Elasticsearch is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage Elasticsearch resources. ActionTrail can deliver management events to Logstores in Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and locate the causes of issues.
ActionTrail generates management events when you manage cloud resources by using APIs or the Alibaba Cloud Management Console. The following table describes the management events of Elasticsearch that you can query in the ActionTrail console.
Event name | Description |
ActivateZones | Restores the nodes in a disabled zone for an Elasticsearch cluster. |
AddConnectableCluster | Establishes a network connection between two Elasticsearch clusters. |
AddSnapshotRepo | Creates a shared OSS repository for an Elasticsearch cluster. |
CancelDeletion | Disables release protection for an Elasticsearch cluster. |
CancelLogstashDeletion | Disables release protection for a Logstash cluster. |
CancelTask | Cancels a data migration task of an Elasticsearch cluster. |
CloseDiagnosis | Disables intelligent O&M for an Elasticsearch cluster. |
CloseHttps | Disables HTTPS for an Elasticsearch cluster. |
CloseManagedIndex | Disables index hosting for an Elasticsearch cluster. |
CreateCollector | Creates a Beats shipper. |
CreateComponentIndex | Creates a composable index template. |
CreateDataStream | Creates a data stream. This operation is available only for Elasticsearch clusters of the Advanced Edition. |
CreateDataTasks | Creates an index migration task. |
CreateILMPolicy | Creates an index lifecycle policy. |
CreateIndexTemplate | Creates an index template. |
createInstance | Creates an Elasticsearch cluster. |
CreateLogstash | Creates a Logstash cluster. |
CreatePipelines | Creates a pipeline in a Logstash cluster. |
CreateSnapshot | Creates manual snapshots for an Elasticsearch cluster. |
CreateVpcEndpoint | Creates an endpoint in the virtual private cloud (VPC) within the Elasticsearch service account. |
DeactivateZones | Disables one or more zones where a multi-zone Elasticsearch cluster resides and migrates the nodes in the disabled zones to other zones. |
DeleteCollector | Deletes a Beats shipper. |
DeleteComponentIndex | Deletes a composable index template. |
DeleteConnectedCluster | Disconnects an Elasticsearch cluster from another Elasticsearch cluster. |
DeleteDataStream | Deletes a data stream for a specified index in an Elasticsearch cluster. |
DeleteDataTask | Deletes a data migration task of an Elasticsearch cluster. |
DeleteDeprecatedTemplate | Deletes a historical index template for an Elasticsearch cluster. |
DeleteILMPolicy | Deletes an index lifecycle policy. |
DeleteIndexTemplate | Deletes an index template. |
DeleteInstance | Releases a pay-as-you-go Elasticsearch cluster. |
DeleteLogstash | Releases a pay-as-you-go Logstash cluster. |
DeletePipelines | Deletes a specified pipeline in a Logstash cluster. |
DeleteSnapshotRepo | Deletes a shared OSS repository for an Elasticsearch cluster. |
DeleteVpcEndpoint | Deletes an endpoint in the VPC within the Elasticsearch service account. |
DescribeAckOperator | Queries the information about ES-operator that is installed for a specified Container Service for Kubernetes (ACK) cluster. |
DescribeApm | Queries the details of a specified APM Server instance. |
DescribeCollector | Queries the details of a Beats shipper. |
DescribeComponentIndex | Queries the details of a composable index template. |
DescribeConnectableClusters | Queries the Elasticsearch clusters that can be connected to the current Elasticsearch cluster. |
DescribeDynamicSettings | Queries the dynamic configurations of an Elasticsearch cluster. |
DescribeElasticsearchHealth | Queries the health status of an Elasticsearch cluster. |
DescribeILMPolicy | Queries the details of an index lifecycle policy. |
DescribeIndexTemplate | Queries the details of an index template. |
DescribeInstance | Queries the details of an Elasticsearch cluster, such as cluster configurations and network configurations. |
DescribeKibanaSettings | Queries the configurations of the Kibana node in an Elasticsearch cluster. |
DescribeLogstash | Queries the details of a specified Logstash cluster. |
DescribePipeline | Queries the details of a pipeline in a Logstash cluster. |
DescribePipelineManagementConfig | Queries the management configurations of pipelines in a Logstash cluster. |
DescribeRegions | Queries the regions where Elasticsearch is available. |
DescribeSnapshotSetting | Queries the data backup configurations of an Elasticsearch cluster. |
DescribeTemplates | Queries scenario-based templates for an Elasticsearch cluster. |
DescribeXpackMonitorConfig | Queries the configurations of the X-Pack Monitoring feature of a Logstash cluster. |
EstimatedLogstashRestartTime | Queries the estimated time that is required to restart a Logstash cluster. |
EstimatedRestartTime | Queries the estimated time that is required to restart an Elasticsearch cluster. |
GetClusterDataInformation | Queries the metadata information about an Elasticsearch cluster. |
GetElastictask | Queries auto scaling rules configured for an Elasticsearch cluster. |
GetOpenStoreUsage | Queries the storage capacity and usage of an OpenStore instance. |
GetSuggestShrinkableNodes | Queries nodes that can be removed from an Elasticsearch cluster. |
GetTransferableNodes | Queries nodes from which data can be migrated in an Elasticsearch cluster. |
InitializeOperationRole | Creates a service-linked role. |
InstallAckOperator | Installs Elasticsearch-operator for an ACK cluster when you install a Beats shipper on the ACK cluster. |
InstallKibanaSystemPlugin | Installs a built-in plug-in for Kibana. |
InstallLogstashSystemPlugin | Installs a built-in plug-in for a Logstash cluster. |
InstallSystemPlugin | Installs a built-in plug-in for an Elasticsearch cluster. |
InstallUserPlugins | Installs a custom plug-in for an Elasticsearch cluster. |
InterruptElasticsearchTask | Suspends a change task of an Elasticsearch cluster. |
InterruptLogstashTask | Suspends a change task of a Logstash cluster. |
ListAckClusters | Queries all available ACK clusters when you install a Beats shipper on an ACK cluster. |
ListAckNamespaces | Queries namespaces in an ACK cluster when you install a Beats shipper on the ACK cluster. |
ListAllNode | Queries the information about all nodes in an Elasticsearch cluster. |
ListAlternativeSnapshotRepos | Queries the shared OSS repositories that can be configured for an Elasticsearch cluster. |
ListApm | Queries APM Server instances. |
ListAvailableEsInstanceIds | Queries the Elasticsearch clusters that can be associated with a Logstash cluster when you configure the X-Pack Monitoring feature for the Logstash cluster. |
ListCollectors | Queries Beats shippers. |
ListComponentIndices | Queries composable index templates. |
ListConnectedClusters | Queries the Elasticsearch clusters that are connected to the current Elasticsearch cluster. |
ListDataStreams | Queries the data streams of an Elasticsearch cluster. |
ListDataTasks | Queries data migration tasks of an Elasticsearch cluster. |
ListDefaultCollectorConfigurations | Queries the initial default settings of a Beats shipper. |
ListDeprecatedTemplates | Queries historical index templates. |
ListDictInformation | Queries and verifies the details of the dictionary object stored in OSS when you upload the object to an Elasticsearch cluster. |
ListDicts | Queries the details of a specified type of dictionary and the link that is generated based on the related signature to download the dictionary. |
ListEcsInstances | Queries all available Elastic Compute Service (ECS) instances when you install a Beats shipper on an ECS instance. |
ListExtendfiles | Updates the third-party libraries of a Logstash cluster. |
ListILMPolicies | Queries existing index lifecycle policies. |
ListIndexTemplates | Queries existing index templates. |
ListInstanceHistoryEvents | Queries events for hardware O&M triggered by an Elasticsearch cluster. |
ListInstanceIndices | Queries indexes in an Elasticsearch cluster. |
ListKibanaPlugins | Queries Kibana plug-ins. |
ListLogstash | Queries the details of all or specific Logstash clusters. |
ListLogstashLog | Queries the logs of a Logstash cluster. |
ListLogstashPlugins | Queries the details of all or specific Logstash plug-ins. |
ListNodes | Queries the statuses of ECS instances on which a Beats shipper is installed. |
ListPipeline | Queries the pipelines of a Logstash cluster. |
ListPipelineIds | Queries the IDs of pipelines in a Logstash cluster. |
ListPlugins | Queries the plug-ins of an Elasticsearch cluster. |
ListSearchLog | Queries the logs of an Elasticsearch cluster. |
ListShardRecoveries | Queries the information about shards that are being restored or shards that are restored in an Elasticsearch cluster. |
ListSnapshotReposByInstanceId | Queries the shared OSS repositories configured for an Elasticsearch cluster. |
ListTagResources | Queries the tags that are added to one or more resources. |
ListTags | Queries all visible user tags. |
ListVpcEndpoints | Queries the statuses of endpoints in the VPC within the Elasticsearch service account. |
MigrateToOtherZone | Migrates nodes in an Elasticsearch cluster from one zone to another zone. |
ModifyDeployMachine | Updates the ECS instances on which a Beats shipper is installed. |
ModifyElastictask | Updates auto scaling rules configured for an Elasticsearch cluster. |
ModifyInstanceMaintainTime | Enables and modifies the maintenance window of an Elasticsearch cluster. |
ModifyWhiteIps | Updates the IP address whitelist of an Elasticsearch cluster. |
MoveResourceGroup | Changes the resource group to which an Elasticsearch cluster belongs. |
OpenDiagnosis | Enables intelligent O&M for an Elasticsearch cluster. |
OpenHttps | Enables HTTPS for an Elasticsearch cluster. |
PostEmonTryAlarmRule | Sends alert notifications for testing. |
RebootInstanceNode | Restarts a node in an Elasticsearch cluster. The node is an ECS instance. |
RecommendTemplates | Queries configurations recommended for an Elasticsearch cluster. |
ReinstallCollector | Installs a Beats shipper that fails to be installed when you create the shipper. |
RemoveApm | Deletes an APM Server instance. |
RenewInstance | Renews a subscription Elasticsearch cluster. |
RestartCollector | Restarts a Beats shipper. |
RestartInstance | Restarts an Elasticsearch cluster. |
RestartLogstash | Restarts a Logstash cluster. |
ResumeElasticsearchTask | Resumes a change task of an Elasticsearch cluster. |
ResumeLogstashTask | Resumes a change task of a Logstash cluster. |
RolloverDataStream | Rolls over indexes for a data stream. |
RunPipelines | Runs pipelines in a Logstash cluster. |
ShrinkNode | Scales in an Elasticsearch cluster. |
StartApm | Starts an APM Server instance. |
StartCollector | Starts a Beats shipper. |
StopApm | Stops an APM Server instance. |
StopCollector | Stops a Beats shipper that is running. |
StopPipelines | Stops Logstash pipelines that are running. |
TagResources | Adds tags to resources. |
TransferNode | Runs a data migration task for an Elasticsearch cluster. |
TriggerNetwork | Enables or disables the Public Network Access or Private Network Access feature for Elasticsearch or Kibana. |
UninstallKibanaPlugin | Removes a Kibana plug-in. |
UninstallLogstashPlugin | Removes a Logstash plug-in. |
UninstallPlugin | Removes an Elasticsearch plug-in. |
UntagResources | Removes tags from resources. |
UpdateAdminPassword | Updates the password of the elastic account of an Elasticsearch cluster. |
UpdateAdvancedSetting | Updates the garbage collector (GC) configurations of an Elasticsearch cluster. |
UpdateAliwsDict | Updates the dictionary file of the analysis-aliws plug-in. |
UpdateApm | Updates the configurations of an APM Server instance. |
UpdateCollector | Updates the configurations of a Beats shipper. |
UpdateCollectorName | Updates the name of a Beats shipper. |
UpdateComponentIndex | Updates the configurations of a composable index template. |
UpdateDescription | Updates the name of an Elasticsearch cluster. |
UpdateDiagnosisSettings | Updates configurations for intelligent O&M for an Elasticsearch cluster. |
UpdateDict | Performs a standard update for dictionaries, including the built-in IK main dictionary and stopword list of the analysis-ik plug-in. |
UpdateExtendConfig | Updates the configurations of a scenario-based template for an Elasticsearch cluster. |
UpdateExtendfiles | Updates the third-party libraries of a Logstash cluster. |
UpdateHotIkDicts | Performs a rolling update for dictionaries, including the built-in IK main dictionary and stopword list of the analysis-ik plug-in. |
UpdateILMPolicy | Updates the configurations of an index lifecycle policy of an Elasticsearch cluster. |
UpdateIndexTemplate | Updates the configurations of an index template for an Elasticsearch cluster. |
UpdateInstance | Updates the configurations of an Elasticsearch cluster. |
UpdateInstanceChargeType | Switches the billing method of an Elasticsearch cluster from pay-as-you-go to subscription. |
UpdateInstanceSettings | Updates the configurations in the YML file of an Elasticsearch cluster. |
UpdateKibanaSettings | Updates the configurations of Kibana. |
UpdateKibanaWhiteIps | Updates the IP address allowlist that controls access to the Kibana console of an Elasticsearch cluster. |
UpdateLogstash | Updates some information about a Logstash cluster, such as the number of nodes, specifications of each node, name, and hard disk size. |
UpdateLogstashDescription | Updates the name of a Logstash cluster. |
UpdateLogstashSettings | Updates the configurations of a Logstash cluster. |
UpdatePipelineManagementConfig | Updates the management method of pipelines in a Logstash cluster. |
UpdatePipelines | Updates the information about pipelines in a Logstash cluster. |
UpdatePrivateNetworkWhiteIps | Updates the private IP address allowlist of an Elasticsearch cluster. |
UpdatePublicNetwork | Enables or disables the Public Network Access feature for an Elasticsearch cluster. |
UpdatePublicWhiteIps | Updates the public IP address allowlist of an Elasticsearch cluster. |
UpdateReadWritePolicy | Enables or disables the high availability feature for write operations on an Elasticsearch cluster. You can enable or disable the high availability feature for write operations only for Elasticsearch clusters that reside in the China (Beijing) region. |
UpdateSnapshotSetting | Updates the data backup settings of an Elasticsearch cluster. |
UpdateSynonymsDicts | Updates the synonym dictionary of an Elasticsearch cluster. |
UpdateTemplate | Updates a scenario-based template for an Elasticsearch cluster. |
UpdateWhiteIps | Updates the private IP address allowlist of an Elasticsearch cluster. |
UpdateXpackMonitorConfig | Updates the configurations of the X-Pack Monitoring feature of a Logstash cluster. |
UpgradeEngineVersion | Updates the version or kernel version of an Elasticsearch cluster. |
ValidateConnection | Tests the connectivity between a Logstash cluster and its associated Elasticsearch cluster when you configure the X-Pack Monitoring feature for the Logstash cluster. |
ValidateShrinkNodes | Checks whether specific nodes in an Elasticsearch cluster can be removed. |
ValidateSlrPermission | Checks whether a service-linked role is created. |
ValidateTransferableNodes | Checks whether data stored on specific nodes in an Elasticsearch cluster can be migrated. |