Link
Search
Menu
Expand
Document
Documentation Menu
Documentation
SmartObserve and SmartObserve Dashboards
← Back to docs home
About SmartObserve
Version history
Breaking changes
Getting started
Intro to SmartObserve
Installation quickstart
Communicate with SmartObserve
Ingest data
Search your data
Getting started with SmartObserve security
Concepts
Tutorials
Vector search
Getting started with semantic and hybrid search
Vector operations
Generating embeddings
Semantic search using byte vectors
Optimizing vector search using Cohere compressed embeddings
Semantic search
Semantic search using OpenAI
Semantic search using Cohere Embed
Semantic search using Cohere Embed on Amazon Bedrock
Semantic search using Amazon Bedrock Titan
Semantic search using Amazon Bedrock Titan in another account
Semantic search in Amazon SageMaker
Semantic search using AWS CloudFormation and Amazon SageMaker
Semantic search using AWS CloudFormation and Amazon Bedrock
Semantic search using an asymmetric embedding model
Semantic search using text chunking
Using semantic highlighting
Reranking search results
Reranking using Cohere Rerank
Reranking search results using Cohere Rerank on Amazon Bedrock
Reranking search results using Amazon Bedrock models
Reranking search results using a cross-encoder in Amazon SageMaker
Reranking search results using a reranker in Amazon SageMaker
Reranking search results by a field
Generative AI
RAG
RAG using the DeepSeek Chat API
RAG using DeepSeek-R1 on Amazon Bedrock
RAG using DeepSeek-R1 in Amazon SageMaker
Conversational search using Cohere Command
Conversational search using Anthropic Claude on Amazon Bedrock
Conversational search using OpenAI
Agentic AI
Building a plan-execute-reflect agent
Chatbots
RAG chatbot
RAG chatbot with a conversational flow agent
Build your own chatbot
AI search workflows
Model guardrails
Amazon Bedrock model guardrails
Faceted search
Install and configure
Installing SmartObserve
Docker
Helm
Tarball
RPM
Debian
SmartObserve Kubernetes Operator
Ansible playbook
Windows
Installing SmartObserve Dashboards
Docker
Tarball
RPM
Debian
Helm
Windows
Configure TLS
Configuring SmartObserve
Configuration and system settings
Network settings
Discovery and gateway settings
Security settings
Cluster settings
Index settings
Search settings
Availability and recovery settings
Thread pool settings
Circuit breaker settings
Plugin settings
Experimental feature flags
Logs
Compatible operating systems
Configuring SmartObserve Dashboards
Installing plugins
Additional plugins
Mapper-size plugin
Ingest-attachment plugin
Managing SmartObserve Dashboards plugins
Migrate or upgrade
Snapshot and restore
Rolling upgrade
Migration Assistant
Creating and tuning your cluster
Cluster manager task throttling
Cross-cluster replication
Getting started
Auto-follow
Replication security
Replication settings
API
Availability and recovery
Snapshots
Take and restore snapshots
Snapshot management
Snapshot management API
Searchable snapshots
Remote-backed storage
Migrating to remote-backed storage
Remote cluster state
Remote segment backpressure
Shallow snapshots
Remote Store Stats API
Search backpressure
Shard indexing backpressure
Stats API
Settings
Segment replication
Segment replication backpressure
Rule-based auto-tagging
Rules API
Workload management
Workload groups
Workload group rules
Managing workloads in SmartObserve Dashboards
Tuning for indexing speed
Separate index and search workloads
Managing Indexes
Index templates
Index aliases
Data streams
Append-only index
Index context
Index sorting
Reindex data
Refresh search analyzer
Index State Management
Policies
Managed indexes
Settings
ISM API
Index transforms
Transforms APIs
Index rollups
Index rollups API
Settings
ISM Error Prevention
ISM Error Prevention resolutions
ISM Error Prevention API
Notification settings
Index management security
Ingest Pipelines
Create pipeline
Simulate pipeline
Get pipeline
Delete pipeline
Access data in a pipeline
Handling pipeline failures
Conditional execution
Complex conditionals
Conditionals with the pipeline processor
Regex conditionals
Ingest processors
Append
Bytes
Convert
Copy
CSV
Date
Community ID
Date index name
Dissect
Dot expander
Drop
Fail
Fingerprint
Foreach
gsub
IP2Geo
HTML strip
Grok
Join
JSON
KV
Lowercase
ML inference
Pipeline
Remove
Remove by pattern
Rename
Script
Set
Sparse encoding
Sort
Text chunking
Text embedding
Text/image embedding
Split
Trim
Uppercase
URL decode
User agent
SmartObserve Dashboards
SmartObserve Dashboards quickstart guide
SmartObserve Assistant for SmartObserve Dashboards
Alert insights
Data summary
Anomaly detector suggestions
Text to visualization
Analyzing data
Time filter
Creating dashboards
Building data visualizations
Area charts
Coordinate and region maps
Using maps
Maps Stats API
Configuring a Web Map Service (WMS)
Using self-hosted map servers
TSVB
Vega
VisBuilder
Index Management
Indexes
Data streams
Force merge
Rollover
Component templates
Notification settings
Snapshot Management
Dashboards Management
Index patterns
Advanced settings
Access control lists for saved objects
Dev Tools
Workspace for SmartObserve Dashboards
Getting started with workspaces
Create a workspace
Manage workspaces
Workspace access control lists
Workspaces APIs
Data sources
Configuring and using multiple data sources
Connecting Amazon S3 to SmartObserve
Query and visualize Amazon S3 data
Optimizing query performance using SmartObserve indexing
Scheduled Query Acceleration
Connecting Prometheus to SmartObserve
Query Workbench
Dashboards Query Language (DQL)
Custom branding
Integrations in SmartObserve Dashboards
Configuring CSP rules for frame ancestors
Search telemetry
Security in SmartObserve
Configuration
Best practices
System indexes
Setting up a demo configuration
Configuring the Security backend
Modifying the YAML files
Configuring TLS certificates
Generating self-signed certificates
Applying changes to configuration files
Security configuration versioning
API rate limiting
Configuring sign-in options
Disabling and enabling the Security plugin
SmartObserve keystore
Authentication backends
HTTP basic authentication
JSON Web Token
OpenID Connect
SAML
Active Directory and LDAP
Proxy-based authentication
Client certificate authentication
Kerberos
Access control
REST layer authorization
Defining users and roles
Document-level security
Field-level security
Field masking
User impersonation
Permissions
Default action groups
API
Authorization tokens
Anonymous authentication
Audit logs
Audit log field reference
Audit log storage types
SmartObserve Dashboards multi-tenancy
Multi-tenancy configuration
Dynamic configuration in SmartObserve Dashboards
Multi-tenancy aggregate view for saved objects
Security analytics
SmartObserve Security for Security Analytics
Setting up Security Analytics
Working with log types
Creating detectors
Creating correlation rules
Supported log types
AD LDAP
Amazon S3
Apache Access
AWS CloudTrail
Azure
DNS
GitHub
Google Workspace
Linux
Microsoft 365
NetFlow
Network
Okta
VPC Flow
WAF
Windows
Other log type mappings
Using Security Analytics
The Overview page
Working with detectors
Working with findings
Working with detection rules
Working with the correlation graph
Working with alerts
API tools
Detector APIs
Rule APIs
Mappings APIs
Alerts and findings APIs
Correlation engine APIs
Log type APIs
Threat intelligence
Getting started
Threat intelligence APIs
Monitor API
Source API
Alerts and Findings API
Security Analytics settings
Mappings and field types
Mapping parameters
Analyzer
Boost
Coerce
Copy to
Doc values
Dynamic
Eager global ordinals
Enabled
Ignore malformed
Ignore above
Format
Index
Index options
Index phrases
Index prefixes
Meta
Fields
Normalizer
Norms
Null value
Position increment gap
Properties
Search analyzer
Similarity
Store
Term vector
Supported field types
Alias
Binary
Numeric field types
Unsigned long
k-NN vector
Spaces
Methods and engines
Memory-optimized vectors
Semantic
Sparse vector
Boolean
Date field types
Date
Date nanoseconds
IP address
Range field types
Object field types
Object
Nested
Flat object
Join
String field types
Keyword
Text
Match-only text
Wildcard
Token count
Constant keyword
Autocomplete field types
Completion
Search as you type
Geographic field types
Geopoint
Geoshape
Cartesian field types
xy point
xy shape
Rank field types
Star-tree
Derived
Percolator
Metadata fields
Field names
ID
Index
Ignored
Meta
Routing
Source
Text analysis
Analyzers
Index analyzers
Search analyzers
Creating a custom analyzer
Standard analyzer
Fingerprint analyzer
Keyword analyzer
Pattern analyzer
Simple analyzer
Stop analyzer
Whitespace analyzer
DL model analyzers
Language analyzers
Arabic
Armenian
Basque
Bengali
Brazilian
Bulgarian
Catalan
CJK
Czech
Danish
Dutch
English
Estonian
Finnish
French
Galician
German
Greek
Hindi
Hungarian
Irish
Indonesian
Italian
Latvian
Lithuanian
Norwegian
Persian
Portuguese
Romanian
Russian
Sorani
Spanish
Swedish
Thai
Turkish
Phone number analyzers
Tokenizers
Character group
Classic
Edge n-gram
Keyword
Letter
Lowercase
N-gram
Path hierarchy
Pattern
Simple pattern
Simple pattern split
Standard
Thai
UAX URL email
Whitespace
Token filters
Apostrophe
ASCII folding
CJK bigram
CJK width
Classic
Common grams
Condition
Decimal digit
Delimited payload
Delimited term frequency
Dictionary decompounder
Edge n-gram
Elision
Fingerprint
Flatten graph
Hunspell
Hyphenation decompounder
Keep types
Keep words
Keyword marker
Keyword repeat
KStem
Kuromoji completion
Length
Limit
Lowercase
Min hash
Multiplexer
N-gram
Normalization
Pattern capture
Pattern replace
Phonetic
Predicate token filter
Porter stem
Remove duplicates
Reverse
Shingle
Snowball
Stemmer
Stemmer override
Stop
Synonym
Synonym graph
Trim
Truncate
Unique
Uppercase
Word delimiter
Word delimiter graph
Character filters
HTML strip
Mapping
Pattern replace
Normalizers
Stemming
Token graphs
Query DSL
Query and filter context
Term-level and full-text queries compared
Term-level queries
Term
Terms
Terms set
IDs
Range
Prefix
Exists
Fuzzy
Wildcard
Regexp
Full-text queries
Match
Match Boolean prefix
Match phrase
Match phrase prefix
Multi-match
Query string
Simple query string
Intervals
Compound queries
Boolean
Boosting
Constant score
Disjunction max
Function score
Hybrid
Geographic and xy queries
Geo-bounding box
Geodistance
Geopolygon
Geoshape
xy
Joining queries
Has child
Has parent
Nested
Parent ID
Span queries
Span containing
Span field masking
Span first
Span multi-term
Span near
Span not
Span or
Span term
Span within
Match all queries
Specialized queries
Agentic
Distance feature
k-NN
k-NN query explain
More like this
Neural
Neural sparse
Percolate
Script query
Script score
Template
Rank feature
Wrapper
Minimum should match
Rewrite
Regular expression syntax
Aggregations
Metric aggregations
Average
Cardinality
Extended stats
Geobounds
Geocentroid
Matrix stats
Maximum
Median absolute deviation
Minimum
Percentile ranks
Percentile
Scripted metric
Stats
Sum
Top hits
Value count
Weighted average
Bucket aggregations
Adjacency matrix
Auto-interval date histogram
Children
Composite
Date histogram
Date range
Diversified sampler
Filter
Filters
Geodistance
Geohash grid
Geohex grid
Geotile grid
Global
Histogram
IP range
Missing
Multi-terms
Nested
Parent
Range
Rare terms
Reverse nested
Sampler
Significant terms
Significant text
Terms
Pipeline aggregations
Average bucket
Bucket script
Bucket selector
Bucket sort
Cumulative sum
Derivative
Extended stats bucket
Maximum bucket
Minimum bucket
Moving average
Moving function
Percentiles bucket
Serial differencing
Stats bucket
Sum bucket
Search features
Search options
Paginate results
Point in Time
Sort results
Filter results
Collapse search results
Highlight query matches
Autocomplete
Did-you-mean
Retrieve inner hits
Retrieve specific fields
Search shard routing
Keyword search
Learning to Rank
ML ranking core concepts
Scope of the plugin
Working with features
Feature engineering
Logging feature scores
Uploading trained models
Optimizing search with LTR
Advanced functionality
Common issues
Cross-cluster search
Search relevance
Search Relevance Workbench
Query sets
Search configurations
Judgments
Comparing single queries
Comparing search results
Comparing query sets
Evaluating search quality
Optimizing hybrid search
Exploring search evaluation results
Reranking search results
Reranking using a cross-encoder model
Reranking by a field
Reranking by a field using a cross-encoder
Reranking by a field using a late interaction model
Query rewriting
Template queries
Querqy
User Behavior Insights
UBI index schemas
UBI JavaScript Collector
Example UBI query DSL queries
Sample UBI SQL queries
UBI dashboard tutorial
Using UBI in Amazon SmartObserve Service
Search pipelines
Creating a search pipeline
Using a search pipeline
Retrieving search pipelines
Debugging a search pipeline
Deleting search pipelines
User-defined search processors
Collapse
Hybrid score explanation
Filter query
ML inference (request)
ML inference (response)
Neural query enricher
Neural sparse query two-phase
Normalization
Oversample
Personalize search ranking
Rename field
Rerank
Retrieval-augmented generation
Score ranker
Script
Sort
Split
Truncate hits
System-generated search processors
Search pipeline metrics
Improving search performance
Asynchronous search
Asynchronous search security
Settings
Concurrent segment search
Star-tree index
Caching
Index request cache
Tiered cache
Field data cache
SQL and PPL
SQL and PPL API
Response formats
SQL and PPL CLI
SQL
Basic Queries
Complex Queries
Functions
JSON Support
Metadata Queries
Aggregate Functions
Delete
JDBC Driver
ODBC Driver
PPL
Syntax
Commands
Subsearch
Identifiers
Data types
Functions
Full-Text Search
Settings
Troubleshooting
Monitoring
Limitations
Vector search
Getting started
Vector search basics
Preparing vectors
Generating embeddings automatically
Concepts
Vector search techniques
Approximate k-NN search
Exact k-NN search with a scoring script
Painless extensions
Creating a vector index
Ingesting data
Text chunking
Searching data
AI search
Semantic search
Multimodal search
Hybrid search
Using sorting with a hybrid query
Paginating hybrid query results
Hybrid search with search_after
Collapsing hybrid query results
Hybrid search with post-filtering
Combining hybrid search and aggregations
Using inner hits in hybrid queries
Hybrid search explain
Neural sparse search
Generating sparse vector embeddings automatically
Using custom configurations for neural sparse search
Neural sparse search using raw vectors
Neural sparse ANN search
Conversational search with RAG
Agentic search
Configuring agents
Using flow agents
Using conversational agents
Configuring agents for semantic search
Adding search templates
Using external MCP servers
Building AI search workflows in SmartObserve Dashboards
Configuring AI search types
Configuring agentic search
Filtering data
Efficient k-NN filtering
Post-filtering
Scoring script filter
Filtering in neural sparse ANN search
Specialized vector search
Nested field search
Radial search
Vector search with MMR reranking
Optimizing vector storage
Vector quantization
Lucene scalar quantization
Faiss 16-bit scalar quantization
Faiss product quantization
Binary quantization
Disk-based vector search
Memory-optimized search
Performance tuning
Indexing performance tuning
Search performance tuning
Remote index build
LLM framework integration
Vector search API
k-NN API
Neural Search API
Settings
Machine learning
Integrating ML models
Model access control
Using ML models within SmartObserve
Custom models
Pretrained models
GPU acceleration
Connecting to externally hosted models
Connectors
Supported connectors
Connector blueprints
Guardrails
Batch ingestion
Asynchronous batch ingestion
Managing ML models in SmartObserve Dashboards
Agents and tools
Agents and tools tutorial
Agents
Flow agents
Conversational flow agents
Conversational agents
Plan-execute-reflect agents
Tools
Agent tool
Connector tool
Create Anomaly Detector tool
Data Distribution tool
Index Mapping tool
List Index tool
Log Pattern tool
Log Pattern Analysis tool
ML Model tool
Query Planning tool
Neural Sparse Search tool
Scratchpad tools
PPL tool
RAG tool
Search Alerts tool
Search Anomaly Detectors tool
Search Anomaly Results tool
Search Index tool
Search Monitors tool
Vector DB tool
Visualization tool
Web Search tool
Using MCP tools
Connecting to an external MCP server
Processor chains
Agentic memory
SmartObserve Assistant Toolkit
Supported algorithms
ML Commons APIs
Model APIs
Register model
Deploy model
Get model
Search model
Update model
Undeploy model
Delete model
Train
Predict
Predict stream
Batch predict
Train and predict
Model group APIs
Register model group
Update model group
Get model group
Search model group
Delete model group
Connector APIs
Create connector
Get connector
Search connector
Update connector
Delete connector
Agent APIs
Register agent
Update agent
Execute agent
Execute stream agent
Get agent
Search agent
Delete agent
MCP server APIs
Register MCP tools
Update MCP tools
List MCP tools
Remove MCP tools
MCP Streamable HTTP Server
Agentic memory APIs
Create memory container
Update memory container
Get memory container
Search memory containers
Delete memory container
Create session
Add agentic memory
Get memory
Update memory
Delete memory
Search memory
Memory APIs
Create or update memory
Get memory
Search memory
Delete memory
Create or update message
Get message
Search message
Get message traces
Controller APIs
Create controller
Get controller
Delete controller
Tasks APIs
Get task
Search task
Delete task
Asynchronous batch ingestion
Execute algorithm
Execute tool
Profile
Stats
ML Commons cluster settings
Automating configurations
Workflow steps
Workflow tutorial
Workflow templates
Workflow settings
Workflow APIs
Create or update a workflow
Get a workflow
Provision a workflow
Get a workflow status
Get workflow steps
Search for a workflow
Search for a workflow state
Deprovision a workflow
Delete a workflow
Workflow template security
Monitoring your cluster
Job Scheduler
Jobs API
Locks API
Metrics framework
Performance Analyzer
API
Create PerfTop Dashboards
Metrics Reference
Root Cause Analysis
API
RCA Reference
Hot shard identification
Observability
Observability security
Application analytics
Event analytics
Log ingestion
Query insights
Top N queries
Live queries
Grouping top N queries
Query metrics
Query Insights plugin health
Query insights dashboards
Metric analytics
Trace Analytics
Getting Started
Trace Analytics plugin for SmartObserve Dashboards
Analyzing Jaeger trace data
Distributed tracing
Notebooks
Operational panels
Alerting
Monitors
Per query and per bucket monitors
Per cluster metrics monitors
Per document monitors
Composite monitors
Triggers
Actions
Management
Alerting security
API
Cron
Adding comments
Alerting dashboards and visualizations
Anomaly detection
Anomaly detection API
Settings
Anomaly result mapping
Anomaly detection security
Anomaly detection visualizations and dashboards
Configuring anomaly alerting
Forecasting
Getting started with forecasting
Managing forecasters
Forecasting security
Forecasting API
Notifications
API
Simple Schema for Observability
Cross-cluster search
Reporting
Reporting using SmartObserve Dashboards
Reporting using the CLI
Download and install the Reporting CLI tool
Create and request visualization reports
Schedule reports with the cron utility
Reporting CLI options
Schedule reports with AWS Lambda
Use environment variables with the Reporting CLI
Tools
SmartObserve CLI
Logstash
Logstash execution model
Read from SmartObserve
Ship events to SmartObserve
Common filter plugins
Advanced configurations
Terraform
Grafana
Sycamore
API reference
Analyze API
CAT APIs
CAT aliases
CAT allocation
CAT count
CAT field data
CAT health
CAT indices
CAT cluster manager
CAT nodeattrs
CAT nodes
CAT pending tasks
CAT PIT segments
CAT recovery
CAT plugins
CAT repositories
CAT segment replication
CAT segments
CAT shards
CAT snapshots
CAT tasks
CAT templates
CAT thread pool
Cluster APIs
Cluster allocation explain
Cluster decommission
Cluster health
Cluster pending tasks
Cluster reroute
Cluster settings
Cluster routing and awareness
Cluster state
Cluster stats
Cluster information
Remote cluster information
Shard stores
Voting configuration exclusions
gRPC APIs
Bulk (gRPC)
Search (gRPC)
k-NN (gRPC)
Document APIs
Index document
Get document
Update document
Delete document
Bulk
Streaming bulk
Multi-get documents
Update by query
Delete by query
Reindex documents
Term vectors
Multi term vectors
Pull-based ingestion
Pull-based ingestion management
Index APIs
Alias
Blocks
Clear cache
Clone index
Close index
Create or update component template
Create or update index template
Create index
Dangling indexes
Data stream stats
Delete index template
Delete index
Delete template (deprecated)
Index exists
Flush
Force merge
Get index template
Get index
Get settings
Get template (deprecated)
Index template exists
Open index
Create or update mappings
Post template (deprecated)
Put template (deprecated)
Recovery
Refresh index
Resolve index
Roll over index
Scale
Segment
Shard allocation
Shrink index
Simulate index templates
Split index
Stats
Template exists (deprecated)
Create or update alias
Update settings
Ingest APIs
List API
List shards
List indices
Nodes APIs
Nodes info
Nodes stats
Nodes hot threads
Nodes usage
Nodes reload secure settings
Script APIs
Execute inline script
Create or update stored script
Execute stored script
Get stored script
Delete stored script
Get script languages
Get script contexts
Search APIs
Search
Multi-search
Point in Time
Scroll
Count
Explain
Field capabilities
Profile
Ranking evaluation
Search shards
Validate query
Search templates
Render template
Multi-search template
Security APIs
Authentication APIs
Authentication Information API
Change Password API
Configuration APIs
Upgrade Check API
Upgrade Perform API
Update Security Configuration API
Get Configuration API
Patch Configuration API
Snapshot APIs
Register snapshot repository
Get snapshot repository
Delete snapshot repository
Verify snaphot repository
Create Snapshot
Get snapshot
Delete snapshot
Get snapshot status
Restore Snapshot
Clone snapshot
Cleanup snapshot repository
Tasks APIs
List tasks
Get task
Cancel tasks
Rethrottle
Supported units
Common REST parameters
Popular APIs
Troubleshooting
Troubleshoot securityadmin.sh
Troubleshoot TLS
Troubleshoot SAML
Troubleshoot OpenID Connect
Developer documentation
Plugin as a service
Extensions
ML Commons APIs
Tasks APIs
Tasks APIs
ML Commons supports the following Tasks APIs:
Get task
Delete task