Create enrich policy API
editCreate enrich policy API
editCreates an enrich policy.
resp = client.enrich.put_policy( name="my-policy", match={ "indices": "users", "match_field": "email", "enrich_fields": [ "first_name", "last_name", "city", "zip", "state" ] }, ) print(resp)
response = client.enrich.put_policy( name: 'my-policy', body: { match: { indices: 'users', match_field: 'email', enrich_fields: [ 'first_name', 'last_name', 'city', 'zip', 'state' ] } } ) puts response
const response = await client.enrich.putPolicy({ name: "my-policy", match: { indices: "users", match_field: "email", enrich_fields: ["first_name", "last_name", "city", "zip", "state"], }, }); console.log(response);
PUT /_enrich/policy/my-policy { "match": { "indices": "users", "match_field": "email", "enrich_fields": ["first_name", "last_name", "city", "zip", "state"] } }
Request
editPUT /_enrich/policy/<enrich-policy>
Prerequisites
editTo use enrich policies, you must have:
-
read
index privileges for any indices used -
The
enrich_user
built-in role
Description
editUse the create enrich policy API to create a enrich policy.
Once created, you can’t update or change an enrich policy. Instead, you can:
- Create and execute a new enrich policy.
- Replace the previous enrich policy with the new enrich policy in any in-use enrich processors or ES|QL queries.
- Use the delete enrich policy API or Index Management in Kibana to delete the previous enrich policy.
Path parameters
edit-
<enrich-policy>
- (Required, string) Name of the enrich policy to create or update.
Request body
edit-
<policy-type>
-
(Required, object) Configures the enrich policy. The field key is the enrich policy type. Valid key values are:
-
geo_match
-
Matches enrich data to incoming documents based on a
geo_shape
query. For an example, see Example: Enrich your data based on geolocation. -
match
-
Matches enrich data to incoming documents based on a
term
query. For an example, see Example: Enrich your data based on exact values. -
range
-
Matches a number, date, or IP address in incoming documents to a range in the
enrich index based on a
term
query. For an example, see Example: Enrich your data by matching a value to a range.
Properties of
<policy-type>
-
indices
-
(Required, String or array of strings) One or more source indices used to create the enrich index.
If multiple indices are specified, they must share a common
match_field
. -
match_field
- (Required, string) Field in source indices used to match incoming documents.
-
enrich_fields
- (Required, Array of strings) Fields to add to matching incoming documents. These fields must be present in the source indices.
-
query
-
(Optional, Query DSL query object)
Query used to filter documents in the enrich index. The policy only uses
documents matching this query to enrich incoming documents. Defaults to a
match_all
query.
-