/elasticsearch-search | Type: Application | PCID required: Yes
Tools
elasticsearch_search_async_search_delete
Delete an async search Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | A unique identifier for the async search. |
elasticsearch_search_async_search_get
Get async search results Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | A unique identifier for the async search. |
keep_alive | string | No | — | The length of time that the async search should be available in the cluster. When not specified, the keep_alive set with the corresponding submit async request will be used. Otherwise, it is possible to override the value and extend the validity of the request. When this period expires, the search, if still running, is cancelled. If the search is completed, its saved results are deleted. |
typed_keys | boolean | No | — | Specify whether aggregation and suggester names should be prefixed by their respective types in the response |
wait_for_completion_timeout | string | No | — | Specifies to wait for the search to be completed up until the provided timeout. Final results will be returned if available before the timeout expires, otherwise the currently available results will be returned once the timeout expires. By default no timeout is set meaning that the currently available results will be returned without any additional wait. |
return_intermediate_results | boolean | No | — | Specifies whether the response should contain intermediate results if the query is still running when the wait_for_completion_timeout expires or if no wait_for_completion_timeout is specified. If true and the search is still running, the search response will include any hits and partial aggregations that are available. If false and the search is still running, the search response will not include any hits (but possibly include total hits) nor will include any partial aggregations. When not specified, the intermediate results are returned for running queries. |
elasticsearch_search_async_search_status
Get the async search status Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | A unique identifier for the async search. |
keep_alive | string | No | — | The length of time that the async search needs to be available. Ongoing async searches and any saved search results are deleted after this period. |
elasticsearch_search_async_search_submit
Run an async search Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices |
wait_for_completion_timeout | string | No | — | Blocks and waits until the search is completed up to a certain timeout. When the async search completes within the timeout, the response won’t include the ID as the results are not stored in the cluster. |
keep_alive | string | No | — | Specifies how long the async search needs to be available. Ongoing async searches and any saved search results are deleted after this period. |
keep_on_completion | boolean | No | — | If true, results are stored for later retrieval when the search completes within the wait_for_completion_timeout. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
allow_partial_search_results | boolean | No | — | Indicate if an error should be returned if there is a partial search failure or timeout |
analyzer | string | No | — | The analyzer to use for the query string |
analyze_wildcard | boolean | No | — | Specify whether wildcard and prefix queries should be analyzed |
batched_reduce_size | number | No | — | Affects how often partial results become available, which happens whenever shard results are reduced. A partial reduction is performed every time the coordinating node has received a certain number of new shard responses (5 by default). |
ccs_minimize_roundtrips | boolean | No | — | The default value is the only supported value. |
default_operator | string | No | — | The default operator for query string query (AND or OR) |
df | string | No | — | The field to use as default where no field prefix is given in the query string |
docvalue_fields | string[] | No | — | A comma-separated list of fields to return as the docvalue representation of a field for each hit |
expand_wildcards | string[] | No | — | Whether to expand wildcard expression to concrete indices that are open, closed or both Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
explain | boolean | No | — | Specify whether to return detailed information about score computation as part of a hit |
ignore_throttled | boolean | No | — | Whether specified concrete, expanded or aliased indices should be ignored when throttled |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
lenient | boolean | No | — | Specify whether format-based query failures (such as providing text to a numeric field) should be ignored |
max_concurrent_shard_requests | number | No | — | The number of concurrent shard requests per node this search executes concurrently. This value should be used to limit the impact of the search on the cluster in order to limit the number of concurrent shard requests |
preference | string | No | — | Specify the node or shard the operation should be performed on |
request_cache | boolean | No | — | Specify if request cache should be used for this request or not, defaults to true |
routing | string[] | No | — | A comma-separated list of specific routing values |
search_type | string | No | — | Search operation type Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
stats | string[] | No | — | Specific ‘tag’ of the request for logging and statistical purposes |
stored_fields | string[] | No | — | A comma-separated list of stored fields to return as part of a hit |
suggest_field | string | No | — | Specifies which field to use for suggestions. |
suggest_mode | string | No | — | Specify suggest mode Supported values include: - missing: Only generate suggestions for terms that are not in the shard. - popular: Only suggest terms that occur in more docs on the shard than the original term. - always: Suggest any matching suggestions based on terms in the suggest text. |
suggest_size | number | No | — | How many suggestions to return in response |
suggest_text | string | No | — | The source text for which the suggestions should be returned. |
terminate_after | number | No | — | The maximum number of documents to collect for each shard, upon reaching which the query execution will terminate early |
timeout | string | No | — | Explicit operation timeout |
track_total_hits | object | No | — | Indicate if the number of documents that match the query should be tracked. A number can also be specified, to accurately track the total hit count up to the number. |
track_scores | boolean | No | — | Whether to calculate and return scores even if they are not used for sorting |
typed_keys | boolean | No | — | Specify whether aggregation and suggester names should be prefixed by their respective types in the response |
rest_total_hits_as_int | boolean | No | — | Indicates whether hits.total should be rendered as an integer or an object in the rest search response |
version | boolean | No | — | Specify whether to return document version as part of a hit |
_source | object | No | — | True or false to return the _source field or not, or a list of fields to return |
_source_excludes | string[] | No | — | A list of fields to exclude from the returned _source field |
_source_includes | string[] | No | — | A list of fields to extract and return from the _source field |
seq_no_primary_term | boolean | No | — | Specify whether to return sequence number and primary term of the last modification of each hit |
q | string | No | — | Query in the Lucene query string syntax |
size | number | No | — | Number of hits to return |
from | number | No | — | Starting offset |
sort | string[] | No | — | A comma-separated list of <field>:<direction> pairs |
aggregations | object | No | — | The aggregations value |
collapse | object | No | — | The collapse value |
ext | object | No | — | Configuration of search extensions defined by Elasticsearch plugins. |
fields | object[] | No | — | Array of wildcard (*) patterns. The request returns values for field names matching these patterns in the hits.fields property of the response. |
highlight | object | No | — | The highlight value |
indices_boost | object[] | No | — | Boosts the _score of documents from specified indices. |
knn | object[] | No | — | Defines the approximate kNN search to run. |
min_score | number | No | — | Minimum _score for matching documents. Documents with a lower _score are not included in search results and results collected by aggregations. |
pit | object | No | — | Limits the search to a point in time (PIT). If you provide a PIT, you cannot specify an <index> in the request path. |
post_filter | object | No | — | Post Filter |
profile | boolean | No | — | The profile value |
query | object | No | — | Defines the search definition using the Query DSL. |
rescore | object | No | — | The rescore value |
runtime_mappings | object | No | — | Defines one or more runtime fields in the search request. These fields take precedence over mapped fields with the same name. |
script_fields | object | No | — | Retrieve a script evaluation (based on different fields) for each hit. |
search_after | object | No | — | Search After |
slice | object | No | — | The slice value |
suggest | object | No | — | The suggest value |
elasticsearch_search_bulk
Bulk index or delete documents Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the data stream, index, or index alias to perform bulk actions on. |
include_source_on_error | boolean | No | — | True or false if to include the document source in the error message in case of parsing errors. |
list_executed_pipelines | boolean | No | — | If true, the response will include the ingest pipelines that were run for each index or create. |
pipeline | string | No | — | The pipeline identifier to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter. |
refresh | string | No | — | If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, wait for a refresh to make this operation visible to search. If false, do nothing with refreshes. Valid values: true, false, wait_for. |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
_source | object | No | — | Indicates whether to return the _source field (true or false) or contains a list of fields to return. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored. |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored. |
timeout | string | No | — | The period each action waits for the following operations: automatic index creation, dynamic mapping updates, and waiting for active shards. The default is 1m (one minute), which guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur. |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default is 1, which waits for each primary shard to be active. |
require_alias | boolean | No | — | If true, the request’s actions must target an index alias. |
require_data_stream | boolean | No | — | If true, the request’s actions must target a data stream (existing or to be created). |
body | any[] | Yes | — | Request body |
elasticsearch_search_clear_scroll
Clear a scrolling search Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
scroll_id | string[] | Yes | — | A comma-separated list of scroll IDs to clear. To clear all scroll IDs, use _all. IMPORTANT: Scroll IDs can be long. It is recommended to specify scroll IDs in the request body parameter. |
elasticsearch_search_close_point_in_time
Close a point in time Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | object | Yes | — | The ID of the point-in-time. |
elasticsearch_search_count
Count search results Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
analyzer | string | No | — | The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified. |
analyze_wildcard | boolean | No | — | If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified. |
default_operator | string | No | — | The default operator for query string query: and or or. This parameter can be used only when the q query string parameter is specified. |
df | string | No | — | The field to use as a default when no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
ignore_throttled | boolean | No | — | If true, concrete, expanded, or aliased indices are ignored when frozen. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
lenient | boolean | No | — | If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified. |
min_score | number | No | — | The minimum _score value that documents must have to be included in the result. |
preference | string | No | — | The node or shard the operation should be performed on. By default, it is random. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
terminate_after | number | No | — | The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers. |
q | string | No | — | The query in Lucene query string syntax. This parameter cannot be used with a request body. |
query | object | No | — | Defines the search query using Query DSL. A request body query cannot be used with the q query string parameter. |
elasticsearch_search_create
Create a new document in the index Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the data stream or index to target. If the target doesn’t exist and matches the name or wildcard (*) pattern of an index template with a data_stream definition, this request creates the data stream. If the target doesn’t exist and doesn’t match a data stream template, this request creates the index. |
id | string | Yes | — | A unique identifier for the document. To automatically generate a document ID, use the POST /<target>/_doc/ request format. |
include_source_on_error | boolean | No | — | True or false if to include the document source in the error message in case of parsing errors. |
pipeline | string | No | — | The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, setting the value to _none turns off the default ingest pipeline for this request. If a final pipeline is configured, it will always run regardless of the value of this parameter. |
refresh | string | No | — | If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes. |
require_alias | boolean | No | — | If true, the destination must be an index alias. |
require_data_stream | boolean | No | — | If true, the request’s actions must target a data stream (existing or to be created). |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
timeout | string | No | — | The period the request waits for the following operations: automatic index creation, dynamic mapping updates, waiting for active shards. Elasticsearch waits for at least the specified timeout period before failing. The actual wait time could be longer, particularly when multiple waits occur. This parameter is useful for situations where the primary shard assigned to perform the operation might not be available when the operation runs. Some reasons for this might be that the primary shard is currently recovering from a gateway or undergoing relocation. By default, the operation will wait on the primary shard to become available for at least 1 minute before failing and responding with an error. The actual wait time could be longer, particularly when multiple waits occur. |
version | number | No | — | The explicit version number for concurrency control. It must be a non-negative long number. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active. |
body | object | Yes | — | Request body |
elasticsearch_search_delete
Delete a document Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the target index. |
id | string | Yes | — | A unique identifier for the document. |
if_primary_term | number | No | — | Only perform the operation if the document has this primary term. |
if_seq_no | number | No | — | Only perform the operation if the document has this sequence number. |
refresh | string | No | — | If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
timeout | string | No | — | The period to wait for active shards. This parameter is useful for situations where the primary shard assigned to perform the delete operation might not be available when the delete operation runs. Some reasons for this might be that the primary shard is currently recovering from a store or undergoing relocation. By default, the delete operation will wait on the primary shard to become available for up to 1 minute before failing and responding with an error. |
version | number | No | — | An explicit version number for concurrency control. It must match the current version of the document for the request to succeed. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
wait_for_active_shards | object | No | — | The minimum number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active. |
elasticsearch_search_delete_by_query
Delete documents Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams or indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
analyzer | string | No | — | Analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified. |
analyze_wildcard | boolean | No | — | If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified. |
conflicts | string | No | — | What to do if delete by query hits version conflicts: abort or proceed. Supported values include: - abort: Stop reindexing if there are conflicts. - proceed: Continue reindexing even if there are conflicts. |
default_operator | string | No | — | The default operator for query string query: and or or. This parameter can be used only when the q query string parameter is specified. |
df | string | No | — | The field to use as default where no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
from | number | No | — | Skips the specified number of documents. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
lenient | boolean | No | — | If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified. |
max_docs | number | No | — | The maximum number of documents to process. Defaults to all documents. When set to a value less then or equal to scroll_size, a scroll will not be used to retrieve the results for the operation. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
refresh | boolean | No | — | If true, Elasticsearch refreshes all shards involved in the delete by query after the request completes. This is different than the delete API’s refresh parameter, which causes just the shard that received the delete request to be refreshed. Unlike the delete API, it does not support wait_for. |
request_cache | boolean | No | — | If true, the request cache is used for this request. Defaults to the index-level setting. |
requests_per_second | number | No | — | The throttle for this request in sub-requests per second. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
q | string | No | — | A query in the Lucene query string syntax. |
scroll | string | No | — | The period to retain the search context for scrolling. |
scroll_size | number | No | — | The size of the scroll request that powers the operation. |
search_timeout | string | No | — | The explicit timeout for each search request. It defaults to no timeout. |
search_type | string | No | — | The type of the search operation. Available options include query_then_fetch and dfs_query_then_fetch. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
slices | object | No | — | The number of slices this task should be divided into. |
sort | string[] | No | — | A comma-separated list of <field>:<direction> pairs. |
stats | string[] | No | — | The specific tag of the request for logging and statistical purposes. |
terminate_after | number | No | — | The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers. |
timeout | string | No | — | The period each deletion request waits for active shards. |
version | boolean | No | — | If true, returns the document version as part of a hit. |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The timeout value controls how long each write request waits for unavailable shards to become available. |
wait_for_completion | boolean | No | — | If true, the request blocks until the operation is complete. If false, Elasticsearch performs some preflight checks, launches the request, and returns a task you can use to cancel or get the status of the task. Elasticsearch creates a record of this task as a document at .tasks/task/${taskId}. When you are done with a task, you should delete the task document so Elasticsearch can reclaim the space. |
query | object | No | — | The documents to delete specified with Query DSL. |
slice | object | No | — | Slice the request manually using the provided slice ID and total number of slices. |
elasticsearch_search_delete_by_query_rethrottle
Throttle a delete by query operation Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
task_id | string | Yes | — | The ID for the task. |
requests_per_second | number | Yes | — | The throttle for this request in sub-requests per second. To disable throttling, set it to -1. |
elasticsearch_search_esql_async_query
Run an async ES|QL query Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
allow_partial_results | boolean | No | — | If true, partial results will be returned if there are shard failures, but the query can continue to execute on other clusters and shards. If false, the query will fail if there are any failures. To override the default behavior, you can set the esql.query.allow_partial_results cluster setting to false. |
delimiter | string | No | — | The character to use between values within a CSV row. It is valid only for the CSV format. |
drop_null_columns | boolean | No | — | Indicates whether columns that are entirely null will be removed from the columns and values portion of the results. If true, the response will include an extra section under the name all_columns which has the name of all the columns. |
format | string | No | — | A short version of the Accept header, e.g. json, yaml. csv, tsv, and txt formats will return results in a tabular format, excluding other metadata fields from the response. For async requests, nothing will be returned if the async query doesn’t finish within the timeout. The query ID and running status are available in the X-Elasticsearch-Async-Id and X-Elasticsearch-Async-Is-Running HTTP headers of the response, respectively. |
columnar | boolean | No | — | By default, ES|QL returns results as rows. For example, FROM returns each individual document as one row. For the JSON, YAML, CBOR and smile formats, ES|QL can return the results in a columnar fashion where one row represents all the values of a certain column in the results. |
filter | object | No | — | Specify a Query DSL query in the filter parameter to filter the set of documents that an ES|QL query runs on. |
include_ccs_metadata | boolean | No | — | When set to true and performing a cross-cluster/cross-project query, the response will include an extra _clusters object with information about the clusters that participated in the search along with info such as shards count. |
include_execution_metadata | boolean | No | — | When set to true, the response will include an extra _clusters object with information about the clusters that participated in the search along with info such as shards count. This is similar to include_ccs_metadata, but it also returns metadata when the query is not CCS/CPS |
keep_alive | object | No | — | The period for which the query and its results are stored in the cluster. The default period is five days. When this period expires, the query and its results are deleted, even if the query is still ongoing. If the keep_on_completion parameter is false, Elasticsearch only stores async queries that do not complete within the period set by the wait_for_completion_timeout parameter, regardless of this value. |
keep_on_completion | boolean | No | — | Indicates whether the query and its results are stored in the cluster. If false, the query and its results are stored in the cluster only if the request does not complete during the period set by the wait_for_completion_timeout parameter. |
locale | string | No | — | Returns results (especially dates) formatted per the conventions of the locale. |
params | object | No | — | To avoid any attempts of hacking or code injection, extract the values in a separate list of parameters. Use question mark placeholders (?) in the query string for each of the parameters. |
profile | boolean | No | — | If provided and true the response will include an extra profile object with information on how the query was executed. This information is for human debugging and its format can change at any time but it can give some insight into the performance of each part of the query. |
query | string | Yes | — | The ES|QL query API accepts an ES|QL query string in the query parameter, runs it, and returns the results. |
tables | object | No | — | Tables to use with the LOOKUP operation. The top level key is the table name and the next level key is the column name. |
time_zone | string | No | — | Sets the default timezone of the query. |
wait_for_completion_timeout | object | No | — | The period to wait for the request to finish. By default, the request waits for 1 second for the query results. If the query completes during this period, results are returned Otherwise, a query ID is returned that can later be used to retrieve the results. |
elasticsearch_search_esql_async_query_delete
Delete an async ES|QL query Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The unique identifier of the query. A query ID is provided in the ES|QL async query API response for a query that does not complete in the designated time. A query ID is also provided when the request was submitted with the keep_on_completion parameter set to true. |
elasticsearch_search_esql_async_query_get
Get async ES|QL query results Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The unique identifier of the query. A query ID is provided in the ES|QL async query API response for a query that does not complete in the designated time. A query ID is also provided when the request was submitted with the keep_on_completion parameter set to true. |
drop_null_columns | boolean | No | — | Indicates whether columns that are entirely null will be removed from the columns and values portion of the results. If true, the response will include an extra section under the name all_columns which has the name of all the columns. |
format | string | No | — | A short version of the Accept header, for example json or yaml. |
keep_alive | string | No | — | The period for which the query and its results are stored in the cluster. When this period expires, the query and its results are deleted, even if the query is still ongoing. |
wait_for_completion_timeout | string | No | — | The period to wait for the request to finish. By default, the request waits for complete query results. If the request completes during the period specified in this parameter, complete query results are returned. Otherwise, the response returns an is_running value of true and no results. |
elasticsearch_search_esql_async_query_stop
Stop async ES|QL query Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The unique identifier of the query. A query ID is provided in the ES|QL async query API response for a query that does not complete in the designated time. A query ID is also provided when the request was submitted with the keep_on_completion parameter set to true. |
drop_null_columns | boolean | No | — | Indicates whether columns that are entirely null will be removed from the columns and values portion of the results. If true, the response will include an extra section under the name all_columns which has the name of all the columns. |
elasticsearch_search_esql_delete_view
Delete an ES|QL view Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | The view name to remove. |
elasticsearch_search_esql_get_query
Get a specific running ES|QL query information Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The query ID |
elasticsearch_search_esql_get_view
Get an ES|QL view Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | The comma-separated view names to retrieve. |
elasticsearch_search_esql_list_queries
Get running ES|QL queries informationelasticsearch_search_esql_put_view
Create or update an ES|QL view Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | The view name to create or update. |
query | string | Yes | — | The ES|QL query string from which to create a view. |
elasticsearch_search_esql_query
Run an ES|QL query Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
format | string | No | — | A short version of the Accept header, e.g. json, yaml. csv, tsv, and txt formats will return results in a tabular format, excluding other metadata fields from the response. |
delimiter | string | No | — | The character to use between values within a CSV row. Only valid for the CSV format. |
drop_null_columns | boolean | No | — | Should columns that are entirely null be removed from the columns and values portion of the results? Defaults to false. If true then the response will include an extra section under the name all_columns which has the name of all columns. |
allow_partial_results | boolean | No | — | If true, partial results will be returned if there are shard failures, but the query can continue to execute on other clusters and shards. If false, the query will fail if there are any failures. To override the default behavior, you can set the esql.query.allow_partial_results cluster setting to false. |
columnar | boolean | No | — | By default, ES|QL returns results as rows. For example, FROM returns each individual document as one row. For the JSON, YAML, CBOR and smile formats, ES|QL can return the results in a columnar fashion where one row represents all the values of a certain column in the results. |
filter | object | No | — | Specify a Query DSL query in the filter parameter to filter the set of documents that an ES|QL query runs on. |
include_ccs_metadata | boolean | No | — | When set to true and performing a cross-cluster/cross-project query, the response will include an extra _clusters object with information about the clusters that participated in the search along with info such as shards count. |
include_execution_metadata | boolean | No | — | When set to true, the response will include an extra _clusters object with information about the clusters that participated in the search along with info such as shards count. This is similar to include_ccs_metadata, but it also returns metadata when the query is not CCS/CPS |
locale | string | No | — | Returns results (especially dates) formatted per the conventions of the locale. |
params | object | No | — | To avoid any attempts of hacking or code injection, extract the values in a separate list of parameters. Use question mark placeholders (?) in the query string for each of the parameters. |
profile | boolean | No | — | If provided and true the response will include an extra profile object with information on how the query was executed. This information is for human debugging and its format can change at any time but it can give some insight into the performance of each part of the query. |
query | string | Yes | — | The ES|QL query API accepts an ES|QL query string in the query parameter, runs it, and returns the results. |
tables | object | No | — | Tables to use with the LOOKUP operation. The top level key is the table name and the next level key is the column name. |
time_zone | string | No | — | Sets the default timezone of the query. |
elasticsearch_search_explain
Explain a document match result Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | Index names that are used to limit the request. Only a single index name can be provided to this parameter. |
id | string | Yes | — | The document identifier. |
analyzer | string | No | — | The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified. |
analyze_wildcard | boolean | No | — | If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified. |
default_operator | string | No | — | The default operator for query string query: and or or. This parameter can be used only when the q query string parameter is specified. |
df | string | No | — | The field to use as default where no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified. |
lenient | boolean | No | — | If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
_source | object | No | — | True or false to return the _source field or not or a list of fields to return. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored. |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored. |
stored_fields | string[] | No | — | A comma-separated list of stored fields to return in the response. |
q | string | No | — | The query in the Lucene query string syntax. |
query | object | No | — | Defines the search definition using the Query DSL. |
elasticsearch_search_field_caps
Get the field capabilities Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
fields | string[] | No | — | A comma-separated list of fields to retrieve capabilities for. Wildcard (*) expressions are supported. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
include_unmapped | boolean | No | — | If true, unmapped fields are included in the response. |
filters | string[] | No | — | A comma-separated list of filters to apply to the response. |
types | string[] | No | — | A comma-separated list of field types to include. Any fields that do not match one of these types will be excluded from the results. It defaults to empty, meaning that all field types are returned. |
include_empty_fields | boolean | No | — | If false, empty fields are not included in the response. |
index_filter | object | No | — | Filter indices if the provided query rewrites to match_none on every shard. IMPORTANT: The filtering is done on a best-effort basis, it uses index statistics and mappings to rewrite queries to match_none instead of fully running the request. For instance a range query over a date field can rewrite to match_none if all documents within a shard (including deleted documents) are outside of the provided range. However, not all queries can rewrite to match_none so this API may return an index even if the provided filter matches no document. |
runtime_mappings | object | No | — | Define ad-hoc runtime fields in the request similar to the way it is done in search requests. These fields exist only as part of the query and take precedence over fields defined with the same name in the index mappings. |
elasticsearch_search_get
Get a document by its ID Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the index that contains the document. |
id | string | Yes | — | A unique document identifier. |
preference | string | No | — | The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas. If it is set to _local, the operation will prefer to be run on a local allocated shard when possible. If it is set to a custom value, the value is used to guarantee that the same shards will be used for the same custom value. This can help with “jumping values” when hitting different shards in different refresh states. A sample value can be something like the web session ID or the user name. |
realtime | boolean | No | — | If true, the request is real-time as opposed to near-real-time. |
refresh | boolean | No | — | If true, the request refreshes the relevant shards before retrieving the document. Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing). |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
_source | object | No | — | Indicates whether to return the _source field (true or false) or lists the fields to return. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored. |
_source_exclude_vectors | boolean | No | — | Whether vectors should be excluded from _source |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored. |
stored_fields | string[] | No | — | A comma-separated list of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. Only leaf fields can be retrieved with the stored_fields option. Object fields can’t be returned; if specified, the request fails. |
version | number | No | — | The version number for concurrency control. It must match the current version of the document for the request to succeed. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
elasticsearch_search_get_source
Get a document’s source Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the index that contains the document. |
id | string | Yes | — | A unique document identifier. |
preference | string | No | — | The node or shard the operation should be performed on. By default, the operation is randomized between the shard replicas. |
realtime | boolean | No | — | If true, the request is real-time as opposed to near-real-time. |
refresh | boolean | No | — | If true, the request refreshes the relevant shards before retrieving the document. Setting it to true should be done after careful thought and verification that this does not cause a heavy load on the system (and slow down indexing). |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
_source | object | No | — | Indicates whether to return the _source field (true or false) or lists the fields to return. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude in the response. |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. |
version | number | No | — | The version number for concurrency control. It must match the current version of the document for the request to succeed. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
elasticsearch_search_index
Create or update a document in an index Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the data stream or index to target. If the target doesn’t exist and matches the name or wildcard (*) pattern of an index template with a data_stream definition, this request creates the data stream. If the target doesn’t exist and doesn’t match a data stream template, this request creates the index. You can check for existing targets with the resolve index API. |
id | string | Yes | — | A unique identifier for the document. To automatically generate a document ID, use the POST /<target>/_doc/ request format and omit this parameter. |
if_primary_term | number | No | — | Only perform the operation if the document has this primary term. |
if_seq_no | number | No | — | Only perform the operation if the document has this sequence number. |
include_source_on_error | boolean | No | — | True or false if to include the document source in the error message in case of parsing errors. |
op_type | string | No | — | Set to create to only index the document if it does not already exist (put if absent). If a document with the specified _id already exists, the indexing operation will fail. The behavior is the same as using the <index>/_create endpoint. If a document ID is specified, this paramater defaults to index. Otherwise, it defaults to create. If the request targets a data stream, an op_type of create is required. Supported values include: - index: Overwrite any documents that already exist. - create: Only index documents that do not already exist. |
pipeline | string | No | — | The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request. If a final pipeline is configured it will always run, regardless of the value of this parameter. |
refresh | string | No | — | If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes. |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
timeout | string | No | — | The period the request waits for the following operations: automatic index creation, dynamic mapping updates, waiting for active shards. This parameter is useful for situations where the primary shard assigned to perform the operation might not be available when the operation runs. Some reasons for this might be that the primary shard is currently recovering from a gateway or undergoing relocation. By default, the operation will wait on the primary shard to become available for at least 1 minute before failing and responding with an error. The actual wait time could be longer, particularly when multiple waits occur. |
version | number | No | — | An explicit version number for concurrency control. It must be a non-negative long number. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active. |
require_alias | boolean | No | — | If true, the destination must be an index alias. |
require_data_stream | boolean | No | — | If true, the request’s actions must target a data stream (existing or to be created). |
body | object | Yes | — | Request body |
elasticsearch_search_mget
Get multiple documents Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | Name of the index to retrieve documents from when ids are specified, or when a document in the docs array does not specify an index. |
preference | string | No | — | Specifies the node or shard the operation should be performed on. Random by default. |
realtime | boolean | No | — | If true, the request is real-time as opposed to near-real-time. |
refresh | boolean | No | — | If true, the request refreshes relevant shards before retrieving documents. |
routing | string[] | No | — | Custom value used to route operations to a specific shard. |
_source | object | No | — | True or false to return the _source field or not, or a list of fields to return. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored. |
stored_fields | string[] | No | — | If true, retrieves the document fields stored in the index rather than the document _source. |
docs | object[] | No | — | The documents you want to retrieve. Required if no index is specified in the request URI. |
ids | object | No | — | The IDs of the documents you want to retrieve. Allowed when the index is specified in the request URI. |
elasticsearch_search_msearch
Run multiple searches Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | Comma-separated list of data streams, indices, and index aliases to search. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
ccs_minimize_roundtrips | boolean | No | — | If true, network roundtrips between the coordinating node and remote clusters are minimized for cross-cluster search requests. |
expand_wildcards | string[] | No | — | Type of index that wildcard expressions can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
ignore_throttled | boolean | No | — | If true, concrete, expanded or aliased indices are ignored when frozen. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
include_named_queries_score | boolean | No | — | Indicates whether hit.matched_queries should be rendered as a map that includes the name of the matched query associated with its score (true) or as an array containing the name of the matched queries (false) This functionality reruns each named query on every hit in a search response. Typically, this adds a small overhead to a request. However, using computationally expensive named queries on a large number of hits may add significant overhead. |
max_concurrent_searches | number | No | — | Maximum number of concurrent searches the multi search API can execute. Defaults to max(1, (# of data nodes * min(search thread pool size, 10))). |
max_concurrent_shard_requests | number | No | — | Maximum number of concurrent shard requests that each sub-search request executes per node. |
pre_filter_shard_size | number | No | — | Defines a threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method i.e., if date filters are mandatory to match but the shard bounds and the query are disjoint. |
rest_total_hits_as_int | boolean | No | — | If true, hits.total are returned as an integer in the response. Defaults to false, which returns an object. |
routing | string[] | No | — | Custom routing value used to route search operations to a specific shard. |
search_type | string | No | — | Indicates whether global term and document frequencies should be used when scoring returned documents. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
typed_keys | boolean | No | — | Specifies whether aggregation and suggester names should be prefixed by their respective types in the response. |
body | any[] | Yes | — | Request body |
elasticsearch_search_msearch_template
Run multiple templated searches Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use *. |
ccs_minimize_roundtrips | boolean | No | — | If true, network round-trips are minimized for cross-cluster search requests. |
max_concurrent_searches | number | No | — | The maximum number of concurrent searches the API can run. |
search_type | string | No | — | The type of the search operation. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
rest_total_hits_as_int | boolean | No | — | If true, the response returns hits.total as an integer. If false, it returns hits.total as an object. |
typed_keys | boolean | No | — | If true, the response prefixes aggregation and suggester names with their respective types. |
body | any[] | Yes | — | Request body |
elasticsearch_search_mtermvectors
Get multiple term vectors Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the index that contains the documents. |
ids | string[] | No | — | A comma-separated list of documents ids. You must define ids as parameter or set “ids” or “docs” in the request body |
fields | string[] | No | — | A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters. |
field_statistics | boolean | No | — | If true, the response includes the document count, sum of document frequencies, and sum of total term frequencies. |
offsets | boolean | No | — | If true, the response includes term offsets. |
payloads | boolean | No | — | If true, the response includes term payloads. |
positions | boolean | No | — | If true, the response includes term positions. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
realtime | boolean | No | — | If true, the request is real-time as opposed to near-real-time. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
term_statistics | boolean | No | — | If true, the response includes term frequency and document frequency. |
version | number | No | — | If true, returns the document version as part of a hit. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
docs | object[] | No | — | An array of existing or artificial documents. |
elasticsearch_search_mvt
Search a vector tile Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A list of indices, data streams, or aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use * or _all. To search a remote cluster, use the <cluster>:<target> syntax. |
field | string | Yes | — | A field that contains the geospatial data to return. It must be a geo_point or geo_shape field. The field must have doc values enabled. It cannot be a nested field. NOTE: Vector tiles do not natively support geometry collections. For geometrycollection values in a geo_shape field, the API returns a hits layer feature for each element of the collection. This behavior may change in a future release. |
zoom | number | Yes | — | The zoom level of the vector tile to search. It accepts 0 to 29. |
x | number | Yes | — | The X coordinate for the vector tile to search. |
y | number | Yes | — | The Y coordinate for the vector tile to search. |
exact_bounds | boolean | No | — | If false, the meta layer’s feature is the bounding box of the tile. If true, the meta layer’s feature is a bounding box resulting from a geo_bounds aggregation. The aggregation runs on <field> values that intersect the <zoom>/<x>/<y> tile with wrap_longitude set to false. The resulting bounding box may be larger than the vector tile. |
extent | number | No | — | The size, in pixels, of a side of the tile. Vector tiles are square with equal sides. |
grid_agg | string | No | — | Aggregation used to create a grid for field. |
grid_precision | number | No | — | Additional zoom levels available through the aggs layer. For example, if <zoom> is 7 and grid_precision is 8, you can zoom in up to level 15. Accepts 0-8. If 0, results don’t include the aggs layer. |
grid_type | string | No | — | Determines the geometry type for features in the aggs layer. In the aggs layer, each feature represents a geotile_grid cell. If ‘grid’ each feature is a Polygon of the cells bounding box. If ‘point’ each feature is a Point that is the centroid of the cell. |
size | number | No | — | Maximum number of features to return in the hits layer. Accepts 0-10000. If 0, results don’t include the hits layer. |
track_total_hits | object | No | — | The number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. |
with_labels | boolean | No | — | If true, the hits and aggs layers will contain additional point features representing suggested label positions for the original features. * Point and MultiPoint features will have one of the points selected. * Polygon and MultiPolygon features will have a single point generated, either the centroid, if it is within the polygon, or another point within the polygon selected from the sorted triangle-tree. * LineString features will likewise provide a roughly central point selected from the triangle-tree. * The aggregation results will provide one central point for each aggregation bucket. All attributes from the original features will also be copied to the new label features. In addition, the new features will be distinguishable using the tag _mvt_label_position. |
aggs | object | No | — | Sub-aggregations for the geotile_grid. It supports the following aggregation types: - avg - boxplot - cardinality - extended stats - max - median absolute deviation - min - percentile - percentile-rank - stats - sum - value count The aggregation names can’t start with _mvt_. The _mvt_ prefix is reserved for internal aggregations. |
buffer | number | No | — | The size, in pixels, of a clipping buffer outside the tile. This allows renderers to avoid outline artifacts from geometries that extend past the extent of the tile. |
fields | object | No | — | The fields to return in the hits layer. It supports wildcards (*). This parameter does not support fields with array values. Fields with array values may return inconsistent results. |
query | object | No | — | The query DSL used to filter documents for the search. |
runtime_mappings | object | No | — | Defines one or more runtime fields in the search request. These fields take precedence over mapped fields with the same name. |
sort | object | No | — | Sort the features in the hits layer. By default, the API calculates a bounding box for each feature. It sorts features based on this box’s diagonal length, from longest to shortest. |
elasticsearch_search_open_point_in_time
Open a point in time Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of index names to open point in time; use _all or empty string to perform the operation on all indices |
keep_alive | string | Yes | — | Extend the length of time that the point in time persists. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
preference | string | No | — | The node or shard the operation should be performed on. By default, it is random. |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
allow_partial_search_results | boolean | No | — | Indicates whether the point in time tolerates unavailable shards or shard failures when initially creating the PIT. If false, creating a point in time request when a shard is missing or unavailable will throw an exception. If true, the point in time will contain all the shards that are available at the time of the request. |
max_concurrent_shard_requests | number | No | — | Maximum number of concurrent shard requests that each sub-search request executes per node. |
index_filter | object | No | — | Filter indices if the provided query rewrites to match_none on every shard. |
elasticsearch_search_rank_eval
Evaluate ranked search results Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and index aliases used to limit the request. Wildcard (*) expressions are supported. To target all data streams and indices in a cluster, omit this parameter or use _all or *. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
expand_wildcards | string[] | No | — | Whether to expand wildcard expression to concrete indices that are open, closed or both. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
search_type | string | No | — | Search operation type Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
metric | object | No | — | Definition of the evaluation metric to calculate. |
requests | object[] | Yes | — | A set of typical search requests, together with their provided ratings. |
elasticsearch_search_reindex
Reindex documents Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
refresh | boolean | No | — | If true, the request refreshes affected shards to make this operation visible to search. |
requests_per_second | number | No | — | The throttle for this request in sub-requests per second. By default, there is no throttle. |
scroll | string | No | — | The period of time that a consistent view of the index should be maintained for scrolled search. |
slices | object | No | — | The number of slices this task should be divided into. It defaults to one slice, which means the task isn’t sliced into subtasks. Reindex supports sliced scroll to parallelize the reindexing process. This parallelization can improve efficiency and provide a convenient way to break the request down into smaller parts. NOTE: Reindexing from remote clusters does not support manual or automatic slicing. If set to auto, Elasticsearch chooses the number of slices to use. This setting will use one slice per shard, up to a certain limit. If there are multiple sources, it will choose the number of slices based on the index or backing index with the smallest number of shards. |
max_docs | number | No | — | The maximum number of documents to reindex. By default, all documents are reindexed. If it is a value less then or equal to scroll_size, a scroll will not be used to retrieve the results for the operation. If conflicts is set to proceed, the reindex operation could attempt to reindex more documents from the source than max_docs until it has successfully indexed max_docs documents into the target or it has gone through every document in the source query. |
timeout | string | No | — | The period each indexing waits for automatic index creation, dynamic mapping updates, and waiting for active shards. By default, Elasticsearch waits for at least one minute before failing. The actual wait time could be longer, particularly when multiple waits occur. |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. Set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value is one, which means it waits for each primary shard to be active. |
wait_for_completion | boolean | No | — | If true, the request blocks until the operation is complete. |
require_alias | boolean | No | — | If true, the destination must be an index alias. |
conflicts | object | No | — | Indicates whether to continue reindexing even when there are conflicts. Supported values include: - abort: Stop reindexing if there are conflicts. - proceed: Continue reindexing even if there are conflicts. |
dest | object | Yes | — | The destination you are copying to. |
script | object | No | — | The script to run to update the document source or metadata when reindexing. |
source | object | Yes | — | The source you are copying from. |
elasticsearch_search_reindex_rethrottle
Throttle a reindex operation Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
task_id | string | Yes | — | The task identifier, which can be found by using the tasks API. |
requests_per_second | number | Yes | — | The throttle for this request in sub-requests per second. It can be either -1 to turn off throttling or any decimal number like 1.7 or 12 to throttle to that level. |
group_by | string | No | — | Supported values include: - nodes: Group tasks by node ID. - parents: Group tasks by parent task ID. - none: Do not group tasks. |
elasticsearch_search_render_search_template
Render a search template Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The ID of the search template to render. If no source is specified, this or the id request body parameter is required. |
file | string | No | — | The file value |
params | object | No | — | Key-value pairs used to replace Mustache variables in the template. The key is the variable name. The value is the variable value. |
source | object | No | — | An inline search template. It supports the same parameters as the search API’s request body. These parameters also support Mustache variables. If no id or <templated-id> is specified, this parameter is required. |
elasticsearch_search_scroll
Run a scrolling search Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
scroll_id | string | Yes | — | The scroll ID |
scroll | string | No | — | The period to retain the search context for scrolling. |
rest_total_hits_as_int | boolean | No | — | If true, the API response’s hit.total property is returned as an integer. If false, the API response’s hit.total property is returned as an object. |
elasticsearch_search_search
Run a search Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
allow_partial_search_results | boolean | No | — | If true and there are shard request timeouts or shard failures, the request returns partial results. If false, it returns an error with no partial results. To override the default behavior, you can set the search.default_allow_partial_results cluster setting to false. |
analyzer | string | No | — | The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified. |
analyze_wildcard | boolean | No | — | If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified. |
batched_reduce_size | number | No | — | The number of shard results that should be reduced at once on the coordinating node. If the potential number of shards in the request can be large, this value should be used as a protection mechanism to reduce the memory overhead per search request. |
ccs_minimize_roundtrips | boolean | No | — | If true, network round-trips between the coordinating node and the remote clusters are minimized when running cross-cluster search (CCS) requests. |
default_operator | string | No | — | The default operator for the query string query: and or or. This parameter can be used only when the q query string parameter is specified. |
df | string | No | — | The field to use as a default when no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified. |
docvalue_fields | string[] | No | — | A comma-separated list of fields to return as the docvalue representation of a field for each hit. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
explain | boolean | No | — | If true, the request returns detailed information about score computation as part of a hit. |
ignore_throttled | boolean | No | — | If true, concrete, expanded or aliased indices will be ignored when frozen. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
include_named_queries_score | boolean | No | — | If true, the response includes the score contribution from any named queries. This functionality reruns each named query on every hit in a search response. Typically, this adds a small overhead to a request. However, using computationally expensive named queries on a large number of hits may add significant overhead. |
lenient | boolean | No | — | If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified. |
max_concurrent_shard_requests | number | No | — | The number of concurrent shard requests per node that the search runs concurrently. This value should be used to limit the impact of the search on the cluster in order to limit the number of concurrent shard requests. |
preference | string | No | — | The nodes and shards used for the search. By default, Elasticsearch selects from eligible nodes and shards using adaptive replica selection, accounting for allocation awareness. Valid values are: * _only_local to run the search only on shards on the local node. * _local to, if possible, run the search on shards on the local node, or if not, select shards using the default method. * _only_nodes:<node-id>,<node-id> to run the search on only the specified nodes IDs. If suitable shards exist on more than one selected node, use shards on those nodes using the default method. If none of the specified nodes are available, select shards from any available node using the default method. * _prefer_nodes:<node-id>,<node-id> to if possible, run the search on the specified nodes IDs. If not, select shards using the default method. * _shards:<shard>,<shard> to run the search only on the specified shards. You can combine this value with other preference values. However, the _shards value must come first. For example: _shards:2,3|_local. * <custom-string> (any string that does not start with _) to route searches with the same <custom-string> to the same shards in the same order. |
pre_filter_shard_size | number | No | — | A threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method (if date filters are mandatory to match but the shard bounds and the query are disjoint). When unspecified, the pre-filter phase is executed if any of these conditions is met: * The request targets more than 128 shards. * The request targets one or more read-only index. * The primary sort of the query targets an indexed field. |
request_cache | boolean | No | — | If true, the caching of search results is enabled for requests where size is 0. It defaults to index level settings. |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
scroll | string | No | — | The period to retain the search context for scrolling. By default, this value cannot exceed 1d (24 hours). You can change this limit by using the search.max_keep_alive cluster-level setting. |
search_type | string | No | — | Indicates how distributed term frequencies are calculated for relevance scoring. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
stats | string[] | No | — | Specific tag of the request for logging and statistical purposes. |
stored_fields | string[] | No | — | A comma-separated list of stored fields to return as part of a hit. If no fields are specified, no stored fields are included in the response. If this field is specified, the _source parameter defaults to false. You can pass _source: true to return both source fields and stored fields in the search response. |
suggest_field | string | No | — | The field to use for suggestions. |
suggest_mode | string | No | — | The suggest mode. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified. Supported values include: - missing: Only generate suggestions for terms that are not in the shard. - popular: Only suggest terms that occur in more docs on the shard than the original term. - always: Suggest any matching suggestions based on terms in the suggest text. |
suggest_size | number | No | — | The number of suggestions to return. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified. |
suggest_text | string | No | — | The source text for which the suggestions should be returned. This parameter can be used only when the suggest_field and suggest_text query string parameters are specified. |
terminate_after | number | No | — | The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers. If set to 0 (default), the query does not terminate early. |
timeout | string | No | — | The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. It defaults to no timeout. |
track_total_hits | object | No | — | The number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. |
track_scores | boolean | No | — | If true, the request calculates and returns document scores, even if the scores are not used for sorting. |
typed_keys | boolean | No | — | If true, aggregation and suggester names are be prefixed by their respective types in the response. |
rest_total_hits_as_int | boolean | No | — | Indicates whether hits.total should be rendered as an integer or an object in the rest search response. |
version | boolean | No | — | If true, the request returns the document version as part of a hit. |
_source | object | No | — | The source fields that are returned for matching documents. These fields are returned in the hits._source property of the search response. Valid values are: * true to return the entire document source. * false to not return the document source. * <string> to return the source fields that are specified as a comma-separated list that supports wildcard (*) patterns. |
_source_excludes | string[] | No | — | A comma-separated list of source fields to exclude from the response. You can also use this parameter to exclude fields from the subset specified in _source_includes query parameter. If the _source parameter is false, this parameter is ignored. |
_source_exclude_vectors | boolean | No | — | Whether vectors should be excluded from _source |
_source_includes | string[] | No | — | A comma-separated list of source fields to include in the response. If this parameter is specified, only these source fields are returned. You can exclude fields from this subset using the _source_excludes query parameter. If the _source parameter is false, this parameter is ignored. |
seq_no_primary_term | boolean | No | — | If true, the request returns the sequence number and primary term of the last modification of each hit. |
q | string | No | — | A query in the Lucene query string syntax. Query parameter searches do not support the full Elasticsearch Query DSL but are handy for testing. IMPORTANT: This parameter overrides the query parameter in the request body. If both parameters are specified, documents matching the query request body parameter are not returned. |
size | number | No | — | The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter. |
from | number | No | — | The starting document offset, which must be non-negative. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter. |
sort | string[] | No | — | A comma-separated list of <field>:<direction> pairs. |
aggregations | object | No | — | Defines the aggregations that are run as part of the search request. |
collapse | object | No | — | Collapses search results the values of the specified field. |
ext | object | No | — | Configuration of search extensions defined by Elasticsearch plugins. |
fields | object[] | No | — | An array of wildcard (*) field patterns. The request returns values for field names matching these patterns in the hits.fields property of the response. |
highlight | object | No | — | Specifies the highlighter to use for retrieving highlighted snippets from one or more fields in your search results. |
indices_boost | object[] | No | — | Boost the _score of documents from specified indices. The boost value is the factor by which scores are multiplied. A boost value greater than 1.0 increases the score. A boost value between 0 and 1.0 decreases the score. |
knn | object[] | No | — | The approximate kNN search to run. |
min_score | number | No | — | The minimum _score for matching documents. Documents with a lower _score are not included in search results and results collected by aggregations. |
pit | object | No | — | Limit the search to a point in time (PIT). If you provide a PIT, you cannot specify an <index> in the request path. |
post_filter | object | No | — | Use the post_filter parameter to filter search results. The search hits are filtered after the aggregations are calculated. A post filter has no impact on the aggregation results. |
profile | boolean | No | — | Set to true to return detailed timing information about the execution of individual components in a search request. NOTE: This is a debugging tool and adds significant overhead to search execution. |
query | object | No | — | The search definition using the Query DSL. |
rank | object | No | — | The Reciprocal Rank Fusion (RRF) to use. |
rescore | object | No | — | Can be used to improve precision by reordering just the top (for example 100 - 500) documents returned by the query and post_filter phases. |
retriever | object | No | — | A retriever is a specification to describe top documents returned from a search. A retriever replaces other elements of the search API that also return top documents such as query and knn. |
runtime_mappings | object | No | — | One or more runtime fields in the search request. These fields take precedence over mapped fields with the same name. |
script_fields | object | No | — | Retrieve a script evaluation (based on different fields) for each hit. |
search_after | object | No | — | Used to retrieve the next page of hits using a set of sort values from the previous page. |
slice | object | No | — | Split a scrolled search into multiple slices that can be consumed independently. |
suggest | object | No | — | Defines a suggester that provides similar looking terms based on a provided text. |
elasticsearch_search_shards
Get the search shards Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams and indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
expand_wildcards | string[] | No | — | Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
local | boolean | No | — | If true, the request retrieves information from the local node only. |
master_timeout | string | No | — | The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. IT can also be set to -1 to indicate that the request should never timeout. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
elasticsearch_search_template
Run a search with a search template Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
ccs_minimize_roundtrips | boolean | No | — | Indicates whether network round-trips should be minimized as part of cross-cluster search requests execution. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
explain | boolean | No | — | If true, the response includes additional details about score computation as part of a hit. |
ignore_throttled | boolean | No | — | If true, specified concrete, expanded, or aliased indices are not included in the response when throttled. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
profile | boolean | No | — | If true, the query execution is profiled. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
scroll | string | No | — | Specifies how long a consistent view of the index should be maintained for scrolled search. |
search_type | string | No | — | The type of the search operation. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
rest_total_hits_as_int | boolean | No | — | If true, hits.total is rendered as an integer in the response. If false, it is rendered as an object. |
typed_keys | boolean | No | — | If true, the response prefixes aggregation and suggester names with their respective types. |
id | object | No | — | The ID of the search template to use. If no source is specified, this parameter is required. |
params | object | No | — | Key-value pairs used to replace Mustache variables in the template. The key is the variable name. The value is the variable value. |
source | object | No | — | An inline search template. Supports the same parameters as the search API’s request body. It also supports Mustache variables. If no id is specified, this parameter is required. |
elasticsearch_search_terms_enum
Get terms in an index Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and index aliases to search. Wildcard (*) expressions are supported. To search all data streams or indices, omit this parameter or use * or _all. |
case_insensitive | boolean | No | — | When true, the provided search string is matched against index terms without case sensitivity. |
field | object | Yes | — | The string to match at the start of indexed terms. If not provided, all terms in the field are considered. |
index_filter | object | No | — | Filter an index shard if the provided query rewrites to match_none. |
search_after | string | No | — | The string after which terms in the index should be returned. It allows for a form of pagination if the last result from one request is passed as the search_after parameter for a subsequent request. |
size | number | No | — | The number of matching terms to return. |
string | string | No | — | The string to match at the start of indexed terms. If it is not provided, all terms in the field are considered. > info > The prefix string cannot be larger than the largest possible keyword value, which is Lucene’s term byte-length limit of 32766. |
timeout | object | No | — | The maximum length of time to spend collecting results. If the timeout is exceeded the complete flag set to false in the response and the results may be partial or empty. |
elasticsearch_search_termvectors
Get term vector information Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the index that contains the document. |
id | string | Yes | — | A unique identifier for the document. |
fields | string[] | No | — | A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters. |
field_statistics | boolean | No | — | If true, the response includes: * The document count (how many documents contain this field). * The sum of document frequencies (the sum of document frequencies for all terms in this field). * The sum of total term frequencies (the sum of total term frequencies of each term in this field). |
offsets | boolean | No | — | If true, the response includes term offsets. |
payloads | boolean | No | — | If true, the response includes term payloads. |
positions | boolean | No | — | If true, the response includes term positions. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
realtime | boolean | No | — | If true, the request is real-time as opposed to near-real-time. |
routing | string[] | No | — | A custom value that is used to route operations to a specific shard. |
term_statistics | boolean | No | — | If true, the response includes: * The total term frequency (how often a term occurs in all documents). * The document frequency (the number of documents containing the current term). By default these values are not returned since term statistics can have a serious performance impact. |
version | number | No | — | If true, returns the document version as part of a hit. |
version_type | string | No | — | The version type. Supported values include: - internal: Use internal versioning that starts at 1 and increments with each update or delete. - external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document. - external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data. |
doc | object | No | — | An artificial document (a document not present in the index) for which you want to retrieve term vectors. |
filter | object | No | — | Filter terms based on their tf-idf scores. This could be useful in order find out a good characteristic vector of a document. This feature works in a similar manner to the second phase of the More Like This Query. |
per_field_analyzer | object | No | — | Override the default per-field analyzer. This is useful in order to generate term vectors in any fashion, especially when using artificial documents. When providing an analyzer for a field that already stores term vectors, the term vectors will be regenerated. |
elasticsearch_search_update
Update a document Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string | Yes | — | The name of the target index. By default, the index is created automatically if it doesn’t exist. |
id | string | Yes | — | A unique identifier for the document to be updated. |
if_primary_term | number | No | — | Only perform the operation if the document has this primary term. |
if_seq_no | number | No | — | Only perform the operation if the document has this sequence number. |
include_source_on_error | boolean | No | — | True or false if to include the document source in the error message in case of parsing errors. |
lang | string | No | — | The script language. |
refresh | string | No | — | If ‘true’, Elasticsearch refreshes the affected shards to make this operation visible to search. If ‘wait_for’, it waits for a refresh to make this operation visible to search. If ‘false’, it does nothing with refreshes. |
require_alias | boolean | No | — | If true, the destination must be an index alias. |
retry_on_conflict | number | No | — | The number of times the operation should be retried when a conflict occurs. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
timeout | string | No | — | The period to wait for the following operations: dynamic mapping updates and waiting for active shards. Elasticsearch waits for at least the timeout period before failing. The actual wait time could be longer, particularly when multiple waits occur. |
wait_for_active_shards | object | No | — | The number of copies of each shard that must be active before proceeding with the operation. Set to ‘all’ or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active. |
_source | object | No | — | If false, source retrieval is turned off. You can also specify a comma-separated list of the fields you want to retrieve. |
_source_excludes | string[] | No | — | The source fields you want to exclude. |
_source_includes | string[] | No | — | The source fields you want to retrieve. |
detect_noop | boolean | No | — | If true, the result in the response is set to noop (no operation) when there are no changes to the document. |
doc | object | No | — | A partial update to an existing document. If both doc and script are specified, doc is ignored. |
doc_as_upsert | boolean | No | — | If true, use the contents of ‘doc’ as the value of ‘upsert’. NOTE: Using ingest pipelines with doc_as_upsert is not supported. |
script | object | No | — | The script to run to update the document. |
scripted_upsert | boolean | No | — | If true, run the script whether or not the document exists. |
upsert | object | No | — | If the document does not already exist, the contents of ‘upsert’ are inserted as a new document. If the document exists, the ‘script’ is run. |
elasticsearch_search_update_by_query
Update documents Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
index | string[] | Yes | — | A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams or indices, omit this parameter or use * or _all. |
allow_no_indices | boolean | No | — | A setting that does two separate checks on the index expression. If false, the request returns an error (1) if any wildcard expression (including _all and *) resolves to zero matching indices or (2) if the complete set of resolved indices, aliases or data streams is empty after all expressions are evaluated. If true, index expressions that resolve to no indices are allowed and the request returns an empty result. |
analyzer | string | No | — | The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified. |
analyze_wildcard | boolean | No | — | If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified. |
conflicts | string | No | — | The preferred behavior when update by query hits version conflicts: abort or proceed. Supported values include: - abort: Stop reindexing if there are conflicts. - proceed: Continue reindexing even if there are conflicts. |
default_operator | string | No | — | The default operator for query string query: and or or. This parameter can be used only when the q query string parameter is specified. |
df | string | No | — | The field to use as default where no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified. |
expand_wildcards | string[] | No | — | The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values, such as open,hidden. Supported values include: - all: Match any data stream or index, including hidden ones. - open: Match open, non-hidden indices. Also matches any non-hidden data stream. - closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed. - hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both. - none: Wildcard expressions are not accepted. |
from | number | No | — | Skips the specified number of documents. |
ignore_unavailable | boolean | No | — | If false, the request returns an error if it targets a concrete (non-wildcarded) index, alias, or data stream that is missing, closed, or otherwise unavailable. If true, unavailable concrete targets are silently ignored. |
lenient | boolean | No | — | If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified. |
max_docs | number | No | — | The maximum number of documents to process. It defaults to all documents. When set to a value less than or equal to scroll_size and conflicts is set to abort, a scroll will not be used to retrieve the results for the operation. |
pipeline | string | No | — | The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request. If a final pipeline is configured it will always run, regardless of the value of this parameter. |
preference | string | No | — | The node or shard the operation should be performed on. It is random by default. |
q | string | No | — | A query in the Lucene query string syntax. |
refresh | boolean | No | — | If true, Elasticsearch refreshes affected shards to make the operation visible to search after the request completes. This is different than the update API’s refresh parameter, which causes just the shard that received the request to be refreshed. |
request_cache | boolean | No | — | If true, the request cache is used for this request. It defaults to the index-level setting. |
requests_per_second | number | No | — | The throttle for this request in sub-requests per second. |
routing | string[] | No | — | A custom value used to route operations to a specific shard. |
scroll | string | No | — | The period to retain the search context for scrolling. |
scroll_size | number | No | — | The size of the scroll request that powers the operation. |
search_timeout | string | No | — | An explicit timeout for each search request. By default, there is no timeout. |
search_type | string | No | — | The type of the search operation. Available options include query_then_fetch and dfs_query_then_fetch. Supported values include: - query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate. - dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate. |
slices | object | No | — | The number of slices this task should be divided into. |
sort | string[] | No | — | A comma-separated list of <field>:<direction> pairs. |
stats | string[] | No | — | The specific tag of the request for logging and statistical purposes. |
terminate_after | number | No | — | The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers. |
timeout | string | No | — | The period each update request waits for the following operations: dynamic mapping updates, waiting for active shards. By default, it is one minute. This guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur. |
version | boolean | No | — | If true, returns the document version as part of a hit. |
version_type | boolean | No | — | Should the document increment the version number (internal) on hit or not (reindex) |
wait_for_active_shards | object | No | — | The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The timeout parameter controls how long each write request waits for unavailable shards to become available. Both work exactly the way they work in the bulk API. |
wait_for_completion | boolean | No | — | If true, the request blocks until the operation is complete. If false, Elasticsearch performs some preflight checks, launches the request, and returns a task ID that you can use to cancel or get the status of the task. Elasticsearch creates a record of this task as a document at .tasks/task/${taskId}. |
query | object | No | — | The documents to update using the Query DSL. |
script | object | No | — | The script to run to update the document source or metadata when updating. |
slice | object | No | — | Slice the request manually using the provided slice ID and total number of slices. |
elasticsearch_search_update_by_query_rethrottle
Throttle an update by query operation Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
task_id | string | Yes | — | The ID for the task. |
requests_per_second | number | Yes | — | The throttle for this request in sub-requests per second. To turn off throttling, set it to -1. |