to 262144.

  • es_max_open_files the maximum file descriptor number that can be opened by this process. Defaults to 65536.

  • es_debian_startup_timeout how long Debian-family SysV init scripts wait for the service to start, in seconds. Defaults to 10 seconds.

  • es_use_repository Setting this to false will stop Ansible from using the official Elastic package from any repository configured on the system.

  • es_add_repository Setting this to false will stop Ansible to add the official Elastic package repositories (if es_use_repository is true) if you want to use a repo already present.

  • es_custom_package_url the URL to the rpm or deb package for Ansible to install. When using this you will also need to set es_use_repository: false and make sure that the es_version matches the version being installed from your custom URL. E.g. es_custom_package_url: https://downloads.example.com/elasticsearch.rpm

Earlier examples illustrate the installation of plugins using es_plugins. For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version. For community based plugins include the full url. This approach should NOT be used for the X-Pack plugin. See X-Pack below for details here.

If installing Monitoring or Alerting, ensure the license plugin is also specified. Security configuration currently has limited support, but more support is planned for later versions.

To configure X-pack to send mail, the following configuration can be added to the role. When require_auth is true, you will also need to provide the user and password. If not these can be removed:

    es_mail_config:
        account: <functional name>
        profile: standard
        from: <from address>
        require_auth: <true or false>
        host: <mail domain>
        port: <port number>
        user: <e-mail address> --optional
        pass: <password> --optional
  • es_user - defaults to elasticsearch.
  • es_group - defaults to elasticsearch.
  • es_user_id - default is undefined.
  • es_group_id - default is undefined.

Both es_user_id and es_group_id must be set for the user and group ids to be set.

  • es_restart_on_change - defaults to true. If false, changes will not result in Elasticsearch being restarted.
  • es_plugins_reinstall - defaults to false. If true, all currently installed plugins will be removed from a node. Listed plugins will then be re-installed.

To add, update or remove elasticsearch.keystore entries, use the following variable:

# state is optional and defaults to present
es_keystore_entries:
- key: someKeyToAdd
  value: someValue
  state: present

- key: someKeyToUpdate
  value: newValue
  # state: present
  force: Yes

- key: someKeyToDelete
  state: absent

This role ships with sample templates located in the test/integration/files/templates-7.x directory. es_templates_fileglob variable is used with the Ansible with_fileglob loop. When setting the globs, be sure to use an absolute path.

Proxy

To define proxy globally, set the following variables:

  • es_proxy_host - global proxy host
  • es_proxy_port - global proxy port

Notes

  • The role assumes the user/group exists on the server. The elasticsearch packages create the default elasticsearch user. If this needs to be changed, ensure the user exists.
  • The playbook relies on the inventory_name of each host to ensure its directories are unique
  • KitchenCI has been used for testing. This is used to confirm images reach the correct state after a play is first applied. We currently test the latest version of 7.x and 6.x on all supported platforms.
  • The role aims to be idempotent. Running the role multiple times, with no changes, should result in no state change on the server. If the configuration is changed, these will be applied and Elasticsearch restarted where required.
  • In order to run x-pack tests a license file with security enabled is required. Set the environment variable ES_XPACK_LICENSE_FILE to the full path of the license file prior to running tests. A trial license is appropriate and can be used by setting es_xpack_trial to true

IMPORTANT NOTES RE PLUGIN MANAGEMENT

  • If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behavior is required in ES 6.x.
  • If no plugins are listed in the playbook for a node, all currently installed plugins will be removed.
  • The role supports automatic detection of differences between installed and listed plugins - installing those listed but not installed, and removing those installed but not listed. Should users wish to re-install plugins they should set es_plugins_reinstall to true. This will cause all currently installed plugins to be removed and those listed to be installed.

Questions on Usage

We welcome questions on how to use the role. However, in order to keep the GitHub issues list focused on "issues" we ask the community to raise questions at https://discuss.elastic.co/c/elasticsearch. This is monitored by the maintainers.

More Repositories

1

elasticsearch

Free and Open, Distributed, RESTful Search Engine
Java
65,029
star
2

kibana

Your window into the Elastic Stack
TypeScript
19,520
star
3

logstash

Logstash - transport and process your logs, events, or other data
Java
13,615
star
4

elasticsearch-php

Official PHP client for Elasticsearch.
PHP
5,190
star
5

elasticsearch-js

Official Elasticsearch client library for Node.js
TypeScript
5,174
star
6

go-elasticsearch

The official Go client for Elasticsearch
Go
4,933
star
7

elasticsearch-py

Official Python client for Elasticsearch
Python
4,034
star
8

elasticsearch-dsl-py

High level Python client for Elasticsearch
Python
3,695
star
9

elasticsearch-definitive-guide

The Definitive Guide to Elasticsearch
HTML
3,521
star
10

elasticsearch-net

This strongly-typed, client library enables working with Elasticsearch. It is the official client maintained and supported by Elastic.
C#
3,469
star
11

curator

Curator: Tending your Elasticsearch indices
Python
3,032
star
12

elasticsearch-rails

Elasticsearch integrations for ActiveModel/Record and Ruby on Rails
Ruby
3,017
star
13

examples

Home for Elasticsearch examples available to everyone. It's a great way to get started.
Jupyter Notebook
2,587
star
14

cloud-on-k8s

Elastic Cloud on Kubernetes
Go
2,574
star
15

elasticsearch-ruby

Ruby integrations for Elasticsearch
Ruby
1,928
star
16

elasticsearch-hadoop

🐘 Elasticsearch real-time search and analytics natively integrated with Hadoop
Java
1,915
star
17

detection-rules

Python
1,884
star
18

helm-charts

You know, for Kubernetes
Python
1,807
star
19

search-ui

Search UI. Libraries for the fast development of modern, engaging search experiences.
TypeScript
1,796
star
20

logstash-forwarder

An experiment to cut logs in preparation for processing elsewhere. Replaced by Filebeat: https://github.com/elastic/beats/tree/master/filebeat
Go
1,788
star
21

stack-docker

Project no longer maintained.
Shell
1,189
star
22

apm-server

APM Server
Go
1,100
star
23

protections-artifacts

Elastic Security detection content for Endpoint
YARA
980
star
24

ecs

Elastic Common Schema
Python
920
star
25

ember

Elastic Malware Benchmark for Empowering Researchers
Jupyter Notebook
799
star
26

elasticsearch-docker

Official Elasticsearch Docker image
Python
790
star
27

elasticsearch-rs

Official Elasticsearch Rust Client
Rust
612
star
28

elasticsearch-labs

Notebooks & Example Apps for Search & AI Applications with Elasticsearch
Jupyter Notebook
597
star
29

elasticsearch-cloud-aws

AWS Cloud Plugin for Elasticsearch
580
star
30

apm-agent-nodejs

Elastic APM Node.js Agent
JavaScript
540
star
31

apm-agent-dotnet

Elastic APM .NET Agent
C#
540
star
32

apm-agent-java

Elastic APM Java Agent
Java
536
star
33

eland

Python Client and Toolkit for DataFrames, Big Data, Machine Learning and ETL in Elasticsearch
Python
516
star
34

elasticsearch-mapper-attachments

Mapper Attachments Type plugin for Elasticsearch
Java
503
star
35

elasticsearch-servicewrapper

A service wrapper on top of elasticsearch
Shell
489
star
36

apm-agent-go

Official Go agent for Elastic APM
Go
390
star
37

sense

A JSON aware developer's interface to Elasticsearch. Comes with handy machinery such as syntax highlighting, autocomplete, formatting and code folding.
JavaScript
382
star
38

apm-agent-python

Official Python agent for Elastic APM
Python
381
star
39

elastic-charts

TypeScript
365
star
40

stream2es

Stream data into ES (Wikipedia, Twitter, stdin, or other ESes)
Clojure
356
star
41

timelion

Timelion was absorbed into Kibana 5. Don't use this. Time series composer for Elasticsearch and beyond.
JavaScript
347
star
42

apm

Elastic Application Performance Monitoring - resources and general issue tracking for Elastic APM.
Gherkin
317
star
43

elasticsearch-net-example

A tutorial repository for Elasticsearch and NEST
305
star
44

elasticsearch-migration

This plugin will help you to check whether you can upgrade directly to the next major version of Elasticsearch, or whether you need to make changes to your data and cluster before doing so.
291
star
45

logstash-docker

Official Logstash Docker image
Python
286
star
46

elasticsearch-py-async

Backend for elasticsearch-py based on python's asyncio module.
Python
283
star
47

support-diagnostics

Support diagnostics utility for elasticsearch and logstash
Java
278
star
48

elasticsearch-java

Official Elasticsearch Java Client
Java
274
star
49

es2unix

Command-line ES
Clojure
274
star
50

elasticsearch-analysis-smartcn

Smart Chinese Analysis Plugin for Elasticsearch
268
star
51

dockerfiles

Dockerfiles for the official Elastic Stack images
Shell
253
star
52

go-sysinfo

go-sysinfo is a library for collecting system information.
Go
249
star
53

kibana-docker

Official Kibana Docker image
Python
243
star
54

elasticsearch-metrics-reporter-java

Metrics reporter, which reports to elasticsearch
Java
232
star
55

apm-agent-php

Elastic APM PHP Agent
PHP
229
star
56

docs

Ruby
229
star
57

elasticsearch-river-twitter

Twitter River Plugin for elasticsearch (STOPPED)
Java
202
star
58

elasticsearch-formal-models

Formal models of core Elasticsearch algorithms
Isabelle
200
star
59

rally-tracks

Track specifications for the Elasticsearch benchmarking tool Rally
Python
197
star
60

integrations

Elastic Integrations
Handlebars
194
star
61

beats-dashboards

DEPRECATED. Moved to https://github.com/elastic/beats. Please use the new repository to add new issues.
Shell
192
star
62

elasticsearch-analysis-icu

ICU Analysis plugin for Elasticsearch
189
star
63

elasticsearch-river-rabbitmq

RabbitMQ River Plugin for elasticsearch (STOPPED)
Java
173
star
64

terraform-provider-ec

Go
171
star
65

elasticsearch-analysis-kuromoji

Japanese (kuromoji) Analysis Plugin
168
star
66

dorothy

Dorothy is a tool to test security monitoring and detection for Okta environments
Python
167
star
67

beats-docker

Official Beats Docker images
Python
165
star
68

elasticsearch-river-couchdb

CouchDB River Plugin for elasticsearch (STOPPED)
Java
163
star
69

SWAT

Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.
Python
156
star
70

apm-agent-ruby

Elastic APM agent for Ruby
Ruby
156
star
71

go-freelru

GC-less, fast and generic LRU hashmap library for Go
Go
151
star
72

require-in-the-middle

Module to hook into the Node.js require function
JavaScript
149
star
73

harp

Secret management by contract toolchain
Go
145
star
74

go-libaudit

go-libaudit is a library for communicating with the Linux Audit Framework.
Go
142
star
75

ml-cpp

Machine learning C++ code
C++
139
star
76

ecs-logging-java

Centralized logging for Java applications with the Elastic stack made easy
Java
137
star
77

ansible-beats

Ansible Beats Role
Ruby
131
star
78

logstash-contrib

THIS REPOSITORY IS NO LONGER USED.
Ruby
128
star
79

elasticsearch-analysis-phonetic

Phonetic Analysis Plugin for Elasticsearch
127
star
80

azure-marketplace

Elasticsearch Azure Marketplace offering + ARM template
Shell
122
star
81

golang-crossbuild

Shell
121
star
82

elastic-agent

Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Go
121
star
83

anonymize-it

a general utility for anonymizing data
Python
117
star
84

bpfcov

Source-code based coverage for eBPF programs actually running in the Linux kernel
C
115
star
85

windows-installers

Windows installers for the Elastic stack
C#
113
star
86

terraform-provider-elasticstack

Terraform provider for Elastic Stack
Go
111
star
87

makelogs

JavaScript
108
star
88

elasticsearch-lang-python

Python language Plugin for elasticsearch
104
star
89

stack-docs

Elastic Stack Documentation
Java
96
star
90

sysgrok

LLM-driven assistant for analyzing, understanding and optimizing systems
Python
94
star
91

elasticsearch-lang-javascript

JavaScript language Plugin for elasticsearch
93
star
92

crawler

Ruby
92
star
93

elasticsearch-specification

Elasticsearch full specification
TypeScript
89
star
94

elasticsearch-perl

Official Perl low-level client for Elasticsearch.
Perl
87
star
95

next-eui-starter

Start building Kibana protoypes quickly with the Next.js EUI Starter
TypeScript
87
star
96

vue-search-ui-demo

A demo of implementing Elastic's Search UI and App Search using Vue.js
Vue
87
star
97

elasticsearch-transport-thrift

Thrift Transport for elasticsearch (STOPPED)
Java
84
star
98

beats

🐠 Beats - Lightweight shippers for Elasticsearch & Logstash
Go
83
star
99

ecs-dotnet

.NET integrations that use the Elastic Common Schema (ECS)
HTML
82
star
100

generator-kibana-plugin

DEPRECATED Yeoman Generator for Kibana Plugins, please use https://github.com/elastic/template-kibana-plugin/
JavaScript
79
star