You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit
elastic.co/guide
.
Documentation
Release docs
Glossary
Support
Integrations
Search UI
Serverless
Article navigation
Welcome to Elastic serverless
What is serverless Elastic?
Invite your team
Assign user roles and privileges
Join an organization from an existing Elastic Cloud account
Update your user profile
Manage your project
Manage billing
Check your subscription
Monitor your account usage
Check your billing history
Elasticsearch
Get started
Client libraries
Get started with the serverless Go Client
Get started with the serverless Java client
Get started with the serverless .NET client
Get started with the serverless Node.js client
Get started with the serverless PHP client
Get started with the serverless Python client
Get started with the serverless Ruby client
REST APIs
Elasticsearch API conventions
Management API conventions
Developer tools
Ingest your data
Ingest data through API
Connector clients
Logstash
Beats
Search your data
The search API
Full-text search with synonyms
k-nearest neighbor (kNN) search
Semantic search
Tutorial: Semantic search with ELSER
Explore your data
Aggregations
Discover your data
Visualize your data
Alerts
Technical preview limitations
Elastic Observability
Observability overview
Create an Observability project
Log monitoring
Get started with system logs
Stream any log file
Stream application logs
Plaintext application logs
ECS formatted application logs
APM agent log sending
Parse and route logs
Filter and aggregate logs
Explore logs
Run a pattern analysis on log data
Troubleshoot logs
Application performance monitoring (APM)
Get started with traces and APM
Send APM data to Elastic
Elastic APM agents
OpenTelemetry
OpenTelemetry API/SDK with Elastic APM agents
OpenTelemetry native support
AWS Lambda support
Collect metrics
Limitations
Resource attributes
AWS Lambda functions
View and analyze traces
Find transaction latency and failure correlations
Integrate with machine learning
Create custom links
Track deployments with annotations
Query your data
Filter your data
Observe Lambda functions
Navigate the Applications UI
Services
Traces
Dependencies
Service map
Service Overview
Transactions
Trace sample timeline
Errors
Metrics
Infrastructure
Logs
APM data types
Distributed tracing
Reduce your data usage
Transaction sampling
Compress spans
Stacktrace collection
Keep APM data secure
Troubleshooting
Reference
Settings
Managed intake service event API
Infrastructure monitoring
Get started with system metrics
View infrastructure metrics by resource type
Analyze and compare hosts
Detect metric anomalies
Configure settings
Metrics reference
Host metrics
Kubernetes pod metrics
Docker container metrics
AWS metrics
Required fields
Dashboards
Alerting
Create and manage rules
Create a custom threshold alert rule
Create anomaly alert rule
Create error count threshold alert rule
Create failed transaction rate threshold alert rule
Create latency threshold alert rule
View alerts
SLOs
Create an SLO
Create SLO burn rate alert rule
Cases
Create and manage cases
Send cases to an external system
AIOps
Detect anomalies
Tune your anomaly detection job
Forecast future behavior
Generate anomaly detection alerts
Analyze log spikes and drops
Detect change points
AI Assistant
Elastic Security
Elastic Security overview
Create a Security project
Elastic Security UI
Elastic AI Assistant
Triage alerts with Elastic AI Assistant
Ingest data
Enable threat intelligence integrations
Secure your endpoints
Prevent Agent uninstallation
Configure an integration policy
Configure protection updates
Turn off diagnostic data for Elastic Defend
Self-healing rollback (Windows)
File system monitoring (Linux)
Install Elastic Endpoint manually
macOS Catalina through Monterey
macOS Ventura and higher
Enable the Endgame sensor (Optional)
Uninstall Elastic Agent
Uninstall Elastic Endpoint
Secure cloud native resources
Security posture management overview
Cloud security posture management
Get started with CSPM for AWS
Get started with CSPM for GCP
Get started with CSPM for Azure
Findings page
Benchmark rules
Cloud Security Posture dashboard
Frequently asked questions (FAQ)
Kubernetes security posture management
Get started with KSPM
Findings page
Benchmark rules
Cloud Security Posture dashboard
Frequently asked questions (FAQ)
Cloud native vulnerability management
Get started with CNVM
Findings
Cloud Native Vulnerability Management Dashboard
Frequently asked questions (FAQ)
Container workload protection
Get started with CWP
Container workload protection policies
Kubernetes dashboard
Cloud workload protection for VMs
Session View
Capture environment variables
Explore your data
Hosts page
Network page
Users page
Data views in Elastic Security
Create runtime fields
Elastic Security ECS field reference
Dashboards
Overview
Detection & Response
Kubernetes
Cloud Security Posture
Entity Analytics
Cloud Native Vulnerability Management
Detection rule monitoring
Detection engine overview
Rules
Create a detection rule
Launch Timeline from investigation guides
Use building block rules
Use Elastic prebuilt rules
Manage detection rules
Monitor and troubleshoot rule executions
Rule exceptions
Create and manage value lists
Add and manage exceptions
Create and manage shared exception lists
MITRE ATT&CK® coverage
Tune detection rules
Troubleshoot detection rules
Prebuilt rule reference
Alerts
Visualize alerts
View alert details
Add alerts to cases
Suppress alerts
Reduce notifications and alerts
Visual event analyzer
Query alert indices
Alert schema
Advanced Entity Analytics
Entity risk scoring
Turn on risk scoring
View risk score data
Advanced behavioral detections
Detect anomalies
Optimizing anomaly results
Behavioral detection use cases
Prebuilt ML job reference
Investigate security events
Investigate events in Timeline
Create Timeline templates
Timeline schema
Cases
Create and manage cases
Configure external connections
Indicators of compromise
Query operating systems
Add Osquery Response Actions
Run Osquery from investigation guides
Run Osquery from alerts
Examine Osquery results
Use placeholder fields in Osquery queries
Endpoint response actions
Isolate a host
Response actions history
Response actions configuration
Manage endpoint protection
Endpoints
Policies
Trusted applications
Event filters
Host isolation exceptions
Blocklist
Optimize Elastic Defend
Troubleshoot endpoints
Asset management
Manage settings
Project settings
Advanced settings
Elastic Security requirements
Detections requirements
Cases requirements
Entity risk scoring prerequisites
Machine learning job and rule requirements
Network map data requirements
Technical preview limitations
Dev tools
Console
Search Profiler
Grok Debugger
Painless Lab
Troubleshooting
Project and management settings
Management
API keys
Connectors
Data Views
Files
Index Management
Ingest Pipelines
Logstash Pipelines
Machine Learning
Maintenance Windows
Maps
Reports
Rules
Saved Objects
Tags
Transforms
Integrations
Fleet and Elastic Agent
Serverless
Elastic Security
Explore your data
Explore your data
Technical preview
This section contains the following pages:
Hosts page
Network page
Users page
Data views in Elastic Security
Create runtime fields in Elastic Security
Elastic Security ECS field reference
On this page