Skip to content

Latest commit

 

History

History
231 lines (157 loc) · 13.8 KB

File metadata and controls

231 lines (157 loc) · 13.8 KB
mapped_pages
applies_to
serverless
ga
products
id
cloud-serverless
navigation_title Project settings

{{serverless-short}} project settings

Project settings are configurations that apply to your entire project, managed from the {{ecloud}} console. While Elastic manages many things for you, you can customize the following aspects of your project:

To manage these settings:

  1. Navigate to cloud.elastic.co.
  2. Log in to your {{ecloud}} account.
  3. Select your project from the Serverless projects panel and click Manage.

Requirements

To edit a project's settings, you must be granted the Admin or Editor role on the project.

Search AI Lake settings [elasticsearch-manage-project-search-ai-lake-settings]

$$$elasticsearch-manage-project-search-power-settings$$$

Once ingested, your data is stored in cost-efficient, general storage. A cache layer is available on top of the general storage for recent and frequently queried data that provides faster search speed. Data in this cache layer is considered search-ready.

Together, these data storage layers form your project’s Search AI Lake.

The total volume of search-ready data is the sum of the following:

  1. The volume of non-time series project data
  2. The volume of time series project data included in the Search Boost Window

::::{note} Time series data refers to any document in standard indices or data streams that includes the @timestamp field. This field must be present for data to be subject to the Search Boost Window setting. ::::

Each project type offers different settings that let you adjust the performance and volume of search-ready data, as well as the features available in your projects.

The documentation in this section describes shared capabilities that are available in multiple solutions. These settings allow you to tune your project settings, but not all functionality as you would have with a self-managed deployment.

$$$elasticsearch-manage-project-search-power-settings$$$

Setting Description Project Type
Search Power Search Power controls the amount of baseline resources kept ready for your data and the maximum amount of resources the system can allocate to your project under high search load.

Increase Search Power to add resources for improved query throughput and performance as load increases. Decrease it to reduce the amount of provisioned resources, which lowers both active search costs and the reduced rate billed during idle periods, at the cost of more variable query latency. The On-demand setting provides the lowest baseline and idle cost.

Choose from three Search Power settings:

On-demand: Low cost option. Query latency is variable and maximum throughput is limited, particularly during demand spikes.

Performant: Delivers low average query latency with no practical query throughput limits to meet varying demand.

High availability: Maintains consistent low query latency across most search workloads, from steady baseline to peak demand.
{{es}}
Search Boost Window Non-time series data is always considered search-ready. The Search Boost Window determines the volume of time series project data that will be considered search-ready.

Increasing the window results in a bigger portion of time series project data included in the total search-ready data volume.
{{es}}
Data Retention Data retention policies determine how long your project data is retained.
In {{serverless-full}} data retention policies are configured through data streams and you can specify different retention periods for specific data streams in your project.

{{elastic-sec}} has two additional configuration settings that can be configured to manage your data retention.

Maximum data retention period

When enabled, this setting determines the maximum length of time that data can be retained in any data streams of this project.

Editing this setting replaces the data retention set for all data streams of the project that have a longer data retention defined. Data older than the new maximum retention period that you set is permanently deleted.

Default data retention period

When enabled, this setting determines the default retention period that is automatically applied to all data streams in your project that do not have a custom retention period already set.
Elasticsearch
Observability
Security
Project features Controls feature tiers and add-on options for your {{elastic-sec}} project. Security

Project features and add-ons [project-features-add-ons]

Project features and add-ons control which capabilities are available in your serverless project and how they are billed. What you can configure depends on your project type:

There are no additional project features or add-ons for {{es-serverless}} projects.

:::{note} In {{serverless-full}}, your organization's {{ecloud}} subscription level controls only the support level you receive, and is not related to the features that you use or have access to. Learn more about subscriptions. :::

{{sec-serverless}} project features [elastic-sec-project-features]

For {{sec-serverless}} projects, edit the Project features to select a feature tier and enable add-on options for specific use cases.

Feature tier Description and add-ons
Elastic AI SOC Engine (EASE) A package of AI-powered tools meant to work with and enhance your existing SOC platforms: triage and correlate alerts from any platform using Attack Discovery, get realtime recommendations and assistance from AI Assistant, and share insights with your other tools.
Security Analytics Essentials A suite of security analytics, detections, investigations, and collaboration tools. Does not include AI-powered tools. Allows these add-ons:
Endpoint Protection Essentials: endpoint protections with {{elastic-defend}}.
Cloud Protection Essentials: Cloud native security features.
Security Analytics Complete Everything in Security Analytics Essentials and EASE, plus advanced features such as entity analytics, threat intelligence, and more. Allows these add-ons:

Endpoint Protection Complete: Everything in Endpoint Protection Essentials plus advanced endpoint detection and response features.
Cloud Protection Complete: Everything in Cloud Protection Essentials plus advanced cloud security features.

:::{tip} For a full feature comparison, upgrading instructions, downgrading information, and more, refer to {{product.serverless-security}} feature tiers. :::

{{obs-serverless}} project features

For {{obs-serverless}} projects, edit the Project features to select a feature tier.

Feature tier Description
Observability Logs Essentials Includes everything you need to store and analyze logs at scale.
Observability Complete Adds full-stack observability capabilities to monitor cloud-native and hybrid environments.

:::{tip} For a full feature comparison, upgrading instructions, and more, refer to {{obs-serverless}} feature tiers. :::

Project tags

Project tags are custom metadata key-value pairs that allow you to categorize and organize your projects. If you're using {{cps}} in {{serverless-full}}, tags also enable routing searches to specific projects.

  • Predefined tags are attributes that Elastic assigns automatically to each project, such as project type, cloud service provider, and region.
  • Custom tags are key-value pairs that you define in the {{ecloud}} console or using the API to further categorize and organize your projects.

Predefined tags

Predefined tags are attributes that Elastic assigns automatically to each project. The following predefined tags are available:

  • _alias: the project alias
  • _csp: the cloud service provider
  • _id: the project identifier
  • _organization: the organization identifier
  • _region: the Cloud region where the project is located
  • _type: the project type (Observability, Search, or Security)

Predefined tags always start with an underscore _.

Custom tags

You can add custom tags for any piece of metadata that might help you to categorize and organize your projects. For example, you might add custom tags to add the following metadata:

  • The team or department that uses the project: dept:finance, dept:marketing, dept:engineering
  • The environment type: env:dev, env:staging, or env:prod

Project tags must start with a letter, and can contain only lowercase letters, numbers, hyphens, and underscores.

Create custom tags

  1. In {{ecloud}}, select your project from the Serverless projects panel and click Manage.
  2. From the Overview page for your project, in the Tags section, click {icon}plus_circle Add tags.
  3. Add a key and value for your custom tag, and then click Add.
  4. When you're finished creating tags, click Save.

To remove a custom tag from a project, reopen the tag management drawer by clicking {icon}plus_circle Add tags.

Custom tags using the {{serverless-full}} API

You can also manage your custom tags through the {{serverless-full}} API.

Add custom tags

You can manage custom tags using the POST or PATCH project endpoints for your project type:

Custom tags are passed as key-value pairs in the metadata.tags property of the request body:

PATCH /api/v1/serverless/projects/elasticsearch/1234 <1>

{
  "metadata": {
    "tags": {
      "dept": "support_eng",
      "env": "staging",
    }
  }
}
  1. /api/v1/serverless/projects/{project-type}/{project-id}
Remove custom tags

To remove a custom tag, pass a null value for that tag:

PATCH /api/v1/serverless/projects/elasticsearch/1234 <1>


{
  "metadata": {
    "tags": {
      "dept": null,
    }
  }
}
  1. /api/v1/serverless/projects/{project-type}/{project-id}

Query by tag

You can query your projects by their predefined or custom tags by adding the desired tags as query parameters:

GET /api/v1/serverless/projects/{type}?tag[key1]=value1&tag[key2]=value2

For example, to query for all {{es}} projects that are staging environments belonging to support_eng:

GET /api/v1/serverless/projects/elasticsearch?tag[env]=staging&tag[dept]=support_eng

To query for all Observability projects that are hosted on GCP:

GET /api/v1/serverless/projects/observability?tag[_csp]=gcp

Connection aliases [elasticsearch-manage-project-connection-aliases]

Connection aliases for your projects enable you to have predictable, human-readable URLs that can be shared easily. The connection alias must be unique for each region, across all accounts. New projects are assigned a default alias derived from the project name.

Update a connection alias for a project

To modify the connection alias for a project:

  1. From the Serverless projects menu, select a project and click Manage.

  2. Locate Connection alias, click Edit.

  3. Define a new alias. Make sure you choose something meaningful to you.

    ::::{tip} Make the alias as unique as possible to avoid collisions. Aliases might have been already claimed by other users for projects in the region. ::::

  4. Select Update alias.

::::{important} Renaming connection aliases might cause disruptions to applications and services that rely on these endpoints. Ensure that you update any references to the old alias to prevent issues. ::::