Connector Configuration
SQL Database Configuration
Connection Settings
To establish a connection to a database, the following properties are mandatory:
| Name | Description |
|---|---|
JDBC Driver |
Name of the JDBC Driver for the database. |
JDBC Driver Class |
Name of the JDBC Driver Class if none of the preconfigured drivers is used. |
Connection URI |
URI for database connection. |
Connection Username |
Username for the database connection. |
Connection Password |
Password for database connection. |
Content Query Settings
To then crawl content from this connection, the following content query properties are mandatory:
Name |
Description [#sql_agent_query_type] |
Query Type |
Decides a how to query data from the database.
If you are unsure which option is best for your scenario then use ‘Two Stage Single Row Querying’. |
ID Column |
Name of the column whose values are used as IDs. |
Depending on your Query Type the following properties are also mandatory:
Single Stage Querying
Name |
Description |
SQL Query |
The SQL query which returns the data to be indexed. |
Two Stage Batched Querying
Name |
Description |
SQL Content ID Query |
The SQL query which returns the IDs of all the rows to be indexed. e.g. SELECT id FROM customer |
SQL Content Query by IDs |
SQL which queries rows based on IDs. "
Use the Placeholder |
Query Batch Size |
The number of rows to be fetched by a single query. |
ID Column |
The column that will provide the IDs in the first query, these IDs will then be substituted into the |
Two Stage Single Row Querying
Name |
Description |
SQL Content ID Query |
The SQL query which returns the IDs of all the rows to be indexed. e.g. SELECT id FROM customer |
SQL Content Query by ID |
SQL which queries a single row given an ID. Use the Placeholder |
ID Column |
The column that will provide the IDs in the first query, these IDs will then be substituted into the |
Connection Pooling Settings (Optional)
Configuration options for pooling settings of a connection. These settings are only considered when the flag Set Optional Connection Pooling Parameters is activated.
| Name | Description |
|---|---|
Set Optional Connection Pooling Parameters |
Flag to enable optional parameters for the connection pooling. |
Pool Connection Timeout |
Maximum time that a client will wait for a connection from the pool. |
Idle Timeout |
Maximum time that a connection is allowed to sit idle in the pool. |
Pool Connection Keep Alive Time |
The interval in which pool connections will be tested for aliveness, thus keeping them alive by the act of checking. Deactivated if set to 0. |
Maximum Pool Connection Lifetime |
The maximum lifetime of a connection in the pool. |
Minimum Idle Pool Connections |
The minimum number of idle connections in the pool to maintain. |
Maximum Pool Connections |
The maximum number of connections in the pool. |
SQL Select Rate |
Maximum rate at which SQL will be executed against the database. A value of '-1' is equivalent to no limit. |
Content Query Column Settings (Optional)
Configuration Options for optional columns of a Content Query.
Only available with Query Type Single Stage Querying.
Group Column
| Name | Description |
|---|---|
Set Group Column |
Flag to enable a group column for the query. A group column groups the results of a query that have the same value in this given column. The results of a group are aggregated into one item by concatenating the values of a column into a comma separated list of these values. If the values of a column are binary data, then only the first value is taken. |
Group Column |
Name of the column which is used for a GROUP_BY query. This column must not be the same as Content Column or ID Column. |
Column to Metadata Field Mapping
To define which column of the query should be considered for the value of a metadata field, mappings from a column name to a metadata field can be configured:
| Name | Description |
|---|---|
Column Name |
The column of the query whose values should be mapped to the metadata field. |
Metadata Field |
The metadata field to which the value of the column should be mapped. |
Here mappings for the following metadata fields can be defined whereas only one mapping per field is allowed:
| Metadata Field | Remark |
|---|---|
Content |
|
Title |
|
Item Type |
|
Mime Type |
|
File Extension |
|
Preview URL |
It is expected that the column’s values are strings in proper URL format. |
Click URL |
It is expected that the column’s values are strings in proper URL format. |
Keywords |
It is expected that the column’s values are a comma separated list of strings. |
Languages |
It is expected that the column’s values are a comma separated list of strings. |
Author |
|
Contributors |
It is expected that the column’s values are a comma separated list of strings. |
Created Date |
It is expected that the column’s values are timestamps with time zones. |
Last-Modified Date |
It is expected that the column’s values are timestamps with time zones. |
Breadcrumbs |
It is expected that the column’s values are a comma separated list of strings in proper URL format. |
Amazon Kendra Configuration
Instance Configuration
Configuration options related to specifying the target Kendra Index and Data Source including authentication/authorization settings.
| Name | Property Key | Description |
|---|---|---|
Index ID |
|
ID of the target index. It can be retrieved in your AWS management console under |
Region ID |
|
ID of the region where the index is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available. |
Amazon Resource Name |
|
ARN of the IAM Service Role assigned to the index. It can be retrieved in your AWS management console under |
Data Source ID |
|
ID of the Custom Data Source Connector added to target index. All documents and groups processed by the connector will be attached to this data source. It can be retrieved in your AWS management console under |
Use System Credentials |
|
To authenticate against Amazon Kendra, you must provide your AWS Access Key and AWS Secret Access Key. If - Java System Properties - Environment Variables - Web Identity Token credentials from System or Environment Variables - Credentials Profile File at location - Credentials delivered through the Amazon EC2 container - Instance profile credentials delivered through the Amazon EC2 metadata service |
Access Key |
|
If |
Secret Access Key |
|
Secret Key of the specified AWS account. The value will be stored encrypted by the connector. |
Assume Role |
|
Enable this option to fetch the security token from STS using the provided role. |
STS Assume Role Region |
|
Region ID for invoking the regional STS endpoint when requesting the service. |
STS Assume Role Amazon Resource Name |
|
ARN of the role which should be assumed by the configured role or account in the instance settings. |
STS Assume Role Session Name |
|
Arbitrary session name attached to the session established by the connector and STS for tracking the session. |
STS Assume Role Session Duration |
|
Time to live duration for a single session. |
Use Proxy |
|
If enabled, the connection to AWS and Kendra Service will be established through a HTTP/HTTPS proxy. |
Proxy Endpoint |
|
Target proxy URL including protocol, host and port. |
Proxy Authentication |
|
If enabled, the connector uses the specified credentials to authenticate towards proxy. |
Proxy Username |
|
Proxy authentication username. |
Proxy Password |
|
Proxy authentication password. The value will be stored encrypted by the connector. |
Content Processing Configuration (Optional)
Documents with empty content or large content can be rejected by Kendra. In order to fine-tune the behaviour for the processing of these documents, consider to set one of the properties below.
| Name | Property Key | Description |
|---|---|---|
Empty Content Token |
|
Items with unsupported mime types (supported are: |
Use S3 |
|
If enabled, binary content of documents exceeding the content size limit will be processed to a S3 bucket. |
Content Size Limit |
|
All documents with content size exceeding this value will be processed to the configured S3 bucket. Else, documents are processed as inline documents including their content directly to Kendra index. If the S3 option is enabled, it is recommended to set the value below 5MB, as this is the limit defined by Kendra for inline documents. |
Bucket ID |
|
ID of the bucket. |
Region ID |
|
ID of the region where the bucket is deployed. One of us-east-1(N. Virginia), us-east-2(Ohio), us-west-2(Oregon), eu-west-1(Ireland), ca-central-1(Canada), ap-southeast-1(Singapore) or ap-southeast-2(Sydney) is available. |
Use System Credentials |
|
To authenticate against Amazon S3, you must provide your AWS Access Key and AWS Secret Access Key. If - Java System Properties - Environment Variables - Web Identity Token credentials from System or Environment Variables - Credentials Profile File at location - Credentials delivered through the Amazon EC2 container - Instance profile credentials delivered through the Amazon EC2 metadata service |
Access Key |
|
If |
Secret Access Key |
|
Secret Key of the specified AWS account. The value will be stored encrypted by the connector. |
Assume Role |
|
Enable this option to fetch the security token from STS using the provided role. |
STS Assume Role Region |
|
Region ID for invoking the regional STS endpoint when requesting the service. |
STS Assume Role Amazon Resource Name |
|
ARN of the role which should be assumed by the configured role or account in the instance settings. |
STS Assume Role Session Name |
|
Arbitrary session name attached to the session established by the connector and STS for tracking the session. |
STS Assume Role Session Duration |
|
Time to live duration for a single session. |
Use Proxy |
|
If enabled, the connection to AWS and S3 Service will be established through a HTTP/HTTPS proxy. |
Proxy Endpoint |
|
Target proxy URL including protocol, host and port. |
Proxy Authentication |
|
If enabled, the connector uses the specified credentials to authenticate towards proxy. |
Proxy Username |
|
Proxy authentication username. |
Proxy Password |
|
Proxy authentication password. The value will be stored encrypted by the connector. |
Content Batching Configuration (Optional)
Documents are processed in a batch to Kendra. This configuration section includes all batch related properties including the callback behavior.
| Name | Property Key | Description |
|---|---|---|
Max. Size |
|
Max. batch size. All batch put requests will be restricted to this value. The max. allowed value is |
Ignore Processing State |
|
If enabled, the connector submits all documents asynchronously without polling the processing state from Kendra. Documents failed during processing are not recognized by the connector. Unless you would like to monitor the indexing process using Amazon CloudWatch only, it is recommended to disable this option. |
Flush Timeout |
|
Periodic delay between flushing the batch. Within this period, it is guaranteed that the batch is flushed. If the current batch size exceeds the configured max. batch size, only the max. number of items will be flushed in a single cycle. |
Callback Timeout |
|
The Batch API used to index or delete items is asynchronous. The connector is polling the state of the submitted requests to track the state of the items. This property defines the timeout until the connector is expecting the requests to be completed in the asynchronous processing in the search engine. |
HTTP Connection Configuration (Optional)
Configuration options for fine-tuning the Http connection parameters.
| Name | Property Key | Description |
|---|---|---|
Connection Acquire Timeout |
|
Timeout value for acquiring an already established connection from the connector’s connection manager. |
Connection Timeout |
|
Timeout value for establishing a connection to AWS. |
Connection Idle Timeout |
|
Timeout value after an idle connection should be closed. |
Connection Time to Live |
|
Timeout value after the connection should be closed regardless of its current state. |
Max. Number of Connections |
|
Max. number of allowed connections maintained by the connection manager. |
Max. Number of acquired connections |
|
Max. number of requests allowed to wait for a connection. |
General Configuration
Database Configuration
| Name | Property Key | Description |
|---|---|---|
URL |
|
JDBC URL for the target database. Out of the box, the connector will use H2 file database. For productive usage, use PostgreSQL specifying the URL in format: |
Username |
|
Database Username to read and write to database. |
Password |
|
Database Password for the specified user |
Traversal Configuration
| Name | Property Key | Description |
|---|---|---|
Traversal History Length |
|
Max. number of traversals to store in the history. Once the limit is exceeded, the connector will automatically remove oldest entries in the history. (default: 100) |
Number of Traversal Workers |
|
Number of workers to execute the traversal in parallel. Increasing this value might improve the performance, but will footprint higher memory consumption. It is recommended to keep the default value. (default: 10) |
Traversal Job Poll Interval |
|
Interval between the workers to be triggered to fetch and process the next tasks. (default: 10ms) |
Completion Timeout |
|
If the search engine indexes the items asynchronously, there might be some processing still in-flight during the completion process of a traversal. This value specifies the timeout value until all asynchronous callbacks are expected to return before completing the traversal. (default: 10m) |
Principal Aliaser Configuration
Principal Aliasing is applied on user information as part of Content ACL processing during Content Synchronization and Principal processing during Principal Synchronization. It’s purpose is to map external source system user to the corresponding user in search engines domain. You can configure a list of aliasers in the connector which will be applied in sequence and in order on user ACEs and user principals. The Connector supports following custom aliasing mechanism.
Custom Aliaser Disabled
If the Custom Aliaser checkbox is not selected, the connector will process user information on ACE and user principals unchanged to Search Engine. If all relevant users in the source system can be found with the same identifier in the search engine, this setup is sufficient to reflect the same secure search experience in the search engine as defined by the policy in the source system. The connector uses this option as default to process user information.
Custom Aliaser Enabled
If custom aliasing is enable then there are four types of aliaser avaialble:
Simple XML Table Aliaser
Static mapping table which can be uploaded as XML file. The connector uses the uploaded file as lookup table to map a user in the source system to a user in the search engine. Users missing a record in the file will be dropped from the ACE and during Principal Synchronization. This option is only recommended for environment with a manageable amount of users as for each user the corresponding mapping entry needs to be specified in the file.
| Name | Description |
|---|---|
XML Mapping File |
Browse and upload or drag and drop. |
Sample XML mapping file:
<?xml version="1.0" encoding="UTF-8"?>
<storeddata>
<entry keyValue="user1">user1@raytion.com</entry>
<entry keyValue="user2">user2@raytion.com</entry>
<entry keyValue="user3">user3@raytion.com</entry>
</storeddata>
Regex Replacer Aliaser
Regex Replacer Aliaser computes aliases based on a regular expression. Principals that match the regular expression are replaced by the Substitution String.
| Name | Property Key | Description |
|---|---|---|
Pattern |
|
The regular expression to match, this is the part that will be replaced. If braces (…) are used in the pattern then the matched value can be retrieved using $1 |
Substitute String |
|
String to replace the matching part of the find string. Matched value is accessed by employing $1 |
Regex Extractor Aliaser
Regex Extractor Aliaser computes aliases based on a regular expression. Principals that match the regular expression are inserted into the Insert-Into String.
| Name | PropertyKey | Description |
|---|---|---|
Pattern |
|
The regular expression to match, this is the part that will be inserted into the new value. If braces (…) are used in the pattern then the matched value can be retrieved using $$ |
Insert-Into String |
|
String to replace the matching part of the pattern. Matched value is accessed by employing $$ |
LDAP Aliaser
Ldap Aliaser searches for an LDAP entry with the requested name in the input value and returns the specified output attribute.
| Name | Property Key | Description |
|---|---|---|
Host |
|
Fully Qualified Domain Name of an LDAP server |
Port |
|
Port to use for LDAP connection, defaults are 389/636 or (recommended) 3268/3269 for simple/SSL |
AccountDN |
|
AccountDN for bind to LDAP |
Password |
|
Password part of credentials |
Input Field |
|
The Active Directory attribute name for this equality filter |
Search Root DN |
|
Distinguished Name of the subtree which is searched. The smaller the subtree the better the performance but the higher the chance of encountering principals which are not part of this subtree |
Output Field |
|
Attribute that should be returned in result entries |