elasticsearch-skill 1.0.0

package/README.md

@@ -0,0 +1,42 @@
+# elasticsearch
+
+Minimal package with core Elasticsearch and Kibana REST API guidance.
+
+## Install
+
+```bash
+npm install elasticsearch-skill
+```
+
+Or install locally:
+
+```bash
+cd elasticsearch
+npm pack
+npm install ./elasticsearch-skill-1.0.0.tgz
+```
+
+## Use
+
+Provides concise examples for:
+
+- auth and request patterns
+- basic search (Query DSL)
+- aggregations and date histograms
+- index/mapping operations and bulk
+- lightweight Kibana API pointers
+
+## Package layout
+
+- `SKILL.md` - when to use and core rules
+- `references/` - short examples and tips
+
+## Publish
+
+1. Bump `version` in `package.json`.
+2. Run `npm pack` and verify contents.
+3. Publish with `npm publish`.
+
+## Thanks
+
+Consolidated from local Elasticsearch skill guidance.

package/SKILL.md

@@ -0,0 +1,33 @@
+---
+name: elasticsearch
+description: >
+  Core Elasticsearch and Kibana REST guidance for querying, indexing, aggregations,
+  and basic troubleshooting via `curl`. Use when the user asks for Query DSL examples,
+  index/mapping changes, aggregations, basic cluster checks, or Kibana saved-object APIs.
+---
+
+# Elasticsearch
+
+Use this skill for concise, copy-ready REST examples and operational tips that work across
+Elastic Cloud, self-managed, and serverless clusters (with serverless limitations noted).
+
+## Core rules
+
+1. Always require `ES_URL` and `ES_API_KEY` (ApiKey header) from the user.
+2. Prefer small, copy-paste `curl` examples that include `jq` for readability.
+3. Note serverless limitations (many cluster APIs are unavailable).
+4. Point to compact reference examples in `references/` for Query DSL, aggregations, and index ops.
+
+## When to use
+
+- The user asks how to run searches, aggregations, create mappings, or index documents.
+- The user wants quick troubleshooting commands (health, nodes, pending tasks).
+- The user needs Kibana API endpoints for dashboards or saved objects.
+
+## On-demand references
+
+- `references/auth-and-tips.md` — auth pattern and serverless notes
+- `references/query-dsl.md` — short Query DSL examples
+- `references/aggregations.md` — top aggregations examples
+- `references/index.md` — create index, mappings, bulk, and reindex
+- `references/kibana.md` — basic Kibana API examples

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "elasticsearch-skill",
+  "version": "1.0.0",
+  "description": "Core Elasticsearch/Kibana REST API guidance for querying, indexing, and basic ops",
+  "license": "MIT",
+  "private": false,
+  "files": [
+    "SKILL.md",
+    "README.md",
+    "references"
+  ],
+  "keywords": [
+    "elasticsearch",
+    "kibana",
+    "search",
+    "aggregation",
+    "devops",
+    "skill"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Dharun235/ai-skills.git",
+    "directory": "elasticsearch"
+  },
+  "homepage": "https://github.com/Dharun235/ai-skills/tree/main/elasticsearch",
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/references/aggregations.md

@@ -0,0 +1,21 @@
+## Aggregations — common patterns
+
+Terms aggregation (top values):
+
+```bash
+curl -s "${ES_URL%/}/my-index/_search?size=0" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"aggs": {"top_levels": {"terms": {"field": "level", "size": 10}}}}' | jq .aggregations
+```
+
+Date histogram with nested metric:
+
+```bash
+curl -s "${ES_URL%/}/my-index/_search?size=0" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"query":{"range":{"@timestamp":{"gte":"now-24h"}}},"aggs":{"over_time":{"date_histogram":{"field":"@timestamp","fixed_interval":"1h"},"aggs":{"avg_count":{"avg":{"field":"count"}}}}}}' | jq .aggregations
+```
+
+Advice: use `?size=0` when only retrieving aggregations to skip hits. Use composite aggregations for high-cardinality faceting.

package/references/auth-and-tips.md

@@ -0,0 +1,22 @@
+## Auth & Tip Summary
+
+- Export the cluster URL and API key in your session:
+
+```bash
+ES_URL="https://your-cluster.es.cloud.elastic.co:443"
+ES_API_KEY="base64-id:api_key"
+```
+
+- Use this header pattern in `curl`:
+
+```bash
+curl -s "${ES_URL%/}/_cat/indices?v" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json"
+```
+
+- Tips:
+  - Use `${ES_URL%/}` to avoid double slashes.
+  - Use `$(printenv ES_API_KEY)` in headers to avoid empty auth.
+  - Prefer `jq` for formatting responses.
+  - Serverless clusters may not support cluster-level APIs (`_cluster/*`, `_nodes/*`, ILM).

package/references/index.md

@@ -0,0 +1,33 @@
+## Index & Document — create, mappings, bulk
+
+Create index with mappings:
+
+```bash
+curl -s -X PUT "${ES_URL%/}/my-index" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"settings":{"number_of_shards":1},"mappings":{"properties":{"message":{"type":"text"},"@timestamp":{"type":"date"}}}}'
+```
+
+Index a document (auto ID):
+
+```bash
+curl -s -X POST "${ES_URL%/}/my-index/_doc" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"message":"hello","@timestamp":"2026-01-31T12:00:00Z"}' | jq .
+```
+
+Bulk NDJSON example (use `--data-binary @-`):
+
+```bash
+curl -s -X POST "${ES_URL%/}/_bulk" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/x-ndjson" \
+  --data-binary @- << 'EOF'
+{"index":{"_index":"my-index"}}
+{"message":"bulk 1","@timestamp":"2026-01-31T12:00:00Z"}
+EOF
+```
+
+Reindex (rename/transform): use `_reindex` with `source` and `dest`.

package/references/kibana.md

@@ -0,0 +1,14 @@
+## Kibana API — quick pointers
+
+- Kibana saved objects (dashboards, visualizations, index patterns) are available via the Kibana API on the Kibana host.
+
+Example: export a saved object (dashboard):
+
+```bash
+curl -s "${KIBANA_URL%/}/api/saved_objects/_export" \
+  -H "kbn-xsrf: true" \
+  -H "Content-Type: application/json" \
+  -d '{"type":["dashboard"],"objects":[],"includeReferencesDeep":true}' > export.ndjson
+```
+
+Note: Kibana uses `kbn-xsrf` header for non-browser requests and may require a different auth method (API key or session cookie).

package/references/otel.md

@@ -0,0 +1,12 @@
+## OpenTelemetry & OTEL data
+
+Use ES|QL or Query DSL to query OTEL logs/traces stored in Elasticsearch. ES|QL example:
+
+```bash
+curl -s -X POST "${ES_URL%/}/_query" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"query":"FROM traces-* | WHERE status.code == \"ERROR\" | STATS count = COUNT(*) BY service.name | LIMIT 10"}' | jq .
+```
+
+Check OTEL index names (`traces-*`, `logs-*`, `metrics-*`) and mappings before querying.

package/references/query-dsl.md

@@ -0,0 +1,21 @@
+## Query DSL — concise examples
+
+Match query:
+
+```bash
+curl -s "${ES_URL%/}/my-index/_search" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"query":{"match":{"message":"error"}},"size":10}' | jq .
+```
+
+Bool query (must + filter + must_not):
+
+```bash
+curl -s "${ES_URL%/}/my-index/_search" \
+  -H "Authorization: ApiKey $(printenv ES_API_KEY)" \
+  -H "Content-Type: application/json" \
+  -d '{"query":{"bool":{"must":[{"match":{"message":"error"}}],"filter":[{"range":{"@timestamp":{"gte":"now-1h"}}}],"must_not":[{"term":{"level":"debug"}}]}},"size":20}' | jq .
+```
+
+Sorting and pagination tips: use `size`, `sort`, and prefer `search_after` or PIT for large result sets.