http://api.example.comThis documentation is derived from the main branch of the elasticsearch-specification repository. It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.
Last update on Sep 16, 2025.
This API is provided under license Apache 2.0.
Elasticsearch APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example:
curl -X GET "${ES_URL}/_cat/indices?v=true" \
-H "Authorization: ApiKey ${API_KEY}"
For more information about where to find API keys for the Elasticsearch endpoint (${ES_URL}) for a project, go to Get started with Elasticsearch Serverless.
All methods and paths for this operation:
GET _application/analytics/my*
resp = client.search_application.get_behavioral_analytics(
name="my*",
)const response = await client.searchApplication.getBehavioralAnalytics({
name: "my*",
});response = client.search_application.get_behavioral_analytics(
name: "my*"
)$resp = $client->searchApplication()->getBehavioralAnalytics([
"name" => "my*",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my*"{
"my_analytics_collection": {
"event_data_stream": {
"name": "behavioral_analytics-events-my_analytics_collection"
}
},
"my_analytics_collection2": {
"event_data_stream": {
"name": "behavioral_analytics-events-my_analytics_collection2"
}
}
}PUT _application/analytics/my_analytics_collection
resp = client.search_application.put_behavioral_analytics(
name="my_analytics_collection",
)const response = await client.searchApplication.putBehavioralAnalytics({
name: "my_analytics_collection",
});response = client.search_application.put_behavioral_analytics(
name: "my_analytics_collection"
)$resp = $client->searchApplication()->putBehavioralAnalytics([
"name" => "my_analytics_collection",
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my_analytics_collection"DELETE _application/analytics/my_analytics_collection/
resp = client.search_application.delete_behavioral_analytics(
name="my_analytics_collection",
)const response = await client.searchApplication.deleteBehavioralAnalytics({
name: "my_analytics_collection",
});response = client.search_application.delete_behavioral_analytics(
name: "my_analytics_collection"
)$resp = $client->searchApplication()->deleteBehavioralAnalytics([
"name" => "my_analytics_collection",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my_analytics_collection/"The compact and aligned text (CAT) APIs aim are intended only for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, it's recommend to use a corresponding JSON API.
All the cat commands accept a query string parameter help to see all the headers and info they provide, and the /_cat command alone lists all the available commands.
All methods and paths for this operation:
Get the cluster's index aliases, including filter and routing information. This API does not return data stream aliases.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or the Kibana console. They are not intended for use by applications. For application consumption, use the aliases API.
view_index_metadataA comma-separated list of aliases to retrieve. Supports wildcards (*). To retrieve all aliases, omit this parameter or use * or _all.
A comma-separated list of columns names to display. It supports simple wildcards.
Supported values include:
alias (or a): The name of the alias.index (or i, idx): The name of the index the alias points to.filter (or f, fi): The filter applied to the alias.routing.index (or ri, routingIndex): Index routing value for the alias.routing.search (or rs, routingSearch): Search routing value for the alias.is_write_index (or w, isWriteIndex): Indicates if the index is the write index for the alias.Values are alias, a, index, i, idx, filter, f, fi, routing.index, ri, routingIndex, routing.search, rs, routingSearch, is_write_index, w, or isWriteIndex.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
The type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
It supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
The period to wait for a connection to the master node.
If the master node is not available before the timeout expires, the request fails and returns an error.
To indicated that the request should never timeout, you can set it to -1.
Values are -1 or 0.
GET _cat/aliases?format=json&v=true
resp = client.cat.aliases(
format="json",
v=True,
)const response = await client.cat.aliases({
format: "json",
v: "true",
});response = client.cat.aliases(
format: "json",
v: "true"
)$resp = $client->cat()->aliases([
"format" => "json",
"v" => "true",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/aliases?format=json&v=true"[
{
"alias": "alias1",
"index": "test1",
"filter": "-",
"routing.index": "-",
"routing.search": "-",
"is_write_index": "true"
},
{
"alias": "alias1",
"index": "test1",
"filter": "*",
"routing.index": "-",
"routing.search": "-",
"is_write_index": "true"
},
{
"alias": "alias3",
"index": "test1",
"filter": "-",
"routing.index": "1",
"routing.search": "1",
"is_write_index": "true"
},
{
"alias": "alias4",
"index": "test1",
"filter": "-",
"routing.index": "2",
"routing.search": "1,2",
"is_write_index": "true"
}
]All methods and paths for this operation:
Get information about component templates in a cluster. Component templates are building blocks for constructing index templates that specify index mappings, settings, and aliases.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the get component template API.
monitorThe name of the component template. It accepts wildcard expressions. If it is omitted, all component templates are returned.
A comma-separated list of columns names to display. It supports simple wildcards.
Supported values include:
name (or n): The name of the component template.version (or v): The version number of the component template.alias_count (or a): The number of aliases in the component template.mapping_count (or m): The number of mappings in the component template.settings_count (or s): The number of settings in the component template.metadata_count (or me): The number of metadata entries in the component template.included_in (or i): The index templates that include this component template.Values are name, n, version, v, alias_count, a, mapping_count, m, settings_count, s, metadata_count, me, included_in, or i.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
If true, the request computes the list of selected nodes from the
local cluster state. If false the list of selected nodes are computed
from the cluster state of the master node. In both cases the coordinating
node will send requests for further information to each selected node.
The period to wait for a connection to the master node.
Values are -1 or 0.
GET _cat/component_templates/my-template-*?v=true&s=name&format=json
resp = client.cat.component_templates(
name="my-template-*",
v=True,
s="name",
format="json",
)const response = await client.cat.componentTemplates({
name: "my-template-*",
v: "true",
s: "name",
format: "json",
});response = client.cat.component_templates(
name: "my-template-*",
v: "true",
s: "name",
format: "json"
)$resp = $client->cat()->componentTemplates([
"name" => "my-template-*",
"v" => "true",
"s" => "name",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/component_templates/my-template-*?v=true&s=name&format=json"[
{
"name": "my-template-1",
"version": "null",
"alias_count": "0",
"mapping_count": "0",
"settings_count": "1",
"metadata_count": "0",
"included_in": "[my-index-template]"
},
{
"name": "my-template-2",
"version": null,
"alias_count": "0",
"mapping_count": "3",
"settings_count": "0",
"metadata_count": "0",
"included_in": "[my-index-template]"
}
]All methods and paths for this operation:
Get quick access to a document count for a data stream, an index, or an entire cluster. The document count only includes live documents, not deleted documents which have not yet been removed by the merge process.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the count API.
readA comma-separated list of data streams, indices, and aliases used to limit the request.
It supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
A comma-separated list of columns names to display. It supports simple wildcards.
Supported values include:
epoch (or t, time): The Unix epoch time in seconds since 1970-01-01 00:00:00.timestamp (or ts, hms, hhmmss): The current time in HH:MM:SS format.count (or dc, docs.count, docsCount): The document count in the cluster or index.Values are epoch, t, time, timestamp, ts, hms, hhmmss, count, dc, docs.count, or docsCount.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
GET /_cat/count/my-index-000001?v=true&format=json
resp = client.cat.count(
index="my-index-000001",
v=True,
format="json",
)const response = await client.cat.count({
index: "my-index-000001",
v: "true",
format: "json",
});response = client.cat.count(
index: "my-index-000001",
v: "true",
format: "json"
)$resp = $client->cat()->count([
"index" => "my-index-000001",
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/count/my-index-000001?v=true&format=json"[
{
"epoch": "1475868259",
"timestamp": "15:24:20",
"count": "120"
}
][
{
"epoch": "1475868259",
"timestamp": "15:24:20",
"count": "121"
}
]curl \
--request GET 'http://api.example.com/_cat' \
--header "Authorization: $API_KEY"All methods and paths for this operation:
Get high-level information about indices in a cluster, including backing indices for data streams.
Use this request to get the following information for each index in a cluster:
These metrics are retrieved directly from Lucene, which Elasticsearch uses internally to power indexing and search. As a result, all document counts include hidden nested documents. To get an accurate count of Elasticsearch documents, use the cat count or count APIs.
CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use an index endpoint.
monitormonitorComma-separated list of data streams, indices, and aliases used to limit the request.
Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
The type of index that wildcard patterns can match.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
The health status used to limit returned indices. By default, the response includes indices of any health status.
Supported values include:
green (or GREEN): All shards are assigned.yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.unknownunavailableValues are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
If true, the response includes information from segments that are not loaded into memory.
If true, the response only includes information from primary shards.
The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
Period to wait for a connection to the master node.
Values are -1 or 0.
A comma-separated list of columns names to display. It supports simple wildcards.
Supported values include:
health (or h): The current health status.status (or s): The open/close status.index (or i, idx): The index name.uuid (or id, uuid): The index UUID.pri (or p, shards.primary, shardsPrimary): The number of primary shards.rep (or r, shards.replica, shardsReplica): The number of replica shards.docs.count (or dc, docsCount): The number of available documents.docs.deleted (or dd, docsDeleted): The number of deleted documents.creation.date (or cd): The index creation date (millisecond value).creation.date.string (or cds): The index creation date (as string).store.size (or ss, storeSize): The store size of primaries and replicas.pri.store.size: The store size of primaries.dataset.size: The total size of the dataset.completion.size (or cs, completionSize): The size of completion for primaries and replicas.pri.completion.size: The size of completion for primaries.fielddata.memory_size (or fm, fielddataMemory): The used fielddata cache for primaries and replicas.pri.fielddata.memory_size: The used fielddata cache for primaries.fielddata.evictions (or fe, fielddataEvictions): The number of fielddata evictions for primaries and replicas.pri.fielddata.evictions: The number of fielddata evictions for primaries.query_cache.memory_size (or qcm, queryCacheMemory): The used query cache for primaries and replicas.pri.query_cache.memory_size: The used query cache for primaries.query_cache.evictions (or qce, queryCacheEvictions): The number of query cache evictions for primaries and replicas.pri.query_cache.evictions: The number of query cache evictions for primaries.request_cache.memory_size (or rcm, requestCacheMemory): The used request cache for primaries and replicas.pri.request_cache.memory_size: The used request cache for primaries.request_cache.evictions (or rce, requestCacheEvictions): The number of request cache evictions for primaries and replicas.pri.request_cache.evictions: The number of request cache evictions for primaries.request_cache.hit_count (or rchc, requestCacheHitCount): The request cache hit count for primaries and replicas.pri.request_cache.hit_count: The request cache hit count for primaries.request_cache.miss_count (or rcmc, requestCacheMissCount): The request cache miss count for primaries and replicas.pri.request_cache.miss_count: The request cache miss count for primaries.flush.total (or ft, flushTotal): The number of flushes for primaries and replicas.pri.flush.total: The number of flushes for primaries.flush.total_time (or ftt, flushTotalTime): The time spent in flush for primaries and replicas.pri.flush.total_time: The time spent in flush for primaries.get.current (or gc, getCurrent): The number of current get operations for primaries and replicas.pri.get.current: The number of current get operations for primaries.get.time (or gti, getTime): The time spent in get for primaries and replicas.pri.get.time: The time spent in get for primaries.get.total (or gto, getTotal): The number of get operations for primaries and replicas.pri.get.total: The number of get operations for primaries.get.exists_time (or geti, getExistsTime): The time spent in successful gets for primaries and replicas.pri.get.exists_time: The time spent in successful gets for primaries.get.exists_total (or geto, getExistsTotal): The number of successful gets for primaries and replicas.pri.get.exists_total: The number of successful gets for primaries.get.missing_time (or gmti, getMissingTime): The time spent in failed gets for primaries and replicas.pri.get.missing_time: The time spent in failed gets for primaries.get.missing_total (or gmto, getMissingTotal): The number of failed gets for primaries and replicas.pri.get.missing_total: The number of failed gets for primaries.indexing.delete_current (or idc, indexingDeleteCurrent): The number of current deletions for primaries and replicas.pri.indexing.delete_current: The number of current deletions for primaries.indexing.delete_time (or idti, indexingDeleteTime): The time spent in deletions for primaries and replicas.pri.indexing.delete_time: The time spent in deletions for primaries.indexing.delete_total (or idto, indexingDeleteTotal): The number of delete operations for primaries and replicas.pri.indexing.delete_total: The number of delete operations for primaries.indexing.index_current (or iic, indexingIndexCurrent): The number of current indexing operations for primaries and replicas.pri.indexing.index_current: The number of current indexing operations for primaries.indexing.index_time (or iiti, indexingIndexTime): The time spent in indexing for primaries and replicas.pri.indexing.index_time: The time spent in indexing for primaries.indexing.index_total (or iito, indexingIndexTotal): The number of indexing operations for primaries and replicas.pri.indexing.index_total: The number of indexing operations for primaries.indexing.index_failed (or iif, indexingIndexFailed): The number of failed indexing operations for primaries and replicas.pri.indexing.index_failed: The number of failed indexing operations for primaries.indexing.index_failed_due_to_version_conflict (or iifvc, indexingIndexFailedDueToVersionConflict): The number of failed indexing operations due to version conflict for primaries and replicas.pri.indexing.index_failed_due_to_version_conflict: The number of failed indexing operations due to version conflict for primaries.merges.current (or mc, mergesCurrent): The number of current merges for primaries and replicas.pri.merges.current: The number of current merges for primaries.merges.current_docs (or mcd, mergesCurrentDocs): The number of current merging documents for primaries and replicas.pri.merges.current_docs: The number of current merging documents for primaries.merges.current_size (or mcs, mergesCurrentSize): The size of current merges for primaries and replicas.pri.merges.current_size: The size of current merges for primaries.merges.total (or mt, mergesTotal): The number of completed merge operations for primaries and replicas.pri.merges.total: The number of completed merge operations for primaries.merges.total_docs (or mtd, mergesTotalDocs): The number of merged documents for primaries and replicas.pri.merges.total_docs: The number of merged documents for primaries.merges.total_size (or mts, mergesTotalSize): The merged size for primaries and replicas.pri.merges.total_size: The merged size for primaries.merges.total_time (or mtt, mergesTotalTime): The time spent in merges for primaries and replicas.pri.merges.total_time: The time spent in merges for primaries.refresh.total (or rto, refreshTotal): The total refreshes for primaries and replicas.pri.refresh.total: The total refreshes for primaries.refresh.time (or rti, refreshTime): The time spent in refreshes for primaries and replicas.pri.refresh.time: The time spent in refreshes for primaries.refresh.external_total (or rto, refreshTotal): The total external refreshes for primaries and replicas.pri.refresh.external_total: The total external refreshes for primaries.refresh.external_time (or rti, refreshTime): The time spent in external refreshes for primaries and replicas.pri.refresh.external_time: The time spent in external refreshes for primaries.refresh.listeners (or rli, refreshListeners): The number of pending refresh listeners for primaries and replicas.pri.refresh.listeners: The number of pending refresh listeners for primaries.search.fetch_current (or sfc, searchFetchCurrent): The current fetch phase operations for primaries and replicas.pri.search.fetch_current: The current fetch phase operations for primaries.search.fetch_time (or sfti, searchFetchTime): The time spent in fetch phase for primaries and replicas.pri.search.fetch_time: The time spent in fetch phase for primaries.search.fetch_total (or sfto, searchFetchTotal): The total fetch operations for primaries and replicas.pri.search.fetch_total: The total fetch operations for primaries.search.open_contexts (or so, searchOpenContexts): The open search contexts for primaries and replicas.pri.search.open_contexts: The open search contexts for primaries.search.query_current (or sqc, searchQueryCurrent): The current query phase operations for primaries and replicas.pri.search.query_current: The current query phase operations for primaries.search.query_time (or sqti, searchQueryTime): The time spent in query phase for primaries and replicas.pri.search.query_time: The time spent in query phase for primaries.search.query_total (or sqto, searchQueryTotal): The total query phase operations for primaries and replicas.pri.search.query_total: The total query phase operations for primaries.search.scroll_current (or scc, searchScrollCurrent): The open scroll contexts for primaries and replicas.pri.search.scroll_current: The open scroll contexts for primaries.search.scroll_time (or scti, searchScrollTime): The time scroll contexts held open for primaries and replicas.pri.search.scroll_time: The time scroll contexts held open for primaries.search.scroll_total (or scto, searchScrollTotal): The completed scroll contexts for primaries and replicas.pri.search.scroll_total: The completed scroll contexts for primaries.segments.count (or sc, segmentsCount): The number of segments for primaries and replicas.pri.segments.count: The number of segments for primaries.segments.memory (or sm, segmentsMemory): The memory used by segments for primaries and replicas.pri.segments.memory: The memory used by segments for primaries.segments.index_writer_memory (or siwm, segmentsIndexWriterMemory): The memory used by index writer for primaries and replicas.pri.segments.index_writer_memory: The memory used by index writer for primaries.segments.version_map_memory (or svmm, segmentsVersionMapMemory): The memory used by version map for primaries and replicas.pri.segments.version_map_memory: The memory used by version map for primaries.segments.fixed_bitset_memory (or sfbm, fixedBitsetMemory): The memory used by fixed bit sets for nested object field types and type filters for types referred in _parent fields. Applicable for primaries and replicas.pri.segments.fixed_bitset_memory: The memory used by fixed bit sets for nested object field types and type filters for types referred in _parent fields. Applicable for primaries.warmer.current (or wc, warmerCurrent): The current warmer operations for primaries and replicas.pri.warmer.current: The current warmer operations for primaries.warmer.total (or wto, warmerTotal): The total warmer operations for primaries and replicas.pri.warmer.total: The total warmer operations for primaries.warmer.total_time (or wtt, warmerTotalTime): The time spent in warmers for primaries and replicas.pri.warmer.total_time: The time spent in warmers for primaries.suggest.current (or suc, suggestCurrent): The current suggest operations for primaries and replicas.pri.suggest.current: The current suggest operations for primaries.suggest.time (or suti, suggestTime): The time spent in suggest for primaries and replicas.pri.suggest.time: The time spent in suggest for primaries.suggest.total (or suto, suggestTotal): The number of suggest operations for primaries and replicas.pri.suggest.total: The number of suggest operations for primaries.memory.total (or tm, memoryTotal): The total used memory for primaries and replicas.pri.memory.total: The total used memory for primaries.bulk.total_operations (or bto, bulkTotalOperation): The number of bulk shard operations for primaries and replicas.pri.bulk.total_operations: The number of bulk shard operations for primaries.bulk.total_time (or btti, bulkTotalTime): The time spent in shard bulk for primaries and replicas.pri.bulk.total_time: The time spent in shard bulk for primaries.bulk.total_size_in_bytes (or btsi, bulkTotalSizeInBytes): The total size in bytes of shard bulk for primaries and replicas.pri.bulk.total_size_in_bytes: The total size in bytes of shard bulk for primaries.bulk.avg_time (or bati, bulkAvgTime): The average time spent in shard bulk for primaries and replicas.pri.bulk.avg_time: The average time spent in shard bulk for primaries.bulk.avg_size_in_bytes (or basi, bulkAvgSizeInBytes): The average size in bytes of shard bulk for primaries and replicas.pri.bulk.avg_size_in_bytes: The average size in bytes of shard bulk for primaries.dense_vector.value_count (or dvc, denseVectorCount): The total count of indexed dense vectors for primaries and replicas.pri.dense_vector.value_count: The total count of indexed dense vectors for primaries.sparse_vector.value_count (or svc, sparseVectorCount): The total count of indexed sparse vectors for primaries and replicas.pri.sparse_vector.value_count: The total count of indexed sparse vectors for primaries.Values are health, h, status, s, index, i, idx, uuid, id, pri, p, shards.primary, shardsPrimary, rep, r, shards.replica, shardsReplica, docs.count, dc, docsCount, docs.deleted, dd, docsDeleted, creation.date, cd, creation.date.string, cds, store.size, ss, storeSize, pri.store.size, dataset.size, completion.size, cs, completionSize, pri.completion.size, fielddata.memory_size, fm, fielddataMemory, pri.fielddata.memory_size, fielddata.evictions, fe, fielddataEvictions, pri.fielddata.evictions, query_cache.memory_size, qcm, queryCacheMemory, pri.query_cache.memory_size, query_cache.evictions, qce, queryCacheEvictions, pri.query_cache.evictions, request_cache.memory_size, rcm, requestCacheMemory, pri.request_cache.memory_size, request_cache.evictions, rce, requestCacheEvictions, pri.request_cache.evictions, request_cache.hit_count, rchc, requestCacheHitCount, pri.request_cache.hit_count, request_cache.miss_count, rcmc, requestCacheMissCount, pri.request_cache.miss_count, flush.total, ft, flushTotal, pri.flush.total, flush.total_time, ftt, flushTotalTime, pri.flush.total_time, get.current, gc, getCurrent, pri.get.current, get.time, gti, getTime, pri.get.time, get.total, gto, getTotal, pri.get.total, get.exists_time, geti, getExistsTime, pri.get.exists_time, get.exists_total, geto, getExistsTotal, pri.get.exists_total, get.missing_time, gmti, getMissingTime, pri.get.missing_time, get.missing_total, gmto, getMissingTotal, pri.get.missing_total, indexing.delete_current, idc, indexingDeleteCurrent, pri.indexing.delete_current, indexing.delete_time, idti, indexingDeleteTime, pri.indexing.delete_time, indexing.delete_total, idto, indexingDeleteTotal, pri.indexing.delete_total, indexing.index_current, iic, indexingIndexCurrent, pri.indexing.index_current, indexing.index_time, iiti, indexingIndexTime, pri.indexing.index_time, indexing.index_total, iito, indexingIndexTotal, pri.indexing.index_total, indexing.index_failed, iif, indexingIndexFailed, pri.indexing.index_failed, indexing.index_failed_due_to_version_conflict, iifvc, indexingIndexFailedDueToVersionConflict, pri.indexing.index_failed_due_to_version_conflict, merges.current, mc, mergesCurrent, pri.merges.current, merges.current_docs, mcd, mergesCurrentDocs, pri.merges.current_docs, merges.current_size, mcs, mergesCurrentSize, pri.merges.current_size, merges.total, mt, mergesTotal, pri.merges.total, merges.total_docs, mtd, mergesTotalDocs, pri.merges.total_docs, merges.total_size, mts, mergesTotalSize, pri.merges.total_size, merges.total_time, mtt, mergesTotalTime, pri.merges.total_time, refresh.total, rto, refreshTotal, pri.refresh.total, refresh.time, rti, refreshTime, pri.refresh.time, refresh.external_total, pri.refresh.external_total, refresh.external_time, pri.refresh.external_time, refresh.listeners, rli, refreshListeners, pri.refresh.listeners, search.fetch_current, sfc, searchFetchCurrent, pri.search.fetch_current, search.fetch_time, sfti, searchFetchTime, pri.search.fetch_time, search.fetch_total, sfto, searchFetchTotal, pri.search.fetch_total, search.open_contexts, so, searchOpenContexts, pri.search.open_contexts, search.query_current, sqc, searchQueryCurrent, pri.search.query_current, search.query_time, sqti, searchQueryTime, pri.search.query_time, search.query_total, sqto, searchQueryTotal, pri.search.query_total, search.scroll_current, scc, searchScrollCurrent, pri.search.scroll_current, search.scroll_time, scti, searchScrollTime, pri.search.scroll_time, search.scroll_total, scto, searchScrollTotal, pri.search.scroll_total, segments.count, sc, segmentsCount, pri.segments.count, segments.memory, sm, segmentsMemory, pri.segments.memory, segments.index_writer_memory, siwm, segmentsIndexWriterMemory, pri.segments.index_writer_memory, segments.version_map_memory, svmm, segmentsVersionMapMemory, pri.segments.version_map_memory, segments.fixed_bitset_memory, sfbm, fixedBitsetMemory, pri.segments.fixed_bitset_memory, warmer.current, wc, warmerCurrent, pri.warmer.current, warmer.total, wto, warmerTotal, pri.warmer.total, warmer.total_time, wtt, warmerTotalTime, pri.warmer.total_time, suggest.current, suc, suggestCurrent, pri.suggest.current, suggest.time, suti, suggestTime, pri.suggest.time, suggest.total, suto, suggestTotal, pri.suggest.total, memory.total, tm, memoryTotal, pri.memory.total, bulk.total_operations, bto, bulkTotalOperation, pri.bulk.total_operations, bulk.total_time, btti, bulkTotalTime, pri.bulk.total_time, bulk.total_size_in_bytes, btsi, bulkTotalSizeInBytes, pri.bulk.total_size_in_bytes, bulk.avg_time, bati, bulkAvgTime, pri.bulk.avg_time, bulk.avg_size_in_bytes, basi, bulkAvgSizeInBytes, pri.bulk.avg_size_in_bytes, dense_vector.value_count, dvc, denseVectorCount, pri.dense_vector.value_count, sparse_vector.value_count, svc, sparseVectorCount, or pri.sparse_vector.value_count.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
GET /_cat/indices/my-index-*?v=true&s=index&format=json
resp = client.cat.indices(
index="my-index-*",
v=True,
s="index",
format="json",
)const response = await client.cat.indices({
index: "my-index-*",
v: "true",
s: "index",
format: "json",
});response = client.cat.indices(
index: "my-index-*",
v: "true",
s: "index",
format: "json"
)$resp = $client->cat()->indices([
"index" => "my-index-*",
"v" => "true",
"s" => "index",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/indices/my-index-*?v=true&s=index&format=json"[
{
"health": "yellow",
"status": "open",
"index": "my-index-000001",
"uuid": "u8FNjxh8Rfy_awN11oDKYQ",
"pri": "1",
"rep": "1",
"docs.count": "1200",
"docs.deleted": "0",
"store.size": "88.1kb",
"pri.store.size": "88.1kb",
"dataset.size": "88.1kb"
},
{
"health": "green",
"status": "open",
"index": "my-index-000002",
"uuid": "nYFWZEO7TUiOjLQXBaYJpA ",
"pri": "1",
"rep": "0",
"docs.count": "0",
"docs.deleted": "0",
"store.size": "260b",
"pri.store.size": "260b",
"dataset.size": "260b"
}
]All methods and paths for this operation:
Get configuration and usage information about data frame analytics jobs.
IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get data frame analytics jobs statistics API.
monitor_mlWhether to ignore if a wildcard expression matches no configs. (This includes _all string or when no configs have been specified)
The unit in which to display byte values
Values are b, kb, mb, gb, tb, or pb.
Comma-separated list of column names to display.
Supported values include:
assignment_explanation (or ae): Contains messages relating to the selection of a node.create_time (or ct, createTime): The time when the data frame analytics job was created.description (or d): A description of a job.dest_index (or di, destIndex): Name of the destination index.failure_reason (or fr, failureReason): Contains messages about the reason why a data frame analytics job failed.id: Identifier for the data frame analytics job.model_memory_limit (or mml, modelMemoryLimit): The approximate maximum amount of memory resources that are permitted for
the data frame analytics job.node.address (or na, nodeAddress): The network address of the node that the data frame analytics job is
assigned to.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that the data frame analytics job is assigned
to.node.id (or ni, nodeId): The unique identifier of the node that the data frame analytics job is
assigned to.node.name (or nn, nodeName): The name of the node that the data frame analytics job is assigned to.progress (or p): The progress report of the data frame analytics job by phase.source_index (or si, sourceIndex): Name of the source index.state (or s): Current state of the data frame analytics job.type (or t): The type of analysis that the data frame analytics job performs.version (or v): The Elasticsearch version number in which the data frame analytics job was
created.Comma-separated list of column names or column aliases used to sort the response.
Supported values include:
assignment_explanation (or ae): Contains messages relating to the selection of a node.create_time (or ct, createTime): The time when the data frame analytics job was created.description (or d): A description of a job.dest_index (or di, destIndex): Name of the destination index.failure_reason (or fr, failureReason): Contains messages about the reason why a data frame analytics job failed.id: Identifier for the data frame analytics job.model_memory_limit (or mml, modelMemoryLimit): The approximate maximum amount of memory resources that are permitted for
the data frame analytics job.node.address (or na, nodeAddress): The network address of the node that the data frame analytics job is
assigned to.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that the data frame analytics job is assigned
to.node.id (or ni, nodeId): The unique identifier of the node that the data frame analytics job is
assigned to.node.name (or nn, nodeName): The name of the node that the data frame analytics job is assigned to.progress (or p): The progress report of the data frame analytics job by phase.source_index (or si, sourceIndex): Name of the source index.state (or s): Current state of the data frame analytics job.type (or t): The type of analysis that the data frame analytics job performs.version (or v): The Elasticsearch version number in which the data frame analytics job was
created.Unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
GET _cat/ml/data_frame/analytics?v=true&format=json
resp = client.cat.ml_data_frame_analytics(
v=True,
format="json",
)const response = await client.cat.mlDataFrameAnalytics({
v: "true",
format: "json",
});response = client.cat.ml_data_frame_analytics(
v: "true",
format: "json"
)$resp = $client->cat()->mlDataFrameAnalytics([
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/data_frame/analytics?v=true&format=json"[
{
"id": "classifier_job_1",
"type": "classification",
"create_time": "2020-02-12T11:49:09.594Z",
"state": "stopped"
},
{
"id": "classifier_job_2",
"type": "classification",
"create_time": "2020-02-12T11:49:14.479Z",
"state": "stopped"
},
{
"id": "classifier_job_3",
"type": "classification",
"create_time": "2020-02-12T11:49:16.928Z",
"state": "stopped"
},
{
"id": "classifier_job_4",
"type": "classification",
"create_time": "2020-02-12T11:49:19.127Z",
"state": "stopped"
},
{
"id": "classifier_job_5",
"type": "classification",
"create_time": "2020-02-12T11:49:21.349Z",
"state": "stopped"
}
]All methods and paths for this operation:
Get configuration and usage information about datafeeds.
This API returns a maximum of 10,000 datafeeds.
If the Elasticsearch security features are enabled, you must have monitor_ml, monitor, manage_ml, or manage
cluster privileges to use this API.
IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get datafeed statistics API.
monitor_mlSpecifies what to do when the request:
_all string or no identifiers and there are no matches.If true, the API returns an empty datafeeds array when there are no matches and the subset of results when
there are partial matches. If false, the API returns a 404 status code when there are no matches or only
partial matches.
Comma-separated list of column names to display.
Supported values include:
ae (or assignment_explanation): For started datafeeds only, contains messages relating to the selection of
a node.bc (or buckets.count, bucketsCount): The number of buckets processed.id: A numerical character string that uniquely identifies the datafeed.na (or node.address, nodeAddress): For started datafeeds only, the network address of the node where the
datafeed is started.ne (or node.ephemeral_id, nodeEphemeralId): For started datafeeds only, the ephemeral ID of the node where the
datafeed is started.ni (or node.id, nodeId): For started datafeeds only, the unique identifier of the node where the
datafeed is started.nn (or node.name, nodeName): For started datafeeds only, the name of the node where the datafeed is
started.sba (or search.bucket_avg, searchBucketAvg): The average search time per bucket, in milliseconds.sc (or search.count, searchCount): The number of searches run by the datafeed.seah (or search.exp_avg_hour, searchExpAvgHour): The exponential average search time per hour, in milliseconds.st (or search.time, searchTime): The total time the datafeed spent searching, in milliseconds.s (or state): The status of the datafeed: starting, started, stopping, or stopped.
If starting, the datafeed has been requested to start but has not yet
started. If started, the datafeed is actively receiving data. If
stopping, the datafeed has been requested to stop gracefully and is
completing its final action. If stopped, the datafeed is stopped and will
not receive data until it is re-started.Comma-separated list of column names or column aliases used to sort the response.
Supported values include:
ae (or assignment_explanation): For started datafeeds only, contains messages relating to the selection of
a node.bc (or buckets.count, bucketsCount): The number of buckets processed.id: A numerical character string that uniquely identifies the datafeed.na (or node.address, nodeAddress): For started datafeeds only, the network address of the node where the
datafeed is started.ne (or node.ephemeral_id, nodeEphemeralId): For started datafeeds only, the ephemeral ID of the node where the
datafeed is started.ni (or node.id, nodeId): For started datafeeds only, the unique identifier of the node where the
datafeed is started.nn (or node.name, nodeName): For started datafeeds only, the name of the node where the datafeed is
started.sba (or search.bucket_avg, searchBucketAvg): The average search time per bucket, in milliseconds.sc (or search.count, searchCount): The number of searches run by the datafeed.seah (or search.exp_avg_hour, searchExpAvgHour): The exponential average search time per hour, in milliseconds.st (or search.time, searchTime): The total time the datafeed spent searching, in milliseconds.s (or state): The status of the datafeed: starting, started, stopping, or stopped.
If starting, the datafeed has been requested to start but has not yet
started. If started, the datafeed is actively receiving data. If
stopping, the datafeed has been requested to stop gracefully and is
completing its final action. If stopped, the datafeed is stopped and will
not receive data until it is re-started.The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
GET _cat/ml/datafeeds?v=true&format=json
resp = client.cat.ml_datafeeds(
v=True,
format="json",
)const response = await client.cat.mlDatafeeds({
v: "true",
format: "json",
});response = client.cat.ml_datafeeds(
v: "true",
format: "json"
)$resp = $client->cat()->mlDatafeeds([
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/datafeeds?v=true&format=json"[
{
"id": "datafeed-high_sum_total_sales",
"state": "stopped",
"buckets.count": "743",
"search.count": "7"
},
{
"id": "datafeed-low_request_rate",
"state": "stopped",
"buckets.count": "1457",
"search.count": "3"
},
{
"id": "datafeed-response_code_rates",
"state": "stopped",
"buckets.count": "1460",
"search.count": "18"
},
{
"id": "datafeed-url_scanning",
"state": "stopped",
"buckets.count": "1460",
"search.count": "18"
}
]All methods and paths for this operation:
Get configuration and usage information for anomaly detection jobs.
This API returns a maximum of 10,000 jobs.
If the Elasticsearch security features are enabled, you must have monitor_ml,
monitor, manage_ml, or manage cluster privileges to use this API.
IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get anomaly detection job statistics API.
monitor_mlSpecifies what to do when the request:
_all string or no identifiers and there are no matches.If true, the API returns an empty jobs array when there are no matches and the subset of results when there
are partial matches. If false, the API returns a 404 status code when there are no matches or only partial
matches.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
Comma-separated list of column names to display.
Supported values include:
assignment_explanation (or ae): For open anomaly detection jobs only, contains messages relating to the
selection of a node to run the job.buckets.count (or bc, bucketsCount): The number of bucket results produced by the job.buckets.time.exp_avg (or btea, bucketsTimeExpAvg): Exponential moving average of all bucket processing times, in milliseconds.buckets.time.exp_avg_hour (or bteah, bucketsTimeExpAvgHour): Exponentially-weighted moving average of bucket processing times calculated
in a 1 hour time window, in milliseconds.buckets.time.max (or btmax, bucketsTimeMax): Maximum among all bucket processing times, in milliseconds.buckets.time.min (or btmin, bucketsTimeMin): Minimum among all bucket processing times, in milliseconds.buckets.time.total (or btt, bucketsTimeTotal): Sum of all bucket processing times, in milliseconds.data.buckets (or db, dataBuckets): The number of buckets processed.data.earliest_record (or der, dataEarliestRecord): The timestamp of the earliest chronologically input document.data.empty_buckets (or deb, dataEmptyBuckets): The number of buckets which did not contain any data.data.input_bytes (or dib, dataInputBytes): The number of bytes of input data posted to the anomaly detection job.data.input_fields (or dif, dataInputFields): The total number of fields in input documents posted to the anomaly
detection job. This count includes fields that are not used in the analysis.
However, be aware that if you are using a datafeed, it extracts only the
required fields from the documents it retrieves before posting them to the job.data.input_records (or dir, dataInputRecords): The number of input documents posted to the anomaly detection job.data.invalid_dates (or did, dataInvalidDates): The number of input documents with either a missing date field or a date
that could not be parsed.data.last (or dl, dataLast): The timestamp at which data was last analyzed, according to server time.data.last_empty_bucket (or dleb, dataLastEmptyBucket): The timestamp of the last bucket that did not contain any data.data.last_sparse_bucket (or dlsb, dataLastSparseBucket): The timestamp of the last bucket that was considered sparse.data.latest_record (or dlr, dataLatestRecord): The timestamp of the latest chronologically input document.data.missing_fields (or dmf, dataMissingFields): The number of input documents that are missing a field that the anomaly
detection job is configured to analyze. Input documents with missing fields
are still processed because it is possible that not all fields are missing.data.out_of_order_timestamps (or doot, dataOutOfOrderTimestamps): The number of input documents that have a timestamp chronologically
preceding the start of the current anomaly detection bucket offset by the
latency window. This information is applicable only when you provide data
to the anomaly detection job by using the post data API. These out of order
documents are discarded, since jobs require time series data to be in
ascending chronological order.data.processed_fields (or dpf, dataProcessedFields): The total number of fields in all the documents that have been processed by
the anomaly detection job. Only fields that are specified in the detector
configuration object contribute to this count. The timestamp is not
included in this count.data.processed_records (or dpr, dataProcessedRecords): The number of input documents that have been processed by the anomaly
detection job. This value includes documents with missing fields, since
they are nonetheless analyzed. If you use datafeeds and have aggregations
in your search query, the processed record count is the number of
aggregation results processed, not the number of Elasticsearch documents.data.sparse_buckets (or dsb, dataSparseBuckets): The number of buckets that contained few data points compared to the
expected number of data points.forecasts.memory.avg (or fmavg, forecastsMemoryAvg): The average memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.max (or fmmax, forecastsMemoryMax): The maximum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.min (or fmmin, forecastsMemoryMin): The minimum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.total (or fmt, forecastsMemoryTotal): The total memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.records.avg (or fravg, forecastsRecordsAvg): The average number of model_forecast` documents written for forecasts
related to the anomaly detection job.forecasts.records.max (or frmax, forecastsRecordsMax): The maximum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.min (or frmin, forecastsRecordsMin): The minimum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.total (or frt, forecastsRecordsTotal): The total number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.time.avg (or ftavg, forecastsTimeAvg): The average runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.max (or ftmax, forecastsTimeMax): The maximum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.min (or ftmin, forecastsTimeMin): The minimum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.total (or ftt, forecastsTimeTotal): The total runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.total (or ft, forecastsTotal): The number of individual forecasts currently available for the job.id: Identifier for the anomaly detection job.model.bucket_allocation_failures (or mbaf, modelBucketAllocationFailures): The number of buckets for which new entities in incoming data were not
processed due to insufficient model memory.model.by_fields (or mbf, modelByFields): The number of by field values that were analyzed by the models. This value
is cumulative for all detectors in the job.model.bytes (or mb, modelBytes): The number of bytes of memory used by the models. This is the maximum value
since the last time the model was persisted. If the job is closed, this
value indicates the latest size.model.bytes_exceeded (or mbe, modelBytesExceeded): The number of bytes over the high limit for memory usage at the last
allocation failure.model.categorization_status (or mcs, modelCategorizationStatus): The status of categorization for the job: ok or warn. If ok,
categorization is performing acceptably well (or not being used at all). If
warn, categorization is detecting a distribution of categories that
suggests the input data is inappropriate for categorization. Problems could
be that there is only one category, more than 90% of categories are rare,
the number of categories is greater than 50% of the number of categorized
documents, there are no frequently matched categories, or more than 50% of
categories are dead.model.categorized_doc_count (or mcdc, modelCategorizedDocCount): The number of documents that have had a field categorized.model.dead_category_count (or mdcc, modelDeadCategoryCount): The number of categories created by categorization that will never be
assigned again because another category’s definition makes it a superset of
the dead category. Dead categories are a side effect of the way
categorization has no prior training.model.failed_category_count (or mdcc, modelFailedCategoryCount): The number of times that categorization wanted to create a new category but
couldn’t because the job had hit its model memory limit. This count does
not track which specific categories failed to be created. Therefore, you
cannot use this value to determine the number of unique categories that
were missed.model.frequent_category_count (or mfcc, modelFrequentCategoryCount): The number of categories that match more than 1% of categorized documents.model.log_time (or mlt, modelLogTime): The timestamp when the model stats were gathered, according to server time.model.memory_limit (or mml, modelMemoryLimit): The timestamp when the model stats were gathered, according to server time.model.memory_status (or mms, modelMemoryStatus): The status of the mathematical models: ok, soft_limit, or hard_limit.
If ok, the models stayed below the configured value. If soft_limit, the
models used more than 60% of the configured memory limit and older unused
models will be pruned to free up space. Additionally, in categorization jobs
no further category examples will be stored. If hard_limit, the models
used more space than the configured memory limit. As a result, not all
incoming data was processed.model.over_fields (or mof, modelOverFields): The number of over field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.partition_fields (or mpf, modelPartitionFields): The number of partition field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.rare_category_count (or mrcc, modelRareCategoryCount): The number of categories that match just one categorized document.model.timestamp (or mt, modelTimestamp): The timestamp of the last record when the model stats were gathered.model.total_category_count (or mtcc, modelTotalCategoryCount): The number of categories created by categorization.node.address (or na, nodeAddress): The network address of the node that runs the job. This information is
available only for open jobs.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that runs the job. This information is
available only for open jobs.node.id (or ni, nodeId): The unique identifier of the node that runs the job. This information is
available only for open jobs.node.name (or nn, nodeName): The name of the node that runs the job. This information is available only
for open jobs.opened_time (or ot): For open jobs only, the elapsed time for which the job has been open.state (or s): The status of the anomaly detection job: closed, closing, failed,
opened, or opening. If closed, the job finished successfully with its
model state persisted. The job must be opened before it can accept further
data. If closing, the job close action is in progress and has not yet
completed. A closing job cannot accept further data. If failed, the job
did not finish successfully due to an error. This situation can occur due
to invalid input data, a fatal error occurring during the analysis, or an
external interaction such as the process being killed by the Linux out of
memory (OOM) killer. If the job had irrevocably failed, it must be force
closed and then deleted. If the datafeed can be corrected, the job can be
closed and then re-opened. If opened, the job is available to receive and
process data. If opening, the job open action is in progress and has not
yet completed.Comma-separated list of column names or column aliases used to sort the response.
Supported values include:
assignment_explanation (or ae): For open anomaly detection jobs only, contains messages relating to the
selection of a node to run the job.buckets.count (or bc, bucketsCount): The number of bucket results produced by the job.buckets.time.exp_avg (or btea, bucketsTimeExpAvg): Exponential moving average of all bucket processing times, in milliseconds.buckets.time.exp_avg_hour (or bteah, bucketsTimeExpAvgHour): Exponentially-weighted moving average of bucket processing times calculated
in a 1 hour time window, in milliseconds.buckets.time.max (or btmax, bucketsTimeMax): Maximum among all bucket processing times, in milliseconds.buckets.time.min (or btmin, bucketsTimeMin): Minimum among all bucket processing times, in milliseconds.buckets.time.total (or btt, bucketsTimeTotal): Sum of all bucket processing times, in milliseconds.data.buckets (or db, dataBuckets): The number of buckets processed.data.earliest_record (or der, dataEarliestRecord): The timestamp of the earliest chronologically input document.data.empty_buckets (or deb, dataEmptyBuckets): The number of buckets which did not contain any data.data.input_bytes (or dib, dataInputBytes): The number of bytes of input data posted to the anomaly detection job.data.input_fields (or dif, dataInputFields): The total number of fields in input documents posted to the anomaly
detection job. This count includes fields that are not used in the analysis.
However, be aware that if you are using a datafeed, it extracts only the
required fields from the documents it retrieves before posting them to the job.data.input_records (or dir, dataInputRecords): The number of input documents posted to the anomaly detection job.data.invalid_dates (or did, dataInvalidDates): The number of input documents with either a missing date field or a date
that could not be parsed.data.last (or dl, dataLast): The timestamp at which data was last analyzed, according to server time.data.last_empty_bucket (or dleb, dataLastEmptyBucket): The timestamp of the last bucket that did not contain any data.data.last_sparse_bucket (or dlsb, dataLastSparseBucket): The timestamp of the last bucket that was considered sparse.data.latest_record (or dlr, dataLatestRecord): The timestamp of the latest chronologically input document.data.missing_fields (or dmf, dataMissingFields): The number of input documents that are missing a field that the anomaly
detection job is configured to analyze. Input documents with missing fields
are still processed because it is possible that not all fields are missing.data.out_of_order_timestamps (or doot, dataOutOfOrderTimestamps): The number of input documents that have a timestamp chronologically
preceding the start of the current anomaly detection bucket offset by the
latency window. This information is applicable only when you provide data
to the anomaly detection job by using the post data API. These out of order
documents are discarded, since jobs require time series data to be in
ascending chronological order.data.processed_fields (or dpf, dataProcessedFields): The total number of fields in all the documents that have been processed by
the anomaly detection job. Only fields that are specified in the detector
configuration object contribute to this count. The timestamp is not
included in this count.data.processed_records (or dpr, dataProcessedRecords): The number of input documents that have been processed by the anomaly
detection job. This value includes documents with missing fields, since
they are nonetheless analyzed. If you use datafeeds and have aggregations
in your search query, the processed record count is the number of
aggregation results processed, not the number of Elasticsearch documents.data.sparse_buckets (or dsb, dataSparseBuckets): The number of buckets that contained few data points compared to the
expected number of data points.forecasts.memory.avg (or fmavg, forecastsMemoryAvg): The average memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.max (or fmmax, forecastsMemoryMax): The maximum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.min (or fmmin, forecastsMemoryMin): The minimum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.total (or fmt, forecastsMemoryTotal): The total memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.records.avg (or fravg, forecastsRecordsAvg): The average number of model_forecast` documents written for forecasts
related to the anomaly detection job.forecasts.records.max (or frmax, forecastsRecordsMax): The maximum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.min (or frmin, forecastsRecordsMin): The minimum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.total (or frt, forecastsRecordsTotal): The total number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.time.avg (or ftavg, forecastsTimeAvg): The average runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.max (or ftmax, forecastsTimeMax): The maximum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.min (or ftmin, forecastsTimeMin): The minimum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.total (or ftt, forecastsTimeTotal): The total runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.total (or ft, forecastsTotal): The number of individual forecasts currently available for the job.id: Identifier for the anomaly detection job.model.bucket_allocation_failures (or mbaf, modelBucketAllocationFailures): The number of buckets for which new entities in incoming data were not
processed due to insufficient model memory.model.by_fields (or mbf, modelByFields): The number of by field values that were analyzed by the models. This value
is cumulative for all detectors in the job.model.bytes (or mb, modelBytes): The number of bytes of memory used by the models. This is the maximum value
since the last time the model was persisted. If the job is closed, this
value indicates the latest size.model.bytes_exceeded (or mbe, modelBytesExceeded): The number of bytes over the high limit for memory usage at the last
allocation failure.model.categorization_status (or mcs, modelCategorizationStatus): The status of categorization for the job: ok or warn. If ok,
categorization is performing acceptably well (or not being used at all). If
warn, categorization is detecting a distribution of categories that
suggests the input data is inappropriate for categorization. Problems could
be that there is only one category, more than 90% of categories are rare,
the number of categories is greater than 50% of the number of categorized
documents, there are no frequently matched categories, or more than 50% of
categories are dead.model.categorized_doc_count (or mcdc, modelCategorizedDocCount): The number of documents that have had a field categorized.model.dead_category_count (or mdcc, modelDeadCategoryCount): The number of categories created by categorization that will never be
assigned again because another category’s definition makes it a superset of
the dead category. Dead categories are a side effect of the way
categorization has no prior training.model.failed_category_count (or mdcc, modelFailedCategoryCount): The number of times that categorization wanted to create a new category but
couldn’t because the job had hit its model memory limit. This count does
not track which specific categories failed to be created. Therefore, you
cannot use this value to determine the number of unique categories that
were missed.model.frequent_category_count (or mfcc, modelFrequentCategoryCount): The number of categories that match more than 1% of categorized documents.model.log_time (or mlt, modelLogTime): The timestamp when the model stats were gathered, according to server time.model.memory_limit (or mml, modelMemoryLimit): The timestamp when the model stats were gathered, according to server time.model.memory_status (or mms, modelMemoryStatus): The status of the mathematical models: ok, soft_limit, or hard_limit.
If ok, the models stayed below the configured value. If soft_limit, the
models used more than 60% of the configured memory limit and older unused
models will be pruned to free up space. Additionally, in categorization jobs
no further category examples will be stored. If hard_limit, the models
used more space than the configured memory limit. As a result, not all
incoming data was processed.model.over_fields (or mof, modelOverFields): The number of over field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.partition_fields (or mpf, modelPartitionFields): The number of partition field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.rare_category_count (or mrcc, modelRareCategoryCount): The number of categories that match just one categorized document.model.timestamp (or mt, modelTimestamp): The timestamp of the last record when the model stats were gathered.model.total_category_count (or mtcc, modelTotalCategoryCount): The number of categories created by categorization.node.address (or na, nodeAddress): The network address of the node that runs the job. This information is
available only for open jobs.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that runs the job. This information is
available only for open jobs.node.id (or ni, nodeId): The unique identifier of the node that runs the job. This information is
available only for open jobs.node.name (or nn, nodeName): The name of the node that runs the job. This information is available only
for open jobs.opened_time (or ot): For open jobs only, the elapsed time for which the job has been open.state (or s): The status of the anomaly detection job: closed, closing, failed,
opened, or opening. If closed, the job finished successfully with its
model state persisted. The job must be opened before it can accept further
data. If closing, the job close action is in progress and has not yet
completed. A closing job cannot accept further data. If failed, the job
did not finish successfully due to an error. This situation can occur due
to invalid input data, a fatal error occurring during the analysis, or an
external interaction such as the process being killed by the Linux out of
memory (OOM) killer. If the job had irrevocably failed, it must be force
closed and then deleted. If the datafeed can be corrected, the job can be
closed and then re-opened. If opened, the job is available to receive and
process data. If opening, the job open action is in progress and has not
yet completed.The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
GET _cat/ml/anomaly_detectors?h=id,s,dpr,mb&v=true&format=json
resp = client.cat.ml_jobs(
h="id,s,dpr,mb",
v=True,
format="json",
)const response = await client.cat.mlJobs({
h: "id,s,dpr,mb",
v: "true",
format: "json",
});response = client.cat.ml_jobs(
h: "id,s,dpr,mb",
v: "true",
format: "json"
)$resp = $client->cat()->mlJobs([
"h" => "id,s,dpr,mb",
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/anomaly_detectors?h=id,s,dpr,mb&v=true&format=json"[
{
"id": "high_sum_total_sales",
"s": "closed",
"dpr": "14022",
"mb": "1.5mb"
},
{
"id": "low_request_rate",
"s": "closed",
"dpr": "1216",
"mb": "40.5kb"
},
{
"id": "response_code_rates",
"s": "closed",
"dpr": "28146",
"mb": "132.7kb"
},
{
"id": "url_scanning",
"s": "closed",
"dpr": "28146",
"mb": "501.6kb"
}
]All methods and paths for this operation:
Get configuration and usage information about inference trained models.
IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get trained models statistics API.
monitor_mlSpecifies what to do when the request: contains wildcard expressions and there are no models that match; contains the _all string or no identifiers and there are no matches; contains wildcard expressions and there are only partial matches.
If true, the API returns an empty array when there are no matches and the subset of results when there are partial matches.
If false, the API returns a 404 status code when there are no matches or only partial matches.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
A comma-separated list of column names to display.
Supported values include:
create_time (or ct): The time when the trained model was created.created_by (or c, createdBy): Information on the creator of the trained model.data_frame_analytics_id (or df, dataFrameAnalytics, dfid): Identifier for the data frame analytics job that created the model. Only
displayed if it is still available.description (or d): The description of the trained model.heap_size (or hs, modelHeapSize): The estimated heap size to keep the trained model in memory.id: Identifier for the trained model.ingest.count (or ic, ingestCount): The total number of documents that are processed by the model.ingest.current (or icurr, ingestCurrent): The total number of document that are currently being handled by the
trained model.ingest.failed (or if, ingestFailed): The total number of failed ingest attempts with the trained model.ingest.pipelines (or ip, ingestPipelines): The total number of ingest pipelines that are referencing the trained
model.ingest.time (or it, ingestTime): The total time that is spent processing documents with the trained model.license (or l): The license level of the trained model.operations (or o, modelOperations): The estimated number of operations to use the trained model. This number
helps measuring the computational complexity of the model.version (or v): The Elasticsearch version number in which the trained model was created.A comma-separated list of column names or aliases used to sort the response.
Supported values include:
create_time (or ct): The time when the trained model was created.created_by (or c, createdBy): Information on the creator of the trained model.data_frame_analytics_id (or df, dataFrameAnalytics, dfid): Identifier for the data frame analytics job that created the model. Only
displayed if it is still available.description (or d): The description of the trained model.heap_size (or hs, modelHeapSize): The estimated heap size to keep the trained model in memory.id: Identifier for the trained model.ingest.count (or ic, ingestCount): The total number of documents that are processed by the model.ingest.current (or icurr, ingestCurrent): The total number of document that are currently being handled by the
trained model.ingest.failed (or if, ingestFailed): The total number of failed ingest attempts with the trained model.ingest.pipelines (or ip, ingestPipelines): The total number of ingest pipelines that are referencing the trained
model.ingest.time (or it, ingestTime): The total time that is spent processing documents with the trained model.license (or l): The license level of the trained model.operations (or o, modelOperations): The estimated number of operations to use the trained model. This number
helps measuring the computational complexity of the model.version (or v): The Elasticsearch version number in which the trained model was created.Skips the specified number of transforms.
The maximum number of transforms to display.
Unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
GET _cat/ml/trained_models?v=true&format=json
resp = client.cat.ml_trained_models(
v=True,
format="json",
)const response = await client.cat.mlTrainedModels({
v: "true",
format: "json",
});response = client.cat.ml_trained_models(
v: "true",
format: "json"
)$resp = $client->cat()->mlTrainedModels([
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/trained_models?v=true&format=json"[
{
"id": "ddddd-1580216177138",
"heap_size": "0b",
"operations": "196",
"create_time": "2025-03-25T00:01:38.662Z",
"type": "pytorch",
"ingest.pipelines": "0",
"data_frame.id": "__none__"
},
{
"id": "lang_ident_model_1",
"heap_size": "1mb",
"operations": "39629",
"create_time": "2019-12-05T12:28:34.594Z",
"type": "lang_ident",
"ingest.pipelines": "0",
"data_frame.id": "__none__"
}
]