Elastic Microsoft SQL connector reference
editElastic Microsoft SQL connector reference
editThe Elastic Microsoft SQL connector is a connector for Microsoft SQL databases. This connector is written in Python using the Elastic connector framework.
View the source code for this connector (branch main, compatible with Elastic 9.0).
Elastic managed connector reference
editView Elastic managed connector reference
Availability and prerequisites
editThis connector is available as a managed connector in Elastic versions 8.8.0 and later. To use this connector natively in Elastic Cloud, satisfy all managed connector requirements.
Create a Microsoft SQL connector
editUse the UI
editTo create a new Microsoft SQL connector:
- In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
- Follow the instructions to create a new native Microsoft SQL connector.
For additional operations, see Connectors UI in Kibana.
Use the API
editYou can use the Elasticsearch Create connector API to create a new native Microsoft SQL connector.
For example:
resp = client.connector.put( connector_id="my-{service-name-stub}-connector", index_name="my-elasticsearch-index", name="Content synced from {service-name}", service_type="{service-name-stub}", is_native=True, ) print(resp)
PUT _connector/my-mssql-connector { "index_name": "my-elasticsearch-index", "name": "Content synced from Microsoft SQL", "service_type": "mssql", "is_native": true }
You’ll also need to create an API key for the connector to use.
The user needs the cluster privileges manage_api_key
, manage_connector
and write_connector_secrets
to generate API keys programmatically.
To create an API key for the connector:
-
Run the following command, replacing values where indicated. Note the
id
andencoded
return values from the response:resp = client.security.create_api_key( name="my-connector-api-key", role_descriptors={ "my-connector-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": False } ] } }, ) print(resp)
const response = await client.security.createApiKey({ name: "my-connector-api-key", role_descriptors: { "my-connector-connector-role": { cluster: ["monitor", "manage_connector"], indices: [ { names: [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*", ], privileges: ["all"], allow_restricted_indices: false, }, ], }, }, }); console.log(response);
POST /_security/api_key { "name": "my-connector-api-key", "role_descriptors": { "my-connector-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": false } ] } } }
-
Use the
encoded
value to store a connector secret, and note theid
return value from this response:resp = client.connector.secret_post( body={ "value": "encoded_api_key" }, ) print(resp)
const response = await client.connector.secretPost({ body: { value: "encoded_api_key", }, }); console.log(response);
POST _connector/_secret { "value": "encoded_api_key" }
-
Use the API key
id
and the connector secretid
to update the connector:resp = client.connector.update_api_key_id( connector_id="my_connector_id>", api_key_id="API key_id", api_key_secret_id="secret_id", ) print(resp)
const response = await client.connector.updateApiKeyId({ connector_id: "my_connector_id>", api_key_id: "API key_id", api_key_secret_id: "secret_id", }); console.log(response);
PUT /_connector/my_connector_id>/_api_key_id { "api_key_id": "API key_id", "api_key_secret_id": "secret_id" }
Refer to the Elasticsearch API documentation for details of all available Connector APIs.
Usage
editTo use this connector as a managed connector, use the Connector workflow. See Elastic managed connectors.
Users require the sysadmin
SQL Server role.
Note that SQL Server Authentication is required.
Windows Authentication is not supported.
For additional operations, see Connectors UI in Kibana.
Compatibility
editThe following are compatible with Elastic connector frameworks:
- Microsoft SQL Server versions 2017, 2019
- Azure SQL
- Amazon RDS for SQL Server
Configuration
editThe following configuration fields are required to set up the connector:
- Host
-
The server host address where the Microsoft SQL Server is hosted. Default value is
127.0.0.1
. Examples:-
192.158.1.38
-
demo.instance.demo-region.demo.service.com
-
- Port
-
The port where the Microsoft SQL Server is hosted. Default value is
1433
. - Username
- The username of the account for Microsoft SQL Server (SQL Server Authentication only).
- Password
- The password of the account to be used for the Microsoft SQL Server (SQL Server Authentication only).
- Database
-
Name of the Microsoft SQL Server database. Examples:
-
employee_database
-
customer_database
-
- Comma-separated list of tables
-
List of tables, separated by commas. The Microsoft SQL connector will fetch data from all tables present in the configured database, if the value is
*
. Default value is*
. Examples:-
table_1, table_2
-
*
This field can be bypassed by advanced sync rules.
-
- Schema
-
Name of the Microsoft SQL Server schema. Default value is
dbo
.Examples:
-
dbo
-
custom_schema
-
- Enable SSL
-
Toggle to enable SSL verification.
Default value is
False
. - SSL certificate
-
Content of SSL certificate. If SSL is disabled, the
ssl_ca
value will be ignored.Expand to see an example certificate
-----BEGIN CERTIFICATE----- MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT ... 7RhLQyWn2u00L7/9Omw= -----END CERTIFICATE-----
- Validate host
-
Toggle to enable host validation.
Default value is
False
.
Documents and syncs
edit- Tables with no primary key defined are skipped.
-
If the
last_user_update
ofsys.dm_db_index_usage_stats
table is not available for a specific table and database then all data in that table will be synced.
- Files bigger than 10 MB won’t be extracted.
- Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync rules
editBasic sync rules are identical for all connectors and are available by default. For more information read sync rules.
Advanced sync rules
editThis connector supports advanced sync rules for remote filtering. These rules cover complex query-and-filter scenarios that cannot be expressed with basic sync rules. Advanced sync rules are defined through a source-specific DSL JSON snippet.
A full sync is required for advanced sync rules to take effect.
Here are a few examples of advanced sync rules for this connector.
Expand to see example data
employee
table
emp_id | name | age |
---|---|---|
3 |
John |
28 |
10 |
Jane |
35 |
14 |
Alex |
22 |
*
customer
table
c_id | name | age |
---|---|---|
2 |
Elm |
24 |
6 |
Pine |
30 |
9 |
Oak |
34 |
These rules fetch all records from both the employee
and customer
tables. The data from these tables will be synced separately to Elasticsearch.
[ { "tables": [ "employee" ], "query": "SELECT * FROM employee" }, { "tables": [ "customer" ], "query": "SELECT * FROM customer" } ]
======= Example: One WHERE query
This rule fetches only the records from the employee
table where the emp_id
is greater than 5. Only these filtered records will be synced to Elasticsearch.
[ { "tables": ["employee"], "query": "SELECT * FROM employee WHERE emp_id > 5" } ]
======= Example: One JOIN query
This rule fetches records by performing an INNER JOIN between the employee
and customer
tables on the condition that the emp_id
in employee
matches the c_id
in customer
. The result of this combined data will be synced to Elasticsearch.
[ { "tables": ["employee", "customer"], "query": "SELECT * FROM employee INNER JOIN customer ON employee.emp_id = customer.c_id" } ]
When using advanced rules, a query can bypass the configuration field tables
.
This will happen if the query specifies a table that doesn’t appear in the configuration.
This can also happen if the configuration specifies *
to fetch all tables while the advanced sync rule requests for only a subset of tables.
Known issues
editThere are no known issues for this connector. See Known issues for any issues affecting all connectors.
Troubleshooting
editSee Troubleshooting.
Security
editSee Security.
This connector uses the generic database connector source code (branch main, compatible with Elastic 9.0).
View additional code specific to this data source (branch main, compatible with Elastic 9.0).
Self-managed connector
editView self-managed connector reference
Availability and prerequisites
editThis connector is available as a self-managed self-managed connector. To use this connector, satisfy all self-managed connector requirements.
Create a Microsoft SQL connector
editUse the UI
editTo create a new Microsoft SQL connector:
- In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
- Follow the instructions to create a new Microsoft SQL self-managed connector.
Use the API
editYou can use the Elasticsearch Create connector API to create a new self-managed Microsoft SQL self-managed connector.
For example:
resp = client.connector.put( connector_id="my-{service-name-stub}-connector", index_name="my-elasticsearch-index", name="Content synced from {service-name}", service_type="{service-name-stub}", ) print(resp)
PUT _connector/my-mssql-connector { "index_name": "my-elasticsearch-index", "name": "Content synced from Microsoft SQL", "service_type": "mssql" }
You’ll also need to create an API key for the connector to use.
The user needs the cluster privileges manage_api_key
, manage_connector
and write_connector_secrets
to generate API keys programmatically.
To create an API key for the connector:
-
Run the following command, replacing values where indicated. Note the
encoded
return values from the response:resp = client.security.create_api_key( name="connector_name-connector-api-key", role_descriptors={ "connector_name-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": False } ] } }, ) print(resp)
const response = await client.security.createApiKey({ name: "connector_name-connector-api-key", role_descriptors: { "connector_name-connector-role": { cluster: ["monitor", "manage_connector"], indices: [ { names: [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*", ], privileges: ["all"], allow_restricted_indices: false, }, ], }, }, }); console.log(response);
POST /_security/api_key { "name": "connector_name-connector-api-key", "role_descriptors": { "connector_name-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": false } ] } } }
-
Update your
config.yml
file with the API keyencoded
value.
Refer to the Elasticsearch API documentation for details of all available Connector APIs.
Usage
editUsers require the sysadmin
server role.
Note that SQL Server Authentication is required.
Windows Authentication is not supported.
To use this connector as a self-managed connector, see Self-managed connectors For additional usage operations, see Connectors UI in Kibana.
Compatibility
editThe following are compatible with Elastic connector frameworks:
- Microsoft SQL Server versions 2017, 2019
- Azure SQL
- Amazon RDS for SQL Server
Configuration
editWhen using the self-managed connector workflow, initially these fields will use the default configuration set in the connector source code.
Note that this data source uses the generic_database.py
connector source code.
Refer to mssql.py
for additional code, specific to this data source.
These configurable fields will be rendered with their respective labels in the Kibana UI.
Once connected, users will be able to update these values in Kibana.
The following configuration fields are required to set up the connector:
-
host
-
The server host address where the Microsoft SQL Server is hosted. Default value is
127.0.0.1
. Examples:-
192.158.1.38
-
demo.instance.demo-region.demo.service.com
-
-
port
-
The port where the Microsoft SQL Server is hosted. Default value is
9090
. -
username
- The username of the account for Microsoft SQL Server. (SQL Server Authentication only)
-
password
- The password of the account to be used for the Microsoft SQL Server. (SQL Server Authentication only)
-
database
-
Name of the Microsoft SQL Server database. Examples:
-
employee_database
-
customer_database
-
-
tables
-
Comma-separated list of tables. The Microsoft SQL connector will fetch data from all tables present in the configured database, if the value is
*
. Default value is*
. Examples:-
table_1, table_2
-
*
This field can be bypassed by advanced sync rules.
-
-
fetch_size
- Rows fetched per request.
-
retry_count
- The number of retry attempts per failed request.
-
schema
-
Name of the Microsoft SQL Server schema. Default value is
dbo
.Examples:
-
dbo
-
custom_schema
-
-
ssl_enabled
-
SSL verification enablement.
Default value is
False
. -
ssl_ca
-
Content of SSL certificate. If SSL is disabled, the
ssl_ca
value will be ignored.Expand to see an example certificate
-----BEGIN CERTIFICATE----- MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT ... 7RhLQyWn2u00L7/9Omw= -----END CERTIFICATE-----
-
validate_host
-
Host validation enablement.
Default value is
False
.
Deployment using Docker
editYou can deploy the Microsoft SQL connector as a self-managed connector using Docker. Follow these instructions.
Step 1: Download sample configuration file
Download the sample configuration file. You can either download it manually or run the following command:
curl https://raw.githubusercontent.com/elastic/connectors/main/config.yml.example --output ~/connectors-config/config.yml
Remember to update the --output
argument value if your directory name is different, or you want to use a different config file name.
Step 2: Update the configuration file for your self-managed connector
Update the configuration file with the following settings to match your environment:
-
elasticsearch.host
-
elasticsearch.api_key
-
connectors
If you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:
# When connecting to your cloud deployment you should edit the host value elasticsearch.host: http://host.docker.internal:9200 elasticsearch.api_key: <ELASTICSEARCH_API_KEY> connectors: - connector_id: <CONNECTOR_ID_FROM_KIBANA> service_type: mssql api_key: <CONNECTOR_API_KEY_FROM_KIBANA> # Optional. If not provided, the connector will use the elasticsearch.api_key instead
Using the elasticsearch.api_key
is the recommended authentication method. However, you can also use elasticsearch.username
and elasticsearch.password
to authenticate with your Elasticsearch instance.
Note: You can change other default configurations by simply uncommenting specific settings in the configuration file and modifying their values.
Step 3: Run the Docker image
Run the Docker image with the Connector Service using the following command:
docker run \ -v ~/connectors-config:/config \ --network "elastic" \ --tty \ --rm \ docker.elastic.co/integrations/elastic-connectors:9.0.0-beta1.0 \ /app/bin/elastic-ingest \ -c /config/config.yml
Refer to DOCKER.md
in the elastic/connectors
repo for more details.
Find all available Docker images in the official registry.
We also have a quickstart self-managed option using Docker Compose, so you can spin up all required services at once: Elasticsearch, Kibana, and the connectors service.
Refer to this README in the elastic/connectors
repo for more information.
Documents and syncs
edit- Tables with no primary key defined are skipped.
-
If the
last_user_update
ofsys.dm_db_index_usage_stats
table is not available for a specific table and database then all data in that table will be synced.
- Files bigger than 10 MB won’t be extracted.
- Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync rules
editBasic sync rules are identical for all connectors and are available by default. For more information read sync rules.
Advanced sync rules
editThis connector supports advanced sync rules for remote filtering. These rules cover complex query-and-filter scenarios that cannot be expressed with basic sync rules. Advanced sync rules are defined through a source-specific DSL JSON snippet.
A full sync is required for advanced sync rules to take effect.
Here are a few examples of advanced sync rules for this connector.
Expand to see example data
employee
table
emp_id | name | age |
---|---|---|
3 |
John |
28 |
10 |
Jane |
35 |
14 |
Alex |
22 |
*
customer
table
c_id | name | age |
---|---|---|
2 |
Elm |
24 |
6 |
Pine |
30 |
9 |
Oak |
34 |
These rules fetch all records from both the employee
and customer
tables. The data from these tables will be synced separately to Elasticsearch.
[ { "tables": [ "employee" ], "query": "SELECT * FROM employee" }, { "tables": [ "customer" ], "query": "SELECT * FROM customer" } ]
======= Example: One WHERE query
This rule fetches only the records from the employee
table where the emp_id
is greater than 5. Only these filtered records will be synced to Elasticsearch.
[ { "tables": ["employee"], "query": "SELECT * FROM employee WHERE emp_id > 5" } ]
======= Example: One JOIN query
This rule fetches records by performing an INNER JOIN between the employee
and customer
tables on the condition that the emp_id
in employee
matches the c_id
in customer
. The result of this combined data will be synced to Elasticsearch.
[ { "tables": ["employee", "customer"], "query": "SELECT * FROM employee INNER JOIN customer ON employee.emp_id = customer.c_id" } ]
When using advanced rules, a query can bypass the configuration field tables
.
This will happen if the query specifies a table that doesn’t appear in the configuration.
This can also happen if the configuration specifies *
to fetch all tables while the advanced sync rule requests for only a subset of tables.
End-to-end testing
editThe connector framework enables operators to run functional tests against a real data source. Refer to Connector testing for more details.
To perform E2E testing for the Microsoft SQL connector, run the following command:
make ftest NAME=mssql
For faster tests, add the DATA_SIZE=small
flag:
make ftest NAME=mssql DATA_SIZE=small
Known issues
editThere are no known issues for this connector. See Known issues for any issues affecting all connectors.
Troubleshooting
editSee Troubleshooting.
Security
editSee Security.
This connector uses the generic database connector source code (branch main, compatible with Elastic 9.0).
View additional code specific to this data source (branch main, compatible with Elastic 9.0).