Elastic Microsoft SQL connector reference

edit

The Elastic Microsoft SQL connector is a connector for Microsoft SQL databases. This connector is written in Python using the Elastic connector framework.

View the source code for this connector (branch main, compatible with Elastic 9.0).

Elastic managed connector reference

edit
View Elastic managed connector reference
Availability and prerequisites
edit

This connector is available as a managed connector in Elastic versions 8.8.0 and later. To use this connector natively in Elastic Cloud, satisfy all managed connector requirements.

Create a Microsoft SQL connector
edit

Use the UI

edit

To create a new Microsoft SQL connector:

  1. In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
  2. Follow the instructions to create a new native Microsoft SQL connector.

For additional operations, see Connectors UI in Kibana.

Use the API

edit

You can use the Elasticsearch Create connector API to create a new native Microsoft SQL connector.

For example:

resp = client.connector.put(
    connector_id="my-{service-name-stub}-connector",
    index_name="my-elasticsearch-index",
    name="Content synced from {service-name}",
    service_type="{service-name-stub}",
    is_native=True,
)
print(resp)
PUT _connector/my-mssql-connector
{
  "index_name": "my-elasticsearch-index",
  "name": "Content synced from Microsoft SQL",
  "service_type": "mssql",
  "is_native": true
}
You’ll also need to create an API key for the connector to use.

The user needs the cluster privileges manage_api_key, manage_connector and write_connector_secrets to generate API keys programmatically.

To create an API key for the connector:

  1. Run the following command, replacing values where indicated. Note the id and encoded return values from the response:

    resp = client.security.create_api_key(
        name="my-connector-api-key",
        role_descriptors={
            "my-connector-connector-role": {
                "cluster": [
                    "monitor",
                    "manage_connector"
                ],
                "indices": [
                    {
                        "names": [
                            "my-index_name",
                            ".search-acl-filter-my-index_name",
                            ".elastic-connectors*"
                        ],
                        "privileges": [
                            "all"
                        ],
                        "allow_restricted_indices": False
                    }
                ]
            }
        },
    )
    print(resp)
    const response = await client.security.createApiKey({
      name: "my-connector-api-key",
      role_descriptors: {
        "my-connector-connector-role": {
          cluster: ["monitor", "manage_connector"],
          indices: [
            {
              names: [
                "my-index_name",
                ".search-acl-filter-my-index_name",
                ".elastic-connectors*",
              ],
              privileges: ["all"],
              allow_restricted_indices: false,
            },
          ],
        },
      },
    });
    console.log(response);
    POST /_security/api_key
    {
      "name": "my-connector-api-key",
      "role_descriptors": {
        "my-connector-connector-role": {
          "cluster": [
            "monitor",
            "manage_connector"
          ],
          "indices": [
            {
              "names": [
                "my-index_name",
                ".search-acl-filter-my-index_name",
                ".elastic-connectors*"
              ],
              "privileges": [
                "all"
              ],
              "allow_restricted_indices": false
            }
          ]
        }
      }
    }
  2. Use the encoded value to store a connector secret, and note the id return value from this response:

    resp = client.connector.secret_post(
        body={
            "value": "encoded_api_key"
        },
    )
    print(resp)
    const response = await client.connector.secretPost({
      body: {
        value: "encoded_api_key",
      },
    });
    console.log(response);
    POST _connector/_secret
    {
      "value": "encoded_api_key"
    }
  3. Use the API key id and the connector secret id to update the connector:

    resp = client.connector.update_api_key_id(
        connector_id="my_connector_id>",
        api_key_id="API key_id",
        api_key_secret_id="secret_id",
    )
    print(resp)
    const response = await client.connector.updateApiKeyId({
      connector_id: "my_connector_id>",
      api_key_id: "API key_id",
      api_key_secret_id: "secret_id",
    });
    console.log(response);
    PUT /_connector/my_connector_id>/_api_key_id
    {
      "api_key_id": "API key_id",
      "api_key_secret_id": "secret_id"
    }

Refer to the Elasticsearch API documentation for details of all available Connector APIs.

Usage
edit

To use this connector as a managed connector, use the Connector workflow. See Elastic managed connectors.

Users require the sysadmin SQL Server role. Note that SQL Server Authentication is required. Windows Authentication is not supported.

For additional operations, see Connectors UI in Kibana.

Compatibility
edit

The following are compatible with Elastic connector frameworks:

  • Microsoft SQL Server versions 2017, 2019
  • Azure SQL
  • Amazon RDS for SQL Server
Configuration
edit

The following configuration fields are required to set up the connector:

Host

The server host address where the Microsoft SQL Server is hosted. Default value is 127.0.0.1. Examples:

  • 192.158.1.38
  • demo.instance.demo-region.demo.service.com
Port
The port where the Microsoft SQL Server is hosted. Default value is 1433.
Username
The username of the account for Microsoft SQL Server (SQL Server Authentication only).
Password
The password of the account to be used for the Microsoft SQL Server (SQL Server Authentication only).
Database

Name of the Microsoft SQL Server database. Examples:

  • employee_database
  • customer_database
Comma-separated list of tables

List of tables, separated by commas. The Microsoft SQL connector will fetch data from all tables present in the configured database, if the value is * . Default value is *. Examples:

  • table_1, table_2
  • *

    This field can be bypassed by advanced sync rules.

Schema

Name of the Microsoft SQL Server schema. Default value is dbo.

Examples:

  • dbo
  • custom_schema
Enable SSL
Toggle to enable SSL verification. Default value is False.
SSL certificate

Content of SSL certificate. If SSL is disabled, the ssl_ca value will be ignored.

Expand to see an example certificate
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT
...
7RhLQyWn2u00L7/9Omw=
-----END CERTIFICATE-----
Validate host
Toggle to enable host validation. Default value is False.
Documents and syncs
edit
  • Tables with no primary key defined are skipped.
  • If the last_user_update of sys.dm_db_index_usage_stats table is not available for a specific table and database then all data in that table will be synced.
  • Files bigger than 10 MB won’t be extracted.
  • Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync rules
edit

Basic sync rules are identical for all connectors and are available by default. For more information read sync rules.

Advanced sync rules
edit

This connector supports advanced sync rules for remote filtering. These rules cover complex query-and-filter scenarios that cannot be expressed with basic sync rules. Advanced sync rules are defined through a source-specific DSL JSON snippet.

A full sync is required for advanced sync rules to take effect.

Here are a few examples of advanced sync rules for this connector.

Expand to see example data

employee table

emp_id name age

3

John

28

10

Jane

35

14

Alex

22

* customer table

c_id name age

2

Elm

24

6

Pine

30

9

Oak

34

======= Example: Two queries

These rules fetch all records from both the employee and customer tables. The data from these tables will be synced separately to Elasticsearch.

[
  {
    "tables": [
      "employee"
    ],
    "query": "SELECT * FROM employee"
  },
  {
    "tables": [
      "customer"
    ],
    "query": "SELECT * FROM customer"
  }
]

======= Example: One WHERE query

This rule fetches only the records from the employee table where the emp_id is greater than 5. Only these filtered records will be synced to Elasticsearch.

[
  {
    "tables": ["employee"],
    "query": "SELECT * FROM employee WHERE emp_id > 5"
  }
]

======= Example: One JOIN query

This rule fetches records by performing an INNER JOIN between the employee and customer tables on the condition that the emp_id in employee matches the c_id in customer. The result of this combined data will be synced to Elasticsearch.

[
  {
    "tables": ["employee", "customer"],
    "query": "SELECT * FROM employee INNER JOIN customer ON employee.emp_id = customer.c_id"
  }
]

When using advanced rules, a query can bypass the configuration field tables. This will happen if the query specifies a table that doesn’t appear in the configuration. This can also happen if the configuration specifies * to fetch all tables while the advanced sync rule requests for only a subset of tables.

Known issues
edit

There are no known issues for this connector. See Known issues for any issues affecting all connectors.

Troubleshooting
edit

See Troubleshooting.

Security
edit

See Security.

This connector uses the generic database connector source code (branch main, compatible with Elastic 9.0).

View additional code specific to this data source (branch main, compatible with Elastic 9.0).

Self-managed connector

edit
View self-managed connector reference
Availability and prerequisites
edit

This connector is available as a self-managed self-managed connector. To use this connector, satisfy all self-managed connector requirements.

Create a Microsoft SQL connector
edit

Use the UI

edit

To create a new Microsoft SQL connector:

  1. In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
  2. Follow the instructions to create a new Microsoft SQL self-managed connector.

Use the API

edit

You can use the Elasticsearch Create connector API to create a new self-managed Microsoft SQL self-managed connector.

For example:

resp = client.connector.put(
    connector_id="my-{service-name-stub}-connector",
    index_name="my-elasticsearch-index",
    name="Content synced from {service-name}",
    service_type="{service-name-stub}",
)
print(resp)
PUT _connector/my-mssql-connector
{
  "index_name": "my-elasticsearch-index",
  "name": "Content synced from Microsoft SQL",
  "service_type": "mssql"
}
You’ll also need to create an API key for the connector to use.

The user needs the cluster privileges manage_api_key, manage_connector and write_connector_secrets to generate API keys programmatically.

To create an API key for the connector:

  1. Run the following command, replacing values where indicated. Note the encoded return values from the response:

    resp = client.security.create_api_key(
        name="connector_name-connector-api-key",
        role_descriptors={
            "connector_name-connector-role": {
                "cluster": [
                    "monitor",
                    "manage_connector"
                ],
                "indices": [
                    {
                        "names": [
                            "index_name",
                            ".search-acl-filter-index_name",
                            ".elastic-connectors*"
                        ],
                        "privileges": [
                            "all"
                        ],
                        "allow_restricted_indices": False
                    }
                ]
            }
        },
    )
    print(resp)
    const response = await client.security.createApiKey({
      name: "connector_name-connector-api-key",
      role_descriptors: {
        "connector_name-connector-role": {
          cluster: ["monitor", "manage_connector"],
          indices: [
            {
              names: [
                "index_name",
                ".search-acl-filter-index_name",
                ".elastic-connectors*",
              ],
              privileges: ["all"],
              allow_restricted_indices: false,
            },
          ],
        },
      },
    });
    console.log(response);
    POST /_security/api_key
    {
      "name": "connector_name-connector-api-key",
      "role_descriptors": {
        "connector_name-connector-role": {
          "cluster": [
            "monitor",
            "manage_connector"
          ],
          "indices": [
            {
              "names": [
                "index_name",
                ".search-acl-filter-index_name",
                ".elastic-connectors*"
              ],
              "privileges": [
                "all"
              ],
              "allow_restricted_indices": false
            }
          ]
        }
      }
    }
  2. Update your config.yml file with the API key encoded value.

Refer to the Elasticsearch API documentation for details of all available Connector APIs.

Usage
edit

Users require the sysadmin server role. Note that SQL Server Authentication is required. Windows Authentication is not supported.

To use this connector as a self-managed connector, see Self-managed connectors For additional usage operations, see Connectors UI in Kibana.

Compatibility
edit

The following are compatible with Elastic connector frameworks:

  • Microsoft SQL Server versions 2017, 2019
  • Azure SQL
  • Amazon RDS for SQL Server
Configuration
edit

When using the self-managed connector workflow, initially these fields will use the default configuration set in the connector source code. Note that this data source uses the generic_database.py connector source code.

Refer to mssql.py for additional code, specific to this data source. These configurable fields will be rendered with their respective labels in the Kibana UI. Once connected, users will be able to update these values in Kibana.

The following configuration fields are required to set up the connector:

host

The server host address where the Microsoft SQL Server is hosted. Default value is 127.0.0.1. Examples:

  • 192.158.1.38
  • demo.instance.demo-region.demo.service.com
port
The port where the Microsoft SQL Server is hosted. Default value is 9090.
username
The username of the account for Microsoft SQL Server. (SQL Server Authentication only)
password
The password of the account to be used for the Microsoft SQL Server. (SQL Server Authentication only)
database

Name of the Microsoft SQL Server database. Examples:

  • employee_database
  • customer_database
tables

Comma-separated list of tables. The Microsoft SQL connector will fetch data from all tables present in the configured database, if the value is * . Default value is *. Examples:

  • table_1, table_2
  • *

    This field can be bypassed by advanced sync rules.

fetch_size
Rows fetched per request.
retry_count
The number of retry attempts per failed request.
schema

Name of the Microsoft SQL Server schema. Default value is dbo.

Examples:

  • dbo
  • custom_schema
ssl_enabled
SSL verification enablement. Default value is False.
ssl_ca

Content of SSL certificate. If SSL is disabled, the ssl_ca value will be ignored.

Expand to see an example certificate
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT
...
7RhLQyWn2u00L7/9Omw=
-----END CERTIFICATE-----
validate_host
Host validation enablement. Default value is False.
Deployment using Docker
edit

You can deploy the Microsoft SQL connector as a self-managed connector using Docker. Follow these instructions.

Step 1: Download sample configuration file

Download the sample configuration file. You can either download it manually or run the following command:

curl https://raw.githubusercontent.com/elastic/connectors/main/config.yml.example --output ~/connectors-config/config.yml

Remember to update the --output argument value if your directory name is different, or you want to use a different config file name.

Step 2: Update the configuration file for your self-managed connector

Update the configuration file with the following settings to match your environment:

  • elasticsearch.host
  • elasticsearch.api_key
  • connectors

If you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:

# When connecting to your cloud deployment you should edit the host value
elasticsearch.host: http://host.docker.internal:9200
elasticsearch.api_key: <ELASTICSEARCH_API_KEY>

connectors:
  -
    connector_id: <CONNECTOR_ID_FROM_KIBANA>
    service_type: mssql
    api_key: <CONNECTOR_API_KEY_FROM_KIBANA> # Optional. If not provided, the connector will use the elasticsearch.api_key instead

Using the elasticsearch.api_key is the recommended authentication method. However, you can also use elasticsearch.username and elasticsearch.password to authenticate with your Elasticsearch instance.

Note: You can change other default configurations by simply uncommenting specific settings in the configuration file and modifying their values.

Step 3: Run the Docker image

Run the Docker image with the Connector Service using the following command:

docker run \
-v ~/connectors-config:/config \
--network "elastic" \
--tty \
--rm \
docker.elastic.co/integrations/elastic-connectors:9.0.0-beta1.0 \
/app/bin/elastic-ingest \
-c /config/config.yml

Refer to DOCKER.md in the elastic/connectors repo for more details.

Find all available Docker images in the official registry.

We also have a quickstart self-managed option using Docker Compose, so you can spin up all required services at once: Elasticsearch, Kibana, and the connectors service. Refer to this README in the elastic/connectors repo for more information.

Documents and syncs
edit
  • Tables with no primary key defined are skipped.
  • If the last_user_update of sys.dm_db_index_usage_stats table is not available for a specific table and database then all data in that table will be synced.
  • Files bigger than 10 MB won’t be extracted.
  • Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync rules
edit

Basic sync rules are identical for all connectors and are available by default. For more information read sync rules.

Advanced sync rules
edit

This connector supports advanced sync rules for remote filtering. These rules cover complex query-and-filter scenarios that cannot be expressed with basic sync rules. Advanced sync rules are defined through a source-specific DSL JSON snippet.

A full sync is required for advanced sync rules to take effect.

Here are a few examples of advanced sync rules for this connector.

Expand to see example data

employee table

emp_id name age

3

John

28

10

Jane

35

14

Alex

22

* customer table

c_id name age

2

Elm

24

6

Pine

30

9

Oak

34

======= Example: Two queries

These rules fetch all records from both the employee and customer tables. The data from these tables will be synced separately to Elasticsearch.

[
  {
    "tables": [
      "employee"
    ],
    "query": "SELECT * FROM employee"
  },
  {
    "tables": [
      "customer"
    ],
    "query": "SELECT * FROM customer"
  }
]

======= Example: One WHERE query

This rule fetches only the records from the employee table where the emp_id is greater than 5. Only these filtered records will be synced to Elasticsearch.

[
  {
    "tables": ["employee"],
    "query": "SELECT * FROM employee WHERE emp_id > 5"
  }
]

======= Example: One JOIN query

This rule fetches records by performing an INNER JOIN between the employee and customer tables on the condition that the emp_id in employee matches the c_id in customer. The result of this combined data will be synced to Elasticsearch.

[
  {
    "tables": ["employee", "customer"],
    "query": "SELECT * FROM employee INNER JOIN customer ON employee.emp_id = customer.c_id"
  }
]

When using advanced rules, a query can bypass the configuration field tables. This will happen if the query specifies a table that doesn’t appear in the configuration. This can also happen if the configuration specifies * to fetch all tables while the advanced sync rule requests for only a subset of tables.

End-to-end testing
edit

The connector framework enables operators to run functional tests against a real data source. Refer to Connector testing for more details.

To perform E2E testing for the Microsoft SQL connector, run the following command:

make ftest NAME=mssql

For faster tests, add the DATA_SIZE=small flag:

make ftest NAME=mssql DATA_SIZE=small
Known issues
edit

There are no known issues for this connector. See Known issues for any issues affecting all connectors.

Troubleshooting
edit

See Troubleshooting.

Security
edit

See Security.

This connector uses the generic database connector source code (branch main, compatible with Elastic 9.0).

View additional code specific to this data source (branch main, compatible with Elastic 9.0).