X-Pack APIs

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package. While the X-Pack components are designed to work together seamlessly, you can easily enable or disable the features you want to use.

Info

X-Pack info provides general info about the installed X-Pack.

class elasticsearch.client.xpack.XPackClient(*args, **kwargs)
info(params=None)

Retrieve information about xpack, including build number/timestamp and license status https://www.elastic.co/guide/en/elasticsearch/reference/current/info-api.html

Parameters:
  • categories – Comma-separated list of info categories. Can be any of: build, license, features
  • human – Presents additional info for humans (feature descriptions and X-Pack tagline)
usage(params=None)

Retrieve information about xpack features usage

Parameters:master_timeout – Specify timeout for watch write operation

Graph Explore APIs

Graph Explore API enables you to extract and summarize information about the documents and terms in your Elasticsearch index.

class elasticsearch.client.xpack.graph.GraphClient(client)
explore(index=None, doc_type=None, body=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/graph-explore-api.html

Parameters:
  • index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
  • doc_type – A comma-separated list of document types to search; leave empty to perform the operation on all types
  • body – Graph Query DSL
  • routing – Specific routing value
  • timeout – Explicit operation timeout

Licensing APIs

Licensing API can be used to manage your licences.

class elasticsearch.client.xpack.license.LicenseClient(client)
delete(params=None)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

get(params=None)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

Parameters:local – Return local information, do not retrieve the state from master node (default: false)
post(body=None, params=None)

https://www.elastic.co/guide/en/x-pack/current/license-management.html

Parameters:
  • body – licenses to be installed
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)

Machine Learning APIs

Machine Learning can be useful for discovering new patterns about your data. For a more detailed explanation about X-Pack’s machine learning please refer to the official documentation.

class elasticsearch.client.xpack.ml.MlClient(client)
close_job(job_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-close-job.html

Parameters:
  • job_id – The name of the job to close
  • force – True if the job should be forcefully closed
  • timeout – Controls the time to wait until a job has closed. Default to 30 minutes
delete_datafeed(datafeed_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to delete
  • force – True if the datafeed should be forcefully deleted
delete_filter(filter_id, params=None)
Parameters:filter_id – The ID of the filter to delete
delete_job(job_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-job.html

Parameters:
  • job_id – The ID of the job to delete
  • force – True if the job should be forcefully deleted
delete_model_snapshot(job_id, snapshot_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-delete-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to delete
flush_job(job_id, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-flush-job.html

Parameters:
  • job_id – The name of the job to flush
  • body – Flush parameters
  • advance_time – Advances time to the given value generating results and updating the model for the advanced interval
  • calc_interim – Calculates interim results for the most recent bucket or all buckets within the latency period
  • end – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
  • skip_time – Skips time to the given value without generating results or updating the model for the skipped interval
  • start – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
forecast_job(job_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-forecast.html

Parameters:
  • job_id – The name of the job to close
  • duration – A period of time that indicates how far into the future to forecast
  • expires_in – The period of time that forecast results are retained.
get_buckets(job_id, timestamp=None, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-bucket.html

Parameters:
  • job_id – ID of the job to get bucket results from
  • timestamp – The timestamp of the desired single bucket result
  • body – Bucket selection details if not provided in URI
  • anomaly_score – Filter for the most anomalous buckets
  • desc – Set the sort direction
  • end – End time filter for buckets
  • exclude_interim – Exclude interim results
  • expand – Include anomaly records
  • from – skips a number of buckets
  • size – specifies a max number of buckets to get
  • sort – Sort buckets by a particular field
  • start – Start time filter for buckets
get_categories(job_id, category_id=None, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-category.html

Parameters:
  • job_id – The name of the job
  • category_id – The identifier of the category definition of interest
  • body – Category selection details if not provided in URI
  • from – skips a number of categories
  • size – specifies a max number of categories to get
get_datafeed_stats(datafeed_id=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-datafeed-stats.html

Parameters:datafeed_id – The ID of the datafeeds stats to fetch
get_datafeeds(datafeed_id=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-datafeed.html

Parameters:datafeed_id – The ID of the datafeeds to fetch
get_filters(filter_id=None, params=None)
Parameters:
  • filter_id – The ID of the filter to fetch
  • from – skips a number of filters
  • size – specifies a max number of filters to get
get_influencers(job_id, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-influencer.html

Parameters:
  • job_id – None
  • body – Influencer selection criteria
  • desc – whether the results should be sorted in decending order
  • end – end timestamp for the requested influencers
  • exclude_interim – Exclude interim results
  • from – skips a number of influencers
  • influencer_score – influencer score threshold for the requested influencers
  • size – specifies a max number of influencers to get
  • sort – sort field for the requested influencers
  • start – start timestamp for the requested influencers
get_job_stats(job_id=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job-stats.html

Parameters:job_id – The ID of the jobs stats to fetch
get_jobs(job_id=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html

Parameters:job_id – The ID of the jobs to fetch
get_model_snapshots(job_id, snapshot_id=None, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to fetch
  • body – Model snapshot selection criteria
  • desc – True if the results should be sorted in descending order
  • end – The filter ‘end’ query parameter
  • from – Skips a number of documents
  • size – The default number of documents returned in queries as a string.
  • sort – Name of the field to sort on
  • start – The filter ‘start’ query parameter
get_records(job_id, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-record.html

Parameters:
  • job_id – None
  • body – Record selection criteria
  • desc – Set the sort direction
  • end – End time filter for records
  • exclude_interim – Exclude interim results
  • from – skips a number of records
  • record_score
  • size – specifies a max number of records to get
  • sort – Sort records by a particular field
  • start – Start time filter for records
open_job(job_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-open-job.html

Parameters:job_id – The ID of the job to open
post_data(job_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-post-data.html

Parameters:
  • job_id – The name of the job receiving the data
  • body – The data to process
  • reset_end – Optional parameter to specify the end of the bucket resetting range
  • reset_start – Optional parameter to specify the start of the bucket resetting range
preview_datafeed(datafeed_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-preview-datafeed.html

Parameters:datafeed_id – The ID of the datafeed to preview
put_datafeed(datafeed_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-put-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to create
  • body – The datafeed config
put_filter(filter_id, body, params=None)
Parameters:
  • filter_id – The ID of the filter to create
  • body – The filter details
put_job(job_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-put-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job
revert_model_snapshot(job_id, snapshot_id, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-revert-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to revert to
  • body – Reversion options
  • delete_intervening_results – Should we reset the results back to the time of the snapshot?
start_datafeed(datafeed_id, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-start-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to start
  • body – The start datafeed parameters
  • end – The end time when the datafeed should stop. When not set, the datafeed continues in real time
  • start – The start time from where the datafeed should begin
  • timeout – Controls the time to wait until a datafeed has started. Default to 20 seconds
stop_datafeed(datafeed_id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-stop-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to stop
  • force – True if the datafeed should be forcefully stopped.
  • timeout – Controls the time to wait until a datafeed has stopped. Default to 20 seconds
update_datafeed(datafeed_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to update
  • body – The datafeed update settings
update_job(job_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job update settings
update_model_snapshot(job_id, snapshot_id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/ml-update-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to update
  • body – The model snapshot properties to update
validate(body, params=None)
Parameters:body – The job config
validate_detector(body, params=None)
Parameters:body – The detector

Security APIs

Security API can be used to help secure your Elasticsearch cluster. Integrating with LDAP and Active Directory.

class elasticsearch.client.xpack.security.SecurityClient(client)
authenticate(params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html

change_password(body, username=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html

Parameters:
  • body – the new password for the user
  • username – The username of the user to change the password for
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
clear_cached_realms(realms, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html

Parameters:
  • realms – Comma-separated list of realms to clear
  • usernames – Comma-separated list of usernames to clear from the cache
clear_cached_roles(name, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-clear-role-cache

Parameters:name – Role name
delete_role(name, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-delete-role

Parameters:
  • name – Role name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
delete_role_mapping(name, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-delete-role-mapping

Parameters:
  • name – Role-mapping name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
delete_user(username, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-delete-user

Parameters:
  • username – username
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
disable_user(username=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-disable-user

Parameters:
  • username – The username of the user to disable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
enable_user(username=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-enable-user

Parameters:
  • username – The username of the user to enable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
get_role(name=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-get-role

Parameters:name – Role name
get_role_mapping(name=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-get-role-mapping

Parameters:name – Role-Mapping name
get_token(body, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-get-token

Parameters:body – The token request to get
get_user(username=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-get-user

Parameters:username – A comma-separated list of usernames
invalidate_token(body, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-invalidate-token

Parameters:body – The token to invalidate
put_role(name, body, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-roles.html#security-api-put-role

Parameters:
  • name – Role name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
put_role_mapping(name, body, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-role-mapping.html#security-api-put-role-mapping

Parameters:
  • name – Role-mapping name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’
put_user(username, body, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-users.html#security-api-put-user

Parameters:
  • username – The username of the User
  • body – The user to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes., valid choices are: ‘true’, ‘false’, ‘wait_for’

Watcher APIs

Watcher API can be used to notify you when certain pre-defined thresholds have happened.

class elasticsearch.client.xpack.watcher.WatcherClient(client)
ack_watch(watch_id, action_id=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-ack-watch.html

Parameters:
  • watch_id – Watch ID
  • action_id – A comma-separated list of the action ids to be acked
  • master_timeout – Explicit operation timeout for connection to master node
activate_watch(watch_id, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-activate-watch.html

Parameters:
  • watch_id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
deactivate_watch(watch_id, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-deactivate-watch.html

Parameters:
  • watch_id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
delete_watch(id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-delete-watch.html

Parameters:
  • id – Watch ID
  • master_timeout – Explicit operation timeout for connection to master node
execute_watch(id=None, body=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-execute-watch.html

Parameters:
  • id – Watch ID
  • body – Execution control
  • debug – indicates whether the watch should execute in debug mode
get_watch(id, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-get-watch.html

Parameters:id – Watch ID
put_watch(id, body, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-put-watch.html

Parameters:
  • id – Watch ID
  • body – The watch
  • active – Specify whether the watch is in/active by default
  • master_timeout – Explicit operation timeout for connection to master node
restart(params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-restart.html

start(params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-start.html

stats(metric=None, params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-stats.html

Parameters:
  • metric – Controls what additional stat metrics should be include in the response
  • emit_stacktraces – Emits stack traces of currently running watches
stop(params=None)

http://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-api-stop.html

Migration APIs

Migration API helps simplify upgrading X-Pack indices from one version to another.

class elasticsearch.client.xpack.migration.MigrationClient(client)
get_assistance(index=None, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/migration-api-assistance.html

Parameters:
  • index – A comma-separated list of index names; use _all or empty string to perform the operation on all indices
  • allow_no_indices – Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
  • expand_wildcards – Whether to expand wildcard expression to concrete indices that are open, closed or both., default ‘open’, valid choices are: ‘open’, ‘closed’, ‘none’, ‘all’
  • ignore_unavailable – Whether specified concrete indices should be ignored when unavailable (missing or closed)
upgrade(index, params=None)

https://www.elastic.co/guide/en/elasticsearch/reference/current/migration-api-upgrade.html

Parameters:
  • index – The name of the index
  • wait_for_completion – Should the request block until the upgrade operation is completed, default True

Monitoring APIs

Monitoring API used to collect data from the Elasticsearch nodes, Logstash nodes, Kibana instances, and Beats in your cluster.

class elasticsearch.client.xpack.monitoring.MonitoringClient(client)
bulk(body, doc_type=None, params=None)

http://www.elastic.co/guide/en/monitoring/current/appendix-api-bulk.html

Parameters:
  • body – The operation definition and data (action-data pairs), separated by newlines
  • doc_type – Default document type for items which don’t provide one
  • interval – Collection interval (e.g., ’10s’ or ‘10000ms’) of the payload
  • system_api_version – API Version of the monitored system
  • system_id – Identifier of the monitored system

Deprecation APIs

Deprecation API used to retrieve information about different cluster, node, and index level settings that use deprecated features that will be removed or changed in the next major version.

class elasticsearch.client.xpack.deprecation.DeprecationClient(client)
info(index=None, params=None)

http://www.elastic.co/guide/en/migration/current/migration-api-deprecation.html

Parameters:index – Index pattern