Observability Service Health

Name: Observability Service Health
Author: elastic

elastic/agent-skills

Query Elasticsearch with multi-search and service-health patterns so your agent checks production signals without guessing NDJSON msearch formatting.

Install

npx skills add https://github.com/elastic/agent-skills --skill observability-service-health

What is this skill?

Documents Elasticsearch `_msearch` and `_search` with NDJSON header/body pairs and required trailing newline
Lists multi-search tuning parameters: max_concurrent_searches, max_concurrent_shard_requests, search_type, ccs_minimize_
Ties skill behavior to Elastic Search APIs reference for multi-search operations used in observability workflows
Agent-oriented quick reference so health investigations use correct Content-Type application/x-ndjson
Fits Elastic agent-skills family for production Elasticsearch-backed observability

Adoption & trust: 1k installs on skills.sh; 502 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Kubernetesmicrosoft/azure-skills

Azure Kubernetes skill supplies fix patterns for AKS Automatic compatibility—adding resource requests, dropping capabili…204k installs·1.2k stars

Github Actions Docsxixu-me/skills

github-actions-docs is a research-oriented agent skill that stops generic CI/CD guesses when the user’s question is real…187k installs·61 stars

Deploy To Vercelvercel-labs/agent-skills

Deploy to Vercel is an agent skill from Vercel Labs that walks solo builders through shipping a project to Vercel with d…67.1k installs·27.7k stars

Vercel Cli With Tokensvercel-labs/agent-skills

Vercel CLI with Tokens is a Vercel Labs agent skill that teaches coding agents how to deploy and manage projects when in…47.2k installs·27.7k stars

Turborepovercel/turborepo

Turborepo Skill is procedural guidance for Vercel’s Turborepo build system on JavaScript and TypeScript monorepos. It ta…36k installs·30.5k stars

Docker Expertsickn33/antigravity-awesome-skills

Docker Expert is an agent skill that acts as a hands-on containerization consultant for solo and indie builders shipping…18.7k installs·40.1k stars

Journey fit

Primary fit

OperateMonitoring & observability

Service health observability sits in Operate when the product is live and you need correlated logs, metrics, and traces via Elastic APIs. Monitoring subphase is the canonical home for health dashboards, incident triage queries, and Elastic `_msearch` batch checks.

Common Questions / FAQ

Is Observability Service Health safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Observability Service Health

# Multi Search API Reference

Quick reference for the Elasticsearch search APIs used by this skill. For full documentation, see the
[Search APIs](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-msearch).

## Multi Search

```text
POST /_msearch
POST /{index}/_msearch
```

Executes multiple searches in a single request using NDJSON (newline-delimited JSON). Each request is a header/body
pair. The final line must end with `\n` and the `Content-Type` must be `application/x-ndjson`.

| Parameter                       | Description                                                                |
| ------------------------------- | -------------------------------------------------------------------------- |
| `max_concurrent_searches`       | Maximum number of concurrent searches (defaults to node count x pool size) |
| `max_concurrent_shard_requests` | Maximum concurrent shard requests per node per sub-search                  |
| `search_type`                   | `query_then_fetch` (default) or `dfs_query_then_fetch` for global scoring  |
| `ccs_minimize_roundtrips`       | Minimize network round-trips for cross-cluster search                      |
| `rest_total_hits_as_int`        | Return `hits.total` as an integer instead of an object                     |

## Search

```text
POST /{index}/_search
```

Run a single search against one or more indices.

| Parameter          | Description                                               |
| ------------------ | --------------------------------------------------------- |
| `from`             | Starting document offset (default `0`)                    |
| `size`             | Number of hits to return (default `10`)                   |
| `timeout`          | Per-shard timeout; request fails if exceeded              |
| `track_total_hits` | Accurate hit count (`true`) or fast approximate (`false`) |
| `search_type`      | `query_then_fetch` (default) or `dfs_query_then_fetch`    |
| `request_cache`    | Enable caching for `size: 0` requests                     |

## ES|QL Query

```text
POST /_query
```

Run an ES|QL query. ES|QL uses a piped syntax (`FROM index | WHERE ... | STATS ... | LIMIT n`) and returns columnar
results by default.

| Parameter               | Description                                                 |
| ----------------------- | ----------------------------------------------------------- |
| `format`                | Response format: `json`, `csv`, `tsv`, `txt`, `yaml`        |
| `drop_null_columns`     | Remove entirely null columns from the response              |
| `allow_partial_results` | Return partial results on shard failures instead of failing |

## NDJSON Format

The `_msearch` body alternates between header and body lines:

```text
header\n
body\n
header\n
body\n
```

- **Header** — JSON object with optional `index`, `routing`, `preference`, and `search_type` fields. Use `{}` to inherit
  the index from the URL path.
- **Body** — A standard search request body (`query`, `aggs`, `size`, `sort`, `_source`, etc.).

## Common Query Types

| Query          | Use for                                                    |
| -------------- | ---------------------------------------------------------- |
| `match`        | Full-text search on analyzed fields                        |
| `term`         | Exact-value lookup on keyword or numeric fields            |
| `bool`         | Combine `must`, `should`, `must_not`, and `filter` clauses |
| `range`        | Numeric or date range filtering                            |
| `multi_match`  | Full-text search across multiple fields                    |
| `match_phrase` | Exact phrase matching with term order preserved            |
| `exists`       | Documents where a field has a non-null value               |


#!/usr/bin/env node
/**
 * APM Correlations: attributes that correlate with high-latency or failed transactions.
 * Tries Kibana internal APM correlations API first; falls back to Elasticsea

What is this skill?

Documents Elasticsearch `_msearch` and `_search` with NDJSON header/body pairs and required trailing newline

Lists multi-search tuning parameters: max_concurrent_searches, max_concurrent_shard_requests, search_type, ccs_minimize_

Ties skill behavior to Elastic Search APIs reference for multi-search operations used in observability workflows

Agent-oriented quick reference so health investigations use correct Content-Type application/x-ndjson

Fits Elastic agent-skills family for production Elasticsearch-backed observability

Adoption & trust: 1k installs on skills.sh; 502 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

OperateMonitoring & observability

SKILL.md

READMESKILL.md - Observability Service Health

# Multi Search API Reference

Quick reference for the Elasticsearch search APIs used by this skill. For full documentation, see the
[Search APIs](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-msearch).

## Multi Search

```text
POST /_msearch
POST /{index}/_msearch
```

Executes multiple searches in a single request using NDJSON (newline-delimited JSON). Each request is a header/body
pair. The final line must end with `\n` and the `Content-Type` must be `application/x-ndjson`.

| Parameter                       | Description                                                                |
| ------------------------------- | -------------------------------------------------------------------------- |
| `max_concurrent_searches`       | Maximum number of concurrent searches (defaults to node count x pool size) |
| `max_concurrent_shard_requests` | Maximum concurrent shard requests per node per sub-search                  |
| `search_type`                   | `query_then_fetch` (default) or `dfs_query_then_fetch` for global scoring  |
| `ccs_minimize_roundtrips`       | Minimize network round-trips for cross-cluster search                      |
| `rest_total_hits_as_int`        | Return `hits.total` as an integer instead of an object                     |

## Search

```text
POST /{index}/_search
```

Run a single search against one or more indices.

| Parameter          | Description                                               |
| ------------------ | --------------------------------------------------------- |
| `from`             | Starting document offset (default `0`)                    |
| `size`             | Number of hits to return (default `10`)                   |
| `timeout`          | Per-shard timeout; request fails if exceeded              |
| `track_total_hits` | Accurate hit count (`true`) or fast approximate (`false`) |
| `search_type`      | `query_then_fetch` (default) or `dfs_query_then_fetch`    |
| `request_cache`    | Enable caching for `size: 0` requests                     |

## ES|QL Query

```text
POST /_query
```

Run an ES|QL query. ES|QL uses a piped syntax (`FROM index | WHERE ... | STATS ... | LIMIT n`) and returns columnar
results by default.

| Parameter               | Description                                                 |
| ----------------------- | ----------------------------------------------------------- |
| `format`                | Response format: `json`, `csv`, `tsv`, `txt`, `yaml`        |
| `drop_null_columns`     | Remove entirely null columns from the response              |
| `allow_partial_results` | Return partial results on shard failures instead of failing |

## NDJSON Format

The `_msearch` body alternates between header and body lines:

```text
header\n
body\n
header\n
body\n
```

- **Header** — JSON object with optional `index`, `routing`, `preference`, and `search_type` fields. Use `{}` to inherit
  the index from the URL path.
- **Body** — A standard search request body (`query`, `aggs`, `size`, `sort`, `_source`, etc.).

## Common Query Types

| Query          | Use for                                                    |
| -------------- | ---------------------------------------------------------- |
| `match`        | Full-text search on analyzed fields                        |
| `term`         | Exact-value lookup on keyword or numeric fields            |
| `bool`         | Combine `must`, `should`, `must_not`, and `filter` clauses |
| `range`        | Numeric or date range filtering                            |
| `multi_match`  | Full-text search across multiple fields                    |
| `match_phrase` | Exact phrase matching with term order preserved            |
| `exists`       | Documents where a field has a non-null value               |


#!/usr/bin/env node
/**
 * APM Correlations: attributes that correlate with high-latency or failed transactions.
 * Tries Kibana internal APM correlations API first; falls back to Elasticsea

Install

What is this skill?

Recommended Skills

Journey fit

Is Observability Service Health safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Observability Service Health safe to install?

SKILL.md