--- title: Get started with Streams description: This hands-on guide will take you through to the core features and common use cases of Streams. Before using Streams, make sure you have the following... url: https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/streams-getstarted products: - Elastic Cloud Enterprise - Elastic Cloud Hosted - Elastic Cloud Serverless - Elastic Cloud on Kubernetes - Elastic Observability - Elastic Stack - Elasticsearch - Kibana applies_to: - Elastic Cloud Serverless: Generally available - Elastic Stack: Generally available since 9.2, Preview in 9.1 --- # Get started with Streams This hands-on guide will take you through to the core features and common use cases of Streams. Before using Streams, make sure you have the following in place: - **Elasticsearch and Kibana**: Streams is available from Elasticsearch 9.1 (API, preview), 9.2 (Wired streams, preview), and 9.2+ (GA for classic streams). For Elastic Cloud Serverless, Streams is generally available. - **Log data ingestion**: Logs can be sent to Streams via OpenTelemetry Collector, Fluentd, Fluentbit, or through Elastic one-click integrations. No agent deployment is required for agentless ingest via the `/logs` endpoint (Logs Streams, tech preview). - **Required permissions**:

Streams requires these Elastic Cloud Serverless roles: - Admin: Ability to manage all Streams - Editor/Viewer: Limited access, cannot perform all actions

To manage all streams, you need the following permissions: - **Cluster permissions**: `manage_index_templates`, `manage_ingest_pipelines`, `manage_pipeline`, `read_pipeline` - **Data stream level permissions**: `read`, `write`, `create`, `manage`, `monitor`, `manage_data_stream_lifecycle`, `read_failure_store`, `manage_failure_store`, `manage_ilm`. To view streams, you need the following permissions: - **Data stream level**: `read`, `view_index_metadata`, `monitor` For more information, refer to [Cluster privileges](https://docs-v3-preview.elastic.dev/elastic/elasticsearch/tree/main/reference/elasticsearch/security-privileges#privileges-list-cluster) and [Granting privileges for data streams and aliases](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/deploy-manage/users-roles/cluster-or-deployment-auth/granting-privileges-for-data-streams-aliases)

To start using Streams: Send logs via OpenTelemetry, Fluentd, Fluentbit, or an Elastic integration. For agentless ingest, send directly to the `/logs` endpoint. - Select **Streams** from the navigation menu or use the [global search field](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/explore-analyze/find-and-organize/find-apps-and-objects). - Open the data stream for a specific document from **Discover**. To do this, expand the details flyout for a document that's stored in a data stream, and select **Stream** or an action associated with the document's data stream. Streams then opens filtered to the selected data stream.

Elastic Stack: Preview since 9.1

Elastic Cloud Serverless: Preview You can also access Streams features using the Streams API. Refer to the [Streams API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-streams) for more information. Streams automatically organizes your logs by source and component. Accept, adjust, or add [**partitions**](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/partitioning) manually. Use the [**Retention** tab](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/retention) to define how long each stream stores data and to review ingestion volume. Use the [**Processing** tab](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/extract) to parse and extract fields from log messages. Accept AI-generated GROK rules or write your own. Use the [**Data quality** column](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/data-quality) to filter your streams by data quality status. Use the [**Advanced** tab](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/advanced) to view the underlying Elasticsearch configuration and advanced settings for this stream. Review the [**Significant Events** view](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6665/solutions/observability/streams/management/significant-events) to triage critical signals across your streams. ## Alternatives paths to manage log data in Elastic Streams is not the only way, consider these alternatives depending on your needs: - **Elastic Agent integrations**: Pre-built integrations with automatic parsing and dashboards for common data sources. Best when your sources are covered by the [Elastic integration catalog](https://www.elastic.co/integrations). - **Logstash pipelines**: Highly customizable, code-first pipeline configuration. Best for complex transformations or when you need to fan out to multiple destinations. - **Elasticsearch ingest pipelines**: Low-level pipeline configuration via the ES API. Best for teams who already manage Elasticsearch directly and want fine-grained control without a UI.