X-Pack APIs

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package. While the X-Pack components are designed to work together seamlessly, you can easily enable or disable the features you want to use.

Info

X-Pack info provides general info about the installed X-Pack.

class elasticsearch.client.xpack.XPackClient(*args, **kwargs)
info(**kwargs)

Retrieve information about xpack, including build number/timestamp and license status https://www.elastic.co/guide/en/elasticsearch/reference/current/info-api.html

Parameters:
  • categories – Comma-separated list of info categories. Can be any of: build, license, features
  • human – Presents additional info for humans (feature descriptions and X-Pack tagline)
usage(**kwargs)

Retrieve information about xpack features usage

Parameters:master_timeout – Specify timeout for watch write operation

Graph Explore

X-Pack Graph Explore enables you to extract and summarize information about the documents and terms in your Elasticsearch index.

class elasticsearch.client.xpack.graph.GraphClient(client)
explore(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/graph-explore-api.html

Parameters:
  • index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
  • doc_type – A comma-separated list of document types to search; leave empty to perform the operation on all types
  • body – Graph Query DSL
  • routing – Specific routing value
  • timeout – Explicit operation timeout

Licensing API

Licensing API can be used to manage your licences.

class elasticsearch.client.xpack.license.LicenseClient(client)
delete(**kwargs)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

get(**kwargs)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

Parameters:local – Return local information, do not retrieve the state from master node (default: false)
post(**kwargs)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

Parameters:
  • body – licenses to be installed
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)

Machine Learning APIs

Machine Learning can be useful for discovering new patterns about your data. For a more detailed explanation about X-Pack’s machine learning please refer to the official documentation.

class elasticsearch.client.xpack.ml.MlClient(client)
close_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-close-job.html

Parameters:
  • job_id – The name of the job to close
  • force – True if the job should be forcefully closed
  • timeout – Controls the time to wait until a job has closed. Default to 30 minutes
delete_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to delete
  • force – True if the datafeed should be forcefully deleted
delete_expired_data(**kwargs)
delete_filter(**kwargs)
Parameters:filter_id – The ID of the filter to delete
delete_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-job.html

Parameters:
  • job_id – The ID of the job to delete
  • force – True if the job should be forcefully deleted
delete_model_snapshot(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to delete
flush_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-flush-job.html

Parameters:
  • job_id – The name of the job to flush
  • body – Flush parameters
  • advance_time – Advances time to the given value generating results and updating the model for the advanced interval
  • calc_interim – Calculates interim results for the most recent bucket or all buckets within the latency period
  • end – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
  • skip_time – Skips time to the given value without generating results or updating the model for the skipped interval
  • start – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
forecast_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-forecast.html

Parameters:
  • job_id – The name of the job to close
  • duration – A period of time that indicates how far into the future to forecast
  • expires_in – The period of time that forecast results are retained.
get_buckets(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-bucket.html

Parameters:
  • job_id – ID of the job to get bucket results from
  • timestamp – The timestamp of the desired single bucket result
  • body – Bucket selection details if not provided in URI
  • anomaly_score – Filter for the most anomalous buckets
  • desc – Set the sort direction
  • end – End time filter for buckets
  • exclude_interim – Exclude interim results
  • expand – Include anomaly records
  • from – skips a number of buckets
  • size – specifies a max number of buckets to get
  • sort – Sort buckets by a particular field
  • start – Start time filter for buckets
get_categories(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-category.html

Parameters:
  • job_id – The name of the job
  • category_id – The identifier of the category definition of interest
  • body – Category selection details if not provided in URI
  • from – skips a number of categories
  • size – specifies a max number of categories to get
get_datafeed_stats(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-datafeed-stats.html

Parameters:datafeed_id – The ID of the datafeeds stats to fetch
get_datafeeds(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-datafeed.html

Parameters:datafeed_id – The ID of the datafeeds to fetch
get_filters(**kwargs)
Parameters:
  • filter_id – The ID of the filter to fetch
  • from – skips a number of filters
  • size – specifies a max number of filters to get
get_influencers(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-influencer.html

Parameters:
  • job_id – None
  • body – Influencer selection criteria
  • desc – whether the results should be sorted in decending order
  • end – end timestamp for the requested influencers
  • exclude_interim – Exclude interim results
  • from – skips a number of influencers
  • influencer_score – influencer score threshold for the requested influencers
  • size – specifies a max number of influencers to get
  • sort – sort field for the requested influencers
  • start – start timestamp for the requested influencers
get_job_stats(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job-stats.html

Parameters:job_id – The ID of the jobs stats to fetch
get_jobs(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html

Parameters:job_id – The ID of the jobs to fetch
get_model_snapshots(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to fetch
  • body – Model snapshot selection criteria
  • desc – True if the results should be sorted in descending order
  • end – The filter ‘end’ query parameter
  • from – Skips a number of documents
  • size – The default number of documents returned in queries as a string.
  • sort – Name of the field to sort on
  • start – The filter ‘start’ query parameter
get_records(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-record.html

Parameters:
  • job_id – None
  • body – Record selection criteria
  • desc – Set the sort direction
  • end – End time filter for records
  • exclude_interim – Exclude interim results
  • from – skips a number of records
  • record_score
  • size – specifies a max number of records to get
  • sort – Sort records by a particular field
  • start – Start time filter for records
open_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-open-job.html

Parameters:job_id – The ID of the job to open
post_data(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-post-data.html

Parameters:
  • job_id – The name of the job receiving the data
  • body – The data to process
  • reset_end – Optional parameter to specify the end of the bucket resetting range
  • reset_start – Optional parameter to specify the start of the bucket resetting range
preview_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-preview-datafeed.html

Parameters:datafeed_id – The ID of the datafeed to preview
put_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-put-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to create
  • body – The datafeed config
put_filter(**kwargs)
Parameters:
  • filter_id – The ID of the filter to create
  • body – The filter details
put_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-put-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job
revert_model_snapshot(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-revert-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to revert to
  • body – Reversion options
  • delete_intervening_results – Should we reset the results back to the time of the snapshot?
start_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-start-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to start
  • body – The start datafeed parameters
  • end – The end time when the datafeed should stop. When not set, the datafeed continues in real time
  • start – The start time from where the datafeed should begin
  • timeout – Controls the time to wait until a datafeed has started. Default to 20 seconds
stop_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-stop-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to stop
  • force – True if the datafeed should be forcefully stopped.
  • timeout – Controls the time to wait until a datafeed has stopped. Default to 20 seconds
update_datafeed(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to update
  • body – The datafeed update settings
update_job(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job update settings
update_model_snapshot(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to update
  • body – The model snapshot properties to update
validate(**kwargs)
Parameters:body – The job config
validate_detector(**kwargs)
Parameters:body – The detector

Security APIs

Security API can be used to help secure your Elasticsearch cluster. Integrating with LDAP and Active Directory.

class elasticsearch.client.xpack.security.SecurityClient(client)
authenticate(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html

change_password(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html

Parameters:
  • body – the new password for the user
  • username – The username of the user to change the password for
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
clear_cached_realms(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html

Parameters:
  • realms – Comma-separated list of realms to clear
  • usernames – Comma-separated list of usernames to clear from the cache
clear_cached_roles(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-clear-role-cache

Parameters:name – Role name
delete_role(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-delete-role

Parameters:
  • name – Role name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
delete_role_mapping(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-delete-role-mapping

Parameters:
  • name – Role-mapping name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
delete_user(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-delete-user

Parameters:
  • username – username
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
disable_user(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-disable-user

Parameters:
  • username – The username of the user to disable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
enable_user(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-enable-user

Parameters:
  • username – The username of the user to enable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
get_role(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-get-role

Parameters:name – Role name
get_role_mapping(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-get-role-mapping

Parameters:name – Role-Mapping name
get_token(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-get-token

Parameters:body – The token request to get
get_user(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-get-user

Parameters:username – A comma-separated list of usernames
invalidate_token(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-invalidate-token

Parameters:body – The token to invalidate
put_role(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-put-role

Parameters:
  • name – Role name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
put_role_mapping(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-put-role-mapping

Parameters:
  • name – Role-mapping name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
put_user(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-put-user

Parameters:
  • username – The username of the User
  • body – The user to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’

Watcher APIs

Watcher API can be used to notify you when certain pre-defined thresholds have happened.

class elasticsearch.client.xpack.watcher.WatcherClient(client)
ack_watch(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-ack-watch.html

Parameters:
  • watch_id – Watch ID
  • action_id – A comma-separated list of the action ids to be acked
  • master_timeout – Explicit operation timeout for connection to master node
activate_watch(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-activate-watch.html

Parameters:
  • watch_id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
deactivate_watch(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-deactivate-watch.html

Parameters:
  • watch_id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
delete_watch(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-delete-watch.html

Parameters:
  • id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
execute_watch(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-execute-watch.html

Parameters:
  • id – Watch ID
  • body – Execution control
  • debug – indicates whether the watch should execute in debug mode
get_watch(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-get-watch.html

Parameters:id – Watch ID
put_watch(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-put-watch.html

Parameters:
  • id – Watch ID
  • body – The watch
  • active – Specify whether the watch is in/active by default
  • master_timeout – Explicit operation timeout for connection to master node
restart(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-restart.html

start(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-start.html

stats(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-stats.html

Parameters:
  • metric – Controls what additional stat metrics should be include in the response
  • emit_stacktraces – Emits stack traces of currently running watches
stop(**kwargs)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-stop.html

Migration APIs

Migration API helps simplify upgrading X-Pack indices from one version to another.

class elasticsearch.client.xpack.migration.MigrationClient(client)
get_assistance(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/migration-api-assistance.html

Parameters:
  • index – A comma-separated list of index names; use _all or empty string to perform the operation on all indices
  • allow_no_indices – Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
  • expand_wildcards – Whether to expand wildcard expression to concrete indices that are open, closed or both., default ‘open’, valid choices are: ‘open’, ‘closed’, ‘none’, ‘all’
  • ignore_unavailable – Whether specified concrete indices should be ignored when unavailable (missing or closed)
upgrade(**kwargs)

https://www.elastic.co/guide/en/elasticsearch/reference/current/migration-api-upgrade.html

Parameters:
  • index – The name of the index
  • wait_for_completion – Should the request block until the upgrade operation is completed, default True