- Elasticsearch Guide: other versions:
- Getting Started
- Setup
- Breaking changes
- Breaking changes in 2.3
- Breaking changes in 2.2
- Breaking changes in 2.1
- Breaking changes in 2.0
- Removed features
- Network changes
- Multiple
path.data
striping - Mapping changes
- CRUD and routing changes
- Query DSL changes
- Search changes
- Aggregation changes
- Parent/Child changes
- Scripting changes
- Index API changes
- Snapshot and Restore changes
- Plugin and packaging changes
- Setting changes
- Stats, info, and
cat
changes - Java API changes
- API Conventions
- Document APIs
- Search APIs
- Aggregations
- Metrics Aggregations
- Avg Aggregation
- Cardinality Aggregation
- Extended Stats Aggregation
- Geo Bounds Aggregation
- Geo Centroid Aggregation
- Max Aggregation
- Min Aggregation
- Percentiles Aggregation
- Percentile Ranks Aggregation
- Scripted Metric Aggregation
- Stats Aggregation
- Sum Aggregation
- Top hits Aggregation
- Value Count Aggregation
- Bucket Aggregations
- Children Aggregation
- Date Histogram Aggregation
- Date Range Aggregation
- Filter Aggregation
- Filters Aggregation
- Geo Distance Aggregation
- GeoHash grid Aggregation
- Global Aggregation
- Histogram Aggregation
- IPv4 Range Aggregation
- Missing Aggregation
- Nested Aggregation
- Range Aggregation
- Reverse nested Aggregation
- Sampler Aggregation
- Significant Terms Aggregation
- Terms Aggregation
- Pipeline Aggregations
- Avg Bucket Aggregation
- Derivative Aggregation
- Max Bucket Aggregation
- Min Bucket Aggregation
- Sum Bucket Aggregation
- Stats Bucket Aggregation
- Extended Stats Bucket Aggregation
- Percentiles Bucket Aggregation
- Moving Average Aggregation
- Cumulative Sum Aggregation
- Bucket Script Aggregation
- Bucket Selector Aggregation
- Serial Differencing Aggregation
- Caching heavy aggregations
- Returning only aggregation results
- Aggregation Metadata
- Metrics Aggregations
- Indices APIs
- Create Index
- Delete Index
- Get Index
- Indices Exists
- Open / Close Index API
- Put Mapping
- Get Mapping
- Get Field Mapping
- Types Exists
- Index Aliases
- Update Indices Settings
- Get Settings
- Analyze
- Index Templates
- Warmers
- Shadow replica indices
- Indices Stats
- Indices Segments
- Indices Recovery
- Indices Shard Stores
- Clear Cache
- Flush
- Refresh
- Force Merge
- Optimize
- Upgrade
- cat APIs
- Cluster APIs
- Query DSL
- Mapping
- Field datatypes
- Meta-Fields
- Mapping parameters
analyzer
boost
coerce
copy_to
doc_values
dynamic
enabled
fielddata
format
geohash
geohash_precision
geohash_prefix
ignore_above
ignore_malformed
include_in_all
index
index_options
lat_lon
fields
norms
null_value
position_increment_gap
precision_step
properties
search_analyzer
similarity
store
term_vector
- Dynamic Mapping
- Transform
- Analysis
- Analyzers
- Tokenizers
- Token Filters
- Standard Token Filter
- ASCII Folding Token Filter
- Length Token Filter
- Lowercase Token Filter
- Uppercase Token Filter
- NGram Token Filter
- Edge NGram Token Filter
- Porter Stem Token Filter
- Shingle Token Filter
- Stop Token Filter
- Word Delimiter Token Filter
- Stemmer Token Filter
- Stemmer Override Token Filter
- Keyword Marker Token Filter
- Keyword Repeat Token Filter
- KStem Token Filter
- Snowball Token Filter
- Phonetic Token Filter
- Synonym Token Filter
- Compound Word Token Filter
- Reverse Token Filter
- Elision Token Filter
- Truncate Token Filter
- Unique Token Filter
- Pattern Capture Token Filter
- Pattern Replace Token Filter
- Trim Token Filter
- Limit Token Count Token Filter
- Hunspell Token Filter
- Common Grams Token Filter
- Normalization Token Filter
- CJK Width Token Filter
- CJK Bigram Token Filter
- Delimited Payload Token Filter
- Keep Words Token Filter
- Keep Types Token Filter
- Classic Token Filter
- Apostrophe Token Filter
- Decimal Digit Token Filter
- Character Filters
- Modules
- Index Modules
- Testing
- Glossary of terms
- Release Notes
- 2.3.5 Release Notes
- 2.3.4 Release Notes
- 2.3.3 Release Notes
- 2.3.2 Release Notes
- 2.3.1 Release Notes
- 2.3.0 Release Notes
- 2.2.2 Release Notes
- 2.2.1 Release Notes
- 2.2.0 Release Notes
- 2.1.2 Release Notes
- 2.1.1 Release Notes
- 2.1.0 Release Notes
- 2.0.2 Release Notes
- 2.0.1 Release Notes
- 2.0.0 Release Notes
- 2.0.0-rc1 Release Notes
- 2.0.0-beta2 Release Notes
- 2.0.0-beta1 Release Notes
WARNING: Version 2.3 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Update By Query API
editUpdate By Query API
editThe update-by-query API is new and should still be considered experimental. The API may change in ways that are not backwards compatible
The simplest usage of _update_by_query
just performs an update on every
document in the index without changing the source. This is useful to
pick up a new property or some other online
mapping change. Here is the API:
POST /twitter/_update_by_query?conflicts=proceed
That will return something like this:
{ "took" : 639, "updated": 1235, "batches": 13, "version_conflicts": 2, "failures" : [ ] }
_update_by_query
gets a snapshot of the index when it starts and indexes what
it finds using internal
versioning. That means that you’ll get a version
conflict if the document changes between the time when the snapshot was taken
and when the index request is processed. When the versions match the document
is updated and the version number is incremented.
All update and query failures cause the _update_by_query
to abort and are
returned in the failures
of the response. The updates that have been
performed still stick. In other words, the process is not rolled back, only
aborted. While the first failure causes the abort all failures that are
returned by the failing bulk request are returned in the failures
element so
it’s possible for there to be quite a few.
If you want to simply count version conflicts not cause the _update_by_query
to abort you can set conflicts=proceed
on the url or "conflicts": "proceed"
in the request body. The first example does this because it is just trying to
pick up an online mapping change and a version conflict simply means that the
conflicting document was updated between the start of the _update_by_query
and the time when it attempted to update the document. This is fine because
that update will have picked up the online mapping update.
Back to the API format, you can limit _update_by_query
to a single type. This
will only update tweet`s from the `twitter
index:
POST /twitter/tweet/_update_by_query?conflicts=proceed
You can also limit _update_by_query
using the
Query DSL. This will update all documents from the
twitter
index for the user kimchy
:
The query must be passed as a value to the |
So far we’ve only been updating documents without changing their source. That
is genuinely useful for things like
picking up new properties but it’s only half the
fun. _update_by_query
supports a script
object to update the document. This
will increment the likes
field on all of kimchy’s tweets:
POST /twitter/_update_by_query { "script": { "inline": "ctx._source.likes++" }, "query": { "term": { "user": "kimchy" } } }
Just as in Update API you can set ctx.op = "noop"
if
your script decides that it doesn’t have to make any changes. That will cause
_update_by_query
to omit that document from its updates. Setting ctx.op
to
anything else is an error. If you want to delete by a query you can use the
Delete by Query plugin instead. Setting any
other field in ctx
is an error.
Note that we stopped specifying conflicts=proceed
. In this case we want a
version conflict to abort the process so we can handle the failure.
This API doesn’t allow you to move the documents it touches, just modify their source. This is intentional! We’ve made no provisions for removing the document from its original location.
It’s also possible to do this whole thing on multiple indexes and multiple types at once, just like the search API:
POST /twitter,blog/tweet,post/_update_by_query
If you provide routing
then the routing is copied to the scroll query,
limiting the process to the shards that match that routing value:
POST /twitter/_update_by_query?routing=1
By default _update_by_query
uses scroll batches of 100. You can change the
batch size with the scroll_size
URL parameter:
POST /twitter/_update_by_query?scroll_size=1000
URL Parameters
editIn addition to the standard parameters like pretty
, the Update By Query API
also supports refresh
, wait_for_completion
, consistency
, and timeout
.
Sending the refresh
will update all shards in the index being updated when
the request completes. This is different than the Index API’s refresh
parameter which causes just the shard that received the new data to be indexed.
If the request contains wait_for_completion=false
then Elasticsearch will
perform some preflight checks, launch the request, and then return a task
which can be used with Tasks APIs to cancel
or get the status of the task. For now, once the request is finished the task
is gone and the only place to look for the ultimate result of the task is in
the Elasticsearch log file. This will be fixed soon.
consistency
controls how many copies of a shard must respond to each write
request. timeout
controls how long each write request waits for unavailable
shards to become available. Both work exactly how they work in the
Bulk API.
timeout
controls how long each batch waits for the target shard to become
available. It works exactly how it works in the {ref}/docs-bulk.html[Bulk API].
Response body
editThe JSON response looks like this:
{ "took" : 639, "updated": 0, "batches": 1, "version_conflicts": 2, "failures" : [ ] }
-
took
- The number of milliseconds from start to end of the whole operation.
-
updated
- The number of documents that were successfully updated.
-
batches
- The number of scroll responses pulled back by the the update by query.
-
version_conflicts
- The number of version conflicts that the update by query hit.
-
failures
-
Array of all indexing failures. If this is non-empty then the request aborted
because of those failures. See
conflicts
for how to prevent version conflicts from aborting the operation.
Works with the Task API
editWhile Update By Query is running you can fetch their status using the Task API:
POST /_tasks/?pretty&detailed=true&action=*byquery
The responses looks like:
{ "nodes" : { "r1A2WoRbTwKZ516z6NEs5A" : { "name" : "Tyrannus", "transport_address" : "127.0.0.1:9300", "host" : "127.0.0.1", "ip" : "127.0.0.1:9300", "attributes" : { "testattr" : "test", "portsfile" : "true" }, "tasks" : { "r1A2WoRbTwKZ516z6NEs5A:36619" : { "node" : "r1A2WoRbTwKZ516z6NEs5A", "id" : 36619, "type" : "transport", "action" : "indices:data/write/update/byquery", "status" : { "total" : 6154, "updated" : 3500, "created" : 0, "deleted" : 0, "batches" : 36, "version_conflicts" : 0, "noops" : 0 }, "description" : "" } } } } }
this object contains the actual status. It is just like the response json
with the important addition of the |
Pick up a new property
editSay you created an index without dynamic mapping, filled it with data, and then added a mapping value to pick up more fields from the data:
PUT test { "mappings": { "test": { "dynamic": false, "properties": { "text": {"type": "string"} } } } } POST test/test?refresh { "text": "words words", "flag": "bar" }' POST test/test?refresh { "text": "words words", "flag": "foo" }' PUT test/_mapping/test { "properties": { "text": {"type": "string"}, "flag": {"type": "string", "analyzer": "keyword"} } }
This means that new fields won’t be indexed, just stored in |
|
This updates the mapping to add the new |
Searching for the data won’t find anything:
POST test/_search?filter_path=hits.total { "query": { "match": { "flag": "foo" } } }
{ "hits" : { "total" : 0 } }
But you can issue an _update_by_query
request to pick up the new mapping:
POST test/_update_by_query?refresh&conflicts=proceed POST test/_search?filter_path=hits.total { "query": { "match": { "flag": "foo" } } }
{ "hits" : { "total" : 1 } }
You can do the exact same thing when adding a field to a multifield.