Run a search

Get data frame analytics jobs Added in 7.7.0

GET /_cat/ml/data_frame/analytics/{id}

Get configuration and usage information about data frame analytics jobs.

IMPORTANT: CAT APIs are only intended for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, use the get data frame analytics jobs statistics API.

Path parameters

id string Required

The ID of the data frame analytics to fetch

Query parameters

allow_no_match boolean

Whether to ignore if a wildcard expression matches no configs. (This includes _all string or when no configs have been specified)
bytes string

The unit in which to display byte values

Values are b, kb, mb, gb, tb, or pb.
h string | array[string]

Comma-separated list of column names to display.
s string | array[string]

Comma-separated list of column names or column aliases used to sort the response.
time string

Unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
- type string
  
  The type of analysis that the job performs.
- create_time string
  
  The time when the job was created.
- version string
- source_index string
- dest_index string
- description string
  
  A description of the job.
- model_memory_limit string
  
  The approximate maximum amount of memory resources that are permitted for the job.
- state string
  
  The current status of the job.
- failure_reason string
  
  Messages about the reason why the job failed.
- progress string
  
  The progress report for the job by phase.
- assignment_explanation string
  
  Messages related to the selection of a node.
- node.id string
- node.name string
- node.ephemeral_id string
- node.address string
  
  The network address of the assigned node.

GET /_cat/ml/data_frame/analytics/{id}

curl \
 --request GET 'http://api.example.com/_cat/ml/data_frame/analytics/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET _cat/ml/data_frame/analytics?v=true&format=json`.

[
  {
    "id": "classifier_job_1",
    "type": "classification",
    "create_time": "2020-02-12T11:49:09.594Z",
    "state": "stopped"
  },
    {
    "id": "classifier_job_2",
    "type": "classification",
    "create_time": "2020-02-12T11:49:14.479Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_3",
    "type": "classification",
    "create_time": "2020-02-12T11:49:16.928Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_4",
    "type": "classification",
    "create_time": "2020-02-12T11:49:19.127Z",
    "state": "stopped"
  },
  {
    "id": "classifier_job_5",
    "type": "classification",
    "create_time": "2020-02-12T11:49:21.349Z",
    "state": "stopped"
  }
]

Get task information Technical preview

GET /_cat/tasks

Api key auth Basic auth Bearer auth

Get information about tasks currently running in the cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the task management API.

Query parameters

actions array[string]

The task action names, which are used to limit the response.
detailed boolean

If true, the response includes detailed information about shard recoveries.
nodes array[string]

Unique node identifiers, which are used to limit the response.
parent_task_id string

The parent task identifier, which is used to limit the response.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
time string

Unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
wait_for_completion boolean

If true, the request blocks until the task has completed.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
- action string
  
  The task action.
- task_id string
- parent_task_id string
  
  The parent task identifier.
- type string
  
  The task type.
- start_time string
  
  The start time in milliseconds.
- timestamp string
  
  The start time in HH:MM:SS format.
- running_time_ns string
  
  The running time in nanoseconds.
- running_time string
  
  The running time.
- node_id string
- ip string
  
  The IP address for the node.
- port string
  
  The bound transport port for the node.
- node string
  
  The node name.
- version string
- x_opaque_id string
  
  The X-Opaque-ID header.
- description string
  
  The task action description.

GET /_cat/tasks

curl \
 --request GET 'http://api.example.com/_cat/tasks' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET _cat/tasks?v=true&format=json`.

[
  {
    "action": "cluster:monitor/tasks/lists[n]",
    "task_id": "oTUltX4IQMOUUVeiohTt8A:124",
    "parent_task_id": "oTUltX4IQMOUUVeiohTt8A:123",
    "type": "direct",
    "start_time": "1458585884904",
    "timestamp": "01:48:24",
    "running_time": "44.1micros",
    "ip": "127.0.0.1:9300",
    "node": "oTUltX4IQMOUUVeiohTt8A"
  },
  {
    "action": "cluster:monitor/tasks/lists",
    "task_id": "oTUltX4IQMOUUVeiohTt8A:123",
    "parent_task_id": "-",
    "type": "transport",
    "start_time": "1458585884904",
    "timestamp": "01:48:24",
    "running_time": "186.2micros",
    "ip": "127.0.0.1:9300",
    "node": "oTUltX4IQMOUUVeiohTt8A"
  }
]

Get thread pool statistics

GET /_cat/thread_pool

Api key auth Basic auth Bearer auth

Get thread pool statistics for each node in a cluster. Returned information includes all built-in thread pools and custom thread pools. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the nodes info API.

Query parameters

h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
time string

The unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

Period to wait for a connection to the master node.

Responses

200 application/json
Hide response attributes Show response attributes object
- node_name string
  
  The node name.
- node_id string
- ephemeral_node_id string
  
  The ephemeral node identifier.
- pid string
  
  The process identifier.
- host string
  
  The host name for the current node.
- ip string
  
  The IP address for the current node.
- port string
  
  The bound transport port for the current node.
- name string
  
  The thread pool name.
- type string
  
  The thread pool type. Returned values include fixed, fixed_auto_queue_size, direct, and scaling.
- active string
  
  The number of active threads in the current thread pool.
- pool_size string
  
  The number of threads in the current thread pool.
- queue string
  
  The number of tasks currently in queue.
- queue_size string
  
  The maximum number of tasks permitted in the queue.
- rejected string
  
  The number of rejected tasks.
- largest string
  
  The highest number of active threads in the current thread pool.
- completed string
  
  The number of completed tasks.
- core string | null
  
  The core number of active threads allowed in a scaling thread pool.
  
  One of:
  string-1 string string-2 string | null
- max string | null
  
  The maximum number of active threads allowed in a scaling thread pool.
  
  One of:
  string-1 string string-2 string | null
- size string | null
  
  The number of active threads allowed in a fixed thread pool.
  
  One of:
  string-1 string string-2 string | null
- keep_alive string | null
  
  The thread keep alive time.
  
  One of:
  string-1 string string-2 string | null

GET /_cat/thread_pool

curl \
 --request GET 'http://api.example.com/_cat/thread_pool' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/thread_pool?format=json`.

[
  {
    "node_name": "node-0",
    "name": "analyze",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "fetch_shard_started",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "fetch_shard_store",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "flush",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  },
  {
    "node_name": "node-0",
    "name": "write",
    "active": "0",
    "queue": "0",
    "rejected": "0"
  }
]

A successful response from `GET /_cat/thread_pool/generic?v=true&h=id,name,active,rejected,completed&format=json`. It returns the `id`, `name`, `active`, `rejected`, and `completed` columns. It also limits returned information to the generic thread pool.

[
  {
    "id": "0EWUhXeBQtaVGlexUeVwMg",
    "name": "generic",
    "active": "0",
    "rejected": "0",
    "completed": "70"
  }
]

Reroute the cluster Added in 5.0.0

POST /_cluster/reroute

Api key auth Basic auth Bearer auth

Manually change the allocation of individual shards in the cluster. For example, a shard can be moved from one node to another explicitly, an allocation can be canceled, and an unassigned shard can be explicitly allocated to a specific node.

It is important to note that after processing any reroute commands Elasticsearch will perform rebalancing as normal (respecting the values of settings such as cluster.routing.rebalance.enable) in order to remain in a balanced state. For example, if the requested allocation includes moving a shard from node1 to node2 then this may cause a shard to be moved from node2 back to node1 to even things out.

The cluster can be set to disable allocations using the cluster.routing.allocation.enable setting. If allocations are disabled then the only allocations that will be performed are explicit ones given using the reroute command, and consequent allocations due to rebalancing.

The cluster will attempt to allocate a shard a maximum of index.allocation.max_retries times in a row (defaults to 5), before giving up and leaving the shard unallocated. This scenario can be caused by structural problems such as having an analyzer which refers to a stopwords file which doesn’t exist on all nodes.

Once the problem has been corrected, allocation can be manually retried by calling the reroute API with the ?retry_failed URI query parameter, which will attempt a single retry round for these shards.

Query parameters

dry_run boolean

If true, then the request simulates the operation. It will calculate the result of applying the commands to the current cluster state and return the resulting cluster state after the commands (and rebalancing) have been applied; it will not actually perform the requested changes.
explain boolean

If true, then the response contains an explanation of why the commands can or cannot run.
metric string | array[string]

Limits the information returned to the specified metrics.
retry_failed boolean

If true, then retries allocation of shards that are blocked due to too many subsequent allocation failures.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

application/json

Body

commands array[object]

Defines the commands to perform.
Hide commands attributes Show commands attributes object
- cancel object
  Hide cancel attributes Show cancel attributes object
  
  index string Required
  
  shard number Required
  
  node string Required
  
  allow_primary boolean
- move object
  Hide move attributes Show move attributes object
  
  index string Required
  
  shard number Required
  
  from_node string Required
  
  The node to move the shard from
  
  to_node string Required
  
  The node to move the shard to
- allocate_replica object
  Hide allocate_replica attributes Show allocate_replica attributes object
  
  index string Required
  
  shard number Required
  
  node string Required
- allocate_stale_primary object
  Hide allocate_stale_primary attributes Show allocate_stale_primary attributes object
  
  index string Required
  
  shard number Required
  
  node string Required
  
  accept_data_loss boolean Required
  
  If a node which has a copy of the data rejoins the cluster later on, that data will be deleted. To ensure that these implications are well-understood, this command requires the flag accept_data_loss to be explicitly set to true
- allocate_empty_primary object
  Hide allocate_empty_primary attributes Show allocate_empty_primary attributes object
  
  index string Required
  
  shard number Required
  
  node string Required
  
  accept_data_loss boolean Required
  
  If a node which has a copy of the data rejoins the cluster later on, that data will be deleted. To ensure that these implications are well-understood, this command requires the flag accept_data_loss to be explicitly set to true

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- explanations array[object]
  
  Hide explanations attributes Show explanations attributes object
  
  command string Required
  
  decisions array[object] Required
  
  Hide decisions attributes Show decisions attributes object
  
  decider string Required
  
  decision string Required
  
  explanation string Required
  
  parameters object Required
  
  Hide parameters attributes Show parameters attributes object
  
  allow_primary boolean Required
  
  index string Required
  
  node string Required
  
  shard number Required
  
  from_node string
  
  to_node string
- state object
  
  There aren't any guarantees on the output/structure of the raw cluster state. Here you will find the internal representation of the cluster, which can differ from the external representation.

POST /_cluster/reroute

curl \
 --request POST 'http://api.example.com/_cluster/reroute' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"commands\": [\n    {\n      \"move\": {\n        \"index\": \"test\", \"shard\": 0,\n        \"from_node\": \"node1\", \"to_node\": \"node2\"\n      }\n    },\n    {\n      \"allocate_replica\": {\n        \"index\": \"test\", \"shard\": 1,\n        \"node\": \"node3\"\n      }\n    }\n  ]\n}"'

Request example

Run `POST /_cluster/reroute?metric=none` to changes the allocation of shards in a cluster.

{
  "commands": [
    {
      "move": {
        "index": "test", "shard": 0,
        "from_node": "node1", "to_node": "node2"
      }
    },
    {
      "allocate_replica": {
        "index": "test", "shard": 1,
        "node": "node3"
      }
    }
  ]
}

Response examples (200)

{
  "acknowledged": true,
  "explanations": [
    {
      "command": "string",
      "decisions": [
        {
          "decider": "string",
          "decision": "string",
          "explanation": "string"
        }
      ],
      "parameters": {
        "allow_primary": true,
        "index": "string",
        "node": "string",
        "shard": 42.0,
        "from_node": "string",
        "to_node": "string"
      }
    }
  ],
  "state": {}
}

Update the connector features Technical preview

PUT /_connector/{connector_id}/_features

Api key auth Basic auth Bearer auth

Update the connector features in the connector document. This API can be used to control the following aspects of a connector:

document-level security
incremental syncs
advanced sync rules
basic sync rules

Normally, the running connector service automatically manages these features. However, you can use this API to override the default behavior.

To sync data using self-managed connectors, you need to deploy the Elastic connector service on your own infrastructure. This service runs automatically on Elastic Cloud for Elastic managed connectors.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated.

application/json

Body Required

features object Required
Hide features attributes Show features attributes object
- document_level_security object
  Hide document_level_security attribute Show document_level_security attribute object
  
  enabled boolean Required
- incremental_sync object
  Hide incremental_sync attribute Show incremental_sync attribute object
  
  enabled boolean Required
- native_connector_api_keys object
  Hide native_connector_api_keys attribute Show native_connector_api_keys attribute object
  
  enabled boolean Required
- sync_rules object
  Hide sync_rules attributes Show sync_rules attributes object
  
  advanced object
  
  Hide advanced attribute Show advanced attribute object
  
  enabled boolean Required
  
  basic object
  
  Hide basic attribute Show basic attribute object
  
  enabled boolean Required

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_features

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_features' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"features\": {\n    \"document_level_security\": {\n      \"enabled\": true\n    },\n    \"incremental_sync\": {\n      \"enabled\": true\n    },\n    \"sync_rules\": {\n      \"advanced\": {\n        \"enabled\": false\n      },\n      \"basic\": {\n        \"enabled\": true\n      }\n    }\n  }\n}"'

Request examples

{
  "features": {
    "document_level_security": {
      "enabled": true
    },
    "incremental_sync": {
      "enabled": true
    },
    "sync_rules": {
      "advanced": {
        "enabled": false
      },
      "basic": {
        "enabled": true
      }
    }
  }
}

{
  "features": {
    "document_level_security": {
      "enabled": true
    }
  }
}

Response examples (200)

{
  "result": "updated"
}

Update the connector name and description Beta

PUT /_connector/{connector_id}/_name

Api key auth Basic auth Bearer auth

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

name string
description string

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_name

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_name' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"name\": \"Custom connector\",\n    \"description\": \"This is my customized connector\"\n}"'

Request example

{
    "name": "Custom connector",
    "description": "This is my customized connector"
}

Response examples (200)

{
  "result": "updated"
}

Bulk index or delete documents

POST /_bulk

Api key auth Basic auth Bearer auth

Perform multiple index, create, delete, and update actions in a single request. This reduces overhead and can greatly increase indexing speed.

If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or index alias:

To use the create action, you must have the create_doc, create, index, or write index privilege. Data streams support only the create action.
To use the index action, you must have the create, index, or write index privilege.
To use the delete action, you must have the delete or write index privilege.
To use the update action, you must have the index or write index privilege.
To automatically create a data stream or index with a bulk API request, you must have the auto_configure, create_index, or manage index privilege.
To make the result of a bulk operation visible to search using the refresh parameter, you must have the maintenance or manage index privilege.

Automatic data stream creation requires a matching index template with data stream enabled.

The actions are specified in the request body using a newline delimited JSON (NDJSON) structure:

action_and_meta_data\n
optional_source\n
action_and_meta_data\n
optional_source\n
....
action_and_meta_data\n
optional_source\n

The index and create actions expect a source on the next line and have the same semantics as the op_type parameter in the standard index API. A create action fails if a document with the same ID already exists in the target An index action adds or replaces a document as necessary.

NOTE: Data streams support only the create action. To update or delete a document in a data stream, you must target the backing index containing the document.

An update action expects that the partial doc, upsert, and script and its options are specified on the next line.

A delete action does not expect a source on the next line and has the same semantics as the standard delete API.

NOTE: The final line of data must end with a newline character (\n). Each newline character may be preceded by a carriage return (\r). When sending NDJSON data to the _bulk endpoint, use a Content-Type header of application/json or application/x-ndjson. Because this format uses literal newline characters (\n) as delimiters, make sure that the JSON actions and sources are not pretty printed.

If you provide a target in the request path, it is used for any actions that don't explicitly specify an _index argument.

A note on the format: the idea here is to make processing as fast as possible. As some of the actions are redirected to other shards on other nodes, only action_meta_data is parsed on the receiving node side.

Client libraries using this protocol should try and strive to do something similar on the client side, and reduce buffering as much as possible.

There is no "correct" number of actions to perform in a single bulk request. Experiment with different settings to find the optimal size for your particular workload. Note that Elasticsearch limits the maximum size of a HTTP request to 100mb by default so clients must ensure that no request exceeds this size. It is not possible to index a single document that exceeds the size limit, so you must pre-process any such documents into smaller pieces before sending them to Elasticsearch. For instance, split documents into pages or chapters before indexing them, or store raw binary data in a system outside Elasticsearch and replace the raw data with a link to the external system in the documents that you send to Elasticsearch.

Client suppport for bulk requests

Some of the officially supported clients provide helpers to assist with bulk requests and reindexing:

Go: Check out esutil.BulkIndexer
Perl: Check out Search::Elasticsearch::Client::5_0::Bulk and Search::Elasticsearch::Client::5_0::Scroll
Python: Check out elasticsearch.helpers.*
JavaScript: Check out client.helpers.*
.NET: Check out BulkAllObservable
PHP: Check out bulk indexing.

Submitting bulk requests with cURL

If you're providing text file input to curl, you must use the --data-binary flag instead of plain -d. The latter doesn't preserve newlines. For example:

$ cat requests
{ "index" : { "_index" : "test", "_id" : "1" } }
{ "field1" : "value1" }
$ curl -s -H "Content-Type: application/x-ndjson" -XPOST localhost:9200/_bulk --data-binary "@requests"; echo
{"took":7, "errors": false, "items":[{"index":{"_index":"test","_id":"1","_version":1,"result":"created","forced_refresh":false}}]}

Optimistic concurrency control

Each index and delete action within a bulk API call may include the if_seq_no and if_primary_term parameters in their respective action and meta data lines. The if_seq_no and if_primary_term parameters control how operations are run, based on the last modification to existing documents. See Optimistic concurrency control for more details.

Versioning

Each bulk item can include the version value using the version field. It automatically follows the behavior of the index or delete operation based on the _version mapping. It also support the version_type.

Routing

Each bulk item can include the routing value using the routing field. It automatically follows the behavior of the index or delete operation based on the _routing mapping.

NOTE: Data streams do not support custom routing unless they were created with the allow_custom_routing setting enabled in the template.

Wait for active shards

When making bulk calls, you can set the wait_for_active_shards parameter to require a minimum number of shard copies to be active before starting to process the bulk request.

Refresh

Control when the changes made by this request are visible to search.

NOTE: Only the shards that receive the bulk request will be affected by refresh. Imagine a _bulk?refresh=wait_for request with three documents in it that happen to be routed to different shards in an index with five shards. The request will only wait for those three shards to refresh. The other two shards that make up the index do not participate in the _bulk request at all.

Query parameters

include_source_on_error boolean

True or false if to include the document source in the error message in case of parsing errors.
list_executed_pipelines boolean

If true, the response will include the ingest pipelines that were run for each index or create.
pipeline string

The pipeline identifier to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
refresh string

If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, wait for a refresh to make this operation visible to search. If false, do nothing with refreshes. Valid values: true, false, wait_for.

Values are true, false, or wait_for.
routing string

A custom value that is used to route operations to a specific shard.
_source boolean | string | array[string]

Indicates whether to return the _source field (true or false) or contains a list of fields to return.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored.
timeout string

The period each action waits for the following operations: automatic index creation, dynamic mapping updates, and waiting for active shards. The default is 1m (one minute), which guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default is 1, which waits for each primary shard to be active.
require_alias boolean

If true, the request's actions must target an index alias.
require_data_stream boolean

If true, the request's actions must target a data stream (existing or to be created).

application/json

Body object Required

index object
Hide index attributes Show index attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- dynamic_templates object
  
  A map from the full name of fields to the name of dynamic templates. It defaults to an empty map. If a name matches a dynamic template, that template will be applied regardless of other match predicates defined in the template. If a field is already defined in the mapping, then this parameter won't be used.
  Hide dynamic_templates attribute Show dynamic_templates attribute object
  
  * string Additional properties
- pipeline string
  
  The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
create object
Hide create attributes Show create attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- dynamic_templates object
  
  A map from the full name of fields to the name of dynamic templates. It defaults to an empty map. If a name matches a dynamic template, that template will be applied regardless of other match predicates defined in the template. If a field is already defined in the mapping, then this parameter won't be used.
  Hide dynamic_templates attribute Show dynamic_templates attribute object
  
  * string Additional properties
- pipeline string
  
  The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
update object
Hide update attributes Show update attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.
- require_alias boolean
  
  If true, the request's actions must target an index alias.
- retry_on_conflict number
  
  The number of times an update should be retried in the case of a version conflict.
delete object
Hide delete attributes Show delete attributes object
- _id string
- _index string
- routing string
- if_primary_term number
- if_seq_no number
- version number
- version_type string
  
  Values are internal, external, external_gte, or force.

detect_noop boolean

If true, the result in the response is set to 'noop' when no changes to the document occur.
doc object

A partial update to an existing document.
doc_as_upsert boolean

Set to true to use the contents of doc as the value of upsert.
script object
Hide script attributes Show script attributes object
- source string
  
  The script source.
- id string
- params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  Hide params attribute Show params attribute object
  
  * object Additional properties
- lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
- options object
  Hide options attribute Show options attribute object
  
  * string Additional properties
scripted_upsert boolean

Set to true to run the script whether or not the document exists.
_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.
One of:
SourceConfig boolean SourceFilter object
Hide attributes Show attributes

excludes string | array[string]

includes string | array[string]
upsert object

If the document does not already exist, the contents of upsert are inserted as a new document. If the document exists, the script is run.

Responses

200 application/json
Hide response attributes Show response attributes object
- errors boolean Required
  
  If true, one or more of the operations in the bulk request did not complete successfully.
- items array[object] Required
  
  The result of each operation in the bulk request, in the order they were submitted.
  
  Hide items attribute Show items attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  _id string | null
  
  The document ID associated with the operation.
  
  One of:
  string-1 string string-2 string | null
  
  _index string Required
  
  The name of the index associated with the operation. If the operation targeted a data stream, this is the backing index into which the document was written.
  
  status number Required
  
  The HTTP status code returned for the operation.
  
  failure_store string
  
  Values are not_applicable_or_unknown, used, not_enabled, or failed.
  
  error object
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  _primary_term number
  
  The primary term assigned to the document for the operation. This property is returned only for successful operations.
  
  result string
  
  The result of the operation. Successful values are created, deleted, and updated.
  
  _seq_no number
  
  _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  skipped number
  
  _version number
  
  forced_refresh boolean
  
  get object
  
  Hide get attributes Show get attributes object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  found boolean Required
  
  _seq_no number
  
  _primary_term number
  
  _routing string
  
  _source object
  
  Hide _source attribute Show _source attribute object
  
  * object Additional properties
- took number Required
  
  The length of time, in milliseconds, it took to process the bulk request.
- ingest_took number

POST /_bulk

curl \
 --request POST 'http://api.example.com/_bulk' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{ \"index\" : { \"_index\" : \"test\", \"_id\" : \"1\" } }\n{ \"field1\" : \"value1\" }\n{ \"delete\" : { \"_index\" : \"test\", \"_id\" : \"2\" } }\n{ \"create\" : { \"_index\" : \"test\", \"_id\" : \"3\" } }\n{ \"field1\" : \"value3\" }\n{ \"update\" : {\"_id\" : \"1\", \"_index\" : \"test\"} }\n{ \"doc\" : {\"field2\" : \"value2\"} }"'

Request examples

Run `POST _bulk` to perform multiple operations.

{ "index" : { "_index" : "test", "_id" : "1" } }
{ "field1" : "value1" }
{ "delete" : { "_index" : "test", "_id" : "2" } }
{ "create" : { "_index" : "test", "_id" : "3" } }
{ "field1" : "value3" }
{ "update" : {"_id" : "1", "_index" : "test"} }
{ "doc" : {"field2" : "value2"} }

When you run `POST _bulk` and use the `update` action, you can use `retry_on_conflict` as a field in the action itself (not in the extra payload line) to specify how many times an update should be retried in the case of a version conflict.

{ "update" : {"_id" : "1", "_index" : "index1", "retry_on_conflict" : 3} }
{ "doc" : {"field" : "value"} }
{ "update" : { "_id" : "0", "_index" : "index1", "retry_on_conflict" : 3} }
{ "script" : { "source": "ctx._source.counter += params.param1", "lang" : "painless", "params" : {"param1" : 1}}, "upsert" : {"counter" : 1}}
{ "update" : {"_id" : "2", "_index" : "index1", "retry_on_conflict" : 3} }
{ "doc" : {"field" : "value"}, "doc_as_upsert" : true }
{ "update" : {"_id" : "3", "_index" : "index1", "_source" : true} }
{ "doc" : {"field" : "value"} }
{ "update" : {"_id" : "4", "_index" : "index1"} }
{ "doc" : {"field" : "value"}, "_source": true}

To return only information about failed operations, run `POST /_bulk?filter_path=items.*.error`.

{ "update": {"_id": "5", "_index": "index1"} }
{ "doc": {"my_field": "foo"} }
{ "update": {"_id": "6", "_index": "index1"} }
{ "doc": {"my_field": "foo"} }
{ "create": {"_id": "7", "_index": "index1"} }
{ "my_field": "foo" }

Run `POST /_bulk` to perform a bulk request that consists of index and create actions with the `dynamic_templates` parameter. The bulk request creates two new fields `work_location` and `home_location` with type `geo_point` according to the `dynamic_templates` parameter. However, the `raw_location` field is created using default dynamic mapping rules, as a text field in that case since it is supplied as a string in the JSON document.

{ "index" : { "_index" : "my_index", "_id" : "1", "dynamic_templates": {"work_location": "geo_point"}} }
{ "field" : "value1", "work_location": "41.12,-71.34", "raw_location": "41.12,-71.34"}
{ "create" : { "_index" : "my_index", "_id" : "2", "dynamic_templates": {"home_location": "geo_point"}} }
{ "field" : "value2", "home_location": "41.12,-71.34"}

Response examples (200)

{
   "took": 30,
   "errors": false,
   "items": [
      {
         "index": {
            "_index": "test",
            "_id": "1",
            "_version": 1,
            "result": "created",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 201,
            "_seq_no" : 0,
            "_primary_term": 1
         }
      },
      {
         "delete": {
            "_index": "test",
            "_id": "2",
            "_version": 1,
            "result": "not_found",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 404,
            "_seq_no" : 1,
            "_primary_term" : 2
         }
      },
      {
         "create": {
            "_index": "test",
            "_id": "3",
            "_version": 1,
            "result": "created",
            "_shards": {
               "total": 2,
               "successful": 1,
               "failed": 0
            },
            "status": 201,
            "_seq_no" : 2,
            "_primary_term" : 3
         }
      },
      {
         "update": {
            "_index": "test",
            "_id": "1",
            "_version": 2,
            "result": "updated",
            "_shards": {
                "total": 2,
                "successful": 1,
                "failed": 0
            },
            "status": 200,
            "_seq_no" : 3,
            "_primary_term" : 4
         }
      }
   ]
}

If you run `POST /_bulk` with operations that update non-existent documents, the operations cannot complete successfully. The API returns a response with an `errors` property value `true`. The response also includes an error object for any failed operations. The error object contains additional information about the failure, such as the error type and reason.

{
  "took": 486,
  "errors": true,
  "items": [
    {
      "update": {
        "_index": "index1",
        "_id": "5",
        "status": 404,
        "error": {
          "type": "document_missing_exception",
          "reason": "[5]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "update": {
        "_index": "index1",
        "_id": "6",
        "status": 404,
        "error": {
          "type": "document_missing_exception",
          "reason": "[6]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "create": {
        "_index": "index1",
        "_id": "7",
        "_version": 1,
        "result": "created",
        "_shards": {
          "total": 2,
          "successful": 1,
          "failed": 0
        },
        "_seq_no": 0,
        "_primary_term": 1,
        "status": 201
      }
    }
  ]
}

An example response from `POST /_bulk?filter_path=items.*.error`, which returns only information about failed operations.

{
  "items": [
    {
      "update": {
        "error": {
          "type": "document_missing_exception",
          "reason": "[5]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    },
    {
      "update": {
        "error": {
          "type": "document_missing_exception",
          "reason": "[6]: document missing",
          "index_uuid": "aAsFqTI0Tc2W0LCWgPNrOA",
          "shard": "0",
          "index": "index1"
        }
      }
    }
  ]
}

Move to a lifecycle step Added in 6.6.0

POST /_ilm/move/{index}

Api key auth Basic auth Bearer auth

Manually move an index into a specific step in the lifecycle policy and run that step.

WARNING: This operation can result in the loss of data. Manually moving an index into a specific step runs that step even if it has already been performed. This is a potentially destructive action and this should be considered an expert level API.

You must specify both the current step and the step to be executed in the body of the request. The request will fail if the current step does not match the step currently running for the index This is to prevent the index from being moved from an unexpected step into the next step.

When specifying the target (next_step) to which the index will be moved, either the name or both the action and name fields are optional. If only the phase is specified, the index will move to the first step of the first action in the target phase. If the phase and action are specified, the index will move to the first step of the specified action in the specified phase. Only actions specified in the ILM policy are considered valid. An index cannot move to a step that is not part of its policy.

Path parameters

index string Required

The name of the index whose lifecycle step is to change

application/json

Body

current_step object Required
Hide current_step attributes Show current_step attributes object
- action string
  
  The optional action to which the index will be moved.
- name string
  
  The optional step name to which the index will be moved.
- phase string Required
next_step object Required
Hide next_step attributes Show next_step attributes object
- action string
  
  The optional action to which the index will be moved.
- name string
  
  The optional step name to which the index will be moved.
- phase string Required

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

POST /_ilm/move/{index}

curl \
 --request POST 'http://api.example.com/_ilm/move/{index}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"current_step\": {\n    \"phase\": \"new\",\n    \"action\": \"complete\",\n    \"name\": \"complete\"\n  },\n  \"next_step\": {\n    \"phase\": \"warm\",\n    \"action\": \"forcemerge\",\n    \"name\": \"forcemerge\"\n  }\n}"'

Request examples

Run `POST _ilm/move/my-index-000001` to move `my-index-000001` from the initial step to the `forcemerge` step.

{
  "current_step": {
    "phase": "new",
    "action": "complete",
    "name": "complete"
  },
  "next_step": {
    "phase": "warm",
    "action": "forcemerge",
    "name": "forcemerge"
  }
}

Run `POST _ilm/move/my-index-000001` to move `my-index-000001` from the end of hot phase into the start of warm.

{
  "current_step": {
    "phase": "hot",
    "action": "complete",
    "name": "complete"
  },
  "next_step": {
    "phase": "warm"
  }
}

Response examples (200)

A successful response when running a specific step in a lifecycle policy.

{
  "acknowledged": true
}

Get an inference endpoint Added in 8.11.0

GET /_inference/{inference_id}

Api key auth Basic auth Bearer auth

Path parameters

inference_id string Required

The inference Id

Responses

200 application/json
Hide response attribute Show response attribute object
- endpoints array[object] Required
  
  Hide endpoints attributes Show endpoints attributes object
  
  chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
  
  service string Required
  
  The service type
  
  service_settings object Required
  
  task_settings object
  
  inference_id string Required
  
  The inference Id
  
  task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

GET /_inference/{inference_id}

curl \
 --request GET 'http://api.example.com/_inference/{inference_id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "endpoints": [
    {
      "chunking_settings": {
        "max_chunk_size": 42.0,
        "overlap": 42.0,
        "sentence_overlap": 42.0,
        "strategy": "string"
      },
      "service": "string",
      "service_settings": {},
      "task_settings": {},
      "inference_id": "string",
      "task_type": "sparse_embedding"
    }
  ]
}

Create a Hugging Face inference endpoint Added in 8.12.0

PUT /_inference/{task_type}/{huggingface_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the hugging_face service.

You must first create an inference endpoint on the Hugging Face endpoint page to get an endpoint URL. Select the model you want to use on the new endpoint creation page (for example intfloat/e5-small-v2), then select the sentence embeddings task under the advanced configuration section. Create the endpoint and copy the URL after the endpoint initialization has been finished.

The following models are recommended for the Hugging Face service:

all-MiniLM-L6-v2
all-MiniLM-L12-v2
all-mpnet-base-v2
e5-base-v2
e5-small-v2
multilingual-e5-base
multilingual-e5-small

When you create an inference endpoint, the associated machine learning model is automatically deployed if it is not already running. After creating the endpoint, wait for the model deployment to complete before using it. To verify the deployment status, use the get trained model statistics API. Look for "state": "fully_allocated" in the response and ensure that the "allocation_count" matches the "target_allocation_count". Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.

Path parameters

task_type string Required

The type of the inference task that the model will perform.

Value is text_embedding.
huggingface_inference_id string Required

The unique identifier of the inference endpoint.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is hugging_face.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- api_key string Required
  
  A valid access token for your HuggingFace account. You can create or find your access tokens on the HuggingFace settings page.
  
  IMPORTANT: You need to provide the API key only once, during the inference model creation. The get inference endpoint API does not retrieve your API key. After creating the inference model, you cannot change the associated API key. If you want to use a different API key, delete the inference model and recreate it with the same name and the updated API key.
  
  External documentation
- rate_limit object
  Hide rate_limit attribute Show rate_limit attribute object
  
  requests_per_minute number
  
  The number of requests allowed per minute.
- url string Required
  
  The URL endpoint to use for the requests.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{huggingface_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{huggingface_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"hugging_face\",\n    \"service_settings\": {\n        \"api_key\": \"hugging-face-access-token\", \n        \"url\": \"url-endpoint\" \n    }\n}"'

Request example

Run `PUT _inference/text_embedding/hugging-face-embeddings` to create an inference endpoint that performs a `text_embedding` task type.

{
    "service": "hugging_face",
    "service_settings": {
        "api_key": "hugging-face-access-token", 
        "url": "url-endpoint" 
    }
}

Response examples (200)

{
  "chunking_settings": {
    "max_chunk_size": 42.0,
    "overlap": 42.0,
    "sentence_overlap": 42.0,
    "strategy": "string"
  },
  "service": "string",
  "service_settings": {},
  "task_settings": {},
  "inference_id": "string",
  "task_type": "sparse_embedding"
}

Create a VoyageAI inference endpoint Added in 8.19.0

PUT /_inference/{task_type}/{voyageai_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the voyageai service.

Avoid creating multiple endpoints for the same model unless required, as each endpoint consumes significant resources.

Path parameters

task_type string Required

The type of the inference task that the model will perform.

Values are text_embedding or rerank.
voyageai_inference_id string Required

The unique identifier of the inference endpoint.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is voyageai.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- dimensions number
  
  The number of dimensions for resulting output embeddings. This setting maps to output_dimension in the VoyageAI documentation. Only for the text_embedding task type.
- model_id string Required
  
  The name of the model to use for the inference task. Refer to the VoyageAI documentation for the list of available text embedding and rerank models.
- rate_limit object
  Hide rate_limit attribute Show rate_limit attribute object
  
  requests_per_minute number
  
  The number of requests allowed per minute.
- embedding_type number
  
  The data type for the embeddings to be returned. This setting maps to output_dtype in the VoyageAI documentation. Permitted values: float, int8, bit. int8 is a synonym of byte in the VoyageAI documentation. bit is a synonym of binary in the VoyageAI documentation. Only for the text_embedding task type.
task_settings object
Hide task_settings attributes Show task_settings attributes object
- input_type string
  
  Type of the input text. Permitted values: ingest (maps to document in the VoyageAI documentation), search (maps to query in the VoyageAI documentation). Only for the text_embedding task type.
- return_documents boolean
  
  Whether to return the source documents in the response. Only for the rerank task type.
- top_k number
  
  The number of most relevant documents to return. If not specified, the reranking results of all documents will be returned. Only for the rerank task type.
- truncation boolean
  
  Whether to truncate the input texts to fit within the context length.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{voyageai_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{voyageai_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"voyageai\",\n    \"service_settings\": {\n        \"model_id\": \"voyage-3-large\",\n        \"dimensions\": 512\n    }\n}"'

Request examples

Run `PUT _inference/text_embedding/voyageai-embeddings` to create an inference endpoint that performs a `text_embedding` task. The embeddings created by requests to this endpoint will have 512 dimensions.

{
    "service": "voyageai",
    "service_settings": {
        "model_id": "voyage-3-large",
        "dimensions": 512
    }
}

Run `PUT _inference/rerank/voyageai-rerank` to create an inference endpoint that performs a `rerank` task.

{
    "service": "voyageai",
    "service_settings": {
        "model_id": "rerank-2"
    }
}

Response examples (200)

{
  "chunking_settings": {
    "max_chunk_size": 42.0,
    "overlap": 42.0,
    "sentence_overlap": 42.0,
    "strategy": "string"
  },
  "service": "string",
  "service_settings": {},
  "task_settings": {},
  "inference_id": "string",
  "task_type": "sparse_embedding"
}

Get pipelines Added in 5.0.0

GET /_ingest/pipeline/{id}

Api key auth Basic auth Bearer auth

Get information about one or more ingest pipelines. This API returns a local reference of the pipeline.

External documentation

Path parameters

id string Required

Comma-separated list of pipeline IDs to retrieve. Wildcard (*) expressions are supported. To get all ingest pipelines, omit this parameter or use *.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
summary boolean

Return pipelines without their definitions (default: false)

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
 
 Hide * attributes Show * attributes object
 
 description string
 
 Description of the ingest pipeline.
 
 on_failure array[object]
 
 Processors to run immediately after a processor failure.
 
 Hide on_failure attributes Show on_failure attributes object
 
 append object
 
 Hide append attributes Show append attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 value
 
 allow_duplicates boolean
 
 If false, the processor does not append values already present in the field.
 
 attachment object
 
 Hide attachment attributes Show attachment attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 indexed_chars number
 
 The number of chars being used for extraction to prevent huge fields. Use -1 for no limit.
 
 indexed_chars_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Array of properties to select to be stored. Can be content, title, name, author, keywords, date, content_type, content_length, language.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 remove_binary boolean
 
 If true, the binary field will be removed from the document
 
 resource_name string
 
 Field containing the name of the resource to decode. If specified, the processor passes this resource name to the underlying Tika library to enable Resource Name Based Detection.
 
 bytes object
 
 Hide bytes attributes Show bytes attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 circle object
 
 Hide circle attributes Show circle attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 error_distance number Required
 
 The difference between the resulting inscribed distance from center to side and the circle’s radius (measured in meters for geo_shape, unit-less for shape).
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 shape_type string Required
 
 Values are geo_shape or shape.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 community_id object
 
 Hide community_id attributes Show community_id attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 source_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 source_port string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_port string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 iana_number string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 icmp_type string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 icmp_code string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 transport string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 seed number
 
 Seed for the community ID hash. Must be between 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as a staging and production network that use the same addressing scheme.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 convert object
 
 Hide convert attributes Show convert attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 type string Required
 
 Values are integer, long, double, float, boolean, ip, string, or auto.
 
 csv object
 
 Hide csv attributes Show csv attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 empty_value object
 
 Value used to fill empty fields. Empty fields are skipped if this is not provided. An empty field is one with no value (2 consecutive separators) or empty quotes ("").
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 quote string
 
 Quote used in CSV, has to be single character string.
 
 separator string
 
 Separator used in CSV, has to be single character string.
 
 target_fields string | array[string] Required
 
 trim boolean
 
 Trim whitespaces in unquoted fields.
 
 date object
 
 Hide date attributes Show date attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 formats array[string] Required
 
 An array of the expected date formats. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
 
 locale string
 
 The locale to use when parsing the date, relevant when parsing month names or week days. Supports template snippets.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 timezone string
 
 The timezone to use when parsing the date. Supports template snippets.
 
 output_format string
 
 The format to use when writing the date to target_field. Must be a valid java time pattern.
 
 date_index_name object
 
 Hide date_index_name attributes Show date_index_name attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 date_formats array[string] Required
 
 An array of the expected date formats for parsing dates / timestamps in the document being preprocessed. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
 
 date_rounding string Required
 
 How to round the date when formatting the date into the index name. Valid values are: y (year), M (month), w (week), d (day), h (hour), m (minute) and s (second). Supports template snippets.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 index_name_format string
 
 The format to be used when printing the parsed date into the index name. A valid java time pattern is expected here. Supports template snippets.
 
 index_name_prefix string
 
 A prefix of the index name to be prepended before the printed date. Supports template snippets.
 
 locale string
 
 The locale to use when parsing the date from the document being preprocessed, relevant when parsing month names or week days.
 
 timezone string
 
 The timezone to use when parsing the date and when date math index supports resolves expressions into concrete index names.
 
 dissect object
 
 Hide dissect attributes Show dissect attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 append_separator string
 
 The character(s) that separate the appended fields.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern string Required
 
 The pattern to apply to the field.
 
 dot_expander object
 
 Hide dot_expander attributes Show dot_expander attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 override boolean
 
 Controls the behavior when there is already an existing nested object that conflicts with the expanded field. When false, the processor will merge conflicts by combining the old and the new values into an array. When true, the value from the expanded field will overwrite the existing value.
 
 path string
 
 The field that contains the field to expand. Only required if the field to expand is part another object field, because the field option can only understand leaf fields.
 
 drop object
 
 Hide drop attributes Show drop attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 enrich object
 
 Hide enrich attributes Show enrich attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 max_matches number
 
 The maximum number of matched documents to include under the configured target field. The target_field will be turned into a json array if max_matches is higher than 1, otherwise target_field will become a json object. In order to avoid documents getting too large, the maximum allowed value is 128.
 
 override boolean
 
 If processor will update fields with pre-existing non-null-valued field. When set to false, such fields will not be touched.
 
 policy_name string Required
 
 The name of the enrich policy to use.
 
 shape_relation string
 
 Values are intersects, disjoint, within, or contains.
 
 target_field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 fail object
 
 Hide fail attributes Show fail attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 message string Required
 
 The error message thrown by the processor. Supports template snippets.
 
 fingerprint object
 
 Hide fingerprint attributes Show fingerprint attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 fields string | array[string] Required
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 salt string
 
 Salt value for the hash function.
 
 method string
 
 Values are MD5, SHA-1, SHA-256, SHA-512, or MurmurHash3.
 
 ignore_missing boolean
 
 If true, the processor ignores any missing fields. If all fields are missing, the processor silently exits without modifying the document.
 
 foreach object
 
 Hide foreach attributes Show foreach attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true, the processor silently exits without changing the document if the field is null or missing.
 
 processor object Required
 
 ip_location object
 
 Hide ip_location attributes Show ip_location attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 database_file string
 
 The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 first_only boolean
 
 If true, only the first found IP location data will be returned, even if the field contains an array.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 properties array[string]
 
 Controls what properties are added to the target_field based on the IP location lookup.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 download_database_on_pipeline_creation boolean
 
 If true (and if ingest.geoip.downloader.eager.download is false), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as the default_pipeline or final_pipeline in an index.
 
 geo_grid object
 
 Hide geo_grid attributes Show geo_grid attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 The field to interpret as a geo-tile.= The field format is determined by the tile_type.
 
 tile_type string Required
 
 Values are geotile, geohex, or geohash.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 parent_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 children_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 non_children_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 precision_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_format string
 
 Values are geojson or wkt.
 
 geoip object
 
 Hide geoip attributes Show geoip attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 database_file string
 
 The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 first_only boolean
 
 If true, only the first found geoip data will be returned, even if the field contains an array.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 properties array[string]
 
 Controls what properties are added to the target_field based on the geoip lookup.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 download_database_on_pipeline_creation boolean
 
 If true (and if ingest.geoip.downloader.eager.download is false), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as the default_pipeline or final_pipeline in an index.
 
 grok object
 
 Hide grok attributes Show grok attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 ecs_compatibility string
 
 Must be disabled or v1. If v1, the processor uses patterns with Elastic Common Schema (ECS) field names.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern_definitions object
 
 A map of pattern-name and pattern tuples defining custom patterns to be used by the current processor. Patterns matching existing names will override the pre-existing definition.
 
 patterns array[string] Required
 
 An ordered list of grok expression to match and extract named captures with. Returns on the first expression in the list that matches.
 
 trace_match boolean
 
 When true, _ingest._grok_match_index will be inserted into your matched document’s metadata with the index into the pattern found in patterns that matched.
 
 gsub object
 
 Hide gsub attributes Show gsub attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern string Required
 
 The pattern to be replaced.
 
 replacement string Required
 
 The string to replace the matching patterns with.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 html_strip object
 
 Hide html_strip attributes Show html_strip attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document,
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 inference object
 
 Hide inference attributes Show inference attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 model_id string Required
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field_map object
 
 Maps the document field names to the known field names of the model. This mapping takes precedence over any default mappings provided in the model configuration.
 
 inference_config object
 
 input_output
 
 ignore_missing boolean
 
 If true and any of the input fields defined in input_ouput are missing then those missing fields are quietly ignored, otherwise a missing field causes a failure. Only applies when using input_output configurations to explicitly list the input fields.
 
 join object
 
 Hide join attributes Show join attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 separator string Required
 
 The separator character.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 json object
 
 Hide json attributes Show json attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 add_to_root boolean
 
 Flag that forces the parsed JSON to be added at the top level of the document. target_field must not be set when this option is chosen.
 
 add_to_root_conflict_strategy string
 
 Values are replace or merge.
 
 allow_duplicate_keys boolean
 
 When set to true, the JSON parser will not fail if the JSON contains duplicate keys. Instead, the last encountered value for any duplicate key wins.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 kv object
 
 Hide kv attributes Show kv attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 exclude_keys array[string]
 
 List of keys to exclude from document.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field_split string Required
 
 Regex pattern to use for splitting key-value pairs.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 include_keys array[string]
 
 List of keys to filter and insert into document. Defaults to including all keys.
 
 prefix string
 
 Prefix to be added to extracted keys.
 
 strip_brackets boolean
 
 If true. strip brackets (), <>, [] as well as quotes ' and " from extracted values.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 trim_key string
 
 String of characters to trim from extracted keys.
 
 trim_value string
 
 String of characters to trim from extracted values.
 
 value_split string Required
 
 Regex pattern to use for splitting the key from the value within a key-value pair.
 
 lowercase object
 
 Hide lowercase attributes Show lowercase attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 network_direction object
 
 Hide network_direction attributes Show network_direction attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 source_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 internal_networks array[string]
 
 List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed below. These may be constructed with template snippets. Must specify only one of internal_networks or internal_networks_field.
 
 internal_networks_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 pipeline object
 
 Hide pipeline attributes Show pipeline attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 name string Required
 
 ignore_missing_pipeline boolean
 
 Whether to ignore missing pipelines instead of failing.
 
 redact object
 
 Hide redact attributes Show redact attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 patterns array[string] Required
 
 A list of grok expressions to match and redact named captures with
 
 pattern_definitions object
 
 prefix string
 
 Start a redacted section with this token
 
 suffix string
 
 End a redacted section with this token
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 skip_if_unlicensed boolean
 
 If true and the current license does not support running redact processors, then the processor quietly exits without modifying the document
 
 trace_redact boolean
 
 If true then ingest metadata _ingest._redact._is_redacted is set to true if the document has been redacted
 
 registered_domain object
 
 Hide registered_domain attributes Show registered_domain attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 remove object
 
 Hide remove attributes Show remove attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string | array[string] Required
 
 keep string | array[string]
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 rename object
 
 Hide rename attributes Show rename attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 reroute object
 
 Hide reroute attributes Show reroute attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 destination string
 
 A static value for the target. Can’t be set when the dataset or namespace option is set.
 
 dataset
 
 namespace
 
 script object
 
 Hide script attributes Show script attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 id string
 
 lang string
 
 Script language.
 
 params object
 
 Object containing parameters for the script.
 
 source string
 
 Inline script. If no id is specified, this parameter is required.
 
 set object
 
 Hide set attributes Show set attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 copy_from string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_empty_value boolean
 
 If true and value is a template snippet that evaluates to null or the empty string, the processor quietly exits without modifying the document.
 
 media_type string
 
 The media type for encoding value. Applies only when value is a template snippet. Must be one of application/json, text/plain, or application/x-www-form-urlencoded.
 
 override boolean
 
 If true processor will update fields with pre-existing non-null-valued field. When set to false, such fields will not be touched.
 
 value object
 
 The value to be set for the field. Supports template snippets. May specify only one of value or copy_from.
 
 set_security_user object
 
 Hide set_security_user attributes Show set_security_user attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Controls what user related properties are added to the field.
 
 sort object
 
 Hide sort attributes Show sort attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 order string
 
 Values are asc or desc.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 split object
 
 Hide split attributes Show split attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 preserve_trailing boolean
 
 Preserves empty trailing fields, if any.
 
 separator string Required
 
 A regex which matches the separator, for example, , or \s+.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 terminate object
 
 Hide terminate attributes Show terminate attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 trim object
 
 Hide trim attributes Show trim attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 uppercase object
 
 Hide uppercase attributes Show uppercase attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 urldecode object
 
 Hide urldecode attributes Show urldecode attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 uri_parts object
 
 Hide uri_parts attributes Show uri_parts attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 keep_original boolean
 
 If true, the processor copies the unparsed URI to <target_field>.original.
 
 remove_if_successful boolean
 
 If true, the processor removes the field after parsing the URI string. If parsing fails, the processor does not remove the field.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 user_agent object
 
 Hide user_agent attributes Show user_agent attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 regex_file string
 
 The name of the file in the config/ingest-user-agent directory containing the regular expressions for parsing the user agent string. Both the directory and the file have to be created before starting Elasticsearch. If not specified, ingest-user-agent will use the regexes.yaml from uap-core it ships with.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Controls what properties are added to target_field.
 
 Values are name, os, device, original, or version.
 
 extract_device_type boolean Beta
 
 Extracts device type from the user agent string on a best-effort basis.
 
 processors array[object]
 
 Processors used to perform transformations on documents before indexing. Processors run sequentially in the order specified.
 
 Hide processors attributes Show processors attributes object
 
 append object
 
 Hide append attributes Show append attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 value
 
 allow_duplicates boolean
 
 If false, the processor does not append values already present in the field.
 
 attachment object
 
 Hide attachment attributes Show attachment attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 indexed_chars number
 
 The number of chars being used for extraction to prevent huge fields. Use -1 for no limit.
 
 indexed_chars_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Array of properties to select to be stored. Can be content, title, name, author, keywords, date, content_type, content_length, language.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 remove_binary boolean
 
 If true, the binary field will be removed from the document
 
 resource_name string
 
 Field containing the name of the resource to decode. If specified, the processor passes this resource name to the underlying Tika library to enable Resource Name Based Detection.
 
 bytes object
 
 Hide bytes attributes Show bytes attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 circle object
 
 Hide circle attributes Show circle attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 error_distance number Required
 
 The difference between the resulting inscribed distance from center to side and the circle’s radius (measured in meters for geo_shape, unit-less for shape).
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 shape_type string Required
 
 Values are geo_shape or shape.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 community_id object
 
 Hide community_id attributes Show community_id attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 source_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 source_port string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_port string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 iana_number string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 icmp_type string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 icmp_code string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 transport string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 seed number
 
 Seed for the community ID hash. Must be between 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as a staging and production network that use the same addressing scheme.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 convert object
 
 Hide convert attributes Show convert attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 type string Required
 
 Values are integer, long, double, float, boolean, ip, string, or auto.
 
 csv object
 
 Hide csv attributes Show csv attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 empty_value object
 
 Value used to fill empty fields. Empty fields are skipped if this is not provided. An empty field is one with no value (2 consecutive separators) or empty quotes ("").
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 quote string
 
 Quote used in CSV, has to be single character string.
 
 separator string
 
 Separator used in CSV, has to be single character string.
 
 target_fields string | array[string] Required
 
 trim boolean
 
 Trim whitespaces in unquoted fields.
 
 date object
 
 Hide date attributes Show date attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 formats array[string] Required
 
 An array of the expected date formats. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
 
 locale string
 
 The locale to use when parsing the date, relevant when parsing month names or week days. Supports template snippets.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 timezone string
 
 The timezone to use when parsing the date. Supports template snippets.
 
 output_format string
 
 The format to use when writing the date to target_field. Must be a valid java time pattern.
 
 date_index_name object
 
 Hide date_index_name attributes Show date_index_name attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 date_formats array[string] Required
 
 An array of the expected date formats for parsing dates / timestamps in the document being preprocessed. Can be a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N.
 
 date_rounding string Required
 
 How to round the date when formatting the date into the index name. Valid values are: y (year), M (month), w (week), d (day), h (hour), m (minute) and s (second). Supports template snippets.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 index_name_format string
 
 The format to be used when printing the parsed date into the index name. A valid java time pattern is expected here. Supports template snippets.
 
 index_name_prefix string
 
 A prefix of the index name to be prepended before the printed date. Supports template snippets.
 
 locale string
 
 The locale to use when parsing the date from the document being preprocessed, relevant when parsing month names or week days.
 
 timezone string
 
 The timezone to use when parsing the date and when date math index supports resolves expressions into concrete index names.
 
 dissect object
 
 Hide dissect attributes Show dissect attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 append_separator string
 
 The character(s) that separate the appended fields.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern string Required
 
 The pattern to apply to the field.
 
 dot_expander object
 
 Hide dot_expander attributes Show dot_expander attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 override boolean
 
 Controls the behavior when there is already an existing nested object that conflicts with the expanded field. When false, the processor will merge conflicts by combining the old and the new values into an array. When true, the value from the expanded field will overwrite the existing value.
 
 path string
 
 The field that contains the field to expand. Only required if the field to expand is part another object field, because the field option can only understand leaf fields.
 
 drop object
 
 Hide drop attributes Show drop attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 enrich object
 
 Hide enrich attributes Show enrich attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 max_matches number
 
 The maximum number of matched documents to include under the configured target field. The target_field will be turned into a json array if max_matches is higher than 1, otherwise target_field will become a json object. In order to avoid documents getting too large, the maximum allowed value is 128.
 
 override boolean
 
 If processor will update fields with pre-existing non-null-valued field. When set to false, such fields will not be touched.
 
 policy_name string Required
 
 The name of the enrich policy to use.
 
 shape_relation string
 
 Values are intersects, disjoint, within, or contains.
 
 target_field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 fail object
 
 Hide fail attributes Show fail attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 message string Required
 
 The error message thrown by the processor. Supports template snippets.
 
 fingerprint object
 
 Hide fingerprint attributes Show fingerprint attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 fields string | array[string] Required
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 salt string
 
 Salt value for the hash function.
 
 method string
 
 Values are MD5, SHA-1, SHA-256, SHA-512, or MurmurHash3.
 
 ignore_missing boolean
 
 If true, the processor ignores any missing fields. If all fields are missing, the processor silently exits without modifying the document.
 
 foreach object
 
 Hide foreach attributes Show foreach attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true, the processor silently exits without changing the document if the field is null or missing.
 
 processor object Required
 
 ip_location object
 
 Hide ip_location attributes Show ip_location attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 database_file string
 
 The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 first_only boolean
 
 If true, only the first found IP location data will be returned, even if the field contains an array.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 properties array[string]
 
 Controls what properties are added to the target_field based on the IP location lookup.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 download_database_on_pipeline_creation boolean
 
 If true (and if ingest.geoip.downloader.eager.download is false), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as the default_pipeline or final_pipeline in an index.
 
 geo_grid object
 
 Hide geo_grid attributes Show geo_grid attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 The field to interpret as a geo-tile.= The field format is determined by the tile_type.
 
 tile_type string Required
 
 Values are geotile, geohex, or geohash.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 parent_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 children_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 non_children_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 precision_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_format string
 
 Values are geojson or wkt.
 
 geoip object
 
 Hide geoip attributes Show geoip attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 database_file string
 
 The database filename referring to a database the module ships with (GeoLite2-City.mmdb, GeoLite2-Country.mmdb, or GeoLite2-ASN.mmdb) or a custom database in the ingest-geoip config directory.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 first_only boolean
 
 If true, only the first found geoip data will be returned, even if the field contains an array.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 properties array[string]
 
 Controls what properties are added to the target_field based on the geoip lookup.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 download_database_on_pipeline_creation boolean
 
 If true (and if ingest.geoip.downloader.eager.download is false), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as the default_pipeline or final_pipeline in an index.
 
 grok object
 
 Hide grok attributes Show grok attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 ecs_compatibility string
 
 Must be disabled or v1. If v1, the processor uses patterns with Elastic Common Schema (ECS) field names.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern_definitions object
 
 A map of pattern-name and pattern tuples defining custom patterns to be used by the current processor. Patterns matching existing names will override the pre-existing definition.
 
 patterns array[string] Required
 
 An ordered list of grok expression to match and extract named captures with. Returns on the first expression in the list that matches.
 
 trace_match boolean
 
 When true, _ingest._grok_match_index will be inserted into your matched document’s metadata with the index into the pattern found in patterns that matched.
 
 gsub object
 
 Hide gsub attributes Show gsub attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 pattern string Required
 
 The pattern to be replaced.
 
 replacement string Required
 
 The string to replace the matching patterns with.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 html_strip object
 
 Hide html_strip attributes Show html_strip attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document,
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 inference object
 
 Hide inference attributes Show inference attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 model_id string Required
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field_map object
 
 Maps the document field names to the known field names of the model. This mapping takes precedence over any default mappings provided in the model configuration.
 
 inference_config object
 
 input_output
 
 ignore_missing boolean
 
 If true and any of the input fields defined in input_ouput are missing then those missing fields are quietly ignored, otherwise a missing field causes a failure. Only applies when using input_output configurations to explicitly list the input fields.
 
 join object
 
 Hide join attributes Show join attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 separator string Required
 
 The separator character.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 json object
 
 Hide json attributes Show json attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 add_to_root boolean
 
 Flag that forces the parsed JSON to be added at the top level of the document. target_field must not be set when this option is chosen.
 
 add_to_root_conflict_strategy string
 
 Values are replace or merge.
 
 allow_duplicate_keys boolean
 
 When set to true, the JSON parser will not fail if the JSON contains duplicate keys. Instead, the last encountered value for any duplicate key wins.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 kv object
 
 Hide kv attributes Show kv attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 exclude_keys array[string]
 
 List of keys to exclude from document.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field_split string Required
 
 Regex pattern to use for splitting key-value pairs.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 include_keys array[string]
 
 List of keys to filter and insert into document. Defaults to including all keys.
 
 prefix string
 
 Prefix to be added to extracted keys.
 
 strip_brackets boolean
 
 If true. strip brackets (), <>, [] as well as quotes ' and " from extracted values.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 trim_key string
 
 String of characters to trim from extracted keys.
 
 trim_value string
 
 String of characters to trim from extracted values.
 
 value_split string Required
 
 Regex pattern to use for splitting the key from the value within a key-value pair.
 
 lowercase object
 
 Hide lowercase attributes Show lowercase attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 network_direction object
 
 Hide network_direction attributes Show network_direction attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 source_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 destination_ip string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 internal_networks array[string]
 
 List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed below. These may be constructed with template snippets. Must specify only one of internal_networks or internal_networks_field.
 
 internal_networks_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 pipeline object
 
 Hide pipeline attributes Show pipeline attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 name string Required
 
 ignore_missing_pipeline boolean
 
 Whether to ignore missing pipelines instead of failing.
 
 redact object
 
 Hide redact attributes Show redact attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 patterns array[string] Required
 
 A list of grok expressions to match and redact named captures with
 
 pattern_definitions object
 
 prefix string
 
 Start a redacted section with this token
 
 suffix string
 
 End a redacted section with this token
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 skip_if_unlicensed boolean
 
 If true and the current license does not support running redact processors, then the processor quietly exits without modifying the document
 
 trace_redact boolean
 
 If true then ingest metadata _ingest._redact._is_redacted is set to true if the document has been redacted
 
 registered_domain object
 
 Hide registered_domain attributes Show registered_domain attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and any required fields are missing, the processor quietly exits without modifying the document.
 
 remove object
 
 Hide remove attributes Show remove attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string | array[string] Required
 
 keep string | array[string]
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 rename object
 
 Hide rename attributes Show rename attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 reroute object
 
 Hide reroute attributes Show reroute attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 destination string
 
 A static value for the target. Can’t be set when the dataset or namespace option is set.
 
 dataset
 
 namespace
 
 script object
 
 Hide script attributes Show script attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 id string
 
 lang string
 
 Script language.
 
 params object
 
 Object containing parameters for the script.
 
 source string
 
 Inline script. If no id is specified, this parameter is required.
 
 set object
 
 Hide set attributes Show set attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 copy_from string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_empty_value boolean
 
 If true and value is a template snippet that evaluates to null or the empty string, the processor quietly exits without modifying the document.
 
 media_type string
 
 The media type for encoding value. Applies only when value is a template snippet. Must be one of application/json, text/plain, or application/x-www-form-urlencoded.
 
 override boolean
 
 If true processor will update fields with pre-existing non-null-valued field. When set to false, such fields will not be touched.
 
 value object
 
 The value to be set for the field. Supports template snippets. May specify only one of value or copy_from.
 
 set_security_user object
 
 Hide set_security_user attributes Show set_security_user attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Controls what user related properties are added to the field.
 
 sort object
 
 Hide sort attributes Show sort attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 order string
 
 Values are asc or desc.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 split object
 
 Hide split attributes Show split attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 preserve_trailing boolean
 
 Preserves empty trailing fields, if any.
 
 separator string Required
 
 A regex which matches the separator, for example, , or \s+.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 terminate object
 
 Hide terminate attributes Show terminate attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 trim object
 
 Hide trim attributes Show trim attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 uppercase object
 
 Hide uppercase attributes Show uppercase attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 urldecode object
 
 Hide urldecode attributes Show urldecode attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist or is null, the processor quietly exits without modifying the document.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 uri_parts object
 
 Hide uri_parts attributes Show uri_parts attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 keep_original boolean
 
 If true, the processor copies the unparsed URI to <target_field>.original.
 
 remove_if_successful boolean
 
 If true, the processor removes the field after parsing the URI string. If parsing fails, the processor does not remove the field.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 user_agent object
 
 Hide user_agent attributes Show user_agent attributes object
 
 description string
 
 Description of the processor. Useful for describing the purpose of the processor or its configuration.
 
 if string
 
 Conditionally execute the processor.
 
 ignore_failure boolean
 
 Ignore failures for the processor.
 
 on_failure array[object]
 
 Handle failures for the processor.
 
 tag string
 
 Identifier for the processor. Useful for debugging and metrics.
 
 field string Required
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 ignore_missing boolean
 
 If true and field does not exist, the processor quietly exits without modifying the document.
 
 regex_file string
 
 The name of the file in the config/ingest-user-agent directory containing the regular expressions for parsing the user agent string. Both the directory and the file have to be created before starting Elasticsearch. If not specified, ingest-user-agent will use the regexes.yaml from uap-core it ships with.
 
 target_field string
 
 Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
 
 properties array[string]
 
 Controls what properties are added to target_field.
 
 Values are name, os, device, original, or version.
 
 extract_device_type boolean Beta
 
 Extracts device type from the user agent string on a best-effort basis.
 
 version number
 
 deprecated boolean
 
 Marks this ingest pipeline as deprecated. When a deprecated ingest pipeline is referenced as the default or final pipeline when creating or updating a non-deprecated index template, Elasticsearch will emit a deprecation warning.
 
 _meta object
 
 Hide _meta attribute Show _meta attribute object
 
 * object Additional properties

GET /_ingest/pipeline/{id}

curl \
 --request GET 'http://api.example.com/_ingest/pipeline/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for retrieving information about an ingest pipeline.

{
  "my-pipeline-id" : {
    "description" : "describe pipeline",
    "version" : 123,
    "processors" : [
      {
        "set" : {
          "field" : "foo",
          "value" : "bar"
        }
      }
    ]
  }
}

Get license information

GET /_license

Api key auth Basic auth Bearer auth

Get information about your Elastic license including its type, its status, when it was issued, and when it expires.

If the master node is generating a new cluster state, the get license API may return a 404 Not Found response. If you receive an unexpected 404 response after cluster startup, wait a short period and retry the request.

Query parameters

accept_enterprise boolean Deprecated

If true, this parameter returns enterprise for Enterprise license types. If false, this parameter returns platinum for both platinum and enterprise license types. This behavior is maintained for backwards compatibility. This parameter is deprecated and will always be set to true in 8.x.
local boolean

Specifies whether to retrieve local information. The default value is false, which means the information is retrieved from the master node.

Responses

200 application/json
Hide response attribute Show response attribute object
- license object Required
  
  Hide license attributes Show license attributes object
  
  expiry_date string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  expiry_date_in_millis number
  
  Time unit for milliseconds
  
  issue_date string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  issue_date_in_millis number
  
  Time unit for milliseconds
  
  issued_to string Required
  
  issuer string Required
  
  max_nodes number | string | null Required
  
  One of:
  number-1 number string-2 string | null
  
  max_resource_units number | string | null
  
  One of:
  number-1 number string-2 string | null
  
  status string Required
  
  Values are active, valid, invalid, or expired.
  
  type string Required
  
  Values are missing, trial, basic, standard, dev, silver, gold, platinum, or enterprise.
  
  uid string Required
  
  start_date_in_millis number
  
  Time unit for milliseconds

GET /_license

curl \
 --request GET 'http://api.example.com/_license' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_license`.

{
  "license" : {
    "status" : "active",
    "uid" : "cbff45e7-c553-41f7-ae4f-9205eabd80xx",
    "type" : "trial",
    "issue_date" : "2018-10-20T22:05:12.332Z",
    "issue_date_in_millis" : 1540073112332,
    "expiry_date" : "2018-11-19T22:05:12.332Z",
    "expiry_date_in_millis" : 1542665112332,
    "max_nodes" : 1000,
    "max_resource_units" : null,
    "issued_to" : "test",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

Update a snapshot Added in 5.4.0

POST /_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_update

Api key auth Basic auth Bearer auth

Updates certain properties of a snapshot.

Path parameters

job_id string Required

Identifier for the anomaly detection job.
snapshot_id string Required

Identifier for the model snapshot.

application/json

Body Required

description string

A description of the model snapshot.
retain boolean

If true, this snapshot will not be deleted during automatic cleanup of snapshots older than model_snapshot_retention_days. However, this snapshot will be deleted when the job is deleted.

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- model object Required
  
  Hide model attributes Show model attributes object
  
  description string
  
  An optional description of the job.
  
  job_id string Required
  
  latest_record_time_stamp number
  
  The timestamp of the latest processed record.
  
  latest_result_time_stamp number
  
  The timestamp of the latest bucket result.
  
  min_version string Required
  
  model_size_stats object
  
  Hide model_size_stats attributes Show model_size_stats attributes object
  
  bucket_allocation_failures_count number Required
  
  job_id string Required
  
  log_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  memory_status string Required
  
  Values are ok, soft_limit, or hard_limit.
  
  model_bytes number | string Required
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_exceeded number | string
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_memory_limit number | string
  
  One of:
  ByteSize number ByteSize string
  
  output_memory_allocator_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  peak_model_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  assignment_memory_basis string
  
  result_type string Required
  
  total_by_field_count number Required
  
  total_over_field_count number Required
  
  total_partition_field_count number Required
  
  categorization_status string Required
  
  Values are ok or warn.
  
  categorized_doc_count number Required
  
  dead_category_count number Required
  
  failed_category_count number Required
  
  frequent_category_count number Required
  
  rare_category_count number Required
  
  total_category_count number Required
  
  timestamp number
  
  retain boolean Required
  
  If true, this snapshot will not be deleted during automatic cleanup of snapshots older than model_snapshot_retention_days. However, this snapshot will be deleted when the job is deleted. The default value is false.
  
  snapshot_doc_count number Required
  
  For internal use only.
  
  snapshot_id string Required
  
  timestamp number Required
  
  The creation timestamp for the snapshot.

POST /_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_update

curl \
 --request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_update' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"description":"string","retain":true}'

Request examples

{
  "description": "string",
  "retain": true
}

Response examples (200)

{
  "acknowledged": true,
  "model": {
    "description": "string",
    "job_id": "string",
    "latest_record_time_stamp": 42.0,
    "latest_result_time_stamp": 42.0,
    "min_version": "string",
    "model_size_stats": {
      "bucket_allocation_failures_count": 42.0,
      "job_id": "string",
      "": 42.0,
      "memory_status": "ok",
      "assignment_memory_basis": "string",
      "result_type": "string",
      "total_by_field_count": 42.0,
      "total_over_field_count": 42.0,
      "total_partition_field_count": 42.0,
      "categorization_status": "ok",
      "categorized_doc_count": 42.0,
      "dead_category_count": 42.0,
      "failed_category_count": 42.0,
      "frequent_category_count": 42.0,
      "rare_category_count": 42.0,
      "total_category_count": 42.0,
      "timestamp": 42.0
    },
    "retain": true,
    "snapshot_doc_count": 42.0,
    "snapshot_id": "string",
    "timestamp": 42.0
  }
}

Get data frame analytics job configuration info Added in 7.3.0

GET /_ml/data_frame/analytics

Api key auth Basic auth Bearer auth

You can get information for multiple data frame analytics jobs in a single API request by using a comma-separated list of data frame analytics jobs or a wildcard expression.

Query parameters

allow_no_match boolean
Specifies what to do when the request:
1. Contains wildcard expressions and there are no data frame analytics jobs that match.
2. Contains the _all string or no identifiers and there are no matches.
3. Contains wildcard expressions and there are only partial matches.
The default value returns an empty data_frame_analytics array when there are no matches and the subset of results when there are partial matches. If this parameter is false, the request returns a 404 status code when there are no matches or only partial matches.
from number

Skips the specified number of data frame analytics jobs.
size number

Specifies the maximum number of data frame analytics jobs to obtain.
exclude_generated boolean

Indicates if certain fields should be removed from the configuration on retrieval. This allows the configuration to be in an acceptable format to be retrieved and then added to another cluster.

Responses

200 application/json
Hide response attributes Show response attributes object
- count number Required
- data_frame_analytics array[object] Required
  
  An array of data frame analytics job resources, which are sorted by the id value in ascending order.
  
  Hide data_frame_analytics attributes Show data_frame_analytics attributes object
  
  allow_lazy_start boolean
  
  analysis object Required
  
  Hide analysis attributes Show analysis attributes object
  
  classification object
  
  Hide classification attributes Show classification attributes object
  
  alpha number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This parameter affects loss calculations by acting as a multiplier of the tree depth. Higher alpha values result in shallower trees and faster training times. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to zero.
  
  dependent_variable string Required
  
  Defines which field of the document is to be predicted. It must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable. For classification analysis, the data type of the field must be numeric (integer, short, long, byte), categorical (ip or keyword), or boolean. There must be no more than 30 different values in this field. For regression analysis, the data type of the field must be numeric.
  
  downsample_factor number
  
  Advanced configuration option. Controls the fraction of data that is used to compute the derivatives of the loss function for tree training. A small value results in the use of a small fraction of the data. If this value is set to be less than 1, accuracy typically improves. However, too small a value may result in poor convergence for the ensemble and so require more trees. By default, this value is calculated during hyperparameter optimization. It must be greater than zero and less than or equal to 1.
  
  early_stopping_enabled boolean
  
  Advanced configuration option. Specifies whether the training process should finish if it is not finding any better performing models. If disabled, the training process can take significantly longer and the chance of finding a better performing model is unremarkable.
  
  eta number
  
  Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, larger forests cause slower training. By default, this value is calculated during hyperparameter optimization. It must be a value between 0.001 and 1.
  
  eta_growth_rate_per_tree number
  
  Advanced configuration option. Specifies the rate at which eta increases for each new tree that is added to the forest. For example, a rate of 1.05 increases eta by 5% for each extra tree. By default, this value is calculated during hyperparameter optimization. It must be between 0.5 and 2.
  
  feature_bag_fraction number
  
  Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
  
  feature_processors array[object]
  
  Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. However, these features are ephemeral; they are not stored in the destination index. Multiple feature_processors entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Use this property only if you want to override the automatic feature encoding of the specified fields.
  
  gamma number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. A high gamma value causes training to prefer small trees. A small gamma value results in larger individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  lambda number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularization term which applies to leaf weights of the individual trees in the forest. A high lambda value causes training to favor small leaf weights. This behavior makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. A small lambda value results in large individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  max_optimization_rounds_per_hyperparameter number
  
  Advanced configuration option. A multiplier responsible for determining the maximum number of hyperparameter optimization steps in the Bayesian optimization procedure. The maximum number of steps is determined based on the number of undefined hyperparameters times the maximum optimization rounds per hyperparameter. By default, this value is calculated during hyperparameter optimization.
  
  max_trees number
  
  Advanced configuration option. Defines the maximum number of decision trees in the forest. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
  
  num_top_feature_importance_values number
  
  Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, no feature importance calculation occurs.
  
  prediction_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  randomize_seed number
  
  Defines the seed for the random generator that is used to pick training data. By default, it is randomly generated. Set it to a specific value to use the same training data each time you start a job (assuming other related parameters such as source and analyzed_fields are the same).
  
  soft_tree_depth_limit number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This soft limit combines with the soft_tree_depth_tolerance to penalize trees that exceed the specified depth; the regularized loss increases quickly beyond this depth. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.
  
  soft_tree_depth_tolerance number
  
  Advanced configuration option. This option controls how quickly the regularized loss increases when the tree depth exceeds soft_tree_depth_limit. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.01.
  
  training_percent
  
  class_assignment_objective string
  
  num_top_classes number
  
  Defines the number of categories for which the predicted probabilities are reported. It must be non-negative or -1. If it is -1 or greater than the total number of categories, probabilities are reported for all categories; if you have a large number of categories, there could be a significant effect on the size of your destination index. NOTE: To use the AUC ROC evaluation method, num_top_classes must be set to -1 or a value greater than or equal to the total number of categories.
  
  outlier_detection object
  
  Hide outlier_detection attributes Show outlier_detection attributes object
  
  compute_feature_influence boolean
  
  Specifies whether the feature influence calculation is enabled.
  
  feature_influence_threshold number
  
  The minimum outlier score that a document needs to have in order to calculate its feature influence score. Value range: 0-1.
  
  method string
  
  The method that outlier detection uses. Available methods are lof, ldof, distance_kth_nn, distance_knn, and ensemble. The default value is ensemble, which means that outlier detection uses an ensemble of different methods and normalises and combines their individual outlier scores to obtain the overall outlier score.
  
  n_neighbors number
  
  Defines the value for how many nearest neighbors each method of outlier detection uses to calculate its outlier score. When the value is not set, different values are used for different ensemble members. This default behavior helps improve the diversity in the ensemble; only override it if you are confident that the value you choose is appropriate for the data set.
  
  outlier_fraction number
  
  The proportion of the data set that is assumed to be outlying prior to outlier detection. For example, 0.05 means it is assumed that 5% of values are real outliers and 95% are inliers.
  
  standardization_enabled boolean
  
  If true, the following operation is performed on the columns before computing outlier scores: (x_i - mean(x_i)) / sd(x_i).
  
  regression object
  
  Hide regression attributes Show regression attributes object
  
  alpha number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This parameter affects loss calculations by acting as a multiplier of the tree depth. Higher alpha values result in shallower trees and faster training times. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to zero.
  
  dependent_variable string Required
  
  Defines which field of the document is to be predicted. It must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable. For classification analysis, the data type of the field must be numeric (integer, short, long, byte), categorical (ip or keyword), or boolean. There must be no more than 30 different values in this field. For regression analysis, the data type of the field must be numeric.
  
  downsample_factor number
  
  Advanced configuration option. Controls the fraction of data that is used to compute the derivatives of the loss function for tree training. A small value results in the use of a small fraction of the data. If this value is set to be less than 1, accuracy typically improves. However, too small a value may result in poor convergence for the ensemble and so require more trees. By default, this value is calculated during hyperparameter optimization. It must be greater than zero and less than or equal to 1.
  
  early_stopping_enabled boolean
  
  Advanced configuration option. Specifies whether the training process should finish if it is not finding any better performing models. If disabled, the training process can take significantly longer and the chance of finding a better performing model is unremarkable.
  
  eta number
  
  Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, larger forests cause slower training. By default, this value is calculated during hyperparameter optimization. It must be a value between 0.001 and 1.
  
  eta_growth_rate_per_tree number
  
  Advanced configuration option. Specifies the rate at which eta increases for each new tree that is added to the forest. For example, a rate of 1.05 increases eta by 5% for each extra tree. By default, this value is calculated during hyperparameter optimization. It must be between 0.5 and 2.
  
  feature_bag_fraction number
  
  Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
  
  feature_processors array[object]
  
  Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. However, these features are ephemeral; they are not stored in the destination index. Multiple feature_processors entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Use this property only if you want to override the automatic feature encoding of the specified fields.
  
  gamma number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. A high gamma value causes training to prefer small trees. A small gamma value results in larger individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  lambda number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularization term which applies to leaf weights of the individual trees in the forest. A high lambda value causes training to favor small leaf weights. This behavior makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. A small lambda value results in large individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  max_optimization_rounds_per_hyperparameter number
  
  Advanced configuration option. A multiplier responsible for determining the maximum number of hyperparameter optimization steps in the Bayesian optimization procedure. The maximum number of steps is determined based on the number of undefined hyperparameters times the maximum optimization rounds per hyperparameter. By default, this value is calculated during hyperparameter optimization.
  
  max_trees number
  
  Advanced configuration option. Defines the maximum number of decision trees in the forest. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
  
  num_top_feature_importance_values number
  
  Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, no feature importance calculation occurs.
  
  prediction_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  randomize_seed number
  
  Defines the seed for the random generator that is used to pick training data. By default, it is randomly generated. Set it to a specific value to use the same training data each time you start a job (assuming other related parameters such as source and analyzed_fields are the same).
  
  soft_tree_depth_limit number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This soft limit combines with the soft_tree_depth_tolerance to penalize trees that exceed the specified depth; the regularized loss increases quickly beyond this depth. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.
  
  soft_tree_depth_tolerance number
  
  Advanced configuration option. This option controls how quickly the regularized loss increases when the tree depth exceeds soft_tree_depth_limit. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.01.
  
  training_percent
  
  loss_function string
  
  The loss function used during regression. Available options are mse (mean squared error), msle (mean squared logarithmic error), huber (Pseudo-Huber loss).
  
  loss_function_parameter number
  
  A positive number that is used as a parameter to the loss_function.
  
  analyzed_fields object
  
  Hide analyzed_fields attributes Show analyzed_fields attributes object
  
  includes array[string] Required
  
  An array of strings that defines the fields that will be excluded from the analysis. You do not need to add fields with unsupported data types to excludes, these fields are excluded from the analysis automatically.
  
  excludes array[string] Required
  
  An array of strings that defines the fields that will be included in the analysis.
  
  authorization object
  
  Hide authorization attributes Show authorization attributes object
  
  api_key object
  
  Hide api_key attributes Show api_key attributes object
  
  id string Required
  
  The identifier for the API key.
  
  name string Required
  
  The name of the API key.
  
  roles array[string]
  
  If a user ID was used for the most recent update to the job, its roles at the time of the update are listed in the response.
  
  service_account string
  
  If a service account was used for the most recent update to the job, the account name is listed in the response.
  
  create_time number
  
  Time unit for milliseconds
  
  description string
  
  dest object Required
  
  Hide dest attributes Show dest attributes object
  
  index string Required
  
  results_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  id string Required
  
  max_num_threads number
  
  model_memory_limit string
  
  source object Required
  
  Hide source attributes Show source attributes object
  
  index string | array[string] Required
  
  runtime_mappings object
  
  Hide runtime_mappings attribute Show runtime_mappings attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  fetch_fields array[object]
  
  For type lookup
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  includes array[string] Required
  
  An array of strings that defines the fields that will be excluded from the analysis. You do not need to add fields with unsupported data types to excludes, these fields are excluded from the analysis automatically.
  
  excludes array[string] Required
  
  An array of strings that defines the fields that will be included in the analysis.
  
  query object
  
  The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch. By default, this property has the following value: {"match_all": {}}.
  
  Query DSL
  
  version string
  
  _meta object
  
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties

GET /_ml/data_frame/analytics

curl \
 --request GET 'http://api.example.com/_ml/data_frame/analytics' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "count": 42.0,
  "data_frame_analytics": [
    {
      "allow_lazy_start": true,
      "analysis": {
        "classification": {
          "alpha": 42.0,
          "dependent_variable": "string",
          "downsample_factor": 42.0,
          "early_stopping_enabled": true,
          "eta": 42.0,
          "eta_growth_rate_per_tree": 42.0,
          "feature_bag_fraction": 42.0,
          "feature_processors": [
            {}
          ],
          "gamma": 42.0,
          "lambda": 42.0,
          "max_optimization_rounds_per_hyperparameter": 42.0,
          "max_trees": 42.0,
          "num_top_feature_importance_values": 42.0,
          "prediction_field_name": "string",
          "randomize_seed": 42.0,
          "soft_tree_depth_limit": 42.0,
          "soft_tree_depth_tolerance": 42.0,
          "class_assignment_objective": "string",
          "num_top_classes": 42.0
        },
        "outlier_detection": {
          "compute_feature_influence": true,
          "feature_influence_threshold": 42.0,
          "method": "string",
          "n_neighbors": 42.0,
          "outlier_fraction": 42.0,
          "standardization_enabled": true
        },
        "regression": {
          "alpha": 42.0,
          "dependent_variable": "string",
          "downsample_factor": 42.0,
          "early_stopping_enabled": true,
          "eta": 42.0,
          "eta_growth_rate_per_tree": 42.0,
          "feature_bag_fraction": 42.0,
          "feature_processors": [
            {}
          ],
          "gamma": 42.0,
          "lambda": 42.0,
          "max_optimization_rounds_per_hyperparameter": 42.0,
          "max_trees": 42.0,
          "num_top_feature_importance_values": 42.0,
          "prediction_field_name": "string",
          "randomize_seed": 42.0,
          "soft_tree_depth_limit": 42.0,
          "soft_tree_depth_tolerance": 42.0,
          "loss_function": "string",
          "loss_function_parameter": 42.0
        }
      },
      "analyzed_fields": {
        "includes": [
          "string"
        ],
        "excludes": [
          "string"
        ]
      },
      "authorization": {
        "api_key": {
          "id": "string",
          "name": "string"
        },
        "roles": [
          "string"
        ],
        "service_account": "string"
      },
      "": 42.0,
      "description": "string",
      "dest": {
        "index": "string",
        "results_field": "string"
      },
      "id": "string",
      "max_num_threads": 42.0,
      "model_memory_limit": "string",
      "source": {
        "index": "string",
        "runtime_mappings": {
          "additionalProperty1": {
            "fields": {},
            "fetch_fields": [
              {}
            ],
            "format": "string",
            "input_field": "string",
            "target_field": "string",
            "target_index": "string",
            "script": {},
            "type": "boolean"
          },
          "additionalProperty2": {
            "fields": {},
            "fetch_fields": [
              {}
            ],
            "format": "string",
            "input_field": "string",
            "target_field": "string",
            "target_index": "string",
            "script": {},
            "type": "boolean"
          }
        },
        "_source": {
          "includes": [
            "string"
          ],
          "excludes": [
            "string"
          ]
        },
        "query": {}
      },
      "version": "string",
      "_meta": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      }
    }
  ]
}

Create an index from a source index Technical preview

POST /_create_from/{source}/{dest}

Api key auth Basic auth Bearer auth

Copy the mappings and settings from the source index to a destination index while allowing request settings and mappings to override the source values.

Path parameters

source string Required

The source index or data stream name
dest string Required

The destination index or data stream name

application/json

Body Required

mappings_override object
Hide mappings_override attributes Show mappings_override attributes object
- all_field object
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
- date_detection boolean
- dynamic string
  
  Values are strict, runtime, true, or false.
- dynamic_date_formats array[string]
- dynamic_templates array[object]
- _field_names object
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
- index_field object
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
- _meta object
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
- numeric_detection boolean
- properties object
- _routing object
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
- _size object
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
- _source object
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  mode string
  
  Values are disabled, stored, or synthetic.
- runtime object
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
- enabled boolean
- subobjects string
  
  Values are true, false, or auto.
- _data_stream_timestamp object
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
settings_override object
Hide settings_override attributes Show settings_override attributes object
- index object
- mode string
- routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
- soft_deletes object
  Hide soft_deletes attributes Show soft_deletes attributes object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  retention_lease object
  
  Hide retention_lease attribute Show retention_lease attribute object
  
  period string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- sort object
  Hide sort attributes Show sort attributes object
  
  field string | array[string]
  
  order string | array[string]
  
  One of:
  SegmentSortOrder string array-2 array[string]
  
  Values are asc, ASC, desc, or DESC.
  
  mode string | array[string]
  
  One of:
  SegmentSortMode string array-2 array[string]
  
  Values are min, MIN, max, or MAX.
  
  missing string | array[string]
  
  One of:
  SegmentSortMissing string array-2 array[string]
  
  Values are _last or _first.
- number_of_shards number | string
  
  One of:
  number-1 number string-2 string
- number_of_replicas number | string
  
  One of:
  number-1 number string-2 string
- number_of_routing_shards number
- check_on_startup string
  
  Values are true, false, or checksum.
- codec string
- routing_partition_size number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- load_fixed_bitset_filters_eagerly boolean
- hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
- merge object
  Hide merge attribute Show merge attribute object
  
  scheduler object
  
  Hide scheduler attributes Show scheduler attributes object
  
  max_thread_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  max_merge_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- search object
  Hide search attributes Show search attributes object
  
  idle object
  
  Hide idle attribute Show idle attribute object
  
  after string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  slowlog object
  
  Hide slowlog attributes Show slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attributes Show threshold attributes object
  
  query object
  
  Hide query attributes Show query attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch object
  
  Hide fetch attributes Show fetch attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- max_result_window number
- max_inner_result_window number
- max_rescore_window number
- max_docvalue_fields_search number
- max_script_fields number
- max_ngram_diff number
- max_shingle_diff number
- blocks object
  Hide blocks attributes Show blocks attributes object
  
  read_only boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read_only_allow_delete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  write boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  metadata boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- max_refresh_listeners number
- analyze object
  Hide analyze attribute Show analyze attribute object
  
  max_token_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- highlight object
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
- max_terms_count number
- max_regex_length number
- routing object
  Hide routing attributes Show routing attributes object
  
  allocation object
  
  Hide allocation attributes Show allocation attributes object
  
  enable string
  
  Values are all, primaries, new_primaries, or none.
  
  include object
  
  Hide include attributes Show include attributes object
  
  _tier_preference string
  
  _id string
  
  initial_recovery object
  
  Hide initial_recovery attribute Show initial_recovery attribute object
  
  _id string
  
  disk object
  
  Hide disk attribute Show disk attribute object
  
  threshold_enabled boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  rebalance object
  
  Hide rebalance attribute Show rebalance attribute object
  
  enable string Required
  
  Values are all, primaries, replicas, or none.
- gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- default_pipeline string
- final_pipeline string
- lifecycle object
  Hide lifecycle attributes Show lifecycle attributes object
  
  name string
  
  indexing_complete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  step object
  
  Hide step attribute Show step attribute object
  
  wait_time_threshold string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  prefer_ilm boolean | string
  
  Preference for the system that manages a data stream backing index (preferring ILM when both ILM and DLM are applicable for an index).
  
  One of:
  boolean-1 boolean string-2 string
- provided_name string
- creation_date number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitMillis number StringifiedEpochTimeUnitMillis string
  
  Time unit for milliseconds
- creation_date_string string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- uuid string
- version object
  Hide version attributes Show version attributes object
  
  created string
  
  created_string string
- verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- format string | number
  
  One of:
  string-1 string number-2 number
- max_slices_per_scroll number
- translog object
  Hide translog attributes Show translog attributes object
  
  sync_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  durability string
  
  Values are request, REQUEST, async, or ASYNC.
  
  flush_threshold_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  retention object
  
  Hide retention attributes Show retention attributes object
  
  size number | string
  
  One of:
  ByteSize number ByteSize string
  
  age string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- query_string object
  Hide query_string attribute Show query_string attribute object
  
  lenient boolean | string Required
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- priority number | string
  
  One of:
  number-1 number string-2 string
- top_metrics_max_size number
- analysis object
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
- settings object
- time_series object
  Hide time_series attributes Show time_series attributes object
  
  end_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- queries object
  Hide queries attribute Show queries attribute object
  
  cache object
  
  Hide cache attribute Show cache attribute object
  
  enabled boolean Required
- similarity object
  
  Configure custom similarity settings to customize how search results are scored.
- mapping object
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  total_fields object
  
  Hide total_fields attributes Show total_fields attributes object
  
  limit number | string
  
  The maximum number of fields in an index. Field and object mappings, as well as field aliases count towards this limit. The limit is in place to prevent mappings and searches from becoming too large. Higher values can lead to performance degradations and memory issues, especially in clusters with a high load or few resources.
  
  One of:
  number-1 number string-2 string
  
  ignore_dynamic_beyond_limit boolean | string
  
  This setting determines what happens when a dynamically mapped field would exceed the total fields limit. When set to false (the default), the index request of the document that tries to add a dynamic field to the mapping will fail with the message Limit of total fields [X] has been exceeded. When set to true, the index request will not fail. Instead, fields that would exceed the limit are not added to the mapping, similar to dynamic: false. The fields that were not added to the mapping will be added to the _ignored field.
  
  One of:
  boolean-1 boolean string-2 string
  
  depth object
  
  Hide depth attribute Show depth attribute object
  
  limit number
  
  The maximum depth for a field, which is measured as the number of inner objects. For instance, if all fields are defined at the root object level, then the depth is 1. If there is one object mapping, then the depth is 2, etc.
  
  nested_fields object
  
  Hide nested_fields attribute Show nested_fields attribute object
  
  limit number
  
  The maximum number of distinct nested mappings in an index. The nested type should only be used in special cases, when arrays of objects need to be queried independently of each other. To safeguard against poorly designed mappings, this setting limits the number of unique nested types per index.
  
  nested_objects object
  
  Hide nested_objects attribute Show nested_objects attribute object
  
  limit number
  
  The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects.
  
  field_name_length object
  
  Hide field_name_length attribute Show field_name_length attribute object
  
  limit number
  
  Setting for the maximum length of a field name. This setting isn’t really something that addresses mappings explosion but might still be useful if you want to limit the field length. It usually shouldn’t be necessary to set this setting. The default is okay unless a user starts to add a huge number of fields with really long names. Default is Long.MAX_VALUE (no limit).
  
  dimension_fields object
  
  Hide dimension_fields attribute Show dimension_fields attribute object
  
  limit number
  
  [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
  
  source object
  
  Hide source attribute Show source attribute object
  
  mode string Required
  
  Values are disabled, stored, or synthetic.
  
  ignore_malformed boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- indexing.slowlog object
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attribute Show threshold attribute object
  
  index object
  
  Hide index attributes Show index attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- indexing_pressure object
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object Required
  
  Hide memory attribute Show memory attribute object
  
  limit number
  
  Number of outstanding bytes that may be consumed by indexing requests. When this limit is reached or exceeded, the node will reject new coordinating and primary operations. When replica operations consume 1.5x this limit, the node will reject new replica operations. Defaults to 10% of the heap.
- store object
  Hide store attributes Show store attributes object
  
  type string Required
  
  Any of:
  StorageType string StorageType string
  
  Values are fs, niofs, mmapfs, or hybridfs.
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.
remove_index_blocks boolean

If index blocks should be removed when creating destination index (optional)

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- index string Required
- shards_acknowledged boolean Required

POST /_create_from/{source}/{dest}

curl \
 --request POST 'http://api.example.com/_create_from/{source}/{dest}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"mappings_override":{"all_field":{"analyzer":"string","enabled":true,"omit_norms":true,"search_analyzer":"string","similarity":"string","store":true,"store_term_vector_offsets":true,"store_term_vector_payloads":true,"store_term_vector_positions":true,"store_term_vectors":true},"date_detection":true,"dynamic":"strict","dynamic_date_formats":["string"],"dynamic_templates":[{}],"_field_names":{"enabled":true},"index_field":{"enabled":true},"_meta":{"additionalProperty1":{},"additionalProperty2":{}},"numeric_detection":true,"properties":{},"_routing":{"required":true},"_size":{"enabled":true},"_source":{"compress":true,"compress_threshold":"string","enabled":true,"excludes":["string"],"includes":["string"],"mode":"disabled"},"runtime":{"additionalProperty1":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"},"additionalProperty2":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"}},"enabled":true,"subobjects":"true","_data_stream_timestamp":{"enabled":true}},"settings_override":{"index":{},"mode":"string","routing_path":"string","soft_deletes":{"enabled":true,"retention_lease":{"period":"string"}},"sort":{"field":"string","order":"asc","mode":"min","missing":"_last"},"number_of_shards":42.0,"number_of_replicas":42.0,"number_of_routing_shards":42.0,"check_on_startup":"true","codec":"string","":"string","load_fixed_bitset_filters_eagerly":true,"hidden":true,"auto_expand_replicas":"string","merge":{"scheduler":{"":42.0}},"search":{"idle":{"after":"string"},"slowlog":{"level":"string","source":42.0,"reformat":true,"threshold":{"query":{"warn":"string","info":"string","debug":"string","trace":"string"},"fetch":{"warn":"string","info":"string","debug":"string","trace":"string"}}}},"refresh_interval":"string","max_result_window":42.0,"max_inner_result_window":42.0,"max_rescore_window":42.0,"max_docvalue_fields_search":42.0,"max_script_fields":42.0,"max_ngram_diff":42.0,"max_shingle_diff":42.0,"blocks":{"":true},"max_refresh_listeners":42.0,"analyze":{"":42.0},"highlight":{"max_analyzed_offset":42.0},"max_terms_count":42.0,"max_regex_length":42.0,"routing":{"allocation":{"enable":"all","include":{"_tier_preference":"string","_id":"string"},"initial_recovery":{"_id":"string"},"disk":{"threshold_enabled":true}},"rebalance":{"enable":"all"}},"gc_deletes":"string","default_pipeline":"string","final_pipeline":"string","lifecycle":{"name":"string","":true,"origination_date":42.0,"parse_origination_date":true,"step":{"wait_time_threshold":"string"},"rollover_alias":"string","prefer_ilm":true},"provided_name":"string","uuid":"string","version":{"created":"string","created_string":"string"},"verified_before_close":true,"format":"string","max_slices_per_scroll":42.0,"translog":{"sync_interval":"string","durability":"request","":42.0,"retention":{"":42.0,"age":"string"}},"query_string":{"":true},"priority":42.0,"top_metrics_max_size":42.0,"analysis":{"analyzer":{},"char_filter":{},"filter":{},"normalizer":{},"tokenizer":{}},"settings":{},"time_series":{"":"string"},"queries":{"cache":{"enabled":true}},"similarity":{},"mapping":{"coerce":true,"total_fields":{"limit":42.0,"ignore_dynamic_beyond_limit":true},"depth":{"limit":42.0},"nested_fields":{"limit":42.0},"nested_objects":{"limit":42.0},"field_name_length":{"limit":42.0},"dimension_fields":{"limit":42.0},"source":{"mode":"disabled"},"ignore_malformed":true},"indexing.slowlog":{"level":"string","source":42.0,"reformat":true,"threshold":{"index":{"warn":"string","info":"string","debug":"string","trace":"string"}}},"indexing_pressure":{"memory":{"limit":42.0}},"store":{"":"fs","allow_mmap":true}},"remove_index_blocks":true}'

Request examples

{
  "mappings_override": {
    "all_field": {
      "analyzer": "string",
      "enabled": true,
      "omit_norms": true,
      "search_analyzer": "string",
      "similarity": "string",
      "store": true,
      "store_term_vector_offsets": true,
      "store_term_vector_payloads": true,
      "store_term_vector_positions": true,
      "store_term_vectors": true
    },
    "date_detection": true,
    "dynamic": "strict",
    "dynamic_date_formats": [
      "string"
    ],
    "dynamic_templates": [
      {}
    ],
    "_field_names": {
      "enabled": true
    },
    "index_field": {
      "enabled": true
    },
    "_meta": {
      "additionalProperty1": {},
      "additionalProperty2": {}
    },
    "numeric_detection": true,
    "properties": {},
    "_routing": {
      "required": true
    },
    "_size": {
      "enabled": true
    },
    "_source": {
      "compress": true,
      "compress_threshold": "string",
      "enabled": true,
      "excludes": [
        "string"
      ],
      "includes": [
        "string"
      ],
      "mode": "disabled"
    },
    "runtime": {
      "additionalProperty1": {
        "fields": {
          "additionalProperty1": {
            "type": "boolean"
          },
          "additionalProperty2": {
            "type": "boolean"
          }
        },
        "fetch_fields": [
          {
            "field": "string",
            "format": "string"
          }
        ],
        "format": "string",
        "input_field": "string",
        "target_field": "string",
        "target_index": "string",
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "type": "boolean"
      },
      "additionalProperty2": {
        "fields": {
          "additionalProperty1": {
            "type": "boolean"
          },
          "additionalProperty2": {
            "type": "boolean"
          }
        },
        "fetch_fields": [
          {
            "field": "string",
            "format": "string"
          }
        ],
        "format": "string",
        "input_field": "string",
        "target_field": "string",
        "target_index": "string",
        "script": {
          "source": "string",
          "id": "string",
          "params": {
            "additionalProperty1": {},
            "additionalProperty2": {}
          },
          "": "painless",
          "options": {
            "additionalProperty1": "string",
            "additionalProperty2": "string"
          }
        },
        "type": "boolean"
      }
    },
    "enabled": true,
    "subobjects": "true",
    "_data_stream_timestamp": {
      "enabled": true
    }
  },
  "settings_override": {
    "index": {},
    "mode": "string",
    "routing_path": "string",
    "soft_deletes": {
      "enabled": true,
      "retention_lease": {
        "period": "string"
      }
    },
    "sort": {
      "field": "string",
      "order": "asc",
      "mode": "min",
      "missing": "_last"
    },
    "number_of_shards": 42.0,
    "number_of_replicas": 42.0,
    "number_of_routing_shards": 42.0,
    "check_on_startup": "true",
    "codec": "string",
    "": "string",
    "load_fixed_bitset_filters_eagerly": true,
    "hidden": true,
    "auto_expand_replicas": "string",
    "merge": {
      "scheduler": {
        "": 42.0
      }
    },
    "search": {
      "idle": {
        "after": "string"
      },
      "slowlog": {
        "level": "string",
        "source": 42.0,
        "reformat": true,
        "threshold": {
          "query": {
            "warn": "string",
            "info": "string",
            "debug": "string",
            "trace": "string"
          },
          "fetch": {
            "warn": "string",
            "info": "string",
            "debug": "string",
            "trace": "string"
          }
        }
      }
    },
    "refresh_interval": "string",
    "max_result_window": 42.0,
    "max_inner_result_window": 42.0,
    "max_rescore_window": 42.0,
    "max_docvalue_fields_search": 42.0,
    "max_script_fields": 42.0,
    "max_ngram_diff": 42.0,
    "max_shingle_diff": 42.0,
    "blocks": {
      "": true
    },
    "max_refresh_listeners": 42.0,
    "analyze": {
      "": 42.0
    },
    "highlight": {
      "max_analyzed_offset": 42.0
    },
    "max_terms_count": 42.0,
    "max_regex_length": 42.0,
    "routing": {
      "allocation": {
        "enable": "all",
        "include": {
          "_tier_preference": "string",
          "_id": "string"
        },
        "initial_recovery": {
          "_id": "string"
        },
        "disk": {
          "threshold_enabled": true
        }
      },
      "rebalance": {
        "enable": "all"
      }
    },
    "gc_deletes": "string",
    "default_pipeline": "string",
    "final_pipeline": "string",
    "lifecycle": {
      "name": "string",
      "": true,
      "origination_date": 42.0,
      "parse_origination_date": true,
      "step": {
        "wait_time_threshold": "string"
      },
      "rollover_alias": "string",
      "prefer_ilm": true
    },
    "provided_name": "string",
    "uuid": "string",
    "version": {
      "created": "string",
      "created_string": "string"
    },
    "verified_before_close": true,
    "format": "string",
    "max_slices_per_scroll": 42.0,
    "translog": {
      "sync_interval": "string",
      "durability": "request",
      "": 42.0,
      "retention": {
        "": 42.0,
        "age": "string"
      }
    },
    "query_string": {
      "": true
    },
    "priority": 42.0,
    "top_metrics_max_size": 42.0,
    "analysis": {
      "analyzer": {},
      "char_filter": {},
      "filter": {},
      "normalizer": {},
      "tokenizer": {}
    },
    "settings": {},
    "time_series": {
      "": "string"
    },
    "queries": {
      "cache": {
        "enabled": true
      }
    },
    "similarity": {},
    "mapping": {
      "coerce": true,
      "total_fields": {
        "limit": 42.0,
        "ignore_dynamic_beyond_limit": true
      },
      "depth": {
        "limit": 42.0
      },
      "nested_fields": {
        "limit": 42.0
      },
      "nested_objects": {
        "limit": 42.0
      },
      "field_name_length": {
        "limit": 42.0
      },
      "dimension_fields": {
        "limit": 42.0
      },
      "source": {
        "mode": "disabled"
      },
      "ignore_malformed": true
    },
    "indexing.slowlog": {
      "level": "string",
      "source": 42.0,
      "reformat": true,
      "threshold": {
        "index": {
          "warn": "string",
          "info": "string",
          "debug": "string",
          "trace": "string"
        }
      }
    },
    "indexing_pressure": {
      "memory": {
        "limit": 42.0
      }
    },
    "store": {
      "": "fs",
      "allow_mmap": true
    }
  },
  "remove_index_blocks": true
}

Response examples (200)

{
  "acknowledged": true,
  "index": "string",
  "shards_acknowledged": true
}

Delete a rollup job Deprecated Technical preview

DELETE /_rollup/job/{id}

Api key auth Basic auth Bearer auth

A job must be stopped before it can be deleted. If you attempt to delete a started job, an error occurs. Similarly, if you attempt to delete a nonexistent job, an exception occurs.

IMPORTANT: When you delete a job, you remove only the process that is actively monitoring and rolling up data. The API does not delete any previously rolled up data. This is by design; a user may wish to roll up a static data set. Because the data set is static, after it has been fully rolled up there is no need to keep the indexing rollup job around (as there will be no new data). Thus the job can be deleted, leaving behind the rolled up data for analysis. If you wish to also remove the rollup data and the rollup index contains the data for only a single job, you can delete the whole rollup index. If the rollup index stores data from several jobs, you must issue a delete-by-query that targets the rollup job's identifier in the rollup index. For example:

POST my_rollup_index/_delete_by_query
{
  "query": {
    "term": {
      "_rollup.id": "the_rollup_job_id"
    }
  }
}

Path parameters

id string Required

Identifier for the job.

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- task_failures array[object]
  
  Hide task_failures attributes Show task_failures attributes object
  
  task_id number Required
  
  node_id string Required
  
  status string Required
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]

DELETE /_rollup/job/{id}

curl \
 --request DELETE 'http://api.example.com/_rollup/job/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `DELETE _rollup/job/sensor`.

{
  "acknowledged": true
}

Run multiple templated searches Added in 5.0.0

GET /_msearch/template

Api key auth Basic auth Bearer auth

Run multiple templated searches with a single request. If you are providing a text file or text input to curl, use the --data-binary flag instead of -d to preserve newlines. For example:

$ cat requests
{ "index": "my-index" }
{ "id": "my-search-template", "params": { "query_string": "hello world", "from": 0, "size": 10 }}
{ "index": "my-other-index" }
{ "id": "my-other-search-template", "params": { "query_type": "match_all" }}

$ curl -H "Content-Type: application/x-ndjson" -XGET localhost:9200/_msearch/template --data-binary "@requests"; echo

External documentation

Query parameters

ccs_minimize_roundtrips boolean

If true, network round-trips are minimized for cross-cluster search requests.
max_concurrent_searches number

The maximum number of concurrent searches the API can run.
search_type string

The type of the search operation.

Values are query_then_fetch or dfs_query_then_fetch.
rest_total_hits_as_int boolean

If true, the response returns hits.total as an integer. If false, it returns hits.total as an object.
typed_keys boolean

If true, the response prefixes aggregation and suggester names with their respective types.

application/json

Body object Required

allow_no_indices boolean
expand_wildcards string | array[string]
ignore_unavailable boolean
index string | array[string]
preference string
request_cache boolean
routing string
search_type string

Values are query_then_fetch or dfs_query_then_fetch.
ccs_minimize_roundtrips boolean
allow_partial_search_results boolean
ignore_throttled boolean

explain boolean

If true, returns detailed information about score calculation as part of each hit.
id string
params object

Key-value pairs used to replace Mustache variables in the template. The key is the variable name. The value is the variable value.
Hide params attribute Show params attribute object
- * object Additional properties
profile boolean

If true, the query execution is profiled.
source string

An inline search template. Supports the same parameters as the search API's request body. It also supports Mustache variables. If no id is specified, this parameter is required.

Responses

200 application/json
Hide response attributes Show response attributes object
- took number Required
- responses array[object] Required
  
  One of:
  MultiSearchItem object ErrorResponseBase object
  
  Hide attributes Show attributes
  
  took number Required
  
  The number of milliseconds it took Elasticsearch to run the request. This value is calculated by measuring the time elapsed between receipt of a request on the coordinating node and the time at which the coordinating node is ready to send the response. It includes:
  
  Communication time between the coordinating node and data nodes
  
  Time the request spends in the search thread pool, queued for execution
  
  Actual run time
  
  It does not include:
  
  Time needed to send the request to Elasticsearch
  
  Time needed to serialize the JSON response
  
  Time needed to send the response to a client
  
  timed_out boolean Required
  
  If true, the request timed out before completion; returned results may be partial or empty.
  
  _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  skipped number
  
  hits object Required
  
  Hide hits attributes Show hits attributes object
  
  total
  
  hits array[object] Required
  
  max_score
  
  aggregations object
  
  _clusters object
  
  Hide _clusters attributes Show _clusters attributes object
  
  skipped number Required
  
  successful number Required
  
  total number Required
  
  running number Required
  
  partial number Required
  
  failed number Required
  
  details object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  max_score number
  
  num_reduce_phases number
  
  profile object
  
  Hide profile attribute Show profile attribute object
  
  shards array[object] Required
  
  pit_id string
  
  _scroll_id string
  
  suggest object
  
  Hide suggest attribute Show suggest attribute object
  
  * array[object] Additional properties
  
  terminated_early boolean
  
  status number
  
  Hide attributes Show attributes
  
  error object Required
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  status number Required

GET /_msearch/template

curl \
 --request GET 'http://api.example.com/_msearch/template' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{ }\n{ \"id\": \"my-search-template\", \"params\": { \"query_string\": \"hello world\", \"from\": 0, \"size\": 10 }}\n{ }\n{ \"id\": \"my-other-search-template\", \"params\": { \"query_type\": \"match_all\" }}"'

Request example

Run `GET my-index/_msearch/template` to run multiple templated searches.

{ }
{ "id": "my-search-template", "params": { "query_string": "hello world", "from": 0, "size": 10 }}
{ }
{ "id": "my-other-search-template", "params": { "query_type": "match_all" }}

Response examples (200)

{
  "took": 42.0,
  "responses": [
    {
      "took": 42.0,
      "timed_out": true,
      "_shards": {
        "failed": 42.0,
        "successful": 42.0,
        "total": 42.0,
        "failures": [
          {}
        ],
        "skipped": 42.0
      },
      "hits": {
        "hits": [
          {}
        ]
      },
      "aggregations": {},
      "_clusters": {
        "skipped": 42.0,
        "successful": 42.0,
        "total": 42.0,
        "running": 42.0,
        "partial": 42.0,
        "failed": 42.0,
        "details": {}
      },
      "fields": {
        "additionalProperty1": {},
        "additionalProperty2": {}
      },
      "max_score": 42.0,
      "num_reduce_phases": 42.0,
      "profile": {
        "shards": [
          {}
        ]
      },
      "pit_id": "string",
      "_scroll_id": "string",
      "suggest": {
        "additionalProperty1": [
          {}
        ],
        "additionalProperty2": [
          {}
        ]
      },
      "terminated_early": true,
      "status": 42.0
    }
  ]
}

POST /{index}/_search

Api key auth Basic auth Bearer auth

Get search hits that match the query defined in the request. You can provide search queries using the q query string parameter or the request body. If both are specified, only the query parameter is used.

If the Elasticsearch security features are enabled, you must have the read index privilege for the target data stream, index, or alias. For cross-cluster search, refer to the documentation about configuring CCS privileges. To search a point in time (PIT) for an alias, you must have the read index privilege for the alias's data streams or indices.

Search slicing

When paging through a large number of documents, it can be helpful to split the search into multiple slices to consume them independently with the slice and pit properties. By default the splitting is done first on the shards, then locally on each shard. The local splitting partitions the shard into contiguous ranges based on Lucene document IDs.

For instance if the number of shards is equal to 2 and you request 4 slices, the slices 0 and 2 are assigned to the first shard and the slices 1 and 3 are assigned to the second shard.

IMPORTANT: The same point-in-time ID should be used for all slices. If different PIT IDs are used, slices can overlap and miss documents. This situation can occur because the splitting criterion is based on Lucene document IDs, which are not stable across changes to the index.

External documentation

Path parameters

index string | array[string] Required

A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use * or _all.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
allow_partial_search_results boolean

If true and there are shard request timeouts or shard failures, the request returns partial results. If false, it returns an error with no partial results.

To override the default behavior, you can set the search.default_allow_partial_results cluster setting to false.
analyzer string

The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified.
analyze_wildcard boolean

If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified.
batched_reduce_size number

The number of shard results that should be reduced at once on the coordinating node. If the potential number of shards in the request can be large, this value should be used as a protection mechanism to reduce the memory overhead per search request.
ccs_minimize_roundtrips boolean

If true, network round-trips between the coordinating node and the remote clusters are minimized when running cross-cluster search (CCS) requests.
default_operator string

The default operator for the query string query: AND or OR. This parameter can be used only when the q query string parameter is specified.

Values are and, AND, or, or OR.
df string

The field to use as a default when no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified.
docvalue_fields string | array[string]

A comma-separated list of fields to return as the docvalue representation of a field for each hit.
expand_wildcards string | array[string]

The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values such as open,hidden.
explain boolean

If true, the request returns detailed information about score computation as part of a hit.
ignore_throttled boolean Deprecated

If true, concrete, expanded or aliased indices will be ignored when frozen.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.
include_named_queries_score boolean

If true, the response includes the score contribution from any named queries.

This functionality reruns each named query on every hit in a search response. Typically, this adds a small overhead to a request. However, using computationally expensive named queries on a large number of hits may add significant overhead.
lenient boolean

If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified.
max_concurrent_shard_requests number

The number of concurrent shard requests per node that the search runs concurrently. This value should be used to limit the impact of the search on the cluster in order to limit the number of concurrent shard requests.
min_compatible_shard_node string

The minimum version of the node that can handle the request Any handling node with a lower version will fail the request.
preference string
The nodes and shards used for the search. By default, Elasticsearch selects from eligible nodes and shards using adaptive replica selection, accounting for allocation awareness. Valid values are:
- _only_local to run the search only on shards on the local node;
- _local to, if possible, run the search on shards on the local node, or if not, select shards using the default method;
- _only_nodes:<node-id>,<node-id> to run the search on only the specified nodes IDs, where, if suitable shards exist on more than one selected node, use shards on those nodes using the default method, or if none of the specified nodes are available, select shards from any available node using the default method;
- _prefer_nodes:<node-id>,<node-id> to if possible, run the search on the specified nodes IDs, or if not, select shards using the default method;
- _shards:<shard>,<shard> to run the search only on the specified shards;
- <custom-string> (any string that does not start with _) to route searches with the same <custom-string> to the same shards in the same order.
pre_filter_shard_size number
A threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method (if date filters are mandatory to match but the shard bounds and the query are disjoint). When unspecified, the pre-filter phase is executed if any of these conditions is met:
- The request targets more than 128 shards.
- The request targets one or more read-only index.
- The primary sort of the query targets an indexed field.
request_cache boolean

If true, the caching of search results is enabled for requests where size is 0. It defaults to index level settings.
routing string

A custom value that is used to route operations to a specific shard.
scroll string

The period to retain the search context for scrolling. By default, this value cannot exceed 1d (24 hours). You can change this limit by using the search.max_keep_alive cluster-level setting.
search_type string

Indicates how distributed term frequencies are calculated for relevance scoring.

Values are query_then_fetch or dfs_query_then_fetch.
stats array[string]

Specific tag of the request for logging and statistical purposes.
stored_fields string | array[string]

A comma-separated list of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. You can pass _source: true to return both source fields and stored fields in the search response.
suggest_field string

The field to use for suggestions.
suggest_mode string

The suggest mode. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified.

Values are missing, popular, or always.
suggest_size number

The number of suggestions to return. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified.
suggest_text string

The source text for which the suggestions should be returned. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified.
terminate_after number

The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.

IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers. If set to 0 (default), the query does not terminate early.
timeout string

The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. It defaults to no timeout.
track_total_hits boolean | number

The number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query.
track_scores boolean

If true, the request calculates and returns document scores, even if the scores are not used for sorting.
typed_keys boolean

If true, aggregation and suggester names are be prefixed by their respective types in the response.
rest_total_hits_as_int boolean

Indicates whether hits.total should be rendered as an integer or an object in the rest search response.
version boolean

If true, the request returns the document version as part of a hit.
_source boolean | string | array[string]
The source fields that are returned for matching documents. These fields are returned in the hits._source property of the search response. Valid values are:
- true to return the entire document source.
- false to not return the document source.
- <string> to return the source fields that are specified as a comma-separated list that supports wildcard (*) patterns.
_source_excludes string | array[string]

A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored.
_source_includes string | array[string]

A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored.
seq_no_primary_term boolean

If true, the request returns the sequence number and primary term of the last modification of each hit.
q string

A query in the Lucene query string syntax. Query parameter searches do not support the full Elasticsearch Query DSL but are handy for testing.

IMPORTANT: This parameter overrides the query parameter in the request body. If both parameters are specified, documents matching the query request body parameter are not returned.
size number

The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
from number

The starting document offset, which must be non-negative. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
sort string | array[string]

A comma-separated list of <field>:<direction> pairs.
force_synthetic_source boolean

Should this request force synthetic _source? Use this to test if the mapping supports synthetic _source and to get a sense of the worst case performance. Fetches with this enabled will be slower the enabling synthetic source natively in the index.

application/json

Body

aggregations object

Defines the aggregations that are run as part of the search request.
collapse object
External documentation
explain boolean

If true, the request returns detailed information about score computation as part of a hit.
ext object

Configuration of search extensions defined by Elasticsearch plugins.
Hide ext attribute Show ext attribute object
- * object Additional properties
from number

The starting document offset, which must be non-negative. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
highlight object
Hide highlight attributes Show highlight attributes object
- type string
 
 Any of:
 HighlighterType string HighlighterType string
 
 Values are plain, fvh, or unified.
- boundary_chars string
 
 A string that contains each boundary character.
- boundary_max_scan number
 
 How far to scan for boundary characters.
- boundary_scanner string
 
 Values are chars, sentence, or word.
- boundary_scanner_locale string
 
 Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".
- force_source boolean Deprecated
- fragmenter string
 
 Values are simple or span.
- fragment_size number
 
 The size of the highlighted fragment in characters.
- highlight_filter boolean
- highlight_query object
 
 An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
 
 External documentation
- max_fragment_length number
- max_analyzed_offset number
 
 If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.
- no_match_size number
 
 The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.
- number_of_fragments number
 
 The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.
- options object
 Hide options attribute Show options attribute object
 
 * object Additional properties
- order string
 
 Value is score.
- phrase_limit number
 
 Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.
- post_tags array[string]
 
 Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- pre_tags array[string]
 
 Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.
- require_field_match boolean
 
 By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.
- tags_schema string
 
 Value is styled.
- encoder string
 
 Values are default or html.
- fields object Required
track_total_hits boolean | number

Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
indices_boost array[object]

Boost the _score of documents from specified indices. The boost value is the factor by which scores are multiplied. A boost value greater than 1.0 increases the score. A boost value between 0 and 1.0 decreases the score.

External documentation
Hide indices_boost attribute Show indices_boost attribute object
- * number Additional properties
docvalue_fields array[object]

An array of wildcard (*) field patterns. The request returns doc values for field names matching these patterns in the hits.fields property of the response.

External documentation
Hide docvalue_fields attributes Show docvalue_fields attributes object
- field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
knn object | array[object]

The approximate kNN search to run.
One of:
KnnSearch object array-2 array[object]
Hide attributes Show attributes

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

query_vector array[number]

query_vector_builder object

Hide query_vector_builder attribute Show query_vector_builder attribute object

text_embedding object

Hide text_embedding attributes Show text_embedding attributes object

model_id string Required

model_text string Required

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

Hide inner_hits attributes Show inner_hits attributes object

name string

size number

The maximum number of hits to return per inner_hits.

from number

Inner hit starting document offset.

collapse object
External documentation

docvalue_fields array[object]

Hide docvalue_fields attributes Show docvalue_fields attributes object

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

format string

The format in which the values are returned.

include_unmapped boolean

explain boolean

highlight object

Hide highlight attributes Show highlight attributes object

type string

Any of:
HighlighterType string HighlighterType string

Values are plain, fvh, or unified.

boundary_chars string

A string that contains each boundary character.

boundary_max_scan number

How far to scan for boundary characters.

boundary_scanner string

Values are chars, sentence, or word.

boundary_scanner_locale string

Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".

force_source boolean Deprecated

fragmenter string

Values are simple or span.

fragment_size number

The size of the highlighted fragment in characters.

highlight_filter boolean

highlight_query object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

max_fragment_length number

max_analyzed_offset number

If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.

no_match_size number

The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.

number_of_fragments number

The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.

options object

Hide options attribute Show options attribute object

* object Additional properties

order string

Value is score.

phrase_limit number

Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.

post_tags array[string]

Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.

pre_tags array[string]

Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.

require_field_match boolean

By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.

tags_schema string

Value is styled.

encoder string

Values are default or html.

fields object Required

ignore_unmapped boolean

script_fields object

Hide script_fields attribute Show script_fields attribute object

* object Additional properties

Hide * attributes Show * attributes object

script object Required

Hide script attributes Show script attributes object

source string

The script source.

id string

params object

Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

lang

options object

ignore_failure boolean

seq_no_primary_term boolean

fields string | array[string]

sort string | object | array[string | object]

One of:
Field string SortOptions object Sort array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.

One of:
SourceConfig boolean SourceFilter object

stored_fields string | array[string]

track_scores boolean

version boolean

rescore_vector object

Hide rescore_vector attribute Show rescore_vector attribute object

oversample number Required

Applies the specified oversample factor to k on the approximate kNN search
External documentation
Hide attributes Show attributes object

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

query_vector array[number]

query_vector_builder object

Hide query_vector_builder attribute Show query_vector_builder attribute object

text_embedding object

Hide text_embedding attributes Show text_embedding attributes object

model_id string Required

model_text string Required

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

Hide inner_hits attributes Show inner_hits attributes object

name string

size number

The maximum number of hits to return per inner_hits.

from number

Inner hit starting document offset.

collapse object
External documentation

docvalue_fields array[object]

Hide docvalue_fields attributes Show docvalue_fields attributes object

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

format string

The format in which the values are returned.

include_unmapped boolean

explain boolean

highlight object

Hide highlight attributes Show highlight attributes object

type

boundary_chars string

A string that contains each boundary character.

boundary_max_scan number

How far to scan for boundary characters.

boundary_scanner string

Values are chars, sentence, or word.

boundary_scanner_locale string

Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".

force_source boolean Deprecated

fragmenter string

Values are simple or span.

fragment_size number

The size of the highlighted fragment in characters.

highlight_filter boolean

highlight_query object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

max_fragment_length number

max_analyzed_offset number

If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.

no_match_size number

The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.

number_of_fragments number

The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.

options object

order string

Value is score.

phrase_limit number

Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.

post_tags array[string]

Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.

pre_tags array[string]

Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in  and  tags.

require_field_match boolean

By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.

tags_schema string

Value is styled.

encoder string

Values are default or html.

fields object Required

ignore_unmapped boolean

script_fields object

Hide script_fields attribute Show script_fields attribute object

* object Additional properties

Hide * attributes Show * attributes object

script object Required

ignore_failure boolean

seq_no_primary_term boolean

fields string | array[string]

sort string | object | array[string | object]

One of:
Field string SortOptions object Sort array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.

One of:
SourceConfig boolean SourceFilter object

stored_fields string | array[string]

track_scores boolean

version boolean

rescore_vector object

Hide rescore_vector attribute Show rescore_vector attribute object

oversample number Required

Applies the specified oversample factor to k on the approximate kNN search
rank object
Hide rank attribute Show rank attribute object
- rrf object
  Hide rrf attributes Show rrf attributes object
  
  rank_constant number
  
  How much influence documents in individual result sets per query have over the final ranked result set
  
  rank_window_size number
  
  Size of the individual result sets per query
min_score number

The minimum _score for matching documents. Documents with a lower _score are not included in the search results.
post_filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
profile boolean

Set to true to return detailed timing information about the execution of individual components in a search request. NOTE: This is a debugging tool and adds significant overhead to search execution.
query object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
rescore object | array[object]

Can be used to improve precision by reordering just the top (for example 100 - 500) documents returned by the query and post_filter phases.
One of:
Rescore object array-2 array[object]
Hide attributes Show attributes

window_size number

query object

Hide query attributes Show query attributes object

rescore_query object Required

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

query_weight number

Relative importance of the original query versus the rescore query.

rescore_query_weight number

Relative importance of the rescore query versus the original query.

score_mode string

Values are avg, max, min, multiply, or total.

learning_to_rank object

Hide learning_to_rank attributes Show learning_to_rank attributes object

model_id string Required

The unique identifier of the trained model uploaded to Elasticsearch

params object

Named parameters to be passed to the query templates used for feature

Hide params attribute Show params attribute object

* object Additional properties
Hide attributes Show attributes object

window_size number

query object

Hide query attributes Show query attributes object

rescore_query object Required

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

query_weight number

Relative importance of the original query versus the rescore query.

rescore_query_weight number

Relative importance of the rescore query versus the original query.

score_mode string

Values are avg, max, min, multiply, or total.

learning_to_rank object

Hide learning_to_rank attributes Show learning_to_rank attributes object

model_id string Required

The unique identifier of the trained model uploaded to Elasticsearch

params object

Named parameters to be passed to the query templates used for feature

Hide params attribute Show params attribute object

* object Additional properties
retriever object
Hide retriever attributes Show retriever attributes object
- standard object
  Hide standard attributes Show standard attributes object
  
  filter object | array[object]
  
  Query to filter the documents that can match.
  
  One of:
  QueryContainer object array-2 array[object]
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  min_score number
  
  Minimum _score for matching documents. Documents with a lower _score are not included in the top documents.
  
  query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  search_after array[number | string | boolean | null | object]
  
  A field value.
  
  A field value.
  
  One of:
  FieldValue number FieldValue number FieldValue string FieldValue boolean FieldValue string | null FieldValue object
  
  terminate_after number
  
  Maximum number of documents to collect for each shard.
  
  sort string | object | array[string | object]
  
  One of:
  Field string SortOptions object Sort array[string | object]
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  collapse object
  External documentation
- knn object
  Hide knn attributes Show knn attributes object
  
  filter object | array[object]
  
  Query to filter the documents that can match.
  
  One of:
  QueryContainer object array-2 array[object]
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  min_score number
  
  Minimum _score for matching documents. Documents with a lower _score are not included in the top documents.
  
  field string Required
  
  The name of the vector field to search against.
  
  query_vector array[number]
  
  query_vector_builder object
  
  Hide query_vector_builder attribute Show query_vector_builder attribute object
  
  text_embedding object
  
  Hide text_embedding attributes Show text_embedding attributes object
  
  model_id string Required
  
  model_text string Required
  
  k number Required
  
  Number of nearest neighbors to return as top hits.
  
  num_candidates number Required
  
  Number of nearest neighbor candidates to consider per shard.
  
  similarity number
  
  The minimum similarity required for a document to be considered a match.
  
  rescore_vector object
  
  Hide rescore_vector attribute Show rescore_vector attribute object
  
  oversample number Required
  
  Applies the specified oversample factor to k on the approximate kNN search
- rrf object
  Hide rrf attributes Show rrf attributes object
  
  filter object | array[object]
  
  Query to filter the documents that can match.
  
  One of:
  QueryContainer object array-2 array[object]
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  min_score number
  
  Minimum _score for matching documents. Documents with a lower _score are not included in the top documents.
  
  retrievers array[object] Required
  
  A list of child retrievers to specify which sets of returned top documents will have the RRF formula applied to them.
  
  rank_constant number
  
  This value determines how much influence documents in individual result sets per query have over the final ranked result set.
  
  rank_window_size number
  
  This value determines the size of the individual result sets per query.
- text_similarity_reranker object
  Hide text_similarity_reranker attributes Show text_similarity_reranker attributes object
  
  filter object | array[object]
  
  Query to filter the documents that can match.
  
  One of:
  QueryContainer object array-2 array[object]
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  min_score number
  
  Minimum _score for matching documents. Documents with a lower _score are not included in the top documents.
  
  retriever object Required
  
  rank_window_size number
  
  This value determines how many documents we will consider from the nested retriever.
  
  inference_id string
  
  Unique identifier of the inference endpoint created using the inference API.
  
  inference_text string
  
  The text snippet used as the basis for similarity comparison
  
  field string
  
  The document field to be used for text similarity comparisons. This field should contain the text that will be evaluated against the inference_text
- rule object
  Hide rule attributes Show rule attributes object
  
  filter object | array[object]
  
  Query to filter the documents that can match.
  
  One of:
  QueryContainer object array-2 array[object]
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  min_score number
  
  Minimum _score for matching documents. Documents with a lower _score are not included in the top documents.
  
  ruleset_ids array[string] Required
  
  The ruleset IDs containing the rules this retriever is evaluating against.
  
  match_criteria object Required
  
  The match criteria that will determine if a rule in the provided rulesets should be applied.
  
  retriever object Required
  
  rank_window_size number
  
  This value determines the size of the individual result set.
script_fields object

Retrieve a script evaluation (based on different fields) for each hit.
Hide script_fields attribute Show script_fields attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
search_after array[number | string | boolean | null | object]

A field value.

A field value.

One of:
FieldValue number FieldValue number FieldValue string FieldValue boolean FieldValue string | null FieldValue object
size number

The number of hits to return, which must not be negative. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after property.
slice object
Hide slice attributes Show slice attributes object
- field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- id string Required
- max number Required
sort string | object | array[string | object]
One of:
Field string SortOptions object Sort array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
Hide attributes Show attributes

_score object

Hide _score attribute Show _score attribute object

order string

Values are asc or desc.

_doc object

Hide _doc attribute Show _doc attribute object

order string

Values are asc or desc.

_geo_distance object

Hide _geo_distance attributes Show _geo_distance attributes object

mode string

Values are min, max, sum, avg, or median.

distance_type string

Values are arc or plane.

ignore_unmapped boolean

order string

Values are asc or desc.

unit string

Values are in, ft, yd, mi, nmi, km, m, cm, or mm.

nested object

Hide nested attributes Show nested attributes object

filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

max_children number

nested object

path string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

_script object

Hide _script attributes Show _script attributes object

order string

Values are asc or desc.

script object Required

Hide script attributes Show script attributes object

source string

The script source.

id string

params object

Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

Hide params attribute Show params attribute object

* object Additional properties

lang string

Any of:
ScriptLanguage string ScriptLanguage string

Values are painless, expression, mustache, or java.

options object

Hide options attribute Show options attribute object

* string Additional properties

type string

Values are string, number, or version.

mode string

Values are min, max, sum, avg, or median.

nested object

Hide nested attributes Show nested attributes object

filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

max_children number

nested object

path string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
One of:
Field string SortOptions object

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

Hide attributes Show attributes

_score object

Hide _score attribute Show _score attribute object

order string

Values are asc or desc.

_doc object

Hide _doc attribute Show _doc attribute object

order string

Values are asc or desc.

_geo_distance object

Hide _geo_distance attributes Show _geo_distance attributes object

mode string

Values are min, max, sum, avg, or median.

distance_type string

Values are arc or plane.

ignore_unmapped boolean

order string

Values are asc or desc.

unit string

Values are in, ft, yd, mi, nmi, km, m, cm, or mm.

nested object

Hide nested attributes Show nested attributes object

filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

max_children number

nested object

path string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

_script object

Hide _script attributes Show _script attributes object

order string

Values are asc or desc.

script object Required

Hide script attributes Show script attributes object

source string

The script source.

id string

params object

Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

lang

options object

type string

Values are string, number, or version.

mode string

Values are min, max, sum, avg, or median.

nested object

Hide nested attributes Show nested attributes object

filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

max_children number

nested object

path string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.
One of:
SourceConfig boolean SourceFilter object
Hide attributes Show attributes

excludes string | array[string]

includes string | array[string]
fields array[object]

An array of wildcard (*) field patterns. The request returns values for field names matching these patterns in the hits.fields property of the response.
Hide fields attributes Show fields attributes object
- field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
suggest object
Hide suggest attribute Show suggest attribute object
- text string
  
  Global suggest text, to avoid repetition when the same text is used in several suggesters
terminate_after number

The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.

IMPORTANT: Use with caution. Elasticsearch applies this property to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this property for requests that target data streams with backing indices across multiple data tiers.

If set to 0 (default), the query does not terminate early.
timeout string

The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
track_scores boolean

If true, calculate and return document scores, even if the scores are not used for sorting.
version boolean

If true, the request returns the document version as part of a hit.
seq_no_primary_term boolean

If true, the request returns sequence number and primary term of the last modification of each hit.

External documentation
stored_fields string | array[string]
pit object
Hide pit attributes Show pit attributes object
- id string Required
- keep_alive string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
runtime_mappings object
Hide runtime_mappings attribute Show runtime_mappings attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
stats array[string]

The stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.

Responses

200 application/json
Hide response attributes Show response attributes object
- took number Required
  
  The number of milliseconds it took Elasticsearch to run the request. This value is calculated by measuring the time elapsed between receipt of a request on the coordinating node and the time at which the coordinating node is ready to send the response. It includes:
  
  Communication time between the coordinating node and data nodes
  
  Time the request spends in the search thread pool, queued for execution
  
  Actual run time
  
  It does not include:
  
  Time needed to send the request to Elasticsearch
  
  Time needed to serialize the JSON response
  
  Time needed to send the response to a client
- timed_out boolean Required
  
  If true, the request timed out before completion; returned results may be partial or empty.
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number
- hits object Required
  
  Hide hits attributes Show hits attributes object
  
  total object | number
  
  Total hit count information, present only if track_total_hits wasn't false in the search request.
  
  One of:
  TotalHits object number-2 number
  
  Hide attributes Show attributes
  
  relation string Required
  
  Values are eq or gte.
  
  value number Required
  
  hits array[object] Required
  
  Hide hits attributes Show hits attributes object
  
  _index string Required
  
  _id string
  
  _score number | string | null
  
  One of:
  number-1 number string-2 string | null
  
  _explanation object
  
  Hide _explanation attributes Show _explanation attributes object
  
  description string Required
  
  details array[object] Required
  
  value number Required
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  * array[string] Additional properties
  
  inner_hits object
  
  Hide inner_hits attribute Show inner_hits attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  hits object Required
  
  matched_queries array[string] | object
  
  One of:
  array-1 array[string] object-2 object
  
  _nested object
  
  Hide _nested attributes Show _nested attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  offset number Required
  
  _nested object
  
  _ignored array[string]
  
  ignored_field_values object
  
  Hide ignored_field_values attribute Show ignored_field_values attribute object
  
  * array[number | string | boolean | null | object] Additional properties
  
  A field value.
  
  _shard string
  
  _node string
  
  _routing string
  
  _source object
  
  _rank number
  
  _seq_no number
  
  _primary_term number
  
  _version number
  
  sort array[number | string | boolean | null | object]
  
  A field value.
  
  A field value.
  
  One of:
  FieldValue number FieldValue number FieldValue string FieldValue boolean FieldValue string | null FieldValue object
  
  max_score number | string | null
  
  One of:
  number-1 number string-2 string | null
- aggregations object
- _clusters object
  
  Hide _clusters attributes Show _clusters attributes object
  
  skipped number Required
  
  successful number Required
  
  total number Required
  
  running number Required
  
  partial number Required
  
  failed number Required
  
  details object
  
  Hide details attribute Show details attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  status string Required
  
  Values are running, successful, partial, skipped, or failed.
  
  indices string Required
  
  took number
  
  Time unit for milliseconds
  
  timed_out boolean Required
  
  _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  skipped number
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  shard number Required
  
  status string
- fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
- max_score number
- num_reduce_phases number
- profile object
  
  Hide profile attribute Show profile attribute object
  
  shards array[object] Required
  
  Hide shards attributes Show shards attributes object
  
  aggregations array[object] Required
  
  Hide aggregations attributes Show aggregations attributes object
  
  breakdown object Required
  
  description string Required
  
  time_in_nanos
  
  type string Required
  
  debug object
  
  children array[object]
  
  cluster string Required
  
  dfs object
  
  Hide dfs attributes Show dfs attributes object
  
  statistics object
  
  Hide statistics attributes Show statistics attributes object
  
  type string Required
  
  description string Required
  
  time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  time_in_nanos
  
  breakdown object Required
  
  debug object
  
  children array[object]
  
  knn array[object]
  
  fetch object
  
  Hide fetch attributes Show fetch attributes object
  
  type string Required
  
  description string Required
  
  time_in_nanos number
  
  Time unit for nanoseconds
  
  breakdown object Required
  
  Hide breakdown attributes Show breakdown attributes object
  
  load_source number
  
  load_source_count number
  
  load_stored_fields number
  
  load_stored_fields_count number
  
  next_reader number
  
  next_reader_count number
  
  process_count number
  
  process number
  
  debug object
  
  Hide debug attributes Show debug attributes object
  
  stored_fields array[string]
  
  fast_path number
  
  children array[object]
  
  id string Required
  
  index string Required
  
  node_id string Required
  
  searches array[object] Required
  
  Hide searches attributes Show searches attributes object
  
  collector array[object] Required
  
  query array[object] Required
  
  rewrite_time number Required
  
  shard_id number Required
- pit_id string
- _scroll_id string
- suggest object
  
  Hide suggest attribute Show suggest attribute object
  
  * array[object] Additional properties
  
  One of:
  CompletionSuggest object PhraseSuggest object TermSuggest object
  
  Hide attributes Show attributes
  
  length number Required
  
  offset number Required
  
  text string Required
  
  options
- terminated_early boolean

POST /{index}/_search

curl \
 --request POST 'http://api.example.com/{index}/_search' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"query\": {\n    \"term\": {\n      \"user.id\": \"kimchy\"\n    }\n  }\n}"'

Request examples

Run `GET /my-index-000001/_search?from=40&size=20` to run a search.

{
  "query": {
    "term": {
      "user.id": "kimchy"
    }
  }
}

Run `POST /_search` to run a point in time search. The `id` parameter tells Elasticsearch to run the request using contexts from this open point in time. The `keep_alive` parameter tells Elasticsearch how long it should extend the time to live of the point in time.

{
    "size": 100,  
    "query": {
        "match" : {
            "title" : "elasticsearch"
        }
    },
    "pit": {
      "id":  "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA==", 
      "keep_alive": "1m"  
    }
}

When paging through a large number of documents, it can be helpful to split the search into multiple slices to consume them independently. The result from running the first `GET /_search` request returns documents belonging to the first slice (`id: 0`). If you run a second request with `id` set to `1', it returns documents in the second slice. Since the maximum number of slices is set to `2`, the union of the results is equivalent to the results of a point-in-time search without slicing.

{
  "slice": {
    "id": 0,                      
    "max": 2                      
  },
  "query": {
    "match": {
      "message": "foo"
    }
  },
  "pit": {
    "id": "46ToAwMDaWR5BXV1aWQyKwZub2RlXzMAAAAAAAAAACoBYwADaWR4BXV1aWQxAgZub2RlXzEAAAAAAAAAAAEBYQADaWR5BXV1aWQyKgZub2RlXzIAAAAAAAAAAAwBYgACBXV1aWQyAAAFdXVpZDEAAQltYXRjaF9hbGw_gAAAAA=="
  }
}

Response examples (200)

An abbreviated response from `GET /my-index-000001/_search?from=40&size=20` with a simple term query.

{
  "took": 5,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 20,
      "relation": "eq"
    },
    "max_score": 1.3862942,
    "hits": [
      {
        "_index": "my-index-000001",
        "_id": "0",
        "_score": 1.3862942,
        "_source": {
          "@timestamp": "2099-11-15T14:12:12",
          "http": {
            "request": {
              "method": "get"
            },
            "response": {
              "status_code": 200,
              "bytes": 1070000
            },
            "version": "1.1"
          },
          "source": {
            "ip": "127.0.0.1"
          },
          "message": "GET /search HTTP/1.1 200 1070000",
          "user": {
            "id": "kimchy"
          }
        }
      }
    ]
  }
}

Get data frame analytics jobs Added in 7.7.0

Get task information Technical preview

core string | null

max string | null

size string | null

keep_alive string | null

Reroute the cluster Added in 5.0.0

Update the connector features Technical preview

Body Required

Update the connector name and description Beta

Body Required

Body object Required

_id string | null

Move to a lifecycle step Added in 6.6.0

Get an inference endpoint Added in 8.11.0

Create a Hugging Face inference endpoint Added in 8.12.0

Create a VoyageAI inference endpoint Added in 8.19.0

Get pipelines Added in 5.0.0

expiry_date string | number

issue_date string | number Required

max_nodes number | string | null Required

max_resource_units number | string | null

Update a snapshot Added in 5.4.0

Body Required

log_time string | number Required

model_bytes number | string Required

model_bytes_exceeded number | string

model_bytes_memory_limit number | string

output_memory_allocator_bytes number | string

peak_model_bytes number | string

Get data frame analytics job configuration info Added in 7.3.0

Create an index from a source index Technical preview

Body Required

lang string

routing_path string | array[string]

order string | array[string]

mode string | array[string]

missing string | array[string]

number_of_shards number | string

number_of_replicas number | string

routing_partition_size number | string

hidden boolean | string

auto_expand_replicas string | null

max_thread_count number | string

max_merge_count number | string

read_only boolean | string

read_only_allow_delete boolean | string

read boolean | string

write boolean | string

metadata boolean | string

max_token_count number | string

threshold_enabled boolean | string

indexing_complete boolean | string

prefer_ilm boolean | string

creation_date number | string

creation_date_string string | number

verified_before_close boolean | string

format string | number

flush_threshold_size number | string

size number | string

lenient boolean | string Required

priority number | string

end_time string | number

start_time string | number

limit number | string

ignore_dynamic_beyond_limit boolean | string

ignore_malformed boolean | string

type string Required

Delete a rollup job Deprecated Technical preview

Run multiple templated searches Added in 5.0.0

Body object Required

type string

knn object | array[object]

filter object | array[object]

type string

sort string | object | array[string | object]

_source boolean | object

rescore object | array[object]

filter object | array[object]

sort string | object | array[string | object]