Elasticsearch APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example:
curl -X GET "${ES_URL}/_cat/indices?v=true" \
-H "Authorization: ApiKey ${API_KEY}"
For more information about where to find API keys for the Elasticsearch endpoint (${ES_URL}) for a project, go to Get started with Elasticsearch Serverless.
All methods and paths for this operation:
GET _application/analytics/my*
resp = client.search_application.get_behavioral_analytics(
name="my*",
)const response = await client.searchApplication.getBehavioralAnalytics({
name: "my*",
});response = client.search_application.get_behavioral_analytics(
name: "my*"
)$resp = $client->searchApplication()->getBehavioralAnalytics([
"name" => "my*",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my*"client.searchApplication().getBehavioralAnalytics(g -> g
.name("my*")
);
{
"my_analytics_collection": {
"event_data_stream": {
"name": "behavioral_analytics-events-my_analytics_collection"
}
},
"my_analytics_collection2": {
"event_data_stream": {
"name": "behavioral_analytics-events-my_analytics_collection2"
}
}
}The compact and aligned text (CAT) APIs aim are intended only for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, it's recommend to use a corresponding JSON API.
All the cat commands accept a query string parameter help to see all the headers and info they provide, and the /_cat command alone lists all the available commands.
All methods and paths for this operation:
Get the cluster's index aliases, including filter and routing information. This API does not return data stream aliases.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or the Kibana console. They are not intended for use by applications. For application consumption, use the aliases API.
view_index_metadataA comma-separated list of aliases to retrieve. Supports wildcards (*). To retrieve all aliases, omit this parameter or use * or _all.
List of columns to appear in the response. Supports simple wildcards.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
The type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
It supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
The period to wait for a connection to the master node.
If the master node is not available before the timeout expires, the request fails and returns an error.
To indicated that the request should never timeout, you can set it to -1.
Values are -1 or 0.
GET _cat/aliases?format=json&v=true
resp = client.cat.aliases(
format="json",
v=True,
)const response = await client.cat.aliases({
format: "json",
v: "true",
});response = client.cat.aliases(
format: "json",
v: "true"
)$resp = $client->cat()->aliases([
"format" => "json",
"v" => "true",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/aliases?format=json&v=true"client.cat().aliases();
[
{
"alias": "alias1",
"index": "test1",
"filter": "-",
"routing.index": "-",
"routing.search": "-",
"is_write_index": "true"
},
{
"alias": "alias1",
"index": "test1",
"filter": "*",
"routing.index": "-",
"routing.search": "-",
"is_write_index": "true"
},
{
"alias": "alias3",
"index": "test1",
"filter": "-",
"routing.index": "1",
"routing.search": "1",
"is_write_index": "true"
},
{
"alias": "alias4",
"index": "test1",
"filter": "-",
"routing.index": "2",
"routing.search": "1,2",
"is_write_index": "true"
}
]All methods and paths for this operation:
Get information about component templates in a cluster. Component templates are building blocks for constructing index templates that specify index mappings, settings, and aliases.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the get component template API.
monitorThe name of the component template. It accepts wildcard expressions. If it is omitted, all component templates are returned.
List of columns to appear in the response. Supports simple wildcards.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
If true, the request computes the list of selected nodes from the
local cluster state. If false the list of selected nodes are computed
from the cluster state of the master node. In both cases the coordinating
node will send requests for further information to each selected node.
The period to wait for a connection to the master node.
Values are -1 or 0.
GET _cat/component_templates/my-template-*?v=true&s=name&format=json
resp = client.cat.component_templates(
name="my-template-*",
v=True,
s="name",
format="json",
)const response = await client.cat.componentTemplates({
name: "my-template-*",
v: "true",
s: "name",
format: "json",
});response = client.cat.component_templates(
name: "my-template-*",
v: "true",
s: "name",
format: "json"
)$resp = $client->cat()->componentTemplates([
"name" => "my-template-*",
"v" => "true",
"s" => "name",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/component_templates/my-template-*?v=true&s=name&format=json"client.cat().componentTemplates();
[
{
"name": "my-template-1",
"version": "null",
"alias_count": "0",
"mapping_count": "0",
"settings_count": "1",
"metadata_count": "0",
"included_in": "[my-index-template]"
},
{
"name": "my-template-2",
"version": null,
"alias_count": "0",
"mapping_count": "3",
"settings_count": "0",
"metadata_count": "0",
"included_in": "[my-index-template]"
}
]All methods and paths for this operation:
Get quick access to a document count for a data stream, an index, or an entire cluster. The document count only includes live documents, not deleted documents which have not yet been removed by the merge process.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the count API.
readA comma-separated list of data streams, indices, and aliases used to limit the request.
It supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
GET /_cat/count/my-index-000001?v=true&format=json
resp = client.cat.count(
index="my-index-000001",
v=True,
format="json",
)const response = await client.cat.count({
index: "my-index-000001",
v: "true",
format: "json",
});response = client.cat.count(
index: "my-index-000001",
v: "true",
format: "json"
)$resp = $client->cat()->count([
"index" => "my-index-000001",
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/count/my-index-000001?v=true&format=json"client.cat().count();
[
{
"epoch": "1475868259",
"timestamp": "15:24:20",
"count": "120"
}
][
{
"epoch": "1475868259",
"timestamp": "15:24:20",
"count": "121"
}
]curl \
--request GET 'http://api.example.com/_cat' \
--header "Authorization: $API_KEY"All methods and paths for this operation:
Get configuration and usage information for anomaly detection jobs.
This API returns a maximum of 10,000 jobs.
If the Elasticsearch security features are enabled, you must have monitor_ml,
monitor, manage_ml, or manage cluster privileges to use this API.
IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get anomaly detection job statistics API.
monitor_mlSpecifies what to do when the request:
_all string or no identifiers and there are no matches.If true, the API returns an empty jobs array when there are no matches and the subset of results when there
are partial matches. If false, the API returns a 404 status code when there are no matches or only partial
matches.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
Comma-separated list of column names to display.
Supported values include:
assignment_explanation (or ae): For open anomaly detection jobs only, contains messages relating to the
selection of a node to run the job.buckets.count (or bc, bucketsCount): The number of bucket results produced by the job.buckets.time.exp_avg (or btea, bucketsTimeExpAvg): Exponential moving average of all bucket processing times, in milliseconds.buckets.time.exp_avg_hour (or bteah, bucketsTimeExpAvgHour): Exponentially-weighted moving average of bucket processing times calculated
in a 1 hour time window, in milliseconds.buckets.time.max (or btmax, bucketsTimeMax): Maximum among all bucket processing times, in milliseconds.buckets.time.min (or btmin, bucketsTimeMin): Minimum among all bucket processing times, in milliseconds.buckets.time.total (or btt, bucketsTimeTotal): Sum of all bucket processing times, in milliseconds.data.buckets (or db, dataBuckets): The number of buckets processed.data.earliest_record (or der, dataEarliestRecord): The timestamp of the earliest chronologically input document.data.empty_buckets (or deb, dataEmptyBuckets): The number of buckets which did not contain any data.data.input_bytes (or dib, dataInputBytes): The number of bytes of input data posted to the anomaly detection job.data.input_fields (or dif, dataInputFields): The total number of fields in input documents posted to the anomaly
detection job. This count includes fields that are not used in the analysis.
However, be aware that if you are using a datafeed, it extracts only the
required fields from the documents it retrieves before posting them to the job.data.input_records (or dir, dataInputRecords): The number of input documents posted to the anomaly detection job.data.invalid_dates (or did, dataInvalidDates): The number of input documents with either a missing date field or a date
that could not be parsed.data.last (or dl, dataLast): The timestamp at which data was last analyzed, according to server time.data.last_empty_bucket (or dleb, dataLastEmptyBucket): The timestamp of the last bucket that did not contain any data.data.last_sparse_bucket (or dlsb, dataLastSparseBucket): The timestamp of the last bucket that was considered sparse.data.latest_record (or dlr, dataLatestRecord): The timestamp of the latest chronologically input document.data.missing_fields (or dmf, dataMissingFields): The number of input documents that are missing a field that the anomaly
detection job is configured to analyze. Input documents with missing fields
are still processed because it is possible that not all fields are missing.data.out_of_order_timestamps (or doot, dataOutOfOrderTimestamps): The number of input documents that have a timestamp chronologically
preceding the start of the current anomaly detection bucket offset by the
latency window. This information is applicable only when you provide data
to the anomaly detection job by using the post data API. These out of order
documents are discarded, since jobs require time series data to be in
ascending chronological order.data.processed_fields (or dpf, dataProcessedFields): The total number of fields in all the documents that have been processed by
the anomaly detection job. Only fields that are specified in the detector
configuration object contribute to this count. The timestamp is not
included in this count.data.processed_records (or dpr, dataProcessedRecords): The number of input documents that have been processed by the anomaly
detection job. This value includes documents with missing fields, since
they are nonetheless analyzed. If you use datafeeds and have aggregations
in your search query, the processed record count is the number of
aggregation results processed, not the number of Elasticsearch documents.data.sparse_buckets (or dsb, dataSparseBuckets): The number of buckets that contained few data points compared to the
expected number of data points.forecasts.memory.avg (or fmavg, forecastsMemoryAvg): The average memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.max (or fmmax, forecastsMemoryMax): The maximum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.min (or fmmin, forecastsMemoryMin): The minimum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.total (or fmt, forecastsMemoryTotal): The total memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.records.avg (or fravg, forecastsRecordsAvg): The average number of model_forecast` documents written for forecasts
related to the anomaly detection job.forecasts.records.max (or frmax, forecastsRecordsMax): The maximum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.min (or frmin, forecastsRecordsMin): The minimum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.total (or frt, forecastsRecordsTotal): The total number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.time.avg (or ftavg, forecastsTimeAvg): The average runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.max (or ftmax, forecastsTimeMax): The maximum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.min (or ftmin, forecastsTimeMin): The minimum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.total (or ftt, forecastsTimeTotal): The total runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.total (or ft, forecastsTotal): The number of individual forecasts currently available for the job.id: Identifier for the anomaly detection job.model.bucket_allocation_failures (or mbaf, modelBucketAllocationFailures): The number of buckets for which new entities in incoming data were not
processed due to insufficient model memory.model.by_fields (or mbf, modelByFields): The number of by field values that were analyzed by the models. This value
is cumulative for all detectors in the job.model.bytes (or mb, modelBytes): The number of bytes of memory used by the models. This is the maximum value
since the last time the model was persisted. If the job is closed, this
value indicates the latest size.model.bytes_exceeded (or mbe, modelBytesExceeded): The number of bytes over the high limit for memory usage at the last
allocation failure.model.categorization_status (or mcs, modelCategorizationStatus): The status of categorization for the job: ok or warn. If ok,
categorization is performing acceptably well (or not being used at all). If
warn, categorization is detecting a distribution of categories that
suggests the input data is inappropriate for categorization. Problems could
be that there is only one category, more than 90% of categories are rare,
the number of categories is greater than 50% of the number of categorized
documents, there are no frequently matched categories, or more than 50% of
categories are dead.model.categorized_doc_count (or mcdc, modelCategorizedDocCount): The number of documents that have had a field categorized.model.dead_category_count (or mdcc, modelDeadCategoryCount): The number of categories created by categorization that will never be
assigned again because another category’s definition makes it a superset of
the dead category. Dead categories are a side effect of the way
categorization has no prior training.model.failed_category_count (or mdcc, modelFailedCategoryCount): The number of times that categorization wanted to create a new category but
couldn’t because the job had hit its model memory limit. This count does
not track which specific categories failed to be created. Therefore, you
cannot use this value to determine the number of unique categories that
were missed.model.frequent_category_count (or mfcc, modelFrequentCategoryCount): The number of categories that match more than 1% of categorized documents.model.log_time (or mlt, modelLogTime): The timestamp when the model stats were gathered, according to server time.model.memory_limit (or mml, modelMemoryLimit): The timestamp when the model stats were gathered, according to server time.model.memory_status (or mms, modelMemoryStatus): The status of the mathematical models: ok, soft_limit, or hard_limit.
If ok, the models stayed below the configured value. If soft_limit, the
models used more than 60% of the configured memory limit and older unused
models will be pruned to free up space. Additionally, in categorization jobs
no further category examples will be stored. If hard_limit, the models
used more space than the configured memory limit. As a result, not all
incoming data was processed.model.over_fields (or mof, modelOverFields): The number of over field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.partition_fields (or mpf, modelPartitionFields): The number of partition field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.rare_category_count (or mrcc, modelRareCategoryCount): The number of categories that match just one categorized document.model.timestamp (or mt, modelTimestamp): The timestamp of the last record when the model stats were gathered.model.total_category_count (or mtcc, modelTotalCategoryCount): The number of categories created by categorization.node.address (or na, nodeAddress): The network address of the node that runs the job. This information is
available only for open jobs.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that runs the job. This information is
available only for open jobs.node.id (or ni, nodeId): The unique identifier of the node that runs the job. This information is
available only for open jobs.node.name (or nn, nodeName): The name of the node that runs the job. This information is available only
for open jobs.opened_time (or ot): For open jobs only, the elapsed time for which the job has been open.state (or s): The status of the anomaly detection job: closed, closing, failed,
opened, or opening. If closed, the job finished successfully with its
model state persisted. The job must be opened before it can accept further
data. If closing, the job close action is in progress and has not yet
completed. A closing job cannot accept further data. If failed, the job
did not finish successfully due to an error. This situation can occur due
to invalid input data, a fatal error occurring during the analysis, or an
external interaction such as the process being killed by the Linux out of
memory (OOM) killer. If the job had irrevocably failed, it must be force
closed and then deleted. If the datafeed can be corrected, the job can be
closed and then re-opened. If opened, the job is available to receive and
process data. If opening, the job open action is in progress and has not
yet completed.Comma-separated list of column names or column aliases used to sort the response.
Supported values include:
assignment_explanation (or ae): For open anomaly detection jobs only, contains messages relating to the
selection of a node to run the job.buckets.count (or bc, bucketsCount): The number of bucket results produced by the job.buckets.time.exp_avg (or btea, bucketsTimeExpAvg): Exponential moving average of all bucket processing times, in milliseconds.buckets.time.exp_avg_hour (or bteah, bucketsTimeExpAvgHour): Exponentially-weighted moving average of bucket processing times calculated
in a 1 hour time window, in milliseconds.buckets.time.max (or btmax, bucketsTimeMax): Maximum among all bucket processing times, in milliseconds.buckets.time.min (or btmin, bucketsTimeMin): Minimum among all bucket processing times, in milliseconds.buckets.time.total (or btt, bucketsTimeTotal): Sum of all bucket processing times, in milliseconds.data.buckets (or db, dataBuckets): The number of buckets processed.data.earliest_record (or der, dataEarliestRecord): The timestamp of the earliest chronologically input document.data.empty_buckets (or deb, dataEmptyBuckets): The number of buckets which did not contain any data.data.input_bytes (or dib, dataInputBytes): The number of bytes of input data posted to the anomaly detection job.data.input_fields (or dif, dataInputFields): The total number of fields in input documents posted to the anomaly
detection job. This count includes fields that are not used in the analysis.
However, be aware that if you are using a datafeed, it extracts only the
required fields from the documents it retrieves before posting them to the job.data.input_records (or dir, dataInputRecords): The number of input documents posted to the anomaly detection job.data.invalid_dates (or did, dataInvalidDates): The number of input documents with either a missing date field or a date
that could not be parsed.data.last (or dl, dataLast): The timestamp at which data was last analyzed, according to server time.data.last_empty_bucket (or dleb, dataLastEmptyBucket): The timestamp of the last bucket that did not contain any data.data.last_sparse_bucket (or dlsb, dataLastSparseBucket): The timestamp of the last bucket that was considered sparse.data.latest_record (or dlr, dataLatestRecord): The timestamp of the latest chronologically input document.data.missing_fields (or dmf, dataMissingFields): The number of input documents that are missing a field that the anomaly
detection job is configured to analyze. Input documents with missing fields
are still processed because it is possible that not all fields are missing.data.out_of_order_timestamps (or doot, dataOutOfOrderTimestamps): The number of input documents that have a timestamp chronologically
preceding the start of the current anomaly detection bucket offset by the
latency window. This information is applicable only when you provide data
to the anomaly detection job by using the post data API. These out of order
documents are discarded, since jobs require time series data to be in
ascending chronological order.data.processed_fields (or dpf, dataProcessedFields): The total number of fields in all the documents that have been processed by
the anomaly detection job. Only fields that are specified in the detector
configuration object contribute to this count. The timestamp is not
included in this count.data.processed_records (or dpr, dataProcessedRecords): The number of input documents that have been processed by the anomaly
detection job. This value includes documents with missing fields, since
they are nonetheless analyzed. If you use datafeeds and have aggregations
in your search query, the processed record count is the number of
aggregation results processed, not the number of Elasticsearch documents.data.sparse_buckets (or dsb, dataSparseBuckets): The number of buckets that contained few data points compared to the
expected number of data points.forecasts.memory.avg (or fmavg, forecastsMemoryAvg): The average memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.max (or fmmax, forecastsMemoryMax): The maximum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.min (or fmmin, forecastsMemoryMin): The minimum memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.memory.total (or fmt, forecastsMemoryTotal): The total memory usage in bytes for forecasts related to the anomaly
detection job.forecasts.records.avg (or fravg, forecastsRecordsAvg): The average number of model_forecast` documents written for forecasts
related to the anomaly detection job.forecasts.records.max (or frmax, forecastsRecordsMax): The maximum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.min (or frmin, forecastsRecordsMin): The minimum number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.records.total (or frt, forecastsRecordsTotal): The total number of model_forecast documents written for forecasts
related to the anomaly detection job.forecasts.time.avg (or ftavg, forecastsTimeAvg): The average runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.max (or ftmax, forecastsTimeMax): The maximum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.min (or ftmin, forecastsTimeMin): The minimum runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.time.total (or ftt, forecastsTimeTotal): The total runtime in milliseconds for forecasts related to the anomaly
detection job.forecasts.total (or ft, forecastsTotal): The number of individual forecasts currently available for the job.id: Identifier for the anomaly detection job.model.bucket_allocation_failures (or mbaf, modelBucketAllocationFailures): The number of buckets for which new entities in incoming data were not
processed due to insufficient model memory.model.by_fields (or mbf, modelByFields): The number of by field values that were analyzed by the models. This value
is cumulative for all detectors in the job.model.bytes (or mb, modelBytes): The number of bytes of memory used by the models. This is the maximum value
since the last time the model was persisted. If the job is closed, this
value indicates the latest size.model.bytes_exceeded (or mbe, modelBytesExceeded): The number of bytes over the high limit for memory usage at the last
allocation failure.model.categorization_status (or mcs, modelCategorizationStatus): The status of categorization for the job: ok or warn. If ok,
categorization is performing acceptably well (or not being used at all). If
warn, categorization is detecting a distribution of categories that
suggests the input data is inappropriate for categorization. Problems could
be that there is only one category, more than 90% of categories are rare,
the number of categories is greater than 50% of the number of categorized
documents, there are no frequently matched categories, or more than 50% of
categories are dead.model.categorized_doc_count (or mcdc, modelCategorizedDocCount): The number of documents that have had a field categorized.model.dead_category_count (or mdcc, modelDeadCategoryCount): The number of categories created by categorization that will never be
assigned again because another category’s definition makes it a superset of
the dead category. Dead categories are a side effect of the way
categorization has no prior training.model.failed_category_count (or mdcc, modelFailedCategoryCount): The number of times that categorization wanted to create a new category but
couldn’t because the job had hit its model memory limit. This count does
not track which specific categories failed to be created. Therefore, you
cannot use this value to determine the number of unique categories that
were missed.model.frequent_category_count (or mfcc, modelFrequentCategoryCount): The number of categories that match more than 1% of categorized documents.model.log_time (or mlt, modelLogTime): The timestamp when the model stats were gathered, according to server time.model.memory_limit (or mml, modelMemoryLimit): The timestamp when the model stats were gathered, according to server time.model.memory_status (or mms, modelMemoryStatus): The status of the mathematical models: ok, soft_limit, or hard_limit.
If ok, the models stayed below the configured value. If soft_limit, the
models used more than 60% of the configured memory limit and older unused
models will be pruned to free up space. Additionally, in categorization jobs
no further category examples will be stored. If hard_limit, the models
used more space than the configured memory limit. As a result, not all
incoming data was processed.model.over_fields (or mof, modelOverFields): The number of over field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.partition_fields (or mpf, modelPartitionFields): The number of partition field values that were analyzed by the models. This
value is cumulative for all detectors in the job.model.rare_category_count (or mrcc, modelRareCategoryCount): The number of categories that match just one categorized document.model.timestamp (or mt, modelTimestamp): The timestamp of the last record when the model stats were gathered.model.total_category_count (or mtcc, modelTotalCategoryCount): The number of categories created by categorization.node.address (or na, nodeAddress): The network address of the node that runs the job. This information is
available only for open jobs.node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that runs the job. This information is
available only for open jobs.node.id (or ni, nodeId): The unique identifier of the node that runs the job. This information is
available only for open jobs.node.name (or nn, nodeName): The name of the node that runs the job. This information is available only
for open jobs.opened_time (or ot): For open jobs only, the elapsed time for which the job has been open.state (or s): The status of the anomaly detection job: closed, closing, failed,
opened, or opening. If closed, the job finished successfully with its
model state persisted. The job must be opened before it can accept further
data. If closing, the job close action is in progress and has not yet
completed. A closing job cannot accept further data. If failed, the job
did not finish successfully due to an error. This situation can occur due
to invalid input data, a fatal error occurring during the analysis, or an
external interaction such as the process being killed by the Linux out of
memory (OOM) killer. If the job had irrevocably failed, it must be force
closed and then deleted. If the datafeed can be corrected, the job can be
closed and then re-opened. If opened, the job is available to receive and
process data. If opening, the job open action is in progress and has not
yet completed.The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
GET _cat/ml/anomaly_detectors?h=id,s,dpr,mb&v=true&format=json
resp = client.cat.ml_jobs(
h="id,s,dpr,mb",
v=True,
format="json",
)const response = await client.cat.mlJobs({
h: "id,s,dpr,mb",
v: "true",
format: "json",
});response = client.cat.ml_jobs(
h: "id,s,dpr,mb",
v: "true",
format: "json"
)$resp = $client->cat()->mlJobs([
"h" => "id,s,dpr,mb",
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/anomaly_detectors?h=id,s,dpr,mb&v=true&format=json"client.cat().mlJobs();
[
{
"id": "high_sum_total_sales",
"s": "closed",
"dpr": "14022",
"mb": "1.5mb"
},
{
"id": "low_request_rate",
"s": "closed",
"dpr": "1216",
"mb": "40.5kb"
},
{
"id": "response_code_rates",
"s": "closed",
"dpr": "28146",
"mb": "132.7kb"
},
{
"id": "url_scanning",
"s": "closed",
"dpr": "28146",
"mb": "501.6kb"
}
]All methods and paths for this operation:
Get configuration and usage information about transforms.
CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get transform statistics API.
monitor_transformA transform identifier or a wildcard expression. If you do not specify one of these options, the API returns information for all transforms.
Specifies what to do when the request: contains wildcard expressions and there are no transforms that match; contains the _all string or no identifiers and there are no matches; contains wildcard expressions and there are only partial matches.
If true, it returns an empty transforms array when there are no matches and the subset of results when there are partial matches.
If false, the request returns a 404 status code when there are no matches or only partial matches.
Skips the specified number of transforms.
Comma-separated list of column names to display.
Supported values include:
changes_last_detection_time (or cldt): The timestamp when changes were last detected in the source indices.checkpoint (or cp): The sequence number for the checkpoint.checkpoint_duration_time_exp_avg (or cdtea, checkpointTimeExpAvg): Exponential moving average of the duration of the checkpoint, in
milliseconds.checkpoint_progress (or c, checkpointProgress): The progress of the next checkpoint that is currently in progress.create_time (or ct, createTime): The time the transform was created.delete_time (or dtime): The amount of time spent deleting, in milliseconds.description (or d): The description of the transform.dest_index (or di, destIndex): The destination index for the transform. The mappings of the destination
index are deduced based on the source fields when possible. If alternate
mappings are required, use the Create index API prior to starting the
transform.documents_deleted (or docd): The number of documents that have been deleted from the destination index
due to the retention policy for this transform.documents_indexed (or doci): The number of documents that have been indexed into the destination index
for the transform.docs_per_second (or dps): Specifies a limit on the number of input documents per second. This setting
throttles the transform by adding a wait time between search requests. The
default value is null, which disables throttling.documents_processed (or docp): The number of documents that have been processed from the source index of
the transform.frequency (or f): The interval between checks for changes in the source indices when the
transform is running continuously. Also determines the retry interval in
the event of transient failures while the transform is searching or
indexing. The minimum value is 1s and the maximum is 1h. The default
value is 1m.id: Identifier for the transform.index_failure (or if): The number of indexing failures.index_time (or itime): The amount of time spent indexing, in milliseconds.index_total (or it): The number of index operations.indexed_documents_exp_avg (or idea): Exponential moving average of the number of new documents that have been
indexed.last_search_time (or lst, lastSearchTime): The timestamp of the last search in the source indices. This field is only
shown if the transform is running.max_page_search_size (or mpsz): Defines the initial page size to use for the composite aggregation for each
checkpoint. If circuit breaker exceptions occur, the page size is
dynamically adjusted to a lower value. The minimum value is 10 and the
maximum is 65,536. The default value is 500.pages_processed (or pp): The number of search or bulk index operations processed. Documents are
processed in batches instead of individually.pipeline (or p): The unique identifier for an ingest pipeline.processed_documents_exp_avg (or pdea): Exponential moving average of the number of documents that have been
processed.processing_time (or pt): The amount of time spent processing results, in milliseconds.reason (or r): If a transform has a failed state, this property provides details about
the reason for the failure.search_failure (or sf): The number of search failures.search_time (or stime): The amount of time spent searching, in milliseconds.search_total (or st): The number of search operations on the source index for the transform.source_index (or si, sourceIndex): The source indices for the transform. It can be a single index, an index
pattern (for example, "my-index-*"), an array of indices (for example,
["my-index-000001", "my-index-000002"]), or an array of index patterns
(for example, ["my-index-*", "my-other-index-*"]. For remote indices use
the syntax "remote_name:index_name". If any indices are in remote
clusters then the master node and at least one transform node must have the
remote_cluster_client node role.state (or s): The status of the transform, which can be one of the following values:
aborting: The transform is aborting.failed: The transform failed. For more information about the failure,
check the reason field.indexing: The transform is actively processing data and creating new
documents.started: The transform is running but not actively indexing data.stopped: The transform is stopped.stopping: The transform is stopping.transform_type (or tt): Indicates the type of transform: batch or continuous.
trigger_count (or tc): The number of times the transform has been triggered by the scheduler. For
example, the scheduler triggers the transform indexer to check for updates
or ingest new data at an interval specified in the frequency property.
version (or v): The version of Elasticsearch that existed on the node when the transform
was created.
Comma-separated list of column names or column aliases used to sort the response.
Supported values include:
changes_last_detection_time (or cldt): The timestamp when changes were last detected in the source indices.checkpoint (or cp): The sequence number for the checkpoint.checkpoint_duration_time_exp_avg (or cdtea, checkpointTimeExpAvg): Exponential moving average of the duration of the checkpoint, in
milliseconds.checkpoint_progress (or c, checkpointProgress): The progress of the next checkpoint that is currently in progress.create_time (or ct, createTime): The time the transform was created.delete_time (or dtime): The amount of time spent deleting, in milliseconds.description (or d): The description of the transform.dest_index (or di, destIndex): The destination index for the transform. The mappings of the destination
index are deduced based on the source fields when possible. If alternate
mappings are required, use the Create index API prior to starting the
transform.documents_deleted (or docd): The number of documents that have been deleted from the destination index
due to the retention policy for this transform.documents_indexed (or doci): The number of documents that have been indexed into the destination index
for the transform.docs_per_second (or dps): Specifies a limit on the number of input documents per second. This setting
throttles the transform by adding a wait time between search requests. The
default value is null, which disables throttling.documents_processed (or docp): The number of documents that have been processed from the source index of
the transform.frequency (or f): The interval between checks for changes in the source indices when the
transform is running continuously. Also determines the retry interval in
the event of transient failures while the transform is searching or
indexing. The minimum value is 1s and the maximum is 1h. The default
value is 1m.id: Identifier for the transform.index_failure (or if): The number of indexing failures.index_time (or itime): The amount of time spent indexing, in milliseconds.index_total (or it): The number of index operations.indexed_documents_exp_avg (or idea): Exponential moving average of the number of new documents that have been
indexed.last_search_time (or lst, lastSearchTime): The timestamp of the last search in the source indices. This field is only
shown if the transform is running.max_page_search_size (or mpsz): Defines the initial page size to use for the composite aggregation for each
checkpoint. If circuit breaker exceptions occur, the page size is
dynamically adjusted to a lower value. The minimum value is 10 and the
maximum is 65,536. The default value is 500.pages_processed (or pp): The number of search or bulk index operations processed. Documents are
processed in batches instead of individually.pipeline (or p): The unique identifier for an ingest pipeline.processed_documents_exp_avg (or pdea): Exponential moving average of the number of documents that have been
processed.processing_time (or pt): The amount of time spent processing results, in milliseconds.reason (or r): If a transform has a failed state, this property provides details about
the reason for the failure.search_failure (or sf): The number of search failures.search_time (or stime): The amount of time spent searching, in milliseconds.search_total (or st): The number of search operations on the source index for the transform.source_index (or si, sourceIndex): The source indices for the transform. It can be a single index, an index
pattern (for example, "my-index-*"), an array of indices (for example,
["my-index-000001", "my-index-000002"]), or an array of index patterns
(for example, ["my-index-*", "my-other-index-*"]. For remote indices use
the syntax "remote_name:index_name". If any indices are in remote
clusters then the master node and at least one transform node must have the
remote_cluster_client node role.state (or s): The status of the transform, which can be one of the following values:
aborting: The transform is aborting.failed: The transform failed. For more information about the failure,
check the reason field.indexing: The transform is actively processing data and creating new
documents.started: The transform is running but not actively indexing data.stopped: The transform is stopped.stopping: The transform is stopping.transform_type (or tt): Indicates the type of transform: batch or continuous.
trigger_count (or tc): The number of times the transform has been triggered by the scheduler. For
example, the scheduler triggers the transform indexer to check for updates
or ingest new data at an interval specified in the frequency property.
version (or v): The version of Elasticsearch that existed on the node when the transform
was created.
The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
The maximum number of transforms to obtain.
GET /_cat/transforms?v=true&format=json
resp = client.cat.transforms(
v=True,
format="json",
)const response = await client.cat.transforms({
v: "true",
format: "json",
});response = client.cat.transforms(
v: "true",
format: "json"
)$resp = $client->cat()->transforms([
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/transforms?v=true&format=json"client.cat().transforms();
[
{
"id" : "ecommerce_transform",
"state" : "started",
"checkpoint" : "1",
"documents_processed" : "705",
"checkpoint_progress" : "100.00",
"changes_last_detection_time" : null
}
]curl \
--request HEAD 'http://api.example.com/' \
--header "Authorization: $API_KEY"The connector and sync jobs APIs provide a convenient way to create and manage Elastic connectors and sync jobs in an internal index.
Connectors are Elasticsearch integrations for syncing content from third-party data sources, which can be deployed on Elastic Cloud or hosted on your own infrastructure.
This API provides an alternative to relying solely on Kibana UI for connector and sync job management. The API comes with a set of validations and assertions to ensure that the state representation in the internal index remains valid.
This API requires the manage_connector privilege or, for read-only endpoints, the monitor_connector privilege.
Connectors are Elasticsearch integrations that bring content from third-party data sources, which can be deployed on Elastic Cloud or hosted on your own infrastructure. Elastic managed connectors (Native connectors) are a managed service on Elastic Cloud. Self-managed connectors (Connector clients) are self-managed on your infrastructure.
curl \
--request POST 'http://api.example.com/_connector' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"description":"string","index_name":"string","is_native":true,"language":"string","name":"string","service_type":"string"}'GET _connector/_sync_job/my-connector-sync-job
resp = client.connector.sync_job_get(
connector_sync_job_id="my-connector-sync-job",
)const response = await client.connector.syncJobGet({
connector_sync_job_id: "my-connector-sync-job",
});response = client.connector.sync_job_get(
connector_sync_job_id: "my-connector-sync-job"
)$resp = $client->connector()->syncJobGet([
"connector_sync_job_id" => "my-connector-sync-job",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/_sync_job/my-connector-sync-job"client.connector().syncJobGet(s -> s
.connectorSyncJobId("my-connector-sync-job")
);
Create a connector sync job document in the internal index and initialize its counters and timestamps with default values.
POST _connector/_sync_job
{
"id": "connector-id",
"job_type": "full",
"trigger_method": "on_demand"
}resp = client.connector.sync_job_post(
id="connector-id",
job_type="full",
trigger_method="on_demand",
)const response = await client.connector.syncJobPost({
id: "connector-id",
job_type: "full",
trigger_method: "on_demand",
});response = client.connector.sync_job_post(
body: {
"id": "connector-id",
"job_type": "full",
"trigger_method": "on_demand"
}
)$resp = $client->connector()->syncJobPost([
"body" => [
"id" => "connector-id",
"job_type" => "full",
"trigger_method" => "on_demand",
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"id":"connector-id","job_type":"full","trigger_method":"on_demand"}' "$ELASTICSEARCH_URL/_connector/_sync_job"client.connector().syncJobPost(s -> s
.id("connector-id")
.jobType(SyncJobType.Full)
.triggerMethod(SyncJobTriggerMethod.OnDemand)
);
{
"id": "connector-id",
"job_type": "full",
"trigger_method": "on_demand"
}curl \
--request PUT 'http://api.example.com/_connector/{connector_id}/_filtering/_activate' \
--header "Authorization: $API_KEY"Set the error field for the connector. If the error provided in the request body is non-null, the connector’s status is updated to error. Otherwise, if the error is reset to null, the connector status is updated to connected.
PUT _connector/my-connector/_error
{
"error": "Houston, we have a problem!"
}resp = client.connector.update_error(
connector_id="my-connector",
error="Houston, we have a problem!",
)const response = await client.connector.updateError({
connector_id: "my-connector",
error: "Houston, we have a problem!",
});response = client.connector.update_error(
connector_id: "my-connector",
body: {
"error": "Houston, we have a problem!"
}
)$resp = $client->connector()->updateError([
"connector_id" => "my-connector",
"body" => [
"error" => "Houston, we have a problem!",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"error":"Houston, we have a problem!"}' "$ELASTICSEARCH_URL/_connector/my-connector/_error"client.connector().updateError(u -> u
.connectorId("my-connector")
.error("Houston, we have a problem!")
);
{
"error": "Houston, we have a problem!"
}{
"result": "updated"
}Update the draft filtering configuration of a connector and marks the draft validation state as edited. The filtering draft is activated once validated by the running Elastic connector service. The filtering property is used to configure sync rules (both basic and advanced) for a connector.
PUT _connector/my-g-drive-connector/_filtering
{
"rules": [
{
"field": "file_extension",
"id": "exclude-txt-files",
"order": 0,
"policy": "exclude",
"rule": "equals",
"value": "txt"
},
{
"field": "_",
"id": "DEFAULT",
"order": 1,
"policy": "include",
"rule": "regex",
"value": ".*"
}
]
}resp = client.connector.update_filtering(
connector_id="my-g-drive-connector",
rules=[
{
"field": "file_extension",
"id": "exclude-txt-files",
"order": 0,
"policy": "exclude",
"rule": "equals",
"value": "txt"
},
{
"field": "_",
"id": "DEFAULT",
"order": 1,
"policy": "include",
"rule": "regex",
"value": ".*"
}
],
)const response = await client.connector.updateFiltering({
connector_id: "my-g-drive-connector",
rules: [
{
field: "file_extension",
id: "exclude-txt-files",
order: 0,
policy: "exclude",
rule: "equals",
value: "txt",
},
{
field: "_",
id: "DEFAULT",
order: 1,
policy: "include",
rule: "regex",
value: ".*",
},
],
});response = client.connector.update_filtering(
connector_id: "my-g-drive-connector",
body: {
"rules": [
{
"field": "file_extension",
"id": "exclude-txt-files",
"order": 0,
"policy": "exclude",
"rule": "equals",
"value": "txt"
},
{
"field": "_",
"id": "DEFAULT",
"order": 1,
"policy": "include",
"rule": "regex",
"value": ".*"
}
]
}
)$resp = $client->connector()->updateFiltering([
"connector_id" => "my-g-drive-connector",
"body" => [
"rules" => array(
[
"field" => "file_extension",
"id" => "exclude-txt-files",
"order" => 0,
"policy" => "exclude",
"rule" => "equals",
"value" => "txt",
],
[
"field" => "_",
"id" => "DEFAULT",
"order" => 1,
"policy" => "include",
"rule" => "regex",
"value" => ".*",
],
),
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"rules":[{"field":"file_extension","id":"exclude-txt-files","order":0,"policy":"exclude","rule":"equals","value":"txt"},{"field":"_","id":"DEFAULT","order":1,"policy":"include","rule":"regex","value":".*"}]}' "$ELASTICSEARCH_URL/_connector/my-g-drive-connector/_filtering"client.connector().updateFiltering(u -> u
.connectorId("my-g-drive-connector")
.rules(List.of(FilteringRule.of(f -> f
.field("file_extension")
.id("exclude-txt-files")
.order(0)
.policy(FilteringPolicy.Exclude)
.rule(FilteringRuleRule.Equals)
.value("txt")),FilteringRule.of(f -> f
.field("_")
.id("DEFAULT")
.order(1)
.policy(FilteringPolicy.Include)
.rule(FilteringRuleRule.Regex)
.value(".*"))))
);
{
"rules": [
{
"field": "file_extension",
"id": "exclude-txt-files",
"order": 0,
"policy": "exclude",
"rule": "equals",
"value": "txt"
},
{
"field": "_",
"id": "DEFAULT",
"order": 1,
"policy": "include",
"rule": "regex",
"value": ".*"
}
]
}{
"advanced_snippet": {
"value": [{
"tables": [
"users",
"orders"
],
"query": "SELECT users.id AS id, orders.order_id AS order_id FROM users JOIN orders ON users.id = orders.user_id"
}]
}
}{
"result": "updated"
}Update the draft filtering validation info for a connector.
curl \
--request PUT 'http://api.example.com/_connector/{connector_id}/_filtering/_validation' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"validation":{"errors":[{"ids":["string"],"messages":["string"]}],"state":"edited"}}'Update the index_name field of a connector, specifying the index where the data ingested by the connector is stored.
PUT _connector/my-connector/_index_name
{
"index_name": "data-from-my-google-drive"
}resp = client.connector.update_index_name(
connector_id="my-connector",
index_name="data-from-my-google-drive",
)const response = await client.connector.updateIndexName({
connector_id: "my-connector",
index_name: "data-from-my-google-drive",
});response = client.connector.update_index_name(
connector_id: "my-connector",
body: {
"index_name": "data-from-my-google-drive"
}
)$resp = $client->connector()->updateIndexName([
"connector_id" => "my-connector",
"body" => [
"index_name" => "data-from-my-google-drive",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index_name":"data-from-my-google-drive"}' "$ELASTICSEARCH_URL/_connector/my-connector/_index_name"client.connector().updateIndexName(u -> u
.connectorId("my-connector")
.indexName("data-from-my-google-drive")
);
{
"index_name": "data-from-my-google-drive"
}{
"result": "updated"
}PUT _connector/my-connector/_name
{
"name": "Custom connector",
"description": "This is my customized connector"
}resp = client.connector.update_name(
connector_id="my-connector",
name="Custom connector",
description="This is my customized connector",
)const response = await client.connector.updateName({
connector_id: "my-connector",
name: "Custom connector",
description: "This is my customized connector",
});response = client.connector.update_name(
connector_id: "my-connector",
body: {
"name": "Custom connector",
"description": "This is my customized connector"
}
)$resp = $client->connector()->updateName([
"connector_id" => "my-connector",
"body" => [
"name" => "Custom connector",
"description" => "This is my customized connector",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"name":"Custom connector","description":"This is my customized connector"}' "$ELASTICSEARCH_URL/_connector/my-connector/_name"client.connector().updateName(u -> u
.connectorId("my-connector")
.description("This is my customized connector")
.name("Custom connector")
);
{
"name": "Custom connector",
"description": "This is my customized connector"
}{
"result": "updated"
}When you create a new connector, the configuration of an ingest pipeline is populated with default settings.
PUT _connector/my-connector/_pipeline
{
"pipeline": {
"extract_binary_content": true,
"name": "my-connector-pipeline",
"reduce_whitespace": true,
"run_ml_inference": true
}
}resp = client.connector.update_pipeline(
connector_id="my-connector",
pipeline={
"extract_binary_content": True,
"name": "my-connector-pipeline",
"reduce_whitespace": True,
"run_ml_inference": True
},
)const response = await client.connector.updatePipeline({
connector_id: "my-connector",
pipeline: {
extract_binary_content: true,
name: "my-connector-pipeline",
reduce_whitespace: true,
run_ml_inference: true,
},
});response = client.connector.update_pipeline(
connector_id: "my-connector",
body: {
"pipeline": {
"extract_binary_content": true,
"name": "my-connector-pipeline",
"reduce_whitespace": true,
"run_ml_inference": true
}
}
)$resp = $client->connector()->updatePipeline([
"connector_id" => "my-connector",
"body" => [
"pipeline" => [
"extract_binary_content" => true,
"name" => "my-connector-pipeline",
"reduce_whitespace" => true,
"run_ml_inference" => true,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"pipeline":{"extract_binary_content":true,"name":"my-connector-pipeline","reduce_whitespace":true,"run_ml_inference":true}}' "$ELASTICSEARCH_URL/_connector/my-connector/_pipeline"client.connector().updatePipeline(u -> u
.connectorId("my-connector")
.pipeline(p -> p
.extractBinaryContent(true)
.name("my-connector-pipeline")
.reduceWhitespace(true)
.runMlInference(true)
)
);
{
"pipeline": {
"extract_binary_content": true,
"name": "my-connector-pipeline",
"reduce_whitespace": true,
"run_ml_inference": true
}
}{
"result": "updated"
}PUT _connector/my-connector/_scheduling
{
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}resp = client.connector.update_scheduling(
connector_id="my-connector",
scheduling={
"access_control": {
"enabled": True,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": True,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": False,
"interval": "0 30 0 * * ?"
}
},
)const response = await client.connector.updateScheduling({
connector_id: "my-connector",
scheduling: {
access_control: {
enabled: true,
interval: "0 10 0 * * ?",
},
full: {
enabled: true,
interval: "0 20 0 * * ?",
},
incremental: {
enabled: false,
interval: "0 30 0 * * ?",
},
},
});response = client.connector.update_scheduling(
connector_id: "my-connector",
body: {
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}
)$resp = $client->connector()->updateScheduling([
"connector_id" => "my-connector",
"body" => [
"scheduling" => [
"access_control" => [
"enabled" => true,
"interval" => "0 10 0 * * ?",
],
"full" => [
"enabled" => true,
"interval" => "0 20 0 * * ?",
],
"incremental" => [
"enabled" => false,
"interval" => "0 30 0 * * ?",
],
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"scheduling":{"access_control":{"enabled":true,"interval":"0 10 0 * * ?"},"full":{"enabled":true,"interval":"0 20 0 * * ?"},"incremental":{"enabled":false,"interval":"0 30 0 * * ?"}}}' "$ELASTICSEARCH_URL/_connector/my-connector/_scheduling"client.connector().updateScheduling(u -> u
.connectorId("my-connector")
.scheduling(s -> s
.accessControl(a -> a
.enabled(true)
.interval("0 10 0 * * ?")
)
.full(f -> f
.enabled(true)
.interval("0 20 0 * * ?")
)
.incremental(i -> i
.enabled(false)
.interval("0 30 0 * * ?")
)
)
);
{
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}{
"scheduling": {
"full": {
"enabled": true,
"interval": "0 10 0 * * ?"
}
}
}{
"result": "updated"
}PUT _connector/my-connector/_service_type
{
"service_type": "sharepoint_online"
}resp = client.connector.update_service_type(
connector_id="my-connector",
service_type="sharepoint_online",
)const response = await client.connector.updateServiceType({
connector_id: "my-connector",
service_type: "sharepoint_online",
});response = client.connector.update_service_type(
connector_id: "my-connector",
body: {
"service_type": "sharepoint_online"
}
)$resp = $client->connector()->updateServiceType([
"connector_id" => "my-connector",
"body" => [
"service_type" => "sharepoint_online",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service_type":"sharepoint_online"}' "$ELASTICSEARCH_URL/_connector/my-connector/_service_type"client.connector().updateServiceType(u -> u
.connectorId("my-connector")
.serviceType("sharepoint_online")
);
{
"service_type": "sharepoint_online"
}{
"result": "updated"
}Update the data stream lifecycle of the specified data streams.
Comma-separated list of data streams used to limit the request.
Supports wildcards (*).
To target all data streams use * or _all.
Type of data stream that wildcard patterns can match.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
If defined, it turns data stream lifecycle on/off (true/false) for this data stream. A data stream lifecycle
that's disabled (enabled: false) will have no effect on the data stream.
Default value is true.
PUT _data_stream/my-data-stream/_lifecycle
{
"data_retention": "7d"
}resp = client.indices.put_data_lifecycle(
name="my-data-stream",
data_retention="7d",
)const response = await client.indices.putDataLifecycle({
name: "my-data-stream",
data_retention: "7d",
});response = client.indices.put_data_lifecycle(
name: "my-data-stream",
body: {
"data_retention": "7d"
}
)$resp = $client->indices()->putDataLifecycle([
"name" => "my-data-stream",
"body" => [
"data_retention" => "7d",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"data_retention":"7d"}' "$ELASTICSEARCH_URL/_data_stream/my-data-stream/_lifecycle"client.indices().putDataLifecycle(p -> p
.dataRetention(d -> d
.time("7d")
)
.name("my-data-stream")
);
{
"data_retention": "7d"
}{
"downsampling": [
{
"after": "1d",
"fixed_interval": "10m"
},
{
"after": "7d",
"fixed_interval": "1d"
}
]
}{
"acknowledged": true
}A comma-separated list of data streams or data stream patterns. Supports wildcards (*).
GET /_data_stream/my-data-stream/_mappings
resp = client.indices.get_data_stream_mappings(
name="my-data-stream",
)const response = await client.indices.getDataStreamMappings({
name: "my-data-stream",
});response = client.indices.get_data_stream_mappings(
name: "my-data-stream"
)$resp = $client->indices()->getDataStreamMappings([
"name" => "my-data-stream",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_data_stream/my-data-stream/_mappings"{
"data_streams": [
{
"name": "my-data-stream",
"mappings": {
"properties": {
"field1": {
"type": "ip"
},
"field3": {
"type": "text"
}
}
},
"effective_mappings": {
"properties": {
"field1": {
"type": "ip"
},
"field2": {
"type": "text"
},
"field3": {
"type": "text"
}
}
}
}
]
}This API can be used to override mappings on specific data streams. These overrides will take precedence over what is specified in the template that the data stream matches. The mapping change is only applied to new write indices that are created during rollover after this API is called. No indices are changed by this API.
manageIf true, the request does not actually change the mappings on any data streams. Instead, it
simulates changing the settings and reports back to the user what would have happened had these settings
actually been applied.
The period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
PUT /_data_stream/my-data-stream/_mappings
{
"properties":{
"field1":{
"type":"ip"
},
"field3":{
"type":"text"
}
}
}resp = client.indices.put_data_stream_mappings(
name="my-data-stream",
mappings={
"properties": {
"field1": {
"type": "ip"
},
"field3": {
"type": "text"
}
}
},
)const response = await client.indices.putDataStreamMappings({
name: "my-data-stream",
mappings: {
properties: {
field1: {
type: "ip",
},
field3: {
type: "text",
},
},
},
});response = client.indices.put_data_stream_mappings(
name: "my-data-stream",
body: {
"properties": {
"field1": {
"type": "ip"
},
"field3": {
"type": "text"
}
}
}
)$resp = $client->indices()->putDataStreamMappings([
"name" => "my-data-stream",
"body" => [
"properties" => [
"field1" => [
"type" => "ip",
],
"field3" => [
"type" => "text",
],
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"properties":{"field1":{"type":"ip"},"field3":{"type":"text"}}}' "$ELASTICSEARCH_URL/_data_stream/my-data-stream/_mappings"{
"properties":{
"field1":{
"type":"ip"
},
"field3":{
"type":"text"
}
}
}{
"data_streams": [
{
"name": "my-data-stream",
"applied_to_data_stream": true,
"mappings": {
"properties": {
"field1": {
"type": "ip"
},
"field3": {
"type": "text"
}
}
},
"effective_mappings": {
"properties": {
"field1": {
"type": "ip"
},
"field3": {
"type": "text"
}
}
}
}
]
}{
"data_streams": [
{
"name": "my-data-stream",
"applied_to_data_stream": false,
"error": "Failed to parse mapping: The mapper type [txt] declared on field [field1] does not exist. It might have been created within a future version or requires a plugin to be installed. Check the documentation.",
"mappings": {
"_doc": {}
},
"effective_mappings": {
"_doc": {}
}
}
]
}A comma-separated list of data streams or data stream patterns. Supports wildcards (*).
GET /_data_stream/my-data-stream/_settings
resp = client.indices.get_data_stream_settings(
name="my-data-stream",
)const response = await client.indices.getDataStreamSettings({
name: "my-data-stream",
});response = client.indices.get_data_stream_settings(
name: "my-data-stream"
)$resp = $client->indices()->getDataStreamSettings([
"name" => "my-data-stream",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_data_stream/my-data-stream/_settings"{
"data_streams": [
{
"name": "my-data-stream",
"settings": {
"index": {
"lifecycle": {
"name": "new-test-policy"
},
"number_of_shards": "11"
}
},
"effective_settings": {
"index": {
"lifecycle": {
"name": "new-test-policy"
},
"mode": "standard",
"number_of_shards": "11",
"number_of_replicas": "0"
}
}
}
]
}Verify that a document exists.
For example, check to see if a document with the _id 0 exists:
HEAD my-index-000001/_doc/0
If the document exists, the API returns a status code of 200 - OK.
If the document doesn’t exist, the API returns 404 - Not Found.
Versioning support
You can use the version parameter to check the document only if its current version is equal to the specified one.
Internally, Elasticsearch has marked the old document as deleted and added an entirely new document. The old version of the document doesn't disappear immediately, although you won't be able to access it. Elasticsearch cleans up deleted documents in the background as you continue to index more data.
A comma-separated list of data streams, indices, and aliases.
It supports wildcards (*).
A unique document identifier.
The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.
If it is set to _local, the operation will prefer to be run on a local allocated shard when possible.
If it is set to a custom value, the value is used to guarantee that the same shards will be used for the same custom value.
This can help with "jumping values" when hitting different shards in different refresh states.
A sample value can be something like the web session ID or the user name.
If true, the request is real-time as opposed to near-real-time.
If true, the request refreshes the relevant shards before retrieving the document.
Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
A custom value used to route operations to a specific shard.
Indicates whether to return the _source field (true or false) or lists the fields to return.
A comma-separated list of source fields to exclude from the response.
You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter.
If the _source parameter is false, this parameter is ignored.
A comma-separated list of source fields to include in the response.
If this parameter is specified, only these source fields are returned.
You can exclude fields from this subset using the _source_excludes query parameter.
If the _source parameter is false, this parameter is ignored.
A comma-separated list of stored fields to return as part of a hit.
If no fields are specified, no stored fields are included in the response.
If this field is specified, the _source parameter defaults to false.
Explicit version number for concurrency control. The specified version must match the current version of the document for the request to succeed.
The version type.
Supported values include:
internal: Use internal versioning that starts at 1 and increments with each update or delete.external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document.
NOTE: The external_gte version type is meant for special use cases and should be used with care.
If used incorrectly, it can result in loss of data.force: This option is deprecated because it can cause primary and replica shards to diverge.Values are internal, external, external_gte, or force.
HEAD my-index-000001/_doc/0
resp = client.exists(
index="my-index-000001",
id="0",
)const response = await client.exists({
index: "my-index-000001",
id: 0,
});response = client.exists(
index: "my-index-000001",
id: "0"
)$resp = $client->exists([
"index" => "my-index-000001",
"id" => "0",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001/_doc/0"client.exists(e -> e
.id("0")
.index("my-index-000001")
);
All methods and paths for this operation:
Get multiple term vectors with a single request.
You can specify existing documents by index and ID or provide artificial documents in the body of the request.
You can specify the index in the request body or request URI.
The response contains a docs array with all the fetched termvectors.
Each element has the structure provided by the termvectors API.
Artificial documents
You can also use mtermvectors to generate term vectors for artificial documents provided in the body of the request.
The mapping used is determined by the specified _index.
readA comma-separated list of documents ids. You must define ids as parameter or set "ids" or "docs" in the request body
A comma-separated list or wildcard expressions of fields to include in the statistics.
It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.
If true, the response includes term offsets.
If true, the response includes term payloads.
If true, the response includes term positions.
The node or shard the operation should be performed on. It is random by default.
If true, the request is real-time as opposed to near-real-time.
A custom value used to route operations to a specific shard.
If true, the response includes term frequency and document frequency.
If true, returns the document version as part of a hit.
The version type.
Supported values include:
internal: Use internal versioning that starts at 1 and increments with each update or delete.external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document.
NOTE: The external_gte version type is meant for special use cases and should be used with care.
If used incorrectly, it can result in loss of data.force: This option is deprecated because it can cause primary and replica shards to diverge.Values are internal, external, external_gte, or force.
POST /my-index-000001/_mtermvectors
{
"docs": [
{
"_id": "2",
"fields": [
"message"
],
"term_statistics": true
},
{
"_id": "1"
}
]
}resp = client.mtermvectors(
index="my-index-000001",
docs=[
{
"_id": "2",
"fields": [
"message"
],
"term_statistics": True
},
{
"_id": "1"
}
],
)const response = await client.mtermvectors({
index: "my-index-000001",
docs: [
{
_id: "2",
fields: ["message"],
term_statistics: true,
},
{
_id: "1",
},
],
});response = client.mtermvectors(
index: "my-index-000001",
body: {
"docs": [
{
"_id": "2",
"fields": [
"message"
],
"term_statistics": true
},
{
"_id": "1"
}
]
}
)$resp = $client->mtermvectors([
"index" => "my-index-000001",
"body" => [
"docs" => array(
[
"_id" => "2",
"fields" => array(
"message",
),
"term_statistics" => true,
],
[
"_id" => "1",
],
),
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"docs":[{"_id":"2","fields":["message"],"term_statistics":true},{"_id":"1"}]}' "$ELASTICSEARCH_URL/my-index-000001/_mtermvectors"client.mtermvectors(m -> m
.docs(List.of(MultiTermVectorsOperation.of(mu -> mu
.id("2")
.fields("message")
.termStatistics(true)),MultiTermVectorsOperation.of(mu -> mu
.id("1"))))
.index("my-index-000001")
);
{
"docs": [
{
"_id": "2",
"fields": [
"message"
],
"term_statistics": true
},
{
"_id": "1"
}
]
}{
"ids": [ "1", "2" ],
"fields": [
"message"
],
"term_statistics": true
}{
"docs": [
{
"_index": "my-index-000001",
"doc" : {
"message" : "test test test"
}
},
{
"_index": "my-index-000001",
"doc" : {
"message" : "Another test ..."
}
}
]
}Updates documents that match the specified query. If no query is specified, performs an update on every document in the data stream or index without modifying the source, which is useful for picking up mapping changes.
If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or alias:
readindex or writeYou can specify the query criteria in the request URI or the request body using the same syntax as the search API.
When you submit an update by query request, Elasticsearch gets a snapshot of the data stream or index when it begins processing the request and updates matching documents using internal versioning.
When the versions match, the document is updated and the version number is incremented.
If a document changes between the time that the snapshot is taken and the update operation is processed, it results in a version conflict and the operation fails.
You can opt to count version conflicts instead of halting and returning by setting conflicts to proceed.
Note that if you opt to count version conflicts, the operation could attempt to update more documents from the source than max_docs until it has successfully updated max_docs documents or it has gone through every document in the source query.
NOTE: Documents with a version equal to 0 cannot be updated using update by query because internal versioning does not support 0 as a valid version number.
While processing an update by query request, Elasticsearch performs multiple search requests sequentially to find all of the matching documents. A bulk update request is performed for each batch of matching documents. Any query or update failures cause the update by query request to fail and the failures are shown in the response. Any update requests that completed successfully still stick, they are not rolled back.
Refreshing shards
Specifying the refresh parameter refreshes all shards once the request completes.
This is different to the update API's refresh parameter, which causes only the shard
that received the request to be refreshed. Unlike the update API, it does not support
wait_for.
Running update by query asynchronously
If the request contains wait_for_completion=false, Elasticsearch
performs some preflight checks, launches the request, and returns a
task you can use to cancel or get the status of the task.
Elasticsearch creates a record of this task as a document at .tasks/task/${taskId}.
Waiting for active shards
wait_for_active_shards controls how many copies of a shard must be active
before proceeding with the request. See wait_for_active_shards
for details. timeout controls how long each write request waits for unavailable
shards to become available. Both work exactly the way they work in the
Bulk API. Update by query uses scrolled searches, so you can also
specify the scroll parameter to control how long it keeps the search context
alive, for example ?scroll=10m. The default is 5 minutes.
Throttling update requests
To control the rate at which update by query issues batches of update operations, you can set requests_per_second to any positive decimal number.
This pads each batch with a wait time to throttle the rate.
Set requests_per_second to -1 to turn off throttling.
Throttling uses a wait time between batches so that the internal scroll requests can be given a timeout that takes the request padding into account.
The padding time is the difference between the batch size divided by the requests_per_second and the time spent writing.
By default the batch size is 1000, so if requests_per_second is set to 500:
target_time = 1000 / 500 per second = 2 seconds
wait_time = target_time - write_time = 2 seconds - .5 seconds = 1.5 seconds
Since the batch is issued as a single _bulk request, large batch sizes cause Elasticsearch to create many requests and wait before starting the next set. This is "bursty" instead of "smooth".
Slicing
Update by query supports sliced scroll to parallelize the update process. This can improve efficiency and provide a convenient way to break the request down into smaller parts.
Setting slices to auto chooses a reasonable number for most data streams and indices.
This setting will use one slice per shard, up to a certain limit.
If there are multiple source data streams or indices, it will choose the number of slices based on the index or backing index with the smallest number of shards.
Adding slices to _update_by_query just automates the manual process of creating sub-requests, which means it has some quirks:
slices only contains the status of completed slices.slices will rethrottle the unfinished sub-request proportionally.requests_per_second and max_docs on a request with slices are distributed proportionally to each sub-request. Combine that with the point above about distribution being uneven and you should conclude that using max_docs with slices might not result in exactly max_docs documents being updated.If you're slicing manually or otherwise tuning automatic slicing, keep in mind that:
Whether query or update performance dominates the runtime depends on the documents being reindexed and cluster resources.
Refer to the linked documentation for examples of how to update documents using the _update_by_query API:
read,writeA comma-separated list of data streams, indices, and aliases to search.
It supports wildcards (*).
To search all data streams or indices, omit this parameter or use * or _all.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
The analyzer to use for the query string.
This parameter can be used only when the q query string parameter is specified.
If true, wildcard and prefix queries are analyzed.
This parameter can be used only when the q query string parameter is specified.
The preferred behavior when update by query hits version conflicts: abort or proceed.
Supported values include:
abort: Stop reindexing if there are conflicts.proceed: Continue reindexing even if there are conflicts.Values are abort or proceed.
The default operator for query string query: AND or OR.
This parameter can be used only when the q query string parameter is specified.
Values are and, AND, or, or OR.
The field to use as default where no field prefix is given in the query string.
This parameter can be used only when the q query string parameter is specified.
The type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
It supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Skips the specified number of documents.
If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored.
This parameter can be used only when the q query string parameter is specified.
The maximum number of documents to process.
It defaults to all documents.
When set to a value less then or equal to scroll_size then a scroll will not be used to retrieve the results for the operation.
The ID of the pipeline to use to preprocess incoming documents.
If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request.
If a final pipeline is configured it will always run, regardless of the value of this parameter.
The node or shard the operation should be performed on. It is random by default.
A query in the Lucene query string syntax.
If true, Elasticsearch refreshes affected shards to make the operation visible to search after the request completes.
This is different than the update API's refresh parameter, which causes just the shard that received the request to be refreshed.
If true, the request cache is used for this request.
It defaults to the index-level setting.
The throttle for this request in sub-requests per second.
A custom value used to route operations to a specific shard.
The period to retain the search context for scrolling.
Values are -1 or 0.
The size of the scroll request that powers the operation.
An explicit timeout for each search request. By default, there is no timeout.
Values are -1 or 0.
The type of the search operation. Available options include query_then_fetch and dfs_query_then_fetch.
Supported values include:
query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.Values are query_then_fetch or dfs_query_then_fetch.
The number of slices this task should be divided into.
Value is auto.
A comma-separated list of : pairs.
The specific tag of the request for logging and statistical purposes.
The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.
IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers.
The period each update request waits for the following operations: dynamic mapping updates, waiting for active shards. By default, it is one minute. This guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur.
Values are -1 or 0.
If true, returns the document version as part of a hit.
Should the document increment the version number (internal) on hit or not (reindex)
The number of shard copies that must be active before proceeding with the operation.
Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1).
The timeout parameter controls how long each write request waits for unavailable shards to become available.
Both work exactly the way they work in the bulk API.
Values are all or index-setting.
If true, the request blocks until the operation is complete.
If false, Elasticsearch performs some preflight checks, launches the request, and returns a task ID that you can use to cancel or get the status of the task.
Elasticsearch creates a record of this task as a document at .tasks/task/${taskId}.
The maximum number of documents to update.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Values are abort or proceed.
POST my-index-000001/_update_by_query?conflicts=proceed
{
"query": {
"term": {
"user.id": "kimchy"
}
}
}resp = client.update_by_query(
index="my-index-000001",
conflicts="proceed",
query={
"term": {
"user.id": "kimchy"
}
},
)const response = await client.updateByQuery({
index: "my-index-000001",
conflicts: "proceed",
query: {
term: {
"user.id": "kimchy",
},
},
});response = client.update_by_query(
index: "my-index-000001",
conflicts: "proceed",
body: {
"query": {
"term": {
"user.id": "kimchy"
}
}
}
)$resp = $client->updateByQuery([
"index" => "my-index-000001",
"conflicts" => "proceed",
"body" => [
"query" => [
"term" => [
"user.id" => "kimchy",
],
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":{"term":{"user.id":"kimchy"}}}' "$ELASTICSEARCH_URL/my-index-000001/_update_by_query?conflicts=proceed"client.updateByQuery(u -> u
.conflicts(Conflicts.Proceed)
.index("my-index-000001")
.query(q -> q
.term(t -> t
.field("user.id")
.value(FieldValue.of("kimchy"))
)
)
);
{
"query": {
"term": {
"user.id": "kimchy"
}
}
}{
"script": {
"source": "ctx._source.count++",
"lang": "painless"
},
"query": {
"term": {
"user.id": "kimchy"
}
}
}{
"slice": {
"id": 0,
"max": 2
},
"script": {
"source": "ctx._source['extra'] = 'test'"
}
}{
"script": {
"source": "ctx._source['extra'] = 'test'"
}
}The Elasticsearch Query Language (ES|QL) provides a powerful way to filter, transform, and analyze data stored in Elasticsearch, and in the future in other runtimes.
curl \
--request GET 'http://api.example.com/_query/queries/{id}' \
--header "Authorization: $API_KEY"Get search results for an ES|QL (Elasticsearch query language) query.
A short version of the Accept header, e.g. json, yaml.
Values are csv, json, tsv, txt, yaml, cbor, smile, or arrow.
The character to use between values within a CSV row. Only valid for the CSV format.
Should columns that are entirely null be removed from the columns and values portion of the results?
Defaults to false. If true then the response will include an extra section under the name all_columns which has the name of all columns.
If true, partial results will be returned if there are shard failures, but the query can continue to execute on other clusters and shards.
If false, the query will fail if there are any failures.
To override the default behavior, you can set the esql.query.allow_partial_results cluster setting to false.
By default, ES|QL returns results as rows. For example, FROM returns each individual document as one row. For the JSON, YAML, CBOR and smile formats, ES|QL can return the results in a columnar fashion where one row represents all the values of a certain column in the results.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
To avoid any attempts of hacking or code injection, extract the values in a separate list of parameters. Use question mark placeholders (?) in the query string for each of the parameters.
If provided and true the response will include an extra profile object
with information on how the query was executed. This information is for human debugging
and its format can change at any time but it can give some insight into the performance
of each part of the query.
The ES|QL query API accepts an ES|QL query string in the query parameter, runs it, and returns the results.
Tables to use with the LOOKUP operation. The top level key is the table name and the next level key is the column name.
When set to true and performing a cross-cluster query, the response will include an extra _clusters
object with information about the clusters that participated in the search along with info such as shards
count.
Default value is false.
POST /_query
{
"query": """
FROM library,remote-*:library
| EVAL year = DATE_TRUNC(1 YEARS, release_date)
| STATS MAX(page_count) BY year
| SORT year
| LIMIT 5
""",
"include_ccs_metadata": true
}resp = client.esql.query(
query="\n FROM library,remote-*:library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n ",
include_ccs_metadata=True,
)const response = await client.esql.query({
query:
"\n FROM library,remote-*:library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n ",
include_ccs_metadata: true,
});response = client.esql.query(
body: {
"query": "\n FROM library,remote-*:library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n ",
"include_ccs_metadata": true
}
)$resp = $client->esql()->query([
"body" => [
"query" => "\n FROM library,remote-*:library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n ",
"include_ccs_metadata" => true,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":"\n FROM library,remote-*:library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n ","include_ccs_metadata":true}' "$ELASTICSEARCH_URL/_query"client.esql().query(q -> q
.includeCcsMetadata(true)
.query(" FROM library,remote-*:library | EVAL year = DATE_TRUNC(1 YEARS, release_date) | STATS MAX(page_count) BY year | SORT year | LIMIT 5 ")
);
{
"query": """
FROM library,remote-*:library
| EVAL year = DATE_TRUNC(1 YEARS, release_date)
| STATS MAX(page_count) BY year
| SORT year
| LIMIT 5
""",
"include_ccs_metadata": true
}All methods and paths for this operation:
Extract and summarize information about the documents and terms in an Elasticsearch data stream or index.
The easiest way to understand the behavior of this API is to use the Graph UI to explore connections.
An initial request to the _explore API contains a seed query that identifies the documents of interest and specifies the fields that define the vertices and connections you want to include in the graph.
Subsequent requests enable you to spider out from one more vertices of interest.
You can exclude vertices that have already been returned.
Custom value used to route operations to a specific shard.
Specifies the period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
Values are -1 or 0.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Specifies one or more fields that contain the terms you want to include in the graph as vertices.
POST clicklogs/_graph/explore
{
"query": {
"match": {
"query.raw": "midi"
}
},
"vertices": [
{
"field": "product"
}
],
"connections": {
"vertices": [
{
"field": "query.raw"
}
]
}
}resp = client.graph.explore(
index="clicklogs",
query={
"match": {
"query.raw": "midi"
}
},
vertices=[
{
"field": "product"
}
],
connections={
"vertices": [
{
"field": "query.raw"
}
]
},
)const response = await client.graph.explore({
index: "clicklogs",
query: {
match: {
"query.raw": "midi",
},
},
vertices: [
{
field: "product",
},
],
connections: {
vertices: [
{
field: "query.raw",
},
],
},
});response = client.graph.explore(
index: "clicklogs",
body: {
"query": {
"match": {
"query.raw": "midi"
}
},
"vertices": [
{
"field": "product"
}
],
"connections": {
"vertices": [
{
"field": "query.raw"
}
]
}
}
)$resp = $client->graph()->explore([
"index" => "clicklogs",
"body" => [
"query" => [
"match" => [
"query.raw" => "midi",
],
],
"vertices" => array(
[
"field" => "product",
],
),
"connections" => [
"vertices" => array(
[
"field" => "query.raw",
],
),
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":{"match":{"query.raw":"midi"}},"vertices":[{"field":"product"}],"connections":{"vertices":[{"field":"query.raw"}]}}' "$ELASTICSEARCH_URL/clicklogs/_graph/explore"client.graph().explore(e -> e
.connections(c -> c
.vertices(v -> v
.field("query.raw")
)
)
.index("clicklogs")
.query(q -> q
.match(m -> m
.field("query.raw")
.query(FieldValue.of("midi"))
)
)
.vertices(v -> v
.field("product")
)
);
{
"query": {
"match": {
"query.raw": "midi"
}
},
"vertices": [
{
"field": "product"
}
],
"connections": {
"vertices": [
{
"field": "query.raw"
}
]
}
}Comma-separated list of component template names used to limit the request.
Wildcard (*) expressions are supported.
If true, returns settings in flat format.
Filter out results, for example to filter out sensitive information. Supports wildcards or full settings keys
Return all default configurations for the component template (default: false)
If true, the request retrieves information from the local node only.
If false, information is retrieved from the master node.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
GET /_component_template/template_1
resp = client.cluster.get_component_template(
name="template_1",
)const response = await client.cluster.getComponentTemplate({
name: "template_1",
});response = client.cluster.get_component_template(
name: "template_1"
)$resp = $client->cluster()->getComponentTemplate([
"name" => "template_1",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_component_template/template_1"client.cluster().getComponentTemplate(g -> g
.name("template_1")
);
All methods and paths for this operation:
Component templates are building blocks for constructing index templates that specify index mappings, settings, and aliases.
An index template can be composed of multiple component templates.
To use a component template, specify it in an index template’s composed_of list.
Component templates are only applied to new data streams and indices as part of a matching index template.
Settings and mappings specified directly in the index template or the create index request override any settings or mappings specified in a component template.
Component templates are only used during index creation. For data streams, this includes data stream creation and the creation of a stream’s backing indices. Changes to component templates do not affect existing indices, including a stream’s backing indices.
You can use C-style /* *\/ block comments in component templates.
You can include comments anywhere in the request body except before the opening curly bracket.
Applying component templates
You cannot directly apply a component template to a data stream or index.
To be applied, a component template must be included in an index template's composed_of list.
manage_index_templatesName of the component template to create.
Elasticsearch includes the following built-in component templates: logs-mappings; logs-settings; metrics-mappings; metrics-settings;synthetics-mapping; synthetics-settings.
Elastic Agent uses these templates to configure backing indices for its data streams.
If you use Elastic Agent and want to overwrite one of these templates, set the version for your replacement template higher than the current version.
If you don’t use Elastic Agent and want to disable all built-in component and index templates, set stack.templates.enabled to false using the cluster update settings API.
If true, this request cannot replace or update existing component templates.
User defined reason for create the component template.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
PUT _component_template/template_1
{
"template": null,
"settings": {
"number_of_shards": 1
},
"mappings": {
"_source": {
"enabled": false
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z yyyy"
}
}
}
}resp = client.cluster.put_component_template(
name="template_1",
template=None,
settings={
"number_of_shards": 1
},
mappings={
"_source": {
"enabled": False
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z yyyy"
}
}
},
)const response = await client.cluster.putComponentTemplate({
name: "template_1",
template: null,
settings: {
number_of_shards: 1,
},
mappings: {
_source: {
enabled: false,
},
properties: {
host_name: {
type: "keyword",
},
created_at: {
type: "date",
format: "EEE MMM dd HH:mm:ss Z yyyy",
},
},
},
});response = client.cluster.put_component_template(
name: "template_1",
body: {
"template": nil,
"settings": {
"number_of_shards": 1
},
"mappings": {
"_source": {
"enabled": false
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z yyyy"
}
}
}
}
)$resp = $client->cluster()->putComponentTemplate([
"name" => "template_1",
"body" => [
"template" => null,
"settings" => [
"number_of_shards" => 1,
],
"mappings" => [
"_source" => [
"enabled" => false,
],
"properties" => [
"host_name" => [
"type" => "keyword",
],
"created_at" => [
"type" => "date",
"format" => "EEE MMM dd HH:mm:ss Z yyyy",
],
],
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"template":null,"settings":{"number_of_shards":1},"mappings":{"_source":{"enabled":false},"properties":{"host_name":{"type":"keyword"},"created_at":{"type":"date","format":"EEE MMM dd HH:mm:ss Z yyyy"}}}}' "$ELASTICSEARCH_URL/_component_template/template_1"{
"template": null,
"settings": {
"number_of_shards": 1
},
"mappings": {
"_source": {
"enabled": false
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z yyyy"
}
}
}
}{
"template": null,
"settings": {
"number_of_shards": 1
},
"aliases": {
"alias1": {},
"alias2": {
"filter": {
"term": {
"user.id": "kimchy"
}
},
"routing": "shard-1"
},
"{index}-alias": {}
}
}Comma-separated list of data streams, indices, and index aliases used to limit the request. Wildcard expressions (*) are supported.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
Type of index that wildcard expressions can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, returns settings in flat format.
If true, return all default settings in the response.
If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Return only information on specified index features
Supported values include: aliases, mappings, settings
Values are aliases, mappings, or settings.
GET /my-index-000001
resp = client.indices.get(
index="my-index-000001",
)const response = await client.indices.get({
index: "my-index-000001",
});response = client.indices.get(
index: "my-index-000001"
)$resp = $client->indices()->get([
"index" => "my-index-000001",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001"client.indices().get(g -> g
.index("my-index-000001")
);
You can use the create index API to add a new index to an Elasticsearch cluster. When creating an index, you can specify the following:
Wait for active shards
By default, index creation will only return a response to the client when the primary copies of each shard have been started, or the request times out.
The index creation response will indicate what happened.
For example, acknowledged indicates whether the index was successfully created in the cluster, while shards_acknowledged indicates whether the requisite number of shard copies were started for each shard in the index before timing out.
Note that it is still possible for either acknowledged or shards_acknowledged to be false, but for the index creation to be successful.
These values simply indicate whether the operation completed before the timeout.
If acknowledged is false, the request timed out before the cluster state was updated with the newly created index, but it probably will be created sometime soon.
If shards_acknowledged is false, then the request timed out before the requisite number of shards were started (by default just the primaries), even if the cluster state was successfully updated to reflect the newly created index (that is to say, acknowledged is true).
You can change the default of only waiting for the primary shards to start through the index setting index.write.wait_for_active_shards.
Note that changing this setting will also affect the wait_for_active_shards value on all subsequent write operations.
create_index,manageName of the index you wish to create. Index names must meet the following criteria:
\, /, *, ?, ", <, >, |, ,, or #:), but that has been deprecated and will not be supported in later versions-, _, or +. or ... are deprecated, except for hidden indices and internal indices managed by pluginsPeriod to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
The number of shard copies that must be active before proceeding with the operation.
Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1).
Values are all or index-setting.
Aliases for the index.
PUT /my-index-000001
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 2
}
}resp = client.indices.create(
index="my-index-000001",
settings={
"number_of_shards": 3,
"number_of_replicas": 2
},
)const response = await client.indices.create({
index: "my-index-000001",
settings: {
number_of_shards: 3,
number_of_replicas: 2,
},
});response = client.indices.create(
index: "my-index-000001",
body: {
"settings": {
"number_of_shards": 3,
"number_of_replicas": 2
}
}
)$resp = $client->indices()->create([
"index" => "my-index-000001",
"body" => [
"settings" => [
"number_of_shards" => 3,
"number_of_replicas" => 2,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"settings":{"number_of_shards":3,"number_of_replicas":2}}' "$ELASTICSEARCH_URL/my-index-000001"client.indices().create(c -> c
.index("my-index-000001")
.settings(s -> s
.numberOfShards("3")
.numberOfReplicas("2")
)
);
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 2
}
}{
"settings": {
"number_of_shards": 1
},
"mappings": {
"properties": {
"field1": { "type": "text" }
}
}
}{
"aliases": {
"alias_1": {},
"alias_2": {
"filter": {
"term": {
"user.id": "kimchy"
}
},
"routing": "shard-1"
}
}
}Check if one or more indices, index aliases, or data streams exist.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, returns settings in flat format.
If true, return all default settings in the response.
If true, the request retrieves information from the local node only.
HEAD my-data-stream
resp = client.indices.exists(
index="my-data-stream",
)const response = await client.indices.exists({
index: "my-data-stream",
});response = client.indices.exists(
index: "my-data-stream"
)$resp = $client->indices()->exists([
"index" => "my-data-stream",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-data-stream"client.indices().exists(e -> e
.index("my-data-stream")
);
Comma-separated list of data streams or indices used to limit the request.
Supports wildcards (*).
Comma-separated list of aliases to remove.
Supports wildcards (*). To remove all aliases, use * or _all.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
DELETE my-data-stream/_alias/my-alias
resp = client.indices.delete_alias(
index="my-data-stream",
name="my-alias",
)const response = await client.indices.deleteAlias({
index: "my-data-stream",
name: "my-alias",
});response = client.indices.delete_alias(
index: "my-data-stream",
name: "my-alias"
)$resp = $client->indices()->deleteAlias([
"index" => "my-data-stream",
"name" => "my-alias",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-data-stream/_alias/my-alias"client.indices().deleteAlias(d -> d
.index("my-data-stream")
.name("my-alias")
);
Comma-separated list of index template names used to limit the request. Wildcard (*) expressions are supported.
If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
If true, returns settings in flat format.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
If true, returns all relevant default configurations for the index template.
GET _index_template/*?filter_path=index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream
resp = client.indices.get_index_template(
name="*",
filter_path="index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream",
)const response = await client.indices.getIndexTemplate({
name: "*",
filter_path:
"index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream",
});response = client.indices.get_index_template(
name: "*",
filter_path: "index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream"
)$resp = $client->indices()->getIndexTemplate([
"name" => "*",
"filter_path" => "index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_index_template/*?filter_path=index_templates.name,index_templates.index_template.index_patterns,index_templates.index_template.data_stream"Comma-separated list of index template names used to limit the request. Wildcard (*) expressions are supported.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
DELETE /_index_template/my-index-template
resp = client.indices.delete_index_template(
name="my-index-template",
)const response = await client.indices.deleteIndexTemplate({
name: "my-index-template",
});response = client.indices.delete_index_template(
name: "my-index-template"
)$resp = $client->indices()->deleteIndexTemplate([
"name" => "my-index-template",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_index_template/my-index-template"client.indices().deleteIndexTemplate(d -> d
.name("my-index-template")
);
Comma-separated list of index template names used to limit the request. Wildcard (*) expressions are supported.
If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
If true, returns settings in flat format.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
curl \
--request HEAD 'http://api.example.com/_index_template/{name}' \
--header "Authorization: $API_KEY"All methods and paths for this operation:
Check if one or more data stream or index aliases exist.
Comma-separated list of data streams or indices used to limit the request. Supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
Comma-separated list of aliases to check. Supports wildcards (*).
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
HEAD _alias/my-alias
resp = client.indices.exists_alias(
name="my-alias",
)const response = await client.indices.existsAlias({
name: "my-alias",
});response = client.indices.exists_alias(
name: "my-alias"
)$resp = $client->indices()->existsAlias([
"name" => "my-alias",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_alias/my-alias"client.indices().existsAlias(e -> e
.name("my-alias")
);
Comma-separated list of data streams, indices, and aliases used to limit the request.
Supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, the request retrieves information from the local node only.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
GET /books/_mapping
resp = client.indices.get_mapping(
index="books",
)const response = await client.indices.getMapping({
index: "books",
});response = client.indices.get_mapping(
index: "books"
)$resp = $client->indices()->getMapping([
"index" => "books",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/books/_mapping"client.indices().getMapping(g -> g
.index("books")
);
Whether the index template we optionally defined in the body should only be dry-run added if new or can also replace an existing one
User defined reason for dry-run creating the new template for simulation purposes
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
If true, returns all relevant default configurations for the index template.
POST /_index_template/_simulate_index/my-index-000001
resp = client.indices.simulate_index_template(
name="my-index-000001",
)const response = await client.indices.simulateIndexTemplate({
name: "my-index-000001",
});response = client.indices.simulate_index_template(
name: "my-index-000001"
)$resp = $client->indices()->simulateIndexTemplate([
"name" => "my-index-000001",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_index_template/_simulate_index/my-index-000001"client.indices().simulateIndexTemplate(s -> s
.name("my-index-000001")
);
{
"template" : {
"settings" : {
"index" : {
"number_of_shards" : "2",
"number_of_replicas" : "0",
"routing" : {
"allocation" : {
"include" : {
"_tier_preference" : "data_content"
}
}
}
}
},
"mappings" : {
"properties" : {
"@timestamp" : {
"type" : "date"
}
}
},
"aliases" : { }
},
"overlapping" : [
{
"name" : "template_1",
"index_patterns" : [
"my-index-*"
]
}
]
}Adds a data stream or index to an alias.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
POST _aliases
{
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}resp = client.indices.update_aliases(
actions=[
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
],
)const response = await client.indices.updateAliases({
actions: [
{
add: {
index: "logs-nginx.access-prod",
alias: "logs",
},
},
],
});response = client.indices.update_aliases(
body: {
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}
)$resp = $client->indices()->updateAliases([
"body" => [
"actions" => array(
[
"add" => [
"index" => "logs-nginx.access-prod",
"alias" => "logs",
],
],
),
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"actions":[{"add":{"index":"logs-nginx.access-prod","alias":"logs"}}]}' "$ELASTICSEARCH_URL/_aliases"client.indices().updateAliases(u -> u
.actions(a -> a
.add(ad -> ad
.alias("logs")
.index("logs-nginx.access-prod")
)
)
);
{
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}Inference APIs enable you to use certain services, such as built-in machine learning models (ELSER, E5), models uploaded through Eland, Cohere, OpenAI, Azure, Google AI Studio or Hugging Face. For built-in models and models uploaded through Eland, the inference APIs offer an alternative way to use and manage trained models. However, if you do not plan to use the inference APIs to use these models or if you want to use non-NLP models, use the machine learning trained model APIs.
All methods and paths for this operation:
IMPORTANT: The inference APIs enable you to use certain services, such as built-in machine learning models (ELSER, E5), models uploaded through Eland, Cohere, OpenAI, Mistral, Azure OpenAI, Google AI Studio, Google Vertex AI, Anthropic, Watsonx.ai, or Hugging Face. For built-in models and models uploaded through Eland, the inference APIs offer an alternative way to use and manage trained models. However, if you do not plan to use the inference APIs to use these models or if you want to use non-NLP models, use the machine learning trained model APIs.
The following integrations are available through the inference API. You can find the available task types next to the integration name:
completion, rerank, sparse_embedding, text_embedding)completion, text_embedding)completion)completion, 'rerank', text_embedding)completion, text_embedding)completion, rerank, text_embedding)completion, chat_completion)rerank, sparse_embedding, text_embedding - this service is for built-in models and models uploaded through Eland)sparse_embedding)completion, text_embedding)rerank, text_embedding)chat_completion, completion, rerank, text_embedding)chat_completion, completion, text_embedding)chat_completion, completion, text_embedding)text_embedding, rerank)text_embedding)text_embedding, rerank)manage_inferenceThe task type. Refer to the integration list in the API description for the available task types.
Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.
The inference Id
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/rerank/my-rerank-model
{
"service": "cohere",
"service_settings": {
"model_id": "rerank-english-v3.0",
"api_key": "{{COHERE_API_KEY}}"
}
"chunking_settings": {
"strategy": "recursive",
"max_chunk_size": 200,
"separator_group": "markdown"
}resp = client.inference.put(
task_type="rerank",
inference_id="my-rerank-model",
inference_config={
"service": "cohere",
"service_settings": {
"model_id": "rerank-english-v3.0",
"api_key": "{{COHERE_API_KEY}}"
}
},
)const response = await client.inference.put({
task_type: "rerank",
inference_id: "my-rerank-model",
inference_config: {
service: "cohere",
service_settings: {
model_id: "rerank-english-v3.0",
api_key: "{{COHERE_API_KEY}}",
},
},
});response = client.inference.put(
task_type: "rerank",
inference_id: "my-rerank-model",
body: {
"service": "cohere",
"service_settings": {
"model_id": "rerank-english-v3.0",
"api_key": "{{COHERE_API_KEY}}"
}
}
)$resp = $client->inference()->put([
"task_type" => "rerank",
"inference_id" => "my-rerank-model",
"body" => [
"service" => "cohere",
"service_settings" => [
"model_id" => "rerank-english-v3.0",
"api_key" => "{{COHERE_API_KEY}}",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"cohere","service_settings":{"model_id":"rerank-english-v3.0","api_key":"{{COHERE_API_KEY}}"}}' "$ELASTICSEARCH_URL/_inference/rerank/my-rerank-model"client.inference().put(p -> p
.inferenceId("my-rerank-model")
.taskType(TaskType.Rerank)
.inferenceConfig(i -> i
.service("cohere")
.serviceSettings(JsonData.fromJson("{\"model_id\":\"rerank-english-v3.0\",\"api_key\":\"{{COHERE_API_KEY}}\"}"))
)
);
{
"service": "cohere",
"service_settings": {
"model_id": "rerank-english-v3.0",
"api_key": "{{COHERE_API_KEY}}"
}
"chunking_settings": {
"strategy": "recursive",
"max_chunk_size": 200,
"separator_group": "markdown"
}Create an inference endpoint to perform an inference task with the amazonbedrock service.
You need to provide the access and secret keys only once, during the inference model creation. The get inference API does not retrieve your access or secret keys. After creating the inference model, you cannot change the associated key pairs. If you want to use a different access and secret key pair, delete the inference model and recreate it with the same name and the updated keys.
manage_inferenceThe type of the inference task that the model will perform.
Values are completion or text_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/text_embedding/amazon_bedrock_embeddings
{
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-embed-text-v2:0"
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="amazon_bedrock_embeddings",
inference_config={
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-embed-text-v2:0"
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "amazon_bedrock_embeddings",
inference_config: {
service: "amazonbedrock",
service_settings: {
access_key: "AWS-access-key",
secret_key: "AWS-secret-key",
region: "us-east-1",
provider: "amazontitan",
model: "amazon.titan-embed-text-v2:0",
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "amazon_bedrock_embeddings",
body: {
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-embed-text-v2:0"
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "amazon_bedrock_embeddings",
"body" => [
"service" => "amazonbedrock",
"service_settings" => [
"access_key" => "AWS-access-key",
"secret_key" => "AWS-secret-key",
"region" => "us-east-1",
"provider" => "amazontitan",
"model" => "amazon.titan-embed-text-v2:0",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"amazonbedrock","service_settings":{"access_key":"AWS-access-key","secret_key":"AWS-secret-key","region":"us-east-1","provider":"amazontitan","model":"amazon.titan-embed-text-v2:0"}}' "$ELASTICSEARCH_URL/_inference/text_embedding/amazon_bedrock_embeddings"client.inference().put(p -> p
.inferenceId("amazon_bedrock_embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("amazonbedrock")
.serviceSettings(JsonData.fromJson("{\"access_key\":\"AWS-access-key\",\"secret_key\":\"AWS-secret-key\",\"region\":\"us-east-1\",\"provider\":\"amazontitan\",\"model\":\"amazon.titan-embed-text-v2:0\"}"))
)
);
{
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-embed-text-v2:0"
}
}{
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "gpt-3.5-turbo"
}
}Create an inference endpoint to perform an inference task with the elser service.
You can also deploy ELSER by using the Elasticsearch inference integration.
Your Elasticsearch deployment contains a preconfigured ELSER inference endpoint, you only need to create the enpoint using the API if you want to customize the settings.
The API request will automatically download and deploy the ELSER model if it isn't already downloaded.
You might see a 502 bad gateway error in the response when using the Kibana Console. This error usually just reflects a timeout, while the model downloads in the background. You can check the download progress in the Machine Learning UI. If using the Python client, you can set the timeout parameter to a higher value.
After creating the endpoint, wait for the model deployment to complete before using it.
To verify the deployment status, use the get trained model statistics API.
Look for "state": "fully_allocated" in the response and ensure that the "allocation_count" matches the "target_allocation_count".
Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.
manage_inferenceThe type of the inference task that the model will perform.
Value is sparse_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/sparse_embedding/my-elser-model
{
"service": "elser",
"service_settings": {
"num_allocations": 1,
"num_threads": 1
}
}resp = client.inference.put(
task_type="sparse_embedding",
inference_id="my-elser-model",
inference_config={
"service": "elser",
"service_settings": {
"num_allocations": 1,
"num_threads": 1
}
},
)const response = await client.inference.put({
task_type: "sparse_embedding",
inference_id: "my-elser-model",
inference_config: {
service: "elser",
service_settings: {
num_allocations: 1,
num_threads: 1,
},
},
});response = client.inference.put(
task_type: "sparse_embedding",
inference_id: "my-elser-model",
body: {
"service": "elser",
"service_settings": {
"num_allocations": 1,
"num_threads": 1
}
}
)$resp = $client->inference()->put([
"task_type" => "sparse_embedding",
"inference_id" => "my-elser-model",
"body" => [
"service" => "elser",
"service_settings" => [
"num_allocations" => 1,
"num_threads" => 1,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"elser","service_settings":{"num_allocations":1,"num_threads":1}}' "$ELASTICSEARCH_URL/_inference/sparse_embedding/my-elser-model"client.inference().put(p -> p
.inferenceId("my-elser-model")
.taskType(TaskType.SparseEmbedding)
.inferenceConfig(i -> i
.service("elser")
.serviceSettings(JsonData.fromJson("{\"num_allocations\":1,\"num_threads\":1}"))
)
);
{
"service": "elser",
"service_settings": {
"num_allocations": 1,
"num_threads": 1
}
}{
"service": "elser",
"service_settings": {
"adaptive_allocations": {
"enabled": true,
"min_number_of_allocations": 3,
"max_number_of_allocations": 10
},
"num_threads": 1
}
}{
"inference_id": "my-elser-model",
"task_type": "sparse_embedding",
"service": "elser",
"service_settings": {
"num_allocations": 1,
"num_threads": 1
},
"task_settings": {}
}The type of the inference task that the model will perform.
Values are completion or text_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/completion/google_ai_studio_completion
{
"service": "googleaistudio",
"service_settings": {
"api_key": "api-key",
"model_id": "model-id"
}
}resp = client.inference.put(
task_type="completion",
inference_id="google_ai_studio_completion",
inference_config={
"service": "googleaistudio",
"service_settings": {
"api_key": "api-key",
"model_id": "model-id"
}
},
)const response = await client.inference.put({
task_type: "completion",
inference_id: "google_ai_studio_completion",
inference_config: {
service: "googleaistudio",
service_settings: {
api_key: "api-key",
model_id: "model-id",
},
},
});response = client.inference.put(
task_type: "completion",
inference_id: "google_ai_studio_completion",
body: {
"service": "googleaistudio",
"service_settings": {
"api_key": "api-key",
"model_id": "model-id"
}
}
)$resp = $client->inference()->put([
"task_type" => "completion",
"inference_id" => "google_ai_studio_completion",
"body" => [
"service" => "googleaistudio",
"service_settings" => [
"api_key" => "api-key",
"model_id" => "model-id",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"googleaistudio","service_settings":{"api_key":"api-key","model_id":"model-id"}}' "$ELASTICSEARCH_URL/_inference/completion/google_ai_studio_completion"client.inference().put(p -> p
.inferenceId("google_ai_studio_completion")
.taskType(TaskType.Completion)
.inferenceConfig(i -> i
.service("googleaistudio")
.serviceSettings(JsonData.fromJson("{\"api_key\":\"api-key\",\"model_id\":\"model-id\"}"))
)
);
{
"service": "googleaistudio",
"service_settings": {
"api_key": "api-key",
"model_id": "model-id"
}
}The type of the inference task that the model will perform.
NOTE: The chat_completion task type only supports streaming and only through the _stream API.
Values are chat_completion, completion, or text_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/text_embedding/openai-embeddings
{
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="openai-embeddings",
inference_config={
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "openai-embeddings",
inference_config: {
service: "openai",
service_settings: {
api_key: "OpenAI-API-Key",
model_id: "text-embedding-3-small",
dimensions: 128,
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "openai-embeddings",
body: {
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "openai-embeddings",
"body" => [
"service" => "openai",
"service_settings" => [
"api_key" => "OpenAI-API-Key",
"model_id" => "text-embedding-3-small",
"dimensions" => 128,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"openai","service_settings":{"api_key":"OpenAI-API-Key","model_id":"text-embedding-3-small","dimensions":128}}' "$ELASTICSEARCH_URL/_inference/text_embedding/openai-embeddings"client.inference().put(p -> p
.inferenceId("openai-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("openai")
.serviceSettings(JsonData.fromJson("{\"api_key\":\"OpenAI-API-Key\",\"model_id\":\"text-embedding-3-small\",\"dimensions\":128}"))
)
);
{
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}{
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-text-premier-v1:0"
}
}The type of the inference task that the model will perform.
Values are text_embedding or rerank.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/text_embedding/openai-embeddings
{
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="openai-embeddings",
inference_config={
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "openai-embeddings",
inference_config: {
service: "voyageai",
service_settings: {
model_id: "voyage-3-large",
dimensions: 512,
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "openai-embeddings",
body: {
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "openai-embeddings",
"body" => [
"service" => "voyageai",
"service_settings" => [
"model_id" => "voyage-3-large",
"dimensions" => 512,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"voyageai","service_settings":{"model_id":"voyage-3-large","dimensions":512}}' "$ELASTICSEARCH_URL/_inference/text_embedding/openai-embeddings"client.inference().put(p -> p
.inferenceId("openai-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("voyageai")
.serviceSettings(JsonData.fromJson("{\"model_id\":\"voyage-3-large\",\"dimensions\":512}"))
)
);
{
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}{
"service": "voyageai",
"service_settings": {
"model_id": "rerank-2"
}
}Create an inference endpoint to perform an inference task with the watsonxai service.
You need an IBM Cloud Databases for Elasticsearch deployment to use the watsonxai inference service.
You can provision one through the IBM catalog, the Cloud Databases CLI plug-in, the Cloud Databases API, or Terraform.
manage_inferenceThe type of the inference task that the model will perform.
Values are text_embedding, chat_completion, or completion.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
PUT _inference/text_embedding/watsonx-embeddings
{
"service": "watsonxai",
"service_settings": {
"api_key": "Watsonx-API-Key",
"url": "Wastonx-URL",
"model_id": "ibm/slate-30m-english-rtrvr",
"project_id": "IBM-Cloud-ID",
"api_version": "2024-03-14"
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="watsonx-embeddings",
inference_config={
"service": "watsonxai",
"service_settings": {
"api_key": "Watsonx-API-Key",
"url": "Wastonx-URL",
"model_id": "ibm/slate-30m-english-rtrvr",
"project_id": "IBM-Cloud-ID",
"api_version": "2024-03-14"
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "watsonx-embeddings",
inference_config: {
service: "watsonxai",
service_settings: {
api_key: "Watsonx-API-Key",
url: "Wastonx-URL",
model_id: "ibm/slate-30m-english-rtrvr",
project_id: "IBM-Cloud-ID",
api_version: "2024-03-14",
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "watsonx-embeddings",
body: {
"service": "watsonxai",
"service_settings": {
"api_key": "Watsonx-API-Key",
"url": "Wastonx-URL",
"model_id": "ibm/slate-30m-english-rtrvr",
"project_id": "IBM-Cloud-ID",
"api_version": "2024-03-14"
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "watsonx-embeddings",
"body" => [
"service" => "watsonxai",
"service_settings" => [
"api_key" => "Watsonx-API-Key",
"url" => "Wastonx-URL",
"model_id" => "ibm/slate-30m-english-rtrvr",
"project_id" => "IBM-Cloud-ID",
"api_version" => "2024-03-14",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"watsonxai","service_settings":{"api_key":"Watsonx-API-Key","url":"Wastonx-URL","model_id":"ibm/slate-30m-english-rtrvr","project_id":"IBM-Cloud-ID","api_version":"2024-03-14"}}' "$ELASTICSEARCH_URL/_inference/text_embedding/watsonx-embeddings"client.inference().put(p -> p
.inferenceId("watsonx-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("watsonxai")
.serviceSettings(JsonData.fromJson("{\"api_key\":\"Watsonx-API-Key\",\"url\":\"Wastonx-URL\",\"model_id\":\"ibm/slate-30m-english-rtrvr\",\"project_id\":\"IBM-Cloud-ID\",\"api_version\":\"2024-03-14\"}"))
)
);
{
"service": "watsonxai",
"service_settings": {
"api_key": "Watsonx-API-Key",
"url": "Wastonx-URL",
"model_id": "ibm/slate-30m-english-rtrvr",
"project_id": "IBM-Cloud-ID",
"api_version": "2024-03-14"
}
}All methods and paths for this operation:
Get information about one or more ingest pipelines. This API returns a local reference of the pipeline.
Comma-separated list of pipeline IDs to retrieve.
Wildcard (*) expressions are supported.
To get all ingest pipelines, omit this parameter or use *.
GET /_ingest/pipeline/my-pipeline-id
resp = client.ingest.get_pipeline(
id="my-pipeline-id",
)const response = await client.ingest.getPipeline({
id: "my-pipeline-id",
});response = client.ingest.get_pipeline(
id: "my-pipeline-id"
)$resp = $client->ingest()->getPipeline([
"id" => "my-pipeline-id",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ingest/pipeline/my-pipeline-id"client.ingest().getPipeline(g -> g
.id("my-pipeline-id")
);
{
"my-pipeline-id" : {
"description" : "describe pipeline",
"version" : 123,
"processors" : [
{
"set" : {
"field" : "foo",
"value" : "bar"
}
}
]
}
}Licensing APIs enable you to manage your licenses.
All methods and paths for this operation:
Get pipelines that are used for Logstash Central Management.
manage_logstash_pipelinesGET _logstash/pipeline/my_pipeline
resp = client.logstash.get_pipeline(
id="my_pipeline",
)const response = await client.logstash.getPipeline({
id: "my_pipeline",
});response = client.logstash.get_pipeline(
id: "my_pipeline"
)$resp = $client->logstash()->getPipeline([
"id" => "my_pipeline",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_logstash/pipeline/my_pipeline"client.logstash().getPipeline(g -> g
.id("my_pipeline")
);
{
"my_pipeline": {
"description": "Sample pipeline for illustration purposes",
"last_modified": "2021-01-02T02:50:51.250Z",
"pipeline_metadata": {
"type": "logstash_pipeline",
"version": "1"
},
"username": "elastic",
"pipeline": "input {}\\n filter { grok {} }\\n output {}",
"pipeline_settings": {
"pipeline.workers": 1,
"pipeline.batch.size": 125,
"pipeline.batch.delay": 50,
"queue.type": "memory",
"queue.max_bytes": "1gb",
"queue.checkpoint.writes": 1024
}
}
}A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
DELETE _ml/datafeeds/datafeed-total-requests
resp = client.ml.delete_datafeed(
datafeed_id="datafeed-total-requests",
)const response = await client.ml.deleteDatafeed({
datafeed_id: "datafeed-total-requests",
});response = client.ml.delete_datafeed(
datafeed_id: "datafeed-total-requests"
)$resp = $client->ml()->deleteDatafeed([
"datafeed_id" => "datafeed-total-requests",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/datafeeds/datafeed-total-requests"client.ml().deleteDatafeed(d -> d
.datafeedId("datafeed-total-requests")
);
{
"acknowledged": true
}DELETE _ml/filters/safe_domains
resp = client.ml.delete_filter(
filter_id="safe_domains",
)const response = await client.ml.deleteFilter({
filter_id: "safe_domains",
});response = client.ml.delete_filter(
filter_id: "safe_domains"
)$resp = $client->ml()->deleteFilter([
"filter_id" => "safe_domains",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/filters/safe_domains"client.ml().deleteFilter(d -> d
.filterId("safe_domains")
);
{
"acknowledged": true
}The identifier for the anomaly detection job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
If true, wildcard indices expressions that resolve into no concrete indices are ignored. This includes the
_all string or when no indices are specified.
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, concrete, expanded or aliased indices are ignored when frozen.
Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. By default, if a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.
Default value is false.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Custom metadata about the job
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to model_snapshot_retention_days.
Default value is 1.
A description of the job.
A list of job groups. A job can belong to no groups or many.
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. By default, snapshots ten days older than the newest snapshot are deleted.
Default value is 10.
Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket spans.
Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.
PUT /_ml/anomaly_detectors/job-01
{
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}resp = client.ml.put_job(
job_id="job-01",
analysis_config={
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
data_description={
"time_field": "timestamp",
"time_format": "epoch_ms"
},
analysis_limits={
"model_memory_limit": "11MB"
},
model_plot_config={
"enabled": True,
"annotations_enabled": True
},
results_index_name="test-job1",
datafeed_config={
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
},
)const response = await client.ml.putJob({
job_id: "job-01",
analysis_config: {
bucket_span: "15m",
detectors: [
{
detector_description: "Sum of bytes",
function: "sum",
field_name: "bytes",
},
],
},
data_description: {
time_field: "timestamp",
time_format: "epoch_ms",
},
analysis_limits: {
model_memory_limit: "11MB",
},
model_plot_config: {
enabled: true,
annotations_enabled: true,
},
results_index_name: "test-job1",
datafeed_config: {
indices: ["kibana_sample_data_logs"],
query: {
bool: {
must: [
{
match_all: {},
},
],
},
},
runtime_mappings: {
hour_of_day: {
type: "long",
script: {
source: "emit(doc['timestamp'].value.getHour());",
},
},
},
datafeed_id: "datafeed-test-job1",
},
});response = client.ml.put_job(
job_id: "job-01",
body: {
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}
)$resp = $client->ml()->putJob([
"job_id" => "job-01",
"body" => [
"analysis_config" => [
"bucket_span" => "15m",
"detectors" => array(
[
"detector_description" => "Sum of bytes",
"function" => "sum",
"field_name" => "bytes",
],
),
],
"data_description" => [
"time_field" => "timestamp",
"time_format" => "epoch_ms",
],
"analysis_limits" => [
"model_memory_limit" => "11MB",
],
"model_plot_config" => [
"enabled" => true,
"annotations_enabled" => true,
],
"results_index_name" => "test-job1",
"datafeed_config" => [
"indices" => array(
"kibana_sample_data_logs",
),
"query" => [
"bool" => [
"must" => array(
[
"match_all" => new ArrayObject([]),
],
),
],
],
"runtime_mappings" => [
"hour_of_day" => [
"type" => "long",
"script" => [
"source" => "emit(doc['timestamp'].value.getHour());",
],
],
],
"datafeed_id" => "datafeed-test-job1",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"analysis_config":{"bucket_span":"15m","detectors":[{"detector_description":"Sum of bytes","function":"sum","field_name":"bytes"}]},"data_description":{"time_field":"timestamp","time_format":"epoch_ms"},"analysis_limits":{"model_memory_limit":"11MB"},"model_plot_config":{"enabled":true,"annotations_enabled":true},"results_index_name":"test-job1","datafeed_config":{"indices":["kibana_sample_data_logs"],"query":{"bool":{"must":[{"match_all":{}}]}},"runtime_mappings":{"hour_of_day":{"type":"long","script":{"source":"emit(doc['"'"'timestamp'"'"'].value.getHour());"}}},"datafeed_id":"datafeed-test-job1"}}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/job-01"client.ml().putJob(p -> p
.analysisConfig(a -> a
.bucketSpan(b -> b
.time("15m")
)
.detectors(d -> d
.detectorDescription("Sum of bytes")
.fieldName("bytes")
.function("sum")
)
)
.analysisLimits(an -> an
.modelMemoryLimit("11MB")
)
.dataDescription(d -> d
.timeField("timestamp")
.timeFormat("epoch_ms")
)
.datafeedConfig(d -> d
.datafeedId("datafeed-test-job1")
.indices("kibana_sample_data_logs")
.query(q -> q
.bool(b -> b
.must(m -> m
.matchAll(ma -> ma)
)
)
)
.runtimeMappings("hour_of_day", r -> r
.script(s -> s
.source(so -> so
.scriptString("emit(doc['timestamp'].value.getHour());")
)
)
.type(RuntimeFieldType.Long)
)
)
.jobId("job-01")
.modelPlotConfig(m -> m
.annotationsEnabled(true)
.enabled(true)
)
.resultsIndexName("test-job1")
);
{
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}{
"job_id": "test-job1",
"job_type": "anomaly_detector",
"job_version": "8.4.0",
"create_time": 1656087283340,
"datafeed_config": {
"datafeed_id": "datafeed-test-job1",
"job_id": "test-job1",
"authorization": {
"roles": [
"superuser"
]
},
"query_delay": "61499ms",
"chunking_config": {
"mode": "auto"
},
"indices_options": {
"expand_wildcards": [
"open"
],
"ignore_unavailable": false,
"allow_no_indices": true,
"ignore_throttled": true
},
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"indices": [
"kibana_sample_data_logs"
],
"scroll_size": 1000,
"delayed_data_check_config": {
"enabled": true
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
}
},
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes",
"detector_index": 0
}
],
"influencers": [],
"model_prune_window": "30d"
},
"analysis_limits": {
"model_memory_limit": "11mb",
"categorization_examples_limit": 4
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"model_snapshot_retention_days": 10,
"daily_model_snapshot_retention_after_days": 1,
"results_index_name": "custom-test-job1",
"allow_lazy_open": false
}The flush jobs API is only applicable when sending data for analysis using the post data API. Depending on the content of the buffer, then it might additionally calculate new results. Both flush and close operations are similar, however the flush is more efficient if you are expecting to send more data for analysis. When flushing, the job remains open and is available to continue analyzing data. A close operation additionally prunes and persists the model state to disk and the job must be opened again before analyzing further data.
manage_mlSpecifies to advance to a particular time value. Results are generated and the model is updated for data from the specified time interval.
If true, calculates the interim results for the most recent bucket or all buckets within the latency period.
When used in conjunction with calc_interim and start, specifies the
range of buckets on which to calculate interim results.
Specifies to skip to a particular time value. Results are not generated and the model is not updated for data from the specified time interval.
When used in conjunction with calc_interim, specifies the range of
buckets on which to calculate interim results.
Refer to the description for the calc_interim query parameter.
POST _ml/anomaly_detectors/low_request_rate/_flush
{
"calc_interim": true
}resp = client.ml.flush_job(
job_id="low_request_rate",
calc_interim=True,
)const response = await client.ml.flushJob({
job_id: "low_request_rate",
calc_interim: true,
});response = client.ml.flush_job(
job_id: "low_request_rate",
body: {
"calc_interim": true
}
)$resp = $client->ml()->flushJob([
"job_id" => "low_request_rate",
"body" => [
"calc_interim" => true,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"calc_interim":true}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/low_request_rate/_flush"client.ml().flushJob(f -> f
.calcInterim(true)
.jobId("low_request_rate")
);
{
"calc_interim": true
}All methods and paths for this operation:
Retrievs overall bucket results that summarize the bucket results of multiple anomaly detection jobs.
The overall_score is calculated by combining the scores of all the
buckets within the overall bucket span. First, the maximum
anomaly_score per anomaly detection job in the overall bucket is
calculated. Then the top_n of those scores are averaged to result in
the overall_score. This means that you can fine-tune the
overall_score so that it is more or less sensitive to the number of
jobs that detect an anomaly at the same time. For example, if you set
top_n to 1, the overall_score is the maximum bucket score in the
overall bucket. Alternatively, if you set top_n to the number of jobs,
the overall_score is high only when all jobs detect anomalies in that
overall bucket. If you set the bucket_span parameter (to a value
greater than its default), the overall_score is the maximum
overall_score of the overall buckets that have a span equal to the
jobs' largest bucket span.
monitor_mlIdentifier for the anomaly detection job. It can be a job identifier, a group name, a comma-separated list of jobs or groups, or a wildcard expression.
You can summarize the bucket results for all anomaly detection jobs by
using _all or by specifying * as the <job_id>.
Specifies what to do when the request:
_all string or no identifiers and there are no matches.If true, the request returns an empty jobs array when there are no
matches and the subset of results when there are partial matches. If this
parameter is false, the request returns a 404 status code when there
are no matches or only partial matches.
The span of the overall buckets. Must be greater or equal to the largest bucket span of the specified anomaly detection jobs, which is the default value.
By default, an overall bucket has a span equal to the largest bucket span
of the specified anomaly detection jobs. To override that behavior, use
the optional bucket_span parameter.
Values are -1 or 0.
Returns overall buckets with timestamps earlier than this time.
If true, the output excludes interim results.
Returns overall buckets with overall scores greater than or equal to this value.
Returns overall buckets with timestamps after this time.
The number of top anomaly detection job bucket scores to be used in the
overall_score calculation.
Refer to the description for the allow_no_match query parameter.
Default value is true.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Refer to the description for the exclude_interim query parameter.
Default value is false.
Refer to the description for the top_n query parameter.
Default value is 1.
GET _ml/anomaly_detectors/job-*/results/overall_buckets
{
"overall_score": 80,
"start": "1403532000000"
}resp = client.ml.get_overall_buckets(
job_id="job-*",
overall_score=80,
start="1403532000000",
)const response = await client.ml.getOverallBuckets({
job_id: "job-*",
overall_score: 80,
start: 1403532000000,
});response = client.ml.get_overall_buckets(
job_id: "job-*",
body: {
"overall_score": 80,
"start": "1403532000000"
}
)$resp = $client->ml()->getOverallBuckets([
"job_id" => "job-*",
"body" => [
"overall_score" => 80,
"start" => "1403532000000",
],
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"overall_score":80,"start":"1403532000000"}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/job-*/results/overall_buckets"client.ml().getOverallBuckets(g -> g
.jobId("job-*")
.overallScore("80")
.start(DateTime.of("1403532000000"))
);
{
"overall_score": 80,
"start": "1403532000000"
}An anomaly detection job must be opened to be ready to receive and analyze data. It can be opened and closed multiple times throughout its lifecycle. When you open a new job, it starts with an empty model. When you open an existing job, the most recent model state is automatically loaded. The job is ready to resume its analysis from where it left off, once new data is received.
manage_mlPOST /_ml/anomaly_detectors/job-01/_open
{
"timeout": "35m"
}resp = client.ml.open_job(
job_id="job-01",
timeout="35m",
)const response = await client.ml.openJob({
job_id: "job-01",
timeout: "35m",
});response = client.ml.open_job(
job_id: "job-01",
body: {
"timeout": "35m"
}
)$resp = $client->ml()->openJob([
"job_id" => "job-01",
"body" => [
"timeout" => "35m",
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"timeout":"35m"}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/job-01/_open"client.ml().openJob(o -> o
.jobId("job-01")
.timeout(t -> t
.time("35m")
)
);
{
"timeout": "35m"
}{
"opened": true,
"node": "node-1"
}All methods and paths for this operation:
This API returns the first "page" of search results from a datafeed. You can preview an existing datafeed or provide configuration details for a datafeed and anomaly detection job in the API. The preview shows the structure of the data that will be passed to the anomaly detection engine. IMPORTANT: When Elasticsearch security features are enabled, the preview uses the credentials of the user that called the API. However, when the datafeed starts it uses the roles of the last user that created or updated the datafeed. To get a preview that accurately reflects the behavior of the datafeed, use the appropriate credentials. You can also use secondary authorization headers to supply the credentials.
readmanage_mlA numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters. NOTE: If you use this path parameter, you cannot provide datafeed or anomaly detection job configuration details in the request body.
The start time from where the datafeed preview should begin
The end time when the datafeed preview should stop
GET _ml/datafeeds/datafeed-high_sum_total_sales/_preview
resp = client.ml.preview_datafeed(
datafeed_id="datafeed-high_sum_total_sales",
)const response = await client.ml.previewDatafeed({
datafeed_id: "datafeed-high_sum_total_sales",
});response = client.ml.preview_datafeed(
datafeed_id: "datafeed-high_sum_total_sales"
)$resp = $client->ml()->previewDatafeed([
"datafeed_id" => "datafeed-high_sum_total_sales",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/datafeeds/datafeed-high_sum_total_sales/_preview"client.ml().previewDatafeed(p -> p
.datafeedId("datafeed-high_sum_total_sales")
);
Advanced configuration option. Specifies whether this job can open when
there is insufficient machine learning node capacity for it to be
immediately assigned to a node. If false and a machine learning node
with capacity to run the job cannot immediately be found, the open
anomaly detection jobs API returns an error. However, this is also
subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this
option is set to true, the open anomaly detection jobs API does not
return an error and the job waits in the opening state until sufficient
machine learning node capacity is available.
Default value is false.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Advanced configuration option. Contains custom meta data about the job. For example, it can contain custom URL information as shown in Adding custom URLs to machine learning results.
A description of the job.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Advanced configuration option, which affects the automatic removal of old
model snapshots for this job. It specifies a period of time (in days)
after which only the first snapshot per day is retained. This period is
relative to the timestamp of the most recent snapshot for this job. Valid
values range from 0 to model_snapshot_retention_days. For jobs created
before version 7.8.0, the default value matches
model_snapshot_retention_days.
Default value is 1.
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job.
Default value is 10.
Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen.
Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained.
A list of job groups. A job can belong to no groups or many.
An array of detector update objects.
POST _ml/anomaly_detectors/low_request_rate/_update
{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}resp = client.ml.update_job(
job_id="low_request_rate",
description="An updated job",
detectors={
"detector_index": 0,
"description": "An updated detector description"
},
groups=[
"kibana_sample_data",
"kibana_sample_web_logs"
],
model_plot_config={
"enabled": True
},
renormalization_window_days=30,
background_persist_interval="2h",
model_snapshot_retention_days=7,
results_retention_days=60,
)const response = await client.ml.updateJob({
job_id: "low_request_rate",
description: "An updated job",
detectors: {
detector_index: 0,
description: "An updated detector description",
},
groups: ["kibana_sample_data", "kibana_sample_web_logs"],
model_plot_config: {
enabled: true,
},
renormalization_window_days: 30,
background_persist_interval: "2h",
model_snapshot_retention_days: 7,
results_retention_days: 60,
});response = client.ml.update_job(
job_id: "low_request_rate",
body: {
"description": "An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": [
"kibana_sample_data",
"kibana_sample_web_logs"
],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}
)$resp = $client->ml()->updateJob([
"job_id" => "low_request_rate",
"body" => [
"description" => "An updated job",
"detectors" => [
"detector_index" => 0,
"description" => "An updated detector description",
],
"groups" => array(
"kibana_sample_data",
"kibana_sample_web_logs",
),
"model_plot_config" => [
"enabled" => true,
],
"renormalization_window_days" => 30,
"background_persist_interval" => "2h",
"model_snapshot_retention_days" => 7,
"results_retention_days" => 60,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"description":"An updated job","detectors":{"detector_index":0,"description":"An updated detector description"},"groups":["kibana_sample_data","kibana_sample_web_logs"],"model_plot_config":{"enabled":true},"renormalization_window_days":30,"background_persist_interval":"2h","model_snapshot_retention_days":7,"results_retention_days":60}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/low_request_rate/_update"client.ml().updateJob(u -> u
.backgroundPersistInterval(b -> b
.time("2h")
)
.description("An updated job")
.detectors(d -> d
.detectorIndex(0)
.description("An updated detector description")
)
.groups(List.of("kibana_sample_data","kibana_sample_web_logs"))
.jobId("low_request_rate")
.modelPlotConfig(m -> m
.enabled(true)
)
.modelSnapshotRetentionDays(7L)
.renormalizationWindowDays(30L)
.resultsRetentionDays(60L)
);
{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}A data frame analytics job can be started and stopped multiple times
throughout its lifecycle.
If the destination index does not exist, it is created automatically the
first time you start the data frame analytics job. The
index.number_of_shards and index.number_of_replicas settings for the
destination index are copied from the source index. If there are multiple
source indices, the destination index copies the highest setting values. The
mappings for the destination index are also copied from the source indices.
If there are any mapping conflicts, the job fails to start.
If the destination index exists, it is used as is. You can therefore set up
the destination index in advance with custom settings and mappings.
create_index,index,manage,read,view_index_metadatamanage_mlIdentifier for the data frame analytics job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
POST _ml/data_frame/analytics/loganalytics/_start
resp = client.ml.start_data_frame_analytics(
id="loganalytics",
)const response = await client.ml.startDataFrameAnalytics({
id: "loganalytics",
});response = client.ml.start_data_frame_analytics(
id: "loganalytics"
)$resp = $client->ml()->startDataFrameAnalytics([
"id" => "loganalytics",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/data_frame/analytics/loganalytics/_start"client.ml().startDataFrameAnalytics(s -> s
.id("loganalytics")
);
PUT _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/vocabulary
{
"vocabulary": [
"[PAD]",
"[unused0]",
]
}resp = client.ml.put_trained_model_vocabulary(
model_id="elastic__distilbert-base-uncased-finetuned-conll03-english",
vocabulary=[
"[PAD]",
"[unused0]"
],
)const response = await client.ml.putTrainedModelVocabulary({
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
vocabulary: ["[PAD]", "[unused0]"],
});response = client.ml.put_trained_model_vocabulary(
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
body: {
"vocabulary": [
"[PAD]",
"[unused0]"
]
}
)$resp = $client->ml()->putTrainedModelVocabulary([
"model_id" => "elastic__distilbert-base-uncased-finetuned-conll03-english",
"body" => [
"vocabulary" => array(
"[PAD]",
"[unused0]",
),
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"vocabulary":["[PAD]","[unused0]"]}' "$ELASTICSEARCH_URL/_ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/vocabulary"client.ml().putTrainedModelVocabulary(p -> p
.modelId("elastic__distilbert-base-uncased-finetuned-conll03-english")
.vocabulary(List.of("[PAD]","[unused0]"))
);
{
"vocabulary": [
"[PAD]",
"[unused0]",
]
}Query rules enable you to configure per-query rules that are applied at query time to queries that match the specific rule. Query rules are organized into rulesets, collections of query rules that are matched against incoming queries. Query rules are applied using the rule query. If a query matches one or more rules in the ruleset, the query is re-written to apply the rules before searching. This allows pinning documents for only queries that match a specific term.
Create or update a query rule within a query ruleset.
IMPORTANT: Due to limitations within pinned queries, you can only pin documents using ids or docs, but cannot use both in single rule. It is advised to use one or the other in query rulesets, to avoid errors. Additionally, pinned queries have a maximum limit of 100 pinned hits. If multiple matching rules pin more than 100 documents, only the first 100 documents are pinned in the order they are specified in the ruleset.
manage_search_query_rulesThe unique identifier of the query ruleset containing the rule to be created or updated.
The unique identifier of the query rule within the specified ruleset to be created or updated.
POST _query_rules/my-ruleset/_test
{
"match_criteria": {
"query_string": "puggles"
}
}resp = client.query_rules.test(
ruleset_id="my-ruleset",
match_criteria={
"query_string": "puggles"
},
)const response = await client.queryRules.test({
ruleset_id: "my-ruleset",
match_criteria: {
query_string: "puggles",
},
});response = client.query_rules.test(
ruleset_id: "my-ruleset",
body: {
"match_criteria": {
"query_string": "puggles"
}
}
)$resp = $client->queryRules()->test([
"ruleset_id" => "my-ruleset",
"body" => [
"match_criteria" => [
"query_string" => "puggles",
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"match_criteria":{"query_string":"puggles"}}' "$ELASTICSEARCH_URL/_query_rules/my-ruleset/_test"client.queryRules().test(t -> t
.matchCriteria("query_string", JsonData.fromJson("\"puggles\""))
.rulesetId("my-ruleset")
);
{
"match_criteria": {
"query_string": "puggles"
}
}All methods and paths for this operation:
Runs a script and returns a result. Use this API to build and test scripts, such as when defining a script for a runtime field. This API requires very few dependencies and is especially useful if you don't have permissions to write documents on a cluster.
The API uses several contexts, which control how scripts are run, what variables are available at runtime, and what the return type is.
Each context requires a script, but additional parameters depend on the context you're using for that script.
POST /_scripts/painless/_execute
{
"script": {
"source": "params.count / params.total",
"params": {
"count": 100.0,
"total": 1000.0
}
}
}resp = client.scripts_painless_execute(
script={
"source": "params.count / params.total",
"params": {
"count": 100,
"total": 1000
}
},
)const response = await client.scriptsPainlessExecute({
script: {
source: "params.count / params.total",
params: {
count: 100,
total: 1000,
},
},
});response = client.scripts_painless_execute(
body: {
"script": {
"source": "params.count / params.total",
"params": {
"count": 100,
"total": 1000
}
}
}
)$resp = $client->scriptsPainlessExecute([
"body" => [
"script" => [
"source" => "params.count / params.total",
"params" => [
"count" => 100,
"total" => 1000,
],
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"script":{"source":"params.count / params.total","params":{"count":100,"total":1000}}}' "$ELASTICSEARCH_URL/_scripts/painless/_execute"client.scriptsPainlessExecute(s -> s
.script(sc -> sc
.source(so -> so
.scriptString("params.count / params.total")
)
.params(Map.of("total", JsonData.fromJson("1000"),"count", JsonData.fromJson("100")))
)
);
{
"script": {
"source": "params.count / params.total",
"params": {
"count": 100.0,
"total": 1000.0
}
}
}{
"script": {
"source": "doc['field'].value.length() <= params.max_length",
"params": {
"max_length": 4
}
},
"context": "filter",
"context_setup": {
"index": "my-index-000001",
"document": {
"field": "four"
}
}
}{
"script": {
"source": "doc['rank'].value / params.max_rank",
"params": {
"max_rank": 5.0
}
},
"context": "score",
"context_setup": {
"index": "my-index-000001",
"document": {
"rank": 4
}
}
}{
"result": "0.1"
}{
"result": true
}{
"result": 0.8
}All methods and paths for this operation:
When the primary sort of the results is an indexed field, shards get sorted based on minimum and maximum value that they hold for that field. Partial results become available following the sort criteria that was requested.
Warning: Asynchronous search does not support scroll or search requests that include only the suggest section.
By default, Elasticsearch does not allow you to store an async search response larger than 10Mb and an attempt to do this results in an error.
The maximum allowed size for a stored async search response can be set by changing the search.max_async_search_response_size cluster level setting.
A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
Blocks and waits until the search is completed up to a certain timeout. When the async search completes within the timeout, the response won’t include the ID as the results are not stored in the cluster.
Values are -1 or 0.
Specifies how long the async search needs to be available. Ongoing async searches and any saved search results are deleted after this period.
Values are -1 or 0.
If true, results are stored for later retrieval when the search completes within the wait_for_completion_timeout.
Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
Indicate if an error should be returned if there is a partial search failure or timeout
The analyzer to use for the query string
Specify whether wildcard and prefix queries should be analyzed (default: false)
Affects how often partial results become available, which happens whenever shard results are reduced. A partial reduction is performed every time the coordinating node has received a certain number of new shard responses (5 by default).
The default value is the only supported value.
The default operator for query string query (AND or OR)
Values are and, AND, or, or OR.
The field to use as default where no field prefix is given in the query string
A comma-separated list of fields to return as the docvalue representation of a field for each hit
Whether to expand wildcard expression to concrete indices that are open, closed or both.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Specify whether to return detailed information about score computation as part of a hit
Whether specified concrete, expanded or aliased indices should be ignored when throttled
Specify whether format-based query failures (such as providing text to a numeric field) should be ignored
The number of concurrent shard requests per node this search executes concurrently. This value should be used to limit the impact of the search on the cluster in order to limit the number of concurrent shard requests
Specify the node or shard the operation should be performed on (default: random)
Specify if request cache should be used for this request or not, defaults to true
A comma-separated list of specific routing values
Search operation type
Supported values include:
query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.Values are query_then_fetch or dfs_query_then_fetch.
Specific 'tag' of the request for logging and statistical purposes
A comma-separated list of stored fields to return as part of a hit
Specifies which field to use for suggestions.
Specify suggest mode
Supported values include:
missing: Only generate suggestions for terms that are not in the shard.popular: Only suggest terms that occur in more docs on the shard than the original term.always: Suggest any matching suggestions based on terms in the suggest text.Values are missing, popular, or always.
How many suggestions to return in response
The source text for which the suggestions should be returned.
The maximum number of documents to collect for each shard, upon reaching which the query execution will terminate early.
Explicit operation timeout
Values are -1 or 0.
Indicate if the number of documents that match the query should be tracked. A number can also be specified, to accurately track the total hit count up to the number.
Whether to calculate and return scores even if they are not used for sorting
Specify whether aggregation and suggester names should be prefixed by their respective types in the response
Indicates whether hits.total should be rendered as an integer or an object in the rest search response
Specify whether to return document version as part of a hit
True or false to return the _source field or not, or a list of fields to return
A list of fields to exclude from the returned _source field
A list of fields to extract and return from the _source field
Specify whether to return sequence number and primary term of the last modification of each hit
Query in the Lucene query string syntax
Number of hits to return (default: 10)
Starting offset (default: 0)
A comma-separated list of : pairs
If true, returns detailed information about score computation as part of a hit.
Default value is false.
Configuration of search extensions defined by Elasticsearch plugins.
Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
Default value is 0.
Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
Boosts the _score of documents from specified indices.
Array of wildcard (*) patterns. The request returns doc values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
Minimum _score for matching documents. Documents with a lower _score are not included in search results and results collected by aggregations.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Retrieve a script evaluation (based on different fields) for each hit.
A field value.
The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
Default value is 10.
Array of wildcard (*) patterns. The request returns values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
Maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. Defaults to 0, which does not terminate query execution early.
Default value is 0.
Specifies the period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
If true, calculate and return document scores, even if the scores are not used for sorting.
Default value is false.
If true, returns document version as part of a hit.
Default value is false.
If true, returns sequence number and primary term of the last modification of each hit. See Optimistic concurrency control.
Stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
POST /sales*/_async_search?size=0
{
"sort": [
{ "date": { "order": "asc" } }
],
"aggs": {
"sale_date": {
"date_histogram": {
"field": "date",
"calendar_interval": "1d"
}
}
}
}resp = client.async_search.submit(
index="sales*",
size="0",
sort=[
{
"date": {
"order": "asc"
}
}
],
aggs={
"sale_date": {
"date_histogram": {
"field": "date",
"calendar_interval": "1d"
}
}
},
)const response = await client.asyncSearch.submit({
index: "sales*",
size: 0,
sort: [
{
date: {
order: "asc",
},
},
],
aggs: {
sale_date: {
date_histogram: {
field: "date",
calendar_interval: "1d",
},
},
},
});response = client.async_search.submit(
index: "sales*",
size: "0",
body: {
"sort": [
{
"date": {
"order": "asc"
}
}
],
"aggs": {
"sale_date": {
"date_histogram": {
"field": "date",
"calendar_interval": "1d"
}
}
}
}
)$resp = $client->asyncSearch()->submit([
"index" => "sales*",
"size" => "0",
"body" => [
"sort" => array(
[
"date" => [
"order" => "asc",
],
],
),
"aggs" => [
"sale_date" => [
"date_histogram" => [
"field" => "date",
"calendar_interval" => "1d",
],
],
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"sort":[{"date":{"order":"asc"}}],"aggs":{"sale_date":{"date_histogram":{"field":"date","calendar_interval":"1d"}}}}' "$ELASTICSEARCH_URL/sales*/_async_search?size=0"client.asyncSearch().submit(s -> s
.aggregations("sale_date", a -> a
.dateHistogram(d -> d
.calendarInterval(CalendarInterval.Day)
.field("date")
)
)
.index("sales*")
.size(0)
.sort(so -> so
.field(f -> f
.field("date")
.order(SortOrder.Asc)
)
)
,Void.class);
{
"sort": [
{ "date": { "order": "asc" } }
],
"aggs": {
"sale_date": {
"date_histogram": {
"field": "date",
"calendar_interval": "1d"
}
}
}
}{
"id" : "FmRldE8zREVEUzA2ZVpUeGs2ejJFUFEaMkZ5QTVrSTZSaVN3WlNFVmtlWHJsdzoxMDc=",
"is_partial" : true,
"is_running" : true,
"start_time_in_millis" : 1583945890986,
"expiration_time_in_millis" : 1584377890986,
"response" : {
"took" : 1122,
"timed_out" : false,
"num_reduce_phases" : 0,
"_shards" : {
"total" : 562,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 157483,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
}
}
}All methods and paths for this operation:
Get information about the capabilities of fields among multiple indices.
For data streams, the API returns field capabilities among the stream’s backing indices.
It returns runtime fields like any other field.
For example, a runtime field with a type of keyword is returned the same as any other field that belongs to the keyword family.
view_index_metadata,readA comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
If false, the request returns an error if any wildcard expression, index alias,
or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request
targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
A comma-separated list of fields to retrieve capabilities for. Wildcard (*) expressions are supported.
If true, unmapped fields are included in the response.
A comma-separated list of filters to apply to the response.
A comma-separated list of field types to include. Any fields that do not match one of these types will be excluded from the results. It defaults to empty, meaning that all field types are returned.
If false, empty fields are not included in the response.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
POST my-index-*/_field_caps?fields=rating
{
"index_filter": {
"range": {
"@timestamp": {
"gte": "2018"
}
}
}
}resp = client.field_caps(
index="my-index-*",
fields="rating",
index_filter={
"range": {
"@timestamp": {
"gte": "2018"
}
}
},
)const response = await client.fieldCaps({
index: "my-index-*",
fields: "rating",
index_filter: {
range: {
"@timestamp": {
gte: "2018",
},
},
},
});response = client.field_caps(
index: "my-index-*",
fields: "rating",
body: {
"index_filter": {
"range": {
"@timestamp": {
"gte": "2018"
}
}
}
}
)$resp = $client->fieldCaps([
"index" => "my-index-*",
"fields" => "rating",
"body" => [
"index_filter" => [
"range" => [
"@timestamp" => [
"gte" => "2018",
],
],
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index_filter":{"range":{"@timestamp":{"gte":"2018"}}}}' "$ELASTICSEARCH_URL/my-index-*/_field_caps?fields=rating"{
"index_filter": {
"range": {
"@timestamp": {
"gte": "2018"
}
}
}
}{
"indices": [ "index1", "index2", "index3", "index4", "index5" ],
"fields": {
"rating": {
"long": {
"metadata_field": false,
"searchable": true,
"aggregatable": false,
"indices": [ "index1", "index2" ],
"non_aggregatable_indices": [ "index1" ]
},
"keyword": {
"metadata_field": false,
"searchable": false,
"aggregatable": true,
"indices": [ "index3", "index4" ],
"non_searchable_indices": [ "index4" ]
}
},
"title": {
"text": {
"metadata_field": false,
"searchable": true,
"aggregatable": false
}
}
}
}{
"indices": [ "index1", "index2", "index3", "index4", "index5" ],
"fields": {
"rating": {
"long": {
"metadata_field": false,
"searchable": true,
"aggregatable": false,
"indices": [ "index1", "index2" ],
"non_aggregatable_indices": [ "index1" ]
},
"keyword": {
"metadata_field": false,
"searchable": false,
"aggregatable": true,
"indices": [ "index3", "index4" ],
"non_searchable_indices": [ "index4" ]
}
},
"title": {
"text": {
"metadata_field": false,
"searchable": true,
"aggregatable": false
}
}
}
}The maximum number of rows (or entries) to return in one response.
Default value is 1000.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
The SQL query to run.
POST _sql/translate
{
"query": "SELECT * FROM library ORDER BY page_count DESC",
"fetch_size": 10
}resp = client.sql.translate(
query="SELECT * FROM library ORDER BY page_count DESC",
fetch_size=10,
)const response = await client.sql.translate({
query: "SELECT * FROM library ORDER BY page_count DESC",
fetch_size: 10,
});response = client.sql.translate(
body: {
"query": "SELECT * FROM library ORDER BY page_count DESC",
"fetch_size": 10
}
)$resp = $client->sql()->translate([
"body" => [
"query" => "SELECT * FROM library ORDER BY page_count DESC",
"fetch_size" => 10,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":"SELECT * FROM library ORDER BY page_count DESC","fetch_size":10}' "$ELASTICSEARCH_URL/_sql/translate"client.sql().translate(t -> t
.fetchSize(10)
.query("SELECT * FROM library ORDER BY page_count DESC")
);
{
"query": "SELECT * FROM library ORDER BY page_count DESC",
"fetch_size": 10
}