Conversation
Contributor
Vale Linting ResultsSummary: 4 warnings, 11 suggestions found
|
| File | Line | Rule | Message |
|---|---|---|---|
| deploy-manage/monitor/logging-configuration/query-logs.md | 56 | Elastic.DontUse | Don't use 'Note that'. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 153 | Elastic.Latinisms | Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 157 | Elastic.DontUse | Don't use 'Thus'. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 157 | Elastic.DontUse | Don't use 'very'. |
💡 Suggestions (11)
| File | Line | Rule | Message |
|---|---|---|---|
| deploy-manage/monitor/logging-configuration/query-logs.md | 32 | Elastic.WordChoice | Consider using 'deactivates, deselects, hides, turns off, makes unavailable' instead of 'disables', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 32 | Elastic.WordChoice | Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 34 | Elastic.WordChoice | Consider using 'deactivates, deselects, hides, turns off, makes unavailable' instead of 'disables', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 35 | Elastic.WordChoice | Consider using 'deactivates, deselects, hides, turns off, makes unavailable' instead of 'disables', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'May', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 65 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 67 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 157 | Elastic.WordChoice | Consider using 'deactivate, deselect, hide, turn off' instead of 'disable', unless the term is in the UI. |
| deploy-manage/monitor/logging-configuration/query-logs.md | 159 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
The Vale linter checks documentation changes against the Elastic Docs style guide.
To use Vale locally or report issues, refer to Elastic style guide for Vale.
Contributor
🔍 Preview links for changed docs |
Collaborator
|
@smalyshev still WIP? if so, please mark this as a draft until it's ready for review |
smalyshev
changed the title
consulthys
reviewed
Feb 16, 2026
naj-h
requested changes
Feb 19, 2026
Contributor
naj-h
left a comment
naj-h
left a comment
There was a problem hiding this comment.
I've done a first round of reviews. Let me know once ready for another review!
| - `elasticsearch.activitylog.type`: The type of operation (`search`, `esql`, etc.). | ||
| - `elasticsearch.activitylog.took`: How long (in nanoseconds) the request took to complete. | ||
| - `elasticsearch.activitylog.took_millis`: How long (in milliseconds) the request took to complete. | ||
| - Additional fields specific to {{es}} environment may be added, for example: |
Contributor
There was a problem hiding this comment.
hum.. I don't understand why we put this sentence
elasticsearch.activitylog.queryis an additional field specific to ES -> isn't it the case of all of the other fields starting withelasticsearch.activitylog?- and why do we say "may" -> isn't it always added?
Contributor
Author
There was a problem hiding this comment.
Elastic logging module adds all kinds of stuff like this:
"elasticsearch.cluster.uuid": "gjYgb-uQQAuLmDoKlQInZw",
"elasticsearch.node.id": "juurGSfgRYGwTP2ttZbtOQ",
"elasticsearch.node.name": "node-1",
"elasticsearch.cluster.name": "querying"
we don't really have any control over it, so I don't want to get into too much details here.
consulthys
reviewed
Mar 5, 2026
consulthys
reviewed
Mar 9, 2026
naj-h
requested changes
Mar 11, 2026
| elasticsearch.actionlog.enabled: true | ||
| ``` | ||
|
|
||
| By default, search (`dsl`) queries that query only system indices are not logged. To enable logging of such queries, use the `elasticsearch.actionlog.search.include.system_indices` setting described below. |
Contributor
There was a problem hiding this comment.
why only DSL? why would we make a differential behaviour between search and ES|QL?
Contributor
Author
There was a problem hiding this comment.
This behavior does not happen on ESQL for several reasons:
- It's irrelevant since Kibana (main source of system noise) does not use ESQL for that
- It's harder to find out which indices ESQL is using, since you need to parse the query for it.
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
Co-authored-by: Najwa Harif <90753689+naj-h@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documents Query Analytics logging - the capability to log every query run on the cluster.