X-Pack APIs

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package. While the X-Pack components are designed to work together seamlessly, you can easily enable or disable the features you want to use.

Info

X-Pack info provides general info about the installed X-Pack.

class elasticsearch.client.xpack.XPackClient(client)
info(params=None, headers=None)

Retrieves information about the installed X-Pack features. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/info-api.html

Parameters:
  • accept_enterprise – If an enterprise license is installed, return the type and mode as ‘enterprise’ (default: false)
  • categories – Comma-separated list of info categories. Can be any of: build, license, features
usage(params=None, headers=None)

Retrieves usage information about the installed X-Pack features. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/usage-api.html

Parameters:master_timeout – Specify timeout for watch write operation

Async Search APIs

Async Search API lets you asynchronously execute a search request, monitor its progress, and retrieve partial results as they become available.

class elasticsearch.client.async_search.AsyncSearchClient(client)
delete(id, params=None, headers=None)

Deletes an async search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/async-search.html

Parameters:id – The async search ID
get(id, params=None, headers=None)

Retrieves the results of a previously submitted async search request given its ID. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/async-search.html

Parameters:
  • id – The async search ID
  • keep_alive – Specify the time interval in which the results (partial or final) for this search will be available
  • typed_keys – Specify whether aggregation and suggester names should be prefixed by their respective types in the response
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response
submit(body=None, index=None, params=None, headers=None)

Executes a search request asynchronously. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/async-search.html

Parameters:
  • body – The search definition using the Query DSL
  • index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
  • _source – True or false to return the _source field or not, or a list of fields to return
  • _source_excludes – A list of fields to exclude from the returned _source field
  • _source_includes – A list of fields to extract and return from the _source field
  • allow_no_indices – Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
  • allow_partial_search_results – Indicate if an error should be returned if there is a partial search failure or timeout Default: True
  • analyze_wildcard – Specify whether wildcard and prefix queries should be analyzed (default: false)
  • analyzer – The analyzer to use for the query string
  • batched_reduce_size – The number of shard results that should be reduced at once on the coordinating node. This value should be used as the granularity at which progress results will be made available. Default: 5
  • default_operator – The default operator for query string query (AND or OR) Valid choices: AND, OR Default: OR
  • df – The field to use as default where no field prefix is given in the query string
  • docvalue_fields – A comma-separated list of fields to return as the docvalue representation of a field for each hit
  • expand_wildcards – Whether to expand wildcard expression to concrete indices that are open, closed or both. Valid choices: open, closed, hidden, none, all Default: open
  • explain – Specify whether to return detailed information about score computation as part of a hit
  • from – Starting offset (default: 0)
  • ignore_throttled – Whether specified concrete, expanded or aliased indices should be ignored when throttled
  • ignore_unavailable – Whether specified concrete indices should be ignored when unavailable (missing or closed)
  • keep_alive – Update the time interval in which the results (partial or final) for this search will be available Default: 5d
  • keep_on_completion – Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false)
  • lenient – Specify whether format-based query failures (such as providing text to a numeric field) should be ignored
  • max_concurrent_shard_requests – The number of concurrent shard requests per node this search executes concurrently. This value should be used to limit the impact of the search on the cluster in order to limit the number of concurrent shard requests Default: 5
  • preference – Specify the node or shard the operation should be performed on (default: random)
  • q – Query in the Lucene query string syntax
  • request_cache – Specify if request cache should be used for this request or not, defaults to true
  • routing – A comma-separated list of specific routing values
  • search_type – Search operation type Valid choices: query_then_fetch, dfs_query_then_fetch
  • seq_no_primary_term – Specify whether to return sequence number and primary term of the last modification of each hit
  • size – Number of hits to return (default: 10)
  • sort – A comma-separated list of <field>:<direction> pairs
  • stats – Specific ‘tag’ of the request for logging and statistical purposes
  • stored_fields – A comma-separated list of stored fields to return as part of a hit
  • suggest_field – Specify which field to use for suggestions
  • suggest_mode – Specify suggest mode Valid choices: missing, popular, always Default: missing
  • suggest_size – How many suggestions to return in response
  • suggest_text – The source text for which the suggestions should be returned
  • terminate_after – The maximum number of documents to collect for each shard, upon reaching which the query execution will terminate early.
  • timeout – Explicit operation timeout
  • track_scores – Whether to calculate and return scores even if they are not used for sorting
  • track_total_hits – Indicate if the number of documents that match the query should be tracked
  • typed_keys – Specify whether aggregation and suggester names should be prefixed by their respective types in the response
  • version – Specify whether to return document version as part of a hit
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response Default: 1s

Autoscaling APIs

Autoscaling API gets the current autoscaling decision based on the configured autoscaling policy.

class elasticsearch.client.autoscaling.AutoscalingClient(client)
delete_autoscaling_policy(name, params=None, headers=None)

Deletes an autoscaling policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/autoscaling-delete-autoscaling-policy.html

Parameters:name – the name of the autoscaling policy
get_autoscaling_decision(params=None, headers=None)

Gets the current autoscaling decision based on the configured autoscaling policy, indicating whether or not autoscaling is needed. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/autoscaling-get-autoscaling-decision.html

get_autoscaling_policy(name, params=None, headers=None)

Retrieves an autoscaling policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/autoscaling-get-autoscaling-policy.html

Parameters:name – the name of the autoscaling policy
put_autoscaling_policy(name, body, params=None, headers=None)

Creates a new autoscaling policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/autoscaling-put-autoscaling-policy.html

Parameters:
  • name – the name of the autoscaling policy
  • body – the specification of the autoscaling policy

EQL APIs

EQL API allows querying with Event Query Language (EQL) to search logs and events and match them with shared properties.

class elasticsearch.client.eql.EqlClient(client)
delete(id, params=None, headers=None)

Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/eql-search-api.html

Parameters:id – The async search ID
get(id, params=None, headers=None)

Returns async results from previously executed Event Query Language (EQL) search https://www.elastic.co/guide/en/elasticsearch/reference/7.x/eql-search-api.html

Parameters:
  • id – The async search ID
  • keep_alive – Update the time interval in which the results (partial or final) for this search will be available Default: 5d
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response
search(index, body, params=None, headers=None)

Returns results matching a query expressed in Event Query Language (EQL) https://www.elastic.co/guide/en/elasticsearch/reference/7.x/eql-search-api.html

Parameters:
  • index – The name of the index to scope the operation
  • body – Eql request body. Use the query to limit the query scope.
  • keep_alive – Update the time interval in which the results (partial or final) for this search will be available Default: 5d
  • keep_on_completion – Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false)
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response

Graph Explore APIs

Graph Explore API enables you to extract and summarize information about the documents and terms in your Elasticsearch index.

class elasticsearch.client.graph.GraphClient(client)
explore(index, body=None, doc_type=None, params=None, headers=None)

Explore extracted and summarized information about the documents and terms in an index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/graph-explore-api.html

Parameters:
  • index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
  • body – Graph Query DSL
  • doc_type – A comma-separated list of document types to search; leave empty to perform the operation on all types
  • routing – Specific routing value
  • timeout – Explicit operation timeout

Licensing APIs

Licensing API can be used to manage your licences.

class elasticsearch.client.license.LicenseClient(client)
delete(params=None, headers=None)

Deletes licensing information for the cluster https://www.elastic.co/guide/en/elasticsearch/reference/7.x/delete-license.html

get(params=None, headers=None)

Retrieves licensing information for the cluster https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-license.html

Parameters:
  • accept_enterprise – If the active license is an enterprise license, return type as ‘enterprise’ (default: false)
  • local – Return local information, do not retrieve the state from master node (default: false)
get_basic_status(params=None, headers=None)

Retrieves information about the status of the basic license. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-basic-status.html

get_trial_status(params=None, headers=None)

Retrieves information about the status of the trial license. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-trial-status.html

post(body=None, params=None, headers=None)

Updates the license for the cluster. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/update-license.html

Parameters:
  • body – licenses to be installed
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)
post_start_basic(params=None, headers=None)

Starts an indefinite basic license. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/start-basic.html

Parameters:acknowledge – whether the user has acknowledged acknowledge messages (default: false)
post_start_trial(params=None, headers=None)

starts a limited time trial license. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/start-trial.html

Parameters:
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)
  • doc_type – The type of trial license to generate (default: “trial”)

Machine Learning APIs

Machine Learning can be useful for discovering new patterns about your data. For a more detailed explanation about X-Pack’s machine learning please refer to the official documentation.

class elasticsearch.client.ml.MlClient(client)
close_job(job_id, body=None, params=None, headers=None)

Closes one or more anomaly detection jobs. A job can be opened and closed multiple times throughout its lifecycle. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-close-job.html

Parameters:
  • job_id – The name of the job to close
  • body – The URL params optionally sent in the body
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • force – True if the job should be forcefully closed
  • timeout – Controls the time to wait until a job has closed. Default to 30 minutes
delete_calendar(calendar_id, params=None, headers=None)

Deletes a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-calendar.html

Parameters:calendar_id – The ID of the calendar to delete
delete_calendar_event(calendar_id, event_id, params=None, headers=None)

Deletes scheduled events from a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • event_id – The ID of the event to remove from the calendar
delete_calendar_job(calendar_id, job_id, params=None, headers=None)

Deletes anomaly detection jobs from a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-calendar-job.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • job_id – The ID of the job to remove from the calendar
delete_data_frame_analytics(id, params=None, headers=None)

Deletes an existing data frame analytics job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/delete-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to delete
  • force – True if the job should be forcefully deleted
  • timeout – Controls the time to wait until a job is deleted. Defaults to 1 minute
delete_datafeed(datafeed_id, params=None, headers=None)

Deletes an existing datafeed. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to delete
  • force – True if the datafeed should be forcefully deleted
delete_expired_data(body=None, job_id=None, params=None, headers=None)

Deletes expired and unused machine learning data. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-expired-data.html

Parameters:
  • body – deleting expired data parameters
  • job_id – The ID of the job(s) to perform expired data hygiene for
  • requests_per_second – The desired requests per second for the deletion processes.
  • timeout – How long can the underlying delete processes run until they are canceled
delete_filter(filter_id, params=None, headers=None)

Deletes a filter. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-filter.html

Parameters:filter_id – The ID of the filter to delete
delete_forecast(job_id, forecast_id=None, params=None, headers=None)

Deletes forecasts from a machine learning job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-forecast.html

Parameters:
  • job_id – The ID of the job from which to delete forecasts
  • forecast_id – The ID of the forecast to delete, can be comma delimited list. Leaving blank implies _all
  • allow_no_forecasts – Whether to ignore if _all matches no forecasts
  • timeout – Controls the time to wait until the forecast(s) are deleted. Default to 30 seconds
delete_job(job_id, params=None, headers=None)

Deletes an existing anomaly detection job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-job.html

Parameters:
  • job_id – The ID of the job to delete
  • force – True if the job should be forcefully deleted
  • wait_for_completion – Should this request wait until the operation has completed before returning Default: True
delete_model_snapshot(job_id, snapshot_id, params=None, headers=None)

Deletes an existing model snapshot. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-delete-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to delete
delete_trained_model(model_id, params=None, headers=None)

Deletes an existing trained inference model that is currently not referenced by an ingest pipeline. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/delete-inference.html

Parameters:model_id – The ID of the trained model to delete
estimate_model_memory(body, params=None, headers=None)

Estimates the model memory https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-apis.html

Parameters:body – The analysis config, plus cardinality estimates for fields it references
evaluate_data_frame(body, params=None, headers=None)

Evaluates the data frame analytics for an annotated index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/evaluate-dfanalytics.html

Parameters:body – The evaluation definition
explain_data_frame_analytics(body=None, id=None, params=None, headers=None)

Explains a data frame analytics config. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/explain-dfanalytics.html

Parameters:
  • body – The data frame analytics config to explain
  • id – The ID of the data frame analytics to explain
find_file_structure(body, params=None, headers=None)

Finds the structure of a text file. The text file must contain data that is suitable to be ingested into Elasticsearch. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-find-file-structure.html

Parameters:
  • body – The contents of the file to be analyzed
  • charset – Optional parameter to specify the character set of the file
  • column_names – Optional parameter containing a comma separated list of the column names for a delimited file
  • delimiter – Optional parameter to specify the delimiter character for a delimited file - must be a single character
  • explain – Whether to include a commentary on how the structure was derived
  • format – Optional parameter to specify the high level file format Valid choices: ndjson, xml, delimited, semi_structured_text
  • grok_pattern – Optional parameter to specify the Grok pattern that should be used to extract fields from messages in a semi- structured text file
  • has_header_row – Optional parameter to specify whether a delimited file includes the column names in its first row
  • line_merge_size_limit – Maximum number of characters permitted in a single message when lines are merged to create messages. Default: 10000
  • lines_to_sample – How many lines of the file should be included in the analysis Default: 1000
  • quote – Optional parameter to specify the quote character for a delimited file - must be a single character
  • should_trim_fields – Optional parameter to specify whether the values between delimiters in a delimited file should have whitespace trimmed from them
  • timeout – Timeout after which the analysis will be aborted Default: 25s
  • timestamp_field – Optional parameter to specify the timestamp field in the file
  • timestamp_format – Optional parameter to specify the timestamp format in the file - may be either a Joda or Java time format
flush_job(job_id, body=None, params=None, headers=None)

Forces any buffered data to be processed by the job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-flush-job.html

Parameters:
  • job_id – The name of the job to flush
  • body – Flush parameters
  • advance_time – Advances time to the given value generating results and updating the model for the advanced interval
  • calc_interim – Calculates interim results for the most recent bucket or all buckets within the latency period
  • end – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
  • skip_time – Skips time to the given value without generating results or updating the model for the skipped interval
  • start – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
forecast(job_id, params=None, headers=None)

Predicts the future behavior of a time series by using its historical behavior. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-forecast.html

Parameters:
  • job_id – The ID of the job to forecast for
  • duration – The duration of the forecast
  • expires_in – The time interval after which the forecast expires. Expired forecasts will be deleted at the first opportunity.
  • max_model_memory – The max memory able to be used by the forecast. Default is 20mb.
get_buckets(job_id, body=None, timestamp=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more buckets. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-bucket.html

Parameters:
  • job_id – ID of the job to get bucket results from
  • body – Bucket selection details if not provided in URI
  • timestamp – The timestamp of the desired single bucket result
  • anomaly_score – Filter for the most anomalous buckets
  • desc – Set the sort direction
  • end – End time filter for buckets
  • exclude_interim – Exclude interim results
  • expand – Include anomaly records
  • from – skips a number of buckets
  • size – specifies a max number of buckets to get
  • sort – Sort buckets by a particular field
  • start – Start time filter for buckets
get_calendar_events(calendar_id, params=None, headers=None)

Retrieves information about the scheduled events in calendars. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar containing the events
  • end – Get events before this time
  • from – Skips a number of events
  • job_id – Get events for the job. When this option is used calendar_id must be ‘_all’
  • size – Specifies a max number of events to get
  • start – Get events after this time
get_calendars(body=None, calendar_id=None, params=None, headers=None)

Retrieves configuration information for calendars. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-calendar.html

Parameters:
  • body – The from and size parameters optionally sent in the body
  • calendar_id – The ID of the calendar to fetch
  • from – skips a number of calendars
  • size – specifies a max number of calendars to get
get_categories(job_id, body=None, category_id=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more categories. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-category.html

Parameters:
  • job_id – The name of the job
  • body – Category selection details if not provided in URI
  • category_id – The identifier of the category definition of interest
  • from – skips a number of categories
  • partition_field_value – Specifies the partition to retrieve categories for. This is optional, and should never be used for jobs where per-partition categorization is disabled.
  • size – specifies a max number of categories to get
get_data_frame_analytics(id=None, params=None, headers=None)

Retrieves configuration information for data frame analytics jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified) Default: True
  • from – skips a number of analytics
  • size – specifies a max number of analytics to get Default: 100
get_data_frame_analytics_stats(id=None, params=None, headers=None)

Retrieves usage information for data frame analytics jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-dfanalytics-stats.html

Parameters:
  • id – The ID of the data frame analytics stats to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified) Default: True
  • from – skips a number of analytics
  • size – specifies a max number of analytics to get Default: 100
  • verbose – whether the stats response should be verbose
get_datafeed_stats(datafeed_id=None, params=None, headers=None)

Retrieves usage information for datafeeds. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-datafeed-stats.html

Parameters:
  • datafeed_id – The ID of the datafeeds stats to fetch
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
get_datafeeds(datafeed_id=None, params=None, headers=None)

Retrieves configuration information for datafeeds. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeeds to fetch
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
get_filters(filter_id=None, params=None, headers=None)

Retrieves filters. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-filter.html

Parameters:
  • filter_id – The ID of the filter to fetch
  • from – skips a number of filters
  • size – specifies a max number of filters to get
get_influencers(job_id, body=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more influencers. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-influencer.html

Parameters:
  • job_id – Identifier for the anomaly detection job
  • body – Influencer selection criteria
  • desc – whether the results should be sorted in decending order
  • end – end timestamp for the requested influencers
  • exclude_interim – Exclude interim results
  • from – skips a number of influencers
  • influencer_score – influencer score threshold for the requested influencers
  • size – specifies a max number of influencers to get
  • sort – sort field for the requested influencers
  • start – start timestamp for the requested influencers
get_job_stats(job_id=None, params=None, headers=None)

Retrieves usage information for anomaly detection jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-job-stats.html

Parameters:
  • job_id – The ID of the jobs stats to fetch
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
get_jobs(job_id=None, params=None, headers=None)

Retrieves configuration information for anomaly detection jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-job.html

Parameters:
  • job_id – The ID of the jobs to fetch
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
get_model_snapshots(job_id, body=None, snapshot_id=None, params=None, headers=None)

Retrieves information about model snapshots. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • body – Model snapshot selection criteria
  • snapshot_id – The ID of the snapshot to fetch
  • desc – True if the results should be sorted in descending order
  • end – The filter ‘end’ query parameter
  • from – Skips a number of documents
  • size – The default number of documents returned in queries as a string.
  • sort – Name of the field to sort on
  • start – The filter ‘start’ query parameter
get_overall_buckets(job_id, body=None, params=None, headers=None)

Retrieves overall bucket results that summarize the bucket results of multiple anomaly detection jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-overall-buckets.html

Parameters:
  • job_id – The job IDs for which to calculate overall bucket results
  • body – Overall bucket selection details if not provided in URI
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • bucket_span – The span of the overall buckets. Defaults to the longest job bucket_span
  • end – Returns overall buckets with timestamps earlier than this time
  • exclude_interim – If true overall buckets that include interim buckets will be excluded
  • overall_score – Returns overall buckets with overall scores higher than this value
  • start – Returns overall buckets with timestamps after this time
  • top_n – The number of top job bucket scores to be used in the overall_score calculation
get_records(job_id, body=None, params=None, headers=None)

Retrieves anomaly records for an anomaly detection job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-get-record.html

Parameters:
  • job_id – The ID of the job
  • body – Record selection criteria
  • desc – Set the sort direction
  • end – End time filter for records
  • exclude_interim – Exclude interim results
  • from – skips a number of records
  • record_score – Returns records with anomaly scores greater or equal than this value
  • size – specifies a max number of records to get
  • sort – Sort records by a particular field
  • start – Start time filter for records
get_trained_models(model_id=None, params=None, headers=None)

Retrieves configuration information for a trained inference model. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-inference.html

Parameters:
  • model_id – The ID of the trained models to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no trained models. (This includes _all string or when no trained models have been specified) Default: True
  • decompress_definition – Should the model definition be decompressed into valid JSON or returned in a custom compressed format. Defaults to true. Default: True
  • for_export – Omits fields that are illegal to set on model PUT
  • from – skips a number of trained models
  • include_model_definition – Should the full model definition be included in the results. These definitions can be large. So be cautious when including them. Defaults to false.
  • size – specifies a max number of trained models to get Default: 100
  • tags – A comma-separated list of tags that the model must have.
get_trained_models_stats(model_id=None, params=None, headers=None)

Retrieves usage information for trained inference models. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-inference-stats.html

Parameters:
  • model_id – The ID of the trained models stats to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no trained models. (This includes _all string or when no trained models have been specified) Default: True
  • from – skips a number of trained models
  • size – specifies a max number of trained models to get Default: 100
info(params=None, headers=None)

Returns defaults and limits used by machine learning. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-ml-info.html

open_job(job_id, params=None, headers=None)

Opens one or more anomaly detection jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-open-job.html

Parameters:job_id – The ID of the job to open
post_calendar_events(calendar_id, body, params=None, headers=None)

Posts scheduled events in a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-post-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • body – A list of events
post_data(job_id, body, params=None, headers=None)

Sends data to an anomaly detection job for analysis. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-post-data.html

Parameters:
  • job_id – The name of the job receiving the data
  • body – The data to process
  • reset_end – Optional parameter to specify the end of the bucket resetting range
  • reset_start – Optional parameter to specify the start of the bucket resetting range
preview_datafeed(datafeed_id, params=None, headers=None)

Previews a datafeed. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-preview-datafeed.html

Parameters:datafeed_id – The ID of the datafeed to preview
put_calendar(calendar_id, body=None, params=None, headers=None)

Instantiates a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-put-calendar.html

Parameters:
  • calendar_id – The ID of the calendar to create
  • body – The calendar details
put_calendar_job(calendar_id, job_id, params=None, headers=None)

Adds an anomaly detection job to a calendar. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-put-calendar-job.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • job_id – The ID of the job to add to the calendar
put_data_frame_analytics(id, body, params=None, headers=None)

Instantiates a data frame analytics job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/put-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to create
  • body – The data frame analytics configuration
put_datafeed(datafeed_id, body, params=None, headers=None)

Instantiates a datafeed. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-put-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to create
  • body – The datafeed config
  • allow_no_indices – Ignore if the source indices expressions resolves to no concrete indices (default: true)
  • expand_wildcards – Whether source index expressions should get expanded to open or closed indices (default: open) Valid choices: open, closed, hidden, none, all
  • ignore_throttled – Ignore indices that are marked as throttled (default: true)
  • ignore_unavailable – Ignore unavailable indexes (default: false)
put_filter(filter_id, body, params=None, headers=None)

Instantiates a filter. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-put-filter.html

Parameters:
  • filter_id – The ID of the filter to create
  • body – The filter details
put_job(job_id, body, params=None, headers=None)

Instantiates an anomaly detection job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-put-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job
put_trained_model(model_id, body, params=None, headers=None)

Creates an inference trained model. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/put-inference.html

Parameters:
  • model_id – The ID of the trained models to store
  • body – The trained model configuration
revert_model_snapshot(job_id, snapshot_id, body=None, params=None, headers=None)

Reverts to a specific snapshot. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-revert-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to revert to
  • body – Reversion options
  • delete_intervening_results – Should we reset the results back to the time of the snapshot?
set_upgrade_mode(params=None, headers=None)

Sets a cluster wide upgrade_mode setting that prepares machine learning indices for an upgrade. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-set-upgrade-mode.html

Parameters:
  • enabled – Whether to enable upgrade_mode ML setting or not. Defaults to false.
  • timeout – Controls the time to wait before action times out. Defaults to 30 seconds
start_data_frame_analytics(id, body=None, params=None, headers=None)

Starts a data frame analytics job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/start-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to start
  • body – The start data frame analytics parameters
  • timeout – Controls the time to wait until the task has started. Defaults to 20 seconds
start_datafeed(datafeed_id, body=None, params=None, headers=None)

Starts one or more datafeeds. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-start-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to start
  • body – The start datafeed parameters
  • end – The end time when the datafeed should stop. When not set, the datafeed continues in real time
  • start – The start time from where the datafeed should begin
  • timeout – Controls the time to wait until a datafeed has started. Default to 20 seconds
stop_data_frame_analytics(id, body=None, params=None, headers=None)

Stops one or more data frame analytics jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/stop-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to stop
  • body – The stop data frame analytics parameters
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified)
  • force – True if the data frame analytics should be forcefully stopped
  • timeout – Controls the time to wait until the task has stopped. Defaults to 20 seconds
stop_datafeed(datafeed_id, params=None, headers=None)

Stops one or more datafeeds. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-stop-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to stop
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • force – True if the datafeed should be forcefully stopped.
  • timeout – Controls the time to wait until a datafeed has stopped. Default to 20 seconds
update_data_frame_analytics(id, body, params=None, headers=None)

Updates certain properties of a data frame analytics job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/update-dfanalytics.html

Parameters:
  • id – The ID of the data frame analytics to update
  • body – The data frame analytics settings to update
update_datafeed(datafeed_id, body, params=None, headers=None)

Updates certain properties of a datafeed. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-update-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to update
  • body – The datafeed update settings
  • allow_no_indices – Ignore if the source indices expressions resolves to no concrete indices (default: true)
  • expand_wildcards – Whether source index expressions should get expanded to open or closed indices (default: open) Valid choices: open, closed, hidden, none, all
  • ignore_throttled – Ignore indices that are marked as throttled (default: true)
  • ignore_unavailable – Ignore unavailable indexes (default: false)
update_filter(filter_id, body, params=None, headers=None)

Updates the description of a filter, adds items, or removes items. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-update-filter.html

Parameters:
  • filter_id – The ID of the filter to update
  • body – The filter update
update_job(job_id, body, params=None, headers=None)

Updates certain properties of an anomaly detection job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-update-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job update settings
update_model_snapshot(job_id, snapshot_id, body, params=None, headers=None)

Updates certain properties of a snapshot. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ml-update-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to update
  • body – The model snapshot properties to update
validate(body, params=None, headers=None)

Validates an anomaly detection job. https://www.elastic.co/guide/en/machine-learning/current/ml-jobs.html

Parameters:body – The job config
validate_detector(body, params=None, headers=None)

Validates an anomaly detection detector. https://www.elastic.co/guide/en/machine-learning/current/ml-jobs.html

Parameters:body – The detector

Security APIs

Security API can be used to help secure your Elasticsearch cluster. Integrating with LDAP and Active Directory.

class elasticsearch.client.security.SecurityClient(client)
authenticate(params=None, headers=None)

Enables authentication as a user and retrieve information about the authenticated user. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-authenticate.html

change_password(body, username=None, params=None, headers=None)

Changes the passwords of users in the native realm and built-in users. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-change-password.html

Parameters:
  • body – the new password for the user
  • username – The username of the user to change the password for
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
clear_cached_privileges(application, params=None, headers=None)

Evicts application privileges from the native application privileges cache. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-clear-privilege-cache.html

Parameters:application – A comma-separated list of application names
clear_cached_realms(realms, params=None, headers=None)

Evicts users from the user cache. Can completely clear the cache or evict specific users. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-clear-cache.html

Parameters:
  • realms – Comma-separated list of realms to clear
  • usernames – Comma-separated list of usernames to clear from the cache
clear_cached_roles(name, params=None, headers=None)

Evicts roles from the native role cache. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-clear-role-cache.html

Parameters:name – Role name
create_api_key(body, params=None, headers=None)

Creates an API key for access without requiring basic authentication. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-create-api-key.html

Parameters:
  • body – The api key request to create an API key
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_privileges(application, name, params=None, headers=None)

Removes application privileges. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-delete-privilege.html

Parameters:
  • application – Application name
  • name – Privilege name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_role(name, params=None, headers=None)

Removes roles in the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-delete-role.html

Parameters:
  • name – Role name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_role_mapping(name, params=None, headers=None)

Removes role mappings. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-delete-role-mapping.html

Parameters:
  • name – Role-mapping name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_user(username, params=None, headers=None)

Deletes users from the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-delete-user.html

Parameters:
  • username – username
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
disable_user(username, params=None, headers=None)

Disables users in the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-disable-user.html

Parameters:
  • username – The username of the user to disable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
enable_user(username, params=None, headers=None)

Enables users in the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-enable-user.html

Parameters:
  • username – The username of the user to enable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
get_api_key(params=None, headers=None)

Retrieves information for one or more API keys. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-api-key.html

Parameters:
  • id – API key id of the API key to be retrieved
  • name – API key name of the API key to be retrieved
  • owner – flag to query API keys owned by the currently authenticated user
  • realm_name – realm name of the user who created this API key to be retrieved
  • username – user name of the user who created this API key to be retrieved
get_builtin_privileges(params=None, headers=None)

Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-builtin-privileges.html

get_privileges(application=None, name=None, params=None, headers=None)

Retrieves application privileges. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-privileges.html

Parameters:
  • application – Application name
  • name – Privilege name
get_role(name=None, params=None, headers=None)

Retrieves roles in the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-role.html

Parameters:name – Role name
get_role_mapping(name=None, params=None, headers=None)

Retrieves role mappings. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-role-mapping.html

Parameters:name – Role-Mapping name
get_token(body, params=None, headers=None)

Creates a bearer token for access without requiring basic authentication. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-token.html

Parameters:body – The token request to get
get_user(username=None, params=None, headers=None)

Retrieves information about users in the native realm and built-in users. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-user.html

Parameters:username – A comma-separated list of usernames
get_user_privileges(params=None, headers=None)

Retrieves application privileges. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-privileges.html

has_privileges(body, user=None, params=None, headers=None)

Determines whether the specified user has a specified list of privileges. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-has-privileges.html

Parameters:
  • body – The privileges to test
  • user – Username
invalidate_api_key(body, params=None, headers=None)

Invalidates one or more API keys. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-invalidate-api-key.html

Parameters:body – The api key request to invalidate API key(s)
invalidate_token(body, params=None, headers=None)

Invalidates one or more access tokens or refresh tokens. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-invalidate-token.html

Parameters:body – The token to invalidate
put_privileges(body, params=None, headers=None)

Adds or updates application privileges. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-put-privileges.html

Parameters:
  • body – The privilege(s) to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_role(name, body, params=None, headers=None)

Adds and updates roles in the native realm. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-put-role.html

Parameters:
  • name – Role name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_role_mapping(name, body, params=None, headers=None)

Creates and updates role mappings. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-put-role-mapping.html

Parameters:
  • name – Role-mapping name
  • body – The role mapping to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_user(username, body, params=None, headers=None)

Adds and updates users in the native realm. These users are commonly referred to as native users. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-put-user.html

Parameters:
  • username – The username of the User
  • body – The user to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for

Watcher APIs

Watcher API can be used to notify you when certain pre-defined thresholds have happened.

class elasticsearch.client.watcher.WatcherClient(client)
ack_watch(watch_id, action_id=None, params=None, headers=None)

Acknowledges a watch, manually throttling the execution of the watch’s actions. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-ack-watch.html

Parameters:
  • watch_id – Watch ID
  • action_id – A comma-separated list of the action ids to be acked
activate_watch(watch_id, params=None, headers=None)

Activates a currently inactive watch. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-activate-watch.html

Parameters:watch_id – Watch ID
deactivate_watch(watch_id, params=None, headers=None)

Deactivates a currently active watch. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-deactivate-watch.html

Parameters:watch_id – Watch ID
delete_watch(id, params=None, headers=None)

Removes a watch from Watcher. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-delete-watch.html

Parameters:id – Watch ID
execute_watch(body=None, id=None, params=None, headers=None)

Forces the execution of a stored watch. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-execute-watch.html

Parameters:
  • body – Execution control
  • id – Watch ID
  • debug – indicates whether the watch should execute in debug mode
get_watch(id, params=None, headers=None)

Retrieves a watch by its ID. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-get-watch.html

Parameters:id – Watch ID
put_watch(id, body=None, params=None, headers=None)

Creates a new watch, or updates an existing one. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-put-watch.html

Parameters:
  • id – Watch ID
  • body – The watch
  • active – Specify whether the watch is in/active by default
  • if_primary_term – only update the watch if the last operation that has changed the watch has the specified primary term
  • if_seq_no – only update the watch if the last operation that has changed the watch has the specified sequence number
  • version – Explicit version number for concurrency control
start(params=None, headers=None)

Starts Watcher if it is not already running. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-start.html

stats(metric=None, params=None, headers=None)

Retrieves the current Watcher metrics. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-stats.html

Parameters:
  • metric – Controls what additional stat metrics should be include in the response Valid choices: _all, queued_watches, current_watches, pending_watches
  • emit_stacktraces – Emits stack traces of currently running watches
stop(params=None, headers=None)

Stops Watcher if it is running. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/watcher-api-stop.html

Migration APIs

Migration API helps simplify upgrading X-Pack indices from one version to another.

class elasticsearch.client.migration.MigrationClient(client)
deprecations(index=None, params=None, headers=None)

Retrieves information about different cluster, node, and index level settings that use deprecated features that will be removed or changed in the next major version. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/migration-api-deprecation.html

Parameters:index – Index pattern

Enrich APIs

Enrich API can be used to add data from your existing indices to incoming documents during ingest.

class elasticsearch.client.enrich.EnrichClient(client)
delete_policy(name, params=None, headers=None)

Deletes an existing enrich policy and its enrich index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/delete-enrich-policy-api.html

Parameters:name – The name of the enrich policy
execute_policy(name, params=None, headers=None)

Creates the enrich index for an existing enrich policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/execute-enrich-policy-api.html

Parameters:
  • name – The name of the enrich policy
  • wait_for_completion – Should the request should block until the execution is complete. Default: True
get_policy(name=None, params=None, headers=None)

Gets information about an enrich policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-enrich-policy-api.html

Parameters:name – A comma-separated list of enrich policy names
put_policy(name, body, params=None, headers=None)

Creates a new enrich policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/put-enrich-policy-api.html

Parameters:
  • name – The name of the enrich policy
  • body – The enrich policy to register
stats(params=None, headers=None)

Gets enrich coordinator statistics and information about enrich policies that are currently executing. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/enrich-stats-api.html

SQL APIs

The SQL REST API accepts SQL in a JSON document, executes it, and returns the results.

class elasticsearch.client.sql.SqlClient(client)
clear_cursor(body, params=None, headers=None)

Clears the SQL cursor https://www.elastic.co/guide/en/elasticsearch/reference/7.x/sql-pagination.html

Parameters:body – Specify the cursor value in the cursor element to clean the cursor.
query(body, params=None, headers=None)

Executes a SQL request https://www.elastic.co/guide/en/elasticsearch/reference/7.x/sql-rest-overview.html

Parameters:
  • body – Use the query element to start a query. Use the cursor element to continue a query.
  • format – a short version of the Accept header, e.g. json, yaml
translate(body, params=None, headers=None)

Translates SQL into Elasticsearch queries https://www.elastic.co/guide/en/elasticsearch/reference/7.x/sql-translate.html

Parameters:body – Specify the query in the query element.

Cross-Cluster Replication APIs

Cross-Cluster Replication API used to perform cross-cluster replication operations.

class elasticsearch.client.ccr.CcrClient(client)
delete_auto_follow_pattern(name, params=None, headers=None)

Deletes auto-follow patterns. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-delete-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern.
follow(index, body, params=None, headers=None)

Creates a new follower index configured to follow the referenced leader index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-put-follow.html

Parameters:
  • index – The name of the follower index
  • body – The name of the leader index and other optional ccr related parameters
  • wait_for_active_shards – Sets the number of shard copies that must be active before returning. Defaults to 0. Set to all for all shard copies, otherwise set to any non-negative value less than or equal to the total number of copies for the shard (number of replicas + 1) Default: 0
follow_info(index, params=None, headers=None)

Retrieves information about all follower indices, including parameters and status for each follower index https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-get-follow-info.html

Parameters:index – A comma-separated list of index patterns; use _all to perform the operation on all indices
follow_stats(index, params=None, headers=None)

Retrieves follower stats. return shard-level stats about the following tasks associated with each shard for the specified indices. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-get-follow-stats.html

Parameters:index – A comma-separated list of index patterns; use _all to perform the operation on all indices
forget_follower(index, body, params=None, headers=None)

Removes the follower retention leases from the leader. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-post-forget-follower.html

Parameters:
  • index – the name of the leader index for which specified follower retention leases should be removed
  • body – the name and UUID of the follower index, the name of the cluster containing the follower index, and the alias from the perspective of that cluster for the remote cluster containing the leader index
get_auto_follow_pattern(name=None, params=None, headers=None)

Gets configured auto-follow patterns. Returns the specified auto-follow pattern collection. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-get-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern.
pause_auto_follow_pattern(name, params=None, headers=None)

Pauses an auto-follow pattern https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-pause-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern that should pause discovering new indices to follow.
pause_follow(index, params=None, headers=None)

Pauses a follower index. The follower index will not fetch any additional operations from the leader index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-post-pause-follow.html

Parameters:index – The name of the follower index that should pause following its leader index.
put_auto_follow_pattern(name, body, params=None, headers=None)

Creates a new named collection of auto-follow patterns against a specified remote cluster. Newly created indices on the remote cluster matching any of the specified patterns will be automatically configured as follower indices. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-put-auto-follow-pattern.html

Parameters:
  • name – The name of the auto follow pattern.
  • body – The specification of the auto follow pattern
resume_auto_follow_pattern(name, params=None, headers=None)

Resumes an auto-follow pattern that has been paused https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-resume-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern to resume discovering new indices to follow.
resume_follow(index, body=None, params=None, headers=None)

Resumes a follower index that has been paused https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-post-resume-follow.html

Parameters:
  • index – The name of the follow index to resume following.
  • body – The name of the leader index and other optional ccr related parameters
stats(params=None, headers=None)

Gets all stats related to cross-cluster replication. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-get-stats.html

unfollow(index, params=None, headers=None)

Stops the following task associated with a follower index and removes index metadata and settings associated with cross-cluster replication. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ccr-post-unfollow.html

Parameters:index – The name of the follower index that should be turned into a regular index.

Monitoring APIs

Monitoring API used to collect data from the Elasticsearch nodes, Logstash nodes, Kibana instances, and Beats in your cluster.

class elasticsearch.client.monitoring.MonitoringClient(client)
bulk(body, doc_type=None, params=None, headers=None)

Used by the monitoring features to send monitoring data. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/monitor-elasticsearch-cluster.html

Parameters:
  • body – The operation definition and data (action-data pairs), separated by newlines
  • doc_type – Default document type for items which don’t provide one
  • interval – Collection interval (e.g., ’10s’ or ‘10000ms’) of the payload
  • system_api_version – API Version of the monitored system
  • system_id – Identifier of the monitored system

Rollup APIs

Rollup API enables searching through rolled-up data using the standard query DSL.

class elasticsearch.client.rollup.RollupClient(client)
delete_job(id, params=None, headers=None)

Deletes an existing rollup job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-delete-job.html

Parameters:id – The ID of the job to delete
get_jobs(id=None, params=None, headers=None)

Retrieves the configuration, stats, and status of rollup jobs. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-get-job.html

Parameters:id – The ID of the job(s) to fetch. Accepts glob patterns, or left blank for all jobs
get_rollup_caps(id=None, params=None, headers=None)

Returns the capabilities of any rollup jobs that have been configured for a specific index or index pattern. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-get-rollup-caps.html

Parameters:id – The ID of the index to check rollup capabilities on, or left blank for all jobs
get_rollup_index_caps(index, params=None, headers=None)

Returns the rollup capabilities of all jobs inside of a rollup index (e.g. the index where rollup data is stored). https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-get-rollup-index-caps.html

Parameters:index – The rollup index or index pattern to obtain rollup capabilities from.
put_job(id, body, params=None, headers=None)

Creates a rollup job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-put-job.html

Parameters:
  • id – The ID of the job to create
  • body – The job configuration

Enables searching rolled-up data using the standard query DSL. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-search.html

Parameters:
  • index – The indices or index-pattern(s) (containing rollup or regular data) that should be searched
  • body – The search request body
  • doc_type – The doc type inside the index
  • rest_total_hits_as_int – Indicates whether hits.total should be rendered as an integer or an object in the rest search response
  • typed_keys – Specify whether aggregation and suggester names should be prefixed by their respective types in the response
start_job(id, params=None, headers=None)

Starts an existing, stopped rollup job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-start-job.html

Parameters:id – The ID of the job to start
stop_job(id, params=None, headers=None)

Stops an existing, started rollup job. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/rollup-stop-job.html

Parameters:
  • id – The ID of the job to stop
  • timeout – Block for (at maximum) the specified duration while waiting for the job to stop. Defaults to 30s.
  • wait_for_completion – True if the API should block until the job has fully stopped, false if should be executed async. Defaults to false.

Snapshot Lifecycle Management APIs

Snapshot Lifecycle Management API can be used to set up policies to automatically take snapshots and control how long they are retained.

class elasticsearch.client.slm.SlmClient(client)
delete_lifecycle(policy_id, params=None, headers=None)

Deletes an existing snapshot lifecycle policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-delete-policy.html

Parameters:policy_id – The id of the snapshot lifecycle policy to remove
execute_lifecycle(policy_id, params=None, headers=None)

Immediately creates a snapshot according to the lifecycle policy, without waiting for the scheduled time. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-execute-lifecycle.html

Parameters:policy_id – The id of the snapshot lifecycle policy to be executed
execute_retention(params=None, headers=None)

Deletes any snapshots that are expired according to the policy’s retention rules. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-execute-retention.html

get_lifecycle(policy_id=None, params=None, headers=None)

Retrieves one or more snapshot lifecycle policy definitions and information about the latest snapshot attempts. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-get-policy.html

Parameters:policy_id – Comma-separated list of snapshot lifecycle policies to retrieve
get_stats(params=None, headers=None)

Returns global and policy-level statistics about actions taken by snapshot lifecycle management. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-get-stats.html

get_status(params=None, headers=None)

Retrieves the status of snapshot lifecycle management (SLM). https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-get-status.html

put_lifecycle(policy_id, body=None, params=None, headers=None)

Creates or updates a snapshot lifecycle policy. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-put-policy.html

Parameters:
  • policy_id – The id of the snapshot lifecycle policy
  • body – The snapshot lifecycle policy definition to register
start(params=None, headers=None)

Turns on snapshot lifecycle management (SLM). https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-start.html

stop(params=None, headers=None)

Turns off snapshot lifecycle management (SLM). https://www.elastic.co/guide/en/elasticsearch/reference/7.x/slm-api-stop.html

Searchable Snapshots APIs

Searchable Snapshots API used to perform searchable snapshots operations.

class elasticsearch.client.searchable_snapshots.SearchableSnapshotsClient(client)
clear_cache(index=None, params=None, headers=None)

Clear the cache of searchable snapshots. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/searchable-snapshots-api-clear-cache.html

Parameters:
  • index – A comma-separated list of index name to limit the operation
  • allow_no_indices – Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
  • expand_wildcards – Whether to expand wildcard expression to concrete indices that are open, closed or both. Valid choices: open, closed, none, all Default: open
  • ignore_unavailable – Whether specified concrete indices should be ignored when unavailable (missing or closed)
mount(repository, snapshot, body, params=None, headers=None)

Mount a snapshot as a searchable index. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/searchable-snapshots-api-mount-snapshot.html

Parameters:
  • repository – The name of the repository containing the snapshot of the index to mount
  • snapshot – The name of the snapshot of the index to mount
  • body – The restore configuration for mounting the snapshot as searchable
  • master_timeout – Explicit operation timeout for connection to master node
  • wait_for_completion – Should this request wait until the operation has completed before returning
repository_stats(repository, params=None, headers=None)

Retrieve usage statistics about a snapshot repository. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/searchable-snapshots-repository-stats.html

Parameters:repository – The repository for which to get the stats for
stats(index=None, params=None, headers=None)

Retrieve various statistics about searchable snapshots. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/searchable-snapshots-api-stats.html

Parameters:index – A comma-separated list of index names

Index Lifecycle Management APIs

Index Lifecycle Management API used to set up policies to automatically manage the index lifecycle.

class elasticsearch.client.ilm.IlmClient(client)
delete_lifecycle(policy, params=None, headers=None)

Deletes the specified lifecycle policy definition. A currently used policy cannot be deleted. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-delete-lifecycle.html

Parameters:policy – The name of the index lifecycle policy
explain_lifecycle(index, params=None, headers=None)

Retrieves information about the index’s current lifecycle state, such as the currently executing phase, action, and step. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-explain-lifecycle.html

Parameters:
  • index – The name of the index to explain
  • only_errors – filters the indices included in the response to ones in an ILM error state, implies only_managed
  • only_managed – filters the indices included in the response to ones managed by ILM
get_lifecycle(policy=None, params=None, headers=None)

Returns the specified policy definition. Includes the policy version and last modified date. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-get-lifecycle.html

Parameters:policy – The name of the index lifecycle policy
get_status(params=None, headers=None)

Retrieves the current index lifecycle management (ILM) status. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-get-status.html

move_to_step(index, body=None, params=None, headers=None)

Manually moves an index into the specified step and executes that step. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-move-to-step.html

Parameters:
  • index – The name of the index whose lifecycle step is to change
  • body – The new lifecycle step to move to
put_lifecycle(policy, body=None, params=None, headers=None)

Creates a lifecycle policy https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-put-lifecycle.html

Parameters:
  • policy – The name of the index lifecycle policy
  • body – The lifecycle policy definition to register
remove_policy(index, params=None, headers=None)

Removes the assigned lifecycle policy and stops managing the specified index https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-remove-policy.html

Parameters:index – The name of the index to remove policy on
retry(index, params=None, headers=None)

Retries executing the policy for an index that is in the ERROR step. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-retry-policy.html

Parameters:index – The name of the indices (comma-separated) whose failed lifecycle step is to be retry
start(params=None, headers=None)

Start the index lifecycle management (ILM) plugin. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-start.html

stop(params=None, headers=None)

Halts all lifecycle management operations and stops the index lifecycle management (ILM) plugin https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ilm-stop.html

Transform APIs

Transform API manages transformation operations from grabbing data from source indices, transforms it, and saves it to a destination index.

class elasticsearch.client.transform.TransformClient(client)
delete_transform(transform_id, params=None, headers=None)

Deletes an existing transform. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/delete-transform.html

Parameters:
  • transform_id – The id of the transform to delete
  • force – When true, the transform is deleted regardless of its current state. The default value is false, meaning that the transform must be stopped before it can be deleted.
get_transform(transform_id=None, params=None, headers=None)

Retrieves configuration information for transforms. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-transform.html

Parameters:
  • transform_id – The id or comma delimited list of id expressions of the transforms to get, ‘_all’ or ‘*’ implies get all transforms
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • from – skips a number of transform configs, defaults to 0
  • size – specifies a max number of transforms to get, defaults to 100
get_transform_stats(transform_id, params=None, headers=None)

Retrieves usage information for transforms. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/get-transform-stats.html

Parameters:
  • transform_id – The id of the transform for which to get stats. ‘_all’ or ‘*’ implies all transforms
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • from – skips a number of transform stats, defaults to 0
  • size – specifies a max number of transform stats to get, defaults to 100
preview_transform(body, params=None, headers=None)

Previews a transform. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/preview-transform.html

Parameters:body – The definition for the transform to preview
put_transform(transform_id, body, params=None, headers=None)

Instantiates a transform. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/put-transform.html

Parameters:
  • transform_id – The id of the new transform.
  • body – The transform definition
  • defer_validation – If validations should be deferred until transform starts, defaults to false.
start_transform(transform_id, params=None, headers=None)

Starts one or more transforms. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/start-transform.html

Parameters:
  • transform_id – The id of the transform to start
  • timeout – Controls the time to wait for the transform to start
stop_transform(transform_id, params=None, headers=None)

Stops one or more transforms. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/stop-transform.html

Parameters:
  • transform_id – The id of the transform to stop
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • force – Whether to force stop a failed transform or not. Default to false
  • timeout – Controls the time to wait until the transform has stopped. Default to 30 seconds
  • wait_for_checkpoint – Whether to wait for the transform to reach a checkpoint before stopping. Default to false
  • wait_for_completion – Whether to wait for the transform to fully stop before returning or not. Default to false
update_transform(transform_id, body, params=None, headers=None)

Updates certain properties of a transform. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/update-transform.html

Parameters:
  • transform_id – The id of the transform.
  • body – The update transform definition
  • defer_validation – If validations should be deferred until transform starts, defaults to false.

Deprecation APIs

Deprecation API used to retrieve information about different cluster, node, and index level settings that use deprecated features that will be removed or changed in the next major version.

class elasticsearch.client.deprecation.DeprecationClient(client)
info(index=None, params=None, headers=None)

http://www.elastic.co/guide/en/migration/7.x/migration-api-deprecation.html

Parameters:index – Index pattern