القائمة
Guide for building keyword/full-text search with Elasticsearch. Use when a developer wants text matching, filters, faceted search, autocomplete, or traditional search functionality.
استنادا إلى تصنيف SOC المهني
Register and implement custom workflow steps from an external Kibana plugin using `@kbn/workflows-extensions`. Use when adding or modifying a step type with `registerStepDefinition`, designing input/output/config Zod schemas, implementing `createServerStepDefinition` / `createPublicStepDefinition`, choosing `StepCategory`, building `editorHandlers` (selection / dynamicSchema), wiring `callKibanaApi` / `onCancel`, deciding sync vs async loader registration, updating `APPROVED_STEP_DEFINITIONS`, or reviewing PRs that touch any of these.
Register and implement custom workflow triggers from an external Kibana plugin using `@kbn/workflows-extensions`. Use when adding or modifying an event-driven trigger with `registerTriggerDefinition`, designing `eventSchema` Zod schemas, writing `documentation` and KQL `snippets`, wiring `emitEvent` via request context or `getClient`, choosing sync vs async public loader registration, updating `APPROVED_TRIGGER_DEFINITIONS`, or reviewing PRs that touch any of these. Always ask for the user's plugin id first to locate the correct plugin and file paths.
Register and roll out managed workflows from a Kibana plugin using `@kbn/workflows-extensions` and `@kbn/workflows/managed`. Use when adding or modifying a code-owned workflow definition, `registerManagedWorkflowOwner`, `initManagedWorkflowsClient`, `install` / `uninstall` / `ready`, choosing `lifecycle` / `versionStrategy` / `enablement`, authoring `yaml` vs `yamlTemplate`, space-scoped vs global installs, `getWorkflowStatus`, or `execute`, or reviewing PRs that touch managed workflow definitions or rollout. Always ask for the user's plugin id first to locate the correct plugin and definition file paths.
Implement and quality-check OpenTelemetry metric instrumentation in Kibana code that uses `@kbn/metrics`. Use whenever the user wants to add, change, or review OTel metrics — including any call to `metrics.getMeter`, `meter.createCounter`/`createUpDownCounter`/`createGauge`/`createHistogram`/`createObservable*`/`addBatchObservableCallback`, edits to `kibana.yml` `telemetry.metrics` config, or questions like "is this metric well-designed?", "what should I name this counter?", or "which instrument type is right here?". Trigger this skill even when the user does not say "OTel" or "OpenTelemetry" but is clearly adding observability to Kibana server code and already knows what they want to measure.
Primary guided playbook for Elasticsearch search in Kibana Agent Builder: intent → data → mapping → Dev Tools API snippets (SENSE), with one question at a time. Load this skill whenever the user wants to learn Elasticsearch search, get started, begin building, take first steps, onboard, follow a walkthrough or tutorial, go from zero to a working query, or get structured help setting up indices and search — including casual openers like hi, help, getting started, new to Elasticsearch, how do I build search, or I want to try search. Use when they need end-to-end onboarding, not a single narrow API answer. If they only ask what they can build with Elastic (exploration without the full playbook), prefer invoking /use-case-library first; you can still load this skill afterward for the guided build.
Topic-driven, hands-on Elasticsearch tutorial flow that runs in Kibana Dev Console. Use whenever the user says "walk me through", "give me a tutorial for", "teach me", "show me how X works", "tutorial on", or similar topical learning intent — and they are NOT asking you to build their real, specific use case. Topics are open-ended: any Elasticsearch / Kibana search concept the user names (e.g. mappings, analyzers, bool queries, semantic_text, kNN, RRF, aggregations, ingest pipelines, reranking, data streams, ES|QL). Tutorials use sample data on isolated resources, present every step as a SENSE snippet to run in Dev Tools, and end with cleanup plus pointers to docs and the onboarding / pattern skills.
| name | keyword-search |
| description | Guide for building keyword/full-text search with Elasticsearch. Use when a developer wants text matching, filters, faceted search, autocomplete, or traditional search functionality. |
Guide developers through building full-text keyword search with Elasticsearch. Use this guide when they need text matching, filters, faceting, autocomplete, or traditional search-bar behavior.
This skill provides deep implementation detail for keyword search. It is not the main conversation driver.
After applying the guidance here, re-read /elasticsearch-onboarding to resume the structured onboarding playbook (Steps 1–7: intent → data → mapping → build → test → iterate). That playbook controls sequencing, the one-question-at-a-time rule, and the Dev Tools API-snippet workflow. If /elasticsearch-onboarding has not been loaded yet in this conversation, load it now — it is the primary conversation flow for all Elasticsearch search onboarding.
Apply this guide when the developer signals:
Do not use this guide when: natural language queries return poor results, user expects meaning-based matching, or multilingual semantic similarity is needed. Point them to the vector-hybrid-search approach instead.
Create a mapping with text fields (for full-text search), keyword sub-fields (for exact filtering and sorting), and completion fields (for autocomplete).
Example: products index
PUT /products
{
"mappings": {
"properties": {
"title": {
"type": "text",
"fields": {
"keyword": { "type": "keyword" }
},
"analyzer": "standard"
},
"description": {
"type": "text",
"fields": {
"keyword": { "type": "keyword" }
},
"analyzer": "standard"
},
"category": {
"type": "keyword"
},
"brand": {
"type": "keyword"
},
"price": { "type": "float" },
"rating": { "type": "float" },
"created_at": { "type": "date" },
"title_suggest": {
"type": "completion",
"analyzer": "simple",
"preserve_separators": true,
"preserve_position_increments": true,
"max_input_length": 50
}
}
}
}
title and description are searchable; title.keyword and description.keyword support exact match, sorting, aggregations.category, brand use for filters and faceting.title_suggest powers autocomplete.Synonyms (optional): Add a custom analyzer with synonyms if needed:
{
"settings": {
"analysis": {
"analyzer": {
"synonym_analyzer": {
"tokenizer": "standard",
"filter": ["lowercase", "synonym_filter"]
}
},
"filter": {
"synonym_filter": {
"type": "synonym",
"synonyms": ["wireless, bluetooth => wireless"]
}
}
}
}
}
Use the bulk API with error handling. Index documents in batches.
from elasticsearch import Elasticsearch, helpers
es = Elasticsearch(cloud_id="...", api_key="...")
def index_products(documents: list[dict]) -> tuple[int, list]:
"""Index documents into products index. Returns (success_count, errors)."""
actions = []
for doc in documents:
doc["title_suggest"] = {"input": doc.get("title", "").split()}
actions.append({
"_index": "products",
"_source": doc
})
success, errors = helpers.bulk(
es,
actions,
raise_on_error=False,
raise_on_exception=False,
request_timeout=30
)
if errors:
for err in errors:
if "index" in err and err["index"].get("error"):
print(f"Error indexing doc: {err['index']['error']}")
return success, errors
GET /products/_search
{
"query": {
"match": {
"title": "wireless headphones"
}
}
}
GET /products/_search
{
"query": {
"multi_match": {
"query": "wireless headphones",
"fields": ["title^2", "description"],
"type": "best_fields",
"operator": "or"
}
}
}
GET /products/_search
{
"query": {
"bool": {
"must": [
{ "match": { "title": "wireless headphones" } }
],
"filter": [
{ "term": { "category": "electronics" } },
{ "range": { "price": { "gte": 50, "lte": 500 } } }
]
}
}
}
GET /products/_search
{
"query": {
"match": {
"title": {
"query": "wirless headphons",
"fuzziness": "AUTO"
}
}
}
}
GET /products/_search
{
"suggest": {
"title-suggest": {
"prefix": "wire",
"completion": {
"field": "title_suggest",
"skip_duplicates": true,
"size": 10
}
}
}
}
GET /products/_search
{
"query": { "match": { "title": "wireless headphones" } },
"highlight": {
"fields": {
"title": {},
"description": {}
}
}
}
GET /products/_search
{
"query": { "match_all": {} },
"from": 20,
"size": 10,
"sort": [{ "price": "asc" }]
}
ES|QL supports filtering and sorting. Use for simple filter + sort queries:
FROM products
| WHERE category == "electronics" AND price >= 50 AND price <= 500
| SORT rating DESC
| LIMIT 20
For full-text search, match queries, or fuzzy matching, ES|QL does not yet support these; use Query DSL.
Wrap the search in a Flask endpoint:
from flask import Flask, request, jsonify
from elasticsearch import Elasticsearch
app = Flask(__name__)
es = Elasticsearch(cloud_id="...", api_key="...")
@app.route("/search", methods=["GET"])
def search():
q = request.args.get("q", "")
category = request.args.get("category")
min_price = request.args.get("min_price", type=float)
max_price = request.args.get("max_price", type=float)
page = request.args.get("page", 1, type=int)
size = request.args.get("size", 10, type=int)
must = [{"match": {"title": q}}] if q else []
filter_clauses = []
if category:
filter_clauses.append({"term": {"category": category}})
if min_price is not None:
filter_clauses.append({"range": {"price": {"gte": min_price}}})
if max_price is not None:
filter_clauses.append({"range": {"price": {"lte": max_price}}})
body = {
"query": {
"bool": {
"must": must if must else [{"match_all": {}}],
"filter": filter_clauses
}
},
"from": (page - 1) * size,
"size": size,
"highlight": {"fields": {"title": {}, "description": {}}}
}
resp = es.search(index="products", body=body)
return jsonify({
"hits": [h["_source"] for h in resp["hits"]["hits"]],
"total": resp["hits"]["total"]["value"],
"page": page
})
"fields": ["title^2", "description"] weights title matches higher.{
"query": {
"function_score": {
"query": { "match": { "title": "headphones" } },
"functions": [
{ "field_value_factor": { "field": "rating", "modifier": "log1p" } }
],
"boost_mode": "sum"
}
}
}
| Question | Answer |
|---|---|
| "How do I add filters?" | Add filter clauses to a bool query. Use term for exact match, range for numeric/date ranges. |
| "How do I handle typos?" | Use fuzziness: "AUTO" in match queries, or match_phrase_prefix for prefix matching. |
| "How do I add autocomplete?" | Add a completion field to the mapping, populate it during indexing, use the suggest API. |
| "How do I paginate?" | Use from and size. For deep pagination, prefer search_after with a sort key. |
Suggest hybrid or semantic search when:
Direct the developer to the vector-hybrid-search guide for vector or hybrid search (combining keyword + vector with RRF).