Use a Serverless log analysis application to reduce labor costs, ease O&M pressure, and manage log data more efficiently. This type of application also helps lower write and storage costs in scenarios with massive log volumes and high write throughput. This topic describes how to create a log analysis Serverless application.
You can no longer create new log analysis applications. However, you can continue to use any applications that you have already created.
Background information
An application is the basic service unit of the Serverless service. It provides resource isolation, access control, and an entry point to access Serverless resources.
Each application has a unique endpoint for creating indexes, reading and writing data, and managing resources.
Use different applications to manage and store data for different services or projects.
Grant a Resource Access Management (RAM) user permissions on a specific application to achieve access control isolation.
Prerequisites
You have administrative permissions for the ES Serverless service. For more information, see Grant permissions to a RAM user.
Billing
Serverless applications are pay-as-you-go. Billable items include compute resources for writes and queries, and storage space. For more information about billing, see Serverless billing.
Procedure
When you create an ES Serverless application for the first time, the service is automatically enabled. By enabling the service, you agree to the relevant Terms of Service. After the application is created, it is billed based on the billing standards. If the application fails to be created, no fees are incurred.
Log on to the Elasticsearch Serverless console.
In the top menu bar, select the destination region.
NoteCurrently, only the China (Hangzhou), China (Beijing), China (Shanghai), and China (Shenzhen) regions are supported.
In the navigation pane on the left, click Application Management.
On the Application Management page, click Create Application.
In the Create Application panel, configure the basic information for the application and click Next.
Parameter descriptions:
Parameter
Description
Application Name
The name of the application. The name cannot be changed after the application is created.
Region
The region selected in the console is automatically detected. You cannot change the region on the application creation page.
Elasticsearch Version
Currently, only version 7.10 is supported.
Application Type
Select Log Analysis.
Compute Resource Elasticity Range
The compute resources of the application dynamically scale within the specified range based on the payload.
Minimum query CUs: The default value is 5 CU/hour and cannot be changed. The application must be allocated 5 CU of compute resources for query operations every hour. Even if the actual query CU usage is less than 5 CU, the system still charges for 5 CU.
Minimum write CUs: The default value is 0 CU/hour. This means no fixed resources are reserved for write operations. Resources are used on demand.
Maximum CUs: Resources for query CUs and write CUs are scheduled based on usage. You do not need to set a maximum limit.
Typically, a log analysis application is more cost-effective when the data volume of logs is large.
NoteServerless applications use CUs as the unit for second-level billing and elasticity.
Based on the reserved 5 CU of query compute resources, the minimum monthly consumption is
CNY 4351. If your service has a small log data volume and low write traffic, a log analysis application is not recommended.If you expect an increase in query traffic and want to quickly schedule resources to avoid longer response times, go to the application details page. In the Basic Information section, manually increase the quota for Minimum query CUs. You will be charged based on the new quota. After the period of high query traffic ends, you can change the quota back to 5 CU to save costs.
Configure the access settings for the application.
Parameter descriptions:
Parameter
Description
Network Access Method
Select a network access method:
Public Network Access: Access the Serverless application directly over the Internet. This method has potential security risks and is suitable for scenarios such as remote work, cross-region collaboration, or providing external services.
VPC Access (Recommended): Access the Serverless application through a virtual private cloud (VPC) for higher security.
Public Access Whitelist
For public network access, add the IP address of the target device.
You can also click Add Current IP Address on the right side of the page to automatically add the IP address of your current device to the whitelist. Before using this feature, disable your local agent.
For more information about public whitelists, see Obtain an IP address for the public access whitelist.
Private Endpoint
Private Access Whitelist
If you access the application through a VPC, configure the endpoint and private access whitelist. For more information, see Configure private network access for an application.
Username
The system automatically generates a username in the format of `application name + a three-digit random number or letter combination`. You can view the username on the application details page after the application is created.
User Password
Enter the password for the application.
You can click Auto-generate Password to the right of the password field to automatically fill in a password.
Click the
icon to the right of the password box to display the password in plaintext and copy it.If you forget the initial password, you can change the application password in the Basic Information section of the application details page after the application is created.
Configure default index settings.
Write depth optimization: When enabled, this feature automatically adjusts the index schema to significantly optimize write performance and reduce storage costs. However, it has limitations, such as not supporting prefix queries. For more information, see Write depth optimization.
NoteAfter the application is created, you can view or modify the default index configurations in the Default Index Settings section of the Application Details page. Configuration items include the following: data retention period, write depth optimization, write with primary key, automatic data compaction, and dynamic field configuration.
To modify the configuration of a single index, you can do so in the Advanced Configuration of the index. For more information, see Modify index configurations.
Click Create Now.
You can view the created application in the application list on the Application Management page.
Application Status
Description
Creating
Data read/write and console operations are not supported for an application that is being created.
Running
The application is running normally.
Frozen due to overdue payment
An overdue payment in your account will cause the application to be frozen. Related services will be unavailable. For more information, see Overdue payments.
References
To create an index and write and query data in the index, see Create an index.
Configure public or private network access for a Serverless application.
To create indexes, read and write data, or perform visual analytics using Kibana, see Use a Serverless application with Kibana.