Get rollup index capabilities API
editGet rollup index capabilities API
editReturns the rollup capabilities of all jobs inside of a rollup index (e.g. the index where rollup data is stored).
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Request
editGET <target>/_rollup/data
Prerequisites
edit-
If the Elasticsearch security features are enabled, you must have any of the
read,view_index_metadata, ormanageindex privilege on the index that stores the rollup results. For more information, see Security privileges.
Description
editA single rollup index may store the data for multiple rollup jobs, and may have a variety of capabilities depending on those jobs.
This API will allow you to determine:
- What jobs are stored in an index (or indices specified via a pattern)?
- What target indices were rolled up, what fields were used in those rollups and what aggregations can be performed on each job?
Path parameters
edit-
<target> -
(Required, string) Data stream or index to check for rollup capabilities.
Wildcard (
*) expressions are supported.
Examples
editImagine we have an index named sensor-1 full of raw data. We know that the
data will grow over time, so there will be a sensor-2, sensor-3, etc.
Let’s create a rollup job that stores its data in sensor_rollup:
PUT _rollup/job/sensor
{
"index_pattern": "sensor-*",
"rollup_index": "sensor_rollup",
"cron": "*/30 * * * * ?",
"page_size": 1000,
"groups": {
"date_histogram": {
"field": "timestamp",
"fixed_interval": "1h",
"delay": "7d"
},
"terms": {
"fields": [ "node" ]
}
},
"metrics": [
{
"field": "temperature",
"metrics": [ "min", "max", "sum" ]
},
{
"field": "voltage",
"metrics": [ "avg" ]
}
]
}
If at a later date, we’d like to determine what jobs and capabilities were
stored in the sensor_rollup index, we can use the get rollup index API:
GET /sensor_rollup/_rollup/data
Note how we are requesting the concrete rollup index name (sensor_rollup) as
the first part of the URL. This will yield the following response:
{
"sensor_rollup" : {
"rollup_jobs" : [
{
"job_id" : "sensor",
"rollup_index" : "sensor_rollup",
"index_pattern" : "sensor-*",
"fields" : {
"node" : [
{
"agg" : "terms"
}
],
"temperature" : [
{
"agg" : "min"
},
{
"agg" : "max"
},
{
"agg" : "sum"
}
],
"timestamp" : [
{
"agg" : "date_histogram",
"time_zone" : "UTC",
"fixed_interval" : "1h",
"delay": "7d"
}
],
"voltage" : [
{
"agg" : "avg"
}
]
}
}
]
}
}
The response that is returned contains information that is similar to the original rollup configuration, but formatted differently. First, there are some house-keeping details: the rollup job ID, the index that holds the rolled data, the index pattern that the job was targeting.
Next it shows a list of fields that contain data eligible for rollup searches.
Here we see four fields: node, temperature, timestamp and voltage. Each
of these fields list the aggregations that are possible. For example, you can
use a min, max, or sum aggregation on the temperature field, but only a
date_histogram on timestamp.
Note that the rollup_jobs element is an array; there can be multiple,
independent jobs configured for a single index or index pattern. Each of these
jobs may have different configurations, so the API returns a list of all the
various configurations available.
Like other APIs that interact with indices, you can specify index patterns instead of explicit indices:
GET /*_rollup/_rollup/data