Search | Elasticsearch API documentation (v8)

Delete a behavioral analytics collection Technical preview

DELETE /_application/analytics/{name}

Api key auth Basic auth Bearer auth

The associated data stream is also deleted.

Path parameters

name string Required

The name of the analytics collection to be deleted

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_application/analytics/{name}

curl \
 --request DELETE 'http://api.example.com/_application/analytics/{name}' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "acknowledged": true
}

Get trained models Added in 7.7.0

GET /_cat/ml/trained_models

Api key auth Basic auth Bearer auth

Get configuration and usage information about inference trained models.

IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get trained models statistics API.

Query parameters

allow_no_match boolean

Specifies what to do when the request: contains wildcard expressions and there are no models that match; contains the _all string or no identifiers and there are no matches; contains wildcard expressions and there are only partial matches. If true, the API returns an empty array when there are no matches and the subset of results when there are partial matches. If false, the API returns a 404 status code when there are no matches or only partial matches.
bytes string

The unit used to display byte values.

Values are b, kb, mb, gb, tb, or pb.
h string | array[string]

A comma-separated list of column names to display.
s string | array[string]

A comma-separated list of column names or aliases used to sort the response.
from number

Skips the specified number of transforms.
size number

The maximum number of transforms to display.
time string

Unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
- created_by string
  
  Information about the creator of the model.
- heap_size number | string
  
  One of:
  ByteSize number ByteSize string
- operations string
  
  The estimated number of operations to use the model. This number helps to measure the computational complexity of the model.
- license string
  
  The license level of the model.
- create_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- version string
- description string
  
  A description of the model.
- ingest.pipelines string
  
  The number of pipelines that are referencing the model.
- ingest.count string
  
  The total number of documents that are processed by the model.
- ingest.time string
  
  The total time spent processing documents with thie model.
- ingest.current string
  
  The total number of documents that are currently being handled by the model.
- ingest.failed string
  
  The total number of failed ingest attempts with the model.
- data_frame.id string
  
  The identifier for the data frame analytics job that created the model. Only displayed if the job is still available.
- data_frame.create_time string
  
  The time the data frame analytics job was created.
- data_frame.source_index string
  
  The source index used to train in the data frame analysis.
- data_frame.analysis string
  
  The analysis used by the data frame to build the model.
- type string

GET /_cat/ml/trained_models

curl \
 --request GET 'http://api.example.com/_cat/ml/trained_models' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET _cat/ml/trained_models?v=true&format=json`.

[
  {
    "id": "ddddd-1580216177138",
    "heap_size": "0b",
    "operations": "196",
    "create_time": "2025-03-25T00:01:38.662Z",
    "type": "pytorch",
    "ingest.pipelines": "0",
    "data_frame.id": "__none__"
  },
  {
    "id": "lang_ident_model_1",
    "heap_size": "1mb",
    "operations": "39629",
    "create_time": "2019-12-05T12:28:34.594Z",
    "type": "lang_ident",
    "ingest.pipelines": "0",
    "data_frame.id": "__none__"
  }
]

Get snapshot information Added in 2.1.0

GET /_cat/snapshots

Api key auth Basic auth Bearer auth

Get information about the snapshots stored in one or more repositories. A snapshot is a backup of an index or running Elasticsearch cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the get snapshot API.

Query parameters

ignore_unavailable boolean

If true, the response does not include information from unavailable snapshots.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
master_timeout string

Period to wait for a connection to the master node.
time string

Unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The unique identifier for the snapshot.
- repository string
  
  The repository name.
- status string
  
  The state of the snapshot process. Returned values include: FAILED: The snapshot process failed. INCOMPATIBLE: The snapshot process is incompatible with the current cluster version. IN_PROGRESS: The snapshot process started but has not completed. PARTIAL: The snapshot process completed with a partial success. SUCCESS: The snapshot process completed with a full success.
- start_epoch number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitSeconds number StringifiedEpochTimeUnitSeconds string
  
  Time unit for seconds
- start_time string | object
  
  A time of day, expressed either as hh:mm, noon, midnight, or an hour/minutes structure.
  
  One of:
  ScheduleTimeOfDay string HourAndMinute object
- end_epoch number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitSeconds number StringifiedEpochTimeUnitSeconds string
  
  Time unit for seconds
- end_time string
  
  Time of day, expressed as HH:MM:SS
- duration string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- indices string
  
  The number of indices in the snapshot.
- successful_shards string
  
  The number of successful shards in the snapshot.
- failed_shards string
  
  The number of failed shards in the snapshot.
- total_shards string
  
  The total number of shards in the snapshot.
- reason string
  
  The reason for any snapshot failures.

GET /_cat/snapshots

curl \
 --request GET 'http://api.example.com/_cat/snapshots' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/snapshots/repo1?v=true&s=id&format=json`.

[
  {
    "id": "snap1",
    "repository": "repo1",
    "status": "FAILED",
    "start_epoch": "1445616705",
    "start_time": "18:11:45",
    "end_epoch": "1445616978",
    "end_time": "18:16:18",
    "duration": "4.6m",
    "indices": "1",
    "successful_shards": "4",
    "failed_shards": "1",
    "total_shards": "5"
  },
  {
    "id": "snap2",
    "repository": "repo1",
    "status": "SUCCESS",
    "start_epoch": "1445634298",
    "start_time": "23:04:58",
    "end_epoch": "1445634672",
    "end_time": "23:11:12",
    "duration": "6.2m",
    "indices": "2",
    "successful_shards": "10",
    "failed_shards": "0",
    "total_shards": "10"
  }
]

Get snapshot information Added in 2.1.0

GET /_cat/snapshots/{repository}

Api key auth Basic auth Bearer auth

Get information about the snapshots stored in one or more repositories. A snapshot is a backup of an index or running Elasticsearch cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the get snapshot API.

Path parameters

repository string | array[string] Required

A comma-separated list of snapshot repositories used to limit the request. Accepts wildcard expressions. _all returns all repositories. If any repository fails during the request, Elasticsearch returns an error.

Query parameters

ignore_unavailable boolean

If true, the response does not include information from unavailable snapshots.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
master_timeout string

Period to wait for a connection to the master node.
time string

Unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The unique identifier for the snapshot.
- repository string
  
  The repository name.
- status string
  
  The state of the snapshot process. Returned values include: FAILED: The snapshot process failed. INCOMPATIBLE: The snapshot process is incompatible with the current cluster version. IN_PROGRESS: The snapshot process started but has not completed. PARTIAL: The snapshot process completed with a partial success. SUCCESS: The snapshot process completed with a full success.
- start_epoch number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitSeconds number StringifiedEpochTimeUnitSeconds string
  
  Time unit for seconds
- start_time string | object
  
  A time of day, expressed either as hh:mm, noon, midnight, or an hour/minutes structure.
  
  One of:
  ScheduleTimeOfDay string HourAndMinute object
- end_epoch number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitSeconds number StringifiedEpochTimeUnitSeconds string
  
  Time unit for seconds
- end_time string
  
  Time of day, expressed as HH:MM:SS
- duration string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- indices string
  
  The number of indices in the snapshot.
- successful_shards string
  
  The number of successful shards in the snapshot.
- failed_shards string
  
  The number of failed shards in the snapshot.
- total_shards string
  
  The total number of shards in the snapshot.
- reason string
  
  The reason for any snapshot failures.

GET /_cat/snapshots/{repository}

curl \
 --request GET 'http://api.example.com/_cat/snapshots/{repository}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/snapshots/repo1?v=true&s=id&format=json`.

[
  {
    "id": "snap1",
    "repository": "repo1",
    "status": "FAILED",
    "start_epoch": "1445616705",
    "start_time": "18:11:45",
    "end_epoch": "1445616978",
    "end_time": "18:16:18",
    "duration": "4.6m",
    "indices": "1",
    "successful_shards": "4",
    "failed_shards": "1",
    "total_shards": "5"
  },
  {
    "id": "snap2",
    "repository": "repo1",
    "status": "SUCCESS",
    "start_epoch": "1445634298",
    "start_time": "23:04:58",
    "end_epoch": "1445634672",
    "end_time": "23:11:12",
    "duration": "6.2m",
    "indices": "2",
    "successful_shards": "10",
    "failed_shards": "0",
    "total_shards": "10"
  }
]

Ping the cluster

HEAD /

Api key auth Basic auth Bearer auth

Get information about whether the cluster is running.

Responses

200 application/json

HEAD /

curl \
 --request HEAD 'http://api.example.com/' \
 --header "Authorization: $API_KEY"

Clear the archived repositories metering Technical preview

DELETE /_nodes/{node_id}/_repositories_metering/{max_archive_version}

Api key auth Basic auth Bearer auth

Clear the archived repositories metering information in the cluster.

Path parameters

node_id string | array[string] Required

Comma-separated list of node IDs or names used to limit returned information.
max_archive_version number Required

Specifies the maximum archive_version to be cleared from the archive.

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string Required
- nodes object Required
  
  Contains repositories metering information for the nodes selected by the request.
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  repository_name string Required
  
  repository_type string Required
  
  Repository type.
  
  repository_location object Required
  
  Hide repository_location attributes Show repository_location attributes object
  
  base_path string Required
  
  container string
  
  Container name (Azure)
  
  bucket string
  
  Bucket name (GCP, S3)
  
  repository_ephemeral_id string Required
  
  Time unit for milliseconds
  
  Time unit for milliseconds
  
  archived boolean Required
  
  A flag that tells whether or not this object has been archived. When a repository is closed or updated the repository metering information is archived and kept for a certain period of time. This allows retrieving the repository metering information of previous repository instantiations.
  
  cluster_version number
  
  request_counts object Required
  
  Hide request_counts attributes Show request_counts attributes object
  
  GetBlobProperties number
  
  Number of Get Blob Properties requests (Azure)
  
  GetBlob number
  
  Number of Get Blob requests (Azure)
  
  ListBlobs number
  
  Number of List Blobs requests (Azure)
  
  PutBlob number
  
  Number of Put Blob requests (Azure)
  
  PutBlock number
  
  Number of Put Block (Azure)
  
  PutBlockList number
  
  Number of Put Block List requests
  
  GetObject number
  
  Number of get object requests (GCP, S3)
  
  ListObjects number
  
  Number of list objects requests (GCP, S3)
  
  InsertObject number
  
  Number of insert object requests, including simple, multipart and resumable uploads. Resumable uploads can perform multiple http requests to insert a single object but they are considered as a single request since they are billed as an individual operation. (GCP)
  
  PutObject number
  
  Number of PutObject requests (S3)
  
  PutMultipartObject number
  
  Number of Multipart requests, including CreateMultipartUpload, UploadPart and CompleteMultipartUpload requests (S3)

DELETE /_nodes/{node_id}/_repositories_metering/{max_archive_version}

curl \
 --request DELETE 'http://api.example.com/_nodes/{node_id}/_repositories_metering/{max_archive_version}' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "_nodes": {
    "failures": [
      {
        "type": "string",
        "reason": "string",
        "stack_trace": "string",
        "caused_by": {},
        "root_cause": [
          {}
        ],
        "suppressed": [
          {}
        ]
      }
    ],
    "total": 42.0,
    "successful": 42.0,
    "failed": 42.0
  },
  "cluster_name": "string",
  "nodes": {
    "additionalProperty1": {
      "repository_name": "string",
      "repository_type": "string",
      "repository_location": {
        "base_path": "string",
        "container": "string",
        "bucket": "string"
      },
      "repository_ephemeral_id": "string",
      "": 42.0,
      "archived": true,
      "cluster_version": 42.0,
      "request_counts": {
        "GetBlobProperties": 42.0,
        "GetBlob": 42.0,
        "ListBlobs": 42.0,
        "PutBlob": 42.0,
        "PutBlock": 42.0,
        "PutBlockList": 42.0,
        "GetObject": 42.0,
        "ListObjects": 42.0,
        "InsertObject": 42.0,
        "PutObject": 42.0,
        "PutMultipartObject": 42.0
      }
    },
    "additionalProperty2": {
      "repository_name": "string",
      "repository_type": "string",
      "repository_location": {
        "base_path": "string",
        "container": "string",
        "bucket": "string"
      },
      "repository_ephemeral_id": "string",
      "": 42.0,
      "archived": true,
      "cluster_version": 42.0,
      "request_counts": {
        "GetBlobProperties": 42.0,
        "GetBlob": 42.0,
        "ListBlobs": 42.0,
        "PutBlob": 42.0,
        "PutBlock": 42.0,
        "PutBlockList": 42.0,
        "GetObject": 42.0,
        "ListObjects": 42.0,
        "InsertObject": 42.0,
        "PutObject": 42.0,
        "PutMultipartObject": 42.0
      }
    }
  }
}

Get all connectors Beta

GET /_connector

Api key auth Basic auth Bearer auth

Get information about all connectors.

Query parameters

from number

Starting offset (default: 0)
size number

Specifies a max number of results to get
index_name string | array[string]

A comma-separated list of connector index names to fetch connector documents for
connector_name string | array[string]

A comma-separated list of connector names to fetch connector documents for
service_type string | array[string]

A comma-separated list of connector service types to fetch connector documents for
query string

A wildcard query string that filters connectors with matching name, description or index name

Responses

200 application/json
Hide response attributes Show response attributes object
- count number Required
- results array[object] Required
  
  Hide results attributes Show results attributes object
  
  api_key_id string
  
  api_key_secret_id string
  
  configuration object Required
  
  Hide configuration attribute Show configuration attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  category string
  
  default_value number | string | boolean | null Required
  
  A scalar value.
  
  One of:
  ScalarValue number ScalarValue number ScalarValue string ScalarValue boolean ScalarValue string | null
  
  depends_on array[object] Required
  
  display string Required
  
  Values are textbox, textarea, numeric, toggle, or dropdown.
  
  label string Required
  
  options array[object] Required
  
  order number
  
  placeholder string
  
  required boolean Required
  
  sensitive boolean Required
  
  tooltip string | null
  
  One of:
  string-1 string string-2 string | null
  
  type string
  
  Values are str, int, list, or bool.
  
  ui_restrictions array[string]
  
  validations array[object]
  
  value object Required
  
  custom_scheduling object Required
  
  Hide custom_scheduling attribute Show custom_scheduling attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  configuration_overrides object Required
  
  Hide configuration_overrides attributes Show configuration_overrides attributes object
  
  max_crawl_depth number
  
  sitemap_discovery_disabled boolean
  
  domain_allowlist array[string]
  
  sitemap_urls array[string]
  
  seed_urls array[string]
  
  enabled boolean Required
  
  interval string Required
  
  last_synced string
  
  name string Required
  
  description string
  
  error string | null
  
  One of:
  string-1 string string-2 string | null
  
  features object
  
  Hide features attributes Show features attributes object
  
  document_level_security object
  
  Hide document_level_security attribute Show document_level_security attribute object
  
  enabled boolean Required
  
  incremental_sync object
  
  Hide incremental_sync attribute Show incremental_sync attribute object
  
  enabled boolean Required
  
  native_connector_api_keys object
  
  Hide native_connector_api_keys attribute Show native_connector_api_keys attribute object
  
  enabled boolean Required
  
  sync_rules object
  
  Hide sync_rules attributes Show sync_rules attributes object
  
  advanced object
  
  Hide advanced attribute Show advanced attribute object
  
  enabled boolean Required
  
  basic object
  
  Hide basic attribute Show basic attribute object
  
  enabled boolean Required
  
  filtering array[object] Required
  
  Hide filtering attributes Show filtering attributes object
  
  active object Required
  
  Hide active attributes Show active attributes object
  
  advanced_snippet object Required
  
  rules array[object] Required
  
  validation object Required
  
  domain string
  
  draft object Required
  
  Hide draft attributes Show draft attributes object
  
  advanced_snippet object Required
  
  rules array[object] Required
  
  validation object Required
  
  id string
  
  index_name string | null
  
  One of:
  IndexName string string-2 string | null
  
  is_native boolean Required
  
  language string
  
  last_access_control_sync_error string
  
  last_access_control_sync_scheduled_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  last_access_control_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
  
  last_deleted_document_count number
  
  last_incremental_sync_scheduled_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  last_indexed_document_count number
  
  last_seen string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  last_sync_error string
  
  last_sync_scheduled_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  last_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
  
  last_synced string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  name string
  
  pipeline object
  
  Hide pipeline attributes Show pipeline attributes object
  
  extract_binary_content boolean Required
  
  name string Required
  
  reduce_whitespace boolean Required
  
  run_ml_inference boolean Required
  
  scheduling object Required
  
  Hide scheduling attributes Show scheduling attributes object
  
  access_control object
  
  Hide access_control attributes Show access_control attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
  
  full object
  
  Hide full attributes Show full attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
  
  incremental object
  
  Hide incremental attributes Show incremental attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
  
  service_type string
  
  status string Required
  
  Values are created, needs_configuration, configured, connected, or error.
  
  sync_cursor object
  
  sync_now boolean Required

GET /_connector

curl \
 --request GET 'http://api.example.com/_connector' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "count": 42.0,
  "results": [
    {
      "api_key_id": "string",
      "api_key_secret_id": "string",
      "configuration": {
        "additionalProperty1": {
          "category": "string",
          "": 42.0,
          "depends_on": [
            {}
          ],
          "display": "textbox",
          "label": "string",
          "options": [
            {}
          ],
          "order": 42.0,
          "placeholder": "string",
          "required": true,
          "sensitive": true,
          "tooltip": "string",
          "type": "str",
          "ui_restrictions": [
            "string"
          ],
          "validations": [
            {}
          ],
          "value": {}
        },
        "additionalProperty2": {
          "category": "string",
          "": 42.0,
          "depends_on": [
            {}
          ],
          "display": "textbox",
          "label": "string",
          "options": [
            {}
          ],
          "order": 42.0,
          "placeholder": "string",
          "required": true,
          "sensitive": true,
          "tooltip": "string",
          "type": "str",
          "ui_restrictions": [
            "string"
          ],
          "validations": [
            {}
          ],
          "value": {}
        }
      },
      "custom_scheduling": {
        "additionalProperty1": {
          "configuration_overrides": {
            "max_crawl_depth": 42.0,
            "sitemap_discovery_disabled": true,
            "domain_allowlist": [
              "string"
            ],
            "sitemap_urls": [
              "string"
            ],
            "seed_urls": [
              "string"
            ]
          },
          "enabled": true,
          "interval": "string",
          "": "string",
          "name": "string"
        },
        "additionalProperty2": {
          "configuration_overrides": {
            "max_crawl_depth": 42.0,
            "sitemap_discovery_disabled": true,
            "domain_allowlist": [
              "string"
            ],
            "sitemap_urls": [
              "string"
            ],
            "seed_urls": [
              "string"
            ]
          },
          "enabled": true,
          "interval": "string",
          "": "string",
          "name": "string"
        }
      },
      "description": "string",
      "error": "string",
      "features": {
        "document_level_security": {
          "enabled": true
        },
        "incremental_sync": {
          "enabled": true
        },
        "native_connector_api_keys": {
          "enabled": true
        },
        "sync_rules": {
          "advanced": {
            "enabled": true
          },
          "basic": {
            "enabled": true
          }
        }
      },
      "filtering": [
        {
          "active": {
            "advanced_snippet": {},
            "rules": [
              {}
            ],
            "validation": {}
          },
          "domain": "string",
          "draft": {
            "advanced_snippet": {},
            "rules": [
              {}
            ],
            "validation": {}
          }
        }
      ],
      "id": "string",
      "index_name": "string",
      "is_native": true,
      "language": "string",
      "last_access_control_sync_error": "string",
      "": "string",
      "last_access_control_sync_status": "canceling",
      "last_deleted_document_count": 42.0,
      "last_indexed_document_count": 42.0,
      "last_sync_error": "string",
      "last_sync_status": "canceling",
      "name": "string",
      "pipeline": {
        "extract_binary_content": true,
        "name": "string",
        "reduce_whitespace": true,
        "run_ml_inference": true
      },
      "scheduling": {
        "access_control": {
          "enabled": true,
          "interval": "string"
        },
        "full": {
          "enabled": true,
          "interval": "string"
        },
        "incremental": {
          "enabled": true,
          "interval": "string"
        }
      },
      "service_type": "string",
      "status": "created",
      "sync_cursor": {},
      "sync_now": true
    }
  ]
}

Update the connector error field Technical preview

PUT /_connector/{connector_id}/_error

Api key auth Basic auth Bearer auth

Set the error field for the connector. If the error provided in the request body is non-null, the connector’s status is updated to error. Otherwise, if the error is reset to null, the connector status is updated to connected.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

error string | null

One of:
string-1 string NullValue string | null

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_error

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_error' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"error\": \"Houston, we have a problem!\"\n}"'

Request example

{
    "error": "Houston, we have a problem!"
}

Response examples (200)

{
  "result": "updated"
}

Downsample an index Technical preview

POST /{index}/_downsample/{target_index}

Api key auth Basic auth Bearer auth

Aggregate a time series (TSDS) index and store pre-computed statistical summaries (min, max, sum, value_count and avg) for each metric field grouped by a configured time interval. For example, a TSDS index that contains metrics sampled every 10 seconds can be downsampled to an hourly index. All documents within an hour interval are summarized and stored as a single document in the downsample index.

NOTE: Only indices in a time series data stream are supported. Neither field nor document level security can be defined on the source index. The source index must be read only (index.blocks.write: true).

Path parameters

index string Required

Name of the time series index to downsample.
target_index string Required

Name of the index to create.

application/json

Body Required

fixed_interval string Required

A date histogram interval. Similar to Duration with additional units: w (week), M (month), q (quarter) and y (year)

Responses

200 application/json

POST /{index}/_downsample/{target_index}

curl \
 --request POST 'http://api.example.com/{index}/_downsample/{target_index}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"fixed_interval\": \"1d\"\n}"'

Request example

{
  "fixed_interval": "1d"
}

Response examples (200)

{}

Get data stream lifecycle stats Added in 8.12.0

GET /_lifecycle/stats

Api key auth Basic auth Bearer auth

Get statistics about the data streams that are managed by a data stream lifecycle.

Responses

200 application/json
Hide response attributes Show response attributes object
- data_stream_count number Required
  
  The count of data streams currently being managed by the data stream lifecycle.
- data_streams array[object] Required
  
  Information about the data streams that are managed by the data stream lifecycle.
  
  Hide data_streams attributes Show data_streams attributes object
  
  backing_indices_in_error number Required
  
  The count of the backing indices for the data stream.
  
  backing_indices_in_total number Required
  
  The count of the backing indices for the data stream that have encountered an error.
  
  name string Required
- last_run_duration_in_millis number
  
  Time unit for milliseconds
- time_between_starts_in_millis number
  
  Time unit for milliseconds

GET /_lifecycle/stats

curl \
 --request GET 'http://api.example.com/_lifecycle/stats' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for `GET _lifecycle/stats?human&pretty`

{
  "last_run_duration_in_millis": 2,
  "last_run_duration": "2ms",
  "time_between_starts_in_millis": 9998,
  "time_between_starts": "9.99s",
  "data_streams_count": 2,
  "data_streams": [
    {
      "name": "my-data-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 0
    },
    {
      "name": "my-other-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 1
    }
  ]
}

Update data streams Added in 7.16.0

POST /_data_stream/_modify

Api key auth Basic auth Bearer auth

Performs one or more data stream modification actions in a single atomic operation.

application/json

Body Required

actions array[object] Required

Actions to perform.
Hide actions attributes Show actions attributes object
- add_backing_index object
  Hide add_backing_index attributes Show add_backing_index attributes object
  
  data_stream string Required
  
  index string Required
- remove_backing_index object
  Hide remove_backing_index attributes Show remove_backing_index attributes object
  
  data_stream string Required
  
  index string Required

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_data_stream/_modify

curl \
 --request POST 'http://api.example.com/_data_stream/_modify' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"actions":[{"add_backing_index":{"data_stream":"string","index":"string"},"remove_backing_index":{"data_stream":"string","index":"string"}}]}'

Request examples

{
  "actions": [
    {
      "add_backing_index": {
        "data_stream": "string",
        "index": "string"
      },
      "remove_backing_index": {
        "data_stream": "string",
        "index": "string"
      }
    }
  ]
}

Response examples (200)

{
  "acknowledged": true
}

Bulk index or delete documents

POST /{index}/_bulk

Api key auth Basic auth Bearer auth

Perform multiple index, create, delete, and update actions in a single request. This reduces overhead and can greatly increase indexing speed.

If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or index alias:

To use the create action, you must have the create_doc, create, index, or write index privilege. Data streams support only the create action.
To use the index action, you must have the create, index, or write index privilege.
To use the delete action, you must have the delete or write index privilege.
To use the update action, you must have the index or write index privilege.
To automatically create a data stream or index with a bulk API request, you must have the auto_configure, create_index, or manage index privilege.
To make the result of a bulk operation visible to search using the refresh parameter, you must have the maintenance or manage index privilege.

Automatic data stream creation requires a matching index template with data stream enabled.

The actions are specified in the request body using a newline delimited JSON (NDJSON) structure:

action_and_meta_data\n
optional_source\n
action_and_meta_data\n
optional_source\n
....
action_and_meta_data\n
optional_source\n

The index and create actions expect a source on the next line and have the same semantics as the op_type parameter in the standard index API. A create action fails if a document with the same ID already exists in the target An index action adds or replaces a document as necessary.

NOTE: Data streams support only the create action. To update or delete a document in a data stream, you must target the backing index containing the document.

An update action expects that the partial doc, upsert, and script and its options are specified on the next line.

A delete action does not expect a source on the next line and has the same semantics as the standard delete API.

NOTE: The final line of data must end with a newline character (\n). Each newline character may be preceded by a carriage return (\r). When sending NDJSON data to the _bulk endpoint, use a Content-Type header of application/json or application/x-ndjson. Because this format uses literal newline characters (\n) as delimiters, make sure that the JSON actions and sources are not pretty printed.

If you provide a target in the request path, it is used for any actions that don't explicitly specify an _index argument.

A note on the format: the idea here is to make processing as fast as possible. As some of the actions are redirected to other shards on other nodes, only action_meta_data is parsed on the receiving node side.

Client libraries using this protocol should try and strive to do something similar on the client side, and reduce buffering as much as possible.

There is no "correct" number of actions to perform in a single bulk request. Experiment with different settings to find the optimal size for your particular workload. Note that Elasticsearch limits the maximum size of a HTTP request to 100mb by default so clients must ensure that no request exceeds this size. It is not possible to index a single document that exceeds the size limit, so you must pre-process any such documents into smaller pieces before sending them to Elasticsearch. For instance, split documents into pages or chapters before indexing them, or store raw binary data in a system outside Elasticsearch and replace the raw data with a link to the external system in the documents that you send to Elasticsearch.

Client suppport for bulk requests

Some of the officially supported clients provide helpers to assist with bulk requests and reindexing:

Go: Check out esutil.BulkIndexer
Perl: Check out Search::Elasticsearch::Client::5_0::Bulk and Search::Elasticsearch::Client::5_0::Scroll
Python: Check out elasticsearch.helpers.*
JavaScript: Check out client.helpers.*
.NET: Check out BulkAllObservable
PHP: Check out bulk indexing.

Submitting bulk requests with cURL

If you're providing text file input to curl, you must use the --data-binary flag instead of plain -d. The latter doesn't preserve newlines. For example:

$ cat requests
{ "index" : { "_index" : "test", "_id" : "1" } }
{ "field1" : "value1" }
$ curl -s -H "Content-Type: application/x-ndjson" -XPOST localhost:9200/_bulk --data-binary "@requests"; echo
{"took":7, "errors": false, "items":[{"index":{"_index":"test","_id":"1","_version":1,"result":"created","forced_refresh":false}}]}

Optimistic concurrency control

Each index and delete action within a bulk API call may include the if_seq_no and if_primary_term parameters in their respective action and meta data lines. The if_seq_no and if_primary_term parameters control how operations are run, based on the last modification to existing documents. See Optimistic concurrency control for more details.

Versioning

Each bulk item can include the version value using the version field. It automatically follows the behavior of the index or delete operation based on the _version mapping. It also support the version_type.

Routing

Each bulk item can include the routing value using the routing field. It automatically follows the behavior of the index or delete operation based on the _routing mapping.

NOTE: Data streams do not support custom routing unless they were created with the allow_custom_routing setting enabled in the template.

Wait for active shards

When making bulk calls, you can set the wait_for_active_shards parameter to require a minimum number of shard copies to be active before starting to process the bulk request.

Refresh

Control when the changes made by this request are visible to search.

NOTE: Only the shards that receive the bulk request will be affected by refresh. Imagine a _bulk?refresh=wait_for request with three documents in it that happen to be routed to different shards in an index with five shards. The request will only wait for those three shards to refresh. The other two shards that make up the index do not participate in the _bulk request at all.

Path parameters

index string Required

The name of the data stream, index, or index alias to perform bulk actions on.

Query parameters

include_source_on_error boolean

True or false if to include the document source in the error message in case of parsing errors.
list_executed_pipelines boolean

If true, the response will include the ingest pipelines that were run for each index or create.
pipeline string

The pipeline identifier to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
refresh string

If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, wait for a refresh to make this operation visible to search. If false, do nothing with refreshes. Valid values: true, false, wait_for.

Values are true, false, or wait_for.
routing string

A custom value that is used to route operations to a specific shard.
_source boolean | string | array[string]

Indicates whether to return the _source field (true or false) or contains a list of fields to return.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored.
timeout string

The period each action waits for the following operations: automatic index creation, dynamic mapping updates, and waiting for active shards. The default is 1m (one minute), which guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default is 1, which waits for each primary shard to be active.
require_alias boolean

If true, the request's actions must target an index alias.
require_data_stream boolean

If true, the request's actions must target a data stream (existing or to be created).

application/json

Body object Required

index object
Hide index attributes Show index attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- dynamic_templates object
  
  A map from the full name of fields to the name of dynamic templates. It defaults to an empty map. If a name matches a dynamic template, that template will be applied regardless of other match predicates defined in the template. If a field is already defined in the mapping, then this parameter won't be used.
  Hide dynamic_templates attribute Show dynamic_templates attribute object
  
  * string Additional properties
- pipeline string
  
  The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
create object
Hide create attributes Show create attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- dynamic_templates object
  
  A map from the full name of fields to the name of dynamic templates. It defaults to an empty map. If a name matches a dynamic template, that template will be applied regardless of other match predicates defined in the template. If a field is already defined in the mapping, then this parameter won't be used.
  Hide dynamic_templates attribute Show dynamic_templates attribute object
  
  * string Additional properties
- pipeline string
  
  The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
update object
Hide update attributes Show update attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
- retry_on_conflict number
  
  The number of times an update should be retried in the case of a version conflict.
delete object
Hide delete attributes Show delete attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.

detect_noop boolean

If true, the result in the response is set to 'noop' when no changes to the document occur.
doc object

A partial update to an existing document.
doc_as_upsert boolean

Set to true to use the contents of doc as the value of upsert.
script object
Hide script attributes Show script attributes object
- source string
  
  The script source.
- id string
- params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  Hide params attribute Show params attribute object
  
  * object Additional properties
- lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
- options object
  Hide options attribute Show options attribute object
  
  * string Additional properties
scripted_upsert boolean

Set to true to run the script whether or not the document exists.
_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.
One of:
SourceConfig boolean SourceFilter object
Hide attributes Show attributes

excludes string | array[string]

includes string | array[string]
upsert object

If the document does not already exist, the contents of upsert are inserted as a new document. If the document exists, the script is run.

Responses

200 application/json
Hide response attributes Show response attributes object
- errors boolean Required
  
  If true, one or more of the operations in the bulk request did not complete successfully.
- items array[object] Required
  
  The result of each operation in the bulk request, in the order they were submitted.
  
  Hide items attribute Show items attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  _id string | null
  
  The document ID associated with the operation.
  
  One of:
  string-1 string string-2 string | null
  
  _index string Required
  
  The name of the index associated with the operation. If the operation targeted a data stream, this is the backing index into which the document was written.
  
  status number Required
  
  The HTTP status code returned for the operation.
  
  failure_store string
  
  Values are not_applicable_or_unknown, used, not_enabled, or failed.
  
  error object
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  _primary_term number
  
  The primary term assigned to the document for the operation. This property is returned only for successful operations.
  
  result string
  
  The result of the operation. Successful values are created, deleted, and updated.
  
  _seq_no number
  
  _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  skipped number
  
  _version number
  
  forced_refresh boolean
  
  get object
  
  Hide get attributes Show get attributes object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  found boolean Required
  
  _seq_no number
  
  _primary_term number
  
  _routing string
  
  _source object
  
  Hide _source attribute Show _source attribute object
  
  * object Additional properties
- took number Required
  
  The length of time, in milliseconds, it took to process the bulk request.
- ingest_took number

POST /{index}/_bulk

curl \
 --request POST 'http://api.example.com/{index}/_bulk' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{ \"index\" : { \"_index\" : \"test\", \"_id\" : \"1\" } }\n{ \"field1\" : \"value1\" }\n{ \"delete\" : { \"_index\" : \"test\", \"_id\" : \"2\" } }\n{ \"create\" : { \"_index\" : \"test\", \"_id\" : \"3\" } }\n{ \"field1\" : \"value3\" }\n{ \"update\" : {\"_id\" : \"1\", \"_index\" : \"test\"} }\n{ \"doc\" : {\"field2\" : \"value2\"} }"'

Request examples

Run `POST _bulk` to perform multiple operations.

{ "index" : { "_index" : "test", "_id" : "1" } }
{ "field1" : "value1" }
{ "delete" : { "_index" : "test", "_id" : "2" } }
{ "create" : { "_index" : "test", "_id" : "3" } }
{ "field1" : "value3" }
{ "update" : {"_id" : "1", "_index" : "test"} }
{ "doc" : {"field2" : "value2"} }

When you run `POST _bulk` and use the `update` action, you can use `retry_on_conflict` as a field in the action itself (not in the extra payload line) to specify how many times an update should be retried in the case of a version conflict.

{ "update" : {"_id" : "1", "_index" : "index1", "retry_on_conflict" : 3} }
{ "doc" : {"field" : "value"} }
{ "update" : { "_id" : "0", "_index" : "index1", "retry_on_conflict" : 3} }
{ "script" : { "source": "ctx._source.counter += params.param1", "lang" : "painless", "params" : {"param1" : 1}}, "upsert" : {"counter" : 1}}
{ "update" : {"_id" : "2", "_index" : "index1", "retry_on_conflict" : 3} }
{ "doc" : {"field" : "value"}, "doc_as_upsert" : true }
{ "update" : {"_id" : "3", "_index" : "index1", "_source" : true} }
{ "doc" : {"field" : "value"} }
{ "update" : {"_id" : "4", "_index" : "index1"} }
{ "doc" : {"field" : "value"}, "_source": true}

To return only information about failed operations, run `POST /_bulk?filter_path=items.*.error`.

{ "update": {"_id": "5", "_index": "index1"} }
{ "doc": {"my_field": "foo"} }
{ "update": {"_id": "6", "_index": "index1"} }
{ "doc": {"my_field": "foo"} }
{ "create": {"_id": "7", "_index": "index1"} }
{ "my_field": "foo" }

Run `POST /_bulk` to perform a bulk request that consists of index and create actions with the `dynamic_templates` parameter. The bulk request creates two new fields `work_location` and `home_location` with type `geo_point` according to the `dynamic_templates` parameter. However, the `raw_location` field is created using default dynamic mapping rules, as a text field in that case since it is supplied as a string in the JSON document.

{ "index" : { "_index" : "my_index", "_id" : "1", "dynamic_templates": {"work_location": "geo_point"}} }
{ "field" : "value1", "work_location": "41.12,-71.34", "raw_location": "41.12,-71.34"}
{ "create" : { "_index" : "my_index", "_id" : "2", "dynamic_templates": {"home_location": "geo_point"}} }
{ "field" : "value2", "home_location": "41.12,-71.34"}

Response examples (200)

{
   "took": 30,
   "errors": false,
   "items": [
      {
         "index": {
            "_index": "test",
            "_id": "1",
            "_version": 1,
            "result": "created",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 201,
            "_seq_no" : 0,
            "_primary_term": 1
         }
      },
      {
         "delete": {
            "_index": "test",
            "_id": "2",
            "_version": 1,
            "result": "not_found",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 404,
            "_seq_no" : 1,
            "_primary_term" : 2
         }
      },
      {
         "create": {
            "_index": "test",
            "_id": "3",
            "_version": 1,
            "result": "created",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 201,
            "_seq_no" : 2,
            "_primary_term" : 3
         }
      },
      {
         "update": {
            "_index": "test",
            "_id": "1",
            "_version": 2,
            "result": "updated",
            "_shards": {
                "total": 2,
                "successful": 1,
                "failed": 0
            },
            "status": 200,
            "_seq_no" : 3,
            "_primary_term" : 4
         }
      }
   ]
}

If you run `POST /_bulk` with operations that update non-existent documents, the operations cannot complete successfully. The API returns a response with an `errors` property value `true`. The response also includes an error object for any failed operations. The error object contains additional information about the failure, such as the error type and reason.

{
  "took": 486,
  "errors": true,
  "items": [
    {
      "update": {
        "_index": "index1",
        "_id": "5",
        "status": 404,
        "error": {
          "type": "document_missing_exception",
          "reason": "[5]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "update": {
        "_index": "index1",
        "_id": "6",
        "status": 404,
        "error": {
          "type": "document_missing_exception",
          "reason": "[6]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "create": {
        "_index": "index1",
        "_id": "7",
        "_version": 1,
        "result": "created",
        "_shards": {
          "total": 2,
          "successful": 1,
          "failed": 0
        },
        "_seq_no": 0,
        "_primary_term": 1,
        "status": 201
      }
    }
  ]
}

An example response from `POST /_bulk?filter_path=items.*.error`, which returns only information about failed operations.

{
  "items": [
    {
      "update": {
        "error": {
          "type": "document_missing_exception",
          "reason": "[5]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "update": {
        "error": {
          "type": "document_missing_exception",
          "reason": "[6]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    }
  ]
}

Delete a document

DELETE /{index}/_doc/{id}

Api key auth Basic auth Bearer auth

Remove a JSON document from the specified index.

NOTE: You cannot send deletion requests directly to a data stream. To delete a document in a data stream, you must target the backing index containing the document.

Optimistic concurrency control

Delete operations can be made conditional and only be performed if the last modification to the document was assigned the sequence number and primary term specified by the if_seq_no and if_primary_term parameters. If a mismatch is detected, the operation will result in a VersionConflictException and a status code of 409.

Versioning

Each document indexed is versioned. When deleting a document, the version can be specified to make sure the relevant document you are trying to delete is actually being deleted and it has not changed in the meantime. Every write operation run on a document, deletes included, causes its version to be incremented. The version number of a deleted document remains available for a short time after deletion to allow for control of concurrent operations. The length of time for which a deleted document's version remains available is determined by the index.gc_deletes index setting.

Routing

If routing is used during indexing, the routing value also needs to be specified to delete a document.

If the _routing mapping is set to required and no routing value is specified, the delete API throws a RoutingMissingException and rejects the request.

For example:

DELETE /my-index-000001/_doc/1?routing=shard-1

This request deletes the document with ID 1, but it is routed based on the user. The document is not deleted if the correct routing is not specified.

Distributed

The delete operation gets hashed into a specific shard ID. It then gets redirected into the primary shard within that ID group and replicated (if needed) to shard replicas within that ID group.

Path parameters

index string Required

The name of the target index.
id string Required

A unique identifier for the document.

Query parameters

if_primary_term number

Only perform the operation if the document has this primary term.
if_seq_no number

Only perform the operation if the document has this sequence number.
refresh string

If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes.

Values are true, false, or wait_for.
routing string

A custom value used to route operations to a specific shard.
timeout string

The period to wait for active shards.

This parameter is useful for situations where the primary shard assigned to perform the delete operation might not be available when the delete operation runs. Some reasons for this might be that the primary shard is currently recovering from a store or undergoing relocation. By default, the delete operation will wait on the primary shard to become available for up to 1 minute before failing and responding with an error.
version number

An explicit version number for concurrency control. It must match the current version of the document for the request to succeed.
version_type string

The version type.

Values are internal, external, external_gte, or force.
wait_for_active_shards number | string

The minimum number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active.

Responses

200 application/json
Hide response attributes Show response attributes object
- _id string Required
- _index string Required
- _primary_term number
  
  The primary term assigned to the document for the indexing operation.
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.
- _seq_no number
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number
- _version number Required
- forced_refresh boolean

DELETE /{index}/_doc/{id}

curl \
 --request DELETE 'http://api.example.com/{index}/_doc/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `DELETE /my-index-000001/_doc/1`, which deletes the JSON document 1 from the `my-index-000001` index.

{
  "_shards": {
    "total": 2,
    "failed": 0,
    "successful": 2
  },
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 2,
  "_primary_term": 1,
  "_seq_no": 5,
  "result": "deleted"
}

Check a document

HEAD /{index}/_doc/{id}

Api key auth Basic auth Bearer auth

Verify that a document exists. For example, check to see if a document with the _id 0 exists:

HEAD my-index-000001/_doc/0

If the document exists, the API returns a status code of 200 - OK. If the document doesn’t exist, the API returns 404 - Not Found.

Versioning support

You can use the version parameter to check the document only if its current version is equal to the specified one.

Internally, Elasticsearch has marked the old document as deleted and added an entirely new document. The old version of the document doesn't disappear immediately, although you won't be able to access it. Elasticsearch cleans up deleted documents in the background as you continue to index more data.

Path parameters

index string Required

A comma-separated list of data streams, indices, and aliases. It supports wildcards (*).
id string Required

A unique document identifier.

Query parameters

preference string

The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.

If it is set to _local, the operation will prefer to be run on a local allocated shard when possible. If it is set to a custom value, the value is used to guarantee that the same shards will be used for the same custom value. This can help with "jumping values" when hitting different shards in different refresh states. A sample value can be something like the web session ID or the user name.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
refresh boolean

If true, the request refreshes the relevant shards before retrieving the document. Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
routing string

A custom value used to route operations to a specific shard.
_source boolean | string | array[string]

Indicates whether to return the _source field (true or false) or lists the fields to return.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored.
stored_fields string | array[string]

A comma-separated list of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false.
version number

Explicit version number for concurrency control. The specified version must match the current version of the document for the request to succeed.
version_type string

The version type.

Values are internal, external, external_gte, or force.

Responses

200 application/json

HEAD /{index}/_doc/{id}

HEAD my-index-000001/_doc/0

curl -I "localhost:9200/my-index-000001/_doc/0?pretty"

const response = await client.exists({
  index: "my-index-000001",
  id: 0,
});
console.log(response);

resp = client.exists(
  index="my-index-000001",
  id="0",
)
print(resp)

response = client.exists(
  index: 'my-index-000001',
  id: 0
)
puts response

Get multiple term vectors

POST /_mtermvectors

Api key auth Basic auth Bearer auth

Get multiple term vectors with a single request. You can specify existing documents by index and ID or provide artificial documents in the body of the request. You can specify the index in the request body or request URI. The response contains a docs array with all the fetched termvectors. Each element has the structure provided by the termvectors API.

Artificial documents

You can also use mtermvectors to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified _index.

Query parameters

ids array[string]

A comma-separated list of documents ids. You must define ids as parameter or set "ids" or "docs" in the request body
fields string | array[string]

A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
field_statistics boolean

If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
preference string

The node or shard the operation should be performed on. It is random by default.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
routing string

A custom value used to route operations to a specific shard.
term_statistics boolean

If true, the response includes term frequency and document frequency.
version number

If true, returns the document version as part of a hit.
version_type string

The version type.

Values are internal, external, external_gte, or force.

application/json

Body

docs array[object]

An array of existing or artificial documents.
Hide docs attributes Show docs attributes object
- _id string
- _index string
- doc object
  
  An artificial document (a document not present in the index) for which you want to retrieve term vectors.
- fields string | array[string]
- field_statistics boolean
  
  If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.
- filter object
  Hide filter attributes Show filter attributes object
  
  max_doc_freq number
  
  Ignore words which occur in more than this many docs. Defaults to unbounded.
  
  max_num_terms number
  
  The maximum number of terms that must be returned per field.
  
  max_term_freq number
  
  Ignore words with more than this frequency in the source doc. It defaults to unbounded.
  
  max_word_length number
  
  The maximum word length above which words will be ignored. Defaults to unbounded.
  
  min_doc_freq number
  
  Ignore terms which do not occur in at least this many docs.
  
  min_term_freq number
  
  Ignore words with less than this frequency in the source doc.
  
  min_word_length number
  
  The minimum word length below which words will be ignored.
- offsets boolean
  
  If true, the response includes term offsets.
- payloads boolean
  
  If true, the response includes term payloads.
- positions boolean
  
  If true, the response includes term positions.
- routing string
- term_statistics boolean
  
  If true, the response includes term frequency and document frequency.
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
ids array[string]

A simplified syntax to specify documents by their ID if they're in the same index.

Responses

200 application/json
Hide response attribute Show response attribute object
- docs array[object] Required
  
  Hide docs attributes Show docs attributes object
  
  _id string
  
  _index string Required
  
  _version number
  
  took number
  
  found boolean
  
  term_vectors object
  
  Hide term_vectors attribute Show term_vectors attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  field_statistics object
  
  Hide field_statistics attributes Show field_statistics attributes object
  
  doc_count number Required
  
  sum_doc_freq number Required
  
  sum_ttf number Required
  
  terms object Required
  
  Hide terms attribute Show terms attribute object
  
  * object Additional properties
  
  error object
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]

POST /_mtermvectors

curl \
 --request POST 'http://api.example.com/_mtermvectors' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"docs\": [\n      {\n        \"_id\": \"2\",\n        \"fields\": [\n            \"message\"\n        ],\n        \"term_statistics\": true\n      },\n      {\n        \"_id\": \"1\"\n      }\n  ]\n}"'

Request examples

Run `POST /my-index-000001/_mtermvectors`. When you specify an index in the request URI, the index does not need to be specified for each documents in the request body.

{
  "docs": [
      {
        "_id": "2",
        "fields": [
            "message"
        ],
        "term_statistics": true
      },
      {
        "_id": "1"
      }
  ]
}

Run `POST /my-index-000001/_mtermvectors`. If all requested documents are in same index and the parameters are the same, you can use a simplified syntax.

{
  "ids": [ "1", "2" ],
  "fields": [
    "message"
  ],
  "term_statistics": true
}

Run `POST /_mtermvectors` to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified `_index`.

{
  "docs": [
      {
        "_index": "my-index-000001",
        "doc" : {
            "message" : "test test test"
        }
      },
      {
        "_index": "my-index-000001",
        "doc" : {
          "message" : "Another test ..."
        }
      }
  ]
}

Response examples (200)

{
  "docs": [
    {
      "_id": "string",
      "_index": "string",
      "_version": 42.0,
      "took": 42.0,
      "found": true,
      "term_vectors": {
        "additionalProperty1": {
          "field_statistics": {
            "doc_count": 42.0,
            "sum_doc_freq": 42.0,
            "sum_ttf": 42.0
          },
          "terms": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          }
        },
        "additionalProperty2": {
          "field_statistics": {
            "doc_count": 42.0,
            "sum_doc_freq": 42.0,
            "sum_ttf": 42.0
          },
          "terms": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          }
        }
      },
      "error": {
        "type": "string",
        "reason": "string",
        "stack_trace": "string",
        "caused_by": {},
        "root_cause": [
          {}
        ],
        "suppressed": [
          {}
        ]
      }
    }
  ]
}

Get the async EQL status Added in 7.9.0

GET /_eql/search/status/{id}

Api key auth Basic auth Bearer auth

Get the current status for an async EQL search or a stored synchronous EQL search without returning results.

Path parameters

id string Required

Identifier for the search.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string Required
- is_partial boolean Required
  
  If true, the search request is still executing. If false, the search is completed.
- is_running boolean Required
  
  If true, the response does not contain complete search results. This could be because either the search is still running (is_running status is false), or because it is already completed (is_running status is true) and results are partial due to failures or timeouts.
- start_time_in_millis number
  
  Time unit for milliseconds
- expiration_time_in_millis number
  
  Time unit for milliseconds
- completion_status number
  
  For a completed search shows the http status code of the completed search.

GET /_eql/search/status/{id}

curl \
 --request GET 'http://api.example.com/_eql/search/status/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for getting status information for an async EQL search.

{
  "id": "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  "is_running" : true,
  "is_partial" : true,
  "start_time_in_millis" : 1611690235000,
  "expiration_time_in_millis" : 1611690295000
}

Delete an index template Added in 7.8.0

DELETE /_index_template/{name}

Api key auth Basic auth Bearer auth

The provided may contain multiple template names separated by a comma. If multiple template names are specified then there is no wildcard support and the provided names should match completely with existing templates.

Path parameters

name string | array[string] Required

Comma-separated list of index template names used to limit the request. Wildcard (*) expressions are supported.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_index_template/{name}

curl \
 --request DELETE 'http://api.example.com/_index_template/{name}' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "acknowledged": true
}

Get index templates

GET /_template/{name}

Api key auth Basic auth Bearer auth

Get information about one or more index templates.

IMPORTANT: This documentation is about legacy index templates, which are deprecated and will be replaced by the composable templates introduced in Elasticsearch 7.8.

External documentation

Path parameters

name string | array[string] Required

Comma-separated list of index template names used to limit the request. Wildcard (*) expressions are supported. To return all index templates, omit this parameter or use a value of _all or *.

Query parameters

flat_settings boolean

If true, returns settings in flat format.
local boolean

If true, the request retrieves information from the local node only.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
  
  Hide * attributes Show * attributes object
  
  aliases object Required
  
  Hide aliases attribute Show aliases attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  search_routing string
  
  index_patterns array[string] Required
  
  mappings object Required
  
  Hide mappings attributes Show mappings attributes object
  
  all_field object
  
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
  
  date_detection boolean
  
  dynamic string
  
  Values are strict, runtime, true, or false.
  
  dynamic_date_formats array[string]
  
  dynamic_templates array[object]
  
  _field_names object
  
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
  
  index_field object
  
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
  
  _meta object
  
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
  
  numeric_detection boolean
  
  properties object
  
  _routing object
  
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
  
  _size object
  
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  mode string
  
  Values are disabled, stored, or synthetic.
  
  runtime object
  
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  fetch_fields array[object]
  
  For type lookup
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  lang
  
  options object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  enabled boolean
  
  subobjects string
  
  Values are true, false, or auto.
  
  _data_stream_timestamp object
  
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
  
  order number Required
  
  settings object Required
  
  Hide settings attribute Show settings attribute object
  
  * object Additional properties
  
  version number

GET /_template/{name}

curl \
 --request GET 'http://api.example.com/_template/{name}' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "additionalProperty1": {
    "aliases": {
      "additionalProperty1": {
        "filter": {},
        "index_routing": "string",
        "is_hidden": true,
        "is_write_index": true,
        "routing": "string",
        "search_routing": "string"
      },
      "additionalProperty2": {
        "filter": {},
        "index_routing": "string",
        "is_hidden": true,
        "is_write_index": true,
        "routing": "string",
        "search_routing": "string"
      }
    },
    "index_patterns": [
      "string"
    ],
    "mappings": {
      "all_field": {
        "analyzer": "string",
        "enabled": true,
        "omit_norms": true,
        "search_analyzer": "string",
        "similarity": "string",
        "store": true,
        "store_term_vector_offsets": true,
        "store_term_vector_payloads": true,
        "store_term_vector_positions": true,
        "store_term_vectors": true
      },
      "date_detection": true,
      "dynamic": "strict",
      "dynamic_date_formats": [
        "string"
      ],
      "dynamic_templates": [
        {}
      ],
      "_field_names": {
        "enabled": true
      },
      "index_field": {
        "enabled": true
      },
      "_meta": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      },
      "numeric_detection": true,
      "properties": {},
      "_routing": {
        "required": true
      },
      "_size": {
        "enabled": true
      },
      "_source": {
        "compress": true,
        "compress_threshold": "string",
        "enabled": true,
        "excludes": [
          "string"
        ],
        "includes": [
          "string"
        ],
        "mode": "disabled"
      },
      "runtime": {
        "additionalProperty1": {
          "fields": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "fetch_fields": [
            {}
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {},
            "options": {}
          },
          "type": "boolean"
        },
        "additionalProperty2": {
          "fields": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "fetch_fields": [
            {}
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {},
            "options": {}
          },
          "type": "boolean"
        }
      },
      "enabled": true,
      "subobjects": "true",
      "_data_stream_timestamp": {
        "enabled": true
      }
    },
    "order": 42.0,
    "settings": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "version": 42.0
  },
  "additionalProperty2": {
    "aliases": {
      "additionalProperty1": {
        "filter": {},
        "index_routing": "string",
        "is_hidden": true,
        "is_write_index": true,
        "routing": "string",
        "search_routing": "string"
      },
      "additionalProperty2": {
        "filter": {},
        "index_routing": "string",
        "is_hidden": true,
        "is_write_index": true,
        "routing": "string",
        "search_routing": "string"
      }
    },
    "index_patterns": [
      "string"
    ],
    "mappings": {
      "all_field": {
        "analyzer": "string",
        "enabled": true,
        "omit_norms": true,
        "search_analyzer": "string",
        "similarity": "string",
        "store": true,
        "store_term_vector_offsets": true,
        "store_term_vector_payloads": true,
        "store_term_vector_positions": true,
        "store_term_vectors": true
      },
      "date_detection": true,
      "dynamic": "strict",
      "dynamic_date_formats": [
        "string"
      ],
      "dynamic_templates": [
        {}
      ],
      "_field_names": {
        "enabled": true
      },
      "index_field": {
        "enabled": true
      },
      "_meta": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      },
      "numeric_detection": true,
      "properties": {},
      "_routing": {
        "required": true
      },
      "_size": {
        "enabled": true
      },
      "_source": {
        "compress": true,
        "compress_threshold": "string",
        "enabled": true,
        "excludes": [
          "string"
        ],
        "includes": [
          "string"
        ],
        "mode": "disabled"
      },
      "runtime": {
        "additionalProperty1": {
          "fields": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "fetch_fields": [
            {}
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {},
            "options": {}
          },
          "type": "boolean"
        },
        "additionalProperty2": {
          "fields": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "fetch_fields": [
            {}
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {},
            "options": {}
          },
          "type": "boolean"
        }
      },
      "enabled": true,
      "subobjects": "true",
      "_data_stream_timestamp": {
        "enabled": true
      }
    },
    "order": 42.0,
    "settings": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "version": 42.0
  }
}

Get index recovery information

GET /_recovery

Api key auth Basic auth Bearer auth

Get information about ongoing and completed shard recoveries for one or more indices. For data streams, the API returns information for the stream's backing indices.

All recoveries, whether ongoing or complete, are kept in the cluster state and may be reported on at any time.

Shard recovery is the process of initializing a shard copy, such as restoring a primary shard from a snapshot or creating a replica shard from a primary shard. When a shard recovery completes, the recovered shard is available for search and indexing.

Recovery automatically occurs during the following processes:

When creating an index for the first time.
When a node rejoins the cluster and starts up any missing primary shard copies using the data that it holds in its data path.
Creation of new replica shard copies from the primary.
Relocation of a shard copy to a different node in the same cluster.
A snapshot restore operation.
A clone, shrink, or split operation.

You can determine the cause of a shard recovery using the recovery or cat recovery APIs.

The index recovery API reports information about completed recoveries only for shard copies that currently exist in the cluster. It only reports the last recovery for each shard copy and does not report historical information about earlier recoveries, nor does it report information about the recoveries of shard copies that no longer exist. This means that if a shard copy completes a recovery and then Elasticsearch relocates it onto a different node then the information about the original recovery will not be shown in the recovery API.

Query parameters

active_only boolean

If true, the response only includes ongoing shard recoveries.
detailed boolean

If true, the response includes detailed information about shard recoveries.

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
  
  Hide * attribute Show * attribute object
  
  shards array[object] Required
  
  Hide shards attributes Show shards attributes object
  
  id number Required
  
  index object Required
  
  Hide index attributes Show index attributes object
  
  bytes object
  
  Hide bytes attributes Show bytes attributes object
  
  percent
  
  recovered
  
  recovered_in_bytes
  
  recovered_from_snapshot
  
  recovered_from_snapshot_in_bytes
  
  reused
  
  reused_in_bytes
  
  total
  
  total_in_bytes
  
  files object Required
  
  Hide files attributes Show files attributes object
  
  details array[object]
  
  percent
  
  recovered number Required
  
  reused number Required
  
  total number Required
  
  size object Required
  
  Hide size attributes Show size attributes object
  
  percent
  
  recovered
  
  recovered_in_bytes
  
  recovered_from_snapshot
  
  recovered_from_snapshot_in_bytes
  
  reused
  
  reused_in_bytes
  
  total
  
  total_in_bytes
  
  source_throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  source_throttle_time_in_millis number
  
  Time unit for milliseconds
  
  target_throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  target_throttle_time_in_millis number
  
  Time unit for milliseconds
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time_in_millis number
  
  Time unit for milliseconds
  
  primary boolean Required
  
  source object Required
  
  Hide source attributes Show source attributes object
  
  hostname string
  
  host string
  
  transport_address string
  
  id string
  
  ip string
  
  name string
  
  bootstrap_new_history_uuid boolean
  
  repository string
  
  snapshot string
  
  version string
  
  restoreUUID string
  
  index string
  
  stage string Required
  
  start object
  
  Hide start attributes Show start attributes object
  
  check_index_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  check_index_time_in_millis number
  
  Time unit for milliseconds
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time_in_millis number
  
  Time unit for milliseconds
  
  start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  start_time_in_millis number
  
  Time unit for milliseconds
  
  stop_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  stop_time_in_millis number
  
  Time unit for milliseconds
  
  target object Required
  
  Hide target attributes Show target attributes object
  
  hostname string
  
  host string
  
  transport_address string
  
  id string
  
  ip string
  
  name string
  
  bootstrap_new_history_uuid boolean
  
  repository string
  
  snapshot string
  
  version string
  
  restoreUUID string
  
  index string
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time_in_millis number
  
  Time unit for milliseconds
  
  translog object Required
  
  Hide translog attributes Show translog attributes object
  
  percent string | number Required
  
  One of:
  Percentage string Percentage number
  
  recovered number Required
  
  total number Required
  
  total_on_start number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time_in_millis number
  
  Time unit for milliseconds
  
  type string Required
  
  verify_index object Required
  
  Hide verify_index attributes Show verify_index attributes object
  
  check_index_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  check_index_time_in_millis number
  
  Time unit for milliseconds
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time_in_millis number
  
  Time unit for milliseconds

GET /_recovery

curl \
 --request GET 'http://api.example.com/_recovery' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_recovery?human`, which gets information about ongoing and completed shard recoveries for all data streams and indices in a cluster. This example includes information about a single index recovering a single shard. The source of the recovery is a snapshot repository and the target of the recovery is the `my_es_node` node. The response also includes the number and percentage of files and bytes recovered.

{
  "index1" : {
    "shards" : [ {
      "id" : 0,
      "type" : "SNAPSHOT",
      "stage" : "INDEX",
      "primary" : true,
      "start_time" : "2014-02-24T12:15:59.716",
      "start_time_in_millis": 1393244159716,
      "stop_time" : "0s",
      "stop_time_in_millis" : 0,
      "total_time" : "2.9m",
      "total_time_in_millis" : 175576,
      "source" : {
        "repository" : "my_repository",
        "snapshot" : "my_snapshot",
        "index" : "index1",
        "version" : "{version}",
        "restoreUUID": "PDh1ZAOaRbiGIVtCvZOMww"
      },
      "target" : {
        "id" : "ryqJ5lO5S4-lSFbGntkEkg",
        "host" : "my.fqdn",
        "transport_address" : "my.fqdn",
        "ip" : "10.0.1.7",
        "name" : "my_es_node"
      },
      "index" : {
        "size" : {
          "total" : "75.4mb",
          "total_in_bytes" : 79063092,
          "reused" : "0b",
          "reused_in_bytes" : 0,
          "recovered" : "65.7mb",
          "recovered_in_bytes" : 68891939,
          "recovered_from_snapshot" : "0b",
          "recovered_from_snapshot_in_bytes" : 0,
          "percent" : "87.1%"
        },
        "files" : {
          "total" : 73,
          "reused" : 0,
          "recovered" : 69,
          "percent" : "94.5%"
        },
        "total_time" : "0s",
        "total_time_in_millis" : 0,
        "source_throttle_time" : "0s",
        "source_throttle_time_in_millis" : 0,
        "target_throttle_time" : "0s",
        "target_throttle_time_in_millis" : 0
      },
      "translog" : {
        "recovered" : 0,
        "total" : 0,
        "percent" : "100.0%",
        "total_on_start" : 0,
        "total_time" : "0s",
        "total_time_in_millis" : 0
      },
      "verify_index" : {
        "check_index_time" : "0s",
        "check_index_time_in_millis" : 0,
        "total_time" : "0s",
        "total_time_in_millis" : 0
      }
    } ]
  }
}

A successful response from `GET _recovery?human&detailed=true`. The response includes a listing of any physical files recovered and their sizes. The response also includes timings in milliseconds of the various stages of recovery: index retrieval, translog replay, and index start time. This response indicates the recovery is done.

{
  "index1" : {
    "shards" : [ {
      "id" : 0,
      "type" : "EXISTING_STORE",
      "stage" : "DONE",
      "primary" : true,
      "start_time" : "2014-02-24T12:38:06.349",
      "start_time_in_millis" : "1393245486349",
      "stop_time" : "2014-02-24T12:38:08.464",
      "stop_time_in_millis" : "1393245488464",
      "total_time" : "2.1s",
      "total_time_in_millis" : 2115,
      "source" : {
        "id" : "RGMdRc-yQWWKIBM4DGvwqQ",
        "host" : "my.fqdn",
        "transport_address" : "my.fqdn",
        "ip" : "10.0.1.7",
        "name" : "my_es_node"
      },
      "target" : {
        "id" : "RGMdRc-yQWWKIBM4DGvwqQ",
        "host" : "my.fqdn",
        "transport_address" : "my.fqdn",
        "ip" : "10.0.1.7",
        "name" : "my_es_node"
      },
      "index" : {
        "size" : {
          "total" : "24.7mb",
          "total_in_bytes" : 26001617,
          "reused" : "24.7mb",
          "reused_in_bytes" : 26001617,
          "recovered" : "0b",
          "recovered_in_bytes" : 0,
          "recovered_from_snapshot" : "0b",
          "recovered_from_snapshot_in_bytes" : 0,
          "percent" : "100.0%"
        },
        "files" : {
          "total" : 26,
          "reused" : 26,
          "recovered" : 0,
          "percent" : "100.0%",
          "details" : [ {
            "name" : "segments.gen",
            "length" : 20,
            "recovered" : 20
          }, {
            "name" : "_0.cfs",
            "length" : 135306,
            "recovered" : 135306,
            "recovered_from_snapshot": 0
          }, {
            "name" : "segments_2",
            "length" : 251,
            "recovered" : 251,
            "recovered_from_snapshot": 0
          }
          ]
        },
        "total_time" : "2ms",
        "total_time_in_millis" : 2,
        "source_throttle_time" : "0s",
        "source_throttle_time_in_millis" : 0,
        "target_throttle_time" : "0s",
        "target_throttle_time_in_millis" : 0
      },
      "translog" : {
        "recovered" : 71,
        "total" : 0,
        "percent" : "100.0%",
        "total_on_start" : 0,
        "total_time" : "2.0s",
        "total_time_in_millis" : 2025
      },
      "verify_index" : {
        "check_index_time" : 0,
        "check_index_time_in_millis" : 0,
        "total_time" : "88ms",
        "total_time_in_millis" : 88
      }
    } ]
  }
}

Refresh an index

GET /_refresh

Api key auth Basic auth Bearer auth

A refresh makes recent operations performed on one or more indices available for search. For data streams, the API runs the refresh operation on the stream’s backing indices.

By default, Elasticsearch periodically refreshes indices every second, but only on indices that have received one search request or more in the last 30 seconds. You can change this default interval with the index.refresh_interval setting.

Refresh requests are synchronous and do not return a response until the refresh operation completes.

Refreshes are resource-intensive. To ensure good cluster performance, it's recommended to wait for Elasticsearch's periodic refresh rather than performing an explicit refresh when possible.

If your application workflow indexes documents and then runs a search to retrieve the indexed document, it's recommended to use the index API's refresh=wait_for query parameter option. This option ensures the indexing operation waits for a periodic refresh before running the search.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices.
expand_wildcards string | array[string]

Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.

Responses

200 application/json
Hide response attribute Show response attribute object
- _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number

GET /_refresh

curl \
 --request GET 'http://api.example.com/_refresh' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "_shards": {
    "failed": 42.0,
    "successful": 42.0,
    "total": 42.0,
    "failures": [
      {
        "index": "string",
        "node": "string",
        "reason": {
          "type": "string",
          "reason": "string",
          "stack_trace": "string",
          "caused_by": {},
          "root_cause": [
            {}
          ],
          "suppressed": [
            {}
          ]
        },
        "shard": 42.0,
        "status": "string"
      }
    ],
    "skipped": 42.0
  }
}

Simulate an index template

POST /_index_template/_simulate

Api key auth Basic auth Bearer auth

Get the index configuration that would be applied by a particular index template.

Query parameters

create boolean

If true, the template passed in the body is only used if no existing templates match the same index patterns. If false, the simulation uses the template with the highest priority. Note that the template is not permanently added or updated in either case; it is only used for the simulation.
cause string

User defined reason for dry-run creating the new template for simulation purposes
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
include_defaults boolean

If true, returns all relevant default configurations for the index template.

application/json

Body

allow_auto_create boolean

This setting overrides the value of the action.auto_create_index cluster setting. If set to true in a template, then indices can be automatically created using that template even if auto-creation of indices is disabled via actions.auto_create_index. If set to false, then indices or data streams matching the template must always be explicitly created, and may never be automatically created.
index_patterns string | array[string]
composed_of array[string]

An ordered list of component template names. Component templates are merged in the order specified, meaning that the last component template specified has the highest precedence.
template object
Hide template attributes Show template attributes object
- aliases object
  
  Aliases to add. If the index template includes a data_stream object, these are data stream aliases. Otherwise, these are index aliases. Data stream aliases ignore the index_routing, routing, and search_routing options.
  Hide aliases attribute Show aliases attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  search_routing string
- mappings object
  Hide mappings attributes Show mappings attributes object
  
  all_field object
  
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
  
  date_detection boolean
  
  dynamic string
  
  Values are strict, runtime, true, or false.
  
  dynamic_date_formats array[string]
  
  dynamic_templates array[object]
  
  _field_names object
  
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
  
  index_field object
  
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
  
  _meta object
  
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
  
  numeric_detection boolean
  
  properties object
  
  _routing object
  
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
  
  _size object
  
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  mode string
  
  Values are disabled, stored, or synthetic.
  
  runtime object
  
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  enabled boolean
  
  subobjects string
  
  Values are true, false, or auto.
  
  _data_stream_timestamp object
  
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
- settings object
  Hide settings attributes Show settings attributes object
  
  index object
  
  mode string
  
  routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  soft_deletes object
  
  Hide soft_deletes attributes Show soft_deletes attributes object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  retention_lease object
  
  Hide retention_lease attribute Show retention_lease attribute object
  
  period string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  sort object
  
  Hide sort attributes Show sort attributes object
  
  field string | array[string]
  
  order string | array[string]
  
  One of:
  SegmentSortOrder string array-2 array[string]
  
  Values are asc, ASC, desc, or DESC.
  
  mode string | array[string]
  
  One of:
  SegmentSortMode string array-2 array[string]
  
  Values are min, MIN, max, or MAX.
  
  missing string | array[string]
  
  One of:
  SegmentSortMissing string array-2 array[string]
  
  Values are _last or _first.
  
  number_of_shards number | string
  
  One of:
  number-1 number string-2 string
  
  number_of_replicas number | string
  
  One of:
  number-1 number string-2 string
  
  number_of_routing_shards number
  
  check_on_startup string
  
  Values are true, false, or checksum.
  
  codec string
  
  routing_partition_size number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  load_fixed_bitset_filters_eagerly boolean
  
  hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
  
  merge object
  
  Hide merge attribute Show merge attribute object
  
  scheduler object
  
  Hide scheduler attributes Show scheduler attributes object
  
  max_thread_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  max_merge_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  search object
  
  Hide search attributes Show search attributes object
  
  idle object
  
  Hide idle attribute Show idle attribute object
  
  after string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  slowlog object
  
  Hide slowlog attributes Show slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attributes Show threshold attributes object
  
  query object
  
  Hide query attributes Show query attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch object
  
  Hide fetch attributes Show fetch attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  max_result_window number
  
  max_inner_result_window number
  
  max_rescore_window number
  
  max_docvalue_fields_search number
  
  max_script_fields number
  
  max_ngram_diff number
  
  max_shingle_diff number
  
  blocks object
  
  Hide blocks attributes Show blocks attributes object
  
  read_only boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read_only_allow_delete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  write boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  metadata boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  max_refresh_listeners number
  
  analyze object
  
  Hide analyze attribute Show analyze attribute object
  
  max_token_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
  
  max_terms_count number
  
  max_regex_length number
  
  routing object
  
  Hide routing attributes Show routing attributes object
  
  allocation object
  
  Hide allocation attributes Show allocation attributes object
  
  enable string
  
  Values are all, primaries, new_primaries, or none.
  
  include object
  
  Hide include attributes Show include attributes object
  
  _tier_preference string
  
  _id string
  
  initial_recovery object
  
  Hide initial_recovery attribute Show initial_recovery attribute object
  
  _id string
  
  disk object
  
  Hide disk attribute Show disk attribute object
  
  threshold_enabled boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  rebalance object
  
  Hide rebalance attribute Show rebalance attribute object
  
  enable string Required
  
  Values are all, primaries, replicas, or none.
  
  gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  default_pipeline string
  
  final_pipeline string
  
  lifecycle object
  
  Hide lifecycle attributes Show lifecycle attributes object
  
  name string
  
  indexing_complete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  step object
  
  Hide step attribute Show step attribute object
  
  wait_time_threshold string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  prefer_ilm boolean | string
  
  Preference for the system that manages a data stream backing index (preferring ILM when both ILM and DLM are applicable for an index).
  
  One of:
  boolean-1 boolean string-2 string
  
  provided_name string
  
  creation_date number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitMillis number StringifiedEpochTimeUnitMillis string
  
  Time unit for milliseconds
  
  creation_date_string string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  uuid string
  
  version object
  
  Hide version attributes Show version attributes object
  
  created string
  
  created_string string
  
  verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  format string | number
  
  One of:
  string-1 string number-2 number
  
  max_slices_per_scroll number
  
  translog object
  
  Hide translog attributes Show translog attributes object
  
  sync_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  durability string
  
  Values are request, REQUEST, async, or ASYNC.
  
  flush_threshold_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  retention object
  
  Hide retention attributes Show retention attributes object
  
  size number | string
  
  One of:
  ByteSize number ByteSize string
  
  age string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  query_string object
  
  Hide query_string attribute Show query_string attribute object
  
  lenient boolean | string Required
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  priority number | string
  
  One of:
  number-1 number string-2 string
  
  top_metrics_max_size number
  
  analysis object
  
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
  
  settings object
  
  time_series object
  
  Hide time_series attributes Show time_series attributes object
  
  end_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  queries object
  
  Hide queries attribute Show queries attribute object
  
  cache object
  
  Hide cache attribute Show cache attribute object
  
  enabled boolean Required
  
  similarity object
  
  Configure custom similarity settings to customize how search results are scored.
  
  mapping object
  
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  total_fields object
  
  Hide total_fields attributes Show total_fields attributes object
  
  limit number | string
  
  The maximum number of fields in an index. Field and object mappings, as well as field aliases count towards this limit. The limit is in place to prevent mappings and searches from becoming too large. Higher values can lead to performance degradations and memory issues, especially in clusters with a high load or few resources.
  
  One of:
  number-1 number string-2 string
  
  ignore_dynamic_beyond_limit boolean | string
  
  This setting determines what happens when a dynamically mapped field would exceed the total fields limit. When set to false (the default), the index request of the document that tries to add a dynamic field to the mapping will fail with the message Limit of total fields [X] has been exceeded. When set to true, the index request will not fail. Instead, fields that would exceed the limit are not added to the mapping, similar to dynamic: false. The fields that were not added to the mapping will be added to the _ignored field.
  
  One of:
  boolean-1 boolean string-2 string
  
  depth object
  
  Hide depth attribute Show depth attribute object
  
  limit number
  
  The maximum depth for a field, which is measured as the number of inner objects. For instance, if all fields are defined at the root object level, then the depth is 1. If there is one object mapping, then the depth is 2, etc.
  
  nested_fields object
  
  Hide nested_fields attribute Show nested_fields attribute object
  
  limit number
  
  The maximum number of distinct nested mappings in an index. The nested type should only be used in special cases, when arrays of objects need to be queried independently of each other. To safeguard against poorly designed mappings, this setting limits the number of unique nested types per index.
  
  nested_objects object
  
  Hide nested_objects attribute Show nested_objects attribute object
  
  limit number
  
  The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects.
  
  field_name_length object
  
  Hide field_name_length attribute Show field_name_length attribute object
  
  limit number
  
  Setting for the maximum length of a field name. This setting isn’t really something that addresses mappings explosion but might still be useful if you want to limit the field length. It usually shouldn’t be necessary to set this setting. The default is okay unless a user starts to add a huge number of fields with really long names. Default is Long.MAX_VALUE (no limit).
  
  dimension_fields object
  
  Hide dimension_fields attribute Show dimension_fields attribute object
  
  limit number
  
  [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
  
  source object
  
  Hide source attribute Show source attribute object
  
  mode string Required
  
  Values are disabled, stored, or synthetic.
  
  ignore_malformed boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  indexing.slowlog object
  
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attribute Show threshold attribute object
  
  index object
  
  Hide index attributes Show index attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  indexing_pressure object
  
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object Required
  
  Hide memory attribute Show memory attribute object
  
  limit number
  
  Number of outstanding bytes that may be consumed by indexing requests. When this limit is reached or exceeded, the node will reject new coordinating and primary operations. When replica operations consume 1.5x this limit, the node will reject new replica operations. Defaults to 10% of the heap.
  
  store object
  
  Hide store attributes Show store attributes object
  
  type string Required
  
  Any of:
  StorageType string StorageType string
  
  Values are fs, niofs, mmapfs, or hybridfs.
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.
- lifecycle object
  Hide lifecycle attributes Show lifecycle attributes object
  
  data_retention string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  downsampling object
  
  Hide downsampling attribute Show downsampling attribute object
  
  rounds array[object] Required
  
  The list of downsampling rounds to execute as part of this downsampling configuration
  
  Hide rounds attributes Show rounds attributes object
  
  after string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  config object Required
  
  Hide config attribute Show config attribute object
  
  fixed_interval string Required
  
  A date histogram interval. Similar to Duration with additional units: w (week), M (month), q (quarter) and y (year)
  
  enabled boolean
  
  If defined, it turns data stream lifecycle on/off (true/false) for this data stream. A data stream lifecycle that's disabled (enabled: false) will have no effect on the data stream.
data_stream object
Hide data_stream attributes Show data_stream attributes object
- hidden boolean
- allow_custom_routing boolean
priority number

Priority to determine index template precedence when a new data stream or index is created. The index template with the highest priority is chosen. If no priority is specified the template is treated as though it is of priority 0 (lowest priority). This number is not automatically generated by Elasticsearch.
version number
_meta object
Hide _meta attribute Show _meta attribute object
- * object Additional properties
ignore_missing_component_templates array[string]

The configuration option ignore_missing_component_templates can be used when an index template references a component template that might not exist
deprecated boolean

Marks this index template as deprecated. When creating or updating a non-deprecated index template that uses deprecated components, Elasticsearch will emit a deprecation warning.

Responses

200 application/json
Hide response attributes Show response attributes object
- overlapping array[object]
  
  Hide overlapping attributes Show overlapping attributes object
  
  name string Required
  
  index_patterns array[string] Required
- template object Required
  
  Hide template attributes Show template attributes object
  
  aliases object Required
  
  Hide aliases attribute Show aliases attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  search_routing string
  
  mappings object Required
  
  Hide mappings attributes Show mappings attributes object
  
  all_field object
  
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
  
  date_detection boolean
  
  dynamic string
  
  Values are strict, runtime, true, or false.
  
  dynamic_date_formats array[string]
  
  dynamic_templates array[object]
  
  _field_names object
  
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
  
  index_field object
  
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
  
  _meta object
  
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
  
  numeric_detection boolean
  
  properties object
  
  _routing object
  
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
  
  _size object
  
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  mode string
  
  Values are disabled, stored, or synthetic.
  
  runtime object
  
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  fetch_fields array[object]
  
  For type lookup
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  lang
  
  options object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  enabled boolean
  
  subobjects string
  
  Values are true, false, or auto.
  
  _data_stream_timestamp object
  
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
  
  settings object Required
  
  Hide settings attributes Show settings attributes object
  
  index object
  
  mode string
  
  routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  soft_deletes object
  
  Hide soft_deletes attributes Show soft_deletes attributes object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  retention_lease object
  
  Hide retention_lease attribute Show retention_lease attribute object
  
  period string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  sort object
  
  Hide sort attributes Show sort attributes object
  
  field string | array[string]
  
  order string | array[string]
  
  One of:
  SegmentSortOrder string array-2 array[string]
  
  Values are asc, ASC, desc, or DESC.
  
  mode string | array[string]
  
  One of:
  SegmentSortMode string array-2 array[string]
  
  Values are min, MIN, max, or MAX.
  
  missing string | array[string]
  
  One of:
  SegmentSortMissing string array-2 array[string]
  
  Values are _last or _first.
  
  number_of_shards number | string
  
  One of:
  number-1 number string-2 string
  
  number_of_replicas number | string
  
  One of:
  number-1 number string-2 string
  
  number_of_routing_shards number
  
  check_on_startup string
  
  Values are true, false, or checksum.
  
  codec string
  
  routing_partition_size number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  load_fixed_bitset_filters_eagerly boolean
  
  hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
  
  merge object
  
  Hide merge attribute Show merge attribute object
  
  scheduler object
  
  Hide scheduler attributes Show scheduler attributes object
  
  max_thread_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  max_merge_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  search object
  
  Hide search attributes Show search attributes object
  
  idle object
  
  Hide idle attribute Show idle attribute object
  
  after string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  slowlog object
  
  Hide slowlog attributes Show slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attributes Show threshold attributes object
  
  query object
  
  fetch object
  
  refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  max_result_window number
  
  max_inner_result_window number
  
  max_rescore_window number
  
  max_docvalue_fields_search number
  
  max_script_fields number
  
  max_ngram_diff number
  
  max_shingle_diff number
  
  blocks object
  
  Hide blocks attributes Show blocks attributes object
  
  read_only boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read_only_allow_delete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  write boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  metadata boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  max_refresh_listeners number
  
  analyze object
  
  Hide analyze attribute Show analyze attribute object
  
  max_token_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
  
  max_terms_count number
  
  max_regex_length number
  
  routing object
  
  Hide routing attributes Show routing attributes object
  
  allocation object
  
  Hide allocation attributes Show allocation attributes object
  
  enable string
  
  Values are all, primaries, new_primaries, or none.
  
  include object
  
  Hide include attributes Show include attributes object
  
  _tier_preference string
  
  _id string
  
  initial_recovery object
  
  Hide initial_recovery attribute Show initial_recovery attribute object
  
  _id string
  
  disk object
  
  Hide disk attribute Show disk attribute object
  
  threshold_enabled
  
  rebalance object
  
  Hide rebalance attribute Show rebalance attribute object
  
  enable string Required
  
  Values are all, primaries, replicas, or none.
  
  gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  default_pipeline string
  
  final_pipeline string
  
  lifecycle object
  
  Hide lifecycle attributes Show lifecycle attributes object
  
  name string
  
  indexing_complete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  step object
  
  Hide step attribute Show step attribute object
  
  wait_time_threshold string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  prefer_ilm boolean | string
  
  Preference for the system that manages a data stream backing index (preferring ILM when both ILM and DLM are applicable for an index).
  
  One of:
  boolean-1 boolean string-2 string
  
  provided_name string
  
  creation_date number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitMillis number StringifiedEpochTimeUnitMillis string
  
  Time unit for milliseconds
  
  creation_date_string string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  uuid string
  
  version object
  
  Hide version attributes Show version attributes object
  
  created string
  
  created_string string
  
  verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  format string | number
  
  One of:
  string-1 string number-2 number
  
  max_slices_per_scroll number
  
  translog object
  
  Hide translog attributes Show translog attributes object
  
  sync_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  durability string
  
  Values are request, REQUEST, async, or ASYNC.
  
  flush_threshold_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  retention object
  
  Hide retention attributes Show retention attributes object
  
  size number | string
  
  One of:
  ByteSize number ByteSize string
  
  age string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  query_string object
  
  Hide query_string attribute Show query_string attribute object
  
  lenient boolean | string Required
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  priority number | string
  
  One of:
  number-1 number string-2 string
  
  top_metrics_max_size number
  
  analysis object
  
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
  
  settings object
  
  time_series object
  
  Hide time_series attributes Show time_series attributes object
  
  end_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  queries object
  
  Hide queries attribute Show queries attribute object
  
  cache object
  
  Hide cache attribute Show cache attribute object
  
  enabled boolean Required
  
  similarity object
  
  Configure custom similarity settings to customize how search results are scored.
  
  mapping object
  
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  total_fields object
  
  Hide total_fields attributes Show total_fields attributes object
  
  limit number | string
  
  The maximum number of fields in an index. Field and object mappings, as well as field aliases count towards this limit. The limit is in place to prevent mappings and searches from becoming too large. Higher values can lead to performance degradations and memory issues, especially in clusters with a high load or few resources.
  
  One of:
  number-1 number string-2 string
  
  ignore_dynamic_beyond_limit boolean | string
  
  This setting determines what happens when a dynamically mapped field would exceed the total fields limit. When set to false (the default), the index request of the document that tries to add a dynamic field to the mapping will fail with the message Limit of total fields [X] has been exceeded. When set to true, the index request will not fail. Instead, fields that would exceed the limit are not added to the mapping, similar to dynamic: false. The fields that were not added to the mapping will be added to the _ignored field.
  
  One of:
  boolean-1 boolean string-2 string
  
  depth object
  
  Hide depth attribute Show depth attribute object
  
  limit number
  
  The maximum depth for a field, which is measured as the number of inner objects. For instance, if all fields are defined at the root object level, then the depth is 1. If there is one object mapping, then the depth is 2, etc.
  
  nested_fields object
  
  Hide nested_fields attribute Show nested_fields attribute object
  
  limit number
  
  The maximum number of distinct nested mappings in an index. The nested type should only be used in special cases, when arrays of objects need to be queried independently of each other. To safeguard against poorly designed mappings, this setting limits the number of unique nested types per index.
  
  nested_objects object
  
  Hide nested_objects attribute Show nested_objects attribute object
  
  limit number
  
  The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects.
  
  field_name_length object
  
  Hide field_name_length attribute Show field_name_length attribute object
  
  limit number
  
  Setting for the maximum length of a field name. This setting isn’t really something that addresses mappings explosion but might still be useful if you want to limit the field length. It usually shouldn’t be necessary to set this setting. The default is okay unless a user starts to add a huge number of fields with really long names. Default is Long.MAX_VALUE (no limit).
  
  dimension_fields object
  
  Hide dimension_fields attribute Show dimension_fields attribute object
  
  limit number
  
  [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
  
  source object
  
  Hide source attribute Show source attribute object
  
  mode string Required
  
  Values are disabled, stored, or synthetic.
  
  ignore_malformed boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  indexing.slowlog object
  
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attribute Show threshold attribute object
  
  index object
  
  Hide index attributes Show index attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  indexing_pressure object
  
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object Required
  
  Hide memory attribute Show memory attribute object
  
  limit number
  
  Number of outstanding bytes that may be consumed by indexing requests. When this limit is reached or exceeded, the node will reject new coordinating and primary operations. When replica operations consume 1.5x this limit, the node will reject new replica operations. Defaults to 10% of the heap.
  
  store object
  
  Hide store attributes Show store attributes object
  
  type string Required
  
  Any of:
  StorageType string StorageType string
  
  Values are fs, niofs, mmapfs, or hybridfs.
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.

POST /_index_template/_simulate

curl \
 --request POST 'http://api.example.com/_index_template/_simulate' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"index_patterns\": [\"my-index-*\"],\n  \"composed_of\": [\"ct2\"],\n  \"priority\": 10,\n  \"template\": {\n    \"settings\": {\n      \"index.number_of_replicas\": 1\n    }\n  }\n}"'

Request example

To see what settings will be applied by a template before you add it to the cluster, you can pass a template configuration in the request body. The specified template is used for the simulation if it has a higher priority than existing templates.

{
  "index_patterns": ["my-index-*"],
  "composed_of": ["ct2"],
  "priority": 10,
  "template": {
    "settings": {
      "index.number_of_replicas": 1
    }
  }
}

Response examples (200)

A successful response from `POST /_index_template/_simulate` with a template configuration in the request body. The response shows any overlapping templates with a lower priority.

{
  "template" : {
    "settings" : {
      "index" : {
        "number_of_replicas" : "1",
        "routing" : {
          "allocation" : {
            "include" : {
              "_tier_preference" : "data_content"
            }
          }
        }
      }
    },
    "mappings" : {
      "properties" : {
        "@timestamp" : {
          "type" : "date"
        }
      }
    },
    "aliases" : { }
  },
  "overlapping" : [
    {
      "name" : "final-template",
      "index_patterns" : [
        "my-index-*"
      ]
    }
  ]
}

Remove policies from an index Added in 6.6.0

POST /{index}/_ilm/remove

Api key auth Basic auth Bearer auth

Remove the assigned lifecycle policies from an index or a data stream's backing indices. It also stops managing the indices.

Path parameters

index string Required

The name of the index to remove policy on

Responses

200 application/json
Hide response attributes Show response attributes object
- failed_indexes array[string] Required
- has_failures boolean Required

POST /{index}/_ilm/remove

curl \
 --request POST 'http://api.example.com/{index}/_ilm/remove' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response when removing a lifecycle policy from an index.

{
  "has_failures" : false,
  "failed_indexes" : []
}

Retry a policy Added in 6.6.0

POST /{index}/_ilm/retry

Api key auth Basic auth Bearer auth

Retry running the lifecycle policy for an index that is in the ERROR step. The API sets the policy back to the step where the error occurred and runs the step. Use the explain lifecycle state API to determine whether an index is in the ERROR step.

Path parameters

index string Required

The name of the indices (comma-separated) whose failed lifecycle step is to be retry

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /{index}/_ilm/retry

curl \
 --request POST 'http://api.example.com/{index}/_ilm/retry' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "acknowledged": true
}

Create an Elasticsearch inference endpoint Added in 8.13.0

PUT /_inference/{task_type}/{elasticsearch_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the elasticsearch service.

Your Elasticsearch deployment contains preconfigured ELSER and E5 inference endpoints, you only need to create the enpoints using the API if you want to customize the settings.

If you use the ELSER or the E5 model through the elasticsearch service, the API request will automatically download and deploy the model if it isn't downloaded yet.

You might see a 502 bad gateway error in the response when using the Kibana Console. This error usually just reflects a timeout, while the model downloads in the background. You can check the download progress in the Machine Learning UI. If using the Python client, you can set the timeout parameter to a higher value.

After creating the endpoint, wait for the model deployment to complete before using it. To verify the deployment status, use the get trained model statistics API. Look for "state": "fully_allocated" in the response and ensure that the "allocation_count" matches the "target_allocation_count". Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.

Path parameters

task_type string Required

The type of the inference task that the model will perform.

Values are rerank, sparse_embedding, or text_embedding.
elasticsearch_inference_id string Required

The unique identifier of the inference endpoint. The must not match the model_id.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is elasticsearch.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- adaptive_allocations object
  Hide adaptive_allocations attributes Show adaptive_allocations attributes object
  
  enabled boolean
  
  Turn on adaptive_allocations.
  
  max_number_of_allocations number
  
  The maximum number of allocations to scale to. If set, it must be greater than or equal to min_number_of_allocations.
  
  min_number_of_allocations number
  
  The minimum number of allocations to scale to. If set, it must be greater than or equal to 0. If not defined, the deployment scales to 0.
- deployment_id string
  
  The deployment identifier for a trained model deployment. When deployment_id is used the model_id is optional.
- model_id string Required
  
  The name of the model to use for the inference task. It can be the ID of a built-in model (for example, .multilingual-e5-small for E5) or a text embedding model that was uploaded by using the Eland client.
  
  External documentation
- num_allocations number
  
  The total number of allocations that are assigned to the model across machine learning nodes. Increasing this value generally increases the throughput. If adaptive allocations are enabled, do not set this value because it's automatically set.
- num_threads number Required
  
  The number of threads used by each model allocation during inference. This setting generally increases the speed per inference request. The inference process is a compute-bound process; threads_per_allocations must not exceed the number of available allocated processors per node. The value must be a power of 2. The maximum value is 32.
task_settings object
Hide task_settings attribute Show task_settings attribute object
- return_documents boolean
  
  For a rerank task, return the document instead of only the index.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{elasticsearch_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{elasticsearch_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"elasticsearch\",\n    \"service_settings\": {\n        \"adaptive_allocations\": { \n        \"enabled\": true,\n        \"min_number_of_allocations\": 1,\n        \"max_number_of_allocations\": 4\n        },\n        \"num_threads\": 1,\n        \"model_id\": \".elser_model_2\" \n    }\n}"'

Request examples

Run `PUT _inference/sparse_embedding/my-elser-model` to create an inference endpoint that performs a `sparse_embedding` task. The `model_id` must be the ID of one of the built-in ELSER models. The API will automatically download the ELSER model if it isn't already downloaded and then deploy the model.

{
    "service": "elasticsearch",
    "service_settings": {
        "adaptive_allocations": { 
        "enabled": true,
        "min_number_of_allocations": 1,
        "max_number_of_allocations": 4
        },
        "num_threads": 1,
        "model_id": ".elser_model_2" 
    }
}

Run `PUT _inference/rerank/my-elastic-rerank` to create an inference endpoint that performs a rerank task using the built-in Elastic Rerank cross-encoder model. The `model_id` must be `.rerank-v1`, which is the ID of the built-in Elastic Rerank model. The API will automatically download the Elastic Rerank model if it isn't already downloaded and then deploy the model. Once deployed, the model can be used for semantic re-ranking with a `text_similarity_reranker` retriever.

{
    "service": "elasticsearch",
    "service_settings": {
        "model_id": ".rerank-v1", 
        "num_threads": 1,
        "adaptive_allocations": { 
        "enabled": true,
        "min_number_of_allocations": 1,
        "max_number_of_allocations": 4
        }
    }
}

Run `PUT _inference/text_embedding/my-e5-model` to create an inference endpoint that performs a `text_embedding` task. The `model_id` must be the ID of one of the built-in E5 models. The API will automatically download the E5 model if it isn't already downloaded and then deploy the model.

{
    "service": "elasticsearch",
    "service_settings": {
        "num_allocations": 1,
        "num_threads": 1,
        "model_id": ".multilingual-e5-small" 
    }
}

Run `PUT _inference/text_embedding/my-msmarco-minilm-model` to create an inference endpoint that performs a `text_embedding` task with a model that was uploaded by Eland.

{
    "service": "elasticsearch",
    "service_settings": {
        "num_allocations": 1,
        "num_threads": 1,
        "model_id": "msmarco-MiniLM-L12-cos-v5" 
    }
}

Run `PUT _inference/text_embedding/my-e5-model` to create an inference endpoint that performs a `text_embedding` task and to configure adaptive allocations. The API request will automatically download the E5 model if it isn't already downloaded and then deploy the model.

{
    "service": "elasticsearch",
    "service_settings": {
        "adaptive_allocations": {
        "enabled": true,
        "min_number_of_allocations": 3,
        "max_number_of_allocations": 10
        },
        "num_threads": 1,
        "model_id": ".multilingual-e5-small"
    }
}

Run `PUT _inference/sparse_embedding/use_existing_deployment` to use an already existing model deployment when creating an inference endpoint.

{
    "service": "elasticsearch",
    "service_settings": {
        "deployment_id": ".elser_model_2"
    }
}

Response examples (200)

A successful response from `PUT _inference/sparse_embedding/use_existing_deployment`. It contains the model ID and the threads and allocations settings from the model deployment.

{
  "inference_id": "use_existing_deployment",
  "task_type": "sparse_embedding",
  "service": "elasticsearch",
  "service_settings": {
    "num_allocations": 2,
    "num_threads": 1,
    "model_id": ".elser_model_2",
    "deployment_id": ".elser_model_2"
  },
  "chunking_settings": {
    "strategy": "sentence",
    "max_chunk_size": 250,
    "sentence_overlap": 1
  }
}

Create a VoyageAI inference endpoint Added in 8.19.0

PUT /_inference/{task_type}/{voyageai_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the voyageai service.

Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.

Path parameters

task_type string Required

The type of the inference task that the model will perform.

Values are text_embedding or rerank.
voyageai_inference_id string Required

The unique identifier of the inference endpoint.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is voyageai.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- dimensions number
  
  The number of dimensions for resulting output embeddings. This setting maps to output_dimension in the VoyageAI documentation. Only for the text_embedding task type.
- model_id string Required
  
  The name of the model to use for the inference task. Refer to the VoyageAI documentation for the list of available text embedding and rerank models.
- rate_limit object
  Hide rate_limit attribute Show rate_limit attribute object
  
  requests_per_minute number
  
  The number of requests allowed per minute.
- embedding_type number
  
  The data type for the embeddings to be returned. This setting maps to output_dtype in the VoyageAI documentation. Permitted values: float, int8, bit. int8 is a synonym of byte in the VoyageAI documentation. bit is a synonym of binary in the VoyageAI documentation. Only for the text_embedding task type.
task_settings object
Hide task_settings attributes Show task_settings attributes object
- input_type string
  
  Type of the input text. Permitted values: ingest (maps to document in the VoyageAI documentation), search (maps to query in the VoyageAI documentation). Only for the text_embedding task type.
- return_documents boolean
  
  Whether to return the source documents in the response. Only for the rerank task type.
- top_k number
  
  The number of most relevant documents to return. If not specified, the reranking results of all documents will be returned. Only for the rerank task type.
- truncation boolean
  
  Whether to truncate the input texts to fit within the context length.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{voyageai_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{voyageai_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"voyageai\",\n    \"service_settings\": {\n        \"model_id\": \"voyage-3-large\",\n        \"dimensions\": 512\n    }\n}"'

Request examples

Run `PUT _inference/text_embedding/voyageai-embeddings` to create an inference endpoint that performs a `text_embedding` task. The embeddings created by requests to this endpoint will have 512 dimensions.

{
    "service": "voyageai",
    "service_settings": {
        "model_id": "voyage-3-large",
        "dimensions": 512
    }
}

Run `PUT _inference/rerank/voyageai-rerank` to create an inference endpoint that performs a `rerank` task.

{
    "service": "voyageai",
    "service_settings": {
        "model_id": "rerank-2"
    }
}

Response examples (200)

{
  "chunking_settings": {
    "max_chunk_size": 42.0,
    "overlap": 42.0,
    "sentence_overlap": 42.0,
    "strategy": "string"
  },
  "service": "string",
  "service_settings": {},
  "task_settings": {},
  "inference_id": "string",
  "task_type": "sparse_embedding"
}

Perform sparse embedding inference on the service Added in 8.11.0

POST /_inference/sparse_embedding/{inference_id}

Api key auth Basic auth Bearer auth

Path parameters

inference_id string Required

The inference Id

Query parameters

timeout string

Specifies the amount of time to wait for the inference request to complete.

application/json

Body

input string | array[string] Required

Inference input. Either a string or an array of strings.

One of:
string-1 string array-2 array[string]
task_settings object

Responses

200 application/json
Hide response attribute Show response attribute object
- sparse_embedding array[object] Required
  
  Hide sparse_embedding attribute Show sparse_embedding attribute object
  
  embedding object Required
  
  Sparse Embedding tokens are represented as a dictionary of string to double.
  
  Hide embedding attribute Show embedding attribute object
  
  * number Additional properties

POST /_inference/sparse_embedding/{inference_id}

curl \
 --request POST 'http://api.example.com/_inference/sparse_embedding/{inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"input\": \"The sky above the port was the color of television tuned to a dead channel.\"\n}"'

Request example

Run `POST _inference/sparse_embedding/my-elser-model` to perform sparse embedding on the example sentence.

{
  "input": "The sky above the port was the color of television tuned to a dead channel."
}

Response examples (200)

An abbreviated response from `POST _inference/sparse_embedding/my-elser-model`.

{
  "sparse_embedding": [
    {
      "port": 2.1259406,
      "sky": 1.7073475,
      "color": 1.6922266,
      "dead": 1.6247464,
      "television": 1.3525393,
      "above": 1.2425821,
      "tuned": 1.1440028,
      "colors": 1.1218185,
      "tv": 1.0111054,
      "ports": 1.0067928,
      "poem": 1.0042328,
      "channel": 0.99471164,
      "tune": 0.96235967,
      "scene": 0.9020516
    }
  ]
}

Create or update a GeoIP database configuration Added in 8.15.0

PUT /_ingest/geoip/database/{id}

Api key auth Basic auth Bearer auth

Refer to the create or update IP geolocation database configuration API.

Path parameters

id string Required

ID of the database configuration to create or update.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

application/json

Body Required

name string Required
maxmind object Required
Hide maxmind attribute Show maxmind attribute object
- account_id string Required

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

PUT /_ingest/geoip/database/{id}

curl \
 --request PUT 'http://api.example.com/_ingest/geoip/database/{id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"name":"string","maxmind":{"account_id":"string"}}'

Request examples

{
  "name": "string",
  "maxmind": {
    "account_id": "string"
  }
}

Response examples (200)

{
  "acknowledged": true
}

Create a calendar Added in 6.2.0

PUT /_ml/calendars/{calendar_id}

Api key auth Basic auth Bearer auth

Path parameters

calendar_id string Required

A string that uniquely identifies a calendar.

application/json

Body

job_ids array[string]

An array of anomaly detection job identifiers.
description string

A description of the calendar.

Responses

200 application/json
Hide response attributes Show response attributes object
- calendar_id string Required
- description string
  
  A description of the calendar.
- job_ids string | array[string] Required
  
  One of:
  Id string Ids array[string]

PUT /_ml/calendars/{calendar_id}

curl \
 --request PUT 'http://api.example.com/_ml/calendars/{calendar_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"job_ids":["string"],"description":"string"}'

Request examples

{
  "job_ids": [
    "string"
  ],
  "description": "string"
}

Response examples (200)

{
  "calendar_id": "string",
  "description": "string",
  "": "string"
}

Force buffered data to be processed Added in 5.4.0

POST /_ml/anomaly_detectors/{job_id}/_flush

Api key auth Basic auth Bearer auth

The flush jobs API is only applicable when sending data for analysis using the post data API. Depending on the content of the buffer, then it might additionally calculate new results. Both flush and close operations are similar, however the flush is more efficient if you are expecting to send more data for analysis. When flushing, the job remains open and is available to continue analyzing data. A close operation additionally prunes and persists the model state to disk and the job must be opened again before analyzing further data.

Path parameters

job_id string Required

Identifier for the anomaly detection job.

Query parameters

advance_time string | number

Specifies to advance to a particular time value. Results are generated and the model is updated for data from the specified time interval.
calc_interim boolean

If true, calculates the interim results for the most recent bucket or all buckets within the latency period.
end string | number

When used in conjunction with calc_interim and start, specifies the range of buckets on which to calculate interim results.
skip_time string | number

Specifies to skip to a particular time value. Results are not generated and the model is not updated for data from the specified time interval.
start string | number

When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results.

application/json

Body

advance_time string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number
calc_interim boolean

Refer to the description for the calc_interim query parameter.
end string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number
skip_time string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number
start string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number

Responses

200 application/json
Hide response attributes Show response attributes object
- flushed boolean Required
- last_finalized_bucket_end number
  
  Provides the timestamp (in milliseconds since the epoch) of the end of the last bucket that was processed.

POST /_ml/anomaly_detectors/{job_id}/_flush

curl \
 --request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/_flush' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"":"string","calc_interim":true}'

Request examples

{
  "": "string",
  "calc_interim": true
}

Response examples (200)

{
  "flushed": true,
  "last_finalized_bucket_end": 42.0
}

Get anomaly detection job results for categories Added in 5.4.0

GET /_ml/anomaly_detectors/{job_id}/results/categories/{category_id}

Api key auth Basic auth Bearer auth

Path parameters

job_id string Required

Identifier for the anomaly detection job.
category_id string Required

Identifier for the category, which is unique in the job. If you specify neither the category ID nor the partition_field_value, the API returns information about all categories. If you specify only the partition_field_value, it returns information about all categories for the specified partition.

Query parameters

from number

Skips the specified number of categories.
partition_field_value string

Only return categories for the specified partition.
size number

Specifies the maximum number of categories to obtain.

application/json

Body

page object
Hide page attributes Show page attributes object
- from number
  
  Skips the specified number of items.
- size number
  
  Specifies the maximum number of items to obtain.

Responses

200 application/json
Hide response attributes Show response attributes object
- categories array[object] Required
  
  Hide categories attributes Show categories attributes object
  
  category_id number Required
  
  examples array[string] Required
  
  A list of examples of actual values that matched the category.
  
  grok_pattern string
  
  job_id string Required
  
  max_matching_length number Required
  
  partition_field_name string
  
  If per-partition categorization is enabled, this property identifies the field used to segment the categorization. It is not present when per-partition categorization is disabled.
  
  partition_field_value string
  
  If per-partition categorization is enabled, this property identifies the value of the partition_field_name for the category. It is not present when per-partition categorization is disabled.
  
  regex string Required
  
  A regular expression that is used to search for values that match the category.
  
  terms string Required
  
  A space separated list of the common tokens that are matched in values of the category.
  
  num_matches number
  
  The number of messages that have been matched by this category. This is only guaranteed to have the latest accurate count after a job _flush or _close
  
  preferred_to_categories array[string]
  
  A list of category_id entries that this current category encompasses. Any new message that is processed by the categorizer will match against this category and not any of the categories in this list. This is only guaranteed to have the latest accurate list of categories after a job _flush or _close
  
  p string
  
  result_type string Required
  
  mlcategory string Required
- count number Required

GET /_ml/anomaly_detectors/{job_id}/results/categories/{category_id}

curl \
 --request GET 'http://api.example.com/_ml/anomaly_detectors/{job_id}/results/categories/{category_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"page":{"from":42.0,"size":42.0}}'

Request examples

{
  "page": {
    "from": 42.0,
    "size": 42.0
  }
}

Response examples (200)

{
  "categories": [
    {
      "category_id": 42.0,
      "examples": [
        "string"
      ],
      "grok_pattern": "string",
      "job_id": "string",
      "max_matching_length": 42.0,
      "partition_field_name": "string",
      "partition_field_value": "string",
      "regex": "string",
      "terms": "string",
      "num_matches": 42.0,
      "preferred_to_categories": [
        "string"
      ],
      "p": "string",
      "result_type": "string",
      "mlcategory": "string"
    }
  ],
  "count": 42.0
}

Get model snapshots info Added in 5.4.0

POST /_ml/anomaly_detectors/{job_id}/model_snapshots

Api key auth Basic auth Bearer auth

Path parameters

job_id string Required

Identifier for the anomaly detection job.

Query parameters

desc boolean

If true, the results are sorted in descending order.
end string | number

Returns snapshots with timestamps earlier than this time.
from number

Skips the specified number of snapshots.
size number

Specifies the maximum number of snapshots to obtain.
sort string

Specifies the sort field for the requested snapshots. By default, the snapshots are sorted by their timestamp.
start string | number

Returns snapshots with timestamps after this time.

application/json

Body

desc boolean

Refer to the description for the desc query parameter.
end string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number
page object
Hide page attributes Show page attributes object
- from number
  
  Skips the specified number of items.
- size number
  
  Specifies the maximum number of items to obtain.
sort string

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
start string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number

Responses

200 application/json
Hide response attributes Show response attributes object
- count number Required
- model_snapshots array[object] Required
  
  Hide model_snapshots attributes Show model_snapshots attributes object
  
  description string
  
  An optional description of the job.
  
  job_id string Required
  
  latest_record_time_stamp number
  
  The timestamp of the latest processed record.
  
  latest_result_time_stamp number
  
  The timestamp of the latest bucket result.
  
  min_version string Required
  
  model_size_stats object
  
  Hide model_size_stats attributes Show model_size_stats attributes object
  
  bucket_allocation_failures_count number Required
  
  job_id string Required
  
  log_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  memory_status string Required
  
  Values are ok, soft_limit, or hard_limit.
  
  model_bytes number | string Required
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_exceeded number | string
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_memory_limit number | string
  
  One of:
  ByteSize number ByteSize string
  
  output_memory_allocator_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  peak_model_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  assignment_memory_basis string
  
  result_type string Required
  
  total_by_field_count number Required
  
  total_over_field_count number Required
  
  total_partition_field_count number Required
  
  categorization_status string Required
  
  Values are ok or warn.
  
  categorized_doc_count number Required
  
  dead_category_count number Required
  
  failed_category_count number Required
  
  frequent_category_count number Required
  
  rare_category_count number Required
  
  total_category_count number Required
  
  timestamp number
  
  retain boolean Required
  
  If true, this snapshot will not be deleted during automatic cleanup of snapshots older than model_snapshot_retention_days. However, this snapshot will be deleted when the job is deleted. The default value is false.
  
  snapshot_doc_count number Required
  
  For internal use only.
  
  snapshot_id string Required
  
  timestamp number Required
  
  The creation timestamp for the snapshot.

POST /_ml/anomaly_detectors/{job_id}/model_snapshots

curl \
 --request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/model_snapshots' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"desc":true,"":"string","page":{"from":42.0,"size":42.0},"sort":"string"}'

Request examples

{
  "desc": true,
  "": "string",
  "page": {
    "from": 42.0,
    "size": 42.0
  },
  "sort": "string"
}

Response examples (200)

{
  "count": 42.0,
  "model_snapshots": [
    {
      "description": "string",
      "job_id": "string",
      "latest_record_time_stamp": 42.0,
      "latest_result_time_stamp": 42.0,
      "min_version": "string",
      "model_size_stats": {
        "bucket_allocation_failures_count": 42.0,
        "job_id": "string",
        "": 42.0,
        "memory_status": "ok",
        "assignment_memory_basis": "string",
        "result_type": "string",
        "total_by_field_count": 42.0,
        "total_over_field_count": 42.0,
        "total_partition_field_count": 42.0,
        "categorization_status": "ok",
        "categorized_doc_count": 42.0,
        "dead_category_count": 42.0,
        "failed_category_count": 42.0,
        "frequent_category_count": 42.0,
        "rare_category_count": 42.0,
        "total_category_count": 42.0,
        "timestamp": 42.0
      },
      "retain": true,
      "snapshot_doc_count": 42.0,
      "snapshot_id": "string",
      "timestamp": 42.0
    }
  ]
}

Preview a datafeed Added in 5.4.0

GET /_ml/datafeeds/{datafeed_id}/_preview

Api key auth Basic auth Bearer auth

This API returns the first "page" of search results from a datafeed. You can preview an existing datafeed or provide configuration details for a datafeed and anomaly detection job in the API. The preview shows the structure of the data that will be passed to the anomaly detection engine. IMPORTANT: When Elasticsearch security features are enabled, the preview uses the credentials of the user that called the API. However, when the datafeed starts it uses the roles of the last user that created or updated the datafeed. To get a preview that accurately reflects the behavior of the datafeed, use the appropriate credentials. You can also use secondary authorization headers to supply the credentials.

Path parameters

datafeed_id string Required

A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters. NOTE: If you use this path parameter, you cannot provide datafeed or anomaly detection job configuration details in the request body.

Query parameters

start string | number

The start time from where the datafeed preview should begin
end string | number

The end time when the datafeed preview should stop

application/json

Body

datafeed_config object
Hide datafeed_config attributes Show datafeed_config attributes object
- aggregations object
  
  If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.
- chunking_config object
  Hide chunking_config attributes Show chunking_config attributes object
  
  mode string Required
  
  Values are auto, manual, or off.
  
  time_span string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- datafeed_id string
- delayed_data_check_config object
  Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
  
  check_window string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  enabled boolean Required
  
  Specifies whether the datafeed periodically checks for delayed data.
- frequency string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- indices string | array[string]
- indices_options object
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
- job_id string
- max_empty_searches number
  
  If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after frequency times max_empty_searches of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.
- query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
- query_delay string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- runtime_mappings object
  Hide runtime_mappings attribute Show runtime_mappings attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
- script_fields object
  
  Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.
  Hide script_fields attribute Show script_fields attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
- scroll_size number
  
  The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window, which is 10,000 by default.
job_config object
Hide job_config attributes Show job_config attributes object
- allow_lazy_open boolean
  
  Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node.
- analysis_config object Required
  Hide analysis_config attributes Show analysis_config attributes object
  
  bucket_span string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  categorization_analyzer string | object
  
  One of:
  CategorizationAnalyzer string CategorizationAnalyzerDefinition object
  
  Hide attributes Show attributes
  
  char_filter array
  
  One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of categorization_filters (which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters.
  
  External documentation
  
  filter array
  
  One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization.
  
  External documentation
  
  tokenizer object | string
  
  The name or definition of the tokenizer to use after character filters are applied. This property is compulsory if categorization_analyzer is specified as an object. Machine learning provides a tokenizer called ml_standard that tokenizes in a way that has been determined to produce good categorization results on a variety of log file formats for logs in English. If you want to use that tokenizer but change the character or token filters, specify "tokenizer": "ml_standard" in your categorization_analyzer. Additionally, the ml_classic tokenizer is available, which tokenizes in the same way as the non-customizable tokenizer in old versions of the product (before 6.2). ml_classic was the default categorization tokenizer in versions 6.2 to 7.13, so if you need categorization identical to the default for jobs created in these versions, specify "tokenizer": "ml_classic" in your categorization_analyzer.
  
  One of:
  object-1 object string-2 string
  
  Tokenizer reference
  
  categorization_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  categorization_filters array[string]
  
  If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as categorization_analyzer. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the categorization_analyzer property instead and include the filters as pattern_replace character filters. The effect is exactly the same.
  
  detectors array[object] Required
  
  Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.
  
  Hide detectors attributes Show detectors attributes object
  
  by_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  custom_rules array[object]
  
  Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.
  
  Hide custom_rules attributes Show custom_rules attributes object
  
  actions array[string]
  
  The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.
  
  Values are skip_result or skip_model_update.
  
  conditions array[object]
  
  An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.
  
  scope object
  
  A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in by_field_name, over_field_name, or partition_field_name.
  
  detector_description string
  
  A description of the detector.
  
  detector_index number
  
  A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero. If you specify a value for this property, it is ignored.
  
  exclude_frequent string
  
  Values are all, none, by, or over.
  
  field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  function string
  
  The analysis function that is used. For example, count, rare, mean, min, max, or sum.
  
  over_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  partition_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  use_null boolean
  
  Defines whether a new series is used as the null series when there is no value for the by or partition fields.
  
  influencers array[string]
  
  A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.
  
  latency string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  model_prune_window string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  multivariate_by_fields boolean
  
  This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the multivariate_by_fields property, you must also specify by_field_name in your detector.
  
  per_partition_categorization object
  
  Hide per_partition_categorization attributes Show per_partition_categorization attributes object
  
  enabled boolean
  
  To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.
  
  stop_on_warn boolean
  
  This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.
  
  summary_count_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- analysis_limits object
  Hide analysis_limits attributes Show analysis_limits attributes object
  
  categorization_examples_limit number
  
  The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The categorization_examples_limit applies only to analysis that uses categorization.
  
  model_memory_limit number | string
  
  One of:
  ByteSize number ByteSize string
- background_persist_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- custom_settings object
  
  Custom metadata about the job
- daily_model_snapshot_retention_after_days number
  
  Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job.
- data_description object Required
  Hide data_description attributes Show data_description attributes object
  
  format string
  
  Only JSON format is supported at this time.
  
  time_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  time_format string
  
  The time format, which can be epoch, epoch_ms, or a custom pattern. The value epoch refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value epoch_ms indicates that time is measured in milliseconds since the epoch. The epoch and epoch_ms time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: yyyy-MM-dd'T'HH:mm:ssX. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.
  
  field_delimiter string
- datafeed_config object
  Hide datafeed_config attributes Show datafeed_config attributes object
  
  aggregations object
  
  If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.
  
  chunking_config object
  
  Hide chunking_config attributes Show chunking_config attributes object
  
  mode string Required
  
  Values are auto, manual, or off.
  
  time_span string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  datafeed_id string
  
  delayed_data_check_config object
  
  Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
  
  check_window string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  enabled boolean Required
  
  Specifies whether the datafeed periodically checks for delayed data.
  
  frequency string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  indices string | array[string]
  
  indices_options object
  
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
  
  job_id string
  
  max_empty_searches number
  
  If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after frequency times max_empty_searches of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.
  
  query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  query_delay string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  runtime_mappings object
  
  Hide runtime_mappings attribute Show runtime_mappings attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  script_fields object
  
  Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.
  
  Hide script_fields attribute Show script_fields attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
  
  scroll_size number
  
  The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window, which is 10,000 by default.
- description string
  
  A description of the job.
- groups array[string]
  
  A list of job groups. A job can belong to no groups or many.
- job_id string
- job_type string
  
  Reserved for future use, currently set to anomaly_detector.
- model_plot_config object
  Hide model_plot_config attributes Show model_plot_config attributes object
  
  annotations_enabled boolean
  
  If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.
  
  enabled boolean
  
  If true, enables calculation and storage of the model bounds for each entity that is being analyzed.
  
  terms string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- model_snapshot_retention_days number
  
  Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. The default value is 10, which means snapshots ten days older than the newest snapshot are deleted.
- renormalization_window_days number
  
  Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket_spans.
- results_index_name string
- results_retention_days number
  
  Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.

Responses

200 application/json

GET /_ml/datafeeds/{datafeed_id}/_preview

curl \
 --request GET 'http://api.example.com/_ml/datafeeds/{datafeed_id}/_preview' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"datafeed_config":{"aggregations":{},"chunking_config":{"mode":"auto","time_span":"string"},"datafeed_id":"string","delayed_data_check_config":{"check_window":"string","enabled":true},"frequency":"string","indices":"string","indices_options":{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"ignore_throttled":true},"job_id":"string","max_empty_searches":42.0,"query":{},"query_delay":"string","runtime_mappings":{"additionalProperty1":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"},"additionalProperty2":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"}},"script_fields":{"additionalProperty1":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true},"additionalProperty2":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true}},"scroll_size":42.0},"job_config":{"allow_lazy_open":true,"analysis_config":{"bucket_span":"string","":"string","categorization_field_name":"string","categorization_filters":["string"],"detectors":[{"by_field_name":"string","custom_rules":[{"actions":["skip_result"],"conditions":[{}],"scope":{}}],"detector_description":"string","detector_index":42.0,"exclude_frequent":"all","field_name":"string","function":"string","over_field_name":"string","partition_field_name":"string","use_null":true}],"influencers":["string"],"latency":"string","model_prune_window":"string","multivariate_by_fields":true,"per_partition_categorization":{"enabled":true,"stop_on_warn":true},"summary_count_field_name":"string"},"analysis_limits":{"categorization_examples_limit":42.0,"":42.0},"background_persist_interval":"string","custom_settings":{},"daily_model_snapshot_retention_after_days":42.0,"data_description":{"format":"string","time_field":"string","time_format":"string","field_delimiter":"string"},"datafeed_config":{"aggregations":{},"chunking_config":{"mode":"auto","time_span":"string"},"datafeed_id":"string","delayed_data_check_config":{"check_window":"string","enabled":true},"frequency":"string","indices":"string","indices_options":{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"ignore_throttled":true},"job_id":"string","max_empty_searches":42.0,"query":{},"query_delay":"string","runtime_mappings":{"additionalProperty1":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"},"additionalProperty2":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"}},"script_fields":{"additionalProperty1":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true},"additionalProperty2":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true}},"scroll_size":42.0},"description":"string","groups":["string"],"job_id":"string","job_type":"string","model_plot_config":{"annotations_enabled":true,"enabled":true,"terms":"string"},"model_snapshot_retention_days":42.0,"renormalization_window_days":42.0,"results_index_name":"string","results_retention_days":42.0}}'

Request examples

{
  "datafeed_config": {
    "aggregations": {},
    "chunking_config": {
      "mode": "auto",
      "time_span": "string"
    },
    "datafeed_id": "string",
    "delayed_data_check_config": {
      "check_window": "string",
      "enabled": true
    },
    "frequency": "string",
    "indices": "string",
    "indices_options": {
      "allow_no_indices": true,
      "expand_wildcards": "string",
      "ignore_unavailable": true,
      "ignore_throttled": true
    },
    "job_id": "string",
    "max_empty_searches": 42.0,
    "query": {},
    "query_delay": "string",
    "runtime_mappings": {
      "additionalProperty1": {
        "fields": {
          "additionalProperty1": {
            "type": "boolean"
          },
          "additionalProperty2": {
            "type": "boolean"
          }
        },
        "fetch_fields": [
          {
            "field": "string",
            "format": "string"
          }
        ],
        "format": "string",
        "input_field": "string",
        "target_field": "string",
        "target_index": "string",
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "type": "boolean"
      },
      "additionalProperty2": {
        "fields": {
          "additionalProperty1": {
            "type": "boolean"
          },
          "additionalProperty2": {
            "type": "boolean"
          }
        },
        "fetch_fields": [
          {
            "field": "string",
            "format": "string"
          }
        ],
        "format": "string",
        "input_field": "string",
        "target_field": "string",
        "target_index": "string",
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "type": "boolean"
      }
    },
    "script_fields": {
      "additionalProperty1": {
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "ignore_failure": true
      },
      "additionalProperty2": {
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "ignore_failure": true
      }
    },
    "scroll_size": 42.0
  },
  "job_config": {
    "allow_lazy_open": true,
    "analysis_config": {
      "bucket_span": "string",
      "": "string",
      "categorization_field_name": "string",
      "categorization_filters": [
        "string"
      ],
      "detectors": [
        {
          "by_field_name": "string",
          "custom_rules": [
            {
              "actions": [
                "skip_result"
              ],
              "conditions": [
                {}
              ],
              "scope": {}
            }
          ],
          "detector_description": "string",
          "detector_index": 42.0,
          "exclude_frequent": "all",
          "field_name": "string",
          "function": "string",
          "over_field_name": "string",
          "partition_field_name": "string",
          "use_null": true
        }
      ],
      "influencers": [
        "string"
      ],
      "latency": "string",
      "model_prune_window": "string",
      "multivariate_by_fields": true,
      "per_partition_categorization": {
        "enabled": true,
        "stop_on_warn": true
      },
      "summary_count_field_name": "string"
    },
    "analysis_limits": {
      "categorization_examples_limit": 42.0,
      "": 42.0
    },
    "background_persist_interval": "string",
    "custom_settings": {},
    "daily_model_snapshot_retention_after_days": 42.0,
    "data_description": {
      "format": "string",
      "time_field": "string",
      "time_format": "string",
      "field_delimiter": "string"
    },
    "datafeed_config": {
      "aggregations": {},
      "chunking_config": {
        "mode": "auto",
        "time_span": "string"
      },
      "datafeed_id": "string",
      "delayed_data_check_config": {
        "check_window": "string",
        "enabled": true
      },
      "frequency": "string",
      "indices": "string",
      "indices_options": {
        "allow_no_indices": true,
        "expand_wildcards": "string",
        "ignore_unavailable": true,
        "ignore_throttled": true
      },
      "job_id": "string",
      "max_empty_searches": 42.0,
      "query": {},
      "query_delay": "string",
      "runtime_mappings": {
        "additionalProperty1": {
          "fields": {
            "additionalProperty1": {
              "type": "boolean"
            },
            "additionalProperty2": {
              "type": "boolean"
            }
          },
          "fetch_fields": [
            {
              "field": "string",
              "format": "string"
            }
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {
              "additionalProperty1": {},
              "additionalProperty2": {}
            },
            "": "painless",
            "options": {
              "additionalProperty1": "string",
              "additionalProperty2": "string"
            }
          },
          "type": "boolean"
        },
        "additionalProperty2": {
          "fields": {
            "additionalProperty1": {
              "type": "boolean"
            },
            "additionalProperty2": {
              "type": "boolean"
            }
          },
          "fetch_fields": [
            {
              "field": "string",
              "format": "string"
            }
          ],
          "format": "string",
          "input_field": "string",
          "target_field": "string",
          "target_index": "string",
          "script": {
            "source": "string",
            "id": "string",
            "params": {
              "additionalProperty1": {},
              "additionalProperty2": {}
            },
            "": "painless",
            "options": {
              "additionalProperty1": "string",
              "additionalProperty2": "string"
            }
          },
          "type": "boolean"
        }
      },
      "script_fields": {
        "additionalProperty1": {
          "script": {
            "source": "string",
            "id": "string",
            "params": {
              "additionalProperty1": {},
              "additionalProperty2": {}
            },
            "": "painless",
            "options": {
              "additionalProperty1": "string",
              "additionalProperty2": "string"
            }
          },
          "ignore_failure": true
        },
        "additionalProperty2": {
          "script": {
            "source": "string",
            "id": "string",
            "params": {
              "additionalProperty1": {},
              "additionalProperty2": {}
            },
            "": "painless",
            "options": {
              "additionalProperty1": "string",
              "additionalProperty2": "string"
            }
          },
          "ignore_failure": true
        }
      },
      "scroll_size": 42.0
    },
    "description": "string",
    "groups": [
      "string"
    ],
    "job_id": "string",
    "job_type": "string",
    "model_plot_config": {
      "annotations_enabled": true,
      "enabled": true,
      "terms": "string"
    },
    "model_snapshot_retention_days": 42.0,
    "renormalization_window_days": 42.0,
    "results_index_name": "string",
    "results_retention_days": 42.0
  }
}

Response examples (200)

[
  {}
]

Run a script Technical preview

POST /_scripts/painless/_execute

Api key auth Basic auth Bearer auth

Runs a script and returns a result. Use this API to build and test scripts, such as when defining a script for a runtime field. This API requires very few dependencies and is especially useful if you don't have permissions to write documents on a cluster.

The API uses several contexts, which control how scripts are run, what variables are available at runtime, and what the return type is.

Each context requires a script, but additional parameters depend on the context you're using for that script.

application/json

Body

context string

Values are painless_test, filter, score, boolean_field, date_field, double_field, geo_point_field, ip_field, keyword_field, long_field, or composite_field.
context_setup object
Hide context_setup attributes Show context_setup attributes object
- document object Required
  
  Document that's temporarily indexed in-memory and accessible from the script.
- index string Required
- query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
script object
Hide script attributes Show script attributes object
- source string
  
  The script source.
- id string
- params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  Hide params attribute Show params attribute object
  
  * object Additional properties
- lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
- options object
  Hide options attribute Show options attribute object
  
  * string Additional properties

Responses

200 application/json
Hide response attribute Show response attribute object
- result object Required

POST /_scripts/painless/_execute

curl \
 --request POST 'http://api.example.com/_scripts/painless/_execute' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"script\": {\n    \"source\": \"params.count / params.total\",\n    \"params\": {\n      \"count\": 100.0,\n      \"total\": 1000.0\n    }\n  }\n}"'

Request examples

Run `POST /_scripts/painless/_execute`. The `painless_test` context is the default context. It runs scripts without additional parameters. The only variable that is available is `params`, which can be used to access user defined values. The result of the script is always converted to a string.

{
  "script": {
    "source": "params.count / params.total",
    "params": {
      "count": 100.0,
      "total": 1000.0
    }
  }
}

Run `POST /_scripts/painless/_execute` with a `filter` context. It treats scripts as if they were run inside a script query. For testing purposes, a document must be provided so that it will be temporarily indexed in-memory and is accessible from the script. More precisely, the `_source`, stored fields, and doc values of such a document are available to the script being tested.

{
  "script": {
    "source": "doc['field'].value.length() <= params.max_length",
    "params": {
      "max_length": 4
    }
  },
  "context": "filter",
  "context_setup": {
    "index": "my-index-000001",
    "document": {
      "field": "four"
    }
  }
}

Run `POST /_scripts/painless/_execute` with a `score` context. It treats scripts as if they were run inside a `script_score` function in a `function_score` query.

{
  "script": {
    "source": "doc['rank'].value / params.max_rank",
    "params": {
      "max_rank": 5.0
    }
  },
  "context": "score",
  "context_setup": {
    "index": "my-index-000001",
    "document": {
      "rank": 4
    }
  }
}

Response examples (200)

A successful response from `POST /_scripts/painless/_execute` with a `painless_test` context.

{
  "result": "0.1"
}

A successful response from `POST /_scripts/painless/_execute` with a `filter` context.

{
  "result": true
}

A successful response from `POST /_scripts/painless/_execute` with a `score` context.

{
  "result": 0.8
}

Delete a behavioral analytics collection Technical preview

Get trained models Added in 7.7.0

heap_size number | string

create_time string | number

Get snapshot information Added in 2.1.0

start_epoch number | string

start_time string | object

end_epoch number | string

Get snapshot information Added in 2.1.0

start_epoch number | string

start_time string | object

end_epoch number | string

Clear the archived repositories metering Technical preview

Get all connectors Beta

default_value number | string | boolean | null Required

tooltip string | null

error string | null

index_name string | null

last_access_control_sync_scheduled_at string | number

last_incremental_sync_scheduled_at string | number

last_seen string | number

last_sync_scheduled_at string | number

last_synced string | number

Update the connector error field Technical preview

Body Required

error string | null

Downsample an index Technical preview

Body Required

Get data stream lifecycle stats Added in 8.12.0

Update data streams Added in 7.16.0

Body Required

Body object Required

_id string | null

Get the async EQL status Added in 7.9.0

Delete an index template Added in 7.8.0

start_time string | number

stop_time string | number

percent string | number Required

lang string

routing_path string | array[string]

order string | array[string]

mode string | array[string]

missing string | array[string]

number_of_shards number | string

number_of_replicas number | string

routing_partition_size number | string

hidden boolean | string

auto_expand_replicas string | null

max_thread_count number | string

max_merge_count number | string

read_only boolean | string

read_only_allow_delete boolean | string

read boolean | string

write boolean | string

metadata boolean | string

max_token_count number | string

threshold_enabled boolean | string

indexing_complete boolean | string

prefer_ilm boolean | string

creation_date number | string

creation_date_string string | number

verified_before_close boolean | string

format string | number

flush_threshold_size number | string

size number | string

lenient boolean | string Required

priority number | string

end_time string | number

start_time string | number

limit number | string

ignore_dynamic_beyond_limit boolean | string

ignore_malformed boolean | string

type string Required

routing_path string | array[string]

order string | array[string]

mode string | array[string]

missing string | array[string]

number_of_shards number | string

number_of_replicas number | string

routing_partition_size number | string