Reindex API
editReindex API
editReindex requires _source to be enabled for
all documents in the source index.
Reindex does not attempt to set up the destination index. It does
not copy the settings of the source index. You should set up the destination
index prior to running a _reindex action, including setting up mappings, shard
counts, replicas, etc.
The most basic form of _reindex just copies documents from one index to another.
This will copy documents from the twitter index into the new_twitter index:
POST _reindex
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter"
}
}
That will return something like this:
{
"took" : 147,
"timed_out": false,
"created": 120,
"updated": 0,
"deleted": 0,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1.0,
"throttled_until_millis": 0,
"total": 120,
"failures" : [ ]
}
Just like _update_by_query, _reindex gets a
snapshot of the source index but its target must be a different index so
version conflicts are unlikely. The dest element can be configured like the
index API to control optimistic concurrency control. Just leaving out
version_type (as above) or setting it to internal will cause Elasticsearch
to blindly dump documents into the target, overwriting any that happen to have
the same type and id:
POST _reindex
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter",
"version_type": "internal"
}
}
Setting version_type to external will cause Elasticsearch to preserve the
version from the source, create any documents that are missing, and update
any documents that have an older version in the destination index than they do
in the source index:
POST _reindex
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter",
"version_type": "external"
}
}
Settings op_type to create will cause _reindex to only create missing
documents in the target index. All existing documents will cause a version
conflict:
POST _reindex
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter",
"op_type": "create"
}
}
By default, version conflicts abort the _reindex process. The "conflicts" request body
parameter can be used to instruct _reindex to proceed with the next document on version conflicts.
It is important to note that the handling of other error types is unaffected by the "conflicts" parameter.
When "conflicts": "proceed" is set in the request body, the _reindex process will continue on version conflicts
and return a count of version conflicts encountered:
POST _reindex
{
"conflicts": "proceed",
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter",
"op_type": "create"
}
}
You can limit the documents by adding a query to the source.
This will only copy tweets made by kimchy into new_twitter:
POST _reindex
{
"source": {
"index": "twitter",
"query": {
"term": {
"user": "kimchy"
}
}
},
"dest": {
"index": "new_twitter"
}
}
index in source can be a list, allowing you to copy from lots
of sources in one request. This will copy documents from the
twitter and blog indices:
POST _reindex
{
"source": {
"index": ["twitter", "blog"]
},
"dest": {
"index": "all_together"
}
}
The Reindex API makes no effort to handle ID collisions so the last document written will "win" but the order isn’t usually predictable so it is not a good idea to rely on this behavior. Instead, make sure that IDs are unique using a script.
It’s also possible to limit the number of processed documents by setting
size. This will only copy a single document from twitter to
new_twitter:
POST _reindex
{
"size": 1,
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter"
}
}
If you want a particular set of documents from the twitter index you’ll
need to use sort. Sorting makes the scroll less efficient but in some contexts
it’s worth it. If possible, prefer a more selective query to size and sort.
This will copy 10000 documents from twitter into new_twitter:
POST _reindex
{
"size": 10000,
"source": {
"index": "twitter",
"sort": { "date": "desc" }
},
"dest": {
"index": "new_twitter"
}
}
The source section supports all the elements that are supported in a
search request. For instance, only a subset of the
fields from the original documents can be reindexed using source filtering
as follows:
POST _reindex
{
"source": {
"index": "twitter",
"_source": ["user", "_doc"]
},
"dest": {
"index": "new_twitter"
}
}
Like _update_by_query, _reindex supports a script that modifies the
document. Unlike _update_by_query, the script is allowed to modify the
document’s metadata. This example bumps the version of the source document:
POST _reindex
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter",
"version_type": "external"
},
"script": {
"source": "if (ctx._source.foo == 'bar') {ctx._version++; ctx._source.remove('foo')}",
"lang": "painless"
}
}
Just as in _update_by_query, you can set ctx.op to change the
operation that is executed on the destination index:
-
noop -
Set
ctx.op = "noop"if your script decides that the document doesn’t have to be indexed in the destination index. This no operation will be reported in thenoopcounter in the response body. -
delete -
Set
ctx.op = "delete"if your script decides that the document must be deleted from the destination index. The deletion will be reported in thedeletedcounter in the response body.
Setting ctx.op to anything else will return an error, as will setting any
other field in ctx.
Think of the possibilities! Just be careful; you are able to change:
-
_id -
_index -
_version -
_routing
Setting _version to null or clearing it from the ctx map is just like not
sending the version in an indexing request; it will cause the document to be
overwritten in the target index regardless of the version on the target or the
version type you use in the _reindex request.
By default if _reindex sees a document with routing then the routing is
preserved unless it’s changed by the script. You can set routing on the
dest request to change this:
-
keep - Sets the routing on the bulk request sent for each match to the routing on the match. This is the default value.
-
discard -
Sets the routing on the bulk request sent for each match to
null. -
=<some text> -
Sets the routing on the bulk request sent for each match to all text after
the
=.
For example, you can use the following request to copy all documents from
the source index with the company name cat into the dest index with
routing set to cat.
POST _reindex
{
"source": {
"index": "source",
"query": {
"match": {
"company": "cat"
}
}
},
"dest": {
"index": "dest",
"routing": "=cat"
}
}
By default _reindex uses scroll batches of 1000. You can change the
batch size with the size field in the source element:
POST _reindex
{
"source": {
"index": "source",
"size": 100
},
"dest": {
"index": "dest",
"routing": "=cat"
}
}
Reindex can also use the Ingest node feature by specifying a
pipeline like this:
POST _reindex
{
"source": {
"index": "source"
},
"dest": {
"index": "dest",
"pipeline": "some_ingest_pipeline"
}
}
Reindex from Remote
editReindex supports reindexing from a remote Elasticsearch cluster:
POST _reindex
{
"source": {
"remote": {
"host": "http://otherhost:9200",
"username": "user",
"password": "pass"
},
"index": "source",
"query": {
"match": {
"test": "data"
}
}
},
"dest": {
"index": "dest"
}
}
The host parameter must contain a scheme, host, port (e.g.
https://otherhost:9200), and optional path (e.g. https://otherhost:9200/proxy).
The username and password parameters are optional, and when they are present _reindex
will connect to the remote Elasticsearch node using basic auth. Be sure to use https when
using basic auth or the password will be sent in plain text.
There are a range of settings available to configure the behaviour of the
https connection.
Remote hosts have to be explicitly whitelisted in elasticsearch.yml using the
reindex.remote.whitelist property. It can be set to a comma delimited list
of allowed remote host and port combinations (e.g.
otherhost:9200, another:9200, 127.0.10.*:9200, localhost:*). Scheme is
ignored by the whitelist — only host and port are used, for example:
reindex.remote.whitelist: "otherhost:9200, another:9200, 127.0.10.*:9200, localhost:*"
The whitelist must be configured on any nodes that will coordinate the reindex.
This feature should work with remote clusters of any version of Elasticsearch you are likely to find. This should allow you to upgrade from any version of Elasticsearch to the current version by reindexing from a cluster of the old version.
Elasticsearch does not support forward compatibility across major versions. For example, you cannot reindex from a 7.x cluster into a 6.x cluster.
To enable queries sent to older versions of Elasticsearch the query parameter
is sent directly to the remote host without validation or modification.
Reindexing from remote clusters does not support manual or automatic slicing.
Reindexing from a remote server uses an on-heap buffer that defaults to a
maximum size of 100mb. If the remote index includes very large documents you’ll
need to use a smaller batch size. The example below sets the batch size to 10
which is very, very small.
POST _reindex
{
"source": {
"remote": {
"host": "http://otherhost:9200"
},
"index": "source",
"size": 10,
"query": {
"match": {
"test": "data"
}
}
},
"dest": {
"index": "dest"
}
}
It is also possible to set the socket read timeout on the remote connection
with the socket_timeout field and the connection timeout with the
connect_timeout field. Both default to 30 seconds. This example
sets the socket read timeout to one minute and the connection timeout to 10
seconds:
POST _reindex
{
"source": {
"remote": {
"host": "http://otherhost:9200",
"socket_timeout": "1m",
"connect_timeout": "10s"
},
"index": "source",
"query": {
"match": {
"test": "data"
}
}
},
"dest": {
"index": "dest"
}
}
Configuring SSL parameters
editReindex from remote supports configurable SSL settings. These must be
specified in the elasticsearch.yml file, with the exception of the
secure settings, which you add in the Elasticsearch keystore.
It is not possible to configure SSL in the body of the _reindex request.
The following settings are supported:
-
reindex.ssl.certificate_authorities -
List of paths to PEM encoded certificate files that should be trusted.
You cannot specify both
reindex.ssl.certificate_authoritiesandreindex.ssl.truststore.path. -
reindex.ssl.truststore.path -
The path to the Java Keystore file that contains the certificates to trust.
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both
reindex.ssl.certificate_authoritiesandreindex.ssl.truststore.path. -
reindex.ssl.truststore.password -
The password to the truststore (
reindex.ssl.truststore.path). This setting cannot be used withreindex.ssl.truststore.secure_password. -
reindex.ssl.truststore.secure_password(Secure) -
The password to the truststore (
reindex.ssl.truststore.path). This setting cannot be used withreindex.ssl.truststore.password. -
reindex.ssl.truststore.type -
The type of the truststore (
reindex.ssl.truststore.path). Must be eitherjksorPKCS12. If the truststore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults toPKCS12. Otherwise, it defaults tojks. -
reindex.ssl.verification_mode -
Indicates the type of verification to protect against man in the middle attacks
and certificate forgery.
One of
full(verify the hostname and the certificate path),certificate(verify the certificate path, but not the hostname) ornone(perform no verification - this is strongly discouraged in production environments). Defaults tofull. -
reindex.ssl.certificate -
Specifies the path to the PEM encoded certificate (or certificate chain) to be
used for HTTP client authentication (if required by the remote cluster)
This setting requires that
reindex.ssl.keyalso be set. You cannot specify bothreindex.ssl.certificateandreindex.ssl.keystore.path. -
reindex.ssl.key -
Specifies the path to the PEM encoded private key associated with the
certificate used for client authentication (
reindex.ssl.certificate). You cannot specify bothreindex.ssl.keyandreindex.ssl.keystore.path. -
reindex.ssl.key_passphrase -
Specifies the passphrase to decrypt the PEM encoded private key
(
reindex.ssl.key) if it is encrypted. Cannot be used withreindex.ssl.secure_key_passphrase. -
reindex.ssl.secure_key_passphrase(Secure) -
Specifies the passphrase to decrypt the PEM encoded private key
(
reindex.ssl.key) if it is encrypted. Cannot be used withreindex.ssl.key_passphrase. -
reindex.ssl.keystore.path -
Specifies the path to the keystore that contains a private key and certificate
to be used for HTTP client authentication (if required by the remote cluster).
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both
reindex.ssl.keyandreindex.ssl.keystore.path. -
reindex.ssl.keystore.type -
The type of the keystore (
reindex.ssl.keystore.path). Must be eitherjksorPKCS12. If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults toPKCS12. Otherwise, it defaults tojks. -
reindex.ssl.keystore.password -
The password to the keystore (
reindex.ssl.keystore.path). This setting cannot be used withreindex.ssl.keystore.secure_password. -
reindex.ssl.keystore.secure_password(Secure) -
The password to the keystore (
reindex.ssl.keystore.path). This setting cannot be used withreindex.ssl.keystore.password. -
reindex.ssl.keystore.key_password -
The password for the key in the keystore (
reindex.ssl.keystore.path). Defaults to the keystore password. This setting cannot be used withreindex.ssl.keystore.secure_key_password. -
reindex.ssl.keystore.secure_key_password(Secure) -
The password for the key in the keystore (
reindex.ssl.keystore.path). Defaults to the keystore password. This setting cannot be used withreindex.ssl.keystore.key_password.
URL Parameters
editIn addition to the standard parameters like pretty, the Reindex API also
supports refresh, wait_for_completion, wait_for_active_shards, timeout,
scroll, and requests_per_second.
Sending the refresh url parameter will cause all indexes to which the request
wrote to be refreshed. This is different than the Index API’s refresh
parameter which causes just the shard that received the new data to be
refreshed. Also unlike the Index API it does not support wait_for.
If the request contains wait_for_completion=false then Elasticsearch will
perform some preflight checks, launch the request, and then return a task
which can be used with Tasks APIs
to cancel or get the status of the task. Elasticsearch will also create a
record of this task as a document at .tasks/task/${taskId}. This is yours
to keep or remove as you see fit. When you are done with it, delete it so
Elasticsearch can reclaim the space it uses.
wait_for_active_shards controls how many copies of a shard must be active
before proceeding with the reindexing. See here
for details. timeout controls how long each write request waits for unavailable
shards to become available. Both work exactly how they work in the
Bulk API. As _reindex uses scroll search, you can also specify
the scroll parameter to control how long it keeps the "search context" alive,
(e.g. ?scroll=10m). The default value is 5 minutes.
requests_per_second can be set to any positive decimal number (1.4, 6,
1000, etc.) and throttles the rate at which _reindex issues batches of index
operations by padding each batch with a wait time. The throttling can be
disabled by setting requests_per_second to -1.
The throttling is done by waiting between batches so that the scroll which _reindex
uses internally can be given a timeout that takes into account the padding.
The padding time is the difference between the batch size divided by the
requests_per_second and the time spent writing. By default the batch size is
1000, so if the requests_per_second is set to 500:
target_time = 1000 / 500 per second = 2 seconds wait_time = target_time - write_time = 2 seconds - .5 seconds = 1.5 seconds
Since the batch is issued as a single _bulk request, large batch sizes will
cause Elasticsearch to create many requests and then wait for a while before
starting the next set. This is "bursty" instead of "smooth". The default value is -1.
Response body
editThe JSON response looks like this:
{
"took": 639,
"timed_out": false,
"total": 5,
"updated": 0,
"created": 5,
"deleted": 0,
"batches": 1,
"noops": 0,
"version_conflicts": 2,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": 1,
"throttled_until_millis": 0,
"failures": [ ]
}
-
took - The total milliseconds the entire operation took.
-
timed_out -
This flag is set to
trueif any of the requests executed during the reindex timed out. -
total - The number of documents that were successfully processed.
-
updated - The number of documents that were successfully updated.
-
created - The number of documents that were successfully created.
-
deleted - The number of documents that were successfully deleted.
-
batches - The number of scroll responses pulled back by the reindex.
-
noops -
The number of documents that were ignored because the script used for
the reindex returned a
noopvalue forctx.op. -
version_conflicts - The number of version conflicts that reindex hit.
-
retries -
The number of retries attempted by reindex.
bulkis the number of bulk actions retried andsearchis the number of search actions retried. -
throttled_millis -
Number of milliseconds the request slept to conform to
requests_per_second. -
requests_per_second - The number of requests per second effectively executed during the reindex.
-
throttled_until_millis -
This field should always be equal to zero in a
_reindexresponse. It only has meaning when using the Task API, where it indicates the next time (in milliseconds since epoch) a throttled request will be executed again in order to conform torequests_per_second. -
failures -
Array of failures if there were any unrecoverable errors during the process. If
this is non-empty then the request aborted because of those failures. Reindex
is implemented using batches and any failure causes the entire process to abort
but all failures in the current batch are collected into the array. You can use
the
conflictsoption to prevent reindex from aborting on version conflicts.
Works with the Task API
editYou can fetch the status of all running reindex requests with the Task API:
GET _tasks?detailed=true&actions=*reindex
The response looks like:
{
"nodes" : {
"r1A2WoRbTwKZ516z6NEs5A" : {
"name" : "r1A2WoR",
"transport_address" : "127.0.0.1:9300",
"host" : "127.0.0.1",
"ip" : "127.0.0.1:9300",
"attributes" : {
"testattr" : "test",
"portsfile" : "true"
},
"tasks" : {
"r1A2WoRbTwKZ516z6NEs5A:36619" : {
"node" : "r1A2WoRbTwKZ516z6NEs5A",
"id" : 36619,
"type" : "transport",
"action" : "indices:data/write/reindex",
"status" : {
"total" : 6154,
"updated" : 3500,
"created" : 0,
"deleted" : 0,
"batches" : 4,
"version_conflicts" : 0,
"noops" : 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0
},
"description" : "",
"start_time_in_millis": 1535149899665,
"running_time_in_nanos": 5926916792,
"cancellable": true,
"headers": {}
}
}
}
}
}
|
This object contains the actual status. It is identical to the response JSON
except for the important addition of the |
With the task id you can look up the task directly. The following example
retrieves information about the task r1A2WoRbTwKZ516z6NEs5A:36619:
GET /_tasks/r1A2WoRbTwKZ516z6NEs5A:36619
The advantage of this API is that it integrates with wait_for_completion=false
to transparently return the status of completed tasks. If the task is completed
and wait_for_completion=false was set, it will return a
results or an error field. The cost of this feature is the document that
wait_for_completion=false creates at .tasks/task/${taskId}. It is up to
you to delete that document.
Works with the Cancel Task API
editAny reindex can be canceled using the Task Cancel API. For example:
POST _tasks/r1A2WoRbTwKZ516z6NEs5A:36619/_cancel
The task ID can be found using the Tasks API.
Cancelation should happen quickly but might take a few seconds. The Tasks API will continue to list the task until it wakes to cancel itself.
Rethrottling
editThe value of requests_per_second can be changed on a running reindex using
the _rethrottle API:
POST _reindex/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1
The task ID can be found using the tasks API.
Just like when setting it on the Reindex API, requests_per_second
can be either -1 to disable throttling or any decimal number
like 1.7 or 12 to throttle to that level. Rethrottling that speeds up the
query takes effect immediately, but rethrottling that slows down the query will
take effect after completing the current batch. This prevents scroll
timeouts.
Reindex to change the name of a field
edit_reindex can be used to build a copy of an index with renamed fields. Say you
create an index containing documents that look like this:
POST test/_doc/1?refresh
{
"text": "words words",
"flag": "foo"
}
but you don’t like the name flag and want to replace it with tag.
_reindex can create the other index for you:
POST _reindex
{
"source": {
"index": "test"
},
"dest": {
"index": "test2"
},
"script": {
"source": "ctx._source.tag = ctx._source.remove(\"flag\")"
}
}
Now you can get the new document:
GET test2/_doc/1
which will return:
{
"found": true,
"_id": "1",
"_index": "test2",
"_type": "_doc",
"_version": 1,
"_seq_no": 44,
"_primary_term": 1,
"_source": {
"text": "words words",
"tag": "foo"
}
}
Slicing
editReindex supports Sliced Scroll to parallelize the reindexing process. This parallelization can improve efficiency and provide a convenient way to break the request down into smaller parts.
Manual slicing
editSlice a reindex request manually by providing a slice id and total number of slices to each request:
POST _reindex
{
"source": {
"index": "twitter",
"slice": {
"id": 0,
"max": 2
}
},
"dest": {
"index": "new_twitter"
}
}
POST _reindex
{
"source": {
"index": "twitter",
"slice": {
"id": 1,
"max": 2
}
},
"dest": {
"index": "new_twitter"
}
}
You can verify this works by:
GET _refresh POST new_twitter/_search?size=0&filter_path=hits.total
which results in a sensible total like this one:
{
"hits": {
"total" : {
"value": 120,
"relation": "eq"
}
}
}
Automatic slicing
editYou can also let _reindex automatically parallelize using Sliced Scroll to
slice on _uid. Use slices to specify the number of slices to use:
POST _reindex?slices=5&refresh
{
"source": {
"index": "twitter"
},
"dest": {
"index": "new_twitter"
}
}
You can also this verify works by:
POST new_twitter/_search?size=0&filter_path=hits.total
which results in a sensible total like this one:
{
"hits": {
"total" : {
"value": 120,
"relation": "eq"
}
}
}
Setting slices to auto will let Elasticsearch choose the number of slices
to use. This setting will use one slice per shard, up to a certain limit. If
there are multiple source indices, it will choose the number of slices based
on the index with the smallest number of shards.
Adding slices to _reindex just automates the manual process used in the
section above, creating sub-requests which means it has some quirks:
-
You can see these requests in the Tasks APIs. These
sub-requests are "child" tasks of the task for the request with
slices. -
Fetching the status of the task for the request with
slicesonly contains the status of completed slices. - These sub-requests are individually addressable for things like cancelation and rethrottling.
-
Rethrottling the request with
sliceswill rethrottle the unfinished sub-request proportionally. -
Canceling the request with
sliceswill cancel each sub-request. -
Due to the nature of
sliceseach sub-request won’t get a perfectly even portion of the documents. All documents will be addressed, but some slices may be larger than others. Expect larger slices to have a more even distribution. -
Parameters like
requests_per_secondandsizeon a request withslicesare distributed proportionally to each sub-request. Combine that with the point above about distribution being uneven and you should conclude that the usingsizewithslicesmight not result in exactlysizedocuments being reindexed. - Each sub-request gets a slightly different snapshot of the source index, though these are all taken at approximately the same time.
Picking the number of slices
editIf slicing automatically, setting slices to auto will choose a reasonable
number for most indices. If slicing manually or otherwise tuning
automatic slicing, use these guidelines.
Query performance is most efficient when the number of slices is equal to the
number of shards in the index. If that number is large (e.g. 500),
choose a lower number as too many slices will hurt performance. Setting
slices higher than the number of shards generally does not improve efficiency
and adds overhead.
Indexing performance scales linearly across available resources with the number of slices.
Whether query or indexing performance dominates the runtime depends on the documents being reindexed and cluster resources.
Reindexing many indices
editIf you have many indices to reindex it is generally better to reindex them one at a time rather than using a glob pattern to pick up many indices. That way you can resume the process if there are any errors by removing the partially completed index and starting over at that index. It also makes parallelizing the process fairly simple: split the list of indices to reindex and run each list in parallel.
One-off bash scripts seem to work nicely for this:
for index in i1 i2 i3 i4 i5; do
curl -HContent-Type:application/json -XPOST localhost:9200/_reindex?pretty -d'{
"source": {
"index": "'$index'"
},
"dest": {
"index": "'$index'-reindexed"
}
}'
done
Reindex daily indices
editNotwithstanding the above advice, you can use _reindex in combination with
Painless to reindex daily indices to apply
a new template to the existing documents.
Assuming you have indices consisting of documents as follows:
PUT metricbeat-2016.05.30/_doc/1?refresh
{"system.cpu.idle.pct": 0.908}
PUT metricbeat-2016.05.31/_doc/1?refresh
{"system.cpu.idle.pct": 0.105}
The new template for the metricbeat-* indices is already loaded into Elasticsearch,
but it applies only to the newly created indices. Painless can be used to reindex
the existing documents and apply the new template.
The script below extracts the date from the index name and creates a new index
with -1 appended. All data from metricbeat-2016.05.31 will be reindexed
into metricbeat-2016.05.31-1.
POST _reindex
{
"source": {
"index": "metricbeat-*"
},
"dest": {
"index": "metricbeat"
},
"script": {
"lang": "painless",
"source": "ctx._index = 'metricbeat-' + (ctx._index.substring('metricbeat-'.length(), ctx._index.length())) + '-1'"
}
}
All documents from the previous metricbeat indices can now be found in the *-1 indices.
GET metricbeat-2016.05.30-1/_doc/1 GET metricbeat-2016.05.31-1/_doc/1
The previous method can also be used in conjunction with changing a field name to load only the existing data into the new index and rename any fields if needed.
Extracting a random subset of an index
edit_reindex can be used to extract a random subset of an index for testing: