Get multiple term vectors

GET /_mtermvectors
Api key auth Basic auth Bearer auth

Get multiple term vectors with a single request. You can specify existing documents by index and ID or provide artificial documents in the body of the request. You can specify the index in the request body or request URI. The response contains a docs array with all the fetched termvectors. Each element has the structure provided by the termvectors API.

Artificial documents

You can also use mtermvectors to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified _index.

Query parameters

  • ids array[string]

    A comma-separated list of documents ids. You must define ids as parameter or set "ids" or "docs" in the request body

  • fields string | array[string]

    A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.

  • field_statistics boolean

    If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.

  • offsets boolean

    If true, the response includes term offsets.

  • payloads boolean

    If true, the response includes term payloads.

  • positions boolean

    If true, the response includes term positions.

  • preference string

    The node or shard the operation should be performed on. It is random by default.

  • realtime boolean

    If true, the request is real-time as opposed to near-real-time.

  • routing string

    A custom value used to route operations to a specific shard.

  • term_statistics boolean

    If true, the response includes term frequency and document frequency.

  • version number

    If true, returns the document version as part of a hit.

  • version_type string

    The version type.

    Values are internal, external, external_gte, or force.

application/json

Body

  • docs array[object]

    An array of existing or artificial documents.

    Hide docs attributes Show docs attributes object
    • _id string
    • _index string
    • doc object

      An artificial document (a document not present in the index) for which you want to retrieve term vectors.

    • fields string | array[string]
    • field_statistics boolean

      If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies.

    • filter object
      Hide filter attributes Show filter attributes object
      • max_doc_freq number

        Ignore words which occur in more than this many docs. Defaults to unbounded.

      • max_num_terms number

        The maximum number of terms that must be returned per field.

      • max_term_freq number

        Ignore words with more than this frequency in the source doc. It defaults to unbounded.

      • max_word_length number

        The maximum word length above which words will be ignored. Defaults to unbounded.

      • min_doc_freq number

        Ignore terms which do not occur in at least this many docs.

      • min_term_freq number

        Ignore words with less than this frequency in the source doc.

      • min_word_length number

        The minimum word length below which words will be ignored.

    • offsets boolean

      If true, the response includes term offsets.

    • payloads boolean

      If true, the response includes term payloads.

    • positions boolean

      If true, the response includes term positions.

    • routing string
    • term_statistics boolean

      If true, the response includes term frequency and document frequency.

    • version number
    • version_type string

      Values are internal, external, external_gte, or force.

  • ids array[string]

    A simplified syntax to specify documents by their ID if they're in the same index.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
GET /_mtermvectors 
curl \
 --request GET 'http://api.example.com/_mtermvectors' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"docs\": [\n      {\n        \"_id\": \"2\",\n        \"fields\": [\n            \"message\"\n        ],\n        \"term_statistics\": true\n      },\n      {\n        \"_id\": \"1\"\n      }\n  ]\n}"'
Request examples
Run `POST /my-index-000001/_mtermvectors`. When you specify an index in the request URI, the index does not need to be specified for each documents in the request body. 
{
  "docs": [
      {
        "_id": "2",
        "fields": [
            "message"
        ],
        "term_statistics": true
      },
      {
        "_id": "1"
      }
  ]
}
Run `POST /my-index-000001/_mtermvectors`. If all requested documents are in same index and the parameters are the same, you can use a simplified syntax. 
{
  "ids": [ "1", "2" ],
  "fields": [
    "message"
  ],
  "term_statistics": true
}
Run `POST /_mtermvectors` to generate term vectors for artificial documents provided in the body of the request. The mapping used is determined by the specified `_index`. 
{
  "docs": [
      {
        "_index": "my-index-000001",
        "doc" : {
            "message" : "test test test"
        }
      },
      {
        "_index": "my-index-000001",
        "doc" : {
          "message" : "Another test ..."
        }
      }
  ]
}
Response examples (200) 
{
  "docs": [
    {
      "_id": "string",
      "_index": "string",
      "_version": 42.0,
      "took": 42.0,
      "found": true,
      "term_vectors": {
        "additionalProperty1": {
          "field_statistics": {
            "doc_count": 42.0,
            "sum_doc_freq": 42.0,
            "sum_ttf": 42.0
          },
          "terms": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          }
        },
        "additionalProperty2": {
          "field_statistics": {
            "doc_count": 42.0,
            "sum_doc_freq": 42.0,
            "sum_ttf": 42.0
          },
          "terms": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          }
        }
      },
      "error": {
        "type": "string",
        "reason": "string",
        "stack_trace": "string",
        "caused_by": {},
        "root_cause": [
          {}
        ],
        "suppressed": [
          {}
        ]
      }
    }
  ]
}

Create an Amazon Bedrock inference endpoint Added in 8.12.0

PUT /_inference/{task_type}/{amazonbedrock_inference_id}
Api key auth Basic auth Bearer auth

Creates an inference endpoint to perform an inference task with the amazonbedrock service.


You need to provide the access and secret keys only once, during the inference model creation. The get inference API does not retrieve your access or secret keys. After creating the inference model, you cannot change the associated key pairs. If you want to use a different access and secret key pair, delete the inference model and recreate it with the same name and the updated keys.

When you create an inference endpoint, the associated machine learning model is automatically deployed if it is not already running. After creating the endpoint, wait for the model deployment to complete before using it. To verify the deployment status, use the get trained model statistics API. Look for "state": "fully_allocated" in the response and ensure that the "allocation_count" matches the "target_allocation_count". Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.

Path parameters

  • task_type string Required

    The type of the inference task that the model will perform.

    Values are completion or text_embedding.

  • amazonbedrock_inference_id string Required

    The unique identifier of the inference endpoint.

application/json

Body

  • chunking_settings object
    Hide chunking_settings attributes Show chunking_settings attributes object
    • max_chunk_size number

      The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).

    • overlap number

      The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.

    • sentence_overlap number

      The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.

    • strategy string

      The chunking strategy: sentence or word.

  • service string Required

    Value is amazonbedrock.

  • service_settings object Required
    Hide service_settings attributes Show service_settings attributes object
    • access_key string Required

      A valid AWS access key that has permissions to use Amazon Bedrock and access to models for inference requests.

    • model string Required

      The base model ID or an ARN to a custom model based on a foundational model. The base model IDs can be found in the Amazon Bedrock documentation. Note that the model ID must be available for the provider chosen and your IAM user must have access to the model.

      External documentation
    • provider string

      The model provider for your deployment. Note that some providers may support only certain task types. Supported providers include:

      • amazontitan - available for text_embedding and completion task types
      • anthropic - available for completion task type only
      • ai21labs - available for completion task type only
      • cohere - available for text_embedding and completion task types
      • meta - available for completion task type only
      • mistral - available for completion task type only
    • region string Required

      The region that your model or ARN is deployed in. The list of available regions per model can be found in the Amazon Bedrock documentation.

      External documentation
    • rate_limit object
      Hide rate_limit attribute Show rate_limit attribute object
    • secret_key string Required

      A valid AWS secret key that is paired with the access_key. For informationg about creating and managing access and secret keys, refer to the AWS documentation.

      External documentation
  • task_settings object
    Hide task_settings attributes Show task_settings attributes object
    • max_new_tokens number

      For a completion task, it sets the maximum number for the output tokens to be generated.

    • temperature number

      For a completion task, it is a number between 0.0 and 1.0 that controls the apparent creativity of the results. At temperature 0.0 the model is most deterministic, at temperature 1.0 most random. It should not be used if top_p or top_k is specified.

    • top_k number

      For a completion task, it limits samples to the top-K most likely words, balancing coherence and variability. It is only available for anthropic, cohere, and mistral providers. It is an alternative to temperature; it should not be used if temperature is specified.

    • top_p number

      For a completion task, it is a number in the range of 0.0 to 1.0, to eliminate low-probability tokens. Top-p uses nucleus sampling to select top tokens whose sum of likelihoods does not exceed a certain value, ensuring both variety and coherence. It is an alternative to temperature; it should not be used if temperature is specified.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • chunking_settings object
      Hide chunking_settings attributes Show chunking_settings attributes object
      • max_chunk_size number

        The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).

      • overlap number

        The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.

      • sentence_overlap number

        The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.

      • strategy string

        The chunking strategy: sentence or word.

    • service string Required

      The service type

    • service_settings object Required
    • task_settings object
    • inference_id string Required

      The inference Id

    • task_type string Required

      Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.
PUT /_inference/{task_type}/{amazonbedrock_inference_id} 
curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{amazonbedrock_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"amazonbedrock\",\n    \"service_settings\": {\n        \"access_key\": \"AWS-access-key\",\n        \"secret_key\": \"AWS-secret-key\",\n        \"region\": \"us-east-1\",\n        \"provider\": \"amazontitan\",\n        \"model\": \"amazon.titan-embed-text-v2:0\"\n    }\n}"'
Request examples
Run `PUT _inference/text_embedding/amazon_bedrock_embeddings` to create an inference endpoint that performs a text embedding task. 
{
    "service": "amazonbedrock",
    "service_settings": {
        "access_key": "AWS-access-key",
        "secret_key": "AWS-secret-key",
        "region": "us-east-1",
        "provider": "amazontitan",
        "model": "amazon.titan-embed-text-v2:0"
    }
}
Run `PUT _inference/completion/openai-completion` to create an inference endpoint to perform a completion task type. 
{
    "service": "openai",
    "service_settings": {
        "api_key": "OpenAI-API-Key",
        "model_id": "gpt-3.5-turbo"
    }
}
Response examples (200) 
{
  "chunking_settings": {
    "max_chunk_size": 42.0,
    "overlap": 42.0,
    "sentence_overlap": 42.0,
    "strategy": "string"
  },
  "service": "string",
  "service_settings": {},
  "task_settings": {},
  "inference_id": "string",
  "task_type": "sparse_embedding"
}

Delete a filter Added in 5.4.0

DELETE /_ml/filters/{filter_id}
Api key auth Basic auth Bearer auth

If an anomaly detection job references the filter, you cannot delete the filter. You must update or delete the job before you can delete the filter.

Path parameters

  • filter_id string Required

    A string that uniquely identifies a filter.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • acknowledged boolean Required

      For a successful response, this value is always true. On failure, an exception is returned instead.
DELETE /_ml/filters/{filter_id} 
curl \
 --request DELETE 'http://api.example.com/_ml/filters/{filter_id}' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response when deleting a filter. 
{
  "acknowledged": true
}

Get async search results Added in 7.7.0

GET /_async_search/{id}
Api key auth Basic auth Bearer auth

Retrieve the results of a previously submitted asynchronous search request. If the Elasticsearch security features are enabled, access to the results of a specific async search is restricted to the user or API key that submitted it.

Path parameters

  • id string Required

    A unique identifier for the async search.

Query parameters

  • keep_alive string

    The length of time that the async search should be available in the cluster. When not specified, the keep_alive set with the corresponding submit async request will be used. Otherwise, it is possible to override the value and extend the validity of the request. When this period expires, the search, if still running, is cancelled. If the search is completed, its saved results are deleted.

  • typed_keys boolean

    Specify whether aggregation and suggester names should be prefixed by their respective types in the response

  • wait_for_completion_timeout string

    Specifies to wait for the search to be completed up until the provided timeout. Final results will be returned if available before the timeout expires, otherwise the currently available results will be returned once the timeout expires. By default no timeout is set meaning that the currently available results will be returned without any additional wait.

Responses

GET /_async_search/{id} 
curl \
 --request GET 'http://api.example.com/_async_search/{id}' \
 --header "Authorization: $API_KEY"
Response examples (200)
A succesful response from `GET /_async_search/FmRldE8zREVEUzA2ZVpUeGs2ejJFUFEaMkZ5QTVrSTZSaVN3WlNFVmtlWHJsdzoxMDc=`. 
{
  "id" : "FmRldE8zREVEUzA2ZVpUeGs2ejJFUFEaMkZ5QTVrSTZSaVN3WlNFVmtlWHJsdzoxMDc=",
  "is_partial" : false, 
  "is_running" : false, 
  "start_time_in_millis" : 1583945890986,
  "expiration_time_in_millis" : 1584377890986, 
  "completion_time_in_millis" : 1583945903130, 
  "response" : {
    "took" : 12144,
    "timed_out" : false,
    "num_reduce_phases" : 46, 
    "_shards" : {
      "total" : 562,
      "successful" : 188, 
      "skipped" : 0,
      "failed" : 0
    },
    "hits" : {
      "total" : {
        "value" : 456433,
        "relation" : "eq"
      },
      "max_score" : null,
      "hits" : [ ]
    },
    "aggregations" : { 
      "sale_date" :  {
        "buckets" : []
      }
    }
  }
}

Get users

GET /_security/user/{username}
Api key auth Basic auth Bearer auth

Get information about users in the native realm and built-in users.

Path parameters

  • username string | array[string] Required

    An identifier for the user. You can specify multiple usernames as a comma-separated list. If you omit this parameter, the API retrieves information about all users.

Query parameters

  • with_profile_uid boolean

    Determines whether to retrieve the user profile UID, if it exists, for the users.

Responses

GET /_security/user/{username} 
curl \
 --request GET 'http://api.example.com/_security/user/{username}' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response from `GET /_security/user/jacknich?with_profile_uid=true`. It includes the user `profile_uid` as part of the response. 
{
  "jacknich": {
    "username": "jacknich",
    "roles": [
      "admin", "other_role1"
    ],
    "full_name": "Jack Nicholson",
    "email": "jacknich@example.com",
    "metadata": { "intelligence" : 7 },
    "enabled": true,
    "profile_uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0"
  }
}

Get service accounts Added in 7.13.0

GET /_security/service/{namespace}
Api key auth Basic auth Bearer auth

Get a list of service accounts that match the provided path parameters.

NOTE: Currently, only the elastic/fleet-server service account is available.

External documentation

Path parameters

  • namespace string Required

    The name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the service parameter.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties
      Hide * attribute Show * attribute object
      • role_descriptor object Required
        Hide role_descriptor attributes Show role_descriptor attributes object
        • cluster array[string] Required

          A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

        • indices array[object] Required

          A list of indices permissions entries.

          Hide indices attributes Show indices attributes object
          • field_security object
            Hide field_security attributes Show field_security attributes object

          • names string | array[string]

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
          • allow_restricted_indices boolean

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

        • remote_indices array[object]

          A list of indices permissions for remote clusters.

          Hide remote_indices attributes Show remote_indices attributes object
          • clusters string | array[string] Required
          • field_security object
            Hide field_security attributes Show field_security attributes object

          • names string | array[string]

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
          • allow_restricted_indices boolean

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

        • remote_cluster array[object]

          A list of cluster permissions for remote clusters. NOTE: This is limited a subset of the cluster permissions.

          Hide remote_cluster attributes Show remote_cluster attributes object
          • clusters string | array[string] Required
          • privileges array[string] Required

            The cluster level privileges that owners of the role have on the remote cluster.

            Values are monitor_enrich or monitor_stats.

        • global array[object] | object

          An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.

          One of:
          array-1 array[object] GlobalPrivilege object
          Hide attribute Show attribute object
        • applications array[object]

          A list of application privilege entries

          Hide applications attributes Show applications attributes object
          • application string Required

            The name of the application to which this entry applies.

          • privileges array[string] Required

            A list of strings, where each element is the name of an application privilege or action.

          • resources array[string] Required

            A list resources to which the privileges are applied.

        • metadata object
          Hide metadata attribute Show metadata attribute object
          • * object Additional properties
        • run_as array[string]

          A list of users that the API keys can impersonate.

        • description string

          An optional description of the role descriptor.

        • restriction object
          Hide restriction attribute Show restriction attribute object
          • workflows array[string] Required

            A list of workflows to which the API key is restricted. NOTE: In order to use a role restriction, an API key must be created with a single role descriptor.

        • transient_metadata object
          Hide transient_metadata attribute Show transient_metadata attribute object
          • * object Additional properties
GET /_security/service/{namespace} 
curl \
 --request GET 'http://api.example.com/_security/service/{namespace}' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response from `GET /_security/service/elastic/fleet-server`. The response contains information about the `elastic/fleet-server` service account. 
{
  "elastic/fleet-server": {
    "role_descriptor": {
      "cluster": [
        "monitor",
        "manage_own_api_key",
        "read_fleet_secrets"
      ],
      "indices": [
        {
          "names": [
            "logs-*",
            "metrics-*",
            "traces-*",
            ".logs-endpoint.diagnostic.collection-*",
            ".logs-endpoint.action.responses-*",
            ".logs-endpoint.heartbeat-*"
          ],
          "privileges": [
            "write",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            "profiling-*"
          ],
          "privileges": [
            "read",
            "write"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            "traces-apm.sampled-*"
          ],
          "privileges": [
            "read",
            "monitor",
            "maintenance"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            ".fleet-secrets*"
          ],
          "privileges": [
            "read"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-actions*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-agents*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-artifacts*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-enrollment-api-keys*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-policies*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-policies-leader*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-servers*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-fileds*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            "synthetics-*"
          ],
          "privileges": [
            "read",
            "write",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        }
      ],
      "applications": [
        {
          "application": "kibana-*",
          "privileges": [
            "reserved_fleet-setup"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    }
  }
}

Get service accounts Added in 7.13.0

GET /_security/service
Api key auth Basic auth Bearer auth

Get a list of service accounts that match the provided path parameters.

NOTE: Currently, only the elastic/fleet-server service account is available.

External documentation

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • * object Additional properties
      Hide * attribute Show * attribute object
      • role_descriptor object Required
        Hide role_descriptor attributes Show role_descriptor attributes object
        • cluster array[string] Required

          A list of cluster privileges. These privileges define the cluster level actions that API keys are able to execute.

        • indices array[object] Required

          A list of indices permissions entries.

          Hide indices attributes Show indices attributes object
          • field_security object
            Hide field_security attributes Show field_security attributes object

          • names string | array[string]

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
          • allow_restricted_indices boolean

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

        • remote_indices array[object]

          A list of indices permissions for remote clusters.

          Hide remote_indices attributes Show remote_indices attributes object
          • clusters string | array[string] Required
          • field_security object
            Hide field_security attributes Show field_security attributes object

          • names string | array[string]

            A list of indices (or index name patterns) to which the permissions in this entry apply.

            One of:
            IndexName string array-2 array[string]
          • privileges array[string] Required

            The index level privileges that owners of the role have on the specified indices.

          • query string | object

            While creating or updating a role you can provide either a JSON structure or a string to the API. However, the response provided by Elasticsearch will only be string with a json-as-text content.

            Since this is embedded in IndicesPrivileges, the same structure is used for clarity in both contexts.

            One of:
            IndicesPrivilegesQuery string QueryContainer object RoleTemplateQuery object
          • allow_restricted_indices boolean

            Set to true if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the names list, Elasticsearch checks privileges against these indices regardless of the value set for allow_restricted_indices.

        • remote_cluster array[object]

          A list of cluster permissions for remote clusters. NOTE: This is limited a subset of the cluster permissions.

          Hide remote_cluster attributes Show remote_cluster attributes object
          • clusters string | array[string] Required
          • privileges array[string] Required

            The cluster level privileges that owners of the role have on the remote cluster.

            Values are monitor_enrich or monitor_stats.

        • global array[object] | object

          An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.

          One of:
          array-1 array[object] GlobalPrivilege object
          Hide attribute Show attribute object
        • applications array[object]

          A list of application privilege entries

          Hide applications attributes Show applications attributes object
          • application string Required

            The name of the application to which this entry applies.

          • privileges array[string] Required

            A list of strings, where each element is the name of an application privilege or action.

          • resources array[string] Required

            A list resources to which the privileges are applied.

        • metadata object
          Hide metadata attribute Show metadata attribute object
          • * object Additional properties
        • run_as array[string]

          A list of users that the API keys can impersonate.

        • description string

          An optional description of the role descriptor.

        • restriction object
          Hide restriction attribute Show restriction attribute object
          • workflows array[string] Required

            A list of workflows to which the API key is restricted. NOTE: In order to use a role restriction, an API key must be created with a single role descriptor.

        • transient_metadata object
          Hide transient_metadata attribute Show transient_metadata attribute object
          • * object Additional properties
GET /_security/service 
curl \
 --request GET 'http://api.example.com/_security/service' \
 --header "Authorization: $API_KEY"
Response examples (200)
A successful response from `GET /_security/service/elastic/fleet-server`. The response contains information about the `elastic/fleet-server` service account. 
{
  "elastic/fleet-server": {
    "role_descriptor": {
      "cluster": [
        "monitor",
        "manage_own_api_key",
        "read_fleet_secrets"
      ],
      "indices": [
        {
          "names": [
            "logs-*",
            "metrics-*",
            "traces-*",
            ".logs-endpoint.diagnostic.collection-*",
            ".logs-endpoint.action.responses-*",
            ".logs-endpoint.heartbeat-*"
          ],
          "privileges": [
            "write",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            "profiling-*"
          ],
          "privileges": [
            "read",
            "write"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            "traces-apm.sampled-*"
          ],
          "privileges": [
            "read",
            "monitor",
            "maintenance"
          ],
          "allow_restricted_indices": false
        },
        {
          "names": [
            ".fleet-secrets*"
          ],
          "privileges": [
            "read"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-actions*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-agents*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-artifacts*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-enrollment-api-keys*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-policies*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-policies-leader*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-servers*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            ".fleet-fileds*"
          ],
          "privileges": [
            "read",
            "write",
            "monitor",
            "create_index",
            "auto_configure",
            "maintenance"
          ],
          "allow_restricted_indices": true
        },
        {
          "names": [
            "synthetics-*"
          ],
          "privileges": [
            "read",
            "write",
            "create_index",
            "auto_configure"
          ],
          "allow_restricted_indices": false
        }
      ],
      "applications": [
        {
          "application": "kibana-*",
          "privileges": [
            "reserved_fleet-setup"
          ],
          "resources": [
            "*"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      }
    }
  }
}