Create data view API | Kibana Guide [8.4]

› › ›

« Get data view API Update data view API »

Create data view APIedit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create data views.

Requestedit

POST <kibana host>:<port>/api/data_views/data_view

POST <kibana host>:<port>/s/<space_id>/api/data_views/data_view

Path parametersedit

space_id: (Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request bodyedit

override: (Optional, boolean) Overrides an existing data view if a data view with the provided title already exists. The default is false.
data_view: (Required, object) The data view object. All fields are optional.

Response codeedit

200: Indicates a successful call.

Examplesedit

To explore the data in the logstash-* indices, create a data view:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
     "title": "logstash-*",
     "name": "My Logstash Data View"
  }
}

To create custom field formats, use the data_view.fieldFormats property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 2",
    "fieldFormats": {
      "event_time": {
        "id": "date_nanos"
      },
      "machine.ram": {
        "id": "number",
        "params": {
          "pattern": "0,0.[000] b"
        }
      }
    }
  }
}

To create custom labels, use the data_view.fieldAttrs property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 3",
    "fieldAttrs": {
      "utc_time": {
        "customLabel": "Time (UTC)"
      }
    }
  }
}

To create a data view with runtime fields, use the data_view.runtimeFieldMap property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 3",
    "runtimeFieldMap": {
      "runtime_shape_name": {
        "type": "keyword",
        "script": {
          "source": "emit(doc['shape_name'].value)"
        }
      }
    }
  }
}

To create data views based on rollup indices, use the data_view.type and data_view.typeMeta properties :

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash rollup data view",
    "type": "rollup",
    "typeMeta": {
      "params": {
        "rollup_index": "rollup_logstash"
      },
      "aggs": {
        "terms": {
          "geo.dest": { "agg": "terms" },
          "extension.keyword": { "agg": "terms" },
          "geo.src": { "agg": "terms" },
          "machine.os.keyword": { "agg": "terms" }
        },
        "date_histogram": {
          "@timestamp": {
            "agg": "date_histogram",
            "fixed_interval": "20m",
            "delay": "10m",
            "time_zone": "UTC"
          }
        },
        "avg": {
          "memory": { "agg": "avg" },
          "bytes": { "agg": "avg" }
        },
        "max": { "memory": { "agg": "max" } },
        "min": { "memory": { "agg": "min" } },
        "sum": { "memory": { "agg": "sum" } },
        "value_count": { "memory": { "agg": "value_count" } },
        "histogram": {
          "machine.ram": {
            "agg": "histogram",
            "interval": 5
          }
        }
      }
    }
  }
}

The API returns the data view object:

{
    "data_view": {...}
}

Properties of the `data_view` object:edit

title

(Optional, string) Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (*).

name

(Optional, string) The data view name.

id

(Optional, string) Saved object ID.

type

(Optional, string) When set to rollup, identifies the rollup data views.

typeMeta

(Optional, object) When you use rollup indices, contains the field list for the rollup data view API endpoints.

Properties of the typeMeta objects:

aggs: (Required, object) A map of rollup restrictions by aggregation type and field name.
params: (Required, object) Properties for retrieving rollup fields.

timeFieldName

(Optional, string) Timestamp field name, which you use for time-based data views.

sourceFilters

(Optional, string[]) Array of field names you want to filter out in Discover.

fieldAttrs

(Optional, object) Map of field attributes by field name.

Properties of the fieldAttrs[fieldName] objects:

customLabel: (Optional, string) Custom label for the field.
count: (Optional, number) Popularity count for the field.

runtimeFieldMap

(Optional, object) Map of runtime field definitions by field name.

Properties of the runtimeFieldMap[fieldName] objects:

type: (Required, string) Mapping type of the runtime field. For more information, check Field data types.
script.source: (Required, string) Script of the runtime field.

fieldFormats

(Optional, object) Map of field formats by field name.

allowNoIndex

(Optional, boolean) Allows the data view saved object to exist before the data is available.

namespaces

(Optional, string[]) Array of space IDs for sharing the data view between multiple spaces.