// Ingest and transform data files (CSV/JSON/Parquet/Arrow IPC) into Elasticsearch with stream processing and custom transforms. Use when loading files or batch importing data.
Enable, configure, and query Elasticsearch security audit logs. Use when the task involves audit logging setup, event filtering, or investigating security incidents like failed logins.
Authenticate to Elasticsearch using native, file-based, LDAP/AD, SAML, OIDC, Kerberos, JWT, or certificate realms. Use when connecting with credentials, choosing a realm, or managing API keys.
Manage Elasticsearch RBAC: native users, roles, role mappings, document- and field-level security. Use when creating users or roles, assigning privileges, or mapping external realms like LDAP/SAML.
Execute ES|QL (Elasticsearch Query Language) queries, use when the user wants to query Elasticsearch data, analyze logs, aggregate metrics, explore data, or create charts and dashboards from ES|QL results.
Diagnose and resolve Elasticsearch security errors: 401/403 failures, TLS problems, expired API keys, role mapping mismatches, and Kibana login issues. Use when the user reports a security error.
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", or express interest in extending capabilities.
| name | elasticsearch-file-ingest |
| description | Ingest and transform data files (CSV/JSON/Parquet/Arrow IPC) into Elasticsearch with stream processing and custom transforms. Use when loading files or batch importing data. |
| metadata | {"author":"elastic","version":"0.2.0","source":"elastic/agent-skills//skills/elasticsearch/elasticsearch-file-ingest"} |
Stream-based ingestion and transformation of large data files (NDJSON, CSV, Parquet, Arrow IPC) into Elasticsearch.
Install dependencies and configure environment:
npm install
export ELASTICSEARCH_URL="https://elasticsearch:9200"
export ELASTICSEARCH_API_KEY="<your-api-key>"
Test connection:
node scripts/ingest.js test
node scripts/ingest.js ingest --file /path/to/data.json --target my-index
node scripts/ingest.js ingest --file /path/to/users.csv --source-format csv --target users
node scripts/ingest.js ingest --file /path/to/users.parquet --source-format parquet --target users
node scripts/ingest.js ingest --file /path/to/data.json --target my-index --transform transform.js
node scripts/ingest.js ingest --file /path/to/users.csv --infer-mappings --target users
--target <index> # Target index name
--file <path> # Source file (supports wildcards)
--stdin # Read NDJSON/CSV from stdin
--mappings <file.json> # Mappings file
--infer-mappings # Infer mappings/pipeline from file
--delete-index # Delete target index if exists
--pipeline <name> # Ingest pipeline name
--transform <file.js> # Transform function
--source-format <fmt> # ndjson|csv|parquet|arrow (default: ndjson)
--csv-options <file> # CSV parser options (JSON file)
export default function transform(doc) {
return {
...doc,
full_name: `${doc.first_name} ${doc.last_name}`,
timestamp: new Date().toISOString(),
};
}
Return null to skip a document. Return an array to split into multiple documents.
node scripts/ingest.js test before ingesting.--infer-mappings with --source-format.--source-format csv with --mappings for known field types.