Create enrich policy API

edit

Creates an enrich policy.

PUT /_enrich/policy/my-policy
{
  "match": {
    "indices": "users",
    "match_field": "email",
    "enrich_fields": ["first_name", "last_name", "city", "zip", "state"]
  }
}

Request

edit

PUT /_enrich/policy/<enrich-policy>

Prerequisites

edit

If you use Elasticsearch security features, you must have:

  • read index privileges for any indices used
  • The enrich_user built-in role

Description

edit

Use the create enrich policy API to create a enrich policy.

Once created, you can’t update or change an enrich policy. Instead, you can:

  1. Create and execute a new enrich policy.
  2. Replace the previous enrich policy with the new enrich policy in any in-use enrich processors.
  3. Use the delete enrich policy API to delete the previous enrich policy.

Path parameters

edit
<enrich-policy>
(Required, string) Name of the enrich policy to create or update.

Request body

edit
<policy-type>

(Required, object) Configures the enrich policy. The field key is the enrich policy type. Valid key values are:

geo_match
Matches enrich data to incoming documents based on a geo_shape query. For an example, see Example: Enrich your data based on geolocation.
match
Matches enrich data to incoming documents based on a term query. For an example, see Example: Enrich your data based on exact values.
range
Matches a number, date, or IP address in incoming documents to a range in the enrich index based on a term query. For an example, see Example: Enrich your data by matching a value to a range.
Properties of <policy-type>
indices

(Required, String or array of strings) One or more source indices used to create the enrich index.

If multiple indices are specified, they must share a common match_field.

match_field
(Required, string) Field in source indices used to match incoming documents.
enrich_fields
(Required, Array of strings) Fields to add to matching incoming documents. These fields must be present in the source indices.
query
(Optional, Query DSL query object) Query used to filter documents in the enrich index. The policy only uses documents matching this query to enrich incoming documents. Defaults to a match_all query.