The API accepts 3 different authentication methods:
Elasticsearch APIs support key-based authentication. You must create an API key and use the encoded value in the request header. For example:
curl -X GET "${ES_URL}/_cat/indices?v=true" \
-H "Authorization: ApiKey ${API_KEY}"
To get API keys, use the /_security/api_key APIs.
Elasticsearch APIs support the use of bearer tokens in the Authorization HTTP header to authenticate with the API.
For examples, refer to Token-based authentication services
All methods and paths for this operation:
Get a snapshot of the number of shards allocated to each data node and their disk space.
IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications.
monitorA comma-separated list of node identifiers or names used to limit the returned information.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
A comma-separated list of columns names to display. It supports simple wildcards.
Supported values include:
shards (or s): The number of shards on the node.shards.undesired: The number of shards scheduled to be moved elsewhere in the cluster.write_load.forecast (or wlf, writeLoadForecast): The sum of index write load forecasts.disk.indices.forecast (or dif, diskIndicesForecast): The sum of shard size forecasts.disk.indices (or di, diskIndices): The disk space used by Elasticsearch indices.disk.used (or du, diskUsed): The total disk space used on the node.disk.avail (or da, diskAvail): The available disk space on the node.disk.total (or dt, diskTotal): The total disk capacity of all volumes on the node.disk.percent (or dp, diskPercent): The percentage of disk space used on the node.host (or h): IThe host of the node.ip: The IP address of the node.node (or n): The name of the node.node.role (or r, role, nodeRole): The roles assigned to the node.Values are shards, s, shards.undesired, write_load.forecast, wlf, writeLoadForecast, disk.indices.forecast, dif, diskIndicesForecast, disk.indices, di, diskIndices, disk.used, du, diskUsed, disk.avail, da, diskAvail, disk.total, dt, diskTotal, disk.percent, dp, diskPercent, host, h, ip, node, n, node.role, r, role, or nodeRole.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
If true, the request computes the list of selected nodes from the
local cluster state. If false the list of selected nodes are computed
from the cluster state of the master node. In both cases the coordinating
node will send requests for further information to each selected node.
Period to wait for a connection to the master node.
Values are -1 or 0.
GET /_cat/allocation?v=true&format=json
resp = client.cat.allocation(
v=True,
format="json",
)const response = await client.cat.allocation({
v: "true",
format: "json",
});response = client.cat.allocation(
v: "true",
format: "json"
)$resp = $client->cat()->allocation([
"v" => "true",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/allocation?v=true&format=json"client.cat().allocation();
[
{
"shards": "1",
"shards.undesired": "0",
"write_load.forecast": "0.0",
"disk.indices.forecast": "260b",
"disk.indices": "260b",
"disk.used": "47.3gb",
"disk.avail": "43.4gb",
"disk.total": "100.7gb",
"disk.percent": "46",
"host": "127.0.0.1",
"ip": "127.0.0.1",
"node": "CSUXak2",
"node.role": "himrst"
}
]All methods and paths for this operation:
Get high-level information about indices in a cluster, including backing indices for data streams.
Use this request to get the following information for each index in a cluster:
These metrics are retrieved directly from Lucene, which Elasticsearch uses internally to power indexing and search. As a result, all document counts include hidden nested documents. To get an accurate count of Elasticsearch documents, use the cat count or count APIs.
CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use an index endpoint.
monitormonitorComma-separated list of data streams, indices, and aliases used to limit the request.
Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
The unit used to display byte values.
Values are b, kb, mb, gb, tb, or pb.
The type of index that wildcard patterns can match.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
The health status used to limit returned indices. By default, the response includes indices of any health status.
Supported values include:
green (or GREEN): All shards are assigned.yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.unknownunavailableValues are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
If true, the response includes information from segments that are not loaded into memory.
If true, the response only includes information from primary shards.
The unit used to display time values.
Values are nanos, micros, ms, s, m, h, or d.
Period to wait for a connection to the master node.
Values are -1 or 0.
List of columns to appear in the response. Supports simple wildcards.
List of columns that determine how the table should be sorted.
Sorting defaults to ascending and can be changed by setting :asc
or :desc as a suffix to the column name.
GET /_cat/indices/my-index-*?v=true&s=index&format=json
resp = client.cat.indices(
index="my-index-*",
v=True,
s="index",
format="json",
)const response = await client.cat.indices({
index: "my-index-*",
v: "true",
s: "index",
format: "json",
});response = client.cat.indices(
index: "my-index-*",
v: "true",
s: "index",
format: "json"
)$resp = $client->cat()->indices([
"index" => "my-index-*",
"v" => "true",
"s" => "index",
"format" => "json",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/indices/my-index-*?v=true&s=index&format=json"client.cat().indices();
[
{
"health": "yellow",
"status": "open",
"index": "my-index-000001",
"uuid": "u8FNjxh8Rfy_awN11oDKYQ",
"pri": "1",
"rep": "1",
"docs.count": "1200",
"docs.deleted": "0",
"store.size": "88.1kb",
"pri.store.size": "88.1kb",
"dataset.size": "88.1kb"
},
{
"health": "green",
"status": "open",
"index": "my-index-000002",
"uuid": "nYFWZEO7TUiOjLQXBaYJpA ",
"pri": "1",
"rep": "0",
"docs.count": "0",
"docs.deleted": "0",
"store.size": "260b",
"pri.store.size": "260b",
"dataset.size": "260b"
}
]curl \
--request HEAD 'http://api.example.com/' \
--header "Authorization: $API_KEY"curl \
--request DELETE 'http://api.example.com/_nodes/{node_id}/_repositories_metering/{max_archive_version}' \
--header "Authorization: $API_KEY"Get repositories metering information for a cluster. This API exposes monotonically non-decreasing counters and it is expected that clients would durably store the information needed to compute aggregations over a period of time. Additionally, the information exposed by this API is volatile, meaning that it will not be present after node restarts.
monitor,managecurl \
--request GET 'http://api.example.com/_nodes/{node_id}/_repositories_metering' \
--header "Authorization: $API_KEY"Removes a connector and associated sync jobs. This is a destructive action that is not recoverable. NOTE: This action doesn’t delete any API keys, ingest pipelines, or data indices associated with the connector. These need to be removed manually.
DELETE _connector/my-connector-id&delete_sync_jobs=true
resp = client.connector.delete(
connector_id="my-connector-id&delete_sync_jobs=true",
)const response = await client.connector.delete({
connector_id: "my-connector-id&delete_sync_jobs=true",
});response = client.connector.delete(
connector_id: "my-connector-id&delete_sync_jobs=true"
)$resp = $client->connector()->delete([
"connector_id" => "my-connector-id&delete_sync_jobs=true",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/my-connector-id&delete_sync_jobs=true"client.connector().delete(d -> d
.connectorId("my-connector-id&delete_sync_jobs=true")
);
{
"acknowledged": true
}Connectors are Elasticsearch integrations that bring content from third-party data sources, which can be deployed on Elastic Cloud or hosted on your own infrastructure. Elastic managed connectors (Native connectors) are a managed service on Elastic Cloud. Self-managed connectors (Connector clients) are self-managed on your infrastructure.
curl \
--request POST 'http://api.example.com/_connector' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"description":"string","index_name":"string","is_native":true,"language":"string","name":"string","service_type":"string"}'Check in a connector sync job and set the last_seen field to the current time before updating it in the internal index.
To sync data using self-managed connectors, you need to deploy the Elastic connector service on your own infrastructure. This service runs automatically on Elastic Cloud for Elastic managed connectors.
PUT _connector/_sync_job/my-connector-sync-job/_check_in
resp = client.connector.sync_job_check_in(
connector_sync_job_id="my-connector-sync-job",
)const response = await client.connector.syncJobCheckIn({
connector_sync_job_id: "my-connector-sync-job",
});response = client.connector.sync_job_check_in(
connector_sync_job_id: "my-connector-sync-job"
)$resp = $client->connector()->syncJobCheckIn([
"connector_sync_job_id" => "my-connector-sync-job",
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/_sync_job/my-connector-sync-job/_check_in"client.connector().syncJobCheckIn(s -> s
.connectorSyncJobId("my-connector-sync-job")
);
Update the api_key_id and api_key_secret_id fields of a connector.
You can specify the ID of the API key used for authorization and the ID of the connector secret where the API key is stored.
The connector secret ID is required only for Elastic managed (native) connectors.
Self-managed connectors (connector clients) do not use this field.
PUT _connector/my-connector/_api_key_id
{
"api_key_id": "my-api-key-id",
"api_key_secret_id": "my-connector-secret-id"
}resp = client.connector.update_api_key_id(
connector_id="my-connector",
api_key_id="my-api-key-id",
api_key_secret_id="my-connector-secret-id",
)const response = await client.connector.updateApiKeyId({
connector_id: "my-connector",
api_key_id: "my-api-key-id",
api_key_secret_id: "my-connector-secret-id",
});response = client.connector.update_api_key_id(
connector_id: "my-connector",
body: {
"api_key_id": "my-api-key-id",
"api_key_secret_id": "my-connector-secret-id"
}
)$resp = $client->connector()->updateApiKeyId([
"connector_id" => "my-connector",
"body" => [
"api_key_id" => "my-api-key-id",
"api_key_secret_id" => "my-connector-secret-id",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"api_key_id":"my-api-key-id","api_key_secret_id":"my-connector-secret-id"}' "$ELASTICSEARCH_URL/_connector/my-connector/_api_key_id"client.connector().updateApiKeyId(u -> u
.apiKeyId("my-api-key-id")
.apiKeySecretId("my-connector-secret-id")
.connectorId("my-connector")
);
{
"api_key_id": "my-api-key-id",
"api_key_secret_id": "my-connector-secret-id"
}{
"result": "updated"
}PUT _connector/my-connector/_name
{
"name": "Custom connector",
"description": "This is my customized connector"
}resp = client.connector.update_name(
connector_id="my-connector",
name="Custom connector",
description="This is my customized connector",
)const response = await client.connector.updateName({
connector_id: "my-connector",
name: "Custom connector",
description: "This is my customized connector",
});response = client.connector.update_name(
connector_id: "my-connector",
body: {
"name": "Custom connector",
"description": "This is my customized connector"
}
)$resp = $client->connector()->updateName([
"connector_id" => "my-connector",
"body" => [
"name" => "Custom connector",
"description" => "This is my customized connector",
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"name":"Custom connector","description":"This is my customized connector"}' "$ELASTICSEARCH_URL/_connector/my-connector/_name"client.connector().updateName(u -> u
.connectorId("my-connector")
.description("This is my customized connector")
.name("Custom connector")
);
{
"name": "Custom connector",
"description": "This is my customized connector"
}{
"result": "updated"
}PUT _connector/my-connector/_scheduling
{
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}resp = client.connector.update_scheduling(
connector_id="my-connector",
scheduling={
"access_control": {
"enabled": True,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": True,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": False,
"interval": "0 30 0 * * ?"
}
},
)const response = await client.connector.updateScheduling({
connector_id: "my-connector",
scheduling: {
access_control: {
enabled: true,
interval: "0 10 0 * * ?",
},
full: {
enabled: true,
interval: "0 20 0 * * ?",
},
incremental: {
enabled: false,
interval: "0 30 0 * * ?",
},
},
});response = client.connector.update_scheduling(
connector_id: "my-connector",
body: {
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}
)$resp = $client->connector()->updateScheduling([
"connector_id" => "my-connector",
"body" => [
"scheduling" => [
"access_control" => [
"enabled" => true,
"interval" => "0 10 0 * * ?",
],
"full" => [
"enabled" => true,
"interval" => "0 20 0 * * ?",
],
"incremental" => [
"enabled" => false,
"interval" => "0 30 0 * * ?",
],
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"scheduling":{"access_control":{"enabled":true,"interval":"0 10 0 * * ?"},"full":{"enabled":true,"interval":"0 20 0 * * ?"},"incremental":{"enabled":false,"interval":"0 30 0 * * ?"}}}' "$ELASTICSEARCH_URL/_connector/my-connector/_scheduling"client.connector().updateScheduling(u -> u
.connectorId("my-connector")
.scheduling(s -> s
.accessControl(a -> a
.enabled(true)
.interval("0 10 0 * * ?")
)
.full(f -> f
.enabled(true)
.interval("0 20 0 * * ?")
)
.incremental(i -> i
.enabled(false)
.interval("0 30 0 * * ?")
)
)
);
{
"scheduling": {
"access_control": {
"enabled": true,
"interval": "0 10 0 * * ?"
},
"full": {
"enabled": true,
"interval": "0 20 0 * * ?"
},
"incremental": {
"enabled": false,
"interval": "0 30 0 * * ?"
}
}
}{
"scheduling": {
"full": {
"enabled": true,
"interval": "0 10 0 * * ?"
}
}
}{
"result": "updated"
}Pause a cross-cluster replication follower index. The follower index will not fetch any additional operations from the leader index. You can resume following with the resume follower API. You can pause and resume a follower index to change the configuration of the following task.
manage_ccrPOST /follower_index/_ccr/pause_follow
resp = client.ccr.pause_follow(
index="follower_index",
)const response = await client.ccr.pauseFollow({
index: "follower_index",
});response = client.ccr.pause_follow(
index: "follower_index"
)$resp = $client->ccr()->pauseFollow([
"index" => "follower_index",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/follower_index/_ccr/pause_follow"client.ccr().pauseFollow(p -> p
.index("follower_index")
);
{
"acknowledged" : true
}Get the data stream lifecycle configuration of one or more data streams.
Comma-separated list of data streams to limit the request.
Supports wildcards (*).
To target all data streams, omit this parameter or use * or _all.
Type of data stream that wildcard patterns can match.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, return all default settings in the response.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
GET /_data_stream/{name}/_lifecycle?human&pretty
resp = client.indices.get_data_lifecycle(
name="{name}",
human=True,
pretty=True,
)const response = await client.indices.getDataLifecycle({
name: "{name}",
human: "true",
pretty: "true",
});response = client.indices.get_data_lifecycle(
name: "{name}",
human: "true",
pretty: "true"
)$resp = $client->indices()->getDataLifecycle([
"name" => "{name}",
"human" => "true",
"pretty" => "true",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_data_stream/%7Bname%7D/_lifecycle?human&pretty"{
"data_streams": [
{
"name": "my-data-stream-1",
"lifecycle": {
"enabled": true,
"data_retention": "7d"
}
},
{
"name": "my-data-stream-2",
"lifecycle": {
"enabled": true,
"data_retention": "7d"
}
}
]
}Aggregate a time series (TSDS) index and store pre-computed statistical summaries (min, max, sum, value_count and avg) for each metric field grouped by a configured time interval.
For example, a TSDS index that contains metrics sampled every 10 seconds can be downsampled to an hourly index.
All documents within an hour interval are summarized and stored as a single document in the downsample index.
NOTE: Only indices in a time series data stream are supported.
Neither field nor document level security can be defined on the source index.
The source index must be read only (index.blocks.write: true).
POST /my-time-series-index/_downsample/my-downsampled-time-series-index
{
"fixed_interval": "1d"
}resp = client.indices.downsample(
index="my-time-series-index",
target_index="my-downsampled-time-series-index",
config={
"fixed_interval": "1d"
},
)const response = await client.indices.downsample({
index: "my-time-series-index",
target_index: "my-downsampled-time-series-index",
config: {
fixed_interval: "1d",
},
});response = client.indices.downsample(
index: "my-time-series-index",
target_index: "my-downsampled-time-series-index",
body: {
"fixed_interval": "1d"
}
)$resp = $client->indices()->downsample([
"index" => "my-time-series-index",
"target_index" => "my-downsampled-time-series-index",
"body" => [
"fixed_interval" => "1d",
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"fixed_interval":"1d"}' "$ELASTICSEARCH_URL/my-time-series-index/_downsample/my-downsampled-time-series-index"client.indices().downsample(d -> d
.index("my-time-series-index")
.targetIndex("my-downsampled-time-series-index")
.config(c -> c
.fixedInterval(f -> f
.time("1d")
)
)
);
{
"fixed_interval": "1d"
}Get information about an index or data stream's current data stream lifecycle status, such as time since index creation, time since rollover, the lifecycle configuration managing the index, or any errors encountered during lifecycle execution.
GET .ds-metrics-2023.03.22-000001/_lifecycle/explain
resp = client.indices.explain_data_lifecycle(
index=".ds-metrics-2023.03.22-000001",
)const response = await client.indices.explainDataLifecycle({
index: ".ds-metrics-2023.03.22-000001",
});response = client.indices.explain_data_lifecycle(
index: ".ds-metrics-2023.03.22-000001"
)$resp = $client->indices()->explainDataLifecycle([
"index" => ".ds-metrics-2023.03.22-000001",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/.ds-metrics-2023.03.22-000001/_lifecycle/explain"client.indices().explainDataLifecycle(e -> e
.index(".ds-metrics-2023.03.22-000001")
);
{
"indices": {
".ds-metrics-2023.03.22-000001": {
"index" : ".ds-metrics-2023.03.22-000001",
"managed_by_lifecycle" : true,
"index_creation_date_millis" : 1679475563571,
"time_since_index_creation" : "843ms",
"rollover_date_millis" : 1679475564293,
"time_since_rollover" : "121ms",
"lifecycle" : { },
"generation_time" : "121ms"
}
}{
"indices": {
".ds-metrics-2023.03.22-000001": {
"index" : ".ds-metrics-2023.03.22-000001",
"managed_by_lifecycle" : true,
"index_creation_date_millis" : 1679475563571,
"time_since_index_creation" : "843ms",
"lifecycle" : {
"enabled": true
},
"error": "{\"type\":\"validation_exception\",\"reason\":\"Validation Failed: 1: this action would add [2] shards, but this cluster
currently has [4]/[3] maximum normal shards open;\"}"
}
}Performs one or more data stream modification actions in a single atomic operation.
POST _data_stream/_modify
{
"actions": [
{
"remove_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001"
}
},
{
"add_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001-downsample"
}
}
]
}resp = client.indices.modify_data_stream(
actions=[
{
"remove_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001"
}
},
{
"add_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001-downsample"
}
}
],
)const response = await client.indices.modifyDataStream({
actions: [
{
remove_backing_index: {
data_stream: "my-data-stream",
index: ".ds-my-data-stream-2023.07.26-000001",
},
},
{
add_backing_index: {
data_stream: "my-data-stream",
index: ".ds-my-data-stream-2023.07.26-000001-downsample",
},
},
],
});response = client.indices.modify_data_stream(
body: {
"actions": [
{
"remove_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001"
}
},
{
"add_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001-downsample"
}
}
]
}
)$resp = $client->indices()->modifyDataStream([
"body" => [
"actions" => array(
[
"remove_backing_index" => [
"data_stream" => "my-data-stream",
"index" => ".ds-my-data-stream-2023.07.26-000001",
],
],
[
"add_backing_index" => [
"data_stream" => "my-data-stream",
"index" => ".ds-my-data-stream-2023.07.26-000001-downsample",
],
],
),
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"actions":[{"remove_backing_index":{"data_stream":"my-data-stream","index":".ds-my-data-stream-2023.07.26-000001"}},{"add_backing_index":{"data_stream":"my-data-stream","index":".ds-my-data-stream-2023.07.26-000001-downsample"}}]}' "$ELASTICSEARCH_URL/_data_stream/_modify"client.indices().modifyDataStream(m -> m
.actions(List.of(Action.of(a -> a
.removeBackingIndex(r -> r
.dataStream("my-data-stream")
.index(".ds-my-data-stream-2023.07.26-000001")
)),Action.of(ac -> ac
.addBackingIndex(ad -> ad
.dataStream("my-data-stream")
.index(".ds-my-data-stream-2023.07.26-000001-downsample")
))))
);
{
"actions": [
{
"remove_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001"
}
},
{
"add_backing_index": {
"data_stream": "my-data-stream",
"index": ".ds-my-data-stream-2023.07.26-000001-downsample"
}
}
]
}Verify that a document exists.
For example, check to see if a document with the _id 0 exists:
HEAD my-index-000001/_doc/0
If the document exists, the API returns a status code of 200 - OK.
If the document doesn’t exist, the API returns 404 - Not Found.
Versioning support
You can use the version parameter to check the document only if its current version is equal to the specified one.
Internally, Elasticsearch has marked the old document as deleted and added an entirely new document. The old version of the document doesn't disappear immediately, although you won't be able to access it. Elasticsearch cleans up deleted documents in the background as you continue to index more data.
A comma-separated list of data streams, indices, and aliases.
It supports wildcards (*).
A unique document identifier.
The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.
If it is set to _local, the operation will prefer to be run on a local allocated shard when possible.
If it is set to a custom value, the value is used to guarantee that the same shards will be used for the same custom value.
This can help with "jumping values" when hitting different shards in different refresh states.
A sample value can be something like the web session ID or the user name.
If true, the request is real-time as opposed to near-real-time.
If true, the request refreshes the relevant shards before retrieving the document.
Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
A custom value used to route operations to a specific shard.
Indicates whether to return the _source field (true or false) or lists the fields to return.
A comma-separated list of source fields to exclude from the response.
You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter.
If the _source parameter is false, this parameter is ignored.
A comma-separated list of source fields to include in the response.
If this parameter is specified, only these source fields are returned.
You can exclude fields from this subset using the _source_excludes query parameter.
If the _source parameter is false, this parameter is ignored.
A comma-separated list of stored fields to return as part of a hit.
If no fields are specified, no stored fields are included in the response.
If this field is specified, the _source parameter defaults to false.
Explicit version number for concurrency control. The specified version must match the current version of the document for the request to succeed.
The version type.
Supported values include:
internal: Use internal versioning that starts at 1 and increments with each update or delete.external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document.
NOTE: The external_gte version type is meant for special use cases and should be used with care.
If used incorrectly, it can result in loss of data.force: This option is deprecated because it can cause primary and replica shards to diverge.Values are internal, external, external_gte, or force.
HEAD my-index-000001/_doc/0
resp = client.exists(
index="my-index-000001",
id="0",
)const response = await client.exists({
index: "my-index-000001",
id: 0,
});response = client.exists(
index: "my-index-000001",
id: "0"
)$resp = $client->exists([
"index" => "my-index-000001",
"id" => "0",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001/_doc/0"client.exists(e -> e
.id("0")
.index("my-index-000001")
);
Get the source of a document. For example:
GET my-index-000001/_source/1
You can use the source filtering parameters to control which parts of the _source are returned:
GET my-index-000001/_source/1/?_source_includes=*.id&_source_excludes=entities
readThe node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.
If true, the request is real-time as opposed to near-real-time.
If true, the request refreshes the relevant shards before retrieving the document.
Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
A custom value used to route operations to a specific shard.
Indicates whether to return the _source field (true or false) or lists the fields to return.
A comma-separated list of source fields to exclude in the response.
A comma-separated list of source fields to include in the response.
The version number for concurrency control. It must match the current version of the document for the request to succeed.
The version type.
Supported values include:
internal: Use internal versioning that starts at 1 and increments with each update or delete.external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document.
NOTE: The external_gte version type is meant for special use cases and should be used with care.
If used incorrectly, it can result in loss of data.force: This option is deprecated because it can cause primary and replica shards to diverge.Values are internal, external, external_gte, or force.
GET my-index-000001/_source/1
resp = client.get_source(
index="my-index-000001",
id="1",
)const response = await client.getSource({
index: "my-index-000001",
id: 1,
});response = client.get_source(
index: "my-index-000001",
id: "1"
)$resp = $client->getSource([
"index" => "my-index-000001",
"id" => "1",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001/_source/1"client.getSource(g -> g
.id("1")
.index("my-index-000001")
);
All methods and paths for this operation:
Get multiple JSON documents by ID from one or more indices. If you specify an index in the request URI, you only need to specify the document IDs in the request body. To ensure fast responses, this multi get (mget) API responds with partial results if one or more shards fail.
Filter source fields
By default, the _source field is returned for every document (if stored).
Use the _source and _source_include or source_exclude attributes to filter what fields are returned for a particular document.
You can include the _source, _source_includes, and _source_excludes query parameters in the request URI to specify the defaults to use when there are no per-document instructions.
Get stored fields
Use the stored_fields attribute to specify the set of stored fields you want to retrieve.
Any requested fields that are not stored are ignored.
You can include the stored_fields query parameter in the request URI to specify the defaults to use when there are no per-document instructions.
readName of the index to retrieve documents from when ids are specified, or when a document in the docs array does not specify an index.
Specifies the node or shard the operation should be performed on. Random by default.
If true, the request is real-time as opposed to near-real-time.
If true, the request refreshes relevant shards before retrieving documents.
Custom value used to route operations to a specific shard.
True or false to return the _source field or not, or a list of fields to return.
A comma-separated list of source fields to exclude from the response.
You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter.
A comma-separated list of source fields to include in the response.
If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter.
If the _source parameter is false, this parameter is ignored.
If true, retrieves the document fields stored in the index rather than the document _source.
The documents you want to retrieve. Required if no index is specified in the request URI.
GET /my-index-000001/_mget
{
"docs": [
{
"_id": "1"
},
{
"_id": "2"
}
]
}resp = client.mget(
index="my-index-000001",
docs=[
{
"_id": "1"
},
{
"_id": "2"
}
],
)const response = await client.mget({
index: "my-index-000001",
docs: [
{
_id: "1",
},
{
_id: "2",
},
],
});response = client.mget(
index: "my-index-000001",
body: {
"docs": [
{
"_id": "1"
},
{
"_id": "2"
}
]
}
)$resp = $client->mget([
"index" => "my-index-000001",
"body" => [
"docs" => array(
[
"_id" => "1",
],
[
"_id" => "2",
],
),
],
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"docs":[{"_id":"1"},{"_id":"2"}]}' "$ELASTICSEARCH_URL/my-index-000001/_mget"client.mget(m -> m
.docs(List.of(MultiGetOperation.of(mu -> mu
.id("1")),MultiGetOperation.of(mu -> mu
.id("2"))))
.index("my-index-000001")
);
{
"docs": [
{
"_id": "1"
},
{
"_id": "2"
}
]
}{
"docs": [
{
"_index": "test",
"_id": "1",
"_source": false
},
{
"_index": "test",
"_id": "2",
"_source": [ "field3", "field4" ]
},
{
"_index": "test",
"_id": "3",
"_source": {
"include": [ "user" ],
"exclude": [ "user.location" ]
}
}
]
}{
"docs": [
{
"_index": "test",
"_id": "1",
"stored_fields": [ "field1", "field2" ]
},
{
"_index": "test",
"_id": "2",
"stored_fields": [ "field3", "field4" ]
}
]
}{
"docs": [
{
"_index": "test",
"_id": "1",
"routing": "key2"
},
{
"_index": "test",
"_id": "2"
}
]
}GET /_eql/search/status/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=
resp = client.eql.get_status(
id="FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
)const response = await client.eql.getStatus({
id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
});response = client.eql.get_status(
id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="
)$resp = $client->eql()->getStatus([
"id" => "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_eql/search/status/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="client.eql().getStatus(g -> g
.id("FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=")
);
{
"id": "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
"is_running" : true,
"is_partial" : true,
"start_time_in_millis" : 1611690235000,
"expiration_time_in_millis" : 1611690295000
}All methods and paths for this operation:
Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.
Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
If true, returns partial results if there are shard failures. If false, returns an error with no partial results.
If true, sequence queries will return partial results in case of shard failures. If false, they will return no results at all. This flag has effect only if allow_partial_search_results is true.
Whether to expand wildcard expression to concrete indices that are open, closed or both.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Indicates whether network round-trips should be minimized as part of cross-cluster search requests execution
Period for which the search and its results are stored on the cluster.
Values are -1 or 0.
If true, the search and its results are stored on the cluster.
Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.
Values are -1 or 0.
EQL query you wish to run.
Field containing the event classification, such as process, file, or network.
Field used to sort hits with the same timestamp in ascending order
Field containing event timestamp. Default "@timestamp"
Maximum number of events to search at a time for sequence queries.
Query, written in Query DSL, used to filter the events on which the EQL query runs.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Allow query execution also in case of shard failures. If true, the query will keep running and will return results based on the available shards. For sequences, the behavior can be further refined using allow_partial_sequence_results
Default value is true.
This flag applies only to sequences and has effect only if allow_partial_search_results=true. If true, the sequence query will return results based on the available shards, ignoring the others. If false, the sequence query will return successfully, but will always have empty results.
Default value is false.
For basic queries, the maximum number of matching events to return. Defaults to 10
Supported values include:
tail: Return the most recent matches, similar to the Unix tail command.head: Return the earliest matches, similar to the Unix head command.Values are tail or head.
By default, the response of a sample query contains up to 10 samples, with one sample per unique set of join keys. Use the size
parameter to get a smaller or larger set of samples. To retrieve more than one sample per set of join keys, use the
max_samples_per_key parameter. Pipes are not supported for sample queries.
Default value is 1.
GET /my-data-stream/_eql/search
{
"query": """
process where (process.name == "cmd.exe" and process.pid != 2013)
"""
}resp = client.eql.search(
index="my-data-stream",
query="\n process where (process.name == \"cmd.exe\" and process.pid != 2013)\n ",
)const response = await client.eql.search({
index: "my-data-stream",
query:
'\n process where (process.name == "cmd.exe" and process.pid != 2013)\n ',
});response = client.eql.search(
index: "my-data-stream",
body: {
"query": "\n process where (process.name == \"cmd.exe\" and process.pid != 2013)\n "
}
)$resp = $client->eql()->search([
"index" => "my-data-stream",
"body" => [
"query" => "\n process where (process.name == \"cmd.exe\" and process.pid != 2013)\n ",
],
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":"\n process where (process.name == \"cmd.exe\" and process.pid != 2013)\n "}' "$ELASTICSEARCH_URL/my-data-stream/_eql/search"client.eql().search(s -> s
.index("my-data-stream")
.query(" process where (process.name == \"cmd.exe\" and process.pid != 2013) ")
);
{
"query": """
process where (process.name == "cmd.exe" and process.pid != 2013)
"""
}{
"query": """
sequence by process.pid
[ file where file.name == "cmd.exe" and process.pid != 2013 ]
[ process where stringContains(process.executable, "regsvr32") ]
"""
}{
"is_partial": false,
"is_running": false,
"took": 6,
"timed_out": false,
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"sequences": [
{
"join_keys": [
2012
],
"events": [
{
"_index": ".ds-my-data-stream-2099.12.07-000001",
"_id": "AtOJ4UjUBAAx3XR5kcCM",
"_source": {
"@timestamp": "2099-12-06T11:04:07.000Z",
"event": {
"category": "file",
"id": "dGCHwoeS",
"sequence": 2
},
"file": {
"accessed": "2099-12-07T11:07:08.000Z",
"name": "cmd.exe",
"path": "C:\\Windows\\System32\\cmd.exe",
"type": "file",
"size": 16384
},
"process": {
"pid": 2012,
"name": "cmd.exe",
"executable": "C:\\Windows\\System32\\cmd.exe"
}
}
},
{
"_index": ".ds-my-data-stream-2099.12.07-000001",
"_id": "OQmfCaduce8zoHT93o4H",
"_source": {
"@timestamp": "2099-12-07T11:07:09.000Z",
"event": {
"category": "process",
"id": "aR3NWVOs",
"sequence": 4
},
"process": {
"pid": 2012,
"name": "regsvr32.exe",
"command_line": "regsvr32.exe /s /u /i:https://...RegSvr32.sct scrobj.dll",
"executable": "C:\\Windows\\System32\\regsvr32.exe"
}
}
}
]
}
]
}
}The graph explore API enables you to extract and summarize information about the documents and terms in an Elasticsearch data stream or index.
Comma-separated list of component template names used to limit the request.
Wildcard (*) expressions are supported.
If true, returns settings in flat format.
Filter out results, for example to filter out sensitive information. Supports wildcards or full settings keys
Return all default configurations for the component template (default: false)
If true, the request retrieves information from the local node only.
If false, information is retrieved from the master node.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
GET /_component_template/template_1
resp = client.cluster.get_component_template(
name="template_1",
)const response = await client.cluster.getComponentTemplate({
name: "template_1",
});response = client.cluster.get_component_template(
name: "template_1"
)$resp = $client->cluster()->getComponentTemplate([
"name" => "template_1",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_component_template/template_1"client.cluster().getComponentTemplate(g -> g
.name("template_1")
);
Returns information about whether a particular component template exists.
Comma-separated list of component template names used to limit the request. Wildcard (*) expressions are supported.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
curl \
--request HEAD 'http://api.example.com/_component_template/{name}' \
--header "Authorization: $API_KEY"If Elasticsearch encounters index data that is absent from the current cluster state, those indices are considered to be dangling.
For example, this can happen if you delete more than cluster.indices.tombstones.size indices while an Elasticsearch node is offline.
Use this API to list dangling indices, which you can then import or delete.
manageGET /_dangling
resp = client.dangling_indices.list_dangling_indices()const response = await client.danglingIndices.listDanglingIndices();response = client.dangling_indices.list_dangling_indices$resp = $client->danglingIndices()->listDanglingIndices();curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_dangling"client.danglingIndices().listDanglingIndices();
{
"dangling_indices": [
{
"index_name": "my-index-000001",
"index_uuid": "zmM4e0JtBkeUjiHD-MihPQ",
"creation_date_millis": 1589414451372,
"node_ids": [
"pL47UN3dAb2d5RCWP6lQ3e"
]
}
]
}Check if one or more indices, index aliases, or data streams exist.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, returns settings in flat format.
If true, return all default settings in the response.
If true, the request retrieves information from the local node only.
HEAD my-data-stream
resp = client.indices.exists(
index="my-data-stream",
)const response = await client.indices.exists({
index: "my-data-stream",
});response = client.indices.exists(
index: "my-data-stream"
)$resp = $client->indices()->exists([
"index" => "my-data-stream",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-data-stream"client.indices().exists(e -> e
.index("my-data-stream")
);
All methods and paths for this operation:
Adds a data stream or index to an alias.
Comma-separated list of data streams or indices to add.
Supports wildcards (*).
Wildcard patterns that match both data streams and indices return an error.
Alias to update. If the alias doesn’t exist, the request creates it. Index alias names support date math.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Query used to limit documents the alias can access.
Value used to route indexing operations to a specific shard.
If specified, this overwrites the routing value for indexing operations.
Data stream aliases don’t support this parameter.
If true, sets the write index or data stream for the alias.
If an alias points to multiple indices or data streams and is_write_index isn’t set, the alias rejects write requests.
If an index alias points to one index and is_write_index isn’t set, the index automatically acts as the write index.
Data stream aliases don’t automatically set a write data stream, even if the alias points to one data stream.
Value used to route indexing and search operations to a specific shard. Data stream aliases don’t support this parameter.
Value used to route search operations to a specific shard.
If specified, this overwrites the routing value for search operations.
Data stream aliases don’t support this parameter.
POST _aliases
{
"actions": [
{
"add": {
"index": "my-data-stream",
"alias": "my-alias"
}
}
]
}resp = client.indices.update_aliases(
actions=[
{
"add": {
"index": "my-data-stream",
"alias": "my-alias"
}
}
],
)const response = await client.indices.updateAliases({
actions: [
{
add: {
index: "my-data-stream",
alias: "my-alias",
},
},
],
});response = client.indices.update_aliases(
body: {
"actions": [
{
"add": {
"index": "my-data-stream",
"alias": "my-alias"
}
}
]
}
)$resp = $client->indices()->updateAliases([
"body" => [
"actions" => array(
[
"add" => [
"index" => "my-data-stream",
"alias" => "my-alias",
],
],
),
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"actions":[{"add":{"index":"my-data-stream","alias":"my-alias"}}]}' "$ELASTICSEARCH_URL/_aliases"client.indices().updateAliases(u -> u
.actions(a -> a
.add(ad -> ad
.alias("my-alias")
.index("my-data-stream")
)
)
);
{
"actions": [
{
"add": {
"index": "my-data-stream",
"alias": "my-alias"
}
}
]
}All methods and paths for this operation:
Check if one or more data stream or index aliases exist.
Comma-separated list of data streams or indices used to limit the request. Supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
Comma-separated list of aliases to check. Supports wildcards (*).
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, the request retrieves information from the local node only.
HEAD _alias/my-alias
resp = client.indices.exists_alias(
name="my-alias",
)const response = await client.indices.existsAlias({
name: "my-alias",
});response = client.indices.exists_alias(
name: "my-alias"
)$resp = $client->indices()->existsAlias([
"name" => "my-alias",
]);curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_alias/my-alias"client.indices().existsAlias(e -> e
.name("my-alias")
);
All methods and paths for this operation:
Get setting information for one or more indices. For data streams, it returns setting information for the stream's backing indices.
view_index_metadataComma-separated list of data streams, indices, and aliases used to limit
the request. Supports wildcards (*). To target all data streams and
indices, omit this parameter or use * or _all.
Comma-separated list or wildcard expression of settings to retrieve.
If false, the request returns an error if any wildcard expression, index
alias, or _all value targets only missing or closed indices. This
behavior applies even if the request targets other open indices. For
example, a request targeting foo*,bar* returns an error if an index
starts with foo but no index starts with bar.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, returns settings in flat format.
If true, return all default settings in the response.
If true, the request retrieves information from the local node only. If
false, information is retrieved from the master node.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
GET _all/_settings?expand_wildcards=all&filter_path=*.settings.index.*.slowlog
resp = client.indices.get_settings(
index="_all",
expand_wildcards="all",
filter_path="*.settings.index.*.slowlog",
)const response = await client.indices.getSettings({
index: "_all",
expand_wildcards: "all",
filter_path: "*.settings.index.*.slowlog",
});response = client.indices.get_settings(
index: "_all",
expand_wildcards: "all",
filter_path: "*.settings.index.*.slowlog"
)$resp = $client->indices()->getSettings([
"index" => "_all",
"expand_wildcards" => "all",
"filter_path" => "*.settings.index.*.slowlog",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_all/_settings?expand_wildcards=all&filter_path=*.settings.index.*.slowlog"For data streams, the API opens any closed backing indices.
A closed index is blocked for read/write operations and does not allow all operations that opened indices allow. It is not possible to index documents or to search for documents in a closed index. This allows closed indices to not have to maintain internal data structures for indexing or searching documents, resulting in a smaller overhead on the cluster.
When opening or closing an index, the master is responsible for restarting the index shards to reflect the new state of the index. The shards will then go through the normal recovery process. The data of opened or closed indices is automatically replicated by the cluster to ensure that enough shard copies are safely kept around at all times.
You can open and close multiple indices.
An error is thrown if the request explicitly refers to a missing index.
This behavior can be turned off by using the ignore_unavailable=true parameter.
By default, you must explicitly name the indices you are opening or closing.
To open or close indices with _all, *, or other wildcard expressions, change the action.destructive_requires_name setting to false.
This setting can also be changed with the cluster update settings API.
Closed indices consume a significant amount of disk-space which can cause problems in managed environments.
Closing indices can be turned off with the cluster settings API by setting cluster.indices.close.enable to false.
Because opening or closing an index allocates its shards, the wait_for_active_shards setting on index creation applies to the _open and _close index actions as well.
manageComma-separated list of data streams, indices, and aliases used to limit the request.
Supports wildcards (*).
By default, you must explicitly name the indices you using to limit the request.
To limit a request using _all, *, or other wildcard expressions, change the action.destructive_requires_name setting to false.
You can update this setting in the elasticsearch.yml file or using the cluster update settings API.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
The number of shard copies that must be active before proceeding with the operation.
Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1).
Values are all or index-setting.
POST /.ds-my-data-stream-2099.03.07-000001/_open/
resp = client.indices.open(
index=".ds-my-data-stream-2099.03.07-000001",
)const response = await client.indices.open({
index: ".ds-my-data-stream-2099.03.07-000001",
});response = client.indices.open(
index: ".ds-my-data-stream-2099.03.07-000001"
)$resp = $client->indices()->open([
"index" => ".ds-my-data-stream-2099.03.07-000001",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/.ds-my-data-stream-2099.03.07-000001/_open/"client.indices().open(o -> o
.index(".ds-my-data-stream-2099.03.07-000001")
);
{
"acknowledged" : true,
"shards_acknowledged" : true
}All methods and paths for this operation:
Changes dynamic index settings in real time. For data streams, index setting changes are applied to all backing indices by default.
To revert a setting to the default value, use a null value.
The list of per-index settings that can be updated dynamically on live indices can be found in index settings documentation.
To preserve existing settings from being updated, set the preserve_existing parameter to true.
There are multiple valid ways to represent index settings in the request body. You can specify only the setting, for example:
{
"number_of_replicas": 1
}
Or you can use an index setting object:
{
"index": {
"number_of_replicas": 1
}
}
Or you can use dot annotation:
{
"index.number_of_replicas": 1
}
Or you can embed any of the aforementioned options in a settings object. For example:
{
"settings": {
"index": {
"number_of_replicas": 1
}
}
}
NOTE: You can only define new analyzers on closed indices. To add an analyzer, you must close the index, define the analyzer, and reopen the index. You cannot close the write index of a data stream. To update the analyzer for a data stream's write index and future backing indices, update the analyzer in the index template used by the stream. Then roll over the data stream to apply the new analyzer to the stream's write index and future backing indices. This affects searches and any new data added to the stream after the rollover. However, it does not affect the data stream's backing indices or their existing data. To change the analyzer for existing backing indices, you must create a new data stream and reindex your data into it.
manageComma-separated list of data streams, indices, and aliases used to limit
the request. Supports wildcards (*). To target all data streams and
indices, omit this parameter or use * or _all.
If false, the request returns an error if any wildcard expression, index
alias, or _all value targets only missing or closed indices. This
behavior applies even if the request targets other open indices. For
example, a request targeting foo*,bar* returns an error if an index
starts with foo but no index starts with bar.
Type of index that wildcard patterns can match. If the request can target
data streams, this argument determines whether wildcard expressions match
hidden data streams. Supports comma-separated values, such as
open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, returns settings in flat format.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
If true, existing index settings remain unchanged.
Whether to close and reopen the index to apply non-dynamic settings.
If set to true the indices to which the settings are being applied
will be closed temporarily and then reopened in order to apply the changes.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
PUT /my-index-000001/_settings
{
"index" : {
"number_of_replicas" : 2
}
}resp = client.indices.put_settings(
index="my-index-000001",
settings={
"index": {
"number_of_replicas": 2
}
},
)const response = await client.indices.putSettings({
index: "my-index-000001",
settings: {
index: {
number_of_replicas: 2,
},
},
});response = client.indices.put_settings(
index: "my-index-000001",
body: {
"index": {
"number_of_replicas": 2
}
}
)$resp = $client->indices()->putSettings([
"index" => "my-index-000001",
"body" => [
"index" => [
"number_of_replicas" => 2,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index":{"number_of_replicas":2}}' "$ELASTICSEARCH_URL/my-index-000001/_settings"client.indices().putSettings(p -> p
.index("my-index-000001")
.settings(s -> s
.index(i -> i
.numberOfReplicas("2")
)
)
);
{
"index" : {
"number_of_replicas" : 2
}
}{
"index" : {
"refresh_interval" : null
}
}{
"analysis": {
"analyzer": {
"content": {
"type": "custom",
"tokenizer": "whitespace"
}
}
}
}All methods and paths for this operation:
A refresh makes recent operations performed on one or more indices available for search. For data streams, the API runs the refresh operation on the stream’s backing indices.
By default, Elasticsearch periodically refreshes indices every second, but only on indices that have received one search request or more in the last 30 seconds.
You can change this default interval with the index.refresh_interval setting.
Refresh requests are synchronous and do not return a response until the refresh operation completes.
Refreshes are resource-intensive. To ensure good cluster performance, it's recommended to wait for Elasticsearch's periodic refresh rather than performing an explicit refresh when possible.
If your application workflow indexes documents and then runs a search to retrieve the indexed document, it's recommended to use the index API's refresh=wait_for query parameter option.
This option ensures the indexing operation waits for a periodic refresh before running the search.
maintenanceComma-separated list of data streams, indices, and aliases used to limit the request.
Supports wildcards (*).
To target all data streams and indices, omit this parameter or use * or _all.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices.
This behavior applies even if the request targets other open indices.
Type of index that wildcard patterns can match.
If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.
Supports comma-separated values, such as open,hidden.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
GET _refresh
resp = client.indices.refresh()const response = await client.indices.refresh();response = client.indices.refresh$resp = $client->indices()->refresh();curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_refresh"client.indices().refresh(r -> r);
Adds a data stream or index to an alias.
Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
POST _aliases
{
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}resp = client.indices.update_aliases(
actions=[
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
],
)const response = await client.indices.updateAliases({
actions: [
{
add: {
index: "logs-nginx.access-prod",
alias: "logs",
},
},
],
});response = client.indices.update_aliases(
body: {
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}
)$resp = $client->indices()->updateAliases([
"body" => [
"actions" => array(
[
"add" => [
"index" => "logs-nginx.access-prod",
"alias" => "logs",
],
],
),
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"actions":[{"add":{"index":"logs-nginx.access-prod","alias":"logs"}}]}' "$ELASTICSEARCH_URL/_aliases"client.indices().updateAliases(u -> u
.actions(a -> a
.add(ad -> ad
.alias("logs")
.index("logs-nginx.access-prod")
)
)
);
{
"actions": [
{
"add": {
"index": "logs-nginx.access-prod",
"alias": "logs"
}
}
]
}Switch the indices, ILM policies, and legacy, composable, and component templates from using custom node attributes and attribute-based allocation filters to using data tiers. Optionally, delete one legacy index template. Using node roles enables ILM to automatically move the indices between data tiers.
Migrating away from custom node attributes routing can be manually performed. This API provides an automated way of performing three out of the four manual steps listed in the migration guide:
ILM must be stopped before performing the migration.
Use the stop ILM and get ILM status APIs to wait until the reported operation mode is STOPPED.
If true, simulates the migration from node attributes based allocation filters to data tiers, but does not perform the migration. This provides a way to retrieve the indices and ILM policies that need to be migrated.
POST /_ilm/migrate_to_data_tiers
{
"legacy_template_to_delete": "global-template",
"node_attribute": "custom_attribute_name"
}resp = client.ilm.migrate_to_data_tiers(
legacy_template_to_delete="global-template",
node_attribute="custom_attribute_name",
)const response = await client.ilm.migrateToDataTiers({
legacy_template_to_delete: "global-template",
node_attribute: "custom_attribute_name",
});response = client.ilm.migrate_to_data_tiers(
body: {
"legacy_template_to_delete": "global-template",
"node_attribute": "custom_attribute_name"
}
)$resp = $client->ilm()->migrateToDataTiers([
"body" => [
"legacy_template_to_delete" => "global-template",
"node_attribute" => "custom_attribute_name",
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"legacy_template_to_delete":"global-template","node_attribute":"custom_attribute_name"}' "$ELASTICSEARCH_URL/_ilm/migrate_to_data_tiers"client.ilm().migrateToDataTiers(m -> m
.legacyTemplateToDelete("global-template")
.nodeAttribute("custom_attribute_name")
);
{
"legacy_template_to_delete": "global-template",
"node_attribute": "custom_attribute_name"
}{
"dry_run": false,
"removed_legacy_template":"global-template",
"migrated_ilm_policies":["policy_with_allocate_action"],
"migrated_indices":["warm-index-to-migrate-000001"],
"migrated_legacy_templates":["a-legacy-template"],
"migrated_composable_templates":["a-composable-template"],
"migrated_component_templates":["a-component-template"]
}Create an inference endpoint to perform an inference task with the jinaai service.
To review the available rerank models, refer to https://jina.ai/reranker.
To review the available text_embedding models, refer to the https://jina.ai/embeddings/.
manage_inferenceThe type of the inference task that the model will perform.
Values are rerank or text_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
The chunking configuration object.
The type of service supported for the specified task type. In this case, jinaai.
Value is jinaai.
Settings used to install the inference model. These settings are specific to the jinaai service.
Settings to configure the inference task. These settings are specific to the task type you specified.
PUT _inference/text_embedding/jinaai-embeddings
{
"service": "jinaai",
"service_settings": {
"model_id": "jina-embeddings-v3",
"api_key": "JinaAi-Api-key"
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="jinaai-embeddings",
inference_config={
"service": "jinaai",
"service_settings": {
"model_id": "jina-embeddings-v3",
"api_key": "JinaAi-Api-key"
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "jinaai-embeddings",
inference_config: {
service: "jinaai",
service_settings: {
model_id: "jina-embeddings-v3",
api_key: "JinaAi-Api-key",
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "jinaai-embeddings",
body: {
"service": "jinaai",
"service_settings": {
"model_id": "jina-embeddings-v3",
"api_key": "JinaAi-Api-key"
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "jinaai-embeddings",
"body" => [
"service" => "jinaai",
"service_settings" => [
"model_id" => "jina-embeddings-v3",
"api_key" => "JinaAi-Api-key",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"jinaai","service_settings":{"model_id":"jina-embeddings-v3","api_key":"JinaAi-Api-key"}}' "$ELASTICSEARCH_URL/_inference/text_embedding/jinaai-embeddings"client.inference().put(p -> p
.inferenceId("jinaai-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("jinaai")
.serviceSettings(JsonData.fromJson("{\"model_id\":\"jina-embeddings-v3\",\"api_key\":\"JinaAi-Api-key\"}"))
)
);
{
"service": "jinaai",
"service_settings": {
"model_id": "jina-embeddings-v3",
"api_key": "JinaAi-Api-key"
}
}{
"service": "jinaai",
"service_settings": {
"api_key": "JinaAI-Api-key",
"model_id": "jina-reranker-v2-base-multilingual"
},
"task_settings": {
"top_n": 10,
"return_documents": true
}
}The type of the inference task that the model will perform.
NOTE: The chat_completion task type only supports streaming and only through the _stream API.
Values are chat_completion, completion, or text_embedding.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
The chunking configuration object.
The type of service supported for the specified task type. In this case, openai.
Value is openai.
Settings used to install the inference model. These settings are specific to the openai service.
Settings to configure the inference task. These settings are specific to the task type you specified.
PUT _inference/text_embedding/openai-embeddings
{
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="openai-embeddings",
inference_config={
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "openai-embeddings",
inference_config: {
service: "openai",
service_settings: {
api_key: "OpenAI-API-Key",
model_id: "text-embedding-3-small",
dimensions: 128,
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "openai-embeddings",
body: {
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "openai-embeddings",
"body" => [
"service" => "openai",
"service_settings" => [
"api_key" => "OpenAI-API-Key",
"model_id" => "text-embedding-3-small",
"dimensions" => 128,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"openai","service_settings":{"api_key":"OpenAI-API-Key","model_id":"text-embedding-3-small","dimensions":128}}' "$ELASTICSEARCH_URL/_inference/text_embedding/openai-embeddings"client.inference().put(p -> p
.inferenceId("openai-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("openai")
.serviceSettings(JsonData.fromJson("{\"api_key\":\"OpenAI-API-Key\",\"model_id\":\"text-embedding-3-small\",\"dimensions\":128}"))
)
);
{
"service": "openai",
"service_settings": {
"api_key": "OpenAI-API-Key",
"model_id": "text-embedding-3-small",
"dimensions": 128
}
}{
"service": "amazonbedrock",
"service_settings": {
"access_key": "AWS-access-key",
"secret_key": "AWS-secret-key",
"region": "us-east-1",
"provider": "amazontitan",
"model": "amazon.titan-text-premier-v1:0"
}
}The type of the inference task that the model will perform.
Values are text_embedding or rerank.
The unique identifier of the inference endpoint.
Specifies the amount of time to wait for the inference endpoint to be created.
Values are -1 or 0.
The chunking configuration object.
The type of service supported for the specified task type. In this case, voyageai.
Value is voyageai.
Settings used to install the inference model. These settings are specific to the voyageai service.
Settings to configure the inference task. These settings are specific to the task type you specified.
PUT _inference/text_embedding/openai-embeddings
{
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}resp = client.inference.put(
task_type="text_embedding",
inference_id="openai-embeddings",
inference_config={
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
},
)const response = await client.inference.put({
task_type: "text_embedding",
inference_id: "openai-embeddings",
inference_config: {
service: "voyageai",
service_settings: {
model_id: "voyage-3-large",
dimensions: 512,
},
},
});response = client.inference.put(
task_type: "text_embedding",
inference_id: "openai-embeddings",
body: {
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}
)$resp = $client->inference()->put([
"task_type" => "text_embedding",
"inference_id" => "openai-embeddings",
"body" => [
"service" => "voyageai",
"service_settings" => [
"model_id" => "voyage-3-large",
"dimensions" => 512,
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"service":"voyageai","service_settings":{"model_id":"voyage-3-large","dimensions":512}}' "$ELASTICSEARCH_URL/_inference/text_embedding/openai-embeddings"client.inference().put(p -> p
.inferenceId("openai-embeddings")
.taskType(TaskType.TextEmbedding)
.inferenceConfig(i -> i
.service("voyageai")
.serviceSettings(JsonData.fromJson("{\"model_id\":\"voyage-3-large\",\"dimensions\":512}"))
)
);
{
"service": "voyageai",
"service_settings": {
"model_id": "voyage-3-large",
"dimensions": 512
}
}{
"service": "voyageai",
"service_settings": {
"model_id": "rerank-2"
}
}All methods and paths for this operation:
Get information about one or more ingest pipelines. This API returns a local reference of the pipeline.
Comma-separated list of pipeline IDs to retrieve.
Wildcard (*) expressions are supported.
To get all ingest pipelines, omit this parameter or use *.
GET /_ingest/pipeline/my-pipeline-id
resp = client.ingest.get_pipeline(
id="my-pipeline-id",
)const response = await client.ingest.getPipeline({
id: "my-pipeline-id",
});response = client.ingest.get_pipeline(
id: "my-pipeline-id"
)$resp = $client->ingest()->getPipeline([
"id" => "my-pipeline-id",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ingest/pipeline/my-pipeline-id"client.ingest().getPipeline(g -> g
.id("my-pipeline-id")
);
{
"my-pipeline-id" : {
"description" : "describe pipeline",
"version" : 123,
"processors" : [
{
"set" : {
"field" : "foo",
"value" : "bar"
}
}
]
}
}Start an indefinite basic license, which gives access to all the basic features.
NOTE: In order to start a basic license, you must not currently have a basic license.
If the basic license does not support all of the features that are available with your current license, however, you are notified in the response.
You must then re-submit the API request with the acknowledge parameter set to true.
To check the status of your basic license, use the get basic license API.
managewhether the user has acknowledged acknowledge messages (default: false)
Period to wait for a connection to the master node.
Values are -1 or 0.
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
POST /_license/start_basic?acknowledge=true
resp = client.license.post_start_basic(
acknowledge=True,
)const response = await client.license.postStartBasic({
acknowledge: "true",
});response = client.license.post_start_basic(
acknowledge: "true"
)$resp = $client->license()->postStartBasic([
"acknowledge" => "true",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_license/start_basic?acknowledge=true"client.license().postStartBasic(p -> p
.acknowledge(true)
);
{
"basic_was_started": true,
"acknowledged": true
}Start a 30-day trial, which gives access to all subscription features.
NOTE: You are allowed to start a trial only if your cluster has not already activated a trial for the current major product version. For example, if you have already activated a trial for v8.0, you cannot start a new trial until v9.0. You can, however, request an extended trial at https://www.elastic.co/trialextension.
To check the status of your trial, use the get trial status API.
managePOST /_license/start_trial?acknowledge=true
resp = client.license.post_start_trial(
acknowledge=True,
)const response = await client.license.postStartTrial({
acknowledge: "true",
});response = client.license.post_start_trial(
acknowledge: "true"
)$resp = $client->license()->postStartTrial([
"acknowledge" => "true",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_license/start_trial?acknowledge=true"client.license().postStartTrial(p -> p
.acknowledge(true)
);
{
"trial_was_started": true,
"acknowledged": true
}Logstash APIs enable you to manage pipelines that are used by Logstash Central Management.
PUT _ml/calendars/planned-outages/jobs/total-requests
resp = client.ml.put_calendar_job(
calendar_id="planned-outages",
job_id="total-requests",
)const response = await client.ml.putCalendarJob({
calendar_id: "planned-outages",
job_id: "total-requests",
});response = client.ml.put_calendar_job(
calendar_id: "planned-outages",
job_id: "total-requests"
)$resp = $client->ml()->putCalendarJob([
"calendar_id" => "planned-outages",
"job_id" => "total-requests",
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/calendars/planned-outages/jobs/total-requests"client.ml().putCalendarJob(p -> p
.calendarId("planned-outages")
.jobId("total-requests")
);
GET _ml/filters/safe_domains
resp = client.ml.get_filters(
filter_id="safe_domains",
)const response = await client.ml.getFilters({
filter_id: "safe_domains",
});response = client.ml.get_filters(
filter_id: "safe_domains"
)$resp = $client->ml()->getFilters([
"filter_id" => "safe_domains",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/filters/safe_domains"client.ml().getFilters(g -> g
.filterId("safe_domains")
);
All methods and paths for this operation:
You can get information for multiple anomaly detection jobs in a single API
request by using a group name, a comma-separated list of jobs, or a wildcard
expression. You can get information for all anomaly detection jobs by using
_all, by specifying * as the <job_id>, or by omitting the <job_id>.
monitor_mlIdentifier for the anomaly detection job. It can be a job identifier, a group name, or a wildcard expression. If you do not specify one of these options, the API returns information for all anomaly detection jobs.
Specifies what to do when the request:
The default value is true, which returns an empty jobs array when
there are no matches and the subset of results when there are partial
matches. If this parameter is false, the request returns a 404 status
code when there are no matches or only partial matches.
Indicates if certain fields should be removed from the configuration on retrieval. This allows the configuration to be in an acceptable format to be retrieved and then added to another cluster.
GET _ml/anomaly_detectors/high_sum_total_sales
resp = client.ml.get_jobs(
job_id="high_sum_total_sales",
)const response = await client.ml.getJobs({
job_id: "high_sum_total_sales",
});response = client.ml.get_jobs(
job_id: "high_sum_total_sales"
)$resp = $client->ml()->getJobs([
"job_id" => "high_sum_total_sales",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/anomaly_detectors/high_sum_total_sales"client.ml().getJobs(g -> g
.jobId("high_sum_total_sales")
);
The identifier for the anomaly detection job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
If true, wildcard indices expressions that resolve into no concrete indices are ignored. This includes the
_all string or when no indices are specified.
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values.
Supported values include:
all: Match any data stream or index, including hidden ones.open: Match open, non-hidden indices. Also matches any non-hidden data stream.closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.none: Wildcard expressions are not accepted.Values are all, open, closed, hidden, or none.
If true, concrete, expanded or aliased indices are ignored when frozen.
Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. By default, if a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.
Default value is false.
Specifies how to analyze the data. After you create a job, you cannot change the analysis configuration; all the properties are informational.
Limits can be applied for the resources required to hold the mathematical models in memory. These limits are approximate and can be set per job. They do not control the memory used by other processes, for example the Elasticsearch Java processes.
Advanced configuration option. The time between each periodic persistence of the model. The default value is a randomized value between 3 to 4 hours, which avoids all jobs persisting at exactly the same time. The smallest allowed value is 1 hour. For very large models (several GB), persistence could take 10-20 minutes, so do not set the background_persist_interval value too low.
Advanced configuration option. Contains custom meta data about the job.
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to model_snapshot_retention_days.
Default value is 1.
Defines the format of the input data when you send data to the job by using the post data API. Note that when configure a datafeed, these properties are automatically set. When data is received via the post data API, it is not stored in Elasticsearch. Only the results for anomaly detection are retained.
Defines a datafeed for the anomaly detection job. If Elasticsearch security features are enabled, your datafeed remembers which roles the user who created it had at the time of creation and runs the query using those same roles. If you provide secondary authorization headers, those credentials are used instead.
A description of the job.
The identifier for the anomaly detection job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
A list of job groups. A job can belong to no groups or many.
This advanced configuration option stores model information along with the results. It provides a more detailed view into anomaly detection. If you enable model plot it can add considerable overhead to the performance of the system; it is not feasible for jobs with many entities. Model plot provides a simplified and indicative view of the model and its bounds. It does not display complex features such as multivariate correlations or multimodal data. As such, anomalies may occasionally be reported which cannot be seen in the model plot. Model plot config can be configured when the job is created or updated later. It must be disabled if performance issues are experienced.
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. By default, snapshots ten days older than the newest snapshot are deleted.
Default value is 10.
Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket spans.
A text string that affects the name of the machine learning results index. By default, the job generates an index named .ml-anomalies-shared.
Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.
PUT /_ml/anomaly_detectors/job-01
{
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}resp = client.ml.put_job(
job_id="job-01",
analysis_config={
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
data_description={
"time_field": "timestamp",
"time_format": "epoch_ms"
},
analysis_limits={
"model_memory_limit": "11MB"
},
model_plot_config={
"enabled": True,
"annotations_enabled": True
},
results_index_name="test-job1",
datafeed_config={
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
},
)const response = await client.ml.putJob({
job_id: "job-01",
analysis_config: {
bucket_span: "15m",
detectors: [
{
detector_description: "Sum of bytes",
function: "sum",
field_name: "bytes",
},
],
},
data_description: {
time_field: "timestamp",
time_format: "epoch_ms",
},
analysis_limits: {
model_memory_limit: "11MB",
},
model_plot_config: {
enabled: true,
annotations_enabled: true,
},
results_index_name: "test-job1",
datafeed_config: {
indices: ["kibana_sample_data_logs"],
query: {
bool: {
must: [
{
match_all: {},
},
],
},
},
runtime_mappings: {
hour_of_day: {
type: "long",
script: {
source: "emit(doc['timestamp'].value.getHour());",
},
},
},
datafeed_id: "datafeed-test-job1",
},
});response = client.ml.put_job(
job_id: "job-01",
body: {
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}
)$resp = $client->ml()->putJob([
"job_id" => "job-01",
"body" => [
"analysis_config" => [
"bucket_span" => "15m",
"detectors" => array(
[
"detector_description" => "Sum of bytes",
"function" => "sum",
"field_name" => "bytes",
],
),
],
"data_description" => [
"time_field" => "timestamp",
"time_format" => "epoch_ms",
],
"analysis_limits" => [
"model_memory_limit" => "11MB",
],
"model_plot_config" => [
"enabled" => true,
"annotations_enabled" => true,
],
"results_index_name" => "test-job1",
"datafeed_config" => [
"indices" => array(
"kibana_sample_data_logs",
),
"query" => [
"bool" => [
"must" => array(
[
"match_all" => new ArrayObject([]),
],
),
],
],
"runtime_mappings" => [
"hour_of_day" => [
"type" => "long",
"script" => [
"source" => "emit(doc['timestamp'].value.getHour());",
],
],
],
"datafeed_id" => "datafeed-test-job1",
],
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"analysis_config":{"bucket_span":"15m","detectors":[{"detector_description":"Sum of bytes","function":"sum","field_name":"bytes"}]},"data_description":{"time_field":"timestamp","time_format":"epoch_ms"},"analysis_limits":{"model_memory_limit":"11MB"},"model_plot_config":{"enabled":true,"annotations_enabled":true},"results_index_name":"test-job1","datafeed_config":{"indices":["kibana_sample_data_logs"],"query":{"bool":{"must":[{"match_all":{}}]}},"runtime_mappings":{"hour_of_day":{"type":"long","script":{"source":"emit(doc['"'"'timestamp'"'"'].value.getHour());"}}},"datafeed_id":"datafeed-test-job1"}}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/job-01"client.ml().putJob(p -> p
.analysisConfig(a -> a
.bucketSpan(b -> b
.time("15m")
)
.detectors(d -> d
.detectorDescription("Sum of bytes")
.fieldName("bytes")
.function("sum")
)
)
.analysisLimits(an -> an
.modelMemoryLimit("11MB")
)
.dataDescription(d -> d
.timeField("timestamp")
.timeFormat("epoch_ms")
)
.datafeedConfig(d -> d
.datafeedId("datafeed-test-job1")
.indices("kibana_sample_data_logs")
.query(q -> q
.bool(b -> b
.must(m -> m
.matchAll(ma -> ma)
)
)
)
.runtimeMappings("hour_of_day", r -> r
.script(s -> s
.source(so -> so
.scriptString("emit(doc['timestamp'].value.getHour());")
)
)
.type(RuntimeFieldType.Long)
)
)
.jobId("job-01")
.modelPlotConfig(m -> m
.annotationsEnabled(true)
.enabled(true)
)
.resultsIndexName("test-job1")
);
{
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes"
}
]
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"analysis_limits": {
"model_memory_limit": "11MB"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"results_index_name": "test-job1",
"datafeed_config": {
"indices": [
"kibana_sample_data_logs"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
},
"datafeed_id": "datafeed-test-job1"
}
}{
"job_id": "test-job1",
"job_type": "anomaly_detector",
"job_version": "8.4.0",
"create_time": 1656087283340,
"datafeed_config": {
"datafeed_id": "datafeed-test-job1",
"job_id": "test-job1",
"authorization": {
"roles": [
"superuser"
]
},
"query_delay": "61499ms",
"chunking_config": {
"mode": "auto"
},
"indices_options": {
"expand_wildcards": [
"open"
],
"ignore_unavailable": false,
"allow_no_indices": true,
"ignore_throttled": true
},
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"indices": [
"kibana_sample_data_logs"
],
"scroll_size": 1000,
"delayed_data_check_config": {
"enabled": true
},
"runtime_mappings": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
}
},
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "Sum of bytes",
"function": "sum",
"field_name": "bytes",
"detector_index": 0
}
],
"influencers": [],
"model_prune_window": "30d"
},
"analysis_limits": {
"model_memory_limit": "11mb",
"categorization_examples_limit": 4
},
"data_description": {
"time_field": "timestamp",
"time_format": "epoch_ms"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": true
},
"model_snapshot_retention_days": 10,
"daily_model_snapshot_retention_after_days": 1,
"results_index_name": "custom-test-job1",
"allow_lazy_open": false
}All job configuration, model state and results are deleted. It is not currently possible to delete multiple jobs using wildcards or a comma separated list. If you delete a job that has a datafeed, the request first tries to delete the datafeed. This behavior is equivalent to calling the delete datafeed API with the same timeout and force parameters as the delete job request.
manage_mlUse to forcefully delete an opened job; this method is quicker than closing and deleting the job.
Specifies whether annotations that have been added by the user should be deleted along with any auto-generated annotations when the job is reset.
Specifies whether the request should return immediately or wait until the job deletion completes.
DELETE _ml/anomaly_detectors/total-requests
resp = client.ml.delete_job(
job_id="total-requests",
)const response = await client.ml.deleteJob({
job_id: "total-requests",
});response = client.ml.delete_job(
job_id: "total-requests"
)$resp = $client->ml()->deleteJob([
"job_id" => "total-requests",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/anomaly_detectors/total-requests"client.ml().deleteJob(d -> d
.jobId("total-requests")
);
{
"acknowledged": true
}{
"task": "oTUltX4IQMOUUVeiohTt8A:39"
}All methods and paths for this operation:
You can get statistics for multiple datafeeds in a single API request by
using a comma-separated list of datafeeds or a wildcard expression. You can
get statistics for all datafeeds by using _all, by specifying * as the
<feed_id>, or by omitting the <feed_id>. If the datafeed is stopped, the
only information you receive is the datafeed_id and the state.
This API returns a maximum of 10,000 datafeeds.
monitor_mlIdentifier for the datafeed. It can be a datafeed identifier or a wildcard expression. If you do not specify one of these options, the API returns information about all datafeeds.
Specifies what to do when the request:
_all string or no identifiers and there are no matches.The default value is true, which returns an empty datafeeds array
when there are no matches and the subset of results when there are
partial matches. If this parameter is false, the request returns a
404 status code when there are no matches or only partial matches.
GET _ml/datafeeds/datafeed-high_sum_total_sales/_stats
resp = client.ml.get_datafeed_stats(
datafeed_id="datafeed-high_sum_total_sales",
)const response = await client.ml.getDatafeedStats({
datafeed_id: "datafeed-high_sum_total_sales",
});response = client.ml.get_datafeed_stats(
datafeed_id: "datafeed-high_sum_total_sales"
)$resp = $client->ml()->getDatafeedStats([
"datafeed_id" => "datafeed-high_sum_total_sales",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/datafeeds/datafeed-high_sum_total_sales/_stats"client.ml().getDatafeedStats(g -> g
.datafeedId("datafeed-high_sum_total_sales")
);
All methods and paths for this operation:
Influencers are the entities that have contributed to, or are to blame for,
the anomalies. Influencer results are available only if an
influencer_field_name is specified in the job configuration.
monitor_mlIf true, the results are sorted in descending order.
Returns influencers with timestamps earlier than this time. The default value means it is unset and results are not limited to specific timestamps.
If true, the output excludes interim results. By default, interim results are included.
Returns influencers with anomaly scores greater than or equal to this value.
Skips the specified number of influencers.
Specifies the maximum number of influencers to obtain.
Specifies the sort field for the requested influencers. By default, the
influencers are sorted by the influencer_score value.
Returns influencers with timestamps after this time. The default value means it is unset and results are not limited to specific timestamps.
GET _ml/anomaly_detectors/high_sum_total_sales/results/influencers
{
"sort": "influencer_score",
"desc": true
}resp = client.ml.get_influencers(
job_id="high_sum_total_sales",
sort="influencer_score",
desc=True,
)const response = await client.ml.getInfluencers({
job_id: "high_sum_total_sales",
sort: "influencer_score",
desc: true,
});response = client.ml.get_influencers(
job_id: "high_sum_total_sales",
body: {
"sort": "influencer_score",
"desc": true
}
)$resp = $client->ml()->getInfluencers([
"job_id" => "high_sum_total_sales",
"body" => [
"sort" => "influencer_score",
"desc" => true,
],
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"sort":"influencer_score","desc":true}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/high_sum_total_sales/results/influencers"client.ml().getInfluencers(g -> g
.jobId("high_sum_total_sales")
);
{
"sort": "influencer_score",
"desc": true
}Advanced configuration option. Specifies whether this job can open when
there is insufficient machine learning node capacity for it to be
immediately assigned to a node. If false and a machine learning node
with capacity to run the job cannot immediately be found, the open
anomaly detection jobs API returns an error. However, this is also
subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this
option is set to true, the open anomaly detection jobs API does not
return an error and the job waits in the opening state until sufficient
machine learning node capacity is available.
Default value is false.
Advanced configuration option. The time between each periodic persistence of the model. The default value is a randomized value between 3 to 4 hours, which avoids all jobs persisting at exactly the same time. The smallest allowed value is 1 hour. For very large models (several GB), persistence could take 10-20 minutes, so do not set the value too low. If the job is open when you make the update, you must stop the datafeed, close the job, then reopen the job and restart the datafeed for the changes to take effect.
Advanced configuration option. Contains custom meta data about the job. For example, it can contain custom URL information as shown in Adding custom URLs to machine learning results.
A description of the job.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Advanced configuration option, which affects the automatic removal of old
model snapshots for this job. It specifies a period of time (in days)
after which only the first snapshot per day is retained. This period is
relative to the timestamp of the most recent snapshot for this job. Valid
values range from 0 to model_snapshot_retention_days. For jobs created
before version 7.8.0, the default value matches
model_snapshot_retention_days.
Default value is 1.
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job.
Default value is 10.
Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen.
Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained.
A list of job groups. A job can belong to no groups or many.
An array of detector update objects.
Settings related to how categorization interacts with partition fields.
POST _ml/anomaly_detectors/low_request_rate/_update
{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}resp = client.ml.update_job(
job_id="low_request_rate",
description="An updated job",
detectors={
"detector_index": 0,
"description": "An updated detector description"
},
groups=[
"kibana_sample_data",
"kibana_sample_web_logs"
],
model_plot_config={
"enabled": True
},
renormalization_window_days=30,
background_persist_interval="2h",
model_snapshot_retention_days=7,
results_retention_days=60,
)const response = await client.ml.updateJob({
job_id: "low_request_rate",
description: "An updated job",
detectors: {
detector_index: 0,
description: "An updated detector description",
},
groups: ["kibana_sample_data", "kibana_sample_web_logs"],
model_plot_config: {
enabled: true,
},
renormalization_window_days: 30,
background_persist_interval: "2h",
model_snapshot_retention_days: 7,
results_retention_days: 60,
});response = client.ml.update_job(
job_id: "low_request_rate",
body: {
"description": "An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": [
"kibana_sample_data",
"kibana_sample_web_logs"
],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}
)$resp = $client->ml()->updateJob([
"job_id" => "low_request_rate",
"body" => [
"description" => "An updated job",
"detectors" => [
"detector_index" => 0,
"description" => "An updated detector description",
],
"groups" => array(
"kibana_sample_data",
"kibana_sample_web_logs",
),
"model_plot_config" => [
"enabled" => true,
],
"renormalization_window_days" => 30,
"background_persist_interval" => "2h",
"model_snapshot_retention_days" => 7,
"results_retention_days" => 60,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"description":"An updated job","detectors":{"detector_index":0,"description":"An updated detector description"},"groups":["kibana_sample_data","kibana_sample_web_logs"],"model_plot_config":{"enabled":true},"renormalization_window_days":30,"background_persist_interval":"2h","model_snapshot_retention_days":7,"results_retention_days":60}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/low_request_rate/_update"client.ml().updateJob(u -> u
.backgroundPersistInterval(b -> b
.time("2h")
)
.description("An updated job")
.detectors(d -> d
.detectorIndex(0)
.description("An updated detector description")
)
.groups(List.of("kibana_sample_data","kibana_sample_web_logs"))
.jobId("low_request_rate")
.modelPlotConfig(m -> m
.enabled(true)
)
.modelSnapshotRetentionDays(7L)
.renormalizationWindowDays(30L)
.resultsRetentionDays(60L)
);
{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}The API packages together commonly used evaluation metrics for various types of machine learning features. This has been designed for use on indexes created by data frame analytics. Evaluation requires both a ground truth field and an analytics result field to be present.
monitor_mlDefines the type of evaluation you want to perform.
Defines the index in which the evaluation will be performed.
A query clause that retrieves a subset of data from the source index.
POST _ml/data_frame/_evaluate
{
"index": "animal_classification",
"evaluation": {
"classification": {
"actual_field": "animal_class",
"predicted_field": "ml.animal_class_prediction",
"metrics": {
"multiclass_confusion_matrix": {}
}
}
}
}resp = client.ml.evaluate_data_frame(
index="animal_classification",
evaluation={
"classification": {
"actual_field": "animal_class",
"predicted_field": "ml.animal_class_prediction",
"metrics": {
"multiclass_confusion_matrix": {}
}
}
},
)const response = await client.ml.evaluateDataFrame({
index: "animal_classification",
evaluation: {
classification: {
actual_field: "animal_class",
predicted_field: "ml.animal_class_prediction",
metrics: {
multiclass_confusion_matrix: {},
},
},
},
});response = client.ml.evaluate_data_frame(
body: {
"index": "animal_classification",
"evaluation": {
"classification": {
"actual_field": "animal_class",
"predicted_field": "ml.animal_class_prediction",
"metrics": {
"multiclass_confusion_matrix": {}
}
}
}
}
)$resp = $client->ml()->evaluateDataFrame([
"body" => [
"index" => "animal_classification",
"evaluation" => [
"classification" => [
"actual_field" => "animal_class",
"predicted_field" => "ml.animal_class_prediction",
"metrics" => [
"multiclass_confusion_matrix" => new ArrayObject([]),
],
],
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index":"animal_classification","evaluation":{"classification":{"actual_field":"animal_class","predicted_field":"ml.animal_class_prediction","metrics":{"multiclass_confusion_matrix":{}}}}}' "$ELASTICSEARCH_URL/_ml/data_frame/_evaluate"client.ml().evaluateDataFrame(e -> e
.evaluation(ev -> ev
.classification(c -> c
.actualField("animal_class")
.predictedField("ml.animal_class_prediction")
.metrics(m -> m)
)
)
.index("animal_classification")
);
{
"index": "animal_classification",
"evaluation": {
"classification": {
"actual_field": "animal_class",
"predicted_field": "ml.animal_class_prediction",
"metrics": {
"multiclass_confusion_matrix": {}
}
}
}
}{
"index": "animal_classification",
"evaluation": {
"classification": {
"actual_field": "animal_class",
"metrics": {
"auc_roc": {
"class_name": "dog"
}
}
}
}
}{
"index": "my_analytics_dest_index",
"evaluation": {
"outlier_detection": {
"actual_field": "is_outlier",
"predicted_probability_field": "ml.outlier_score"
}
}
}{
"index": "house_price_predictions",
"query": {
"bool": {
"filter": [
{
"term": {
"ml.is_training": false
}
}
]
}
},
"evaluation": {
"regression": {
"actual_field": "price",
"predicted_field": "ml.price_prediction",
"metrics": {
"r_squared": {},
"mse": {},
"msle": {
"offset": 10
},
"huber": {
"delta": 1.5
}
}
}
}
}{
"index": "house_price_predictions",
"query": {
"term": {
"ml.is_training": {
"value": true
}
}
},
"evaluation": {
"regression": {
"actual_field": "price",
"predicted_field": "ml.price_prediction",
"metrics": {
"r_squared": {},
"mse": {},
"msle": {},
"huber": {}
}
}
}
}{
"classification": {
"multiclass_confusion_matrix": {
"confusion_matrix": [
{
"actual_class": "cat",
"actual_class_doc_count": 12,
"predicted_classes": [
{
"predicted_class": "cat",
"count": 12
},
{
"predicted_class": "dog",
"count": 0
}
],
"other_predicted_class_doc_count": 0
},
{
"actual_class": "dog",
"actual_class_doc_count": 11,
"predicted_classes": [
{
"predicted_class": "dog",
"count": 7
},
{
"predicted_class": "cat",
"count": 4
}
],
"other_predicted_class_doc_count": 0
}
],
"other_actual_class_count": 0
}
}
}{
"classification": {
"auc_roc": {
"value": 0.8941788639536681
}
}
}{
"outlier_detection": {
"auc_roc": {
"value": 0.9258475774641445
},
"confusion_matrix": {
"0.25": {
"tp": 5,
"fp": 9,
"tn": 204,
"fn": 5
},
"0.5": {
"tp": 1,
"fp": 5,
"tn": 208,
"fn": 9
},
"0.75": {
"tp": 0,
"fp": 4,
"tn": 209,
"fn": 10
}
},
"precision": {
"0.25": 0.35714285714285715,
"0.5": 0.16666666666666666,
"0.75": 0
},
"recall": {
"0.25": 0.5,
"0.5": 0.1,
"0.75": 0
}
}
}Identifier for the data frame analytics job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
Specifies what to do when the request:
The default value is true, which returns an empty data_frame_analytics array when there are no matches and the subset of results when there are partial matches. If this parameter is false, the request returns a 404 status code when there are no matches or only partial matches.
If true, the data frame analytics job is stopped forcefully.
Controls the amount of time to wait until the data frame analytics job stops. Defaults to 20 seconds.
Values are -1 or 0.
POST _ml/data_frame/analytics/loganalytics/_stop
resp = client.ml.stop_data_frame_analytics(
id="loganalytics",
)const response = await client.ml.stopDataFrameAnalytics({
id: "loganalytics",
});response = client.ml.stop_data_frame_analytics(
id: "loganalytics"
)$resp = $client->ml()->stopDataFrameAnalytics([
"id" => "loganalytics",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ml/data_frame/analytics/loganalytics/_stop"client.ml().stopDataFrameAnalytics(s -> s
.id("loganalytics")
);
If set to true and a compressed_definition is provided,
the request defers definition decompression and skips relevant
validations.
Whether to wait for all child operations (e.g. model download) to complete.
The compressed (GZipped and Base64 encoded) inference definition of the model. If compressed_definition is specified, then definition cannot be specified.
The inference definition for the model. If definition is specified, then compressed_definition cannot be specified.
A human-readable description of the inference trained model.
The default configuration for inference. This can be either a regression or classification configuration. It must match the underlying definition.trained_model's target_type. For pre-packaged models such as ELSER the config is not required.
The input field names for the model definition.
An object map that contains metadata about the model.
The model type.
Supported values include:
tree_ensemble: The model definition is an ensemble model of decision trees.lang_ident: A special type reserved for language identification models.pytorch: The stored definition is a PyTorch (specifically a TorchScript) model.
Currently only NLP models are supported.Values are tree_ensemble, lang_ident, or pytorch.
The estimated memory usage in bytes to keep the trained model in memory. This property is supported only if defer_definition_decompression is true or the model definition is not supplied.
The platform architecture (if applicable) of the trained mode. If the model
only works on one platform, because it is heavily optimized for a particular
processor architecture and OS combination, then this field specifies which.
The format of the string must match the platform identifiers used by Elasticsearch,
so one of, linux-x86_64, linux-aarch64, darwin-x86_64, darwin-aarch64,
or windows-x86_64. For portable models (those that work independent of processor
architecture or OS features), leave this field unset.
Optional prefix strings applied at inference
curl \
--request PUT 'http://api.example.com/_ml/trained_models/{model_id}' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"compressed_definition":"string","definition":{"preprocessors":[{"frequency_encoding":{"field":"string","feature_name":"string","frequency_map":{}},"one_hot_encoding":{"field":"string","hot_map":{}},"target_mean_encoding":{"field":"string","feature_name":"string","target_map":{},"default_value":42.0}}],"trained_model":{"tree":{"classification_labels":["string"],"feature_names":["string"],"target_type":"string","tree_structure":[{}]},"tree_node":{"decision_type":"string","default_left":true,"leaf_value":42.0,"left_child":42.0,"node_index":42.0,"right_child":42.0,"split_feature":42.0,"split_gain":42.0,"threshold":42.0},"ensemble":{"classification_labels":["string"],"feature_names":["string"],"target_type":"string","trained_models":[{}]}}},"description":"string","inference_config":{"regression":{"results_field":"string","num_top_feature_importance_values":0},"classification":{"num_top_classes":42.0,"num_top_feature_importance_values":0,"prediction_field_type":"string","results_field":"string","top_classes_results_field":"string"},"text_classification":{"num_top_classes":42.0,"tokenization":{},"results_field":"string","classification_labels":["string"],"vocabulary":{}},"zero_shot_classification":{"tokenization":{},"hypothesis_template":"\"This example is {}.\"","classification_labels":["string"],"results_field":"string","multi_label":false,"labels":["string"]},"fill_mask":{"mask_token":"string","num_top_classes":42.0,"tokenization":{},"results_field":"string","vocabulary":{}},"learning_to_rank":{"default_params":{"additionalProperty1":{},"additionalProperty2":{}},"feature_extractors":[{}],"num_top_feature_importance_values":42.0},"ner":{"tokenization":{},"results_field":"string","classification_labels":["string"],"vocabulary":{}},"pass_through":{"tokenization":{},"results_field":"string","vocabulary":{}},"text_embedding":{"embedding_size":42.0,"tokenization":{},"results_field":"string","vocabulary":{}},"text_expansion":{"tokenization":{},"results_field":"string","vocabulary":{}},"question_answering":{"num_top_classes":42.0,"tokenization":{},"results_field":"string","max_answer_length":42.0}},"input":{"field_names":"string"},"metadata":{},"model_type":"tree_ensemble","model_size_bytes":42.0,"platform_architecture":"string","tags":["string"],"prefix_strings":{"ingest":"string","search":"string"}}'The unique identifier of the trained model.
The definition part number. When the definition is loaded for inference the definition parts are streamed in the
order of their part number. The first part must be 0 and the final part must be total_parts - 1.
PUT _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/definition/0
{
"definition": "...",
"total_definition_length": 265632637,
"total_parts": 64
}resp = client.ml.put_trained_model_definition_part(
model_id="elastic__distilbert-base-uncased-finetuned-conll03-english",
part="0",
definition="...",
total_definition_length=265632637,
total_parts=64,
)const response = await client.ml.putTrainedModelDefinitionPart({
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
part: 0,
definition: "...",
total_definition_length: 265632637,
total_parts: 64,
});response = client.ml.put_trained_model_definition_part(
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
part: "0",
body: {
"definition": "...",
"total_definition_length": 265632637,
"total_parts": 64
}
)$resp = $client->ml()->putTrainedModelDefinitionPart([
"model_id" => "elastic__distilbert-base-uncased-finetuned-conll03-english",
"part" => "0",
"body" => [
"definition" => "...",
"total_definition_length" => 265632637,
"total_parts" => 64,
],
]);curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"definition":"...","total_definition_length":265632637,"total_parts":64}' "$ELASTICSEARCH_URL/_ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/definition/0"{
"definition": "...",
"total_definition_length": 265632637,
"total_parts": 64
}The unique identifier of the trained model. Currently, only PyTorch models are supported.
The number of model allocations on each node where the model is deployed. All allocations on a node share the same copy of the model in memory but use a separate set of threads to evaluate the model. Increasing this value generally increases the throughput. If this setting is greater than the number of hardware threads it will automatically be changed to a value less than the number of hardware threads.
The number of model allocations on each node where the model is deployed. All allocations on a node share the same copy of the model in memory but use a separate set of threads to evaluate the model. Increasing this value generally increases the throughput. If this setting is greater than the number of hardware threads it will automatically be changed to a value less than the number of hardware threads. If adaptive_allocations is enabled, do not set this value, because it’s automatically set.
Default value is 1.
Adaptive allocations configuration. When enabled, the number of allocations is set based on the current load. If adaptive_allocations is enabled, do not set the number of allocations manually.
POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_update
{
"number_of_allocations": 4
}resp = client.ml.update_trained_model_deployment(
model_id="elastic__distilbert-base-uncased-finetuned-conll03-english",
number_of_allocations=4,
)const response = await client.ml.updateTrainedModelDeployment({
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
number_of_allocations: 4,
});response = client.ml.update_trained_model_deployment(
model_id: "elastic__distilbert-base-uncased-finetuned-conll03-english",
body: {
"number_of_allocations": 4
}
)$resp = $client->ml()->updateTrainedModelDeployment([
"model_id" => "elastic__distilbert-base-uncased-finetuned-conll03-english",
"body" => [
"number_of_allocations" => 4,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"number_of_allocations":4}' "$ELASTICSEARCH_URL/_ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_update"client.ml().updateTrainedModelDeployment(u -> u
.modelId("elastic__distilbert-base-uncased-finetuned-conll03-english")
.numberOfAllocations(4)
);
{
"number_of_allocations": 4
}All methods and paths for this operation:
Copy the mappings and settings from the source index to a destination index while allowing request settings and mappings to override the source values.
Mappings overrides to be applied to the destination index (optional)
Settings overrides to be applied to the destination index (optional)
If index blocks should be removed when creating destination index (optional)
Default value is true.
POST _create_from/my-index/my-new-index
resp = client.perform_request(
"POST",
"/_create_from/my-index/my-new-index",
)const response = await client.transport.request({
method: "POST",
path: "/_create_from/my-index/my-new-index",
});response = client.perform_request(
"POST",
"/_create_from/my-index/my-new-index",
{},
)$requestFactory = Psr17FactoryDiscovery::findRequestFactory();
$request = $requestFactory->createRequest(
"POST",
"/_create_from/my-index/my-new-index",
);
$resp = $client->sendRequest($request);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_create_from/my-index/my-new-index"client.indices().createFrom(c -> c
.dest("my-new-index")
.source("my-index")
.createFrom(cr -> cr)
);
Version upgrades sometimes require changes to how features store configuration information and data in system indices. This API starts the automatic migration process.
Some functionality might be temporarily unavailable during the migration process.
TIP: The API is designed for indirect use by the Upgrade Assistant. We strongly recommend you use the Upgrade Assistant.
managemanagePOST /_migration/system_features
resp = client.migration.post_feature_upgrade()const response = await client.migration.postFeatureUpgrade();response = client.migration.post_feature_upgrade$resp = $client->migration()->postFeatureUpgrade();curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_migration/system_features"client.migration().postFeatureUpgrade();
{
"accepted" : true,
"features" : [
{
"feature_name" : "security"
}
]
}All methods and paths for this operation:
Get the capabilities of any rollup jobs that have been configured for a specific index or index pattern.
This API is useful because a rollup job is often configured to rollup only a subset of fields from the source index. Furthermore, only certain aggregations can be configured for various fields, leading to a limited subset of functionality depending on that configuration. This API enables you to inspect an index and determine:
monitor_rollupGET _rollup/data/sensor-*
resp = client.rollup.get_rollup_caps(
id="sensor-*",
)const response = await client.rollup.getRollupCaps({
id: "sensor-*",
});response = client.rollup.get_rollup_caps(
id: "sensor-*"
)$resp = $client->rollup()->getRollupCaps([
"id" => "sensor-*",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_rollup/data/sensor-*"client.rollup().getRollupCaps(g -> g
.id("sensor-*")
);
{
"sensor-*" : {
"rollup_jobs" : [
{
"job_id" : "sensor",
"rollup_index" : "sensor_rollup",
"index_pattern" : "sensor-*",
"fields" : {
"node" : [
{
"agg" : "terms"
}
],
"temperature" : [
{
"agg" : "min"
},
{
"agg" : "max"
},
{
"agg" : "sum"
}
],
"timestamp" : [
{
"agg" : "date_histogram",
"time_zone" : "UTC",
"fixed_interval" : "1h",
"delay": "7d"
}
],
"voltage" : [
{
"agg" : "avg"
}
]
}
}
]
}
}The period to wait for a connection to the master node.
If no response is received before the timeout expires, the request fails and returns an error.
It can also be set to -1 to indicate that the request should never timeout.
Values are -1 or 0.
The period to wait for a response.
If no response is received before the timeout expires, the request fails and returns an error.
It can also be set to -1 to indicate that the request should never timeout.
Values are -1 or 0.
DELETE _scripts/my-search-template
resp = client.delete_script(
id="my-search-template",
)const response = await client.deleteScript({
id: "my-search-template",
});response = client.delete_script(
id: "my-search-template"
)$resp = $client->deleteScript([
"id" => "my-search-template",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_scripts/my-search-template"client.deleteScript(d -> d
.id("my-search-template")
);
GET _script_context
resp = client.get_script_context()const response = await client.getScriptContext();response = client.get_script_context$resp = $client->getScriptContext();curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_script_context"client.getScriptContext();
A point in time must be opened explicitly before being used in search requests.
The keep_alive parameter tells Elasticsearch how long it should persist.
A point in time is automatically closed when the keep_alive period has elapsed.
However, keeping points in time has a cost; close them as soon as they are no longer required for search requests.
DELETE /_pit
{
"id": "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA=="
}resp = client.close_point_in_time(
id="46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==",
)const response = await client.closePointInTime({
id: "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==",
});response = client.close_point_in_time(
body: {
"id": "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA=="
}
)$resp = $client->closePointInTime([
"body" => [
"id" => "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==",
],
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"id":"46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA=="}' "$ELASTICSEARCH_URL/_pit"client.closePointInTime(c -> c
.id("46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==")
);
{
"id": "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA=="
}{
"succeeded": true,
"num_freed": 3
}This API invalidates API keys created by the create API key or grant API key APIs. Invalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.
To use this API, you must have at least the manage_security, manage_api_key, or manage_own_api_key cluster privileges.
The manage_security privilege allows deleting any API key, including both REST and cross cluster API keys.
The manage_api_key privilege allows deleting any REST API key, but not cross cluster API keys.
The manage_own_api_key only allows deleting REST API keys that are owned by the user.
In addition, with the manage_own_api_key privilege, an invalidation request must be issued in one of the three formats:
owner=true.username and realm_name to match the user's identity.ids field.manage_api_key,manage_own_api_keyA list of API key ids.
This parameter cannot be used with any of name, realm_name, or username.
An API key name.
This parameter cannot be used with any of ids, realm_name or username.
Query API keys owned by the currently authenticated user.
The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.
NOTE: At least one of ids, name, username, and realm_name must be specified if owner is false.
Default value is false.
The name of an authentication realm.
This parameter cannot be used with either ids or name, or when owner flag is set to true.
The username of a user.
This parameter cannot be used with either ids or name or when owner flag is set to true.
DELETE /_security/api_key
{
"ids" : [ "VuaCfGcBCdbkQm-e5aOx" ]
}resp = client.security.invalidate_api_key(
ids=[
"VuaCfGcBCdbkQm-e5aOx"
],
)const response = await client.security.invalidateApiKey({
ids: ["VuaCfGcBCdbkQm-e5aOx"],
});response = client.security.invalidate_api_key(
body: {
"ids": [
"VuaCfGcBCdbkQm-e5aOx"
]
}
)$resp = $client->security()->invalidateApiKey([
"body" => [
"ids" => array(
"VuaCfGcBCdbkQm-e5aOx",
),
],
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"ids":["VuaCfGcBCdbkQm-e5aOx"]}' "$ELASTICSEARCH_URL/_security/api_key"client.security().invalidateApiKey(i -> i
.ids("VuaCfGcBCdbkQm-e5aOx")
);
{
"ids" : [ "VuaCfGcBCdbkQm-e5aOx" ]
}{
"name" : "my-api-key"
}{
"realm_name" : "native1"
}{
"username" : "myuser"
}{
"ids" : ["VuaCfGcBCdbkQm-e5aOx"],
"owner" : "true"
}{
"username" : "myuser",
"realm_name" : "native1"
}{
"invalidated_api_keys": [
"api-key-id-1"
],
"previously_invalidated_api_keys": [
"api-key-id-2",
"api-key-id-3"
],
"error_count": 2,
"error_details": [
{
"type": "exception",
"reason": "error occurred while invalidating api keys",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "invalid api key id"
}
},
{
"type": "exception",
"reason": "error occurred while invalidating api keys",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "invalid api key id"
}
}
]
}All methods and paths for this operation:
Create a service accounts token for access without requiring basic authentication.
NOTE: Service account tokens never expire. You must actively delete them if they are no longer needed.
manage_service_accountThe name of the namespace, which is a top-level grouping of service accounts.
The name of the service.
The name for the service account token. If omitted, a random name will be generated.
Token names must be at least one and no more than 256 characters.
They can contain alphanumeric characters (a-z, A-Z, 0-9), dashes (-), and underscores (_), but cannot begin with an underscore.
NOTE: Token names must be unique in the context of the associated service account.
They must also be globally unique with their fully qualified names, which are comprised of the service account principal and token name, such as <namespace>/<service>/<token-name>.
POST /_security/service/elastic/fleet-server/credential/token/token1
resp = client.security.create_service_token(
namespace="elastic",
service="fleet-server",
name="token1",
)const response = await client.security.createServiceToken({
namespace: "elastic",
service: "fleet-server",
name: "token1",
});response = client.security.create_service_token(
namespace: "elastic",
service: "fleet-server",
name: "token1"
)$resp = $client->security()->createServiceToken([
"namespace" => "elastic",
"service" => "fleet-server",
"name" => "token1",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/service/elastic/fleet-server/credential/token/token1"client.security().createServiceToken(c -> c
.name("token1")
.namespace("elastic")
.service("fleet-server")
);
{
"created": true,
"token": {
"name": "token1",
"value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ"
}
}To use this API, you must have one of the following privileges:
manage_security cluster privilege (or a greater privilege such as all).manage_securityThe name of the application. Application privileges are always associated with exactly one application.
The name of the privilege.
DELETE /_security/privilege/myapp/read
resp = client.security.delete_privileges(
application="myapp",
name="read",
)const response = await client.security.deletePrivileges({
application: "myapp",
name: "read",
});response = client.security.delete_privileges(
application: "myapp",
name: "read"
)$resp = $client->security()->deletePrivileges([
"application" => "myapp",
"name" => "read",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/privilege/myapp/read"client.security().deletePrivileges(d -> d
.application("myapp")
.name("read")
);
{
"myapp": {
"read": {
"found" : true
}
}
}All methods and paths for this operation:
The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management. The create or update roles API cannot update roles that are defined in roles files. File-based role management is not available in Elastic Serverless.
manage_securityIf true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.
Values are true, false, or wait_for.
A list of application privilege entries.
A list of cluster privileges. These privileges define the cluster-level actions for users with this role.
An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.
A list of indices permissions entries.
A list of remote indices permissions entries.
NOTE: Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
The subset of index level privileges that can be defined for remote clusters.
A list of remote cluster permissions entries.
The subset of cluster level privileges that can be defined for remote clusters.
Optional metadata. Within the metadata object, keys that begin with an underscore (_) are reserved for system use.
A list of users that the owners of this role can impersonate. Note: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty run_as field, but a non-empty list will be rejected.
Optional description of the role descriptor
Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If enabled is false, the role is ignored, but is still listed in the response from the authenticate API.
POST /_security/role/my_admin_role
{
"description": "Grants full access to all management features within the cluster.",
"cluster": ["all"],
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": ["all"],
"field_security" : { // optional
"grant" : [ "title", "body" ]
},
"query": "{\"match\": {\"title\": \"foo\"}}" // optional
}
],
"applications": [
{
"application": "myapp",
"privileges": [ "admin", "read" ],
"resources": [ "*" ]
}
],
"run_as": [ "other_user" ], // optional
"metadata" : { // optional
"version" : 1
}
}resp = client.security.put_role(
name="my_admin_role",
description="Grants full access to all management features within the cluster.",
cluster=[
"all"
],
indices=[
{
"names": [
"index1",
"index2"
],
"privileges": [
"all"
],
"field_security": {
"grant": [
"title",
"body"
]
},
"query": "{\"match\": {\"title\": \"foo\"}}"
}
],
applications=[
{
"application": "myapp",
"privileges": [
"admin",
"read"
],
"resources": [
"*"
]
}
],
run_as=[
"other_user"
],
metadata={
"version": 1
},
)const response = await client.security.putRole({
name: "my_admin_role",
description:
"Grants full access to all management features within the cluster.",
cluster: ["all"],
indices: [
{
names: ["index1", "index2"],
privileges: ["all"],
field_security: {
grant: ["title", "body"],
},
query: '{"match": {"title": "foo"}}',
},
],
applications: [
{
application: "myapp",
privileges: ["admin", "read"],
resources: ["*"],
},
],
run_as: ["other_user"],
metadata: {
version: 1,
},
});response = client.security.put_role(
name: "my_admin_role",
body: {
"description": "Grants full access to all management features within the cluster.",
"cluster": [
"all"
],
"indices": [
{
"names": [
"index1",
"index2"
],
"privileges": [
"all"
],
"field_security": {
"grant": [
"title",
"body"
]
},
"query": "{\"match\": {\"title\": \"foo\"}}"
}
],
"applications": [
{
"application": "myapp",
"privileges": [
"admin",
"read"
],
"resources": [
"*"
]
}
],
"run_as": [
"other_user"
],
"metadata": {
"version": 1
}
}
)$resp = $client->security()->putRole([
"name" => "my_admin_role",
"body" => [
"description" => "Grants full access to all management features within the cluster.",
"cluster" => array(
"all",
),
"indices" => array(
[
"names" => array(
"index1",
"index2",
),
"privileges" => array(
"all",
),
"field_security" => [
"grant" => array(
"title",
"body",
),
],
"query" => "{\"match\": {\"title\": \"foo\"}}",
],
),
"applications" => array(
[
"application" => "myapp",
"privileges" => array(
"admin",
"read",
),
"resources" => array(
"*",
),
],
),
"run_as" => array(
"other_user",
),
"metadata" => [
"version" => 1,
],
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"description":"Grants full access to all management features within the cluster.","cluster":["all"],"indices":[{"names":["index1","index2"],"privileges":["all"],"field_security":{"grant":["title","body"]},"query":"{\"match\": {\"title\": \"foo\"}}"}],"applications":[{"application":"myapp","privileges":["admin","read"],"resources":["*"]}],"run_as":["other_user"],"metadata":{"version":1}}' "$ELASTICSEARCH_URL/_security/role/my_admin_role"client.security().putRole(p -> p
.applications(a -> a
.application("myapp")
.privileges(List.of("admin","read"))
.resources("*")
)
.cluster("all")
.description("Grants full access to all management features within the cluster.")
.indices(i -> i
.fieldSecurity(f -> f
.grant(List.of("title","body"))
)
.names(List.of("index1","index2"))
.privileges("all")
.query(q -> q
.match(m -> m
.field("title")
.query(FieldValue.of("foo"))
)
)
)
.metadata("version", JsonData.fromJson("1"))
.name("my_admin_role")
.runAs("other_user")
);
{
"description": "Grants full access to all management features within the cluster.",
"cluster": ["all"],
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": ["all"],
"field_security" : { // optional
"grant" : [ "title", "body" ]
},
"query": "{\"match\": {\"title\": \"foo\"}}" // optional
}
],
"applications": [
{
"application": "myapp",
"privileges": [ "admin", "read" ],
"resources": [ "*" ]
}
],
"run_as": [ "other_user" ], // optional
"metadata" : { // optional
"version" : 1
}
}{
"cluster": ["cluster:monitor/main"],
"indices": [
{
"names": ["test"],
"privileges": ["read", "indices:admin/get"]
}
]
}{
"remote_indices": [
{
"clusters": ["my_remote"],
"names": ["logs*"],
"privileges": ["read", "read_cross_cluster", "view_index_metadata"]
}
],
"remote_cluster": [
{
"clusters": ["my_remote"],
"privileges": ["monitor_stats"]
}
]
}{
"role": {
"created": true
}
}Role mappings define which roles are assigned to each user. The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The delete role mappings API cannot remove role mappings that are defined in role mapping files.
manage_securityThe distinct name that identifies the role mapping. The name is used solely as an identifier to facilitate interaction via the API; it does not affect the behavior of the mapping in any way.
DELETE /_security/role_mapping/mapping1
resp = client.security.delete_role_mapping(
name="mapping1",
)const response = await client.security.deleteRoleMapping({
name: "mapping1",
});response = client.security.delete_role_mapping(
name: "mapping1"
)$resp = $client->security()->deleteRoleMapping([
"name" => "mapping1",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/role_mapping/mapping1"client.security().deleteRoleMapping(d -> d
.name("mapping1")
);
{
"found" : true
}All methods and paths for this operation:
Enable user profiles to make them visible in user profile searches.
NOTE: The user profile feature is designed only for use by Kibana and Elastic's Observability, Enterprise Search, and Elastic Security solutions. Individual users and external applications should not call this API directly. Elastic reserves the right to change or remove this feature in future releases without prior notice.
When you activate a user profile, it's automatically enabled and visible in user profile searches. If you later disable the user profile, you can use the enable user profile API to make the profile visible in these searches again.
manage_user_profilePOST /_security/profile/u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0/_enable
resp = client.security.enable_user_profile(
uid="u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
)const response = await client.security.enableUserProfile({
uid: "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
});response = client.security.enable_user_profile(
uid: "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0"
)$resp = $client->security()->enableUserProfile([
"uid" => "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/profile/u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0/_enable"client.security().enableUserProfile(e -> e
.uid("u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0")
);
Enable a Kibana instance to configure itself for communication with a secured Elasticsearch cluster.
NOTE: This API is currently intended for internal use only by Kibana. Kibana uses this API internally to configure itself for communications with an Elasticsearch cluster that already has security features enabled.
GET /_security/enroll/kibana
resp = client.security.enroll_kibana()const response = await client.security.enrollKibana();response = client.security.enroll_kibana$resp = $client->security()->enrollKibana();curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/enroll/kibana"client.security().enrollKibana();
{
"token" : {
"name" : "enroll-process-token-1629123923000",
"value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ"
},
"http_ca" : "MIIJlAIBAzVoGCSqGSIb3...vsDfsA3UZBAjEPfhubpQysAICAA=",
}Exchange an OpenID Connect authentication response message for an Elasticsearch internal access token and refresh token that can be subsequently used for authentication.
Elasticsearch exposes all the necessary OpenID Connect related functionality with the OpenID Connect APIs. These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.
Associate a client session with an ID token and mitigate replay attacks.
This value needs to be the same as the one that was provided to the /_security/oidc/prepare API or the one that was generated by Elasticsearch and included in the response to that call.
The name of the OpenID Connect realm. This property is useful in cases where multiple realms are defined.
The URL to which the OpenID Connect Provider redirected the User Agent in response to an authentication request after a successful authentication. This URL must be provided as-is (URL encoded), taken from the body of the response or as the value of a location header in the response from the OpenID Connect Provider.
Maintain state between the authentication request and the response.
This value needs to be the same as the one that was provided to the /_security/oidc/prepare API or the one that was generated by Elasticsearch and included in the response to that call.
POST /_security/oidc/authenticate
{
"redirect_uri" : "https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"state" : "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"nonce" : "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
"realm" : "oidc1"
}resp = client.security.oidc_authenticate(
redirect_uri="https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
state="4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
nonce="WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
realm="oidc1",
)const response = await client.security.oidcAuthenticate({
redirect_uri:
"https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
state: "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
nonce: "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
realm: "oidc1",
});response = client.security.oidc_authenticate(
body: {
"redirect_uri": "https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"state": "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"nonce": "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
"realm": "oidc1"
}
)$resp = $client->security()->oidcAuthenticate([
"body" => [
"redirect_uri" => "https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"state" => "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"nonce" => "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
"realm" => "oidc1",
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"redirect_uri":"https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I","state":"4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I","nonce":"WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM","realm":"oidc1"}' "$ELASTICSEARCH_URL/_security/oidc/authenticate"client.security().oidcAuthenticate(o -> o
.nonce("WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM")
.realm("oidc1")
.redirectUri("https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I")
.state("4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I")
);
{
"redirect_uri" : "https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"state" : "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I",
"nonce" : "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM",
"realm" : "oidc1"
}{
"access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
"type" : "Bearer",
"expires_in" : 1200,
"refresh_token": "vLBPvmAB6KvwvJZr27cS"
}A comma-separated list of snapshot repository names used to limit the request.
Wildcard (*) expressions are supported including combining wildcards with exclude patterns starting with -.
To get information about all snapshot repositories registered in the cluster, omit this parameter or use * or _all.
If true, the request gets information from the local node only.
If false, the request gets information from the master node.
The period to wait for the master node.
If the master node is not available before the timeout expires, the request fails and returns an error.
To indicate that the request should never timeout, set it to -1.
Values are -1 or 0.
GET /_snapshot/my_repository
resp = client.snapshot.get_repository(
name="my_repository",
)const response = await client.snapshot.getRepository({
name: "my_repository",
});response = client.snapshot.get_repository(
repository: "my_repository"
)$resp = $client->snapshot()->getRepository([
"repository" => "my_repository",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_snapshot/my_repository"client.snapshot().getRepository(g -> g
.name("my_repository")
);
{
"my_repository" : {
"type" : "fs",
"uuid" : "0JLknrXbSUiVPuLakHjBrQ",
"settings" : {
"location" : "my_backup_location"
}
}
}The ame of the snapshot repositories to unregister.
Wildcard (*) patterns are supported.
The period to wait for the master node.
If the master node is not available before the timeout expires, the request fails and returns an error.
To indicate that the request should never timeout, set it to -1.
Values are -1 or 0.
The period to wait for a response from all relevant nodes in the cluster after updating the cluster metadata.
If no response is received before the timeout expires, the cluster metadata update still applies but the response will indicate that it was not completely acknowledged.
To indicate that the request should never timeout, set it to -1.
Values are -1 or 0.
DELETE /_snapshot/my_repository
resp = client.snapshot.delete_repository(
name="my_repository",
)const response = await client.snapshot.deleteRepository({
name: "my_repository",
});response = client.snapshot.delete_repository(
repository: "my_repository"
)$resp = $client->snapshot()->deleteRepository([
"repository" => "my_repository",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_snapshot/my_repository"client.snapshot().deleteRepository(d -> d
.name("my_repository")
);
The period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
DELETE /_slm/policy/daily-snapshots
resp = client.slm.delete_lifecycle(
policy_id="daily-snapshots",
)const response = await client.slm.deleteLifecycle({
policy_id: "daily-snapshots",
});response = client.slm.delete_lifecycle(
policy_id: "daily-snapshots"
)$resp = $client->slm()->deleteLifecycle([
"policy_id" => "daily-snapshots",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_slm/policy/daily-snapshots"client.slm().deleteLifecycle(d -> d
.policyId("daily-snapshots")
);
GET _synonyms/my-synonyms-set/test-1
resp = client.synonyms.get_synonym_rule(
set_id="my-synonyms-set",
rule_id="test-1",
)const response = await client.synonyms.getSynonymRule({
set_id: "my-synonyms-set",
rule_id: "test-1",
});response = client.synonyms.get_synonym_rule(
set_id: "my-synonyms-set",
rule_id: "test-1"
)$resp = $client->synonyms()->getSynonymRule([
"set_id" => "my-synonyms-set",
"rule_id" => "test-1",
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_synonyms/my-synonyms-set/test-1"client.synonyms().getSynonymRule(g -> g
.ruleId("test-1")
.setId("my-synonyms-set")
);
{
"id": "test-1",
"synonyms": "hello, hi"
}DELETE _synonyms/my-synonyms-set/test-1
resp = client.synonyms.delete_synonym_rule(
set_id="my-synonyms-set",
rule_id="test-1",
)const response = await client.synonyms.deleteSynonymRule({
set_id: "my-synonyms-set",
rule_id: "test-1",
});response = client.synonyms.delete_synonym_rule(
set_id: "my-synonyms-set",
rule_id: "test-1"
)$resp = $client->synonyms()->deleteSynonymRule([
"set_id" => "my-synonyms-set",
"rule_id" => "test-1",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_synonyms/my-synonyms-set/test-1"client.synonyms().deleteSynonymRule(d -> d
.ruleId("test-1")
.setId("my-synonyms-set")
);
{
"result": "deleted",
"reload_analyzers_details": {
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"reload_details": [
{
"index": "test-index",
"reloaded_analyzers": [
"my_search_analyzer"
],
"reloaded_node_ids": [
"1wYFZzq8Sxeu_Jvt9mlbkg"
]
}
]
}
}If this value is false, the transform must be stopped before it can be deleted. If true, the transform is deleted regardless of its current state.
If this value is true, the destination index is deleted together with the transform. If false, the destination index will not be deleted
Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
Values are -1 or 0.
DELETE _transform/ecommerce_transform
resp = client.transform.delete_transform(
transform_id="ecommerce_transform",
)const response = await client.transform.deleteTransform({
transform_id: "ecommerce_transform",
});response = client.transform.delete_transform(
transform_id: "ecommerce_transform"
)$resp = $client->transform()->deleteTransform([
"transform_id" => "ecommerce_transform",
]);curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_transform/ecommerce_transform"client.transform().deleteTransform(d -> d
.transformId("ecommerce_transform")
);
{
"acknowledged": true
}