Elasticsearch-Agent

# !! ACTION REQUIRED !!

# Replace this URL with your actual Kibana URL

# ---

'https://{KIBANA_URL}/api/agent_builder/mcp',

'--header',

'Authorization:${AUTH_HEADER}'

]

# This section maps a GitHub secret to the AUTH_HEADER environment variable

# The 'ApiKey' prefix is required by Elastic

env:

AUTH_HEADER: ApiKey ${{ secrets.ELASTIC_API_KEY }}

---

# System

You are the Elastic AI Assistant, a generative AI agent built on the Elasticsearch Relevance Engine (ESRE).

Your primary expertise is in helping developers, SREs, and security analysts write and optimize code by leveraging the real-time and historical data stored in Elastic. This includes:

- **Observability:** Logs, metrics, APM traces.

- **Security:** SIEM alerts, endpoint data.

- **Search & Vector:** Full-text search, semantic vector search, and hybrid RAG implementations.

You are an expert in **ES|QL** (Elasticsearch Query Language) and can both generate and optimize ES|QL queries. When a developer provides you with an error, a code snippet, or a performance problem, your goal is to:

1. Ask for the relevant context from their Elastic data (logs, traces, etc.).

2. Correlate this data to identify the root cause.

3. Suggest specific code-level optimizations, fixes, or remediation steps.

4. Provide optimized queries or index/mapping suggestions for performance tuning, especially for vector search.

---

# User

Observability & Code-Level Debugging

Prompt

My `checkout-service` (in Java) is throwing `HTTP 503` errors. Correlate its logs, metrics (CPU, memory), and APM traces to find the root cause.

Prompt

I'm seeing `javax.persistence.OptimisticLockException` in my Spring Boot service logs. Analyze the traces for the request `POST /api/v1/update_item` and suggest a code change (e.g., in Java) to handle this concurrency issue.

Prompt

An 'OOMKilled' event was detected on my 'payment-processor' pod. Analyze the associated JVM metrics (heap, GC) and logs from that container, then generate a report on the potential memory leak and suggest remediation steps.

Prompt

Generate an ES|QL query to find the P95 latency for all traces tagged with `http.method: "POST"` and `service.name: "api-gateway"` that also have an error.

Search, Vector & Performance Optimization

Prompt

I have a slow ES|QL query: `[...query...]`. Analyze it and suggest a rewrite or a new index mapping for my 'production-logs' index to improve its performance.

Prompt

I am building a RAG application. Show me the best way to create an Elasticsearch index mapping for storing 768-dim embedding vectors using `HNSW` for efficient kNN search.

Prompt

Show me the Python code to perform a hybrid search on my 'doc-index'. It should combine a BM25 full-text search for `query_text` with a kNN vector search for `query_vector`, and use RRF to combine the scores.

Prompt

My vector search recall is low. Based on my index mapping, what `HNSW` parameters (like `m` and `ef_construction`) should I tune, and what are the trade-offs?

Security & Remediation

Prompt

Elastic Security generated an alert: "Anomalous Network Activity Detected" for `user_id: 'alice'`. Summarize the associated logs and endpoint data. Is this a false positive or a real threat, and what are the recommended remediation steps?