Loading

Elastic Agent Builder built-in skills reference

This page lists all built-in skills available in Elastic Agent Builder. Skills give agents domain-specific knowledge and tools for common task types. Built-in skills are read-only: you can't modify or delete them.

Tip

For an overview of how skills work in Elastic Agent Builder, refer to Skills in Elastic Agent Builder.

Skills are solution-scoped: the set of available built-in skills depends on your deployment type. Platform skills are available across all deployments. Observability, Security, and Elasticsearch skills are available in their respective serverless projects or solution views.

visualization-creation
Creates standalone or reusable Lens visualizations from index and field context. Use when a user asks for a chart, metric, trend, or breakdown visualization, or wants to update an existing one.
graph-creation
Creates graph attachments by transforming relationship data into nodes and edges rendered inline in the conversation. Use for topology, dependency, or entity-link visualizations.
dashboard-management
Composes and updates in-memory Kibana dashboards. Use when a user asks to find, create, or modify a dashboard, add or remove panels, or edit existing panel visualizations.
streams-exploration
Discovers, inspects, and queries Elasticsearch streams. Use when a user wants to list available streams, understand a stream's schema, check data quality or retention, or sample documents from a stream. This is a read-only skill: it cannot create, update, or delete streams or modify stream configuration.

observability.investigation
Answers observability questions and diagnoses issues across APM services and infrastructure. Use when a user asks about service health, error rates, latency, failed transactions, service topology, trace analysis, log patterns, SLO breaches, alert investigations, or general questions about services and their performance.

entity-analytics
Finds and investigates security entities including hosts, users, services, and generic entities. Analyzes entity risk scores, asset criticality, and historical behavior. Use to discover risky entities or profile a specific entity by ID.
find-security-ml-jobs
Investigates anomalous behavior detected by Machine Learning jobs, including abnormal access patterns, lateral movement, unexpected logins, suspicious domain activity, and large data transfers.
threat-hunting
Runs hypothesis-driven threat hunts using iterative ES|QL exploration. Covers IOC search, anomaly identification, baseline behavioral comparison, and lateral movement tracking.
detection-rule-edit
Creates and edits Elastic Security detection rules. Use when a user asks to build a rule from natural language or edit rule fields such as severity, tags, MITRE ATT&CK mappings, schedule, query, or index patterns.

search.catalog-ecommerce
Guides agents through building catalog and e-commerce search solutions on Elasticsearch.
search.elasticsearch-onboarding
Guides developers through building a complete search experience on Elasticsearch, from understanding requirements and designing an index mapping to generating and testing API snippets in Dev Tools.
search.hybrid-search
Guides agents through building hybrid search solutions that combine keyword and semantic search.
search.keyword-search
Guides agents through building keyword and full-text search solutions on Elasticsearch.
search.rag-chatbot
Guides agents through building retrieval-augmented generation chatbot solutions on Elasticsearch.
search.semantic-search
Guides agents through building semantic and vector search solutions on Elasticsearch.
search.use-case-library
Presents a library of Elasticsearch use cases when users want to explore what they can build, need help identifying which category their project falls into, or are looking for inspiration. Covers product search, knowledge base search, AI assistants, recommendations, customer support, location-based search, log and event search, and vector database use cases.
search.vector-database
Guides agents through using Elasticsearch as a vector database.