Document ES output API usage (#36940)

This commit documents the `_bulk` API usage by the Elasticsearch output and how different status codes are handled. Co-authored-by: Denis <[email protected]>
elastic · Oct 25, 2023 · a572a42 · a572a42
1 parent effe78c
commit a572a42
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc b/libbeat/outputs/elasticsearch/docs/elasticsearch.asciidoc
@@ -750,3 +750,17 @@ output.elasticsearch:
   non_indexable_policy.dead_letter_index:
     index: "my-dead-letter-index"
 ------------------------------------------------------------------------------
+
+[[es-apis]]
+==== Elasticsearch APIs
+{beatname_uc} will use the `_bulk` API from {es}, the events are sent
+in the order they arrive to the publishing pipeline, a single `_bulk`
+request may contain events from different inputs/modules. Temporary
+failures are re-tried.
+
+The status code for each event is checked and handled as:
+
+* `< 300`: The event is counted as `events.acked`
+* `409` (Conflict): The event is counted as `events.duplicates`
+* `429` (Too Many Requests): The event is counted as `events.toomany`
+* `> 399 and < 500`: The `non_indexable_policy` is applied.