Create a behavioral analytics collection Technical preview; Added in 8.8.0

PUT /_application/analytics/{name}

Path parameters

name string Required

The name of the analytics collection to be created or updated.

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.
- name string Required
  
  The name of the analytics collection created or updated

PUT /_application/analytics/{name}

PUT _application/analytics/my_analytics_collection

resp = client.search_application.put_behavioral_analytics(
    name="my_analytics_collection",
)

const response = await client.searchApplication.putBehavioralAnalytics({
  name: "my_analytics_collection",
});

response = client.search_application.put_behavioral_analytics(
  name: "my_analytics_collection"
)

$resp = $client->searchApplication()->putBehavioralAnalytics([
    "name" => "my_analytics_collection",
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my_analytics_collection"

client.searchApplication().putBehavioralAnalytics(p -> p
    .name("my_analytics_collection")
);

Delete a behavioral analytics collection Technical preview; Added in 8.8.0

DELETE /_application/analytics/{name}

Api key auth Basic auth Bearer auth

The associated data stream is also deleted.

Path parameters

name string Required

The name of the analytics collection to be deleted

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_application/analytics/{name}

DELETE _application/analytics/my_analytics_collection/

resp = client.search_application.delete_behavioral_analytics(
    name="my_analytics_collection",
)

const response = await client.searchApplication.deleteBehavioralAnalytics({
  name: "my_analytics_collection",
});

response = client.search_application.delete_behavioral_analytics(
  name: "my_analytics_collection"
)

$resp = $client->searchApplication()->deleteBehavioralAnalytics([
    "name" => "my_analytics_collection",
]);

curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_application/analytics/my_analytics_collection/"

client.searchApplication().deleteBehavioralAnalytics(d -> d
    .name("my_analytics_collection")
);

Get the cluster health status Generally available

GET /_cat/health

Api key auth Basic auth Bearer auth

IMPORTANT: CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the cluster health API. This API is often used to check malfunctioning clusters. To help you track cluster health alongside log files and alerting systems, the API returns timestamps in two formats: HH:MM:SS, which is human-readable but includes no date information; Unix epoch time, which is machine-sortable and includes date information. The latter format is useful for cluster recoveries that take multiple days. You can use the cat health API to verify cluster health across multiple nodes. You also can use the API to track the recovery of a large cluster over a longer period of time.

Required authorization

Cluster privileges: monitor

Query parameters

ts boolean

If true, returns HH:MM:SS and Unix epoch timestamps.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.

Responses

200 application/json
Hide response attributes Show response attributes object
- epoch number | string
  
  seconds since 1970-01-01 00:00:00
  
  One of:
  UnitSeconds number string-2 string
  
  seconds since 1970-01-01 00:00:00
- timestamp string
  
  time in HH:MM:SS
- cluster string
  
  cluster name
- status string
  
  health status
- node.total string
  
  total number of nodes
- node.data string
  
  number of nodes that can store data
- shards string
  
  total number of shards
- pri string
  
  number of primary shards
- relo string
  
  number of relocating nodes
- init string
  
  number of initializing nodes
- unassign.pri string
  
  number of unassigned primary shards
- unassign string
  
  number of unassigned shards
- pending_tasks string
  
  number of pending tasks
- max_task_wait_time string
  
  wait time of longest task pending
- active_shards_percent string
  
  active number of shards in percent

GET /_cat/health

GET /_cat/health?v=true&format=json

resp = client.cat.health(
    v=True,
    format="json",
)

const response = await client.cat.health({
  v: "true",
  format: "json",
});

response = client.cat.health(
  v: "true",
  format: "json"
)

$resp = $client->cat()->health([
    "v" => "true",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/health?v=true&format=json"

client.cat().health();

Response examples (200)

A successful response from `GET /_cat/health?v=true&format=json`. By default, it returns `HH:MM:SS` and Unix epoch timestamps.

[
  {
    "epoch": "1475871424",
    "timestamp": "16:17:04",
    "cluster": "elasticsearch",
    "status": "green",
    "node.total": "1",
    "node.data": "1",
    "shards": "1",
    "pri": "1",
    "relo": "0",
    "init": "0",
    "unassign": "0",
    "unassign.pri": "0",
    "pending_tasks": "0",
    "max_task_wait_time": "-",
    "active_shards_percent": "100.0%"
  }
]

Get index information Generally available

GET /_cat/indices/{index}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/indices

GET /_cat/indices/{index}

Get high-level information about indices in a cluster, including backing indices for data streams.

Use this request to get the following information for each index in a cluster:

shard count
document count
deleted document count
primary store size
total store size of all shards, including shard replicas

These metrics are retrieved directly from Lucene, which Elasticsearch uses internally to power indexing and search. As a result, all document counts include hidden nested documents. To get an accurate count of Elasticsearch documents, use the cat count or count APIs.

CAT APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use an index endpoint.

Required authorization

Index privileges: monitor
Cluster privileges: monitor

Path parameters

index string | array[string] Required

Comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.

Query parameters

expand_wildcards string | array[string]
The type of index that wildcard patterns can match.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.
health string
The health status used to limit returned indices. By default, the response includes indices of any health status.

Supported values include:
- green (or GREEN): All shards are assigned.
- yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
- red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
- unknown
- unavailable
Values are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
include_unloaded_segments boolean

If true, the response includes information from segments that are not loaded into memory.
pri boolean

If true, the response only includes information from primary shards.
master_timeout string

Period to wait for a connection to the master node.

External documentation
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.

Responses

200 application/json
Hide response attributes Show response attributes object
- health string
  
  current health status
- status string
  
  open/close status
- index string
  
  index name
- uuid string
  
  index uuid
- pri string
  
  number of primary shards
- rep string
  
  number of replica shards
- docs.count string | null
  
  available docs
  
  One of:
  string-1 string string-2 string | null
- docs.deleted string | null
  
  deleted docs
  
  One of:
  string-1 string string-2 string | null
- creation.date string
  
  index creation date (millisecond value)
- creation.date.string string
  
  index creation date (as string)
- store.size string | null
  
  store size of primaries & replicas
  
  One of:
  string-1 string string-2 string | null
- pri.store.size string | null
  
  store size of primaries
  
  One of:
  string-1 string string-2 string | null
- dataset.size string | null
  
  total size of dataset (including the cache for partially mounted indices)
  
  One of:
  string-1 string string-2 string | null
- completion.size string
  
  size of completion
- pri.completion.size string
  
  size of completion
- fielddata.memory_size string
  
  used fielddata cache
- pri.fielddata.memory_size string
  
  used fielddata cache
- fielddata.evictions string
  
  fielddata evictions
- pri.fielddata.evictions string
  
  fielddata evictions
- query_cache.memory_size string
  
  used query cache
- pri.query_cache.memory_size string
  
  used query cache
- query_cache.evictions string
  
  query cache evictions
- pri.query_cache.evictions string
  
  query cache evictions
- request_cache.memory_size string
  
  used request cache
- pri.request_cache.memory_size string
  
  used request cache
- request_cache.evictions string
  
  request cache evictions
- pri.request_cache.evictions string
  
  request cache evictions
- request_cache.hit_count string
  
  request cache hit count
- pri.request_cache.hit_count string
  
  request cache hit count
- request_cache.miss_count string
  
  request cache miss count
- pri.request_cache.miss_count string
  
  request cache miss count
- flush.total string
  
  number of flushes
- pri.flush.total string
  
  number of flushes
- flush.total_time string
  
  time spent in flush
- pri.flush.total_time string
  
  time spent in flush
- get.current string
  
  number of current get ops
- pri.get.current string
  
  number of current get ops
- get.time string
  
  time spent in get
- pri.get.time string
  
  time spent in get
- get.total string
  
  number of get ops
- pri.get.total string
  
  number of get ops
- get.exists_time string
  
  time spent in successful gets
- pri.get.exists_time string
  
  time spent in successful gets
- get.exists_total string
  
  number of successful gets
- pri.get.exists_total string
  
  number of successful gets
- get.missing_time string
  
  time spent in failed gets
- pri.get.missing_time string
  
  time spent in failed gets
- get.missing_total string
  
  number of failed gets
- pri.get.missing_total string
  
  number of failed gets
- indexing.delete_current string
  
  number of current deletions
- pri.indexing.delete_current string
  
  number of current deletions
- indexing.delete_time string
  
  time spent in deletions
- pri.indexing.delete_time string
  
  time spent in deletions
- indexing.delete_total string
  
  number of delete ops
- pri.indexing.delete_total string
  
  number of delete ops
- indexing.index_current string
  
  number of current indexing ops
- pri.indexing.index_current string
  
  number of current indexing ops
- indexing.index_time string
  
  time spent in indexing
- pri.indexing.index_time string
  
  time spent in indexing
- indexing.index_total string
  
  number of indexing ops
- pri.indexing.index_total string
  
  number of indexing ops
- indexing.index_failed string
  
  number of failed indexing ops
- pri.indexing.index_failed string
  
  number of failed indexing ops
- merges.current string
  
  number of current merges
- pri.merges.current string
  
  number of current merges
- merges.current_docs string
  
  number of current merging docs
- pri.merges.current_docs string
  
  number of current merging docs
- merges.current_size string
  
  size of current merges
- pri.merges.current_size string
  
  size of current merges
- merges.total string
  
  number of completed merge ops
- pri.merges.total string
  
  number of completed merge ops
- merges.total_docs string
  
  docs merged
- pri.merges.total_docs string
  
  docs merged
- merges.total_size string
  
  size merged
- pri.merges.total_size string
  
  size merged
- merges.total_time string
  
  time spent in merges
- pri.merges.total_time string
  
  time spent in merges
- refresh.total string
  
  total refreshes
- pri.refresh.total string
  
  total refreshes
- refresh.time string
  
  time spent in refreshes
- pri.refresh.time string
  
  time spent in refreshes
- refresh.external_total string
  
  total external refreshes
- pri.refresh.external_total string
  
  total external refreshes
- refresh.external_time string
  
  time spent in external refreshes
- pri.refresh.external_time string
  
  time spent in external refreshes
- refresh.listeners string
  
  number of pending refresh listeners
- pri.refresh.listeners string
  
  number of pending refresh listeners
- search.fetch_current string
  
  current fetch phase ops
- pri.search.fetch_current string
  
  current fetch phase ops
- search.fetch_time string
  
  time spent in fetch phase
- pri.search.fetch_time string
  
  time spent in fetch phase
- search.fetch_total string
  
  total fetch ops
- pri.search.fetch_total string
  
  total fetch ops
- search.open_contexts string
  
  open search contexts
- pri.search.open_contexts string
  
  open search contexts
- search.query_current string
  
  current query phase ops
- pri.search.query_current string
  
  current query phase ops
- search.query_time string
  
  time spent in query phase
- pri.search.query_time string
  
  time spent in query phase
- search.query_total string
  
  total query phase ops
- pri.search.query_total string
  
  total query phase ops
- search.scroll_current string
  
  open scroll contexts
- pri.search.scroll_current string
  
  open scroll contexts
- search.scroll_time string
  
  time scroll contexts held open
- pri.search.scroll_time string
  
  time scroll contexts held open
- search.scroll_total string
  
  completed scroll contexts
- pri.search.scroll_total string
  
  completed scroll contexts
- segments.count string
  
  number of segments
- pri.segments.count string
  
  number of segments
- segments.memory string
  
  memory used by segments
- pri.segments.memory string
  
  memory used by segments
- segments.index_writer_memory string
  
  memory used by index writer
- pri.segments.index_writer_memory string
  
  memory used by index writer
- segments.version_map_memory string
  
  memory used by version map
- pri.segments.version_map_memory string
  
  memory used by version map
- segments.fixed_bitset_memory string
  
  memory used by fixed bit sets for nested object field types and export type filters for types referred in _parent fields
- pri.segments.fixed_bitset_memory string
  
  memory used by fixed bit sets for nested object field types and export type filters for types referred in _parent fields
- warmer.current string
  
  current warmer ops
- pri.warmer.current string
  
  current warmer ops
- warmer.total string
  
  total warmer ops
- pri.warmer.total string
  
  total warmer ops
- warmer.total_time string
  
  time spent in warmers
- pri.warmer.total_time string
  
  time spent in warmers
- suggest.current string
  
  number of current suggest ops
- pri.suggest.current string
  
  number of current suggest ops
- suggest.time string
  
  time spend in suggest
- pri.suggest.time string
  
  time spend in suggest
- suggest.total string
  
  number of suggest ops
- pri.suggest.total string
  
  number of suggest ops
- memory.total string
  
  total used memory
- pri.memory.total string
  
  total user memory
- search.throttled string
  
  indicates if the index is search throttled
- bulk.total_operations string
  
  number of bulk shard ops
- pri.bulk.total_operations string
  
  number of bulk shard ops
- bulk.total_time string
  
  time spend in shard bulk
- pri.bulk.total_time string
  
  time spend in shard bulk
- bulk.total_size_in_bytes string
  
  total size in bytes of shard bulk
- pri.bulk.total_size_in_bytes string
  
  total size in bytes of shard bulk
- bulk.avg_time string
  
  average time spend in shard bulk
- pri.bulk.avg_time string
  
  average time spend in shard bulk
- bulk.avg_size_in_bytes string
  
  average size in bytes of shard bulk
- pri.bulk.avg_size_in_bytes string
  
  average size in bytes of shard bulk

GET /_cat/indices/{index}

GET /_cat/indices/my-index-*?v=true&s=index&format=json

resp = client.cat.indices(
    index="my-index-*",
    v=True,
    s="index",
    format="json",
)

const response = await client.cat.indices({
  index: "my-index-*",
  v: "true",
  s: "index",
  format: "json",
});

response = client.cat.indices(
  index: "my-index-*",
  v: "true",
  s: "index",
  format: "json"
)

$resp = $client->cat()->indices([
    "index" => "my-index-*",
    "v" => "true",
    "s" => "index",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/indices/my-index-*?v=true&s=index&format=json"

client.cat().indices();

Response examples (200)

A successful response from `GET /_cat/indices/my-index-*?v=true&s=index&format=json`.

[
  {
    "health": "yellow",
    "status": "open",
    "index": "my-index-000001",
    "uuid": "u8FNjxh8Rfy_awN11oDKYQ",
    "pri": "1",
    "rep": "1",
    "docs.count": "1200",
    "docs.deleted": "0",
    "store.size": "88.1kb",
    "pri.store.size": "88.1kb",
    "dataset.size": "88.1kb"
  },
  {
    "health": "green",
    "status": "open",
    "index": "my-index-000002",
    "uuid": "nYFWZEO7TUiOjLQXBaYJpA ",
    "pri": "1",
    "rep": "0",
    "docs.count": "0",
    "docs.deleted": "0",
    "store.size": "260b",
    "pri.store.size": "260b",
    "dataset.size": "260b"
  }
]

Get data frame analytics jobs Generally available; Added in 7.7.0

GET /_cat/ml/data_frame/analytics/{id}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/ml/data_frame/analytics

GET /_cat/ml/data_frame/analytics/{id}

Get configuration and usage information about data frame analytics jobs.

IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get data frame analytics jobs statistics API.

Required authorization

Cluster privileges: monitor_ml

Path parameters

id string Required

The ID of the data frame analytics to fetch

Query parameters

allow_no_match boolean

Whether to ignore if a wildcard expression matches no configs. (This includes _all string or when no configs have been specified.)
h string | array[string]
Comma-separated list of column names to display.

Supported values include:
- assignment_explanation (or ae): Contains messages relating to the selection of a node.
- create_time (or ct, createTime): The time when the data frame analytics job was created.
- description (or d): A description of a job.
- dest_index (or di, destIndex): Name of the destination index.
- failure_reason (or fr, failureReason): Contains messages about the reason why a data frame analytics job failed.
- id: Identifier for the data frame analytics job.
- model_memory_limit (or mml, modelMemoryLimit): The approximate maximum amount of memory resources that are permitted for the data frame analytics job.
- node.address (or na, nodeAddress): The network address of the node that the data frame analytics job is assigned to.
- node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that the data frame analytics job is assigned to.
- node.id (or ni, nodeId): The unique identifier of the node that the data frame analytics job is assigned to.
- node.name (or nn, nodeName): The name of the node that the data frame analytics job is assigned to.
- progress (or p): The progress report of the data frame analytics job by phase.
- source_index (or si, sourceIndex): Name of the source index.
- state (or s): Current state of the data frame analytics job.
- type (or t): The type of analysis that the data frame analytics job performs.
- version (or v): The Elasticsearch version number in which the data frame analytics job was created.
s string | array[string]
Comma-separated list of column names or column aliases used to sort the response.

Supported values include:
- assignment_explanation (or ae): Contains messages relating to the selection of a node.
- create_time (or ct, createTime): The time when the data frame analytics job was created.
- description (or d): A description of a job.
- dest_index (or di, destIndex): Name of the destination index.
- failure_reason (or fr, failureReason): Contains messages about the reason why a data frame analytics job failed.
- id: Identifier for the data frame analytics job.
- model_memory_limit (or mml, modelMemoryLimit): The approximate maximum amount of memory resources that are permitted for the data frame analytics job.
- node.address (or na, nodeAddress): The network address of the node that the data frame analytics job is assigned to.
- node.ephemeral_id (or ne, nodeEphemeralId): The ephemeral ID of the node that the data frame analytics job is assigned to.
- node.id (or ni, nodeId): The unique identifier of the node that the data frame analytics job is assigned to.
- node.name (or nn, nodeName): The name of the node that the data frame analytics job is assigned to.
- progress (or p): The progress report of the data frame analytics job by phase.
- source_index (or si, sourceIndex): Name of the source index.
- state (or s): Current state of the data frame analytics job.
- type (or t): The type of analysis that the data frame analytics job performs.
- version (or v): The Elasticsearch version number in which the data frame analytics job was created.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The identifier for the job.
- type string
  
  The type of analysis that the job performs.
- create_time string
  
  The time when the job was created.
- version string
  
  The version of Elasticsearch when the job was created.
- source_index string
  
  The name of the source index.
- dest_index string
  
  The name of the destination index.
- description string
  
  A description of the job.
- model_memory_limit string
  
  The approximate maximum amount of memory resources that are permitted for the job.
- state string
  
  The current status of the job.
- failure_reason string
  
  Messages about the reason why the job failed.
- progress string
  
  The progress report for the job by phase.
- assignment_explanation string
  
  Messages related to the selection of a node.
- node.id string
  
  The unique identifier of the assigned node.
- node.name string
  
  The name of the assigned node.
- node.ephemeral_id string
  
  The ephemeral identifier of the assigned node.
- node.address string
  
  The network address of the assigned node.

GET /_cat/ml/data_frame/analytics/{id}

GET _cat/ml/data_frame/analytics?v=true&format=json

resp = client.cat.ml_data_frame_analytics(
    v=True,
    format="json",
)

const response = await client.cat.mlDataFrameAnalytics({
  v: "true",
  format: "json",
});

response = client.cat.ml_data_frame_analytics(
  v: "true",
  format: "json"
)

$resp = $client->cat()->mlDataFrameAnalytics([
    "v" => "true",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/ml/data_frame/analytics?v=true&format=json"

client.cat().mlDataFrameAnalytics();

Response examples (200)

A successful response from `GET _cat/ml/data_frame/analytics?v=true&format=json`.

[
  {
    "id": "classifier_job_1",
    "type": "classification",
    "create_time": "2020-02-12T11:49:09.594Z",
    "state": "stopped"
  },
    {
    "id": "classifier_job_2",
    "type": "classification",
    "create_time": "2020-02-12T11:49:14.479Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_3",
    "type": "classification",
    "create_time": "2020-02-12T11:49:16.928Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_4",
    "type": "classification",
    "create_time": "2020-02-12T11:49:19.127Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_5",
    "type": "classification",
    "create_time": "2020-02-12T11:49:21.349Z",
    "state": "stopped"
  }
]

Get pending task information Generally available

GET /_cat/pending_tasks

Api key auth Basic auth Bearer auth

Get information about cluster-level changes that have not yet taken effect. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the pending cluster tasks API.

Required authorization

Cluster privileges: monitor

Query parameters

h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- insertOrder string
  
  The task insertion order.
- timeInQueue string
  
  Indicates how long the task has been in queue.
- priority string
  
  The task priority.
- source string
  
  The task source.

GET /_cat/pending_tasks

GET /_cat/pending_tasks?v=trueh=insertOrder,timeInQueue,priority,source&format=json

resp = client.cat.pending_tasks(
    v="trueh=insertOrder,timeInQueue,priority,source",
    format="json",
)

const response = await client.cat.pendingTasks({
  v: "trueh=insertOrder,timeInQueue,priority,source",
  format: "json",
});

response = client.cat.pending_tasks(
  v: "trueh=insertOrder,timeInQueue,priority,source",
  format: "json"
)

$resp = $client->cat()->pendingTasks([
    "v" => "trueh=insertOrder,timeInQueue,priority,source",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/pending_tasks?v=trueh=insertOrder,timeInQueue,priority,source&format=json"

client.cat().pendingTasks();

Response examples (200)

A successful response from `GET /_cat/pending_tasks?v=trueh=insertOrder,timeInQueue,priority,source&format=json`.

[
  { "insertOrder": "1685", "timeInQueue": "855ms", "priority": "HIGH", "source": "update-mapping [foo][t]"},
    { "insertOrder": "1686", "timeInQueue": "843ms", "priority": "HIGH", "source": "update-mapping [foo][t]"},
    { "insertOrder": "1693", "timeInQueue": "753ms", "priority": "HIGH", "source": "refresh-mapping [foo][[t]]"},
    { "insertOrder": "1688", "timeInQueue": "816ms", "priority": "HIGH", "source": "update-mapping [foo][t]"},
    { "insertOrder": "1689", "timeInQueue": "802ms", "priority": "HIGH", "source": "update-mapping [foo][t]"},
    { "insertOrder": "1690", "timeInQueue": "787ms", "priority": "HIGH", "source": "update-mapping [foo][t]"},
    { "insertOrder": "1691", "timeInQueue": "773ms", "priority": "HIGH", "source": "update-mapping [foo][t]"}
]

Get plugin information Generally available

GET /_cat/plugins

Api key auth Basic auth Bearer auth

Get a list of plugins running on each node of a cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the nodes info API.

Required authorization

Cluster privileges: monitor

Query parameters

h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
include_bootstrap boolean

Include bootstrap plugins in the response
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The unique node identifier.
- name string
  
  The node name.
- component string
  
  The component name.
- version string
  
  The component version.
- description string
  
  The plugin details.
- type string
  
  The plugin type.

GET /_cat/plugins

GET /_cat/plugins?v=true&s=component&h=name,component,version,description&format=json

resp = client.cat.plugins(
    v=True,
    s="component",
    h="name,component,version,description",
    format="json",
)

const response = await client.cat.plugins({
  v: "true",
  s: "component",
  h: "name,component,version,description",
  format: "json",
});

response = client.cat.plugins(
  v: "true",
  s: "component",
  h: "name,component,version,description",
  format: "json"
)

$resp = $client->cat()->plugins([
    "v" => "true",
    "s" => "component",
    "h" => "name,component,version,description",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/plugins?v=true&s=component&h=name,component,version,description&format=json"

client.cat().plugins();

Response examples (200)

A successful response from `GET /_cat/plugins?v=true&s=component&h=name,component,version,description&format=json`.

[
  { "name": "U7321H6", "component": "analysis-icu", "version": "8.17.0", "description": "The ICU Analysis plugin integrates the Lucene ICU module into Elasticsearch, adding ICU-related analysis components."},
  {"name": "U7321H6", "component": "analysis-kuromoji",   "verison":  "8.17.0", description: "The Japanese (kuromoji) Analysis plugin integrates Lucene kuromoji analysis module into elasticsearch."},
  {"name" "U7321H6", "component": "analysis-nori", "version":         "8.17.0", "description": "The Korean (nori) Analysis plugin integrates Lucene nori analysis module into elasticsearch."},
  {"name": "U7321H6", "component": "analysis-phonetic",   "verison":  "8.17.0", "description": "The Phonetic Analysis plugin integrates phonetic token filter analysis with elasticsearch."},
  {"name": "U7321H6", "component": "analysis-smartcn",   "verison":  "8.17.0", "description": "Smart Chinese Analysis plugin integrates Lucene Smart Chinese analysis module into elasticsearch."},
  {"name": "U7321H6", "component": "analysis-stempel",   "verison":  "8.17.0", "description": "The Stempel (Polish) Analysis plugin integrates Lucene stempel (polish) analysis module into elasticsearch."},
  {"name": "U7321H6", "component": "analysis-ukrainian",   "verison":  "8.17.0", "description": "The Ukrainian Analysis plugin integrates the Lucene UkrainianMorfologikAnalyzer into elasticsearch."},
  {"name": "U7321H6", "component": "discovery-azure-classic",   "verison":  "8.17.0", "description": "The Azure Classic Discovery plugin allows to use Azure Classic API for the unicast discovery mechanism"},
  {"name": "U7321H6", "component": "discovery-ec2",   "verison":  "8.17.0", "description": "The EC2 discovery plugin allows to use AWS API for the unicast discovery mechanism."},
  {"name": "U7321H6", "component": "discovery-gce",   "verison":  "8.17.0", "description": "The Google Compute Engine (GCE) Discovery plugin allows to use GCE API for the unicast discovery mechanism."},
  {"name": "U7321H6", "component": "mapper-annotated-text",   "verison":  "8.17.0", "description": "The Mapper Annotated_text plugin adds support for text fields with markup used to inject annotation tokens into the index."},
  {"name": "U7321H6", "component": "mapper-murmur3",   "verison":  "8.17.0", "description": "The Mapper Murmur3 plugin allows to compute hashes of a field's values at index-time and to store them in the index."},
  {"name": "U7321H6", "component": "mapper-size",   "verison":  "8.17.0", "description": "The Mapper Size plugin allows document to record their uncompressed size at index time."},
  {"name": "U7321H6", "component": "store-smb",   "verison":  "8.17.0", "description": "The Store SMB plugin adds support for SMB stores."}
]

Get segment information Generally available

GET /_cat/segments/{index}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/segments

GET /_cat/segments/{index}

Get low-level information about the Lucene segments in index shards. For data streams, the API returns information about the backing indices. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the index segments API.

Required authorization

Index privileges: monitor
Cluster privileges: monitor

Path parameters

index string | array[string] Required

A comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.

Query parameters

h string | array[string]
A comma-separated list of columns names to display. It supports simple wildcards.

Supported values include:
- index (or i, idx): The name of the index.
- shard (or s, sh): The name of the shard.
- prirep (or p, pr, primaryOrReplica): The shard type. Returned values are 'primary' or 'replica'.
- ip: IP address of the segment’s shard, such as '127.0.1.1'.
- segment: The name of the segment, such as '_0'. The segment name is derived from the segment generation and used internally to create file names in the directory of the shard.
- generation: Generation number, such as '0'. Elasticsearch increments this generation number for each segment written. Elasticsearch then uses this number to derive the segment name.
- docs.count: The number of documents as reported by Lucene. This excludes deleted documents and counts any nested documents separately from their parents. It also excludes documents which were indexed recently and do not yet belong to a segment.
- docs.deleted: The number of deleted documents as reported by Lucene, which may be higher or lower than the number of delete operations you have performed. This number excludes deletes that were performed recently and do not yet belong to a segment. Deleted documents are cleaned up by the automatic merge process if it makes sense to do so. Also, Elasticsearch creates extra deleted documents to internally track the recent history of operations on a shard.
- size: The disk space used by the segment, such as '50kb'.
- size.memory: The bytes of segment data stored in memory for efficient search, such as '1264'. A value of '-1' indicates Elasticsearch was unable to compute this number.
- committed: If 'true', the segments is synced to disk. Segments that are synced can survive a hard reboot. If 'false', the data from uncommitted segments is also stored in the transaction log so that Elasticsearch is able to replay changes on the next start.
- searchable: If 'true', the segment is searchable. If 'false', the segment has most likely been written to disk but needs a refresh to be searchable.
- version: The version of Lucene used to write the segment.
- compound: If 'true', the segment is stored in a compound file. This means Lucene merged all files from the segment in a single file to save file descriptors.
- id: The ID of the node, such as 'k0zy'.
Values are index, i, idx, shard, s, sh, prirep, p, pr, primaryOrReplica, ip, segment, generation, docs.count, docs.deleted, size, size.memory, committed, searchable, version, compound, or id.
s string | array[string]

A comma-separated list of column names or aliases that determines the sort order. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- index string
  
  The index name.
- shard string
  
  The shard name.
- prirep string
  
  The shard type: primary or replica.
- ip string
  
  The IP address of the node where it lives.
- id string
  
  The unique identifier of the node where it lives.
- segment string
  
  The segment name, which is derived from the segment generation and used internally to create file names in the directory of the shard.
- generation string
  
  The segment generation number. Elasticsearch increments this generation number for each segment written then uses this number to derive the segment name.
- docs.count string
  
  The number of documents in the segment. This excludes deleted documents and counts any nested documents separately from their parents. It also excludes documents which were indexed recently and do not yet belong to a segment.
- docs.deleted string
  
  The number of deleted documents in the segment, which might be higher or lower than the number of delete operations you have performed. This number excludes deletes that were performed recently and do not yet belong to a segment. Deleted documents are cleaned up by the automatic merge process if it makes sense to do so. Also, Elasticsearch creates extra deleted documents to internally track the recent history of operations on a shard.
- size number | string
  
  The segment size in bytes.
  
  One of:
  number-1 number string-2 string
  
  The segment size in bytes.
- size.memory number | string
  
  The segment memory in bytes. A value of -1 indicates Elasticsearch was unable to compute this number.
  
  One of:
  number-1 number string-2 string
  
  The segment memory in bytes. A value of -1 indicates Elasticsearch was unable to compute this number.
- committed string
  
  If true, the segment is synced to disk. Segments that are synced can survive a hard reboot. If false, the data from uncommitted segments is also stored in the transaction log so that Elasticsearch is able to replay changes on the next start.
- searchable string
  
  If true, the segment is searchable. If false, the segment has most likely been written to disk but needs a refresh to be searchable.
- version string
  
  The version of Lucene used to write the segment.
- compound string
  
  If true, the segment is stored in a compound file. This means Lucene merged all files from the segment in a single file to save file descriptors.

GET /_cat/segments/{index}

GET /_cat/segments?v=true&format=json

resp = client.cat.segments(
    v=True,
    format="json",
)

const response = await client.cat.segments({
  v: "true",
  format: "json",
});

response = client.cat.segments(
  v: "true",
  format: "json"
)

$resp = $client->cat()->segments([
    "v" => "true",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/segments?v=true&format=json"

client.cat().segments();

Response examples (200)

A successful response from `GET /_cat/segments?v=true&format=json`.

[
  {
    "index": "test",
    "shard": "0",
    "prirep": "p",
    "ip": "127.0.0.1",
    "segment": "_0",
    "generation": "0",
    "docs.count": "1",
    "docs.deleted": "0",
    "size": "3kb",
    "size.memory": "0",
    "committed": "false",
    "searchable": "true",
    "version": "9.12.0",
    "compound": "true"
  },
  {
    "index": "test1",
    "shard": "0",
    "prirep": "p",
    "ip": "127.0.0.1",
    "segment": "_0",
    "generation": "0",
    "docs.count": "1",
    "docs.deleted": "0",
    "size": "3kb",
    "size.memory": "0",
    "committed": "false",
    "searchable": "true",
    "version": "9.12.0",
    "compound": "true"
  }
]

Get snapshot information Generally available; Added in 2.1.0

GET /_cat/snapshots/{repository}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/snapshots

GET /_cat/snapshots/{repository}

Get information about the snapshots stored in one or more repositories. A snapshot is a backup of an index or running Elasticsearch cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the get snapshot API.

Required authorization

Cluster privileges: monitor_snapshot

Path parameters

repository string | array[string] Required

A comma-separated list of snapshot repositories used to limit the request. Accepts wildcard expressions. _all returns all repositories. If any repository fails during the request, Elasticsearch returns an error.

Query parameters

ignore_unavailable boolean

If true, the response does not include information from unavailable snapshots.
h string | array[string]
A comma-separated list of columns names to display. It supports simple wildcards.

Supported values include:
- id (or snapshot): The ID of the snapshot, such as 'snap1'.
- repository (or re, repo): The name of the repository, such as 'repo1'.
- status (or s): State of the snapshot process. Returned values are: 'FAILED': The snapshot process failed. 'INCOMPATIBLE': The snapshot process is incompatible with the current cluster version. 'IN_PROGRESS': The snapshot process started but has not completed. 'PARTIAL': The snapshot process completed with a partial success. 'SUCCESS': The snapshot process completed with a full success.
- start_epoch (or ste, startEpoch): The unix epoch time at which the snapshot process started.
- start_time (or sti, startTime): 'HH:MM:SS' time at which the snapshot process started.
- end_epoch (or ete, endEpoch): The unix epoch time at which the snapshot process ended.
- end_time (or eti, endTime): 'HH:MM:SS' time at which the snapshot process ended.
- duration (or dur): The time it took the snapshot process to complete in time units.
- indices (or i): The number of indices in the snapshot.
- successful_shards (or ss): The number of successful shards in the snapshot.
- failed_shards (or fs): The number of failed shards in the snapshot.
- total_shards (or ts): The total number of shards in the snapshot.
- reason (or r): The reason for any snapshot failures.
Values are id, snapshot, repository, re, repo, status, s, start_epoch, ste, startEpoch, start_time, sti, startTime, end_epoch, ete, endEpoch, end_time, eti, endTime, duration, dur, indices, i, successful_shards, ss, failed_shards, fs, total_shards, ts, reason, or r.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The unique identifier for the snapshot.
- repository string
  
  The repository name.
- status string
  
  The state of the snapshot process. Returned values include: FAILED: The snapshot process failed. INCOMPATIBLE: The snapshot process is incompatible with the current cluster version. IN_PROGRESS: The snapshot process started but has not completed. PARTIAL: The snapshot process completed with a partial success. SUCCESS: The snapshot process completed with a full success.
- start_epoch number | string
  
  The Unix epoch time (seconds since 1970-01-01 00:00:00) at which the snapshot process started.
  
  One of:
  UnitSeconds number string-2 string
  
  The Unix epoch time (seconds since 1970-01-01 00:00:00) at which the snapshot process started.
- start_time string | object
  
  The time (HH:MM:SS) at which the snapshot process started.
  
  One of:
  string-1 string HourAndMinute object
  
  The time (HH:MM:SS) at which the snapshot process started.
- end_epoch number | string
  
  The Unix epoch time (seconds since 1970-01-01 00:00:00) at which the snapshot process ended.
  
  One of:
  UnitSeconds number string-2 string
  
  The Unix epoch time (seconds since 1970-01-01 00:00:00) at which the snapshot process ended.
- end_time string
  
  The time (HH:MM:SS) at which the snapshot process ended.
- duration string
  
  The time it took the snapshot process to complete, in time units.
  
  External documentation
- indices string
  
  The number of indices in the snapshot.
- successful_shards string
  
  The number of successful shards in the snapshot.
- failed_shards string
  
  The number of failed shards in the snapshot.
- total_shards string
  
  The total number of shards in the snapshot.
- reason string
  
  The reason for any snapshot failures.

GET /_cat/snapshots/{repository}

GET /_cat/snapshots/repo1?v=true&s=id&format=json

resp = client.cat.snapshots(
    repository="repo1",
    v=True,
    s="id",
    format="json",
)

const response = await client.cat.snapshots({
  repository: "repo1",
  v: "true",
  s: "id",
  format: "json",
});

response = client.cat.snapshots(
  repository: "repo1",
  v: "true",
  s: "id",
  format: "json"
)

$resp = $client->cat()->snapshots([
    "repository" => "repo1",
    "v" => "true",
    "s" => "id",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/snapshots/repo1?v=true&s=id&format=json"

client.cat().snapshots();

Response examples (200)

A successful response from `GET /_cat/snapshots/repo1?v=true&s=id&format=json`.

[
  {
    "id": "snap1",
    "repository": "repo1",
    "status": "FAILED",
    "start_epoch": "1445616705",
    "start_time": "18:11:45",
    "end_epoch": "1445616978",
    "end_time": "18:16:18",
    "duration": "4.6m",
    "indices": "1",
    "successful_shards": "4",
    "failed_shards": "1",
    "total_shards": "5"
  },
  {
    "id": "snap2",
    "repository": "repo1",
    "status": "SUCCESS",
    "start_epoch": "1445634298",
    "start_time": "23:04:58",
    "end_epoch": "1445634672",
    "end_time": "23:11:12",
    "duration": "6.2m",
    "indices": "2",
    "successful_shards": "10",
    "failed_shards": "0",
    "total_shards": "10"
  }
]

Get thread pool statistics Generally available

GET /_cat/thread_pool/{thread_pool_patterns}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/thread_pool

GET /_cat/thread_pool/{thread_pool_patterns}

Get thread pool statistics for each node in a cluster. Returned information includes all built-in thread pools and custom thread pools. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the nodes info API.

Required authorization

Cluster privileges: monitor

Path parameters

thread_pool_patterns string | array[string] Required

A comma-separated list of thread pool names used to limit the request. Accepts wildcard expressions.

Query parameters

h string | array[string]
List of columns to appear in the response. Supports simple wildcards.

Supported values include:
- active (or a): Number of active threads in the current thread pool.
- completed (or c): Number of tasks completed by the thread pool executor.
- core (or cr): Configured core number of active threads allowed in the current thread pool.
- ephemeral_id (or eid): Ephemeral node ID.
- host (or h): Hostname for the current node.
- ip (or i): IP address for the current node.
- keep_alive (or k): Configured keep alive time for threads.
- largest (or l): Highest number of active threads in the current thread pool.
- max (or mx): Configured maximum number of active threads allowed in the current thread pool.
- name: Name of the thread pool, such as analyze or generic.
- node_id (or id): ID of the node, such as k0zy.
- node_name: Node name, such as I8hydUG.
- pid (or p): Process ID of the running node.
- pool_size (or psz): Number of threads in the current thread pool.
- port (or po): Bound transport port for the current node.
- queue (or q): Number of tasks in the queue for the current thread pool.
- queue_size (or qs): Maximum number of tasks permitted in the queue for the current thread pool.
- rejected (or r): Number of tasks rejected by the thread pool executor.
- size (or sz): Configured fixed number of active threads allowed in the current thread pool.
- type (or t): Type of thread pool. Returned values are fixed, fixed_auto_queue_size, direct, or scaling.
Values are active, a, completed, c, core, cr, ephemeral_id, eid, host, h, ip, i, keep_alive, k, largest, l, max, mx, name, node_id, id, node_name, pid, p, pool_size, psz, port, po, queue, q, queue_size, qs, rejected, r, size, sz, type, or t.
s string | array[string]

A comma-separated list of column names or aliases that determines the sort order. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

The period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- node_name string
  
  The node name.
- node_id string
  
  The persistent node identifier.
- ephemeral_node_id string
  
  The ephemeral node identifier.
- pid string
  
  The process identifier.
- host string
  
  The host name for the current node.
- ip string
  
  The IP address for the current node.
- port string
  
  The bound transport port for the current node.
- name string
  
  The thread pool name.
- type string
  
  The thread pool type. Returned values include fixed, fixed_auto_queue_size, direct, and scaling.
- active string
  
  The number of active threads in the current thread pool.
- pool_size string
  
  The number of threads in the current thread pool.
- queue string
  
  The number of tasks currently in queue.
- queue_size string
  
  The maximum number of tasks permitted in the queue.
- rejected string
  
  The number of rejected tasks.
- largest string
  
  The highest number of active threads in the current thread pool.
- completed string
  
  The number of completed tasks.
- core string | null
  
  The core number of active threads allowed in a scaling thread pool.
  
  One of:
  string-1 string string-2 string | null
- max string | null
  
  The maximum number of active threads allowed in a scaling thread pool.
  
  One of:
  string-1 string string-2 string | null
- size string | null
  
  The number of active threads allowed in a fixed thread pool.
  
  One of:
  string-1 string string-2 string | null
- keep_alive string | null
  
  The thread keep alive time.
  
  One of:
  string-1 string string-2 string | null

GET /_cat/thread_pool/{thread_pool_patterns}

GET /_cat/thread_pool?format=json

resp = client.cat.thread_pool(
    format="json",
)

const response = await client.cat.threadPool({
  format: "json",
});

response = client.cat.thread_pool(
  format: "json"
)

$resp = $client->cat()->threadPool([
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/thread_pool?format=json"

client.cat().threadPool();

Response examples (200)

A successful response from `GET /_cat/thread_pool?format=json`.

[
  {
    "node_name": "node-0",
    "name": "analyze",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "fetch_shard_started",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "fetch_shard_store",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "flush",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "write",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  }
]

A successful response from `GET /_cat/thread_pool/generic?v=true&h=id,name,active,rejected,completed&format=json`. It returns the `id`, `name`, `active`, `rejected`, and `completed` columns. It also limits returned information to the generic thread pool.

[
  {
    "id": "0EWUhXeBQtaVGlexUeVwMg",
    "name": "generic",
    "active": "0",
    "rejected": "0",
    "completed": "70"
  }
]

Get transform information Generally available; Added in 7.7.0

GET /_cat/transforms/{transform_id}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cat/transforms

GET /_cat/transforms/{transform_id}

Get configuration and usage information about transforms.

CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get transform statistics API.

Required authorization

Cluster privileges: monitor_transform

Path parameters

transform_id string Required

A transform identifier or a wildcard expression. If you do not specify one of these options, the API returns information for all transforms.

Query parameters

allow_no_match boolean

Specifies what to do when the request: contains wildcard expressions and there are no transforms that match; contains the _all string or no identifiers and there are no matches; contains wildcard expressions and there are only partial matches. If true, it returns an empty transforms array when there are no matches and the subset of results when there are partial matches. If false, the request returns a 404 status code when there are no matches or only partial matches.
from number

Skips the specified number of transforms.
h string | array[string]
Comma-separated list of column names to display.

Supported values include:
- changes_last_detection_time (or cldt): The timestamp when changes were last detected in the source indices.
- checkpoint (or cp): The sequence number for the checkpoint.
- checkpoint_duration_time_exp_avg (or cdtea, checkpointTimeExpAvg): Exponential moving average of the duration of the checkpoint, in milliseconds.
- checkpoint_progress (or c, checkpointProgress): The progress of the next checkpoint that is currently in progress.
- create_time (or ct, createTime): The time the transform was created.
- delete_time (or dtime): The amount of time spent deleting, in milliseconds.
- description (or d): The description of the transform.
- dest_index (or di, destIndex): The destination index for the transform. The mappings of the destination index are deduced based on the source fields when possible. If alternate mappings are required, use the Create index API prior to starting the transform.
- documents_deleted (or docd): The number of documents that have been deleted from the destination index due to the retention policy for this transform.
- documents_indexed (or doci): The number of documents that have been indexed into the destination index for the transform.
- docs_per_second (or dps): Specifies a limit on the number of input documents per second. This setting throttles the transform by adding a wait time between search requests. The default value is null, which disables throttling.
- documents_processed (or docp): The number of documents that have been processed from the source index of the transform.
- frequency (or f): The interval between checks for changes in the source indices when the transform is running continuously. Also determines the retry interval in the event of transient failures while the transform is searching or indexing. The minimum value is 1s and the maximum is 1h. The default value is 1m.
- id: Identifier for the transform.
- index_failure (or if): The number of indexing failures.
- index_time (or itime): The amount of time spent indexing, in milliseconds.
- index_total (or it): The number of index operations.
- indexed_documents_exp_avg (or idea): Exponential moving average of the number of new documents that have been indexed.
- last_search_time (or lst, lastSearchTime): The timestamp of the last search in the source indices. This field is only shown if the transform is running.
- max_page_search_size (or mpsz): Defines the initial page size to use for the composite aggregation for each checkpoint. If circuit breaker exceptions occur, the page size is dynamically adjusted to a lower value. The minimum value is 10 and the maximum is 65,536. The default value is 500.
- pages_processed (or pp): The number of search or bulk index operations processed. Documents are processed in batches instead of individually.
- pipeline (or p): The unique identifier for an ingest pipeline.
- processed_documents_exp_avg (or pdea): Exponential moving average of the number of documents that have been processed.
- processing_time (or pt): The amount of time spent processing results, in milliseconds.
- reason (or r): If a transform has a failed state, this property provides details about the reason for the failure.
- search_failure (or sf): The number of search failures.
- search_time (or stime): The amount of time spent searching, in milliseconds.
- search_total (or st): The number of search operations on the source index for the transform.
- source_index (or si, sourceIndex): The source indices for the transform. It can be a single index, an index pattern (for example, "my-index-*"), an array of indices (for example, ["my-index-000001", "my-index-000002"]), or an array of index patterns (for example, ["my-index-*", "my-other-index-*"]. For remote indices use the syntax "remote_name:index_name". If any indices are in remote clusters then the master node and at least one transform node must have the remote_cluster_client node role.
- state (or s): The status of the transform, which can be one of the following values:
  - aborting: The transform is aborting.
  - failed: The transform failed. For more information about the failure, check the reason field.
  - indexing: The transform is actively processing data and creating new documents.
  - started: The transform is running but not actively indexing data.
  - stopped: The transform is stopped.
  - stopping: The transform is stopping.
- transform_type (or tt): Indicates the type of transform: batch or continuous.
- trigger_count (or tc): The number of times the transform has been triggered by the scheduler. For example, the scheduler triggers the transform indexer to check for updates or ingest new data at an interval specified in the frequency property.
- version (or v): The version of Elasticsearch that existed on the node when the transform was created.
s string | array[string]
Comma-separated list of column names or column aliases used to sort the response.

Supported values include:
- changes_last_detection_time (or cldt): The timestamp when changes were last detected in the source indices.
- checkpoint (or cp): The sequence number for the checkpoint.
- checkpoint_duration_time_exp_avg (or cdtea, checkpointTimeExpAvg): Exponential moving average of the duration of the checkpoint, in milliseconds.
- checkpoint_progress (or c, checkpointProgress): The progress of the next checkpoint that is currently in progress.
- create_time (or ct, createTime): The time the transform was created.
- delete_time (or dtime): The amount of time spent deleting, in milliseconds.
- description (or d): The description of the transform.
- dest_index (or di, destIndex): The destination index for the transform. The mappings of the destination index are deduced based on the source fields when possible. If alternate mappings are required, use the Create index API prior to starting the transform.
- documents_deleted (or docd): The number of documents that have been deleted from the destination index due to the retention policy for this transform.
- documents_indexed (or doci): The number of documents that have been indexed into the destination index for the transform.
- docs_per_second (or dps): Specifies a limit on the number of input documents per second. This setting throttles the transform by adding a wait time between search requests. The default value is null, which disables throttling.
- documents_processed (or docp): The number of documents that have been processed from the source index of the transform.
- frequency (or f): The interval between checks for changes in the source indices when the transform is running continuously. Also determines the retry interval in the event of transient failures while the transform is searching or indexing. The minimum value is 1s and the maximum is 1h. The default value is 1m.
- id: Identifier for the transform.
- index_failure (or if): The number of indexing failures.
- index_time (or itime): The amount of time spent indexing, in milliseconds.
- index_total (or it): The number of index operations.
- indexed_documents_exp_avg (or idea): Exponential moving average of the number of new documents that have been indexed.
- last_search_time (or lst, lastSearchTime): The timestamp of the last search in the source indices. This field is only shown if the transform is running.
- max_page_search_size (or mpsz): Defines the initial page size to use for the composite aggregation for each checkpoint. If circuit breaker exceptions occur, the page size is dynamically adjusted to a lower value. The minimum value is 10 and the maximum is 65,536. The default value is 500.
- pages_processed (or pp): The number of search or bulk index operations processed. Documents are processed in batches instead of individually.
- pipeline (or p): The unique identifier for an ingest pipeline.
- processed_documents_exp_avg (or pdea): Exponential moving average of the number of documents that have been processed.
- processing_time (or pt): The amount of time spent processing results, in milliseconds.
- reason (or r): If a transform has a failed state, this property provides details about the reason for the failure.
- search_failure (or sf): The number of search failures.
- search_time (or stime): The amount of time spent searching, in milliseconds.
- search_total (or st): The number of search operations on the source index for the transform.
- source_index (or si, sourceIndex): The source indices for the transform. It can be a single index, an index pattern (for example, "my-index-*"), an array of indices (for example, ["my-index-000001", "my-index-000002"]), or an array of index patterns (for example, ["my-index-*", "my-other-index-*"]. For remote indices use the syntax "remote_name:index_name". If any indices are in remote clusters then the master node and at least one transform node must have the remote_cluster_client node role.
- state (or s): The status of the transform, which can be one of the following values:
  - aborting: The transform is aborting.
  - failed: The transform failed. For more information about the failure, check the reason field.
  - indexing: The transform is actively processing data and creating new documents.
  - started: The transform is running but not actively indexing data.
  - stopped: The transform is stopped.
  - stopping: The transform is stopping.
- transform_type (or tt): Indicates the type of transform: batch or continuous.
- trigger_count (or tc): The number of times the transform has been triggered by the scheduler. For example, the scheduler triggers the transform indexer to check for updates or ingest new data at an interval specified in the frequency property.
- version (or v): The version of Elasticsearch that existed on the node when the transform was created.
size number

The maximum number of transforms to obtain.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  The transform identifier.
- state string
  
  The status of the transform. Returned values include: aborting: The transform is aborting. failed: The transform failed. For more information about the failure, check thereasonfield.indexing: The transform is actively processing data and creating new documents.started: The transform is running but not actively indexing data.stopped: The transform is stopped.stopping`: The transform is stopping.
- checkpoint string
  
  The sequence number for the checkpoint.
- documents_processed string
  
  The number of documents that have been processed from the source index of the transform.
- checkpoint_progress string | null
  
  The progress of the next checkpoint that is currently in progress.
  
  One of:
  string-1 string string-2 string | null
- last_search_time string | null
  
  The timestamp of the last search in the source indices. This field is shown only if the transform is running.
  
  One of:
  string-1 string string-2 string | null
- changes_last_detection_time string | null
  
  The timestamp when changes were last detected in the source indices.
  
  One of:
  string-1 string string-2 string | null
- create_time string
  
  The time the transform was created.
- version string
  
  The version of Elasticsearch that existed on the node when the transform was created.
- source_index string
  
  The source indices for the transform.
- dest_index string
  
  The destination index for the transform.
- pipeline string
  
  The unique identifier for the ingest pipeline.
- description string
  
  The description of the transform.
- transform_type string
  
  The type of transform: batch or continuous.
- frequency string
  
  The interval between checks for changes in the source indices when the transform is running continuously.
- max_page_search_size string
  
  The initial page size that is used for the composite aggregation for each checkpoint.
- docs_per_second string
  
  The number of input documents per second.
- reason string
  
  If a transform has a failed state, these details describe the reason for failure.
- search_total string
  
  The total number of search operations on the source index for the transform.
- search_failure string
  
  The total number of search failures.
- search_time string
  
  The total amount of search time, in milliseconds.
- index_total string
  
  The total number of index operations done by the transform.
- index_failure string
  
  The total number of indexing failures.
- index_time string
  
  The total time spent indexing documents, in milliseconds.
- documents_indexed string
  
  The number of documents that have been indexed into the destination index for the transform.
- delete_time string
  
  The total time spent deleting documents, in milliseconds.
- documents_deleted string
  
  The number of documents deleted from the destination index due to the retention policy for the transform.
- trigger_count string
  
  The number of times the transform has been triggered by the scheduler. For example, the scheduler triggers the transform indexer to check for updates or ingest new data at an interval specified in the frequency property.
- pages_processed string
  
  The number of search or bulk index operations processed. Documents are processed in batches instead of individually.
- processing_time string
  
  The total time spent processing results, in milliseconds.
- checkpoint_duration_time_exp_avg string
  
  The exponential moving average of the duration of the checkpoint, in milliseconds.
- indexed_documents_exp_avg string
  
  The exponential moving average of the number of new documents that have been indexed.
- processed_documents_exp_avg string
  
  The exponential moving average of the number of documents that have been processed.

GET /_cat/transforms/{transform_id}

GET /_cat/transforms?v=true&format=json

resp = client.cat.transforms(
    v=True,
    format="json",
)

const response = await client.cat.transforms({
  v: "true",
  format: "json",
});

response = client.cat.transforms(
  v: "true",
  format: "json"
)

$resp = $client->cat()->transforms([
    "v" => "true",
    "format" => "json",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cat/transforms?v=true&format=json"

client.cat().transforms();

Response examples (200)

A successful response from `GET /_cat/transforms?v=true&format=json`.

[
  {
    "id" : "ecommerce_transform",
    "state" : "started",
    "checkpoint" : "1",
    "documents_processed" : "705",
    "checkpoint_progress" : "100.00",
    "changes_last_detection_time" : null
  }
]

Update the cluster settings Generally available

PUT /_cluster/settings

Api key auth Basic auth Bearer auth

Configure and update dynamic settings on a running cluster. You can also configure dynamic settings locally on an unstarted or shut down node in elasticsearch.yml.

Updates made with this API can be persistent, which apply across cluster restarts, or transient, which reset after a cluster restart. You can also reset transient or persistent settings by assigning them a null value.

If you configure the same setting using multiple methods, Elasticsearch applies the settings in following order of precedence: 1) Transient setting; 2) Persistent setting; 3) elasticsearch.yml setting; 4) Default setting value. For example, you can apply a transient setting to override a persistent setting or elasticsearch.yml setting. However, a change to an elasticsearch.yml setting will not override a defined transient or persistent setting.

TIP: In Elastic Cloud, use the user settings feature to configure all cluster settings. This method automatically rejects unsafe settings that could break your cluster. If you run Elasticsearch on your own hardware, use this API to configure dynamic cluster settings. Only use elasticsearch.yml for static cluster settings and node settings. The API doesn’t require a restart and ensures a setting’s value is the same on all nodes.

WARNING: Transient cluster settings are no longer recommended. Use persistent cluster settings instead. If a cluster becomes unstable, transient settings can clear unexpectedly, resulting in a potentially undesired cluster configuration.

External documentation

Query parameters

flat_settings boolean

Return settings in flat format (default: false)
master_timeout string

Explicit operation timeout for connection to master node

External documentation
timeout string

Explicit operation timeout

External documentation

application/json

Body Required

persistent object

The settings that persist after the cluster restarts.
Hide persistent attribute Show persistent attribute object
- * object Additional properties
transient object

The settings that do not persist after the cluster restarts.
Hide transient attribute Show transient attribute object
- * object Additional properties

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- persistent object Required
  
  Hide persistent attribute Show persistent attribute object
  
  * object Additional properties
- transient object Required
  
  Hide transient attribute Show transient attribute object
  
  * object Additional properties

PUT /_cluster/settings

PUT /_cluster/settings
{
  "persistent" : {
    "indices.recovery.max_bytes_per_sec" : "50mb"
  }
}

resp = client.cluster.put_settings(
    persistent={
        "indices.recovery.max_bytes_per_sec": "50mb"
    },
)

const response = await client.cluster.putSettings({
  persistent: {
    "indices.recovery.max_bytes_per_sec": "50mb",
  },
});

response = client.cluster.put_settings(
  body: {
    "persistent": {
      "indices.recovery.max_bytes_per_sec": "50mb"
    }
  }
)

$resp = $client->cluster()->putSettings([
    "body" => [
        "persistent" => [
            "indices.recovery.max_bytes_per_sec" => "50mb",
        ],
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"persistent":{"indices.recovery.max_bytes_per_sec":"50mb"}}' "$ELASTICSEARCH_URL/_cluster/settings"

client.cluster().putSettings(p -> p
    .persistent("indices.recovery.max_bytes_per_sec", JsonData.fromJson("\"50mb\""))
);

Request examples

An example of a persistent update.

{
  "persistent" : {
    "indices.recovery.max_bytes_per_sec" : "50mb"
  }
}

PUT `/_cluster/settings` to update the `action.auto_create_index` setting. The setting accepts a comma-separated list of patterns that you want to allow or you can prefix each pattern with `+` or `-` to indicate whether it should be allowed or blocked. In this example, the auto-creation of indices called `my-index-000001` or `index10` is allowed, the creation of indices that match the pattern `index1*` is blocked, and the creation of any other indices that match the `ind*` pattern is allowed. Patterns are matched in the order specified.

{
  "persistent": {
    "action.auto_create_index": "my-index-000001,index10,-index1*,+ind*" 
  }
}

Get the cluster health status Generally available; Added in 1.3.0

GET /_cluster/health/{index}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_cluster/health

GET /_cluster/health/{index}

You can also use the API to get the health status of only specified data streams and indices. For data streams, the API retrieves the health status of the stream’s backing indices.

The cluster health status is: green, yellow or red. On the shard level, a red status indicates that the specific shard is not allocated in the cluster. Yellow means that the primary shard is allocated but replicas are not. Green means that all shards are allocated. The index level status is controlled by the worst shard status.

One of the main benefits of the API is the ability to wait until the cluster reaches a certain high watermark health level. The cluster status is controlled by the worst index status.

Required authorization

Cluster privileges: monitor,manage

Path parameters

index string | array[string] Required

Comma-separated list of data streams, indices, and index aliases used to limit the request. Wildcard expressions (*) are supported. To target all data streams and indices in a cluster, omit this parameter or use _all or *.

Query parameters

expand_wildcards string | array[string]
Whether to expand wildcard expression to concrete indices that are open, closed or both.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.
level string

Can be one of cluster, indices or shards. Controls the details level of the health information returned.

Values are cluster, indices, or shards.
local boolean

If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
wait_for_active_shards number | string

A number controlling to how many active shards to wait for, all to wait for all shards in the cluster to be active, or 0 to not wait.

Values are all or index-setting.
wait_for_events string

Can be one of immediate, urgent, high, normal, low, languid. Wait until all currently queued events with the given priority are processed.

Values are immediate, urgent, high, normal, low, or languid.
wait_for_nodes string | number

The request waits until the specified number N of nodes is available. It also accepts >=N, <=N, >N and <N. Alternatively, it is possible to use ge(N), le(N), gt(N) and lt(N) notation.
wait_for_no_initializing_shards boolean

A boolean value which controls whether to wait (until the timeout provided) for the cluster to have no shard initializations. Defaults to false, which means it will not wait for initializing shards.
wait_for_no_relocating_shards boolean

A boolean value which controls whether to wait (until the timeout provided) for the cluster to have no shard relocations. Defaults to false, which means it will not wait for relocating shards.
wait_for_status string
One of green, yellow or red. Will wait (until the timeout provided) until the status of the cluster changes to the one provided or better, i.e. green > yellow > red. By default, will not wait for any status.

Supported values include:
- green (or GREEN): All shards are assigned.
- yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
- red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
- unknown
- unavailable
Values are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.

Responses

200 application/json
Hide response attributes Show response attributes object
- active_primary_shards number Required
  
  The number of active primary shards.
- active_shards number Required
  
  The total number of active primary and replica shards.
- active_shards_percent string
  
  The ratio of active shards in the cluster expressed as a string formatted percentage.
- active_shards_percent_as_number number Required
  
  The ratio of active shards in the cluster expressed as a percentage.
- cluster_name string Required
  
  The name of the cluster.
- delayed_unassigned_shards number Required
  
  The number of shards whose allocation has been delayed by the timeout settings.
- indices object
  
  Hide indices attribute Show indices attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active_primary_shards number Required
  
  active_shards number Required
  
  initializing_shards number Required
  
  number_of_replicas number Required
  
  number_of_shards number Required
  
  relocating_shards number Required
  
  shards object
  
  Hide shards attribute Show shards attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active_shards number Required
  
  initializing_shards number Required
  
  primary_active boolean Required
  
  relocating_shards number Required
  
  status string Required
  
  Supported values include:
  
  green (or GREEN): All shards are assigned.
  
  yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
  
  red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
  
  unknown
  
  unavailable
  
  Values are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
  
  unassigned_shards number Required
  
  unassigned_primary_shards number Required
  
  status string Required
  
  Supported values include:
  
  green (or GREEN): All shards are assigned.
  
  yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
  
  red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
  
  unknown
  
  unavailable
  
  Values are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
  
  unassigned_shards number Required
  
  unassigned_primary_shards number Required
- initializing_shards number Required
  
  The number of shards that are under initialization.
- number_of_data_nodes number Required
  
  The number of nodes that are dedicated data nodes.
- number_of_in_flight_fetch number Required
  
  The number of unfinished fetches.
- number_of_nodes number Required
  
  The number of nodes within the cluster.
- number_of_pending_tasks number Required
  
  The number of cluster-level changes that have not yet been executed.
- relocating_shards number Required
  
  The number of shards that are under relocation.
- status string Required
  
  Supported values include:
  
  green (or GREEN): All shards are assigned.
  
  yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
  
  red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
  
  unknown
  
  unavailable
  
  Values are green, GREEN, yellow, YELLOW, red, RED, unknown, or unavailable.
- task_max_waiting_in_queue string
  
  The time since the earliest initiated task is waiting for being performed.
  
  External documentation
- task_max_waiting_in_queue_millis number
  
  Time unit for milliseconds
- timed_out boolean Required
  
  If false the response returned within the period of time that is specified by the timeout parameter (30s by default)
- unassigned_primary_shards number Required
  
  The number of primary shards that are not allocated.
- unassigned_shards number Required
  
  The number of shards that are not allocated.

GET /_cluster/health/{index}

GET _cluster/health

resp = client.cluster.health()

const response = await client.cluster.health();

response = client.cluster.health

$resp = $client->cluster()->health();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_cluster/health"

client.cluster().health(h -> h);

Response examples (200)

A successful response from `GET _cluster/health`. It is the health status of a quiet single node cluster with a single index with one shard and one replica.

{
  "cluster_name" : "testcluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 1,
  "active_shards" : 1,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 1,
  "delayed_unassigned_shards": 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch": 0,
  "task_max_waiting_in_queue_millis": 0,
  "active_shards_percent_as_number": 50.0
}

Get cluster info Generally available; Added in 8.9.0

GET /_info/{target}

Api key auth Basic auth Bearer auth

Returns basic information about the cluster.

Path parameters

target string | array[string]

Limits the information returned to the specific target. Supports a comma-separated list, such as http,ingest.

Supported values include: _all, http, ingest, thread_pool, script

Values are _all, http, ingest, thread_pool, or script.

Responses

200 application/json
Hide response attributes Show response attributes object
- cluster_name string Required
- http object
  
  Hide http attributes Show http attributes object
  
  current_open number
  
  Current number of open HTTP connections for the node.
  
  total_opened number
  
  Total number of HTTP connections opened for the node.
  
  clients array[object]
  
  Information on current and recently-closed HTTP client connections. Clients that have been closed longer than the http.client_stats.closed_channels.max_age setting will not be represented here.
  
  Hide clients attributes Show clients attributes object
  
  id number
  
  Unique ID for the HTTP client.
  
  agent string
  
  Reported agent for the HTTP client. If unavailable, this property is not included in the response.
  
  local_address string
  
  Local address for the HTTP connection.
  
  remote_address string
  
  Remote address for the HTTP connection.
  
  last_uri string
  
  The URI of the client’s most recent request.
  
  opened_time_millis number
  
  Time at which the client opened the connection.
  
  closed_time_millis number
  
  Time at which the client closed the connection if the connection is closed.
  
  last_request_time_millis number
  
  Time of the most recent request from this client.
  
  request_count number
  
  Number of requests from this client.
  
  request_size_bytes number
  
  Cumulative size in bytes of all requests from this client.
  
  x_opaque_id string
  
  Value from the client’s x-opaque-id HTTP header. If unavailable, this property is not included in the response.
  
  routes object Required Generally available; Added in 8.12.0
  
  Detailed HTTP stats broken down by route
  
  Hide routes attribute Show routes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  requests object Required
  
  responses object Required
- ingest object
  
  Hide ingest attributes Show ingest attributes object
  
  pipelines object
  
  Contains statistics about ingest pipelines for the node.
  
  Hide pipelines attribute Show pipelines attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  count number Required
  
  Total number of documents ingested during the lifetime of this node.
  
  current number Required
  
  Total number of documents currently being ingested.
  
  failed number Required
  
  Total number of failed ingest operations during the lifetime of this node.
  
  processors array[object] Required
  
  Total number of ingest processors.
  
  ingested_as_first_pipeline_in_bytes number Required Generally available; Added in 8.15.0
  
  Total number of bytes of all documents ingested by the pipeline. This field is only present on pipelines which are the first to process a document. Thus, it is not present on pipelines which only serve as a final pipeline after a default pipeline, a pipeline run after a reroute processor, or pipelines in pipeline processors.
  
  produced_as_first_pipeline_in_bytes number Required Generally available; Added in 8.15.0
  
  Total number of bytes of all documents produced by the pipeline. This field is only present on pipelines which are the first to process a document. Thus, it is not present on pipelines which only serve as a final pipeline after a default pipeline, a pipeline run after a reroute processor, or pipelines in pipeline processors. In situations where there are subsequent pipelines, the value represents the size of the document after all pipelines have run.
  
  total object
  
  Contains statistics about ingest operations for the node.
  
  Hide total attributes Show total attributes object
  
  count number Required
  
  Total number of documents ingested during the lifetime of this node.
  
  current number Required
  
  Total number of documents currently being ingested.
  
  failed number Required
  
  Total number of failed ingest operations during the lifetime of this node.
- thread_pool object
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active number
  
  Number of active threads in the thread pool.
  
  completed number
  
  Number of tasks completed by the thread pool executor.
  
  largest number
  
  Highest number of active threads in the thread pool.
  
  queue number
  
  Number of tasks in queue for the thread pool.
  
  rejected number
  
  Number of tasks rejected by the thread pool executor.
  
  threads number
  
  Number of threads in the thread pool.
- script object
  
  Hide script attributes Show script attributes object
  
  cache_evictions number
  
  Total number of times the script cache has evicted old data.
  
  compilations number
  
  Total number of inline script compilations performed by the node.
  
  compilations_history object
  
  Contains this recent history of script compilations.
  
  Hide compilations_history attribute Show compilations_history attribute object
  
  * number Additional properties
  
  compilation_limit_triggered number
  
  Total number of times the script compilation circuit breaker has limited inline script compilations.
  
  contexts array[object]
  
  Hide contexts attributes Show contexts attributes object
  
  context string
  
  compilations number
  
  cache_evictions number
  
  compilation_limit_triggered number

GET /_info/{target}

GET /_info/_all

resp = client.cluster.info(
    target="_all",
)

const response = await client.cluster.info({
  target: "_all",
});

response = client.cluster.info(
  target: "_all"
)

$resp = $client->cluster()->info([
    "target" => "_all",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_info/_all"

client.cluster().info(i -> i
    .target("_all")
);

Get remote cluster information Generally available; Added in 6.1.0

GET /_remote/info

Api key auth Basic auth Bearer auth

Get information about configured remote clusters. The API returns connection and endpoint information keyed by the configured remote cluster alias.

This API returns information that reflects current state on the local cluster. The connected field does not necessarily reflect whether a remote cluster is down or unavailable, only whether there is currently an open connection to it. Elasticsearch does not spontaneously try to reconnect to a disconnected remote cluster. To trigger a reconnection, attempt a cross-cluster search, ES|QL cross-cluster search, or try the /_resolve/cluster endpoint.

Required authorization

Cluster privileges: monitor

External documentation

Responses

200 application/json

GET /_remote/info

GET /_remote/info

resp = client.cluster.remote_info()

const response = await client.cluster.remoteInfo();

response = client.cluster.remote_info

$resp = $client->cluster()->remoteInfo();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_remote/info"

client.cluster().remoteInfo();

Get the hot threads for nodes Generally available

GET /_nodes/{node_id}/hot_threads

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_nodes/hot_threads

GET /_nodes/{node_id}/hot_threads

Get a breakdown of the hot threads on each selected node in the cluster. The output is plain text with a breakdown of the top hot threads for each node.

Required authorization

Cluster privileges: monitor,manage

Path parameters

node_id string | array[string] Required

List of node IDs or names used to limit returned information.

Query parameters

ignore_idle_threads boolean

If true, known idle threads (e.g. waiting in a socket select, or to get a task from an empty queue) are filtered out.
interval string

The interval to do the second sampling of threads.

External documentation
snapshots number

Number of samples of thread stacktrace.
threads number

Specifies the number of hot threads to provide information for.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
type string

The type to sample.

Values are cpu, wait, block, gpu, or mem.
sort string

The sort order for 'cpu' type (default: total)

Values are cpu, wait, block, gpu, or mem.

Responses

200 application/json

GET /_nodes/{node_id}/hot_threads

GET /_nodes/hot_threads

resp = client.nodes.hot_threads()

const response = await client.nodes.hotThreads();

response = client.nodes.hot_threads

$resp = $client->nodes()->hotThreads();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_nodes/hot_threads"

client.nodes().hotThreads(h -> h);

Get node information Generally available; Added in 1.3.0

GET /_nodes/{node_id}/{metric}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_nodes

GET /_nodes/{metric}

GET /_nodes/{node_id}

GET /_nodes/{node_id}/{metric}

By default, the API returns all attributes and core settings for cluster nodes.

Path parameters

node_id string | array[string] Required

Comma-separated list of node IDs or names used to limit returned information.
metric string | array[string] Required

Limits the information returned to the specific metrics. Supports a comma-separated list, such as http,ingest.

Query parameters

flat_settings boolean

If true, returns settings in flat format.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Contains statistics about the number of nodes selected by the request’s node filters.
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string Required
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  attributes object Required
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  build_flavor string Required
  
  build_hash string Required
  
  Short hash of the last git commit in this release.
  
  build_type string Required
  
  component_versions object Required
  
  Hide component_versions attribute Show component_versions attribute object
  
  * number Additional properties
  
  host string Required
  
  The node’s host name.
  
  http object
  
  Hide http attributes Show http attributes object
  
  bound_address array[string] Required
  
  max_content_length_in_bytes number Required
  
  publish_address string Required
  
  index_version number Required
  
  ip string Required
  
  The node’s IP address.
  
  jvm object
  
  Hide jvm attributes Show jvm attributes object
  
  gc_collectors array[string] Required
  
  memory_pools array[string] Required
  
  pid number Required
  
  vm_vendor string Required
  
  using_bundled_jdk boolean Required
  
  using_compressed_ordinary_object_pointers
  
  input_arguments array[string] Required
  
  name string Required
  
  The node's name
  
  os object
  
  Hide os attributes Show os attributes object
  
  arch string Required
  
  Name of the JVM architecture (ex: amd64, x86)
  
  available_processors number Required
  
  Number of processors available to the Java virtual machine
  
  allocated_processors number
  
  The number of processors actually used to calculate thread pool size. This number can be set with the node.processors setting of a node and defaults to the number of processors reported by the OS.
  
  plugins array[object]
  
  Hide plugins attributes Show plugins attributes object
  
  classname string Required
  
  description string Required
  
  elasticsearch_version
  
  extended_plugins array[string] Required
  
  has_native_controller boolean Required
  
  java_version
  
  name
  
  version
  
  licensed boolean Required
  
  process object
  
  Hide process attributes Show process attributes object
  
  id number Required
  
  Process identifier (PID)
  
  mlockall boolean Required
  
  Indicates if the process address space has been successfully locked in memory
  
  roles array[string] Required
  
  Values are master, data, data_cold, data_content, data_frozen, data_hot, data_warm, client, ingest, ml, voting_only, transform, remote_cluster_client, or coordinating_only.
  
  settings object
  
  thread_pool object
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  core number
  
  max number
  
  queue_size number Required
  
  size number
  
  type string Required
  
  total_indexing_buffer number
  
  Total heap allowed to be used to hold recently indexed documents before they must be written to disk. This size is a shared pool across all shards on this node, and is controlled by Indexing Buffer settings.
  
  total_indexing_buffer_in_bytes number | string
  
  Same as total_indexing_buffer, but expressed in bytes.
  
  One of:
  number-1 number string-2 string
  
  Same as total_indexing_buffer, but expressed in bytes.
  
  transport object
  
  Hide transport attributes Show transport attributes object
  
  bound_address array[string] Required
  
  publish_address string Required
  
  profiles object Required
  
  transport_address string Required
  
  Host and port where transport HTTP connections are accepted.
  
  transport_version number Required
  
  version string Required
  
  Elasticsearch version running on this node.
  
  modules array[object]
  
  Hide modules attributes Show modules attributes object
  
  classname string Required
  
  description string Required
  
  elasticsearch_version
  
  extended_plugins array[string] Required
  
  has_native_controller boolean Required
  
  java_version
  
  name
  
  version
  
  licensed boolean Required
  
  ingest object
  
  Hide ingest attribute Show ingest attribute object
  
  processors array[object] Required
  
  aggregations object
  
  Hide aggregations attribute Show aggregations attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  types array[string] Required
  
  remote_cluster_server object
  
  Hide remote_cluster_server attribute Show remote_cluster_server attribute object
  
  bound_address array[string] Required

GET /_nodes/{node_id}/{metric}

GET _nodes/_all/jvm

resp = client.nodes.info(
    node_id="_all",
    metric="jvm",
)

const response = await client.nodes.info({
  node_id: "_all",
  metric: "jvm",
});

response = client.nodes.info(
  node_id: "_all",
  metric: "jvm"
)

$resp = $client->nodes()->info([
    "node_id" => "_all",
    "metric" => "jvm",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_nodes/_all/jvm"

client.nodes().info(i -> i
    .metric("jvm")
    .nodeId("_all")
);

Response examples (200)

An abbreviated response when requesting cluster nodes information.

{
    "_nodes": {},
    "cluster_name": "elasticsearch",
    "nodes": {
      "USpTGYaBSIKbgSUJR2Z9lg": {
        "name": "node-0",
        "transport_address": "192.168.17:9300",
        "host": "node-0.elastic.co",
        "ip": "192.168.17",
        "version": "{version}",
        "transport_version": 100000298,
        "index_version": 100000074,
        "component_versions": {
          "ml_config_version": 100000162,
          "transform_config_version": 100000096
        },
        "build_flavor": "default",
        "build_type": "{build_type}",
        "build_hash": "587409e",
        "roles": [
          "master",
          "data",
          "ingest"
        ],
        "attributes": {},
        "plugins": [
          {
            "name": "analysis-icu",
            "version": "{version}",
            "description": "The ICU Analysis plugin integrates Lucene ICU
  module into elasticsearch, adding ICU relates analysis components.",
            "classname":
  "org.elasticsearch.plugin.analysis.icu.AnalysisICUPlugin",
            "has_native_controller": false
          }
        ],
        "modules": [
          {
            "name": "lang-painless",
            "version": "{version}",
            "description": "An easy, safe and fast scripting language for
  Elasticsearch",
            "classname": "org.elasticsearch.painless.PainlessPlugin",
            "has_native_controller": false
          }
        ]
      }
    }
}

Get feature usage information Generally available; Added in 6.0.0

GET /_nodes/{node_id}/usage/{metric}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_nodes/usage

GET /_nodes/usage/{metric}

GET /_nodes/{node_id}/usage

GET /_nodes/{node_id}/usage/{metric}

Required authorization

Cluster privileges: monitor,manage

Path parameters

node_id string | array[string] Required

A comma-separated list of node IDs or names to limit the returned information; use _local to return information from the node you're connecting to, leave empty to get information from all nodes
metric string | array[string] Required

Limits the information returned to the specific metrics. A comma-separated list of the following options: _all, rest_actions.

Query parameters

timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Contains statistics about the number of nodes selected by the request’s node filters.
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string Required
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  rest_actions object Required
  
  Hide rest_actions attribute Show rest_actions attribute object
  
  * number Additional properties
  
  since number
  
  Time unit for milliseconds
  
  timestamp number
  
  Time unit for milliseconds
  
  aggregations object Required
  
  Hide aggregations attribute Show aggregations attribute object
  
  * object Additional properties

GET /_nodes/{node_id}/usage/{metric}

GET _nodes/usage

resp = client.nodes.usage()

const response = await client.nodes.usage();

response = client.nodes.usage

$resp = $client->nodes()->usage();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_nodes/usage"

client.nodes().usage(u -> u);

Connector

The connector and sync jobs APIs provide a convenient way to create and manage Elastic connectors and sync jobs in an internal index. Connectors are Elasticsearch integrations that bring content from third-party data sources, which can be deployed on Elastic Cloud or hosted on your own infrastructure:

Elastic managed connectors (Native connectors) are a managed service on Elastic Cloud
Self-managed connectors (Connector clients) are self-managed on your infrastructure.

This API provides an alternative to relying solely on Kibana UI for connector and sync job management. The API comes with a set of validations and assertions to ensure that the state representation in the internal index remains valid.

Check out the connector API tu...

Check in a connector Technical preview; Added in 8.12.0

PUT /_connector/{connector_id}/_check_in

Api key auth Basic auth Bearer auth

Update the last_seen field in the connector and set it to the current timestamp.

Path parameters

connector_id string Required

The unique identifier of the connector to be checked in

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_check_in

PUT _connector/my-connector/_check_in

resp = client.connector.check_in(
    connector_id="my-connector",
)

const response = await client.connector.checkIn({
  connector_id: "my-connector",
});

response = client.connector.check_in(
  connector_id: "my-connector"
)

$resp = $client->connector()->checkIn([
    "connector_id" => "my-connector",
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/my-connector/_check_in"

client.connector().checkIn(c -> c
    .connectorId("my-connector")
);

Response examples (200)

{
    "result": "updated"
}

Get a connector Beta; Added in 8.12.0

GET /_connector/{connector_id}

Api key auth Basic auth Bearer auth

Get the details about a connector.

Path parameters

connector_id string Required

The unique identifier of the connector

Responses

200 application/json
Hide response attributes Show response attributes object
- api_key_id string
- api_key_secret_id string
- configuration object Required
  
  Hide configuration attribute Show configuration attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  category string
  
  default_value number | string | boolean | null
  
  One of:
  number-1 number number-2 number string-3 string boolean-4 boolean string-5 string | null
  
  depends_on array[object] Required
  
  Hide depends_on attributes Show depends_on attributes object
  
  field string Required
  
  value
  
  display string Required
  
  Values are textbox, textarea, numeric, toggle, or dropdown.
  
  label string Required
  
  options array[object] Required
  
  Hide options attributes Show options attributes object
  
  label string Required
  
  value
  
  order number
  
  placeholder string
  
  required boolean Required
  
  sensitive boolean Required
  
  tooltip string | null
  
  One of:
  string-1 string string-2 string | null
  
  type string
  
  Values are str, int, list, or bool.
  
  ui_restrictions array[string]
  
  validations array[object]
  
  value object Required
- custom_scheduling object Required
  
  Hide custom_scheduling attribute Show custom_scheduling attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  configuration_overrides object Required
  
  Hide configuration_overrides attributes Show configuration_overrides attributes object
  
  max_crawl_depth number
  
  sitemap_discovery_disabled boolean
  
  domain_allowlist array[string]
  
  sitemap_urls array[string]
  
  seed_urls array[string]
  
  enabled boolean Required
  
  interval string Required
  
  last_synced string
  
  name string Required
- description string
- error string | null
  
  One of:
  string-1 string string-2 string | null
- features object
  
  Hide features attributes Show features attributes object
  
  document_level_security object
  
  Indicates whether document-level security is enabled.
  
  Hide document_level_security attribute Show document_level_security attribute object
  
  enabled boolean Required
  
  incremental_sync object
  
  Indicates whether incremental syncs are enabled.
  
  Hide incremental_sync attribute Show incremental_sync attribute object
  
  enabled boolean Required
  
  native_connector_api_keys object
  
  Indicates whether managed connector API keys are enabled.
  
  Hide native_connector_api_keys attribute Show native_connector_api_keys attribute object
  
  enabled boolean Required
  
  sync_rules object
  
  Hide sync_rules attributes Show sync_rules attributes object
  
  advanced object
  
  Indicates whether advanced sync rules are enabled.
  
  basic object
  
  Indicates whether basic sync rules are enabled.
- filtering array[object] Required
  
  Hide filtering attributes Show filtering attributes object
  
  active object Required
  
  Hide active attributes Show active attributes object
  
  advanced_snippet object Required
  
  rules array[object] Required
  
  validation object Required
  
  domain string
  
  draft object Required
  
  Hide draft attributes Show draft attributes object
  
  advanced_snippet object Required
  
  rules array[object] Required
  
  validation object Required
- id string
- index_name string | null
  
  One of:
  IndexName string string-2 string | null
- is_native boolean Required
- language string
- last_access_control_sync_error string
- last_access_control_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
- last_access_control_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
- last_deleted_document_count number
- last_incremental_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
- last_indexed_document_count number
- last_seen string | number
  
  One of:
  string-1 string UnitMillis number
- last_sync_error string
- last_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
- last_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
- last_synced string | number
  
  One of:
  string-1 string UnitMillis number
- name string
- pipeline object
  
  Hide pipeline attributes Show pipeline attributes object
  
  extract_binary_content boolean Required
  
  name string Required
  
  reduce_whitespace boolean Required
  
  run_ml_inference boolean Required
- scheduling object Required
  
  Hide scheduling attributes Show scheduling attributes object
  
  access_control object
  
  Hide access_control attributes Show access_control attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
  
  full object
  
  Hide full attributes Show full attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
  
  incremental object
  
  Hide incremental attributes Show incremental attributes object
  
  enabled boolean Required
  
  interval string Required
  
  The interval is expressed using the crontab syntax
- service_type string
- status string Required
  
  Values are created, needs_configuration, configured, connected, or error.
- sync_cursor object
- sync_now boolean Required

GET /_connector/{connector_id}

GET _connector/my-connector-id

resp = client.connector.get(
    connector_id="my-connector-id",
)

const response = await client.connector.get({
  connector_id: "my-connector-id",
});

response = client.connector.get(
  connector_id: "my-connector-id"
)

$resp = $client->connector()->get([
    "connector_id" => "my-connector-id",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/my-connector-id"

client.connector().get(g -> g
    .connectorId("my-connector-id")
);

Get all connectors Beta; Added in 8.12.0

GET /_connector

Api key auth Basic auth Bearer auth

Get information about all connectors.

Query parameters

from number

Starting offset
size number

Specifies a max number of results to get
index_name string | array[string]

A comma-separated list of connector index names to fetch connector documents for
connector_name string | array[string]

A comma-separated list of connector names to fetch connector documents for
service_type string | array[string]

A comma-separated list of connector service types to fetch connector documents for
query string

A wildcard query string that filters connectors with matching name, description or index name

Responses

200 application/json
Hide response attributes Show response attributes object
- count number Required
- results array[object] Required
  
  Hide results attributes Show results attributes object
  
  api_key_id string
  
  api_key_secret_id string
  
  configuration object Required
  
  Hide configuration attribute Show configuration attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  category string
  
  depends_on array[object] Required
  
  label string Required
  
  options array[object] Required
  
  order number
  
  placeholder string
  
  required boolean Required
  
  sensitive boolean Required
  
  tooltip
  
  ui_restrictions array[string]
  
  validations array[object]
  
  value object Required
  
  custom_scheduling object Required
  
  Hide custom_scheduling attribute Show custom_scheduling attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  enabled boolean Required
  
  interval string Required
  
  name string Required
  
  description string
  
  error string | null
  
  One of:
  string-1 string string-2 string | null
  
  features object
  
  Hide features attributes Show features attributes object
  
  document_level_security object
  
  Indicates whether document-level security is enabled.
  
  incremental_sync object
  
  Indicates whether incremental syncs are enabled.
  
  native_connector_api_keys object
  
  Indicates whether managed connector API keys are enabled.
  
  sync_rules object
  
  filtering array[object] Required
  
  Hide filtering attributes Show filtering attributes object
  
  active object Required
  
  domain string
  
  draft object Required
  
  id string
  
  index_name string | null
  
  One of:
  IndexName string string-2 string | null
  
  is_native boolean Required
  
  language string
  
  last_access_control_sync_error string
  
  last_access_control_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
  
  last_access_control_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
  
  last_deleted_document_count number
  
  last_incremental_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
  
  last_indexed_document_count number
  
  last_seen string | number
  
  One of:
  string-1 string UnitMillis number
  
  last_sync_error string
  
  last_sync_scheduled_at string | number
  
  One of:
  string-1 string UnitMillis number
  
  last_sync_status string
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
  
  last_synced string | number
  
  One of:
  string-1 string UnitMillis number
  
  name string
  
  pipeline object
  
  Hide pipeline attributes Show pipeline attributes object
  
  extract_binary_content boolean Required
  
  name string Required
  
  reduce_whitespace boolean Required
  
  run_ml_inference boolean Required
  
  scheduling object Required
  
  Hide scheduling attributes Show scheduling attributes object
  
  access_control object
  
  full object
  
  incremental object
  
  service_type string
  
  status string Required
  
  Values are created, needs_configuration, configured, connected, or error.
  
  sync_cursor object
  
  sync_now boolean Required

GET /_connector

GET _connector

resp = client.connector.list()

const response = await client.connector.list();

response = client.connector.list

$resp = $client->connector()->list();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector"

client.connector().list(l -> l);

Create a connector Beta; Added in 8.12.0

POST /_connector

Api key auth Basic auth Bearer auth

Connectors are Elasticsearch integrations that bring content from third-party data sources, which can be deployed on Elastic Cloud or hosted on your own infrastructure. Elastic managed connectors (Native connectors) are a managed service on Elastic Cloud. Self-managed connectors (Connector clients) are self-managed on your infrastructure.

application/json

Body

description string
index_name string
is_native boolean
language string
name string
service_type string

Responses

200 application/json
Hide response attributes Show response attributes object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.
- id string Required

POST /_connector

curl \
 --request POST 'http://api.example.com/_connector' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"description":"string","index_name":"string","is_native":true,"language":"string","name":"string","service_type":"string"}'

Check in a connector sync job Technical preview

PUT /_connector/_sync_job/{connector_sync_job_id}/_check_in

Api key auth Basic auth Bearer auth

Check in a connector sync job and set the last_seen field to the current time before updating it in the internal index.

To sync data using self-managed connectors, you need to deploy the Elastic connector service on your own infrastructure. This service runs automatically on Elastic Cloud for Elastic managed connectors.

Path parameters

connector_sync_job_id string Required

The unique identifier of the connector sync job to be checked in.

Responses

200 application/json

PUT /_connector/_sync_job/{connector_sync_job_id}/_check_in

PUT _connector/_sync_job/my-connector-sync-job/_check_in

resp = client.connector.sync_job_check_in(
    connector_sync_job_id="my-connector-sync-job",
)

const response = await client.connector.syncJobCheckIn({
  connector_sync_job_id: "my-connector-sync-job",
});

response = client.connector.sync_job_check_in(
  connector_sync_job_id: "my-connector-sync-job"
)

$resp = $client->connector()->syncJobCheckIn([
    "connector_sync_job_id" => "my-connector-sync-job",
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_connector/_sync_job/my-connector-sync-job/_check_in"

client.connector().syncJobCheckIn(s -> s
    .connectorSyncJobId("my-connector-sync-job")
);

Create a connector sync job Beta; Added in 8.12.0

POST /_connector/_sync_job

Api key auth Basic auth Bearer auth

Create a connector sync job document in the internal index and initialize its counters and timestamps with default values.

application/json

Body Required

id string Required

The id of the associated connector
job_type string

Values are full, incremental, or access_control.
trigger_method string

Values are on_demand or scheduled.

Responses

200 application/json
Hide response attribute Show response attribute object
- id string Required

POST /_connector/_sync_job

POST _connector/_sync_job
{
  "id": "connector-id",
  "job_type": "full",
  "trigger_method": "on_demand"
}

resp = client.connector.sync_job_post(
    id="connector-id",
    job_type="full",
    trigger_method="on_demand",
)

const response = await client.connector.syncJobPost({
  id: "connector-id",
  job_type: "full",
  trigger_method: "on_demand",
});

response = client.connector.sync_job_post(
  body: {
    "id": "connector-id",
    "job_type": "full",
    "trigger_method": "on_demand"
  }
)

$resp = $client->connector()->syncJobPost([
    "body" => [
        "id" => "connector-id",
        "job_type" => "full",
        "trigger_method" => "on_demand",
    ],
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"id":"connector-id","job_type":"full","trigger_method":"on_demand"}' "$ELASTICSEARCH_URL/_connector/_sync_job"

client.connector().syncJobPost(s -> s
    .id("connector-id")
    .jobType(SyncJobType.Full)
    .triggerMethod(SyncJobTriggerMethod.OnDemand)
);

Request example

{
  "id": "connector-id",
  "job_type": "full",
  "trigger_method": "on_demand"
}

Set the connector sync job stats Technical preview

PUT /_connector/_sync_job/{connector_sync_job_id}/_stats

Api key auth Basic auth Bearer auth

Stats include: deleted_document_count, indexed_document_count, indexed_document_volume, and total_document_count. You can also update last_seen. This API is mainly used by the connector service for updating sync job information.

To sync data using self-managed connectors, you need to deploy the Elastic connector service on your own infrastructure. This service runs automatically on Elastic Cloud for Elastic managed connectors.

Path parameters

connector_sync_job_id string Required

The unique identifier of the connector sync job.

application/json

Body Required

deleted_document_count number Required

The number of documents the sync job deleted.
indexed_document_count number Required

The number of documents the sync job indexed.
indexed_document_volume number Required

The total size of the data (in MiB) the sync job indexed.
last_seen string

The timestamp to use in the last_seen property for the connector sync job.

External documentation
metadata object

The connector-specific metadata.
Hide metadata attribute Show metadata attribute object
- * object Additional properties
total_document_count number

The total number of documents in the target index after the sync job finished.

Responses

200 application/json

PUT /_connector/_sync_job/{connector_sync_job_id}/_stats

PUT _connector/_sync_job/my-connector-sync-job/_stats
{
    "deleted_document_count": 10,
    "indexed_document_count": 20,
    "indexed_document_volume": 1000,
    "total_document_count": 2000,
    "last_seen": "2023-01-02T10:00:00Z"
}

resp = client.connector.sync_job_update_stats(
    connector_sync_job_id="my-connector-sync-job",
    deleted_document_count=10,
    indexed_document_count=20,
    indexed_document_volume=1000,
    total_document_count=2000,
    last_seen="2023-01-02T10:00:00Z",
)

const response = await client.connector.syncJobUpdateStats({
  connector_sync_job_id: "my-connector-sync-job",
  deleted_document_count: 10,
  indexed_document_count: 20,
  indexed_document_volume: 1000,
  total_document_count: 2000,
  last_seen: "2023-01-02T10:00:00Z",
});

response = client.connector.sync_job_update_stats(
  connector_sync_job_id: "my-connector-sync-job",
  body: {
    "deleted_document_count": 10,
    "indexed_document_count": 20,
    "indexed_document_volume": 1000,
    "total_document_count": 2000,
    "last_seen": "2023-01-02T10:00:00Z"
  }
)

$resp = $client->connector()->syncJobUpdateStats([
    "connector_sync_job_id" => "my-connector-sync-job",
    "body" => [
        "deleted_document_count" => 10,
        "indexed_document_count" => 20,
        "indexed_document_volume" => 1000,
        "total_document_count" => 2000,
        "last_seen" => "2023-01-02T10:00:00Z",
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"deleted_document_count":10,"indexed_document_count":20,"indexed_document_volume":1000,"total_document_count":2000,"last_seen":"2023-01-02T10:00:00Z"}' "$ELASTICSEARCH_URL/_connector/_sync_job/my-connector-sync-job/_stats"

client.connector().syncJobUpdateStats(s -> s
    .connectorSyncJobId("my-connector-sync-job")
    .deletedDocumentCount(10L)
    .indexedDocumentCount(20L)
    .indexedDocumentVolume(1000L)
    .lastSeen(l -> l
        .time("2023-01-02T10:00:00Z")
    )
    .totalDocumentCount(2000)
);

Request example

An example body for a `PUT _connector/_sync_job/my-connector-sync-job/_stats` request.

{
    "deleted_document_count": 10,
    "indexed_document_count": 20,
    "indexed_document_volume": 1000,
    "total_document_count": 2000,
    "last_seen": "2023-01-02T10:00:00Z"
}

Activate the connector draft filter Technical preview; Added in 8.12.0

PUT /_connector/{connector_id}/_filtering/_activate

Api key auth Basic auth Bearer auth

Activates the valid draft filtering for a connector.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_filtering/_activate

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_filtering/_activate' \
 --header "Authorization: $API_KEY"

Update the connector error field Technical preview; Added in 8.12.0

PUT /_connector/{connector_id}/_error

Api key auth Basic auth Bearer auth

Set the error field for the connector. If the error provided in the request body is non-null, the connector’s status is updated to error. Otherwise, if the error is reset to null, the connector status is updated to connected.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

error string | null Required

One of:
string-1 string NullValue string | null

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_error

PUT _connector/my-connector/_error
{
    "error": "Houston, we have a problem!"
}

resp = client.connector.update_error(
    connector_id="my-connector",
    error="Houston, we have a problem!",
)

const response = await client.connector.updateError({
  connector_id: "my-connector",
  error: "Houston, we have a problem!",
});

response = client.connector.update_error(
  connector_id: "my-connector",
  body: {
    "error": "Houston, we have a problem!"
  }
)

$resp = $client->connector()->updateError([
    "connector_id" => "my-connector",
    "body" => [
        "error" => "Houston, we have a problem!",
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"error":"Houston, we have a problem!"}' "$ELASTICSEARCH_URL/_connector/my-connector/_error"

client.connector().updateError(u -> u
    .connectorId("my-connector")
    .error("Houston, we have a problem!")
);

Request example

{
    "error": "Houston, we have a problem!"
}

Response examples (200)

{
  "result": "updated"
}

Update the connector index name Beta; Added in 8.12.0

PUT /_connector/{connector_id}/_index_name

Api key auth Basic auth Bearer auth

Update the index_name field of a connector, specifying the index where the data ingested by the connector is stored.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

index_name string | null Required

One of:
IndexName string NullValue string | null

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_index_name

PUT _connector/my-connector/_index_name
{
    "index_name": "data-from-my-google-drive"
}

resp = client.connector.update_index_name(
    connector_id="my-connector",
    index_name="data-from-my-google-drive",
)

const response = await client.connector.updateIndexName({
  connector_id: "my-connector",
  index_name: "data-from-my-google-drive",
});

response = client.connector.update_index_name(
  connector_id: "my-connector",
  body: {
    "index_name": "data-from-my-google-drive"
  }
)

$resp = $client->connector()->updateIndexName([
    "connector_id" => "my-connector",
    "body" => [
        "index_name" => "data-from-my-google-drive",
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index_name":"data-from-my-google-drive"}' "$ELASTICSEARCH_URL/_connector/my-connector/_index_name"

client.connector().updateIndexName(u -> u
    .connectorId("my-connector")
    .indexName("data-from-my-google-drive")
);

Request example

{
    "index_name": "data-from-my-google-drive"
}

Response examples (200)

{
  "result": "updated"
}

Update the connector name and description Beta; Added in 8.12.0

PUT /_connector/{connector_id}/_name

Api key auth Basic auth Bearer auth

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

name string
description string

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_name

PUT _connector/my-connector/_name
{
    "name": "Custom connector",
    "description": "This is my customized connector"
}

resp = client.connector.update_name(
    connector_id="my-connector",
    name="Custom connector",
    description="This is my customized connector",
)

const response = await client.connector.updateName({
  connector_id: "my-connector",
  name: "Custom connector",
  description: "This is my customized connector",
});

response = client.connector.update_name(
  connector_id: "my-connector",
  body: {
    "name": "Custom connector",
    "description": "This is my customized connector"
  }
)

$resp = $client->connector()->updateName([
    "connector_id" => "my-connector",
    "body" => [
        "name" => "Custom connector",
        "description" => "This is my customized connector",
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"name":"Custom connector","description":"This is my customized connector"}' "$ELASTICSEARCH_URL/_connector/my-connector/_name"

client.connector().updateName(u -> u
    .connectorId("my-connector")
    .description("This is my customized connector")
    .name("Custom connector")
);

Request example

{
    "name": "Custom connector",
    "description": "This is my customized connector"
}

Response examples (200)

{
  "result": "updated"
}

Get auto-follow patterns Generally available; Added in 6.5.0

GET /_ccr/auto_follow/{name}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_ccr/auto_follow

GET /_ccr/auto_follow/{name}

Get cross-cluster replication auto-follow patterns.

Required authorization

Cluster privileges: manage_ccr

External documentation

Path parameters

name string Required

The auto-follow pattern collection that you want to retrieve. If you do not specify a name, the API returns information for all collections.

Query parameters

master_timeout string

The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. It can also be set to -1 to indicate that the request should never timeout.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- patterns array[object] Required
  
  Hide patterns attributes Show patterns attributes object
  
  name string Required
  
  pattern object Required
  
  Hide pattern attributes Show pattern attributes object
  
  active boolean Required
  
  remote_cluster string Required
  
  The remote cluster containing the leader indices to match against.
  
  follow_index_pattern string
  
  The name of follower index.
  
  leader_index_patterns array[string] Required
  
  An array of simple index patterns to match against indices in the remote cluster specified by the remote_cluster field.
  
  leader_index_exclusion_patterns array[string] Required
  
  An array of simple index patterns that can be used to exclude indices from being auto-followed.
  
  max_outstanding_read_requests number Required
  
  The maximum number of outstanding reads requests from the remote cluster.

GET /_ccr/auto_follow/{name}

GET /_ccr/auto_follow/my_auto_follow_pattern

resp = client.ccr.get_auto_follow_pattern(
    name="my_auto_follow_pattern",
)

const response = await client.ccr.getAutoFollowPattern({
  name: "my_auto_follow_pattern",
});

response = client.ccr.get_auto_follow_pattern(
  name: "my_auto_follow_pattern"
)

$resp = $client->ccr()->getAutoFollowPattern([
    "name" => "my_auto_follow_pattern",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ccr/auto_follow/my_auto_follow_pattern"

client.ccr().getAutoFollowPattern(g -> g
    .name("my_auto_follow_pattern")
);

Response examples (200)

A successful response from `GET /_ccr/auto_follow/my_auto_follow_pattern`, which gets auto-follow patterns.

{
  "patterns": [
    {
      "name": "my_auto_follow_pattern",
      "pattern": {
        "active": true,
        "remote_cluster" : "remote_cluster",
        "leader_index_patterns" :
        [
          "leader_index*"
        ],
        "leader_index_exclusion_patterns":
        [
          "leader_index_001"
        ],
        "follow_index_pattern" : "{{leader_index}}-follower"
      }
    }
  ]
}

Get follower information Generally available; Added in 6.7.0

GET /{index}/_ccr/info

Api key auth Basic auth Bearer auth

Get information about all cross-cluster replication follower indices. For example, the results include follower index names, leader index names, replication options, and whether the follower indices are active or paused.

Required authorization

Cluster privileges: monitor

External documentation

Path parameters

index string | array[string] Required

A comma-delimited list of follower index patterns.

Query parameters

master_timeout string

The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. It can also be set to -1 to indicate that the request should never timeout.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- follower_indices array[object] Required
  
  Hide follower_indices attributes Show follower_indices attributes object
  
  follower_index string Required
  
  The name of the follower index.
  
  leader_index string Required
  
  The name of the index in the leader cluster that is followed.
  
  parameters object
  
  An object that encapsulates cross-cluster replication parameters. If the follower index's status is paused, this object is omitted.
  
  Hide parameters attributes Show parameters attributes object
  
  max_outstanding_read_requests number
  
  The maximum number of outstanding reads requests from the remote cluster.
  
  max_outstanding_write_requests number
  
  The maximum number of outstanding write requests on the follower.
  
  max_read_request_operation_count number
  
  The maximum number of operations to pull per read from the remote cluster.
  
  max_read_request_size
  
  max_retry_delay string
  
  The maximum time to wait before retrying an operation that failed exceptionally. An exponential backoff strategy is employed when retrying.
  
  max_write_buffer_count number
  
  The maximum number of operations that can be queued for writing. When this limit is reached, reads from the remote cluster will be deferred until the number of queued operations goes below the limit.
  
  max_write_buffer_size
  
  max_write_request_operation_count number
  
  The maximum number of operations per bulk write request executed on the follower.
  
  max_write_request_size
  
  read_poll_timeout string
  
  The maximum time to wait for new operations on the remote cluster when the follower index is synchronized with the leader index. When the timeout has elapsed, the poll for operations will return to the follower so that it can update some statistics. Then the follower will immediately attempt to read from the leader again.
  
  remote_cluster string Required
  
  The remote cluster that contains the leader index.
  
  status string Required
  
  The status of the index following: active or paused.
  
  Values are active or paused.

GET /{index}/_ccr/info

GET /follower_index/_ccr/info

resp = client.ccr.follow_info(
    index="follower_index",
)

const response = await client.ccr.followInfo({
  index: "follower_index",
});

response = client.ccr.follow_info(
  index: "follower_index"
)

$resp = $client->ccr()->followInfo([
    "index" => "follower_index",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/follower_index/_ccr/info"

client.ccr().followInfo(f -> f
    .index("follower_index")
);

Response examples (200)

A successful response from `GET /follower_index/_ccr/info` when the follower index is active.

{
  "follower_indices": [
    {
      "follower_index": "follower_index",
      "remote_cluster": "remote_cluster",
      "leader_index": "leader_index",
      "status": "active",
      "parameters": {
        "max_read_request_operation_count": 5120,
        "max_read_request_size": "32mb",
        "max_outstanding_read_requests": 12,
        "max_write_request_operation_count": 5120,
        "max_write_request_size": "9223372036854775807b",
        "max_outstanding_write_requests": 9,
        "max_write_buffer_count": 2147483647,
        "max_write_buffer_size": "512mb",
        "max_retry_delay": "500ms",
        "read_poll_timeout": "1m"
      }
    }
  ]
}

A successful response from `GET /follower_index/_ccr/info` when the follower index is paused.

{
  "follower_indices": [
    {
      "follower_index": "follower_index",
      "remote_cluster": "remote_cluster",
      "leader_index": "leader_index",
      "status": "paused"
    }
  ]
}

Get follower stats Generally available; Added in 6.5.0

GET /{index}/_ccr/stats

Api key auth Basic auth Bearer auth

Get cross-cluster replication follower stats. The API returns shard-level stats about the "following tasks" associated with each shard for the specified indices.

Required authorization

Cluster privileges: monitor

External documentation

Path parameters

index string | array[string] Required

A comma-delimited list of index patterns.

Query parameters

timeout string

The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- indices array[object] Required
  
  An array of follower index statistics.
  
  Hide indices attributes Show indices attributes object
  
  index string Required
  
  The name of the follower index.
  
  shards array[object] Required
  
  An array of shard-level following task statistics.
  
  Hide shards attributes Show shards attributes object
  
  bytes_read number Required
  
  The total of transferred bytes read from the leader. This is only an estimate and does not account for compression if enabled.
  
  failed_read_requests number Required
  
  The number of failed reads.
  
  failed_write_requests number Required
  
  The number of failed bulk write requests on the follower.
  
  fatal_exception object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  follower_aliases_version number Required
  
  The index aliases version the follower is synced up to.
  
  follower_global_checkpoint number Required
  
  The current global checkpoint on the follower. The difference between the leader_global_checkpoint and the follower_global_checkpoint is an indication of how much the follower is lagging the leader.
  
  follower_index string Required
  
  The name of the follower index.
  
  follower_mapping_version number Required
  
  The mapping version the follower is synced up to.
  
  follower_max_seq_no number Required
  
  The current maximum sequence number on the follower.
  
  follower_settings_version number Required
  
  The index settings version the follower is synced up to.
  
  last_requested_seq_no number Required
  
  The starting sequence number of the last batch of operations requested from the leader.
  
  leader_global_checkpoint number Required
  
  The current global checkpoint on the leader known to the follower task.
  
  leader_index string Required
  
  The name of the index in the leader cluster being followed.
  
  leader_max_seq_no number Required
  
  The current maximum sequence number on the leader known to the follower task.
  
  operations_read number Required
  
  The total number of operations read from the leader.
  
  operations_written number Required
  
  The number of operations written on the follower.
  
  outstanding_read_requests number Required
  
  The number of active read requests from the follower.
  
  outstanding_write_requests number Required
  
  The number of active bulk write requests on the follower.
  
  read_exceptions array[object] Required
  
  An array of objects representing failed reads.
  
  remote_cluster string Required
  
  The remote cluster containing the leader index.
  
  shard_id number Required
  
  The numerical shard ID, with values from 0 to one less than the number of replicas.
  
  successful_read_requests number Required
  
  The number of successful fetches.
  
  successful_write_requests number Required
  
  The number of bulk write requests run on the follower.
  
  time_since_last_read string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  time_since_last_read_millis
  
  total_read_remote_exec_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_read_remote_exec_time_millis
  
  total_read_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_read_time_millis
  
  total_write_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_write_time_millis
  
  write_buffer_operation_count number Required
  
  The number of write operations queued on the follower.
  
  write_buffer_size_in_bytes

GET /{index}/_ccr/stats

GET /follower_index/_ccr/stats

resp = client.ccr.follow_stats(
    index="follower_index",
)

const response = await client.ccr.followStats({
  index: "follower_index",
});

response = client.ccr.follow_stats(
  index: "follower_index"
)

$resp = $client->ccr()->followStats([
    "index" => "follower_index",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/follower_index/_ccr/stats"

client.ccr().followStats(f -> f
    .index("follower_index")
);

Response examples (200)

A successful response from `GET /follower_index/_ccr/stats`, which retrieves follower stats.

{
  "indices" : [
    {
      "index" : "follower_index",
      "total_global_checkpoint_lag" : 256,
      "shards" : [
        {
          "remote_cluster" : "remote_cluster",
          "leader_index" : "leader_index",
          "follower_index" : "follower_index",
          "shard_id" : 0,
          "leader_global_checkpoint" : 1024,
          "leader_max_seq_no" : 1536,
          "follower_global_checkpoint" : 768,
          "follower_max_seq_no" : 896,
          "last_requested_seq_no" : 897,
          "outstanding_read_requests" : 8,
          "outstanding_write_requests" : 2,
          "write_buffer_operation_count" : 64,
          "follower_mapping_version" : 4,
          "follower_settings_version" : 2,
          "follower_aliases_version" : 8,
          "total_read_time_millis" : 32768,
          "total_read_remote_exec_time_millis" : 16384,
          "successful_read_requests" : 32,
          "failed_read_requests" : 0,
          "operations_read" : 896,
          "bytes_read" : 32768,
          "total_write_time_millis" : 16384,
          "write_buffer_size_in_bytes" : 1536,
          "successful_write_requests" : 16,
          "failed_write_requests" : 0,
          "operations_written" : 832,
          "read_exceptions" : [ ],
          "time_since_last_read_millis" : 8
        }
      ]
    }
  ]
}

Pause an auto-follow pattern Generally available; Added in 7.5.0

POST /_ccr/auto_follow/{name}/pause

Api key auth Basic auth Bearer auth

Pause a cross-cluster replication auto-follow pattern. When the API returns, the auto-follow pattern is inactive. New indices that are created on the remote cluster and match the auto-follow patterns are ignored.

You can resume auto-following with the resume auto-follow pattern API. When it resumes, the auto-follow pattern is active again and automatically configures follower indices for newly created indices on the remote cluster that match its patterns. Remote indices that were created while the pattern was paused will also be followed, unless they have been deleted or closed in the interim.

Required authorization

Cluster privileges: manage_ccr

External documentation

Path parameters

name string Required

The name of the auto-follow pattern to pause.

Query parameters

master_timeout string

The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. It can also be set to -1 to indicate that the request should never timeout.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_ccr/auto_follow/{name}/pause

POST /_ccr/auto_follow/my_auto_follow_pattern/pause

resp = client.ccr.pause_auto_follow_pattern(
    name="my_auto_follow_pattern",
)

const response = await client.ccr.pauseAutoFollowPattern({
  name: "my_auto_follow_pattern",
});

response = client.ccr.pause_auto_follow_pattern(
  name: "my_auto_follow_pattern"
)

$resp = $client->ccr()->pauseAutoFollowPattern([
    "name" => "my_auto_follow_pattern",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_ccr/auto_follow/my_auto_follow_pattern/pause"

client.ccr().pauseAutoFollowPattern(p -> p
    .name("my_auto_follow_pattern")
);

Response examples (200)

A successful response from `POST /_ccr/auto_follow/my_auto_follow_pattern/pause`, which pauses an auto-follow pattern.

{
  "acknowledged" : true
}

Pause a follower Generally available; Added in 6.5.0

POST /{index}/_ccr/pause_follow

Api key auth Basic auth Bearer auth

Pause a cross-cluster replication follower index. The follower index will not fetch any additional operations from the leader index. You can resume following with the resume follower API. You can pause and resume a follower index to change the configuration of the following task.

Required authorization

Cluster privileges: manage_ccr

Path parameters

index string Required

The name of the follower index.

Query parameters

master_timeout string

The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. It can also be set to -1 to indicate that the request should never timeout.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /{index}/_ccr/pause_follow

POST /follower_index/_ccr/pause_follow

resp = client.ccr.pause_follow(
    index="follower_index",
)

const response = await client.ccr.pauseFollow({
  index: "follower_index",
});

response = client.ccr.pause_follow(
  index: "follower_index"
)

$resp = $client->ccr()->pauseFollow([
    "index" => "follower_index",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/follower_index/_ccr/pause_follow"

client.ccr().pauseFollow(p -> p
    .index("follower_index")
);

Response examples (200)

A successful response from `POST /follower_index/_ccr/pause_follow`, which pauses a follower index.

{
  "acknowledged" : true
}

Get data stream stats Generally available; Added in 7.9.0

GET /_data_stream/{name}/_stats

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_data_stream/_stats

GET /_data_stream/{name}/_stats

Get statistics for one or more data streams.

Required authorization

Index privileges: monitor

Path parameters

name string Required

Comma-separated list of data streams used to limit the request. Wildcard expressions (*) are supported. To target all data streams in a cluster, omit this parameter or use *.

Query parameters

expand_wildcards string | array[string]
Type of data stream that wildcard patterns can match. Supports comma-separated values, such as open,hidden.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.

Responses

200 application/json
Hide response attributes Show response attributes object
- _shards object Required
  
  Contains information about shards that attempted to execute the request.
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  The number of shards the operation or search attempted to run on but failed.
  
  successful number Required
  
  The number of shards the operation or search succeeded on.
  
  total number Required
  
  The number of shards the operation or search will run on overall.
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  shard number
  
  status string
  
  primary boolean
  
  skipped number
- backing_indices number Required
  
  Total number of backing indices for the selected data streams.
- data_stream_count number Required
  
  Total number of selected data streams.
- data_streams array[object] Required
  
  Contains statistics for the selected data streams.
  
  Hide data_streams attributes Show data_streams attributes object
  
  backing_indices number Required
  
  Current number of backing indices for the data stream.
  
  data_stream string Required
  
  Name of the data stream.
  
  maximum_timestamp number
  
  Time unit for milliseconds
  
  store_size number | string
  
  Total size of all shards for the data stream’s backing indices. This parameter is only returned if the human query parameter is true.
  
  One of:
  number-1 number string-2 string
  
  Total size of all shards for the data stream’s backing indices. This parameter is only returned if the human query parameter is true.
  
  store_size_bytes number Required
  
  Total size, in bytes, of all shards for the data stream’s backing indices.
- total_store_sizes number | string
  
  Total size of all shards for the selected data streams. This property is included only if the human query parameter is true
  
  One of:
  number-1 number string-2 string
  
  Total size of all shards for the selected data streams. This property is included only if the human query parameter is true
- total_store_size_bytes number Required
  
  Total size, in bytes, of all shards for the selected data streams.

GET /_data_stream/{name}/_stats

GET /_data_stream/my-index-000001/_stats

resp = client.indices.data_streams_stats(
    name="my-index-000001",
)

const response = await client.indices.dataStreamsStats({
  name: "my-index-000001",
});

response = client.indices.data_streams_stats(
  name: "my-index-000001"
)

$resp = $client->indices()->dataStreamsStats([
    "name" => "my-index-000001",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_data_stream/my-index-000001/_stats"

client.indices().dataStreamsStats(d -> d
    .name("my-index-000001")
);

Response examples (200)

A successful response for retrieving statistics for a data stream.

{
  "_shards": {
    "total": 10,
    "successful": 5,
    "failed": 0
  },
  "data_stream_count": 2,
  "backing_indices": 5,
  "total_store_size": "7kb",
  "total_store_size_bytes": 7268,
  "data_streams": [
    {
      "data_stream": "my-data-stream",
      "backing_indices": 3,
      "store_size": "3.7kb",
      "store_size_bytes": 3772,
      "maximum_timestamp": 1607512028000
    },
    {
      "data_stream": "my-data-stream-two",
      "backing_indices": 2,
      "store_size": "3.4kb",
      "store_size_bytes": 3496,
      "maximum_timestamp": 1607425567000
    }
  ]
}

Get data stream lifecycle stats Generally available; Added in 8.12.0

GET /_lifecycle/stats

Api key auth Basic auth Bearer auth

Get statistics about the data streams that are managed by a data stream lifecycle.

Required authorization

Cluster privileges: monitor

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- data_stream_count number Required
  
  The count of data streams currently being managed by the data stream lifecycle.
- data_streams array[object] Required
  
  Information about the data streams that are managed by the data stream lifecycle.
  
  Hide data_streams attributes Show data_streams attributes object
  
  backing_indices_in_error number Required
  
  The count of the backing indices for the data stream.
  
  backing_indices_in_total number Required
  
  The count of the backing indices for the data stream that have encountered an error.
  
  name string Required
  
  The name of the data stream.
- last_run_duration_in_millis number
  
  Time unit for milliseconds
- time_between_starts_in_millis number
  
  Time unit for milliseconds

GET /_lifecycle/stats

GET _lifecycle/stats?human&pretty

resp = client.indices.get_data_lifecycle_stats(
    human=True,
    pretty=True,
)

const response = await client.indices.getDataLifecycleStats({
  human: "true",
  pretty: "true",
});

response = client.indices.get_data_lifecycle_stats(
  human: "true",
  pretty: "true"
)

$resp = $client->indices()->getDataLifecycleStats([
    "human" => "true",
    "pretty" => "true",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_lifecycle/stats?human&pretty"

client.indices().getDataLifecycleStats();

Response examples (200)

A successful response for `GET _lifecycle/stats?human&pretty`

{
  "last_run_duration_in_millis": 2,
  "last_run_duration": "2ms",
  "time_between_starts_in_millis": 9998,
  "time_between_starts": "9.99s",
  "data_streams_count": 2,
  "data_streams": [
    {
      "name": "my-data-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 0
    },
    {
      "name": "my-other-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 1
    }
  ]
}

Update data stream settings Generally available

PUT /_data_stream/{name}/_settings

Api key auth Basic auth Bearer auth

This API can be used to override settings on specific data streams. These overrides will take precedence over what is specified in the template that the data stream matches. To prevent your data stream from getting into an invalid state, only certain settings are allowed. If possible, the setting change is applied to all backing indices. Otherwise, it will be applied when the data stream is next rolled over.

Required authorization

Index privileges: manage

Path parameters

name string | array[string] Required

A comma-separated list of data streams or data stream patterns.

Query parameters

dry_run boolean

If true, the request does not actually change the settings on any data streams or indices. Instead, it simulates changing the settings and reports back to the user what would have happened had these settings actually been applied.
master_timeout string

The period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
timeout string

The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

application/json

Body Required

object

Index settings

Responses

200 application/json
Hide response attribute Show response attribute object
- data_streams array[object] Required
  
  Hide data_streams attributes Show data_streams attributes object
  
  name string Required
  
  The data stream name.
  
  applied_to_data_stream boolean Required
  
  If the settings were successfully applied to the data stream (or would have been, if running in dry_run mode), it is true. If an error occurred, it is false.
  
  error string
  
  A message explaining why the settings could not be applied to the data stream.
  
  settings object Required
  
  The settings that are specfic to this data stream that will override any settings from the matching index template.
  
  Index settings
  
  effective_settings object Required
  
  The settings that are effective on this data stream, taking into account the settings from the matching index template and the settings specific to this data stream.
  
  Index settings
  
  index_settings_results object Required
  
  Information about whether and where each setting was applied.
  
  Hide index_settings_results attributes Show index_settings_results attributes object
  
  applied_to_data_stream_only array[string] Required
  
  The list of settings that were applied to the data stream but not to backing indices. These will be applied to the write index the next time the data stream is rolled over.
  
  applied_to_data_stream_and_backing_indices array[string] Required
  
  The list of settings that were applied to the data stream and to all of its backing indices. These settings will also be applied to the write index the next time the data stream is rolled over.
  
  errors array[object]

PUT /_data_stream/{name}/_settings

resp = client.indices.put_data_stream_settings(
    name="my-data-stream",
    settings={
        "index.lifecycle.name": "new-test-policy",
        "index.number_of_shards": 11
    },
)

const response = await client.indices.putDataStreamSettings({
  name: "my-data-stream",
  settings: {
    "index.lifecycle.name": "new-test-policy",
    "index.number_of_shards": 11,
  },
});

response = client.indices.put_data_stream_settings(
  name: "my-data-stream",
  body: {
    "index.lifecycle.name": "new-test-policy",
    "index.number_of_shards": 11
  }
)

$resp = $client->indices()->putDataStreamSettings([
    "name" => "my-data-stream",
    "body" => [
        "index.lifecycle.name" => "new-test-policy",
        "index.number_of_shards" => 11,
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"index.lifecycle.name":"new-test-policy","index.number_of_shards":11}' "$ELASTICSEARCH_URL/_data_stream/my-data-stream/_settings"

Request example

This is a request to change two settings on a data stream.

{
  "index.lifecycle.name" : "new-test-policy",
  "index.number_of_shards": 11
}

Response examples (200)

This shows a response to `PUT /_data_stream/my-data-stream/_settings` when two settings are successfully updated on the data stream. In this case, `index.number_of_shards` is only applied to the data stream -- it will be applied to the write index on rollover. The setting `index.lifecycle.name` is applied to the data stream and all backing indices.

{
  "data_streams": [
    {
      "name": "my-data-stream",
      "applied_to_data_stream": true,
      "settings": {
        "index": {
          "lifecycle": {
            "name": "new-test-policy"
          },
          "number_of_shards": "11"
        }
      },
      "effective_settings": {
        "index": {
          "lifecycle": {
            "name": "new-test-policy"
          },
          "mode": "standard",
          "number_of_shards": "11",
          "number_of_replicas": "0"
        }
      },
      "index_settings_results": {
        "applied_to_data_stream_only": [
          "index.number_of_shards"
        ],
        "applied_to_data_stream_and_backing_indices": [
          "index.lifecycle.name"
        ]
      }
    }
  ]
}

This shows a response to `PUT /_data_stream/my-data-stream/_settings` when a setting is successfully applied to the data stream, but one of the backing indices, `.ds-my-data-stream-2025.05.28-000001`, has a write block. The response reports that the setting was not successfully applied to that index.

{
  "data_streams": [
    {
      "name": "my-data-stream",
      "applied_to_data_stream": true,
      "settings": {
        "index": {
          "lifecycle": {
            "name": "new-test-policy"
          },
          "number_of_shards": "11"
        }
      },
      "effective_settings": {
        "index": {
          "lifecycle": {
            "name": "new-test-policy"
          },
          "mode": "standard",
          "number_of_shards": "11",
          "number_of_replicas": "0"
        }
      },
      "index_settings_results": {
        "applied_to_data_stream_only": [
          "index.number_of_shards"
        ],
        "applied_to_data_stream_and_backing_indices": [
          "index.lifecycle.name"
        ],
        "errors": [
          {
            "index": ".ds-my-data-stream-2025.05.28-000001",
            "error": "index [.ds-my-data-stream-2025.05.28-000001] blocked by: [FORBIDDEN/9/index metadata (api)];"
          }
        ]
      }
    }
  ]
}

This shows a response to `PUT /_data_stream/my-data-stream/_settings` when a user attempts to set a setting that is not allowed on a data stream. As a result, no change was applied to the data stream.

{
  "data_streams": [
    {
      "name": "my-data-stream",
      "applied_to_data_stream": false,
      "error": "Cannot set the following settings on a data stream: [index.number_of_replicas]",
      "settings": {},
      "effective_settings": {},
      "index_settings_results": {
        "applied_to_data_stream_only": [],
        "applied_to_data_stream_and_backing_indices": []
      }
    }
  ]
}

Update data streams Generally available; Added in 7.16.0

POST /_data_stream/_modify

Api key auth Basic auth Bearer auth

Performs one or more data stream modification actions in a single atomic operation.

application/json

Body Required

actions array[object] Required

Actions to perform.
Hide actions attributes Show actions attributes object
- add_backing_index object
  
  Adds an existing index as a backing index for a data stream. The index is hidden as part of this operation. WARNING: Adding indices with the add_backing_index action can potentially result in improper data stream behavior. This should be considered an expert level API.
  Hide add_backing_index attributes Show add_backing_index attributes object
  
  data_stream string Required
  
  Data stream targeted by the action.
  
  index string Required
  
  Index for the action.
- remove_backing_index object
  
  Removes a backing index from a data stream. The index is unhidden as part of this operation. A data stream’s write index cannot be removed.
  Hide remove_backing_index attributes Show remove_backing_index attributes object
  
  data_stream string Required
  
  Data stream targeted by the action.
  
  index string Required
  
  Index for the action.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_data_stream/_modify

POST _data_stream/_modify
{
  "actions": [
    {
      "remove_backing_index": {
        "data_stream": "my-data-stream",
        "index": ".ds-my-data-stream-2023.07.26-000001"
      }
    },
    {
      "add_backing_index": {
        "data_stream": "my-data-stream",
        "index": ".ds-my-data-stream-2023.07.26-000001-downsample"
      }
    }
  ]
}

resp = client.indices.modify_data_stream(
    actions=[
        {
            "remove_backing_index": {
                "data_stream": "my-data-stream",
                "index": ".ds-my-data-stream-2023.07.26-000001"
            }
        },
        {
            "add_backing_index": {
                "data_stream": "my-data-stream",
                "index": ".ds-my-data-stream-2023.07.26-000001-downsample"
            }
        }
    ],
)

const response = await client.indices.modifyDataStream({
  actions: [
    {
      remove_backing_index: {
        data_stream: "my-data-stream",
        index: ".ds-my-data-stream-2023.07.26-000001",
      },
    },
    {
      add_backing_index: {
        data_stream: "my-data-stream",
        index: ".ds-my-data-stream-2023.07.26-000001-downsample",
      },
    },
  ],
});

response = client.indices.modify_data_stream(
  body: {
    "actions": [
      {
        "remove_backing_index": {
          "data_stream": "my-data-stream",
          "index": ".ds-my-data-stream-2023.07.26-000001"
        }
      },
      {
        "add_backing_index": {
          "data_stream": "my-data-stream",
          "index": ".ds-my-data-stream-2023.07.26-000001-downsample"
        }
      }
    ]
  }
)

$resp = $client->indices()->modifyDataStream([
    "body" => [
        "actions" => array(
            [
                "remove_backing_index" => [
                    "data_stream" => "my-data-stream",
                    "index" => ".ds-my-data-stream-2023.07.26-000001",
                ],
            ],
            [
                "add_backing_index" => [
                    "data_stream" => "my-data-stream",
                    "index" => ".ds-my-data-stream-2023.07.26-000001-downsample",
                ],
            ],
        ),
    ],
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"actions":[{"remove_backing_index":{"data_stream":"my-data-stream","index":".ds-my-data-stream-2023.07.26-000001"}},{"add_backing_index":{"data_stream":"my-data-stream","index":".ds-my-data-stream-2023.07.26-000001-downsample"}}]}' "$ELASTICSEARCH_URL/_data_stream/_modify"

client.indices().modifyDataStream(m -> m
    .actions(List.of(Action.of(a -> a
            .removeBackingIndex(r -> r
                .dataStream("my-data-stream")
                .index(".ds-my-data-stream-2023.07.26-000001")
        )),Action.of(ac -> ac
            .addBackingIndex(ad -> ad
                .dataStream("my-data-stream")
                .index(".ds-my-data-stream-2023.07.26-000001-downsample")
        ))))
);

Request example

An example body for a `POST _data_stream/_modify` request.

{
  "actions": [
    {
      "remove_backing_index": {
        "data_stream": "my-data-stream",
        "index": ".ds-my-data-stream-2023.07.26-000001"
      }
    },
    {
      "add_backing_index": {
        "data_stream": "my-data-stream",
        "index": ".ds-my-data-stream-2023.07.26-000001-downsample"
      }
    }
  ]
}

Get a document by its ID Generally available

GET /{index}/_doc/{id}

Api key auth Basic auth Bearer auth

Get a document and its source or stored fields from an index.

By default, this API is realtime and is not affected by the refresh rate of the index (when data will become visible for search). In the case where stored fields are requested with the stored_fields parameter and the document has been updated but is not yet refreshed, the API will have to parse and analyze the source to extract the stored fields. To turn off realtime behavior, set the realtime parameter to false.

Source filtering

By default, the API returns the contents of the _source field unless you have used the stored_fields parameter or the _source field is turned off. You can turn off _source retrieval by using the _source parameter:

GET my-index-000001/_doc/0?_source=false

If you only need one or two fields from the _source, use the _source_includes or _source_excludes parameters to include or filter out particular fields. This can be helpful with large documents where partial retrieval can save on network overhead Both parameters take a comma separated list of fields or wildcard expressions. For example:

GET my-index-000001/_doc/0?_source_includes=*.id&_source_excludes=entities

If you only want to specify includes, you can use a shorter notation:

GET my-index-000001/_doc/0?_source=*.id

Routing

If routing is used during indexing, the routing value also needs to be specified to retrieve a document. For example:

GET my-index-000001/_doc/2?routing=user1

This request gets the document with ID 2, but it is routed based on the user. The document is not fetched if the correct routing is not specified.

Distributed

The GET operation is hashed into a specific shard ID. It is then redirected to one of the replicas within that shard ID and returns the result. The replicas are the primary shard and its replicas within that shard ID group. This means that the more replicas you have, the better your GET scaling will be.

Versioning support

You can use the version parameter to retrieve the document only if its current version is equal to the specified one.

Internally, Elasticsearch has marked the old document as deleted and added an entirely new document. The old version of the document doesn't disappear immediately, although you won't be able to access it. Elasticsearch cleans up deleted documents in the background as you continue to index more data.

Required authorization

Index privileges: read

Path parameters

index string Required

The name of the index that contains the document.
id string Required

A unique document identifier.

Query parameters

preference string

The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.

If it is set to _local, the operation will prefer to be run on a local allocated shard when possible. If it is set to a custom value, the value is used to guarantee that the same shards will be used for the same custom value. This can help with "jumping values" when hitting different shards in different refresh states. A sample value can be something like the web session ID or the user name.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
refresh boolean

If true, the request refreshes the relevant shards before retrieving the document. Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
routing string

A custom value used to route operations to a specific shard.
_source boolean | string | array[string]

Indicates whether to return the _source field (true or false) or lists the fields to return.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored.
stored_fields string | array[string]

A comma-separated list of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. Only leaf fields can be retrieved with the stored_field option. Object fields can't be returned;if specified, the request fails.
version number

The version number for concurrency control. It must match the current version of the document for the request to succeed.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
Values are internal, external, or external_gte.

Responses

200 application/json
Hide response attributes Show response attributes object
- _index string Required
  
  The name of the index the document belongs to.
- fields object
  
  If the stored_fields parameter is set to true and found is true, it contains the document fields stored in the index.
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
- _ignored array[string]
- found boolean Required
  
  Indicates whether the document exists.
- _id string Required
  
  The unique identifier for the document.
- _primary_term number
  
  The primary term assigned to the document for the indexing operation.
- _routing string
  
  The explicit routing, if set.
- _seq_no number
  
  The sequence number assigned to the document for the indexing operation. Sequence numbers are used to ensure an older version of a document doesn't overwrite a newer version.
- _source object
  
  If found is true, it contains the document data formatted in JSON. If the _source parameter is set to false or the stored_fields parameter is set to true, it is excluded.
- _version number
  
  The document version, which is ncremented each time the document is updated.

GET /{index}/_doc/{id}

GET my-index-000001/_doc/1?stored_fields=tags,counter

resp = client.get(
    index="my-index-000001",
    id="1",
    stored_fields="tags,counter",
)

const response = await client.get({
  index: "my-index-000001",
  id: 1,
  stored_fields: "tags,counter",
});

response = client.get(
  index: "my-index-000001",
  id: "1",
  stored_fields: "tags,counter"
)

$resp = $client->get([
    "index" => "my-index-000001",
    "id" => "1",
    "stored_fields" => "tags,counter",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001/_doc/1?stored_fields=tags,counter"

Response examples (200)

A successful response from `GET my-index-000001/_doc/0`. It retrieves the JSON document with the `_id` 0 from the `my-index-000001` index.

{
  "_index": "my-index-000001",
  "_id": "0",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "found": true,
  "_source": {
    "@timestamp": "2099-11-15T14:12:12",
    "http": {
      "request": {
        "method": "get"
      },
      "response": {
        "status_code": 200,
        "bytes": 1070000
      },
      "version": "1.1"
    },
    "source": {
      "ip": "127.0.0.1"
    },
    "message": "GET /search HTTP/1.1 200 1070000",
    "user": {
      "id": "kimchy"
    }
  }
}

A successful response from `GET my-index-000001/_doc/1?stored_fields=tags,counter`, which retrieves a set of stored fields. Field values fetched from the document itself are always returned as an array. Any requested fields that are not stored (such as the counter field in this example) are ignored.

{
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 1,
  "_seq_no" : 22,
  "_primary_term" : 1,
  "found": true,
  "fields": {
      "tags": [
        "production"
      ]
  }
}

A successful response from `GET my-index-000001/_doc/2?routing=user1&stored_fields=tags,counter`, which retrieves the `_routing` metadata field.

{
  "_index": "my-index-000001",
  "_id": "2",
  "_version": 1,
  "_seq_no" : 13,
  "_primary_term" : 1,
  "_routing": "user1",
  "found": true,
  "fields": {
      "tags": [
        "env2"
      ]
  }
}

Create or update a document in an index Generally available

POST /{index}/_doc/{id}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

POST /{index}/_doc

PUT /{index}/_doc/{id}

POST /{index}/_doc/{id}

Add a JSON document to the specified data stream or index and make it searchable. If the target is an index and the document already exists, the request updates the document and increments its version.

NOTE: You cannot use this API to send update requests for existing documents in a data stream.

If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or index alias:

To add or overwrite a document using the PUT /<target>/_doc/<_id> request format, you must have the create, index, or write index privilege.
To add a document using the POST /<target>/_doc/ request format, you must have the create_doc, create, index, or write index privilege.
To automatically create a data stream or index with this API request, you must have the auto_configure, create_index, or manage index privilege.

Automatic data stream creation requires a matching index template with data stream enabled.

NOTE: Replica shards might not all be started when an indexing operation returns successfully. By default, only the primary is required. Set wait_for_active_shards to change this default behavior.

Automatically create data streams and indices

If the request's target doesn't exist and matches an index template with a data_stream definition, the index operation automatically creates the data stream.

If the target doesn't exist and doesn't match a data stream template, the operation automatically creates the index and applies any matching index templates.

NOTE: Elasticsearch includes several built-in index templates. To avoid naming collisions with these templates, refer to index pattern documentation.

If no mapping exists, the index operation creates a dynamic mapping. By default, new fields and objects are automatically added to the mapping if needed.

Automatic index creation is controlled by the action.auto_create_index setting. If it is true, any index can be created automatically. You can modify this setting to explicitly allow or block automatic creation of indices that match specified patterns or set it to false to turn off automatic index creation entirely. Specify a comma-separated list of patterns you want to allow or prefix each pattern with + or - to indicate whether it should be allowed or blocked. When a list is specified, the default behaviour is to disallow.

NOTE: The action.auto_create_index setting affects the automatic creation of indices only. It does not affect the creation of data streams.

Optimistic concurrency control

Index operations can be made conditional and only be performed if the last modification to the document was assigned the sequence number and primary term specified by the if_seq_no and if_primary_term parameters. If a mismatch is detected, the operation will result in a VersionConflictException and a status code of 409.

Routing

By default, shard placement — or routing — is controlled by using a hash of the document's ID value. For more explicit control, the value fed into the hash function used by the router can be directly specified on a per-operation basis using the routing parameter.

When setting up explicit mapping, you can also use the _routing field to direct the index operation to extract the routing value from the document itself. This does come at the (very minimal) cost of an additional document parsing pass. If the _routing mapping is defined and set to be required, the index operation will fail if no routing value is provided or extracted.

NOTE: Data streams do not support custom routing unless they were created with the allow_custom_routing setting enabled in the template.

Distributed

The index operation is directed to the primary shard based on its route and performed on the actual node containing this shard. After the primary shard completes the operation, if needed, the update is distributed to applicable replicas.

Active shards

To improve the resiliency of writes to the system, indexing operations can be configured to wait for a certain number of active shard copies before proceeding with the operation. If the requisite number of active shard copies are not available, then the write operation must wait and retry, until either the requisite shard copies have started or a timeout occurs. By default, write operations only wait for the primary shards to be active before proceeding (that is to say wait_for_active_shards is 1). This default can be overridden in the index settings dynamically by setting index.write.wait_for_active_shards. To alter this behavior per operation, use the wait_for_active_shards request parameter.

Valid values are all or any positive integer up to the total number of configured copies per shard in the index (which is number_of_replicas+1). Specifying a negative value or a number greater than the number of shard copies will throw an error.

For example, suppose you have a cluster of three nodes, A, B, and C and you create an index index with the number of replicas set to 3 (resulting in 4 shard copies, one more copy than there are nodes). If you attempt an indexing operation, by default the operation will only ensure the primary copy of each shard is available before proceeding. This means that even if B and C went down and A hosted the primary shard copies, the indexing operation would still proceed with only one copy of the data. If wait_for_active_shards is set on the request to 3 (and all three nodes are up), the indexing operation will require 3 active shard copies before proceeding. This requirement should be met because there are 3 active nodes in the cluster, each one holding a copy of the shard. However, if you set wait_for_active_shards to all (or to 4, which is the same in this situation), the indexing operation will not proceed as you do not have all 4 copies of each shard active in the index. The operation will timeout unless a new node is brought up in the cluster to host the fourth copy of the shard.

It is important to note that this setting greatly reduces the chances of the write operation not writing to the requisite number of shard copies, but it does not completely eliminate the possibility, because this check occurs before the write operation starts. After the write operation is underway, it is still possible for replication to fail on any number of shard copies but still succeed on the primary. The _shards section of the API response reveals the number of shard copies on which replication succeeded and failed.

No operation (noop) updates

When updating a document by using this API, a new version of the document is always created even if the document hasn't changed. If this isn't acceptable use the _update API with detect_noop set to true. The detect_noop option isn't available on this API because it doesn’t fetch the old source and isn't able to compare it against the new source.

There isn't a definitive rule for when noop updates aren't acceptable. It's a combination of lots of factors like how frequently your data source sends updates that are actually noops and how many queries per second Elasticsearch runs on the shard receiving the updates.

Versioning

Each indexed document is given a version number. By default, internal versioning is used that starts at 1 and increments with each update, deletes included. Optionally, the version number can be set to an external value (for example, if maintained in a database). To enable this functionality, version_type should be set to external. The value provided must be a numeric, long value greater than or equal to 0, and less than around 9.2e+18.

NOTE: Versioning is completely real time, and is not affected by the near real time aspects of search operations. If no version is provided, the operation runs without any version checks.

When using the external version type, the system checks to see if the version number passed to the index request is greater than the version of the currently stored document. If true, the document will be indexed and the new version number used. If the value provided is less than or equal to the stored document's version number, a version conflict will occur and the index operation will fail. For example:

PUT my-index-000001/_doc/1?version=2&version_type=external
{
  "user": {
    "id": "elkbee"
  }
}

In this example, the operation will succeed since the supplied version of 2 is higher than the current document version of 1.
If the document was already updated and its version was set to 2 or higher, the indexing command will fail and result in a conflict (409 HTTP status code).

A nice side effect is that there is no need to maintain strict ordering of async indexing operations run as a result of changes to a source database, as long as version numbers from the source database are used.
Even the simple case of updating the Elasticsearch index using data from a database is simplified if external versioning is used, as only the latest version will be used if the index operations arrive out of order.

## Required authorization

* Index privileges: `index`

External documentation

Path parameters

index string Required

The name of the data stream or index to target. If the target doesn't exist and matches the name or wildcard (*) pattern of an index template with a data_stream definition, this request creates the data stream. If the target doesn't exist and doesn't match a data stream template, this request creates the index. You can check for existing targets with the resolve index API.
id string Required

A unique identifier for the document. To automatically generate a document ID, use the POST /<target>/_doc/ request format and omit this parameter.

Query parameters

if_primary_term number

Only perform the operation if the document has this primary term.
if_seq_no number

Only perform the operation if the document has this sequence number.
include_source_on_error boolean

True or false if to include the document source in the error message in case of parsing errors.
op_type string
Set to create to only index the document if it does not already exist (put if absent). If a document with the specified _id already exists, the indexing operation will fail. The behavior is the same as using the <index>/_create endpoint. If a document ID is specified, this paramater defaults to index. Otherwise, it defaults to create. If the request targets a data stream, an op_type of create is required.

Supported values include:
- index: Overwrite any documents that already exist.
- create: Only index documents that do not already exist.
Values are index or create.
pipeline string

The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request. If a final pipeline is configured it will always run, regardless of the value of this parameter.
refresh string

If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes.

Values are true, false, or wait_for.
routing string

A custom value that is used to route operations to a specific shard.
timeout string

The period the request waits for the following operations: automatic index creation, dynamic mapping updates, waiting for active shards.

This parameter is useful for situations where the primary shard assigned to perform the operation might not be available when the operation runs. Some reasons for this might be that the primary shard is currently recovering from a gateway or undergoing relocation. By default, the operation will wait on the primary shard to become available for at least 1 minute before failing and responding with an error. The actual wait time could be longer, particularly when multiple waits occur.

External documentation
version number

An explicit version number for concurrency control. It must be a non-negative long number.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
Values are internal, external, or external_gte.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active.

Values are all or index-setting.
require_alias boolean

If true, the destination must be an index alias.
require_data_stream boolean

If true, the request's actions must target a data stream (existing or to be created).

application/json

Body Required

object

Responses

200 application/json
Hide response attributes Show response attributes object
- _id string Required
  
  The unique identifier for the added document.
- _index string Required
  
  The name of the index the document was added to.
- _primary_term number
  
  The primary term assigned to the document for the indexing operation.
- result string Required
  
  The result of the indexing operation: created or updated.
  
  Values are created, updated, deleted, not_found, or noop.
- _seq_no number
  
  The sequence number assigned to the document for the indexing operation. Sequence numbers are used to ensure an older version of a document doesn't overwrite a newer version.
- _shards object Required
  
  Information about the replication process of the operation.
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  The number of shards the operation or search attempted to run on but failed.
  
  successful number Required
  
  The number of shards the operation or search succeeded on.
  
  total number Required
  
  The number of shards the operation or search will run on overall.
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  shard number
  
  status string
  
  primary boolean
  
  skipped number
- _version number Required
  
  The document version, which is incremented each time the document is updated.
- failure_store string
  
  The role of the failure store in this document response
  
  Values are not_applicable_or_unknown, used, not_enabled, or failed.
- forced_refresh boolean

POST /{index}/_doc/{id}

POST my-index-000001/_doc/
{
  "@timestamp": "2099-11-15T13:12:00",
  "message": "GET /search HTTP/1.1 200 1070000",
  "user": {
    "id": "kimchy"
  }
}

resp = client.index(
    index="my-index-000001",
    document={
        "@timestamp": "2099-11-15T13:12:00",
        "message": "GET /search HTTP/1.1 200 1070000",
        "user": {
            "id": "kimchy"
        }
    },
)

const response = await client.index({
  index: "my-index-000001",
  document: {
    "@timestamp": "2099-11-15T13:12:00",
    message: "GET /search HTTP/1.1 200 1070000",
    user: {
      id: "kimchy",
    },
  },
});

response = client.index(
  index: "my-index-000001",
  body: {
    "@timestamp": "2099-11-15T13:12:00",
    "message": "GET /search HTTP/1.1 200 1070000",
    "user": {
      "id": "kimchy"
    }
  }
)

$resp = $client->index([
    "index" => "my-index-000001",
    "body" => [
        "@timestamp" => "2099-11-15T13:12:00",
        "message" => "GET /search HTTP/1.1 200 1070000",
        "user" => [
            "id" => "kimchy",
        ],
    ],
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"@timestamp":"2099-11-15T13:12:00","message":"GET /search HTTP/1.1 200 1070000","user":{"id":"kimchy"}}' "$ELASTICSEARCH_URL/my-index-000001/_doc/"

client.index(i -> i
    .index("my-index-000001")
    .document(JsonData.fromJson("{\"@timestamp\":\"2099-11-15T13:12:00\",\"message\":\"GET /search HTTP/1.1 200 1070000\",\"user\":{\"id\":\"kimchy\"}}"))
);

Request examples

Run `POST my-index-000001/_doc/` to index a document. When you use the `POST /<target>/_doc/` request format, the `op_type` is automatically set to `create` and the index operation generates a unique ID for the document.

{
  "@timestamp": "2099-11-15T13:12:00",
  "message": "GET /search HTTP/1.1 200 1070000",
  "user": {
    "id": "kimchy"
  }
}

Run `PUT my-index-000001/_doc/1` to insert a JSON document into the `my-index-000001` index with an `_id` of 1.

{
  "@timestamp": "2099-11-15T13:12:00",
  "message": "GET /search HTTP/1.1 200 1070000",
  "user": {
    "id": "kimchy"
  }
}

Response examples (200)

A successful response from `POST my-index-000001/_doc/`, which contains an automated document ID.

{
  "_shards": {
    "total": 2,
    "failed": 0,
    "successful": 2
  },
  "_index": "my-index-000001",
  "_id": "W0tpsmIBdwcYyG50zbta",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "result": "created"
}

A successful response from `PUT my-index-000001/_doc/1`.

{
  "_shards": {
    "total": 2,
    "failed": 0,
    "successful": 2
  },
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "result": "created"
}

Check for a document source Generally available; Added in 5.4.0

HEAD /{index}/_source/{id}

Api key auth Basic auth Bearer auth

Check whether a document source exists in an index. For example:

HEAD my-index-000001/_source/1

A document's source is not available if it is disabled in the mapping.

Required authorization

Index privileges: read

External documentation

Path parameters

index string Required

A comma-separated list of data streams, indices, and aliases. It supports wildcards (*).
id string Required

A unique identifier for the document.

Query parameters

preference string

The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
refresh boolean

If true, the request refreshes the relevant shards before retrieving the document. Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing).
routing string

A custom value used to route operations to a specific shard.
_source boolean | string | array[string]

Indicates whether to return the _source field (true or false) or lists the fields to return.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude in the response.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response.
version number

The version number for concurrency control. It must match the current version of the document for the request to succeed.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
Values are internal, external, or external_gte.

Responses

200 application/json

HEAD /{index}/_source/{id}

HEAD my-index-000001/_source/1

resp = client.exists_source(
    index="my-index-000001",
    id="1",
)

const response = await client.existsSource({
  index: "my-index-000001",
  id: 1,
});

response = client.exists_source(
  index: "my-index-000001",
  id: "1"
)

$resp = $client->existsSource([
    "index" => "my-index-000001",
    "id" => "1",
]);

curl --head -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/my-index-000001/_source/1"

client.existsSource(e -> e
    .id("1")
    .index("my-index-000001")
);

Get multiple term vectors Generally available

POST /{index}/_mtermvectors

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_mtermvectors

POST /_mtermvectors

GET /{index}/_mtermvectors

POST /{index}/_mtermvectors

Get multiple term vectors with a single request. You can specify existing documents by index and ID or provide artificial documents in the body of the request. You can specify the index in the request body or request URI. The response contains a docs array with all the fetched termvectors. Each element has the structure provided by the termvectors API.

Artificial documents

You can also use mtermvectors to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified _index.

Required authorization

Index privileges: read

Path parameters

index string Required

The name of the index that contains the documents.

Query parameters

ids array[string]

A comma-separated list of documents ids. You must define ids as parameter or set "ids" or "docs" in the request body
fields string | array[string]

A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
field_statistics boolean

If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
preference string

The node or shard the operation should be performed on. It is random by default.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
routing string

A custom value used to route operations to a specific shard.
term_statistics boolean

If true, the response includes term frequency and document frequency.
version number

If true, returns the document version as part of a hit.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
Values are internal, external, or external_gte.

application/json

Body

docs array[object]

An array of existing or artificial documents.
Hide docs attributes Show docs attributes object
- _id string
  
  The ID of the document.
- _index string
  
  The index of the document.
- doc object
  
  An artificial document (a document not present in the index) for which you want to retrieve term vectors.
- fields string | array[string]
  
  Comma-separated list or wildcard expressions of fields to include in the statistics. Used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
- field_statistics boolean
  
  If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.
  
  Default value is true.
- filter object
  
  Filter terms based on their tf-idf scores.
  Hide filter attributes Show filter attributes object
  
  max_doc_freq number
  
  Ignore words which occur in more than this many docs. Defaults to unbounded.
  
  max_num_terms number
  
  The maximum number of terms that must be returned per field.
  
  Default value is 25.
  
  max_term_freq number
  
  Ignore words with more than this frequency in the source doc. It defaults to unbounded.
  
  max_word_length number
  
  The maximum word length above which words will be ignored. Defaults to unbounded.
  
  Default value is 0.
  
  min_doc_freq number
  
  Ignore terms which do not occur in at least this many docs.
  
  Default value is 1.
  
  min_term_freq number
  
  Ignore words with less than this frequency in the source doc.
  
  Default value is 1.
  
  min_word_length number
  
  The minimum word length below which words will be ignored.
  
  Default value is 0.
- offsets boolean
  
  If true, the response includes term offsets.
  
  Default value is true.
- payloads boolean
  
  If true, the response includes term payloads.
  
  Default value is true.
- positions boolean
  
  If true, the response includes term positions.
  
  Default value is true.
- routing string
  
  Custom value used to route operations to a specific shard.
- term_statistics boolean
  
  If true, the response includes term frequency and document frequency.
  
  Default value is false.
- version number
  
  If true, returns the document version as part of a hit.
- version_type string
  Specific version type.
  
  Supported values include:
  
  internal: Use internal versioning that starts at 1 and increments with each update or delete.
  
  external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
  
  external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
  Values are internal, external, or external_gte.
ids array[string]

A simplified syntax to specify documents by their ID if they're in the same index.

Responses

200 application/json
Hide response attribute Show response attribute object
- docs array[object] Required
  
  Hide docs attributes Show docs attributes object
  
  _id string
  
  _index string Required
  
  _version number
  
  took number
  
  found boolean
  
  term_vectors object
  
  Hide term_vectors attribute Show term_vectors attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  field_statistics object
  
  terms object Required
  
  Hide terms attribute Show terms attribute object
  
  * object Additional properties
  
  error object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string | null
  
  A human-readable explanation of the error, in English.
  
  One of:
  string-1 string string-2 string | null
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  root_cause array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  suppressed array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

POST /{index}/_mtermvectors

POST /my-index-000001/_mtermvectors
{
  "docs": [
      {
        "_id": "2",
        "fields": [
            "message"
        ],
        "term_statistics": true
      },
      {
        "_id": "1"
      }
  ]
}

resp = client.mtermvectors(
    index="my-index-000001",
    docs=[
        {
            "_id": "2",
            "fields": [
                "message"
            ],
            "term_statistics": True
        },
        {
            "_id": "1"
        }
    ],
)

const response = await client.mtermvectors({
  index: "my-index-000001",
  docs: [
    {
      _id: "2",
      fields: ["message"],
      term_statistics: true,
    },
    {
      _id: "1",
    },
  ],
});

response = client.mtermvectors(
  index: "my-index-000001",
  body: {
    "docs": [
      {
        "_id": "2",
        "fields": [
          "message"
        ],
        "term_statistics": true
      },
      {
        "_id": "1"
      }
    ]
  }
)

$resp = $client->mtermvectors([
    "index" => "my-index-000001",
    "body" => [
        "docs" => array(
            [
                "_id" => "2",
                "fields" => array(
                    "message",
                ),
                "term_statistics" => true,
            ],
            [
                "_id" => "1",
            ],
        ),
    ],
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"docs":[{"_id":"2","fields":["message"],"term_statistics":true},{"_id":"1"}]}' "$ELASTICSEARCH_URL/my-index-000001/_mtermvectors"

client.mtermvectors(m -> m
    .docs(List.of(MultiTermVectorsOperation.of(mu -> mu
            .id("2")
            .fields("message")
            .termStatistics(true)),MultiTermVectorsOperation.of(mu -> mu
            .id("1"))))
    .index("my-index-000001")
);

Request examples

Run `POST /my-index-000001/_mtermvectors`. When you specify an index in the request URI, the index does not need to be specified for each documents in the request body.

{
  "docs": [
      {
        "_id": "2",
        "fields": [
            "message"
        ],
        "term_statistics": true
      },
      {
        "_id": "1"
      }
  ]
}

Run `POST /my-index-000001/_mtermvectors`. If all requested documents are in same index and the parameters are the same, you can use a simplified syntax.

{
  "ids": [ "1", "2" ],
  "fields": [
    "message"
  ],
  "term_statistics": true
}

Run `POST /_mtermvectors` to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified `_index`.

{
  "docs": [
      {
        "_index": "my-index-000001",
        "doc" : {
            "message" : "test test test"
        }
      },
      {
        "_index": "my-index-000001",
        "doc" : {
          "message" : "Another test ..."
        }
      }
  ]
}

Reindex documents Generally available; Added in 2.3.0

POST /_reindex

Api key auth Basic auth Bearer auth

Copy documents from a source to a destination. You can copy all documents to the destination index or reindex a subset of the documents. The source can be any existing index, alias, or data stream. The destination must differ from the source. For example, you cannot reindex a data stream into itself.

IMPORTANT: Reindex requires _source to be enabled for all documents in the source. The destination should be configured as wanted before calling the reindex API. Reindex does not copy the settings from the source or its associated template. Mappings, shard counts, and replicas, for example, must be configured ahead of time.

If the Elasticsearch security features are enabled, you must have the following security privileges:

The read index privilege for the source data stream, index, or alias.
The write index privilege for the destination data stream, index, or index alias.
To automatically create a data stream or index with a reindex API request, you must have the auto_configure, create_index, or manage index privilege for the destination data stream, index, or alias.
If reindexing from a remote cluster, the source.remote.user must have the monitor cluster privilege and the read index privilege for the source data stream, index, or alias.

If reindexing from a remote cluster, you must explicitly allow the remote host in the reindex.remote.whitelist setting. Automatic data stream creation requires a matching index template with data stream enabled.

The dest element can be configured like the index API to control optimistic concurrency control. Omitting version_type or setting it to internal causes Elasticsearch to blindly dump documents into the destination, overwriting any that happen to have the same ID.

Setting version_type to external causes Elasticsearch to preserve the version from the source, create any documents that are missing, and update any documents that have an older version in the destination than they do in the source.

Setting op_type to create causes the reindex API to create only missing documents in the destination. All existing documents will cause a version conflict.

IMPORTANT: Because data streams are append-only, any reindex request to a destination data stream must have an op_type of create. A reindex can only add new documents to a destination data stream. It cannot update existing documents in a destination data stream.

By default, version conflicts abort the reindex process. To continue reindexing if there are conflicts, set the conflicts request body property to proceed. In this case, the response includes a count of the version conflicts that were encountered. Note that the handling of other error types is unaffected by the conflicts property. Additionally, if you opt to count version conflicts, the operation could attempt to reindex more documents from the source than max_docs until it has successfully indexed max_docs documents into the target or it has gone through every document in the source query.

NOTE: The reindex API makes no effort to handle ID collisions. The last document written will "win" but the order isn't usually predictable so it is not a good idea to rely on this behavior. Instead, make sure that IDs are unique by using a script.

Running reindex asynchronously

If the request contains wait_for_completion=false, Elasticsearch performs some preflight checks, launches the request, and returns a task you can use to cancel or get the status of the task. Elasticsearch creates a record of this task as a document at _tasks/<task_id>.

Reindex from multiple sources

If you have many sources to reindex it is generally better to reindex them one at a time rather than using a glob pattern to pick up multiple sources. That way you can resume the process if there are any errors by removing the partially completed source and starting over. It also makes parallelizing the process fairly simple: split the list of sources to reindex and run each list in parallel.

For example, you can use a bash script like this:

for index in i1 i2 i3 i4 i5; do
  curl -HContent-Type:application/json -XPOST localhost:9200/_reindex?pretty -d'{
    "source": {
      "index": "'$index'"
    },
    "dest": {
      "index": "'$index'-reindexed"
    }
  }'
done

Throttling

Set requests_per_second to any positive decimal number (1.4, 6, 1000, for example) to throttle the rate at which reindex issues batches of index operations. Requests are throttled by padding each batch with a wait time. To turn off throttling, set requests_per_second to -1.

The throttling is done by waiting between batches so that the scroll that reindex uses internally can be given a timeout that takes into account the padding. The padding time is the difference between the batch size divided by the requests_per_second and the time spent writing. By default the batch size is 1000, so if requests_per_second is set to 500:

target_time = 1000 / 500 per second = 2 seconds
wait_time = target_time - write_time = 2 seconds - .5 seconds = 1.5 seconds

Since the batch is issued as a single bulk request, large batch sizes cause Elasticsearch to create many requests and then wait for a while before starting the next set. This is "bursty" instead of "smooth".

Slicing

Reindex supports sliced scroll to parallelize the reindexing process. This parallelization can improve efficiency and provide a convenient way to break the request down into smaller parts.

NOTE: Reindexing from remote clusters does not support manual or automatic slicing.

You can slice a reindex request manually by providing a slice ID and total number of slices to each request. You can also let reindex automatically parallelize by using sliced scroll to slice on _id. The slices parameter specifies the number of slices to use.

Adding slices to the reindex request just automates the manual process, creating sub-requests which means it has some quirks:

You can see these requests in the tasks API. These sub-requests are "child" tasks of the task for the request with slices.
Fetching the status of the task for the request with slices only contains the status of completed slices.
These sub-requests are individually addressable for things like cancellation and rethrottling.
Rethrottling the request with slices will rethrottle the unfinished sub-request proportionally.
Canceling the request with slices will cancel each sub-request.
Due to the nature of slices, each sub-request won't get a perfectly even portion of the documents. All documents will be addressed, but some slices may be larger than others. Expect larger slices to have a more even distribution.
Parameters like requests_per_second and max_docs on a request with slices are distributed proportionally to each sub-request. Combine that with the previous point about distribution being uneven and you should conclude that using max_docs with slices might not result in exactly max_docs documents being reindexed.
Each sub-request gets a slightly different snapshot of the source, though these are all taken at approximately the same time.

If slicing automatically, setting slices to auto will choose a reasonable number for most indices. If slicing manually or otherwise tuning automatic slicing, use the following guidelines.

Query performance is most efficient when the number of slices is equal to the number of shards in the index. If that number is large (for example, 500), choose a lower number as too many slices will hurt performance. Setting slices higher than the number of shards generally does not improve efficiency and adds overhead.

Indexing performance scales linearly across available resources with the number of slices.

Whether query or indexing performance dominates the runtime depends on the documents being reindexed and cluster resources.

Modify documents during reindexing

Like _update_by_query, reindex operations support a script that modifies the document. Unlike _update_by_query, the script is allowed to modify the document's metadata.

Just as in _update_by_query, you can set ctx.op to change the operation that is run on the destination. For example, set ctx.op to noop if your script decides that the document doesn’t have to be indexed in the destination. This "no operation" will be reported in the noop counter in the response body. Set ctx.op to delete if your script decides that the document must be deleted from the destination. The deletion will be reported in the deleted counter in the response body. Setting ctx.op to anything else will return an error, as will setting any other field in ctx.

Think of the possibilities! Just be careful; you are able to change:

_id
_index
_version
_routing

Setting _version to null or clearing it from the ctx map is just like not sending the version in an indexing request. It will cause the document to be overwritten in the destination regardless of the version on the target or the version type you use in the reindex API.

Reindex from remote

Reindex supports reindexing from a remote Elasticsearch cluster. The host parameter must contain a scheme, host, port, and optional path. The username and password parameters are optional and when they are present the reindex operation will connect to the remote Elasticsearch node using basic authentication. Be sure to use HTTPS when using basic authentication or the password will be sent in plain text. There are a range of settings available to configure the behavior of the HTTPS connection.

When using Elastic Cloud, it is also possible to authenticate against the remote cluster through the use of a valid API key. Remote hosts must be explicitly allowed with the reindex.remote.whitelist setting. It can be set to a comma delimited list of allowed remote host and port combinations. Scheme is ignored; only the host and port are used. For example:

reindex.remote.whitelist: [otherhost:9200, another:9200, 127.0.10.*:9200, localhost:*"]

The list of allowed hosts must be configured on any nodes that will coordinate the reindex. This feature should work with remote clusters of any version of Elasticsearch. This should enable you to upgrade from any version of Elasticsearch to the current version by reindexing from a cluster of the old version.

WARNING: Elasticsearch does not support forward compatibility across major versions. For example, you cannot reindex from a 7.x cluster into a 6.x cluster.

To enable queries sent to older versions of Elasticsearch, the query parameter is sent directly to the remote host without validation or modification.

NOTE: Reindexing from remote clusters does not support manual or automatic slicing.

Reindexing from a remote server uses an on-heap buffer that defaults to a maximum size of 100mb. If the remote index includes very large documents you'll need to use a smaller batch size. It is also possible to set the socket read timeout on the remote connection with the socket_timeout field and the connection timeout with the connect_timeout field. Both default to 30 seconds.

Configuring SSL parameters

Reindex from remote supports configurable SSL settings. These must be specified in the elasticsearch.yml file, with the exception of the secure settings, which you add in the Elasticsearch keystore. It is not possible to configure SSL in the body of the reindex request.

Required authorization

Index privileges: read,write

Query parameters

refresh boolean

If true, the request refreshes affected shards to make this operation visible to search.
requests_per_second number

The throttle for this request in sub-requests per second. By default, there is no throttle.
scroll string

The period of time that a consistent view of the index should be maintained for scrolled search.

External documentation
slices number | string

The number of slices this task should be divided into. It defaults to one slice, which means the task isn't sliced into subtasks.

Reindex supports sliced scroll to parallelize the reindexing process. This parallelization can improve efficiency and provide a convenient way to break the request down into smaller parts.

NOTE: Reindexing from remote clusters does not support manual or automatic slicing.

If set to auto, Elasticsearch chooses the number of slices to use. This setting will use one slice per shard, up to a certain limit. If there are multiple sources, it will choose the number of slices based on the index or backing index with the smallest number of shards.

Value is auto.
max_docs number

The maximum number of documents to reindex. By default, all documents are reindexed. If it is a value less then or equal to scroll_size, a scroll will not be used to retrieve the results for the operation.

If conflicts is set to proceed, the reindex operation could attempt to reindex more documents from the source than max_docs until it has successfully indexed max_docs documents into the target or it has gone through every document in the source query.
timeout string

The period each indexing waits for automatic index creation, dynamic mapping updates, and waiting for active shards. By default, Elasticsearch waits for at least one minute before failing. The actual wait time could be longer, particularly when multiple waits occur.

External documentation
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value is one, which means it waits for each primary shard to be active.

Values are all or index-setting.
wait_for_completion boolean

If true, the request blocks until the operation is complete.
require_alias boolean

If true, the destination must be an index alias.

application/json

Body Required

conflicts string
Indicates whether to continue reindexing even when there are conflicts.

Supported values include:
- abort: Stop reindexing if there are conflicts.
- proceed: Continue reindexing even if there are conflicts.
Values are abort or proceed.
dest object Required

The destination you are copying to.
Hide dest attributes Show dest attributes object
- index string Required
  
  The name of the data stream, index, or index alias you are copying to.
- op_type string
  If it is create, the operation will only index documents that do not already exist (also known as "put if absent").
  
  IMPORTANT: To reindex to a data stream destination, this argument must be create.
  
  Supported values include:
  
  index: Overwrite any documents that already exist.
  
  create: Only index documents that do not already exist.
  Values are index or create.
- pipeline string
  
  The name of the pipeline to use.
- routing string
  
  By default, a document's routing is preserved unless it's changed by the script. If it is keep, the routing on the bulk request sent for each match is set to the routing on the match. If it is discard, the routing on the bulk request sent for each match is set to null. If it is =value, the routing on the bulk request sent for each match is set to all value specified after the equals sign (=).
- version_type string
  The versioning to use for the indexing operation.
  
  Supported values include:
  
  internal: Use internal versioning that starts at 1 and increments with each update or delete.
  
  external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
  
  external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
  Values are internal, external, or external_gte.
max_docs number

The maximum number of documents to reindex. By default, all documents are reindexed. If it is a value less then or equal to scroll_size, a scroll will not be used to retrieve the results for the operation.

If conflicts is set to proceed, the reindex operation could attempt to reindex more documents from the source than max_docs until it has successfully indexed max_docs documents into the target or it has gone through every document in the source query.
script object

The script to run to update the document source or metadata when reindexing.
Hide script attributes Show script attributes object
- source string
  
  The script source.
- id string
  
  The id for a stored script.
- params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  Hide params attribute Show params attribute object
  
  * object Additional properties
- lang string
  
  Specifies the language the script is written in.
  
  Supported values include:
  
  painless: Painless scripting language, purpose-built for Elasticsearch.
  
  expression: Lucene’s expressions language, compiles a JavaScript expression to bytecode.
  
  mustache: Mustache templated, used for templates.
  
  java: Expert Java API
  
  Any of:
  string-1 string string-2 string
  
  Specifies the language the script is written in.
  
  Supported values include:
  
  painless: Painless scripting language, purpose-built for Elasticsearch.
  
  expression: Lucene’s expressions language, compiles a JavaScript expression to bytecode.
  
  mustache: Mustache templated, used for templates.
  
  java: Expert Java API
  
  Values are painless, expression, mustache, or java.
- options object
  Hide options attribute Show options attribute object
  
  * string Additional properties
source object Required

The source you are copying from.
Hide source attributes Show source attributes object
- index string | array[string] Required
 
 The name of the data stream, index, or alias you are copying from. It accepts a comma-separated list to reindex from multiple sources.
- query object
 
 The documents to reindex, which is defined with Query DSL.
 
 External documentation
- remote object
 
 A remote instance of Elasticsearch that you want to index from.
 Hide remote attributes Show remote attributes object
 
 connect_timeout string
 
 The remote connection timeout.
 
 External documentation
 
 headers object
 
 An object containing the headers of the request.
 
 Hide headers attribute Show headers attribute object
 
 * string Additional properties
 
 host string Required
 
 The URL for the remote instance of Elasticsearch that you want to index from. This information is required when you're indexing from remote.
 
 username string
 
 The username to use for authentication with the remote host.
 
 password string
 
 The password to use for authentication with the remote host.
 
 socket_timeout string
 
 The remote socket read timeout.
 
 External documentation
- size number
 
 The number of documents to index per batch. Use it when you are indexing from remote to ensure that the batches fit within the on-heap buffer, which defaults to a maximum size of 100 MB.
 
 Default value is 1000.
- slice object
 
 Slice the reindex request manually using the provided slice ID and total number of slices.
 Hide slice attributes Show slice attributes object
 
 field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 id string Required
 
 max number Required
- sort string | object | array[string | object]
 
 A comma-separated list of <field>:<direction> pairs to sort by before indexing. Use it in conjunction with max_docs to control what documents are reindexed.
 
 WARNING: Sort in reindex is deprecated. Sorting in reindex was never guaranteed to index documents in order and prevents further development of reindex such as resilience and performance improvements. If used in combination with max_docs, consider using a query filter instead.
 
 One of:
 Field string SortOptions object array-2 array[string | object]
 
 A comma-separated list of <field>:<direction> pairs to sort by before indexing. Use it in conjunction with max_docs to control what documents are reindexed.
 
 WARNING: Sort in reindex is deprecated. Sorting in reindex was never guaranteed to index documents in order and prevents further development of reindex such as resilience and performance improvements. If used in combination with max_docs, consider using a query filter instead.
 
 A comma-separated list of <field>:<direction> pairs to sort by before indexing. Use it in conjunction with max_docs to control what documents are reindexed.
 
 WARNING: Sort in reindex is deprecated. Sorting in reindex was never guaranteed to index documents in order and prevents further development of reindex such as resilience and performance improvements. If used in combination with max_docs, consider using a query filter instead.
 
 A comma-separated list of <field>:<direction> pairs to sort by before indexing. Use it in conjunction with max_docs to control what documents are reindexed.
 
 WARNING: Sort in reindex is deprecated. Sorting in reindex was never guaranteed to index documents in order and prevents further development of reindex such as resilience and performance improvements. If used in combination with max_docs, consider using a query filter instead.
- _source string | array[string]
 
 If true, reindex all source fields. Set it to a list to reindex select fields.
- runtime_mappings object
 Hide runtime_mappings attribute Show runtime_mappings attribute object
 
 * object Additional properties
 
 Hide * attributes Show * attributes object
 
 fields object
 
 For type composite
 
 Hide fields attribute Show fields attribute object
 
 * object Additional properties
 
 fetch_fields array[object]
 
 For type lookup
 
 format string
 
 A custom format for date type runtime fields.
 
 input_field string
 
 For type lookup
 
 target_field string
 
 For type lookup
 
 target_index string
 
 For type lookup
 
 script object
 
 Painless script executed at query time.
 
 type string Required
 
 Field type, which can be: boolean, composite, date, double, geo_point, ip,keyword, long, or lookup.
 
 Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.

Responses

200 application/json
Hide response attributes Show response attributes object
- batches number
  
  The number of scroll responses that were pulled back by the reindex.
- created number
  
  The number of documents that were successfully created.
- deleted number
  
  The number of documents that were successfully deleted.
- failures array[object]
  
  If there were any unrecoverable errors during the process, it is an array of those failures. If this array is not empty, the request ended because of those failures. Reindex is implemented using batches and any failure causes the entire process to end but all failures in the current batch are collected into the array. You can use the conflicts option to prevent the reindex from ending on version conflicts.
  
  Hide failures attributes Show failures attributes object
  
  cause object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide cause attributes Show cause attributes object
  
  type string Required
  
  The type of error
  
  reason string | null
  
  A human-readable explanation of the error, in English.
  
  One of:
  string-1 string string-2 string | null
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  root_cause array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  suppressed array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  id string Required
  
  index string Required
  
  status number Required
- noops number
  
  The number of documents that were ignored because the script used for the reindex returned a noop value for ctx.op.
- retries object
  
  The number of retries attempted by reindex.
  
  Hide retries attributes Show retries attributes object
  
  bulk number Required
  
  The number of bulk actions retried.
  
  search number Required
  
  The number of search actions retried.
- requests_per_second number
  
  The number of requests per second effectively run during the reindex.
- slice_id number
- task string | number
  
  One of:
  string-1 string number-2 number
- throttled_millis number
  
  Time unit for milliseconds
- throttled_until_millis number
  
  Time unit for milliseconds
- timed_out boolean
  
  If any of the requests that ran during the reindex timed out, it is true.
- took number
  
  Time unit for milliseconds
- total number
  
  The number of documents that were successfully processed.
- updated number
  
  The number of documents that were successfully updated. That is to say, a document with the same ID already existed before the reindex updated it.
- version_conflicts number
  
  The number of version conflicts that occurred.

POST /_reindex

POST _reindex
{
  "source": {
    "index": ["my-index-000001", "my-index-000002"]
  },
  "dest": {
    "index": "my-new-index-000002"
  }
}

resp = client.reindex(
    source={
        "index": [
            "my-index-000001",
            "my-index-000002"
        ]
    },
    dest={
        "index": "my-new-index-000002"
    },
)

const response = await client.reindex({
  source: {
    index: ["my-index-000001", "my-index-000002"],
  },
  dest: {
    index: "my-new-index-000002",
  },
});

response = client.reindex(
  body: {
    "source": {
      "index": [
        "my-index-000001",
        "my-index-000002"
      ]
    },
    "dest": {
      "index": "my-new-index-000002"
    }
  }
)

$resp = $client->reindex([
    "body" => [
        "source" => [
            "index" => array(
                "my-index-000001",
                "my-index-000002",
            ),
        ],
        "dest" => [
            "index" => "my-new-index-000002",
        ],
    ],
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"source":{"index":["my-index-000001","my-index-000002"]},"dest":{"index":"my-new-index-000002"}}' "$ELASTICSEARCH_URL/_reindex"

client.reindex(r -> r
  .dest(d -> d
    .index("my-new-index-000002")
  )
  .source(s -> s
    .index(List.of("my-index-000001","my-index-000002"))
  )
);

Request examples

Run `POST _reindex` to reindex from multiple sources. The `index` attribute in source can be a list, which enables you to copy from lots of sources in one request. This example copies documents from the `my-index-000001` and `my-index-000002` indices.

{
  "source": {
    "index": ["my-index-000001", "my-index-000002"]
  },
  "dest": {
    "index": "my-new-index-000002"
  }
}

You can use Painless to reindex daily indices to apply a new template to the existing documents. The script extracts the date from the index name and creates a new index with `-1` appended. For example, all data from `metricbeat-2016.05.31` will be reindexed into `metricbeat-2016.05.31-1`.

{
  "source": {
    "index": "metricbeat-*"
  },
  "dest": {
    "index": "metricbeat"
  },
  "script": {
    "lang": "painless",
    "source": "ctx._index = 'metricbeat-' + (ctx._index.substring('metricbeat-'.length(), ctx._index.length())) + '-1'"
  }
}

Run `POST _reindex` to extract a random subset of the source for testing. You might need to adjust the `min_score` value depending on the relative amount of data extracted from source.

{
  "max_docs": 10,
  "source": {
    "index": "my-index-000001",
    "query": {
      "function_score" : {
        "random_score" : {},
        "min_score" : 0.9
      }
    }
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

Run `POST _reindex` to modify documents during reindexing. This example bumps the version of the source document.

{
  "source": {
    "index": "my-index-000001"
  },
  "dest": {
    "index": "my-new-index-000001",
    "version_type": "external"
  },
  "script": {
    "source": "if (ctx._source.foo == 'bar') {ctx._version++; ctx._source.remove('foo')}",
    "lang": "painless"
  }
}

When using Elastic Cloud, you can run `POST _reindex` and authenticate against a remote cluster with an API key.

{
  "source": {
    "remote": {
      "host": "http://otherhost:9200",
      "username": "user",
      "password": "pass"
    },
    "index": "my-index-000001",
    "query": {
      "match": {
        "test": "data"
      }
    }
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

Run `POST _reindex` to slice a reindex request manually. Provide a slice ID and total number of slices to each request.

{
  "source": {
    "index": "my-index-000001",
    "slice": {
      "id": 0,
      "max": 2
    }
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

Run `POST _reindex?slices=5&refresh` to automatically parallelize using sliced scroll to slice on `_id`. The `slices` parameter specifies the number of slices to use.

{
  "source": {
    "index": "my-index-000001"
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

By default if reindex sees a document with routing then the routing is preserved unless it's changed by the script. You can set `routing` on the `dest` request to change this behavior. In this example, run `POST _reindex` to copy all documents from the `source` with the company name `cat` into the `dest` with routing set to `cat`.

{
  "source": {
    "index": "source",
    "query": {
      "match": {
        "company": "cat"
      }
    }
  },
  "dest": {
    "index": "dest",
    "routing": "=cat"
  }
}

Run `POST _reindex` and use the ingest pipelines feature.

{
  "source": {
    "index": "source"
  },
  "dest": {
    "index": "dest",
    "pipeline": "some_ingest_pipeline"
  }
}

Run `POST _reindex` and add a query to the `source` to limit the documents to reindex. For example, this request copies documents into `my-new-index-000001` only if they have a `user.id` of `kimchy`.

{
  "source": {
    "index": "my-index-000001",
    "query": {
      "term": {
        "user.id": "kimchy"
      }
    }
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

You can limit the number of processed documents by setting `max_docs`. For example, run `POST _reindex` to copy a single document from `my-index-000001` to `my-new-index-000001`.

{
  "max_docs": 1,
  "source": {
    "index": "my-index-000001"
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

You can use source filtering to reindex a subset of the fields in the original documents. For example, run `POST _reindex` the reindex only the `user.id` and `_doc` fields of each document.

{
  "source": {
    "index": "my-index-000001",
    "_source": ["user.id", "_doc"]
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}

A reindex operation can build a copy of an index with renamed fields. If your index has documents with `text` and `flag` fields, you can change the latter field name to `tag` during the reindex.

{
  "source": {
    "index": "my-index-000001"
  },
  "dest": {
    "index": "my-new-index-000001"
  },
  "script": {
    "source": "ctx._source.tag = ctx._source.remove(\"flag\")"
  }
}

Throttle a reindex operation Generally available; Added in 2.4.0

POST /_reindex/{task_id}/_rethrottle

Api key auth Basic auth Bearer auth

Change the number of requests per second for a particular reindex operation. For example:

POST _reindex/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1

Rethrottling that speeds up the query takes effect immediately. Rethrottling that slows down the query will take effect after completing the current batch. This behavior prevents scroll timeouts.

Path parameters

task_id string Required

The task identifier, which can be found by using the tasks API.

Query parameters

requests_per_second number

The throttle for this request in sub-requests per second. It can be either -1 to turn off throttling or any decimal number like 1.7 or 12 to throttle to that level.

Responses

200 application/json
Hide response attribute Show response attribute object
- nodes object Required

POST /_reindex/{task_id}/_rethrottle

POST _reindex/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1

resp = client.reindex_rethrottle(
    task_id="r1A2WoRbTwKZ516z6NEs5A:36619",
    requests_per_second="-1",
)

const response = await client.reindexRethrottle({
  task_id: "r1A2WoRbTwKZ516z6NEs5A:36619",
  requests_per_second: "-1",
});

response = client.reindex_rethrottle(
  task_id: "r1A2WoRbTwKZ516z6NEs5A:36619",
  requests_per_second: "-1"
)

$resp = $client->reindexRethrottle([
    "task_id" => "r1A2WoRbTwKZ516z6NEs5A:36619",
    "requests_per_second" => "-1",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_reindex/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1"

client.reindexRethrottle(r -> r
    .requestsPerSecond(-1.0F)
    .taskId("r1A2WoRbTwKZ516z6NEs5A:36619")
);

Throttle an update by query operation Generally available; Added in 6.5.0

POST /_update_by_query/{task_id}/_rethrottle

Api key auth Basic auth Bearer auth

Change the number of requests per second for a particular update by query operation. Rethrottling that speeds up the query takes effect immediately but rethrotting that slows down the query takes effect after completing the current batch to prevent scroll timeouts.

Path parameters

task_id string Required

The ID for the task.

Query parameters

requests_per_second number

The throttle for this request in sub-requests per second. To turn off throttling, set it to -1.

Responses

200 application/json
Hide response attribute Show response attribute object
- nodes object Required

POST /_update_by_query/{task_id}/_rethrottle

POST _update_by_query/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1

resp = client.update_by_query_rethrottle(
    task_id="r1A2WoRbTwKZ516z6NEs5A:36619",
    requests_per_second="-1",
)

const response = await client.updateByQueryRethrottle({
  task_id: "r1A2WoRbTwKZ516z6NEs5A:36619",
  requests_per_second: "-1",
});

response = client.update_by_query_rethrottle(
  task_id: "r1A2WoRbTwKZ516z6NEs5A:36619",
  requests_per_second: "-1"
)

$resp = $client->updateByQueryRethrottle([
    "task_id" => "r1A2WoRbTwKZ516z6NEs5A:36619",
    "requests_per_second" => "-1",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_update_by_query/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1"

client.updateByQueryRethrottle(u -> u
    .requestsPerSecond(-1.0F)
    .taskId("r1A2WoRbTwKZ516z6NEs5A:36619")
);

Get an enrich policy Generally available; Added in 7.5.0

GET /_enrich/policy/{name}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_enrich/policy

GET /_enrich/policy/{name}

Returns information about an enrich policy.

Path parameters

name string | array[string] Required

Comma-separated list of enrich policy names used to limit the request. To return information for all enrich policies, omit this parameter.

Query parameters

master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- policies array[object] Required
  
  Hide policies attribute Show policies attribute object
  
  config object Required
  
  Hide config attribute Show config attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  enrich_fields string | array[string] Required
  
  indices string | array[string] Required
  
  match_field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  name string
  
  elasticsearch_version string

GET /_enrich/policy/{name}

GET /_enrich/policy/my-policy

resp = client.enrich.get_policy(
    name="my-policy",
)

const response = await client.enrich.getPolicy({
  name: "my-policy",
});

response = client.enrich.get_policy(
  name: "my-policy"
)

$resp = $client->enrich()->getPolicy([
    "name" => "my-policy",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_enrich/policy/my-policy"

client.enrich().getPolicy(g -> g
    .name("my-policy")
);

Create an enrich policy Generally available; Added in 7.5.0

PUT /_enrich/policy/{name}

Api key auth Basic auth Bearer auth

Creates an enrich policy.

Path parameters

name string Required

Name of the enrich policy to create or update.

Query parameters

master_timeout string

Period to wait for a connection to the master node.

External documentation

application/json

Body Required

geo_match object Additional properties

Matches enrich data to incoming documents based on a geo_shape query.
Hide geo_match attributes Show geo_match attributes object
- enrich_fields string | array[string] Required
- indices string | array[string] Required
- match_field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
- name string
- elasticsearch_version string
match object Additional properties

Matches enrich data to incoming documents based on a term query.
Hide match attributes Show match attributes object
- enrich_fields string | array[string] Required
- indices string | array[string] Required
- match_field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
- name string
- elasticsearch_version string
range object Additional properties

Matches a number, date, or IP address in incoming documents to a range in the enrich index based on a term query.
Hide range attributes Show range attributes object
- enrich_fields string | array[string] Required
- indices string | array[string] Required
- match_field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
- name string
- elasticsearch_version string

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

PUT /_enrich/policy/{name}

PUT /_enrich/policy/postal_policy
{
  "geo_match": {
    "indices": "postal_codes",
    "match_field": "location",
    "enrich_fields": [ "location", "postal_code" ]
  }
}

resp = client.enrich.put_policy(
    name="postal_policy",
    geo_match={
        "indices": "postal_codes",
        "match_field": "location",
        "enrich_fields": [
            "location",
            "postal_code"
        ]
    },
)

const response = await client.enrich.putPolicy({
  name: "postal_policy",
  geo_match: {
    indices: "postal_codes",
    match_field: "location",
    enrich_fields: ["location", "postal_code"],
  },
});

response = client.enrich.put_policy(
  name: "postal_policy",
  body: {
    "geo_match": {
      "indices": "postal_codes",
      "match_field": "location",
      "enrich_fields": [
        "location",
        "postal_code"
      ]
    }
  }
)

$resp = $client->enrich()->putPolicy([
    "name" => "postal_policy",
    "body" => [
        "geo_match" => [
            "indices" => "postal_codes",
            "match_field" => "location",
            "enrich_fields" => array(
                "location",
                "postal_code",
            ),
        ],
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"geo_match":{"indices":"postal_codes","match_field":"location","enrich_fields":["location","postal_code"]}}' "$ELASTICSEARCH_URL/_enrich/policy/postal_policy"

client.enrich().putPolicy(p -> p
    .geoMatch(g -> g
        .enrichFields(List.of("location","postal_code"))
        .indices("postal_codes")
        .matchField("location")
    )
    .name("postal_policy")
);

Request example

An example body for a `PUT /_enrich/policy/postal_policy` request.

{
  "geo_match": {
    "indices": "postal_codes",
    "match_field": "location",
    "enrich_fields": [ "location", "postal_code" ]
  }
}

Run an enrich policy Generally available; Added in 7.5.0

PUT /_enrich/policy/{name}/_execute

Api key auth Basic auth Bearer auth

Create the enrich index for an existing enrich policy.

Path parameters

name string Required

Enrich policy to execute.

Query parameters

master_timeout string

Period to wait for a connection to the master node.

External documentation
wait_for_completion boolean

If true, the request blocks other enrich policy execution requests until complete.

Responses

200 application/json
Hide response attributes Show response attributes object
- status object
  
  Hide status attributes Show status attributes object
  
  phase string Required
  
  Values are SCHEDULED, RUNNING, COMPLETE, FAILED, or CANCELLED.
  
  step string
- task string | number
  
  One of:
  string-1 string number-2 number

PUT /_enrich/policy/{name}/_execute

PUT /_enrich/policy/my-policy/_execute?wait_for_completion=false

resp = client.enrich.execute_policy(
    name="my-policy",
    wait_for_completion=False,
)

const response = await client.enrich.executePolicy({
  name: "my-policy",
  wait_for_completion: "false",
});

response = client.enrich.execute_policy(
  name: "my-policy",
  wait_for_completion: "false"
)

$resp = $client->enrich()->executePolicy([
    "name" => "my-policy",
    "wait_for_completion" => "false",
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_enrich/policy/my-policy/_execute?wait_for_completion=false"

client.enrich().executePolicy(e -> e
    .name("my-policy")
    .waitForCompletion(false)
);

Get enrich stats Generally available; Added in 7.5.0

GET /_enrich/_stats

Api key auth Basic auth Bearer auth

Returns enrich coordinator statistics and information about enrich policies that are currently executing.

Query parameters

master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- coordinator_stats array[object] Required
  
  Objects containing information about each coordinating ingest node for configured enrich processors.
  
  Hide coordinator_stats attributes Show coordinator_stats attributes object
  
  executed_searches_total number Required
  
  node_id string Required
  
  queue_size number Required
  
  remote_requests_current number Required
  
  remote_requests_total number Required
- executing_policies array[object] Required
  
  Objects containing information about each enrich policy that is currently executing.
  
  Hide executing_policies attributes Show executing_policies attributes object
  
  name string Required
  
  task object Required Additional properties
  
  Hide task attributes Show task attributes object
  
  action string Required
  
  cancelled boolean
  
  cancellable boolean Required
  
  description string
  
  Human readable text that identifies the particular request that the task is performing. For example, it might identify the search request being performed by a search task. Other kinds of tasks have different descriptions, like _reindex which has the source and the destination, or _bulk which just has the number of requests and the destination indices. Many requests will have only an empty description because more detailed information about the request is not easily available or particularly helpful in identifying the request.
  
  headers object Required
  
  Hide headers attribute Show headers attribute object
  
  * string Additional properties
  
  id number Required
  
  node string Required
  
  running_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  status object
  
  The internal status of the task, which varies from task to task. The format also varies. While the goal is to keep the status for a particular task consistent from version to version, this is not always possible because sometimes the implementation changes. Fields might be removed from the status for a particular request so any parsing you do of the status might break in minor releases.
  
  type string Required
  
  parent_task_id
- cache_stats array[object] Generally available; Added in 7.16.0
  
  Objects containing information about the enrich cache stats on each ingest node.
  
  Hide cache_stats attributes Show cache_stats attributes object
  
  node_id string Required
  
  count number Required
  
  hits number Required
  
  hits_time_in_millis number
  
  Time unit for milliseconds
  
  misses number Required
  
  misses_time_in_millis number
  
  Time unit for milliseconds
  
  evictions number Required
  
  size_in_bytes number Required

GET /_enrich/_stats

GET /_enrich/_stats

resp = client.enrich.stats()

const response = await client.enrich.stats();

response = client.enrich.stats

$resp = $client->enrich()->stats();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_enrich/_stats"

client.enrich().stats(s -> s);

Get async EQL search results Generally available; Added in 7.9.0

GET /_eql/search/{id}

Api key auth Basic auth Bearer auth

Get the current status and available results for an async EQL search or a stored synchronous EQL search.

Path parameters

id string Required

Identifier for the search.

Query parameters

keep_alive string

Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the search’s EQL search API request.

External documentation
wait_for_completion_timeout string

Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  Identifier for the search.
- is_partial boolean
  
  If true, the response does not contain complete search results.
- is_running boolean
  
  If true, the search request is still executing.
- took number
  
  Time unit for milliseconds
- timed_out boolean
  
  If true, the request timed out before completion.
- hits object Required
  
  Contains matching events and sequences. Also contains related metadata.
  
  Hide hits attributes Show hits attributes object
  
  total object
  
  Metadata about the number of matching events or sequences.
  
  Hide total attributes Show total attributes object
  
  relation string Required
  
  Supported values include:
  
  eq: Accurate
  
  gte: Lower bound, including returned events or sequences
  
  Values are eq or gte.
  
  value number Required
  
  events array[object]
  
  Contains events matching the query. Each object represents a matching event.
  
  Hide events attributes Show events attributes object
  
  _index string Required
  
  Name of the index containing the event.
  
  _id string Required
  
  Unique identifier for the event. This ID is only unique within the index.
  
  _source object Required
  
  Original JSON body passed for the event at index time.
  
  missing boolean
  
  Set to true for events in a timespan-constrained sequence that do not meet a given condition.
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * array[object] Additional properties
  
  sequences array[object]
  
  Contains event sequences matching the query. Each object represents a matching sequence. This parameter is only returned for EQL queries containing a sequence.
  
  Hide sequences attributes Show sequences attributes object
  
  events array[object] Required
  
  Contains events matching the query. Each object represents a matching event.
  
  join_keys array[object]
  
  Shared field values used to constrain matches in the sequence. These are defined using the by keyword in the EQL query syntax.
- shard_failures array[object]
  
  Contains information about shard failures (if any), in case allow_partial_search_results=true
  
  Hide shard_failures attributes Show shard_failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string | null
  
  A human-readable explanation of the error, in English.
  
  One of:
  string-1 string string-2 string | null
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  root_cause array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  suppressed array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  shard number
  
  status string
  
  primary boolean

GET /_eql/search/{id}

GET /_eql/search/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=?wait_for_completion_timeout=2s

resp = client.eql.get(
    id="FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
    wait_for_completion_timeout="2s",
)

const response = await client.eql.get({
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  wait_for_completion_timeout: "2s",
});

response = client.eql.get(
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  wait_for_completion_timeout: "2s"
)

$resp = $client->eql()->get([
    "id" => "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
    "wait_for_completion_timeout" => "2s",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_eql/search/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=?wait_for_completion_timeout=2s"

client.eql().get(g -> g
    .id("FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=")
    .waitForCompletionTimeout(w -> w
        .offset(2)
    )
);

Delete an async EQL search Generally available; Added in 7.9.0

DELETE /_eql/search/{id}

Api key auth Basic auth Bearer auth

Delete an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

Path parameters

id string Required

Identifier for the search to delete. A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_eql/search/{id}

DELETE /_eql/search/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=

resp = client.eql.delete(
    id="FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
)

const response = await client.eql.delete({
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
});

response = client.eql.delete(
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="
)

$resp = $client->eql()->delete([
    "id" => "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
]);

curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_eql/search/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="

client.eql().delete(d -> d
    .id("FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=")
);

Get the async EQL status Generally available; Added in 7.9.0

GET /_eql/search/status/{id}

Api key auth Basic auth Bearer auth

Get the current status for an async EQL search or a stored synchronous EQL search without returning results.

Path parameters

id string Required

Identifier for the search.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string Required
  
  Identifier for the search.
- is_partial boolean Required
  
  If true, the search request is still executing. If false, the search is completed.
- is_running boolean Required
  
  If true, the response does not contain complete search results. This could be because either the search is still running (is_running status is false), or because it is already completed (is_running status is true) and results are partial due to failures or timeouts.
- start_time_in_millis number
  
  Time unit for milliseconds
- expiration_time_in_millis number
  
  Time unit for milliseconds
- completion_status number
  
  For a completed search shows the http status code of the completed search.

GET /_eql/search/status/{id}

GET /_eql/search/status/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=

resp = client.eql.get_status(
    id="FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
)

const response = await client.eql.getStatus({
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
});

response = client.eql.get_status(
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="
)

$resp = $client->eql()->getStatus([
    "id" => "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_eql/search/status/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE="

client.eql().getStatus(g -> g
    .id("FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=")
);

Response examples (200)

A successful response for getting status information for an async EQL search.

{
  "id": "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  "is_running" : true,
  "is_partial" : true,
  "start_time_in_millis" : 1611690235000,
  "expiration_time_in_millis" : 1611690295000
}

Get EQL search results Generally available; Added in 7.9.0

POST /{index}/_eql/search

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /{index}/_eql/search

POST /{index}/_eql/search

Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.

External documentation

Path parameters

index string | array[string] Required

The name of the index to scope the operation

Query parameters

allow_no_indices boolean

Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
allow_partial_search_results boolean

If true, returns partial results if there are shard failures. If false, returns an error with no partial results.
allow_partial_sequence_results boolean

If true, sequence queries will return partial results in case of shard failures. If false, they will return no results at all. This flag has effect only if allow_partial_search_results is true.
expand_wildcards string | array[string]
Whether to expand wildcard expression to concrete indices that are open, closed or both.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.
ccs_minimize_roundtrips boolean

Indicates whether network round-trips should be minimized as part of cross-cluster search requests execution
ignore_unavailable boolean

If true, missing or closed indices are not included in the response.
keep_alive string

Period for which the search and its results are stored on the cluster.

External documentation
keep_on_completion boolean

If true, the search and its results are stored on the cluster.
wait_for_completion_timeout string

Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

External documentation

application/json

Body Required

query string Required

EQL query you wish to run.
case_sensitive boolean
event_category_field string

Field containing the event classification, such as process, file, or network.
tiebreaker_field string

Field used to sort hits with the same timestamp in ascending order
timestamp_field string

Field containing event timestamp. Default "@timestamp"
fetch_size number

Maximum number of events to search at a time for sequence queries.
filter object | array[object]

Query, written in Query DSL, used to filter the events on which the EQL query runs.

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
keep_alive string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

External documentation
keep_on_completion boolean
wait_for_completion_timeout string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

External documentation
allow_partial_search_results boolean

Allow query execution also in case of shard failures. If true, the query will keep running and will return results based on the available shards. For sequences, the behavior can be further refined using allow_partial_sequence_results

Default value is true.
allow_partial_sequence_results boolean

This flag applies only to sequences and has effect only if allow_partial_search_results=true. If true, the sequence query will return results based on the available shards, ignoring the others. If false, the sequence query will return successfully, but will always have empty results.

Default value is false.
size number

For basic queries, the maximum number of matching events to return. Defaults to 10
fields object | array[object]

Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.
One of:
FieldAndFormat object array-2 array[object]
A reference to a field with formatting instructions on how to return the value
Hide attributes Show attributes

field string Required

A wildcard pattern. The request returns values for field names matching this pattern.

format string

The format in which the values are returned.

include_unmapped boolean
A reference to a field with formatting instructions on how to return the value
Hide attributes Show attributes object

field string Required

A wildcard pattern. The request returns values for field names matching this pattern.

format string

The format in which the values are returned.

include_unmapped boolean
result_position string
Supported values include:
- tail: Return the most recent matches, similar to the Unix tail command.
- head: Return the earliest matches, similar to the Unix head command.
Values are tail or head.
runtime_mappings object
Hide runtime_mappings attribute Show runtime_mappings attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  For type lookup
  
  target_field string
  
  For type lookup
  
  target_index string
  
  For type lookup
  
  script object
  
  Painless script executed at query time.
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  The id for a stored script.
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Field type, which can be: boolean, composite, date, double, geo_point, ip,keyword, long, or lookup.
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
max_samples_per_key number

By default, the response of a sample query contains up to 10 samples, with one sample per unique set of join keys. Use the size parameter to get a smaller or larger set of samples. To retrieve more than one sample per set of join keys, use the max_samples_per_key parameter. Pipes are not supported for sample queries.

Default value is 1.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  Identifier for the search.
- is_partial boolean
  
  If true, the response does not contain complete search results.
- is_running boolean
  
  If true, the search request is still executing.
- took number
  
  Time unit for milliseconds
- timed_out boolean
  
  If true, the request timed out before completion.
- hits object Required
  
  Contains matching events and sequences. Also contains related metadata.
  
  Hide hits attributes Show hits attributes object
  
  total object
  
  Metadata about the number of matching events or sequences.
  
  Hide total attributes Show total attributes object
  
  relation string Required
  
  Supported values include:
  
  eq: Accurate
  
  gte: Lower bound, including returned events or sequences
  
  Values are eq or gte.
  
  value number Required
  
  events array[object]
  
  Contains events matching the query. Each object represents a matching event.
  
  Hide events attributes Show events attributes object
  
  _index string Required
  
  Name of the index containing the event.
  
  _id string Required
  
  Unique identifier for the event. This ID is only unique within the index.
  
  _source object Required
  
  Original JSON body passed for the event at index time.
  
  missing boolean
  
  Set to true for events in a timespan-constrained sequence that do not meet a given condition.
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * array[object] Additional properties
  
  sequences array[object]
  
  Contains event sequences matching the query. Each object represents a matching sequence. This parameter is only returned for EQL queries containing a sequence.
  
  Hide sequences attributes Show sequences attributes object
  
  events array[object] Required
  
  Contains events matching the query. Each object represents a matching event.
  
  join_keys array[object]
  
  Shared field values used to constrain matches in the sequence. These are defined using the by keyword in the EQL query syntax.
- shard_failures array[object]
  
  Contains information about shard failures (if any), in case allow_partial_search_results=true
  
  Hide shard_failures attributes Show shard_failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string | null
  
  A human-readable explanation of the error, in English.
  
  One of:
  string-1 string string-2 string | null
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  root_cause array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  suppressed array[object]
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  shard number
  
  status string
  
  primary boolean

POST /{index}/_eql/search

GET /my-data-stream/_eql/search
{
  "query": """
    process where (process.name == "cmd.exe" and process.pid != 2013)
  """
}

resp = client.eql.search(
    index="my-data-stream",
    query="\n    process where (process.name == \"cmd.exe\" and process.pid != 2013)\n  ",
)

const response = await client.eql.search({
  index: "my-data-stream",
  query:
    '\n    process where (process.name == "cmd.exe" and process.pid != 2013)\n  ',
});

response = client.eql.search(
  index: "my-data-stream",
  body: {
    "query": "\n    process where (process.name == \"cmd.exe\" and process.pid != 2013)\n  "
  }
)

$resp = $client->eql()->search([
    "index" => "my-data-stream",
    "body" => [
        "query" => "\n    process where (process.name == \"cmd.exe\" and process.pid != 2013)\n  ",
    ],
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":"\n    process where (process.name == \"cmd.exe\" and process.pid != 2013)\n  "}' "$ELASTICSEARCH_URL/my-data-stream/_eql/search"

client.eql().search(s -> s
    .index("my-data-stream")
    .query(" process where (process.name == \"cmd.exe\" and process.pid != 2013) ")
);

Request examples

Run `GET /my-data-stream/_eql/search` to search for events that have a `process.name` of `cmd.exe` and a `process.pid` other than `2013`.

{
  "query": """
    process where (process.name == "cmd.exe" and process.pid != 2013)
  """
}

Run `GET /my-data-stream/_eql/search` to search for a sequence of events. The sequence starts with an event with an `event.category` of `file`, a `file.name` of `cmd.exe`, and a `process.pid` other than `2013`. It is followed by an event with an `event.category` of `process` and a `process.executable` that contains the substring `regsvr32`. These events must also share the same `process.pid` value.

{
  "query": """
    sequence by process.pid
      [ file where file.name == "cmd.exe" and process.pid != 2013 ]
      [ process where stringContains(process.executable, "regsvr32") ]
  """
}

Response examples (200)

{
  "is_partial": false,
  "is_running": false,
  "took": 6,
  "timed_out": false,
  "hits": {
    "total": {
      "value": 1,
      "relation": "eq"
    },
    "sequences": [
      {
        "join_keys": [
          2012
        ],
        "events": [
          {
            "_index": ".ds-my-data-stream-2099.12.07-000001",
            "_id": "AtOJ4UjUBAAx3XR5kcCM",
            "_source": {
              "@timestamp": "2099-12-06T11:04:07.000Z",
              "event": {
                "category": "file",
                "id": "dGCHwoeS",
                "sequence": 2
              },
              "file": {
                "accessed": "2099-12-07T11:07:08.000Z",
                "name": "cmd.exe",
                "path": "C:\\Windows\\System32\\cmd.exe",
                "type": "file",
                "size": 16384
              },
              "process": {
                "pid": 2012,
                "name": "cmd.exe",
                "executable": "C:\\Windows\\System32\\cmd.exe"
              }
            }
          },
          {
            "_index": ".ds-my-data-stream-2099.12.07-000001",
            "_id": "OQmfCaduce8zoHT93o4H",
            "_source": {
              "@timestamp": "2099-12-07T11:07:09.000Z",
              "event": {
                "category": "process",
                "id": "aR3NWVOs",
                "sequence": 4
              },
              "process": {
                "pid": 2012,
                "name": "regsvr32.exe",
                "command_line": "regsvr32.exe  /s /u /i:https://...RegSvr32.sct scrobj.dll",
                "executable": "C:\\Windows\\System32\\regsvr32.exe"
              }
            }
          }
        ]
      }
    ]
  }
}

Get async ES|QL query results Generally available; Added in 8.13.0

GET /_query/async/{id}

Api key auth Basic auth Bearer auth

Get the current status and available results or stored results for an ES|QL asynchronous query. If the Elasticsearch security features are enabled, only the user who first submitted the ES|QL query can retrieve the results using this API.

External documentation

Path parameters

id string Required

The unique identifier of the query. A query ID is provided in the ES|QL async query API response for a query that does not complete in the designated time. A query ID is also provided when the request was submitted with the keep_on_completion parameter set to true.

Query parameters

drop_null_columns boolean

Indicates whether columns that are entirely null will be removed from the columns and values portion of the results. If true, the response will include an extra section under the name all_columns which has the name of all the columns.
format string

A short version of the Accept header, for example json or yaml.

Values are csv, json, tsv, txt, yaml, cbor, smile, or arrow.
keep_alive string

The period for which the query and its results are stored in the cluster. When this period expires, the query and its results are deleted, even if the query is still ongoing.

External documentation
wait_for_completion_timeout string

The period to wait for the request to finish. By default, the request waits for complete query results. If the request completes during the period specified in this parameter, complete query results are returned. Otherwise, the response returns an is_running value of true and no results.

External documentation

Responses

200 application/json
Hide response attributes Show response attributes object
- took number
  
  Time unit for milliseconds
- is_partial boolean
- all_columns array[object]
  
  Hide all_columns attributes Show all_columns attributes object
  
  name string Required
  
  type string Required
- columns array[object] Required
  
  Hide columns attributes Show columns attributes object
  
  name string Required
  
  type string Required
- values array[array] Required
  
  A field value.
  
  One of:
  number-1 number number-2 number string-3 string boolean-4 boolean string-5 string | null object-6 object
- _clusters object
  
  Cross-cluster search information. Present if include_ccs_metadata was true in the request and a cross-cluster search was performed.
  
  Hide _clusters attributes Show _clusters attributes object
  
  total number Required
  
  successful number Required
  
  running number Required
  
  skipped number Required
  
  partial number Required
  
  failed number Required
  
  details object Required
  
  Hide details attribute Show details attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  indices string Required
- profile object
  
  Profiling information. Present if profile was true in the request. The contents of this field are currently unstable.
- id string
  
  The ID of the async query, to be used in subsequent requests to check the status or retrieve results.
  
  Also available in the X-Elasticsearch-Async-Id HTTP header.
- is_running boolean Required
  
  Indicates whether the async query is still running or has completed.
  
  Also available in the X-Elasticsearch-Async-Is-Running HTTP header.

GET /_query/async/{id}

GET /_query/async/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=?wait_for_completion_timeout=30s

resp = client.esql.async_query_get(
    id="FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
    wait_for_completion_timeout="30s",
)

const response = await client.esql.asyncQueryGet({
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  wait_for_completion_timeout: "30s",
});

response = client.esql.async_query_get(
  id: "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  wait_for_completion_timeout: "30s"
)

$resp = $client->esql()->asyncQueryGet([
    "id" => "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
    "wait_for_completion_timeout" => "30s",
]);

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_query/async/FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=?wait_for_completion_timeout=30s"

Stop async ES|QL query Generally available; Added in 8.18.0

POST /_query/async/{id}/stop

Api key auth Basic auth Bearer auth

This API interrupts the query execution and returns the results so far. If the Elasticsearch security features are enabled, only the user who first submitted the ES|QL query can stop it.

External documentation

Path parameters

id string Required

The unique identifier of the query. A query ID is provided in the ES|QL async query API response for a query that does not complete in the designated time. A query ID is also provided when the request was submitted with the keep_on_completion parameter set to true.

Query parameters

drop_null_columns boolean

Indicates whether columns that are entirely null will be removed from the columns and values portion of the results. If true, the response will include an extra section under the name all_columns which has the name of all the columns.

Responses

200 application/json
Hide response attributes Show response attributes object
- took number
  
  Time unit for milliseconds
- is_partial boolean
- all_columns array[object]
  
  Hide all_columns attributes Show all_columns attributes object
  
  name string Required
  
  type string Required
- columns array[object] Required
  
  Hide columns attributes Show columns attributes object
  
  name string Required
  
  type string Required
- values array[array] Required
  
  A field value.
  
  One of:
  number-1 number number-2 number string-3 string boolean-4 boolean string-5 string | null object-6 object
- _clusters object
  
  Cross-cluster search information. Present if include_ccs_metadata was true in the request and a cross-cluster search was performed.
  
  Hide _clusters attributes Show _clusters attributes object
  
  total number Required
  
  successful number Required
  
  running number Required
  
  skipped number Required
  
  partial number Required
  
  failed number Required
  
  details object Required
  
  Hide details attribute Show details attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  status string Required
  
  Values are running, successful, partial, skipped, or failed.
  
  indices string Required
  
  _shards object
- profile object
  
  Profiling information. Present if profile was true in the request. The contents of this field are currently unstable.

POST /_query/async/{id}/stop

POST /_query/async/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=/stop

resp = client.esql.async_query_stop(
    id="FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=",
)

const response = await client.esql.asyncQueryStop({
  id: "FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=",
});

response = client.esql.async_query_stop(
  id: "FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM="
)

$resp = $client->esql()->asyncQueryStop([
    "id" => "FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_query/async/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=/stop"

Reset the features Technical preview; Added in 7.12.0

POST /_features/_reset

Api key auth Basic auth Bearer auth

Clear all of the state information stored in system indices by Elasticsearch features, including the security and machine learning indices.

WARNING: Intended for development and testing use only. Do not reset features on a production cluster.

Return a cluster to the same state as a new installation by resetting the feature state for all Elasticsearch features. This deletes all state information stored in system indices.

The response code is HTTP 200 if the state is successfully reset for all features. It is HTTP 500 if the reset operation failed for any feature.

Note that select features might provide a way to reset particular system indices. Using this API resets all features, both those that are built-in and implemented as plugins.

To list the features that will be affected, use the get features API.

IMPORTANT: The features installed on the node you submit this request to are the features that will be reset. Run on the master node if you have any doubts about which plugins are installed on individual nodes.

Query parameters

master_timeout string

Period to wait for a connection to the master node.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- features array[object] Required
  
  Hide features attributes Show features attributes object
  
  name string Required
  
  description string Required

POST /_features/_reset

POST /_features/_reset

resp = client.features.reset_features()

const response = await client.features.resetFeatures();

response = client.features.reset_features

$resp = $client->features()->resetFeatures();

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_features/_reset"

client.features().resetFeatures(r -> r);

Response examples (200)

A successful response for clearing state information stored in system indices by Elasticsearch features.

{
  "features" : [
    {
      "feature_name" : "security",
      "status" : "SUCCESS"
    },
    {
      "feature_name" : "tasks",
      "status" : "SUCCESS"
    }
  ]
}

Executes several fleet searches with a single API request Technical preview; Added in 7.16.0

POST /{index}/_fleet/_fleet_msearch

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_fleet/_fleet_msearch

POST /_fleet/_fleet_msearch

GET /{index}/_fleet/_fleet_msearch

POST /{index}/_fleet/_fleet_msearch

The API follows the same structure as the multi search (_msearch) API. However, similar to the fleet search API, it supports the wait_for_checkpoints parameter.

Required authorization

Index privileges: read

External documentation

Path parameters

index string Required

A single target to search. If the target is an index alias, it must resolve to a single index.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
ccs_minimize_roundtrips boolean

If true, network roundtrips between the coordinating node and remote clusters are minimized for cross-cluster search requests.
expand_wildcards string | array[string]
Type of index that wildcard expressions can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.
ignore_throttled boolean

If true, concrete, expanded or aliased indices are ignored when frozen.
ignore_unavailable boolean

If true, missing or closed indices are not included in the response.
max_concurrent_searches number

Maximum number of concurrent searches the multi search API can execute.
max_concurrent_shard_requests number

Maximum number of concurrent shard requests that each sub-search request executes per node.
pre_filter_shard_size number

Defines a threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method i.e., if date filters are mandatory to match but the shard bounds and the query are disjoint.
search_type string
Indicates whether global term and document frequencies should be used when scoring returned documents.

Supported values include:
- query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.
- dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.
Values are query_then_fetch or dfs_query_then_fetch.
rest_total_hits_as_int boolean

If true, hits.total are returned as an integer in the response. Defaults to false, which returns an object.
typed_keys boolean

Specifies whether aggregation and suggester names should be prefixed by their respective types in the response.
wait_for_checkpoints array[number]

A comma separated list of checkpoints. When configured, the search API will only be executed on a shard after the relevant checkpoint has become visible for search. Defaults to an empty list which will cause Elasticsearch to immediately execute the search.
allow_partial_search_results boolean

If true, returns partial results if there are shard request timeouts or shard failures. If false, returns an error with no partial results. Defaults to the configured cluster setting search.default_allow_partial_results which is true by default.

application/json

Body object Required

Contains parameters used to limit or change the subsequent search body request.

allow_no_indices boolean
expand_wildcards string | array[string]
Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_unavailable boolean
index string | array[string]
preference string
request_cache boolean
routing string
search_type string
Supported values include:
- query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.
- dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.
Values are query_then_fetch or dfs_query_then_fetch.
ccs_minimize_roundtrips boolean
allow_partial_search_results boolean
ignore_throttled boolean

aggregations object
External documentation
collapse object
External documentation
query object

Defines the search definition using the Query DSL.

External documentation
explain boolean

If true, returns detailed information about score computation as part of a hit.

Default value is false.
ext object

Configuration of search extensions defined by Elasticsearch plugins.
Hide ext attribute Show ext attribute object
- * object Additional properties
stored_fields string | array[string]

List of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. You can pass _source: true to return both source fields and stored fields in the search response.
docvalue_fields array[object]

Array of wildcard (*) patterns. The request returns doc values for field names matching these patterns in the hits.fields property of the response.

A reference to a field with formatting instructions on how to return the value
Hide docvalue_fields attributes Show docvalue_fields attributes object
- field string Required
  
  A wildcard pattern. The request returns values for field names matching this pattern.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
knn object | array[object]

Defines the approximate kNN search to run.
One of:
KnnSearch object array-2 array[object]
Hide attributes Show attributes

field string Required

The name of the vector field to search against

query_vector array[number]

The query vector

query_vector_builder object

The query vector builder. You must provide a query_vector_builder or query_vector, but not both.

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

If defined, each search hit will contain inner hits.

Hide inner_hits attributes Show inner_hits attributes object

size number

The maximum number of hits to return per inner_hits.

Default value is 3.

from number

Inner hit starting document offset.

Default value is 0.

docvalue_fields array[object]

explain boolean

ignore_unmapped boolean

script_fields object

seq_no_primary_term boolean

fields array[string]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

track_scores boolean

Default value is false.

version boolean

rescore_vector object

Apply oversampling and rescoring to quantized vectors *

Hide rescore_vector attribute Show rescore_vector attribute object

oversample number Required

Applies the specified oversample factor to k on the approximate kNN search
Hide attributes Show attributes object

field string Required

The name of the vector field to search against

query_vector array[number]

The query vector

query_vector_builder object

The query vector builder. You must provide a query_vector_builder or query_vector, but not both.

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

If defined, each search hit will contain inner hits.

rescore_vector object

Apply oversampling and rescoring to quantized vectors *
from number

Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

Default value is 0.
highlight object
Hide highlight attributes Show highlight attributes object
- type
- boundary_chars string
 
 A string that contains each boundary character.
 
 Default value is .,!? \t\n.
- boundary_max_scan number
 
 How far to scan for boundary characters.
 
 Default value is 20.
- boundary_scanner string
 Specifies how to break the highlighted fragments: chars, sentence, or word. Only valid for the unified and fvh highlighters. Defaults to sentence for the unified highlighter. Defaults to chars for the fvh highlighter.
 
 Supported values include:
 
 chars: Use the characters specified by boundary_chars as highlighting boundaries. The boundary_max_scan setting controls how far to scan for boundary characters. Only valid for the fvh highlighter.
 
 sentence: Break highlighted fragments at the next sentence boundary, as determined by Java’s BreakIterator. You can specify the locale to use with boundary_scanner_locale. When used with the unified highlighter, the sentence scanner splits sentences bigger than fragment_size at the first word boundary next to fragment_size. You can set fragment_size to 0 to never split any sentence.
 
 word: Break highlighted fragments at the next word boundary, as determined by Java’s BreakIterator. You can specify the locale to use with boundary_scanner_locale.
 Values are chars, sentence, or word.
- boundary_scanner_locale string
 
 Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".
 
 Default value is Locale.ROOT.
- force_source boolean Deprecated
- fragmenter string
 
 Specifies how text should be broken up in highlight snippets: simple or span. Only valid for the plain highlighter.
 
 Values are simple or span.
- fragment_size number
 
 The size of the highlighted fragment in characters.
 
 Default value is 100.
- highlight_filter boolean
- highlight_query object
 
 Highlight matches for a query other than the search query. This is especially useful if you use a rescore query because those are not taken into account by highlighting by default.
- max_fragment_length number
- max_analyzed_offset number
 
 If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.
- no_match_size number
 
 The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.
 
 Default value is 0.
- number_of_fragments number
 
 The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.
 
 Default value is 5.
- options object
 Hide options attribute Show options attribute object
 
 * object Additional properties
- order string
 
 Sorts highlighted fragments by score when set to score. By default, fragments will be output in the order they appear in the field (order: none). Setting this option to score will output the most relevant fragments first. Each highlighter applies its own logic to compute relevancy scores.
 
 Value is score.
- phrase_limit number
 
 Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.
 
 Default value is 256.
- post_tags array[string]
 
 Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- pre_tags array[string]
 
 Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- require_field_match boolean
 
 By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.
 
 Default value is true.
- tags_schema string
 
 Set to styled to use the built-in tag schema.
 
 Value is styled.
- encoder string
 
 Values are default or html.
- fields object Required
indices_boost array[object]

Boosts the _score of documents from specified indices.
Hide indices_boost attribute Show indices_boost attribute object
- * number Additional properties
min_score number

The minimum _score for matching documents. Documents with a lower _score are not included in search results and results collected by aggregations.
post_filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
profile boolean
rescore object | array[object]
One of:
object-2 object array-2 array[object]
Hide attributes Show attributes

window_size number

query object

learning_to_rank object
Hide attribute Show attribute object

window_size number
script_fields object

Retrieve a script evaluation (based on different fields) for each hit.
Hide script_fields attribute Show script_fields attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  options object
  
  ignore_failure boolean
search_after array[number | string | boolean | null | object]

A field value.

A field value.

One of:
number-1 number number-2 number string-3 string boolean-4 boolean string-5 string | null object-6 object
size number

The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

Default value is 10.
sort string | object | array[string | object]

One of:
Field string SortOptions object array-2 array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
_source boolean | object

Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
One of:
boolean-1 boolean SourceFilter object

Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
Hide attributes Show attributes

exclude_vectors boolean

If true, vector fields are excluded from the returned source.

This option takes precedence over includes: any vector field will remain excluded even if it matches an includes rule.

excludes string | array[string]

A list of fields to exclude from the returned source.

includes string | array[string]

A list of fields to include in the returned source.
fields array[object]

Array of wildcard (*) patterns. The request returns values for field names matching these patterns in the hits.fields property of the response.

A reference to a field with formatting instructions on how to return the value
Hide fields attributes Show fields attributes object
- field string Required
  
  A wildcard pattern. The request returns values for field names matching this pattern.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
terminate_after number

Maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. Defaults to 0, which does not terminate query execution early.

Default value is 0.
stats array[string]

Stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
timeout string

Specifies the period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
track_scores boolean

If true, calculate and return document scores, even if the scores are not used for sorting.

Default value is false.
track_total_hits boolean | number

Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
version boolean

If true, returns document version as part of a hit.

Default value is false.
runtime_mappings object

Defines one or more runtime fields in the search request. These fields take precedence over mapped fields with the same name.
Hide runtime_mappings attribute Show runtime_mappings attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  fetch_fields array[object]
  
  For type lookup
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  For type lookup
  
  target_field string
  
  For type lookup
  
  target_index string
  
  For type lookup
  
  script object
  
  Painless script executed at query time.
  
  type string Required
  
  Field type, which can be: boolean, composite, date, double, geo_point, ip,keyword, long, or lookup.
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
seq_no_primary_term boolean

If true, returns sequence number and primary term of the last modification of each hit. See Optimistic concurrency control.
pit object

Limits the search to a point in time (PIT). If you provide a PIT, you cannot specify an in the request path.
Hide pit attributes Show pit attributes object
- id string Required
- keep_alive string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
suggest object
Hide suggest attribute Show suggest attribute object
- text string
  
  Global suggest text, to avoid repetition when the same text is used in several suggesters

Responses

200 application/json
Hide response attribute Show response attribute object
- docs array[object] Required
  
  One of:
  object-2 object ErrorResponseBase object
  
  Hide attributes Show attributes
  
  took number Required
  
  The number of milliseconds it took Elasticsearch to run the request. This value is calculated by measuring the time elapsed between receipt of a request on the coordinating node and the time at which the coordinating node is ready to send the response. It includes:
  
  Communication time between the coordinating node and data nodes
  
  Time the request spends in the search thread pool, queued for execution
  
  Actual run time
  
  It does not include:
  
  Time needed to send the request to Elasticsearch
  
  Time needed to serialize the JSON response
  
  Time needed to send the response to a client
  
  timed_out boolean Required
  
  If true, the request timed out before completion; returned results may be partial or empty.
  
  _shards object Required
  
  A count of shards used for the request.
  
  hits object Required
  
  The returned documents and metadata.
  
  aggregations object
  
  _clusters object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  max_score number
  
  num_reduce_phases number
  
  profile object
  
  pit_id string
  
  _scroll_id string
  
  The identifier for the search and its search context. You can use this scroll ID with the scroll API to retrieve the next batch of search results for the request. This property is returned only if the scroll query parameter is specified in the request.
  
  suggest object
  
  Hide suggest attribute Show suggest attribute object
  
  * array[object] Additional properties
  
  terminated_early boolean
  
  status number
  
  The response returned by Elasticsearch when request execution did not succeed.
  
  Hide attributes Show attributes
  
  error object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  root_cause array[object]
  
  suppressed array[object]
  
  status number Required

POST /{index}/_fleet/_fleet_msearch

curl \
 --request POST 'http://api.example.com/{index}/_fleet/_fleet_msearch' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '[{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"index":"string","preference":"string","request_cache":true,"routing":"string","search_type":"query_then_fetch","ccs_minimize_roundtrips":true,"allow_partial_search_results":true,"ignore_throttled":true}]'

The purpose of the fleet search api is to provide a search api where the search will only be executed Technical preview; Added in 7.16.0

POST /{index}/_fleet/_fleet_search

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /{index}/_fleet/_fleet_search

POST /{index}/_fleet/_fleet_search

after provided checkpoint has been processed and is visible for searches inside of Elasticsearch.

Required authorization

Index privileges: read

Path parameters

index string Required

A single target to search. If the target is an index alias, it must resolve to a single index.

Query parameters

allow_no_indices boolean
analyzer string
analyze_wildcard boolean
batched_reduce_size number
ccs_minimize_roundtrips boolean
default_operator string

Values are and, AND, or, or OR.
df string
docvalue_fields string | array[string]
expand_wildcards string | array[string]
Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
Values are all, open, closed, hidden, or none.
explain boolean
ignore_throttled boolean
ignore_unavailable boolean
lenient boolean
max_concurrent_shard_requests number
min_compatible_shard_node string
preference string
pre_filter_shard_size number
request_cache boolean
routing string
scroll string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

External documentation
search_type string
Supported values include:
- query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.
- dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.
Values are query_then_fetch or dfs_query_then_fetch.
stats array[string]
stored_fields string | array[string]
suggest_field string

Specifies which field to use for suggestions.
suggest_mode string
Supported values include:
- missing: Only generate suggestions for terms that are not in the shard.
- popular: Only suggest terms that occur in more docs on the shard than the original term.
- always: Suggest any matching suggestions based on terms in the suggest text.
Values are missing, popular, or always.
suggest_size number
suggest_text string

The source text for which the suggestions should be returned.
terminate_after number
timeout string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

External documentation
track_total_hits boolean | number

Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
track_scores boolean
typed_keys boolean
rest_total_hits_as_int boolean
version boolean
_source boolean | string | array[string]

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered. Used as a query parameter along with the _source_includes and _source_excludes parameters.
_source_excludes string | array[string]
_source_includes string | array[string]
seq_no_primary_term boolean
q string
size number
from number
sort string | array[string]
wait_for_checkpoints array[number]

A comma separated list of checkpoints. When configured, the search API will only be executed on a shard after the relevant checkpoint has become visible for search. Defaults to an empty list which will cause Elasticsearch to immediately execute the search.
allow_partial_search_results boolean

If true, returns partial results if there are shard request timeouts or shard failures. If false, returns an error with no partial results. Defaults to the configured cluster setting search.default_allow_partial_results which is true by default.

application/json

Body Required

aggregations object
collapse object
External documentation
explain boolean

If true, returns detailed information about score computation as part of a hit.

Default value is false.
ext object

Configuration of search extensions defined by Elasticsearch plugins.
Hide ext attribute Show ext attribute object
- * object Additional properties
from number

Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

Default value is 0.
highlight object
Hide highlight attributes Show highlight attributes object
- type string
 
 Supported values include:
 
 plain: The plain highlighter uses the standard Lucene highlighter
 
 fvh: The fvh highlighter uses the Lucene Fast Vector highlighter.
 
 unified: The unified highlighter uses the Lucene Unified Highlighter.
 
 Any of:
 string-1 string string-2 string
 
 Supported values include:
 
 plain: The plain highlighter uses the standard Lucene highlighter
 
 fvh: The fvh highlighter uses the Lucene Fast Vector highlighter.
 
 unified: The unified highlighter uses the Lucene Unified Highlighter.
 
 Values are plain, fvh, or unified.
- boundary_chars string
 
 A string that contains each boundary character.
 
 Default value is .,!? \t\n.
- boundary_max_scan number
 
 How far to scan for boundary characters.
 
 Default value is 20.
- boundary_scanner string
 Specifies how to break the highlighted fragments: chars, sentence, or word. Only valid for the unified and fvh highlighters. Defaults to sentence for the unified highlighter. Defaults to chars for the fvh highlighter.
 
 Supported values include:
 
 chars: Use the characters specified by boundary_chars as highlighting boundaries. The boundary_max_scan setting controls how far to scan for boundary characters. Only valid for the fvh highlighter.
 
 sentence: Break highlighted fragments at the next sentence boundary, as determined by Java’s BreakIterator. You can specify the locale to use with boundary_scanner_locale. When used with the unified highlighter, the sentence scanner splits sentences bigger than fragment_size at the first word boundary next to fragment_size. You can set fragment_size to 0 to never split any sentence.
 
 word: Break highlighted fragments at the next word boundary, as determined by Java’s BreakIterator. You can specify the locale to use with boundary_scanner_locale.
 Values are chars, sentence, or word.
- boundary_scanner_locale string
 
 Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".
 
 Default value is Locale.ROOT.
- force_source boolean Deprecated
- fragmenter string
 
 Specifies how text should be broken up in highlight snippets: simple or span. Only valid for the plain highlighter.
 
 Values are simple or span.
- fragment_size number
 
 The size of the highlighted fragment in characters.
 
 Default value is 100.
- highlight_filter boolean
- highlight_query object
 
 Highlight matches for a query other than the search query. This is especially useful if you use a rescore query because those are not taken into account by highlighting by default.
 
 External documentation
- max_fragment_length number
- max_analyzed_offset number
 
 If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.
- no_match_size number
 
 The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.
 
 Default value is 0.
- number_of_fragments number
 
 The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.
 
 Default value is 5.
- options object
 Hide options attribute Show options attribute object
 
 * object Additional properties
- order string
 
 Sorts highlighted fragments by score when set to score. By default, fragments will be output in the order they appear in the field (order: none). Setting this option to score will output the most relevant fragments first. Each highlighter applies its own logic to compute relevancy scores.
 
 Value is score.
- phrase_limit number
 
 Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.
 
 Default value is 256.
- post_tags array[string]
 
 Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- pre_tags array[string]
 
 Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- require_field_match boolean
 
 By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.
 
 Default value is true.
- tags_schema string
 
 Set to styled to use the built-in tag schema.
 
 Value is styled.
- encoder string
 
 Values are default or html.
- fields object Required
track_total_hits boolean | number

Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
indices_boost array[object]

Boosts the _score of documents from specified indices.
Hide indices_boost attribute Show indices_boost attribute object
- * number Additional properties
docvalue_fields array[object]

Array of wildcard (*) patterns. The request returns doc values for field names matching these patterns in the hits.fields property of the response.

A reference to a field with formatting instructions on how to return the value
Hide docvalue_fields attributes Show docvalue_fields attributes object
- field string Required
  
  A wildcard pattern. The request returns values for field names matching this pattern.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
min_score number

Minimum _score for matching documents. Documents with a lower _score are not included in search results and results collected by aggregations.
post_filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
profile boolean
query object

Defines the search definition using the Query DSL.

External documentation
rescore object | array[object]
One of:
object-2 object array-2 array[object]
Hide attributes Show attributes

window_size number

query object

Hide query attributes Show query attributes object

rescore_query object Required

The query to use for rescoring. This query is only run on the Top-K results returned by the query and post_filter phases.

query_weight number

Relative importance of the original query versus the rescore query.

Default value is 1.

rescore_query_weight number

Relative importance of the rescore query versus the original query.

Default value is 1.

score_mode string

Determines how scores are combined.

Supported values include:

avg: Average the original score and the rescore query score.

max: Take the max of original score and the rescore query score.

min: Take the min of the original score and the rescore query score.

multiply: Multiply the original score by the rescore query score. Useful for function query rescores.

total: Add the original score and the rescore query score.

Values are avg, max, min, multiply, or total.

learning_to_rank object

Hide learning_to_rank attributes Show learning_to_rank attributes object

model_id string Required

The unique identifier of the trained model uploaded to Elasticsearch

params object

Named parameters to be passed to the query templates used for feature

Hide params attribute Show params attribute object

* object Additional properties
Hide attributes Show attributes object

window_size number

query object

Hide query attributes Show query attributes object

query_weight number

Relative importance of the original query versus the rescore query.

Default value is 1.

rescore_query_weight number

Relative importance of the rescore query versus the original query.

Default value is 1.

learning_to_rank object

Hide learning_to_rank attributes Show learning_to_rank attributes object

model_id string Required

The unique identifier of the trained model uploaded to Elasticsearch

params object

Named parameters to be passed to the query templates used for feature
script_fields object

Retrieve a script evaluation (based on different fields) for each hit.
Hide script_fields attribute Show script_fields attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  The id for a stored script.
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Specifies the language the script is written in.
  
  Supported values include:
  
  painless: Painless scripting language, purpose-built for Elasticsearch.
  
  expression: Lucene’s expressions language, compiles a JavaScript expression to bytecode.
  
  mustache: Mustache templated, used for templates.
  
  java: Expert Java API
  
  Any of:
  string-1 string string-2 string
  
  Specifies the language the script is written in.
  
  Supported values include:
  
  painless: Painless scripting language, purpose-built for Elasticsearch.
  
  expression: Lucene’s expressions language, compiles a JavaScript expression to bytecode.
  
  mustache: Mustache templated, used for templates.
  
  java: Expert Java API
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
search_after array[number | string | boolean | null | object]

A field value.

A field value.

One of:
number-1 number number-2 number string-3 string boolean-4 boolean string-5 string | null object-6 object
size number

The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.

Default value is 10.
slice object
Hide slice attributes Show slice attributes object
- field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- id string Required
- max number Required
sort string | object | array[string | object]
One of:
Field string SortOptions object array-2 array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
Hide attributes Show attributes

_score object

_doc object

_geo_distance object

Hide _geo_distance attribute Show _geo_distance attribute object

ignore_unmapped boolean

_script object
_source boolean | object

Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
One of:
boolean-1 boolean SourceFilter object

Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
Indicates which source fields are returned for matching documents. These fields are returned in the hits._source property of the search response.
Hide attributes Show attributes

exclude_vectors boolean

If true, vector fields are excluded from the returned source.

This option takes precedence over includes: any vector field will remain excluded even if it matches an includes rule.

excludes string | array[string]

A list of fields to exclude from the returned source.

includes string | array[string]

A list of fields to include in the returned source.
fields array[object]

Array of wildcard (*) patterns. The request returns values for field names matching these patterns in the hits.fields property of the response.

A reference to a field with formatting instructions on how to return the value
Hide fields attributes Show fields attributes object
- field string Required
  
  A wildcard pattern. The request returns values for field names matching this pattern.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
suggest object
Hide suggest attribute Show suggest attribute object
- text string
  
  Global suggest text, to avoid repetition when the same text is used in several suggesters
terminate_after number

Maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. Defaults to 0, which does not terminate query execution early.

Default value is 0.
timeout string

Specifies the period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
track_scores boolean

If true, calculate and return document scores, even if the scores are not used for sorting.

Default value is false.
version boolean

If true, returns document version as part of a hit.

Default value is false.
seq_no_primary_term boolean

If true, returns sequence number and primary term of the last modification of each hit. See Optimistic concurrency control.
stored_fields string | array[string]

List of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. You can pass _source: true to return both source fields and stored fields in the search response.
pit object

Limits the search to a point in time (PIT). If you provide a PIT, you cannot specify an in the request path.
Hide pit attributes Show pit attributes object
- id string Required
- keep_alive string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
runtime_mappings object

Defines one or more runtime fields in the search request. These fields take precedence over mapped fields with the same name.
Hide runtime_mappings attribute Show runtime_mappings attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  For type lookup
  
  target_field string
  
  For type lookup
  
  target_index string
  
  For type lookup
  
  script object
  
  Painless script executed at query time.
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  The id for a stored script.
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Field type, which can be: boolean, composite, date, double, geo_point, ip,keyword, long, or lookup.
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
stats array[string]

Stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.

Responses

200 application/json
Hide response attributes Show response attributes object
- took number Required
- timed_out boolean Required
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  The number of shards the operation or search attempted to run on but failed.
  
  successful number Required
  
  The number of shards the operation or search succeeded on.
  
  total number Required
  
  The number of shards the operation or search will run on overall.
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  shard number
  
  status string
  
  primary boolean
  
  skipped number
- hits object Required
  
  Hide hits attributes Show hits attributes object
  
  total object | number
  
  Total hit count information, present only if track_total_hits wasn't false in the search request.
  
  One of:
  TotalHits object number-2 number
  
  Hide attributes Show attributes
  
  relation string Required
  
  Supported values include:
  
  eq: Accurate
  
  gte: Lower bound, including returned events or sequences
  
  Values are eq or gte.
  
  value number Required
  
  hits array[object] Required
  
  Hide hits attributes Show hits attributes object
  
  _index string Required
  
  _id string
  
  _score number | string | null
  
  One of:
  number-1 number string-2 string | null
  
  _explanation object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  * array[string] Additional properties
  
  inner_hits object
  
  Hide inner_hits attribute Show inner_hits attribute object
  
  * object Additional properties
  
  matched_queries array[string] | object
  
  One of:
  array-1 array[string] object-2 object
  
  _nested object
  
  _ignored array[string]
  
  ignored_field_values object
  
  Hide ignored_field_values attribute Show ignored_field_values attribute object
  
  * array[number | string | boolean | null | object] Additional properties
  
  _shard string
  
  _node string
  
  _routing string
  
  _source object
  
  _rank number
  
  _seq_no number
  
  _primary_term number
  
  _version number
  
  sort array[number | string | boolean | null | object]
  
  max_score number | string | null
  
  One of:
  number-1 number string-2 string | null
- aggregations object
- _clusters object
  
  Hide _clusters attributes Show _clusters attributes object
  
  skipped number Required
  
  successful number Required
  
  total number Required
  
  running number Required
  
  partial number Required
  
  failed number Required
  
  details object
  
  Hide details attribute Show details attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  status string Required
  
  Values are running, successful, partial, skipped, or failed.
  
  indices string Required
  
  timed_out boolean Required
  
  _shards object
  
  failures array[object]
- fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
- max_score number
- num_reduce_phases number
- profile object
  
  Hide profile attribute Show profile attribute object
  
  shards array[object] Required
  
  Hide shards attributes Show shards attributes object
  
  aggregations array[object] Required
  
  cluster string Required
  
  dfs object
  
  fetch object
  
  id string Required
  
  index string Required
  
  node_id string Required
  
  searches array[object] Required
  
  shard_id number Required
- pit_id string
- _scroll_id string
- suggest object
  
  Hide suggest attribute Show suggest attribute object
  
  * array[object] Additional properties
  
  One of:
  object-2 object object-2 object object-2 object
  
  Hide attributes Show attributes
  
  length number Required
  
  offset number Required
  
  text string Required
  
  options
  
  Hide attributes Show attributes
  
  length number Required
  
  offset number Required
  
  text string Required
  
  options
  
  Hide attributes Show attributes
  
  length number Required
  
  offset number Required
  
  text string Required
  
  options
- terminated_early boolean

POST /{index}/_fleet/_fleet_search

curl \
 --request POST 'http://api.example.com/{index}/_fleet/_fleet_search' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"aggregations":{},"collapse":{},"explain":false,"ext":{"additionalProperty1":{},"additionalProperty2":{}},"from":0,"highlight":{"type":"plain","boundary_chars":".,!? \\t\\n","boundary_max_scan":20,"boundary_scanner":"chars","boundary_scanner_locale":"Locale.ROOT","force_source":true,"fragmenter":"simple","fragment_size":100,"highlight_filter":true,"highlight_query":{},"max_fragment_length":42.0,"max_analyzed_offset":42.0,"no_match_size":0,"number_of_fragments":5,"options":{"additionalProperty1":{},"additionalProperty2":{}},"order":"score","phrase_limit":256,"post_tags":["string"],"pre_tags":["string"],"require_field_match":true,"tags_schema":"styled","encoder":"default","fields":{}},"track_total_hits":true,"indices_boost":[{"additionalProperty1":42.0,"additionalProperty2":42.0}],"docvalue_fields":[{"field":"string","format":"string","include_unmapped":true}],"min_score":42.0,"post_filter":{},"profile":true,"query":{},"rescore":{"window_size":42.0,"query":{"rescore_query":{},"query_weight":1,"rescore_query_weight":1,"score_mode":"avg"},"learning_to_rank":{"model_id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}}}},"script_fields":{"additionalProperty1":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"lang":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true},"additionalProperty2":{"script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"lang":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"ignore_failure":true}},"search_after":[42.0],"size":10,"slice":{"field":"string","id":"string","max":42.0},"sort":"string","_source":true,"fields":[{"field":"string","format":"string","include_unmapped":true}],"suggest":{"text":"string"},"terminate_after":0,"timeout":"string","track_scores":false,"version":false,"seq_no_primary_term":true,"stored_fields":"string","pit":{"id":"string","keep_alive":"string"},"runtime_mappings":{"additionalProperty1":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"},"additionalProperty2":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"}},"stats":["string"]}'

Create or update a component template Generally available; Added in 7.8.0

POST /_component_template/{name}

Api key auth Basic auth Bearer auth

All methods and paths for this operation:

PUT /_component_template/{name}

POST /_component_template/{name}

Component templates are building blocks for constructing index templates that specify index mappings, settings, and aliases.

An index template can be composed of multiple component templates. To use a component template, specify it in an index template’s composed_of list. Component templates are only applied to new data streams and indices as part of a matching index template.

Settings and mappings specified directly in the index template or the create index request override any settings or mappings specified in a component template.

Component templates are only used during index creation. For data streams, this includes data stream creation and the creation of a stream’s backing indices. Changes to component templates do not affect existing indices, including a stream’s backing indices.

You can use C-style /* *\/ block comments in component templates. You can include comments anywhere in the request body except before the opening curly bracket.

Applying component templates

You cannot directly apply a component template to a data stream or index. To be applied, a component template must be included in an index template's composed_of list.

Required authorization

Cluster privileges: manage_index_templates

Path parameters

name string Required

Name of the component template to create. Elasticsearch includes the following built-in component templates: logs-mappings; logs-settings; metrics-mappings; metrics-settings;synthetics-mapping; synthetics-settings. Elastic Agent uses these templates to configure backing indices for its data streams. If you use Elastic Agent and want to overwrite one of these templates, set the version for your replacement template higher than the current version. If you don’t use Elastic Agent and want to disable all built-in component and index templates, set stack.templates.enabled to false using the cluster update settings API.

Query parameters

create boolean

If true, this request cannot replace or update existing component templates.
cause string

User defined reason for create the component template.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

application/json

Body Required

template object Required

The template to be applied which includes mappings, settings, or aliases configuration.
Hide template attributes Show template attributes object
- aliases object
  Hide aliases attribute Show aliases attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter object
  
  Query used to limit documents the alias can access.
  
  External documentation
  
  index_routing string
  
  Value used to route indexing operations to a specific shard. If specified, this overwrites the routing value for indexing operations.
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  Default value is false.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  Default value is false.
  
  routing string
  
  Value used to route indexing and search operations to a specific shard.
  
  search_routing string
  
  Value used to route search operations to a specific shard. If specified, this overwrites the routing value for search operations.
- mappings object
  Hide mappings attributes Show mappings attributes object
  
  all_field object
  
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
  
  date_detection boolean
  
  dynamic string
  
  Values are strict, runtime, true, or false.
  
  dynamic_date_formats array[string]
  
  dynamic_templates array[object]
  
  _field_names object
  
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
  
  index_field object
  
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
  
  _meta object
  
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
  
  numeric_detection boolean
  
  properties object
  
  _routing object
  
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
  
  _size object
  
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  runtime object
  
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  fetch_fields array[object]
  
  For type lookup
  
  format string
  
  A custom format for date type runtime fields.
  
  enabled boolean
  
  subobjects string
  
  Values are true or false.
  
  _data_stream_timestamp object
  
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
- settings object
  Index settings
- defaults object
  
  Default settings, included when the request's include_default is true.
  
  Index settings
- data_stream string
- lifecycle object
  
  Data stream lifecycle applicable if this is a data stream.
  Hide lifecycle attributes Show lifecycle attributes object
  
  data_retention string
  
  If defined, every document added to this data stream will be stored at least for this time frame. Any time after this duration the document could be deleted. When empty, every document in this data stream will be stored indefinitely.
  
  External documentation
  
  downsampling object
  
  The downsampling configuration to execute for the managed backing index after rollover.
  
  Hide downsampling attribute Show downsampling attribute object
  
  rounds array[object] Required
  
  The list of downsampling rounds to execute as part of this downsampling configuration
  
  enabled boolean
  
  If defined, it turns data stream lifecycle on/off (true/false) for this data stream. A data stream lifecycle that's disabled (enabled: false) will have no effect on the data stream.
  
  Default value is true.
version number

Version number used to manage component templates externally. This number isn't automatically generated or incremented by Elasticsearch. To unset a version, replace the template without specifying a version.
_meta object

Optional user metadata about the component template. It may have any contents. This map is not automatically generated by Elasticsearch. This information is stored in the cluster state, so keeping it short is preferable. To unset _meta, replace the template without specifying this information.
Hide _meta attribute Show _meta attribute object
- * object Additional properties
deprecated boolean

Marks this index template as deprecated. When creating or updating a non-deprecated index template that uses deprecated components, Elasticsearch will emit a deprecation warning.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_component_template/{name}

PUT _component_template/template_1
{
  "template": {
    "settings": {
      "number_of_shards": 1
    },
    "mappings": {
      "_source": {
        "enabled": false
      },
      "properties": {
        "host_name": {
          "type": "keyword"
        },
        "created_at": {
          "type": "date",
          "format": "EEE MMM dd HH:mm:ss Z yyyy"
        }
      }
    }
  }
}

resp = client.cluster.put_component_template(
    name="template_1",
    template={
        "settings": {
            "number_of_shards": 1
        },
        "mappings": {
            "_source": {
                "enabled": False
            },
            "properties": {
                "host_name": {
                    "type": "keyword"
                },
                "created_at": {
                    "type": "date",
                    "format": "EEE MMM dd HH:mm:ss Z yyyy"
                }
            }
        }
    },
)

const response = await client.cluster.putComponentTemplate({
  name: "template_1",
  template: {
    settings: {
      number_of_shards: 1,
    },
    mappings: {
      _source: {
        enabled: false,
      },
      properties: {
        host_name: {
          type: "keyword",
        },
        created_at: {
          type: "date",
          format: "EEE MMM dd HH:mm:ss Z yyyy",
        },
      },
    },
  },
});

response = client.cluster.put_component_template(
  name: "template_1",
  body: {
    "template": {
      "settings": {
        "number_of_shards": 1
      },
      "mappings": {
        "_source": {
          "enabled": false
        },
        "properties": {
          "host_name": {
            "type": "keyword"
          },
          "created_at": {
            "type": "date",
            "format": "EEE MMM dd HH:mm:ss Z yyyy"
          }
        }
      }
    }
  }
)

$resp = $client->cluster()->putComponentTemplate([
    "name" => "template_1",
    "body" => [
        "template" => [
            "settings" => [
                "number_of_shards" => 1,
            ],
            "mappings" => [
                "_source" => [
                    "enabled" => false,
                ],
                "properties" => [
                    "host_name" => [
                        "type" => "keyword",
                    ],
                    "created_at" => [
                        "type" => "date",
                        "format" => "EEE MMM dd HH:mm:ss Z yyyy",
                    ],
                ],
            ],
        ],
    ],
]);

curl -X PUT -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"template":{"settings":{"number_of_shards":1},"mappings":{"_source":{"enabled":false},"properties":{"host_name":{"type":"keyword"},"created_at":{"type":"date","format":"EEE MMM dd HH:mm:ss Z yyyy"}}}}}' "$ELASTICSEARCH_URL/_component_template/template_1"

Request examples

{
  "template": {
    "settings": {
      "number_of_shards": 1
    },
    "mappings": {
      "_source": {
        "enabled": false
      },
      "properties": {
        "host_name": {
          "type": "keyword"
        },
        "created_at": {
          "type": "date",
          "format": "EEE MMM dd HH:mm:ss Z yyyy"
        }
      }
    }
  }
}

You can include index aliases in a component template. During index creation, the `{index}` placeholder in the alias name will be replaced with the actual index name that the template gets applied to.

{
  "template": null,
  "settings": {
    "number_of_shards": 1
  },
  "aliases": {
    "alias1": {},
    "alias2": {
      "filter": {
        "term": {
          "user.id": "kimchy"
        }
      },
      "routing": "shard-1"
    },
    "{index}-alias": {}
  }
}

Delete component templates Generally available; Added in 7.8.0

DELETE /_component_template/{name}

Api key auth Basic auth Bearer auth

Component templates are building blocks for constructing index templates that specify index mappings, settings, and aliases.

Required authorization

Cluster privileges: manage_index_templates

Path parameters

name string | array[string] Required

Comma-separated list or wildcard expression of component template names used to limit the request.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_component_template/{name}

DELETE _component_template/template_1

resp = client.cluster.delete_component_template(
    name="template_1",
)

const response = await client.cluster.deleteComponentTemplate({
  name: "template_1",
});

response = client.cluster.delete_component_template(
  name: "template_1"
)

$resp = $client->cluster()->deleteComponentTemplate([
    "name" => "template_1",
]);

curl -X DELETE -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_component_template/template_1"

client.cluster().deleteComponentTemplate(d -> d
    .name("template_1")
);

Check component templates Generally available; Added in 7.8.0

HEAD /_component_template/{name}

Api key auth Basic auth Bearer auth

Returns information about whether a particular component template exists.

Path parameters

name string | array[string] Required

Comma-separated list of component template names used to limit the request. Wildcard (*) expressions are supported.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

External documentation
local boolean

If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.

Responses

200 application/json

HEAD /_component_template/{name}

curl \
 --request HEAD 'http://api.example.com/_component_template/{name}' \
 --header "Authorization: $API_KEY"

Import a dangling index Generally available; Added in 7.9.0

POST /_dangling/{index_uuid}

Api key auth Basic auth Bearer auth

If Elasticsearch encounters index data that is absent from the current cluster state, those indices are considered to be dangling. For example, this can happen if you delete more than cluster.indices.tombstones.size indices while an Elasticsearch node is offline.

Required authorization

Cluster privileges: manage

Path parameters

index_uuid string Required

The UUID of the index to import. Use the get dangling indices API to locate the UUID.

Query parameters

accept_data_loss boolean Required

This parameter must be set to true to import a dangling index. Because Elasticsearch cannot know where the dangling index data came from or determine which shard copies are fresh and which are stale, it cannot guarantee that the imported data represents the latest state of the index when it was last in the cluster.
master_timeout string

Specify timeout for connection to master

External documentation
timeout string

Explicit operation timeout

External documentation

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_dangling/{index_uuid}

POST /_dangling/zmM4e0JtBkeUjiHD-MihPQ?accept_data_loss=true

resp = client.dangling_indices.import_dangling_index(
    index_uuid="zmM4e0JtBkeUjiHD-MihPQ",
    accept_data_loss=True,
)

const response = await client.danglingIndices.importDanglingIndex({
  index_uuid: "zmM4e0JtBkeUjiHD-MihPQ",
  accept_data_loss: "true",
});

response = client.dangling_indices.import_dangling_index(
  index_uuid: "zmM4e0JtBkeUjiHD-MihPQ",
  accept_data_loss: "true"
)

$resp = $client->danglingIndices()->importDanglingIndex([
    "index_uuid" => "zmM4e0JtBkeUjiHD-MihPQ",
    "accept_data_loss" => "true",
]);

curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_dangling/zmM4e0JtBkeUjiHD-MihPQ?accept_data_loss=true"

client.danglingIndices().importDanglingIndex(i -> i
    .acceptDataLoss(true)
    .indexUuid("zmM4e0JtBkeUjiHD-MihPQ")
);

Response examples (200)

A successful response from `POST /_dangling/zmM4e0JtBkeUjiHD-MihPQ?accept_data_loss=true`.

{
  "acknowledged": true
}

Get the dangling indices Generally available; Added in 7.9.0

GET /_dangling

Api key auth Basic auth Bearer auth

If Elasticsearch encounters index data that is absent from the current cluster state, those indices are considered to be dangling. For example, this can happen if you delete more than cluster.indices.tombstones.size indices while an Elasticsearch node is offline.

Use this API to list dangling indices, which you can then import or delete.

Required authorization

Cluster privileges: manage

Responses

200 application/json
Hide response attribute Show response attribute object
- dangling_indices array[object] Required
  
  Hide dangling_indices attributes Show dangling_indices attributes object
  
  index_name string Required
  
  index_uuid string Required
  
  creation_date_millis number
  
  Time unit for milliseconds
  
  node_ids string | array[string]
  
  One of:
  Id string array-2 array[string]

GET /_dangling

GET /_dangling

resp = client.dangling_indices.list_dangling_indices()

const response = await client.danglingIndices.listDanglingIndices();

response = client.dangling_indices.list_dangling_indices

$resp = $client->danglingIndices()->listDanglingIndices();

curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_dangling"

client.danglingIndices().listDanglingIndices();

Response examples (200)

{
  "dangling_indices": [
   {
    "index_name": "my-index-000001",
    "index_uuid": "zmM4e0JtBkeUjiHD-MihPQ",
    "creation_date_millis": 1589414451372,
    "node_ids": [
      "pL47UN3dAb2d5RCWP6lQ3e"
    ]
   }
  ]
}

Elasticsearch API

Documentation source and versions

Autoscaling

Create a behavioral analytics collection Technical preview; Added in 8.8.0

Path parameters

Responses

Delete a behavioral analytics collection Technical preview; Added in 8.8.0

Path parameters

Responses

Get the cluster health status Generally available

Required authorization

Query parameters

Responses

epoch number | string

Get index information Generally available

Required authorization

Path parameters

Query parameters

Responses

docs.count string | null

docs.deleted string | null

store.size string | null

pri.store.size string | null

dataset.size string | null

Get data frame analytics jobs Generally available; Added in 7.7.0

Required authorization

Path parameters

Query parameters

Responses

Get pending task information Generally available

Required authorization

Query parameters

Responses

Get plugin information Generally available

Required authorization

Query parameters

Responses

Get segment information Generally available

Required authorization

Path parameters

Query parameters

Responses

size number | string

size.memory number | string

Get snapshot information Generally available; Added in 2.1.0

Required authorization

Path parameters

Query parameters

Responses

start_epoch number | string

start_time string | object

end_epoch number | string

Get thread pool statistics Generally available

Required authorization

Path parameters

Query parameters

Responses

core string | null

max string | null

size string | null

keep_alive string | null

Get transform information Generally available; Added in 7.7.0

Required authorization

Path parameters

Query parameters

Responses

checkpoint_progress string | null

last_search_time string | null

changes_last_detection_time string | null

Cluster

Update the cluster settings Generally available

Query parameters

Body Required

Responses

Get the cluster health status Generally available; Added in 1.3.0

Required authorization

Path parameters

Query parameters

Responses

Get cluster info Generally available; Added in 8.9.0