Set up a time series data stream (TSDS)

Set up a time series data stream (TSDS)

To set up a time series data stream (TSDS), follow these steps:

  1. Check the prerequisites.
  2. Create an index lifecycle policy.
  3. Create an index template.
  4. Create the TSDS.
  5. Secure the TSDS.

Prerequisites

  • Before you create a TSDS, you should be familiar with data streams and TSDS concepts.
  • To follow this tutorial, you must have the following permissions:

    • Cluster privileges: manage_ilm and manage_index_templates.
    • Index privileges: create_doc and create_index for any TSDS you create or convert. To roll over a TSDS, you must have the manage privilege.

Create an index lifecycle policy

While optional, we recommend using ILM to automate the management of your TSDS’s backing indices. ILM requires an index lifecycle policy.

We recommend you specify a max_age criteria for the rollover action in the policy. This ensures the @timestamp ranges for the TSDS’s backing indices are consistent. For example, setting a max_age of 1d for the rollover action ensures your backing indices consistently contain one day’s worth of data.

  1. resp = client.ilm.put_lifecycle(
  2. name="my-weather-sensor-lifecycle-policy",
  3. policy={
  4. "phases": {
  5. "hot": {
  6. "actions": {
  7. "rollover": {
  8. "max_age": "1d",
  9. "max_primary_shard_size": "50gb"
  10. }
  11. }
  12. },
  13. "warm": {
  14. "min_age": "30d",
  15. "actions": {
  16. "shrink": {
  17. "number_of_shards": 1
  18. },
  19. "forcemerge": {
  20. "max_num_segments": 1
  21. }
  22. }
  23. },
  24. "cold": {
  25. "min_age": "60d",
  26. "actions": {
  27. "searchable_snapshot": {
  28. "snapshot_repository": "found-snapshots"
  29. }
  30. }
  31. },
  32. "frozen": {
  33. "min_age": "90d",
  34. "actions": {
  35. "searchable_snapshot": {
  36. "snapshot_repository": "found-snapshots"
  37. }
  38. }
  39. },
  40. "delete": {
  41. "min_age": "735d",
  42. "actions": {
  43. "delete": {}
  44. }
  45. }
  46. }
  47. },
  48. )
  49. print(resp)
  1. const response = await client.ilm.putLifecycle({
  2. name: "my-weather-sensor-lifecycle-policy",
  3. policy: {
  4. phases: {
  5. hot: {
  6. actions: {
  7. rollover: {
  8. max_age: "1d",
  9. max_primary_shard_size: "50gb",
  10. },
  11. },
  12. },
  13. warm: {
  14. min_age: "30d",
  15. actions: {
  16. shrink: {
  17. number_of_shards: 1,
  18. },
  19. forcemerge: {
  20. max_num_segments: 1,
  21. },
  22. },
  23. },
  24. cold: {
  25. min_age: "60d",
  26. actions: {
  27. searchable_snapshot: {
  28. snapshot_repository: "found-snapshots",
  29. },
  30. },
  31. },
  32. frozen: {
  33. min_age: "90d",
  34. actions: {
  35. searchable_snapshot: {
  36. snapshot_repository: "found-snapshots",
  37. },
  38. },
  39. },
  40. delete: {
  41. min_age: "735d",
  42. actions: {
  43. delete: {},
  44. },
  45. },
  46. },
  47. },
  48. });
  49. console.log(response);
  1. PUT _ilm/policy/my-weather-sensor-lifecycle-policy
  2. {
  3. "policy": {
  4. "phases": {
  5. "hot": {
  6. "actions": {
  7. "rollover": {
  8. "max_age": "1d",
  9. "max_primary_shard_size": "50gb"
  10. }
  11. }
  12. },
  13. "warm": {
  14. "min_age": "30d",
  15. "actions": {
  16. "shrink": {
  17. "number_of_shards": 1
  18. },
  19. "forcemerge": {
  20. "max_num_segments": 1
  21. }
  22. }
  23. },
  24. "cold": {
  25. "min_age": "60d",
  26. "actions": {
  27. "searchable_snapshot": {
  28. "snapshot_repository": "found-snapshots"
  29. }
  30. }
  31. },
  32. "frozen": {
  33. "min_age": "90d",
  34. "actions": {
  35. "searchable_snapshot": {
  36. "snapshot_repository": "found-snapshots"
  37. }
  38. }
  39. },
  40. "delete": {
  41. "min_age": "735d",
  42. "actions": {
  43. "delete": {}
  44. }
  45. }
  46. }
  47. }
  48. }

Create an index template

To setup a TSDS create an index template with the following details:

  • One or more index patterns that match the TSDS’s name. We recommend using our data stream naming scheme.
  • Enable data streams.
  • Specify a mapping that defines your dimensions and metrics:

    • One or more dimension fields with a time_series_dimension value of true. Alternatively, one or more pass-through fields configured as dimension containers, provided that they will contain at least one sub-field (mapped statically or dynamically).
    • One or more metric fields, marked using the time_series_metric mapping parameter.
    • Optional: A date or date_nanos mapping for the @timestamp field. If you don’t specify a mapping, Elasticsearch maps @timestamp as a date field with default options.
  • Define index settings:

    • Set index.mode setting to time_series.
    • Your lifecycle policy in the index.lifecycle.name index setting.
    • Optional: Other index settings, such as index.number_of_replicas, for your TSDS’s backing indices.
  • A priority higher than 200 to avoid collisions with built-in templates. See Avoid index pattern collisions.

  • Optional: Component templates containing your mappings and other index settings.
  1. resp = client.indices.put_index_template(
  2. name="my-weather-sensor-index-template",
  3. index_patterns=[
  4. "metrics-weather_sensors-*"
  5. ],
  6. data_stream={},
  7. template={
  8. "settings": {
  9. "index.mode": "time_series",
  10. "index.lifecycle.name": "my-lifecycle-policy"
  11. },
  12. "mappings": {
  13. "properties": {
  14. "sensor_id": {
  15. "type": "keyword",
  16. "time_series_dimension": True
  17. },
  18. "location": {
  19. "type": "keyword",
  20. "time_series_dimension": True
  21. },
  22. "temperature": {
  23. "type": "half_float",
  24. "time_series_metric": "gauge"
  25. },
  26. "humidity": {
  27. "type": "half_float",
  28. "time_series_metric": "gauge"
  29. },
  30. "@timestamp": {
  31. "type": "date"
  32. }
  33. }
  34. }
  35. },
  36. priority=500,
  37. meta={
  38. "description": "Template for my weather sensor data"
  39. },
  40. )
  41. print(resp)
  1. response = client.indices.put_index_template(
  2. name: 'my-weather-sensor-index-template',
  3. body: {
  4. index_patterns: [
  5. 'metrics-weather_sensors-*'
  6. ],
  7. data_stream: {},
  8. template: {
  9. settings: {
  10. 'index.mode' => 'time_series',
  11. 'index.lifecycle.name' => 'my-lifecycle-policy'
  12. },
  13. mappings: {
  14. properties: {
  15. sensor_id: {
  16. type: 'keyword',
  17. time_series_dimension: true
  18. },
  19. location: {
  20. type: 'keyword',
  21. time_series_dimension: true
  22. },
  23. temperature: {
  24. type: 'half_float',
  25. time_series_metric: 'gauge'
  26. },
  27. humidity: {
  28. type: 'half_float',
  29. time_series_metric: 'gauge'
  30. },
  31. "@timestamp": {
  32. type: 'date'
  33. }
  34. }
  35. }
  36. },
  37. priority: 500,
  38. _meta: {
  39. description: 'Template for my weather sensor data'
  40. }
  41. }
  42. )
  43. puts response
  1. const response = await client.indices.putIndexTemplate({
  2. name: "my-weather-sensor-index-template",
  3. index_patterns: ["metrics-weather_sensors-*"],
  4. data_stream: {},
  5. template: {
  6. settings: {
  7. "index.mode": "time_series",
  8. "index.lifecycle.name": "my-lifecycle-policy",
  9. },
  10. mappings: {
  11. properties: {
  12. sensor_id: {
  13. type: "keyword",
  14. time_series_dimension: true,
  15. },
  16. location: {
  17. type: "keyword",
  18. time_series_dimension: true,
  19. },
  20. temperature: {
  21. type: "half_float",
  22. time_series_metric: "gauge",
  23. },
  24. humidity: {
  25. type: "half_float",
  26. time_series_metric: "gauge",
  27. },
  28. "@timestamp": {
  29. type: "date",
  30. },
  31. },
  32. },
  33. },
  34. priority: 500,
  35. _meta: {
  36. description: "Template for my weather sensor data",
  37. },
  38. });
  39. console.log(response);
  1. PUT _index_template/my-weather-sensor-index-template
  2. {
  3. "index_patterns": ["metrics-weather_sensors-*"],
  4. "data_stream": { },
  5. "template": {
  6. "settings": {
  7. "index.mode": "time_series",
  8. "index.lifecycle.name": "my-lifecycle-policy"
  9. },
  10. "mappings": {
  11. "properties": {
  12. "sensor_id": {
  13. "type": "keyword",
  14. "time_series_dimension": true
  15. },
  16. "location": {
  17. "type": "keyword",
  18. "time_series_dimension": true
  19. },
  20. "temperature": {
  21. "type": "half_float",
  22. "time_series_metric": "gauge"
  23. },
  24. "humidity": {
  25. "type": "half_float",
  26. "time_series_metric": "gauge"
  27. },
  28. "@timestamp": {
  29. "type": "date"
  30. }
  31. }
  32. }
  33. },
  34. "priority": 500,
  35. "_meta": {
  36. "description": "Template for my weather sensor data"
  37. }
  38. }

Create the TSDS

Indexing requests add documents to a TSDS. Documents in a TSDS must include:

  • A @timestamp field
  • One or more dimension fields. At least one dimension must match the index.routing_path index setting, if specified. If not specified explicitly, index.routing_path is set automatically to whichever mappings have time_series_dimension set to true.

To automatically create your TSDS, submit an indexing request that targets the TSDS’s name. This name must match one of your index template’s index patterns.

To test the following example, update the timestamps to within three hours of your current time. Data added to a TSDS must always fall within an accepted time range.

  1. resp = client.bulk(
  2. index="metrics-weather_sensors-dev",
  3. operations=[
  4. {
  5. "create": {}
  6. },
  7. {
  8. "@timestamp": "2099-05-06T16:21:15.000Z",
  9. "sensor_id": "HAL-000001",
  10. "location": "plains",
  11. "temperature": 26.7,
  12. "humidity": 49.9
  13. },
  14. {
  15. "create": {}
  16. },
  17. {
  18. "@timestamp": "2099-05-06T16:25:42.000Z",
  19. "sensor_id": "SYKENET-000001",
  20. "location": "swamp",
  21. "temperature": 32.4,
  22. "humidity": 88.9
  23. }
  24. ],
  25. )
  26. print(resp)
  27. resp1 = client.index(
  28. index="metrics-weather_sensors-dev",
  29. document={
  30. "@timestamp": "2099-05-06T16:21:15.000Z",
  31. "sensor_id": "SYKENET-000001",
  32. "location": "swamp",
  33. "temperature": 32.4,
  34. "humidity": 88.9
  35. },
  36. )
  37. print(resp1)
  1. const response = await client.bulk({
  2. index: "metrics-weather_sensors-dev",
  3. operations: [
  4. {
  5. create: {},
  6. },
  7. {
  8. "@timestamp": "2099-05-06T16:21:15.000Z",
  9. sensor_id: "HAL-000001",
  10. location: "plains",
  11. temperature: 26.7,
  12. humidity: 49.9,
  13. },
  14. {
  15. create: {},
  16. },
  17. {
  18. "@timestamp": "2099-05-06T16:25:42.000Z",
  19. sensor_id: "SYKENET-000001",
  20. location: "swamp",
  21. temperature: 32.4,
  22. humidity: 88.9,
  23. },
  24. ],
  25. });
  26. console.log(response);
  27. const response1 = await client.index({
  28. index: "metrics-weather_sensors-dev",
  29. document: {
  30. "@timestamp": "2099-05-06T16:21:15.000Z",
  31. sensor_id: "SYKENET-000001",
  32. location: "swamp",
  33. temperature: 32.4,
  34. humidity: 88.9,
  35. },
  36. });
  37. console.log(response1);
  1. PUT metrics-weather_sensors-dev/_bulk
  2. { "create":{ } }
  3. { "@timestamp": "2099-05-06T16:21:15.000Z", "sensor_id": "HAL-000001", "location": "plains", "temperature": 26.7,"humidity": 49.9 }
  4. { "create":{ } }
  5. { "@timestamp": "2099-05-06T16:25:42.000Z", "sensor_id": "SYKENET-000001", "location": "swamp", "temperature": 32.4, "humidity": 88.9 }
  6. POST metrics-weather_sensors-dev/_doc
  7. {
  8. "@timestamp": "2099-05-06T16:21:15.000Z",
  9. "sensor_id": "SYKENET-000001",
  10. "location": "swamp",
  11. "temperature": 32.4,
  12. "humidity": 88.9
  13. }

You can also manually create the TSDS using the create data stream API. The TSDS’s name must still match one of your template’s index patterns.

  1. resp = client.indices.create_data_stream(
  2. name="metrics-weather_sensors-dev",
  3. )
  4. print(resp)
  1. response = client.indices.create_data_stream(
  2. name: 'metrics-weather_sensors-dev'
  3. )
  4. puts response
  1. const response = await client.indices.createDataStream({
  2. name: "metrics-weather_sensors-dev",
  3. });
  4. console.log(response);
  1. PUT _data_stream/metrics-weather_sensors-dev

Secure the TSDS

Use index privileges to control access to a TSDS. Granting privileges on a TSDS grants the same privileges on its backing indices.

For an example, refer to Data stream privileges.

Convert an existing data stream to a TSDS

You can also use the above steps to convert an existing regular data stream to a TSDS. In this case, you’ll want to:

  • Edit your existing index lifecycle policy, component templates, and index templates instead of creating new ones.
  • Instead of creating the TSDS, manually roll over its write index. This ensures the current write index and any new backing indices have an index.mode of time_series.

    You can manually roll over the write index using the rollover API.

    1. resp = client.indices.rollover(
    2. alias="metrics-weather_sensors-dev",
    3. )
    4. print(resp)
    1. response = client.indices.rollover(
    2. alias: 'metrics-weather_sensors-dev'
    3. )
    4. puts response
    1. const response = await client.indices.rollover({
    2. alias: "metrics-weather_sensors-dev",
    3. });
    4. console.log(response);
    1. POST metrics-weather_sensors-dev/_rollover

A note about component templates and index.mode setting

Configuring a TSDS via an index template that uses component templates is a bit more complicated. Typically with component templates mappings and settings get scattered across multiple component templates. If the index.routing_path is defined, the fields it references need to be defined in the same component template with the time_series_dimension attribute enabled.

The reasons for this is that each component template needs to be valid on its own. When configuring the index.mode setting in an index template, the index.routing_path setting is configured automatically. It is derived from the field mappings with time_series_dimension attribute enabled.

What’s next?

Now that you’ve set up your TSDS, you can manage and use it like a regular data stream. For more information, refer to: