X-Pack APIs

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package. While the X-Pack components are designed to work together seamlessly, you can easily enable or disable the features you want to use.

X-Pack Info

X-Pack Info API provides general info about the installed X-Pack.

class elasticsearch.client.XPackClient(client)
info(params=None, headers=None)

Retrieves information about the installed X-Pack features.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/info-api.html

Parameters:
  • accept_enterprise – If an enterprise license is installed, return the type and mode as ‘enterprise’ (default: false)
  • categories – Comma-separated list of info categories. Can be any of: build, license, features
usage(params=None, headers=None)

Retrieves usage information about the installed X-Pack features.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/usage-api.html

Parameters:master_timeout – Specify timeout for watch write operation

Autoscaling

Autoscaling API is used to perform autoscaling operations.

class elasticsearch.client.AutoscalingClient(client)
delete_autoscaling_policy(name, params=None, headers=None)

Deletes an autoscaling policy. Designed for indirect use by ECE/ESS and ECK. Direct use is not supported.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/autoscaling-delete-autoscaling-policy.html

Parameters:name – the name of the autoscaling policy
get_autoscaling_capacity(params=None, headers=None)

Gets the current autoscaling capacity based on the configured autoscaling policy. Designed for indirect use by ECE/ESS and ECK. Direct use is not supported.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/autoscaling-get-autoscaling-capacity.html

get_autoscaling_policy(name, params=None, headers=None)

Retrieves an autoscaling policy. Designed for indirect use by ECE/ESS and ECK. Direct use is not supported.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/autoscaling-get-autoscaling-policy.html

Parameters:name – the name of the autoscaling policy
put_autoscaling_policy(name, body, params=None, headers=None)

Creates a new autoscaling policy. Designed for indirect use by ECE/ESS and ECK. Direct use is not supported.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/autoscaling-put-autoscaling-policy.html

Parameters:
  • name – the name of the autoscaling policy
  • body – the specification of the autoscaling policy

Cross-Cluster Replication

Cross-Cluster Replication APIs are used to perform cross-cluster replication operations.

class elasticsearch.client.CcrClient(client)
delete_auto_follow_pattern(name, params=None, headers=None)

Deletes auto-follow patterns.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-delete-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern.
follow(index, body, params=None, headers=None)

Creates a new follower index configured to follow the referenced leader index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-put-follow.html

Parameters:
  • index – The name of the follower index
  • body – The name of the leader index and other optional ccr related parameters
  • wait_for_active_shards – Sets the number of shard copies that must be active before returning. Defaults to 0. Set to all for all shard copies, otherwise set to any non-negative value less than or equal to the total number of copies for the shard (number of replicas + 1) Default: 0
follow_info(index, params=None, headers=None)

Retrieves information about all follower indices, including parameters and status for each follower index

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-get-follow-info.html

Parameters:index – A comma-separated list of index patterns; use _all to perform the operation on all indices
follow_stats(index, params=None, headers=None)

Retrieves follower stats. return shard-level stats about the following tasks associated with each shard for the specified indices.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-get-follow-stats.html

Parameters:index – A comma-separated list of index patterns; use _all to perform the operation on all indices
forget_follower(index, body, params=None, headers=None)

Removes the follower retention leases from the leader.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-post-forget-follower.html

Parameters:
  • index – the name of the leader index for which specified follower retention leases should be removed
  • body – the name and UUID of the follower index, the name of the cluster containing the follower index, and the alias from the perspective of that cluster for the remote cluster containing the leader index
get_auto_follow_pattern(name=None, params=None, headers=None)

Gets configured auto-follow patterns. Returns the specified auto-follow pattern collection.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-get-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern.
pause_auto_follow_pattern(name, params=None, headers=None)

Pauses an auto-follow pattern

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-pause-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern that should pause discovering new indices to follow.
pause_follow(index, params=None, headers=None)

Pauses a follower index. The follower index will not fetch any additional operations from the leader index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-post-pause-follow.html

Parameters:index – The name of the follower index that should pause following its leader index.
put_auto_follow_pattern(name, body, params=None, headers=None)

Creates a new named collection of auto-follow patterns against a specified remote cluster. Newly created indices on the remote cluster matching any of the specified patterns will be automatically configured as follower indices.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-put-auto-follow-pattern.html

Parameters:
  • name – The name of the auto follow pattern.
  • body – The specification of the auto follow pattern
resume_auto_follow_pattern(name, params=None, headers=None)

Resumes an auto-follow pattern that has been paused

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-resume-auto-follow-pattern.html

Parameters:name – The name of the auto follow pattern to resume discovering new indices to follow.
resume_follow(index, body=None, params=None, headers=None)

Resumes a follower index that has been paused

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-post-resume-follow.html

Parameters:
  • index – The name of the follow index to resume following.
  • body – The name of the leader index and other optional ccr related parameters
stats(params=None, headers=None)

Gets all stats related to cross-cluster replication.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-get-stats.html

unfollow(index, params=None, headers=None)

Stops the following task associated with a follower index and removes index metadata and settings associated with cross-cluster replication.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ccr-post-unfollow.html

Parameters:index – The name of the follower index that should be turned into a regular index.

Enrich

Enrich APIs can be used to add data from your existing indices to incoming documents during ingest.

class elasticsearch.client.EnrichClient(client)
delete_policy(name, params=None, headers=None)

Deletes an existing enrich policy and its enrich index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/delete-enrich-policy-api.html

Parameters:name – The name of the enrich policy
execute_policy(name, params=None, headers=None)

Creates the enrich index for an existing enrich policy.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/execute-enrich-policy-api.html

Parameters:
  • name – The name of the enrich policy
  • wait_for_completion – Should the request should block until the execution is complete. Default: True
get_policy(name=None, params=None, headers=None)

Gets information about an enrich policy.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-enrich-policy-api.html

Parameters:name – A comma-separated list of enrich policy names
put_policy(name, body, params=None, headers=None)

Creates a new enrich policy.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/put-enrich-policy-api.html

Parameters:
  • name – The name of the enrich policy
  • body – The enrich policy to register
stats(params=None, headers=None)

Gets enrich coordinator statistics and information about enrich policies that are currently executing.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/enrich-stats-api.html

EQL

EQL APIs accept EQL to query event-based time series data, such as logs, metrics, and traces.

class elasticsearch.client.EqlClient(client)
delete(id, params=None, headers=None)

Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/eql-search-api.html

Parameters:id – The async search ID
get(id, params=None, headers=None)

Returns async results from previously executed Event Query Language (EQL) search

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/eql-search-api.html

Parameters:
  • id – The async search ID
  • keep_alive – Update the time interval in which the results (partial or final) for this search will be available Default: 5d
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response
search(index, body, params=None, headers=None)

Returns results matching a query expressed in Event Query Language (EQL)

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/eql-search-api.html

Parameters:
  • index – The name of the index to scope the operation
  • body – Eql request body. Use the query to limit the query scope.
  • keep_alive – Update the time interval in which the results (partial or final) for this search will be available Default: 5d
  • keep_on_completion – Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false)
  • wait_for_completion_timeout – Specify the time that the request should block waiting for the final response

Graph Explore

Graph Explore API enables you to extract and summarize information about the documents and terms in your Elasticsearch index.

class elasticsearch.client.GraphClient(client)
explore(index, body=None, doc_type=None, params=None, headers=None)

Explore extracted and summarized information about the documents and terms in an index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/graph-explore-api.html

Parameters:
  • index – A comma-separated list of index names to search; use _all or empty string to perform the operation on all indices
  • body – Graph Query DSL
  • doc_type – A comma-separated list of document types to search; leave empty to perform the operation on all types
  • routing – Specific routing value
  • timeout – Explicit operation timeout

Index Lifecycle Management (ILM)

Index Lifecycle Management APIs used to set up policies to automatically manage the index lifecycle.

class elasticsearch.client.IlmClient(client)
delete_lifecycle(policy, params=None, headers=None)

Deletes the specified lifecycle policy definition. A currently used policy cannot be deleted.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-delete-lifecycle.html

Parameters:policy – The name of the index lifecycle policy
explain_lifecycle(index, params=None, headers=None)

Retrieves information about the index’s current lifecycle state, such as the currently executing phase, action, and step.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-explain-lifecycle.html

Parameters:
  • index – The name of the index to explain
  • only_errors – filters the indices included in the response to ones in an ILM error state, implies only_managed
  • only_managed – filters the indices included in the response to ones managed by ILM
get_lifecycle(policy=None, params=None, headers=None)

Returns the specified policy definition. Includes the policy version and last modified date.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-get-lifecycle.html

Parameters:policy – The name of the index lifecycle policy
get_status(params=None, headers=None)

Retrieves the current index lifecycle management (ILM) status.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-get-status.html

move_to_step(index, body=None, params=None, headers=None)

Manually moves an index into the specified step and executes that step.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-move-to-step.html

Parameters:
  • index – The name of the index whose lifecycle step is to change
  • body – The new lifecycle step to move to
put_lifecycle(policy, body=None, params=None, headers=None)

Creates a lifecycle policy

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-put-lifecycle.html

Parameters:
  • policy – The name of the index lifecycle policy
  • body – The lifecycle policy definition to register
remove_policy(index, params=None, headers=None)

Removes the assigned lifecycle policy and stops managing the specified index

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-remove-policy.html

Parameters:index – The name of the index to remove policy on
retry(index, params=None, headers=None)

Retries executing the policy for an index that is in the ERROR step.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-retry-policy.html

Parameters:index – The name of the indices (comma-separated) whose failed lifecycle step is to be retry
start(params=None, headers=None)

Start the index lifecycle management (ILM) plugin.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-start.html

stop(params=None, headers=None)

Halts all lifecycle management operations and stops the index lifecycle management (ILM) plugin

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ilm-stop.html

Licensing

License APIs can be used to manage your licences.

class elasticsearch.client.LicenseClient(client)
delete(params=None, headers=None)

Deletes licensing information for the cluster

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/delete-license.html

get(params=None, headers=None)

Retrieves licensing information for the cluster

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-license.html

Parameters:
  • accept_enterprise – If the active license is an enterprise license, return type as ‘enterprise’ (default: false)
  • local – Return local information, do not retrieve the state from master node (default: false)
get_basic_status(params=None, headers=None)

Retrieves information about the status of the basic license.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-basic-status.html

get_trial_status(params=None, headers=None)

Retrieves information about the status of the trial license.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-trial-status.html

post(body=None, params=None, headers=None)

Updates the license for the cluster.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/update-license.html

Parameters:
  • body – licenses to be installed
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)
post_start_basic(params=None, headers=None)

Starts an indefinite basic license.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/start-basic.html

Parameters:acknowledge – whether the user has acknowledged acknowledge messages (default: false)
post_start_trial(params=None, headers=None)

starts a limited time trial license.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/start-trial.html

Parameters:
  • acknowledge – whether the user has acknowledged acknowledge messages (default: false)
  • doc_type – The type of trial license to generate (default: “trial”)

Machine Learning

Machine Learning APIs can be useful for discovering new patterns about your data. For a more detailed explanation about X-Pack’s machine learning please refer to the official documentation.

class elasticsearch.client.MlClient(client)
close_job(job_id, body=None, params=None, headers=None)

Closes one or more anomaly detection jobs. A job can be opened and closed multiple times throughout its lifecycle.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-close-job.html

Parameters:
  • job_id – The name of the job to close
  • body – The URL params optionally sent in the body
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • force – True if the job should be forcefully closed
  • timeout – Controls the time to wait until a job has closed. Default to 30 minutes
delete_calendar(calendar_id, params=None, headers=None)

Deletes a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-calendar.html

Parameters:calendar_id – The ID of the calendar to delete
delete_calendar_event(calendar_id, event_id, params=None, headers=None)

Deletes scheduled events from a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • event_id – The ID of the event to remove from the calendar
delete_calendar_job(calendar_id, job_id, params=None, headers=None)

Deletes anomaly detection jobs from a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-calendar-job.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • job_id – The ID of the job to remove from the calendar
delete_data_frame_analytics(id, params=None, headers=None)

Deletes an existing data frame analytics job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/delete-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to delete
  • force – True if the job should be forcefully deleted
  • timeout – Controls the time to wait until a job is deleted. Defaults to 1 minute
delete_datafeed(datafeed_id, params=None, headers=None)

Deletes an existing datafeed.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to delete
  • force – True if the datafeed should be forcefully deleted
delete_expired_data(body=None, job_id=None, params=None, headers=None)

Deletes expired and unused machine learning data.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-expired-data.html

Parameters:
  • body – deleting expired data parameters
  • job_id – The ID of the job(s) to perform expired data hygiene for
  • requests_per_second – The desired requests per second for the deletion processes.
  • timeout – How long can the underlying delete processes run until they are canceled
delete_filter(filter_id, params=None, headers=None)

Deletes a filter.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-filter.html

Parameters:filter_id – The ID of the filter to delete
delete_forecast(job_id, forecast_id=None, params=None, headers=None)

Deletes forecasts from a machine learning job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-forecast.html

Parameters:
  • job_id – The ID of the job from which to delete forecasts
  • forecast_id – The ID of the forecast to delete, can be comma delimited list. Leaving blank implies _all
  • allow_no_forecasts – Whether to ignore if _all matches no forecasts
  • timeout – Controls the time to wait until the forecast(s) are deleted. Default to 30 seconds
delete_job(job_id, params=None, headers=None)

Deletes an existing anomaly detection job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-job.html

Parameters:
  • job_id – The ID of the job to delete
  • force – True if the job should be forcefully deleted
  • wait_for_completion – Should this request wait until the operation has completed before returning Default: True
delete_model_snapshot(job_id, snapshot_id, params=None, headers=None)

Deletes an existing model snapshot.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-delete-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to delete
delete_trained_model(model_id, params=None, headers=None)

Deletes an existing trained inference model that is currently not referenced by an ingest pipeline.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/delete-trained-models.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:model_id – The ID of the trained model to delete
estimate_model_memory(body, params=None, headers=None)

Estimates the model memory

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-apis.html

Parameters:body – The analysis config, plus cardinality estimates for fields it references
evaluate_data_frame(body, params=None, headers=None)

Evaluates the data frame analytics for an annotated index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/evaluate-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:body – The evaluation definition
explain_data_frame_analytics(body=None, id=None, params=None, headers=None)

Explains a data frame analytics config.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/explain-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • body – The data frame analytics config to explain
  • id – The ID of the data frame analytics to explain
find_file_structure(body, params=None, headers=None)

Finds the structure of a text file. The text file must contain data that is suitable to be ingested into Elasticsearch.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-find-file-structure.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • body – The contents of the file to be analyzed
  • charset – Optional parameter to specify the character set of the file
  • column_names – Optional parameter containing a comma separated list of the column names for a delimited file
  • delimiter – Optional parameter to specify the delimiter character for a delimited file - must be a single character
  • explain – Whether to include a commentary on how the structure was derived
  • format – Optional parameter to specify the high level file format Valid choices: ndjson, xml, delimited, semi_structured_text
  • grok_pattern – Optional parameter to specify the Grok pattern that should be used to extract fields from messages in a semi- structured text file
  • has_header_row – Optional parameter to specify whether a delimited file includes the column names in its first row
  • line_merge_size_limit – Maximum number of characters permitted in a single message when lines are merged to create messages. Default: 10000
  • lines_to_sample – How many lines of the file should be included in the analysis Default: 1000
  • quote – Optional parameter to specify the quote character for a delimited file - must be a single character
  • should_trim_fields – Optional parameter to specify whether the values between delimiters in a delimited file should have whitespace trimmed from them
  • timeout – Timeout after which the analysis will be aborted Default: 25s
  • timestamp_field – Optional parameter to specify the timestamp field in the file
  • timestamp_format – Optional parameter to specify the timestamp format in the file - may be either a Joda or Java time format
flush_job(job_id, body=None, params=None, headers=None)

Forces any buffered data to be processed by the job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-flush-job.html

Parameters:
  • job_id – The name of the job to flush
  • body – Flush parameters
  • advance_time – Advances time to the given value generating results and updating the model for the advanced interval
  • calc_interim – Calculates interim results for the most recent bucket or all buckets within the latency period
  • end – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
  • skip_time – Skips time to the given value without generating results or updating the model for the skipped interval
  • start – When used in conjunction with calc_interim, specifies the range of buckets on which to calculate interim results
forecast(job_id, params=None, headers=None)

Predicts the future behavior of a time series by using its historical behavior.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-forecast.html

Parameters:
  • job_id – The ID of the job to forecast for
  • duration – The duration of the forecast
  • expires_in – The time interval after which the forecast expires. Expired forecasts will be deleted at the first opportunity.
  • max_model_memory – The max memory able to be used by the forecast. Default is 20mb.
get_buckets(job_id, body=None, timestamp=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more buckets.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-bucket.html

Parameters:
  • job_id – ID of the job to get bucket results from
  • body – Bucket selection details if not provided in URI
  • timestamp – The timestamp of the desired single bucket result
  • anomaly_score – Filter for the most anomalous buckets
  • desc – Set the sort direction
  • end – End time filter for buckets
  • exclude_interim – Exclude interim results
  • expand – Include anomaly records
  • from – skips a number of buckets
  • size – specifies a max number of buckets to get
  • sort – Sort buckets by a particular field
  • start – Start time filter for buckets
get_calendar_events(calendar_id, params=None, headers=None)

Retrieves information about the scheduled events in calendars.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar containing the events
  • end – Get events before this time
  • from – Skips a number of events
  • job_id – Get events for the job. When this option is used calendar_id must be ‘_all’
  • size – Specifies a max number of events to get
  • start – Get events after this time
get_calendars(body=None, calendar_id=None, params=None, headers=None)

Retrieves configuration information for calendars.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-calendar.html

Parameters:
  • body – The from and size parameters optionally sent in the body
  • calendar_id – The ID of the calendar to fetch
  • from – skips a number of calendars
  • size – specifies a max number of calendars to get
get_categories(job_id, body=None, category_id=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more categories.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-category.html

Parameters:
  • job_id – The name of the job
  • body – Category selection details if not provided in URI
  • category_id – The identifier of the category definition of interest
  • from – skips a number of categories
  • partition_field_value – Specifies the partition to retrieve categories for. This is optional, and should never be used for jobs where per-partition categorization is disabled.
  • size – specifies a max number of categories to get
get_data_frame_analytics(id=None, params=None, headers=None)

Retrieves configuration information for data frame analytics jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified) Default: True
  • exclude_generated – Omits fields that are illegal to set on data frame analytics PUT
  • from – skips a number of analytics
  • size – specifies a max number of analytics to get Default: 100
get_data_frame_analytics_stats(id=None, params=None, headers=None)

Retrieves usage information for data frame analytics jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-dfanalytics-stats.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics stats to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified) Default: True
  • from – skips a number of analytics
  • size – specifies a max number of analytics to get Default: 100
  • verbose – whether the stats response should be verbose
get_datafeed_stats(datafeed_id=None, params=None, headers=None)

Retrieves usage information for datafeeds.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-datafeed-stats.html

Parameters:
  • datafeed_id – The ID of the datafeeds stats to fetch
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
get_datafeeds(datafeed_id=None, params=None, headers=None)

Retrieves configuration information for datafeeds.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeeds to fetch
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • exclude_generated – Omits fields that are illegal to set on datafeed PUT
get_filters(filter_id=None, params=None, headers=None)

Retrieves filters.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-filter.html

Parameters:
  • filter_id – The ID of the filter to fetch
  • from – skips a number of filters
  • size – specifies a max number of filters to get
get_influencers(job_id, body=None, params=None, headers=None)

Retrieves anomaly detection job results for one or more influencers.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-influencer.html

Parameters:
  • job_id – Identifier for the anomaly detection job
  • body – Influencer selection criteria
  • desc – whether the results should be sorted in decending order
  • end – end timestamp for the requested influencers
  • exclude_interim – Exclude interim results
  • from – skips a number of influencers
  • influencer_score – influencer score threshold for the requested influencers
  • size – specifies a max number of influencers to get
  • sort – sort field for the requested influencers
  • start – start timestamp for the requested influencers
get_job_stats(job_id=None, params=None, headers=None)

Retrieves usage information for anomaly detection jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-job-stats.html

Parameters:
  • job_id – The ID of the jobs stats to fetch
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
get_jobs(job_id=None, params=None, headers=None)

Retrieves configuration information for anomaly detection jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-job.html

Parameters:
  • job_id – The ID of the jobs to fetch
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • exclude_generated – Omits fields that are illegal to set on job PUT
get_model_snapshots(job_id, body=None, snapshot_id=None, params=None, headers=None)

Retrieves information about model snapshots.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • body – Model snapshot selection criteria
  • snapshot_id – The ID of the snapshot to fetch
  • desc – True if the results should be sorted in descending order
  • end – The filter ‘end’ query parameter
  • from – Skips a number of documents
  • size – The default number of documents returned in queries as a string.
  • sort – Name of the field to sort on
  • start – The filter ‘start’ query parameter
get_overall_buckets(job_id, body=None, params=None, headers=None)

Retrieves overall bucket results that summarize the bucket results of multiple anomaly detection jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-overall-buckets.html

Parameters:
  • job_id – The job IDs for which to calculate overall bucket results
  • body – Overall bucket selection details if not provided in URI
  • allow_no_jobs – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no jobs. (This includes _all string or when no jobs have been specified)
  • bucket_span – The span of the overall buckets. Defaults to the longest job bucket_span
  • end – Returns overall buckets with timestamps earlier than this time
  • exclude_interim – If true overall buckets that include interim buckets will be excluded
  • overall_score – Returns overall buckets with overall scores higher than this value
  • start – Returns overall buckets with timestamps after this time
  • top_n – The number of top job bucket scores to be used in the overall_score calculation
get_records(job_id, body=None, params=None, headers=None)

Retrieves anomaly records for an anomaly detection job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-get-record.html

Parameters:
  • job_id – The ID of the job
  • body – Record selection criteria
  • desc – Set the sort direction
  • end – End time filter for records
  • exclude_interim – Exclude interim results
  • from – skips a number of records
  • record_score – Returns records with anomaly scores greater or equal than this value
  • size – specifies a max number of records to get
  • sort – Sort records by a particular field
  • start – Start time filter for records
get_trained_models(model_id=None, params=None, headers=None)

Retrieves configuration information for a trained inference model.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-trained-models.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • model_id – The ID of the trained models to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no trained models. (This includes _all string or when no trained models have been specified) Default: True
  • decompress_definition – Should the model definition be decompressed into valid JSON or returned in a custom compressed format. Defaults to true. Default: True
  • exclude_generated – Omits fields that are illegal to set on model PUT
  • from – skips a number of trained models
  • include – A comma-separate list of fields to optionally include. Valid options are ‘definition’ and ‘total_feature_importance’. Default is none.
  • include_model_definition – Should the full model definition be included in the results. These definitions can be large. So be cautious when including them. Defaults to false.
  • size – specifies a max number of trained models to get Default: 100
  • tags – A comma-separated list of tags that the model must have.
get_trained_models_stats(model_id=None, params=None, headers=None)

Retrieves usage information for trained inference models.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-trained-models-stats.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • model_id – The ID of the trained models stats to fetch
  • allow_no_match – Whether to ignore if a wildcard expression matches no trained models. (This includes _all string or when no trained models have been specified) Default: True
  • from – skips a number of trained models
  • size – specifies a max number of trained models to get Default: 100
info(params=None, headers=None)

Returns defaults and limits used by machine learning.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-ml-info.html

open_job(job_id, params=None, headers=None)

Opens one or more anomaly detection jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-open-job.html

Parameters:job_id – The ID of the job to open
post_calendar_events(calendar_id, body, params=None, headers=None)

Posts scheduled events in a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-post-calendar-event.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • body – A list of events
post_data(job_id, body, params=None, headers=None)

Sends data to an anomaly detection job for analysis.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-post-data.html

Parameters:
  • job_id – The name of the job receiving the data
  • body – The data to process
  • reset_end – Optional parameter to specify the end of the bucket resetting range
  • reset_start – Optional parameter to specify the start of the bucket resetting range
preview_datafeed(datafeed_id, params=None, headers=None)

Previews a datafeed.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-preview-datafeed.html

Parameters:datafeed_id – The ID of the datafeed to preview
put_calendar(calendar_id, body=None, params=None, headers=None)

Instantiates a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-put-calendar.html

Parameters:
  • calendar_id – The ID of the calendar to create
  • body – The calendar details
put_calendar_job(calendar_id, job_id, params=None, headers=None)

Adds an anomaly detection job to a calendar.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-put-calendar-job.html

Parameters:
  • calendar_id – The ID of the calendar to modify
  • job_id – The ID of the job to add to the calendar
put_data_frame_analytics(id, body, params=None, headers=None)

Instantiates a data frame analytics job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/put-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to create
  • body – The data frame analytics configuration
put_datafeed(datafeed_id, body, params=None, headers=None)

Instantiates a datafeed.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-put-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to create
  • body – The datafeed config
  • allow_no_indices – Ignore if the source indices expressions resolves to no concrete indices (default: true)
  • expand_wildcards – Whether source index expressions should get expanded to open or closed indices (default: open) Valid choices: open, closed, hidden, none, all
  • ignore_throttled – Ignore indices that are marked as throttled (default: true)
  • ignore_unavailable – Ignore unavailable indexes (default: false)
put_filter(filter_id, body, params=None, headers=None)

Instantiates a filter.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-put-filter.html

Parameters:
  • filter_id – The ID of the filter to create
  • body – The filter details
put_job(job_id, body, params=None, headers=None)

Instantiates an anomaly detection job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-put-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job
put_trained_model(model_id, body, params=None, headers=None)

Creates an inference trained model.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/put-trained-models.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • model_id – The ID of the trained models to store
  • body – The trained model configuration
revert_model_snapshot(job_id, snapshot_id, body=None, params=None, headers=None)

Reverts to a specific snapshot.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-revert-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to revert to
  • body – Reversion options
  • delete_intervening_results – Should we reset the results back to the time of the snapshot?
set_upgrade_mode(params=None, headers=None)

Sets a cluster wide upgrade_mode setting that prepares machine learning indices for an upgrade.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-set-upgrade-mode.html

Parameters:
  • enabled – Whether to enable upgrade_mode ML setting or not. Defaults to false.
  • timeout – Controls the time to wait before action times out. Defaults to 30 seconds
start_data_frame_analytics(id, body=None, params=None, headers=None)

Starts a data frame analytics job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/start-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to start
  • body – The start data frame analytics parameters
  • timeout – Controls the time to wait until the task has started. Defaults to 20 seconds
start_datafeed(datafeed_id, body=None, params=None, headers=None)

Starts one or more datafeeds.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-start-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to start
  • body – The start datafeed parameters
  • end – The end time when the datafeed should stop. When not set, the datafeed continues in real time
  • start – The start time from where the datafeed should begin
  • timeout – Controls the time to wait until a datafeed has started. Default to 20 seconds
stop_data_frame_analytics(id, body=None, params=None, headers=None)

Stops one or more data frame analytics jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/stop-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to stop
  • body – The stop data frame analytics parameters
  • allow_no_match – Whether to ignore if a wildcard expression matches no data frame analytics. (This includes _all string or when no data frame analytics have been specified)
  • force – True if the data frame analytics should be forcefully stopped
  • timeout – Controls the time to wait until the task has stopped. Defaults to 20 seconds
stop_datafeed(datafeed_id, body=None, params=None, headers=None)

Stops one or more datafeeds.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-stop-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to stop
  • body – The URL params optionally sent in the body
  • allow_no_datafeeds – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • allow_no_match – Whether to ignore if a wildcard expression matches no datafeeds. (This includes _all string or when no datafeeds have been specified)
  • force – True if the datafeed should be forcefully stopped.
  • timeout – Controls the time to wait until a datafeed has stopped. Default to 20 seconds
update_data_frame_analytics(id, body, params=None, headers=None)

Updates certain properties of a data frame analytics job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/update-dfanalytics.html

Warning

This API is beta so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the data frame analytics to update
  • body – The data frame analytics settings to update
update_datafeed(datafeed_id, body, params=None, headers=None)

Updates certain properties of a datafeed.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-update-datafeed.html

Parameters:
  • datafeed_id – The ID of the datafeed to update
  • body – The datafeed update settings
  • allow_no_indices – Ignore if the source indices expressions resolves to no concrete indices (default: true)
  • expand_wildcards – Whether source index expressions should get expanded to open or closed indices (default: open) Valid choices: open, closed, hidden, none, all
  • ignore_throttled – Ignore indices that are marked as throttled (default: true)
  • ignore_unavailable – Ignore unavailable indexes (default: false)
update_filter(filter_id, body, params=None, headers=None)

Updates the description of a filter, adds items, or removes items.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-update-filter.html

Parameters:
  • filter_id – The ID of the filter to update
  • body – The filter update
update_job(job_id, body, params=None, headers=None)

Updates certain properties of an anomaly detection job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-update-job.html

Parameters:
  • job_id – The ID of the job to create
  • body – The job update settings
update_model_snapshot(job_id, snapshot_id, body, params=None, headers=None)

Updates certain properties of a snapshot.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-update-snapshot.html

Parameters:
  • job_id – The ID of the job to fetch
  • snapshot_id – The ID of the snapshot to update
  • body – The model snapshot properties to update
upgrade_job_snapshot(job_id, snapshot_id, params=None, headers=None)

Upgrades a given job snapshot to the current major version.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/ml-upgrade-job-model-snapshot.html

Parameters:
  • job_id – The ID of the job
  • snapshot_id – The ID of the snapshot
  • timeout – How long should the API wait for the job to be opened and the old snapshot to be loaded.
  • wait_for_completion – Should the request wait until the task is complete before responding to the caller. Default is false.
validate(body, params=None, headers=None)

Validates an anomaly detection job.

https://www.elastic.co/guide/en/machine-learning/current/ml-jobs.html

Parameters:body – The job config
validate_detector(body, params=None, headers=None)

Validates an anomaly detection detector.

https://www.elastic.co/guide/en/machine-learning/current/ml-jobs.html

Parameters:body – The detector

Migration

Migration API helps simplify upgrading X-Pack indices from one version to another.

class elasticsearch.client.MigrationClient(client)
deprecations(index=None, params=None, headers=None)

Retrieves information about different cluster, node, and index level settings that use deprecated features that will be removed or changed in the next major version.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/migration-api-deprecation.html

Parameters:index – Index pattern

Monitoring

Monitoring API used to collect data from the Elasticsearch nodes, Logstash nodes, Kibana instances, and Beats in your cluster.

class elasticsearch.client.MonitoringClient(client)
bulk(body, doc_type=None, params=None, headers=None)

Used by the monitoring features to send monitoring data.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/monitor-elasticsearch-cluster.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • body – The operation definition and data (action-data pairs), separated by newlines
  • doc_type – Default document type for items which don’t provide one
  • interval – Collection interval (e.g., ’10s’ or ‘10000ms’) of the payload
  • system_api_version – API Version of the monitored system
  • system_id – Identifier of the monitored system

Rollup

Rollup API enables searching through rolled-up data using the standard query DSL.

class elasticsearch.client.RollupClient(client)
delete_job(id, params=None, headers=None)

Deletes an existing rollup job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-delete-job.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:id – The ID of the job to delete
get_jobs(id=None, params=None, headers=None)

Retrieves the configuration, stats, and status of rollup jobs.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-get-job.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:id – The ID of the job(s) to fetch. Accepts glob patterns, or left blank for all jobs
get_rollup_caps(id=None, params=None, headers=None)

Returns the capabilities of any rollup jobs that have been configured for a specific index or index pattern.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-get-rollup-caps.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:id – The ID of the index to check rollup capabilities on, or left blank for all jobs
get_rollup_index_caps(index, params=None, headers=None)

Returns the rollup capabilities of all jobs inside of a rollup index (e.g. the index where rollup data is stored).

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-get-rollup-index-caps.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:index – The rollup index or index pattern to obtain rollup capabilities from.
put_job(id, body, params=None, headers=None)

Creates a rollup job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-put-job.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the job to create
  • body – The job configuration
rollup(index, rollup_index, body, params=None, headers=None)

Rollup an index

https://www.elastic.co/guide/en/elasticsearch/reference/master/rollup-api.html

Parameters:
  • index – The index to roll up
  • rollup_index – The name of the rollup index to create
  • body – The rollup configuration

Enables searching rolled-up data using the standard query DSL.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-search.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • index – The indices or index-pattern(s) (containing rollup or regular data) that should be searched
  • body – The search request body
  • doc_type – The doc type inside the index
  • rest_total_hits_as_int – Indicates whether hits.total should be rendered as an integer or an object in the rest search response
  • typed_keys – Specify whether aggregation and suggester names should be prefixed by their respective types in the response
start_job(id, params=None, headers=None)

Starts an existing, stopped rollup job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-start-job.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:id – The ID of the job to start
stop_job(id, params=None, headers=None)

Stops an existing, started rollup job.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/rollup-stop-job.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • id – The ID of the job to stop
  • timeout – Block for (at maximum) the specified duration while waiting for the job to stop. Defaults to 30s.
  • wait_for_completion – True if the API should block until the job has fully stopped, false if should be executed async. Defaults to false.

Searchable Snapshots

Searchable Snapshots API used to perform searchable snapshots operations.

class elasticsearch.client.SearchableSnapshotsClient(client)
clear_cache(index=None, params=None, headers=None)

Clear the cache of searchable snapshots.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/searchable-snapshots-apis.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • index – A comma-separated list of index name to limit the operation
  • allow_no_indices – Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
  • expand_wildcards – Whether to expand wildcard expression to concrete indices that are open, closed or both. Valid choices: open, closed, none, all Default: open
  • ignore_unavailable – Whether specified concrete indices should be ignored when unavailable (missing or closed)
mount(repository, snapshot, body, params=None, headers=None)

Mount a snapshot as a searchable index.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/searchable-snapshots-api-mount-snapshot.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:
  • repository – The name of the repository containing the snapshot of the index to mount
  • snapshot – The name of the snapshot of the index to mount
  • body – The restore configuration for mounting the snapshot as searchable
  • master_timeout – Explicit operation timeout for connection to master node
  • wait_for_completion – Should this request wait until the operation has completed before returning
repository_stats(repository, params=None, headers=None)

DEPRECATED: This API is replaced by the Repositories Metering API.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/searchable-snapshots-apis.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:repository – The repository for which to get the stats for
stats(index=None, params=None, headers=None)

Retrieve various statistics about searchable snapshots.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/searchable-snapshots-apis.html

Warning

This API is experimental so may include breaking changes or be removed in a future version

Parameters:index – A comma-separated list of index names

Security

Security API can be used to help secure your Elasticsearch cluster. Integrating with LDAP and Active Directory.

class elasticsearch.client.SecurityClient(client)
authenticate(params=None, headers=None)

Enables authentication as a user and retrieve information about the authenticated user.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-authenticate.html

change_password(body, username=None, params=None, headers=None)

Changes the passwords of users in the native realm and built-in users.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-change-password.html

Parameters:
  • body – the new password for the user
  • username – The username of the user to change the password for
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
clear_api_key_cache(ids, params=None, headers=None)

Clear a subset or all entries from the API key cache.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-clear-api-key-cache.html

Parameters:ids – A comma-separated list of IDs of API keys to clear from the cache
clear_cached_privileges(application, params=None, headers=None)

Evicts application privileges from the native application privileges cache.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-clear-privilege-cache.html

Parameters:application – A comma-separated list of application names
clear_cached_realms(realms, params=None, headers=None)

Evicts users from the user cache. Can completely clear the cache or evict specific users.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-clear-cache.html

Parameters:
  • realms – Comma-separated list of realms to clear
  • usernames – Comma-separated list of usernames to clear from the cache
clear_cached_roles(name, params=None, headers=None)

Evicts roles from the native role cache.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-clear-role-cache.html

Parameters:name – Role name
create_api_key(body, params=None, headers=None)

Creates an API key for access without requiring basic authentication.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-create-api-key.html

Parameters:
  • body – The api key request to create an API key
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_privileges(application, name, params=None, headers=None)

Removes application privileges.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-delete-privilege.html

Parameters:
  • application – Application name
  • name – Privilege name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_role(name, params=None, headers=None)

Removes roles in the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-delete-role.html

Parameters:
  • name – Role name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_role_mapping(name, params=None, headers=None)

Removes role mappings.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-delete-role-mapping.html

Parameters:
  • name – Role-mapping name
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
delete_user(username, params=None, headers=None)

Deletes users from the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-delete-user.html

Parameters:
  • username – username
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
disable_user(username, params=None, headers=None)

Disables users in the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-disable-user.html

Parameters:
  • username – The username of the user to disable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
enable_user(username, params=None, headers=None)

Enables users in the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-enable-user.html

Parameters:
  • username – The username of the user to enable
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
get_api_key(params=None, headers=None)

Retrieves information for one or more API keys.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-api-key.html

Parameters:
  • id – API key id of the API key to be retrieved
  • name – API key name of the API key to be retrieved
  • owner – flag to query API keys owned by the currently authenticated user
  • realm_name – realm name of the user who created this API key to be retrieved
  • username – user name of the user who created this API key to be retrieved
get_builtin_privileges(params=None, headers=None)

Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-builtin-privileges.html

get_privileges(application=None, name=None, params=None, headers=None)

Retrieves application privileges.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-privileges.html

Parameters:
  • application – Application name
  • name – Privilege name
get_role(name=None, params=None, headers=None)

Retrieves roles in the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-role.html

Parameters:name – A comma-separated list of role names
get_role_mapping(name=None, params=None, headers=None)

Retrieves role mappings.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-role-mapping.html

Parameters:name – A comma-separated list of role-mapping names
get_token(body, params=None, headers=None)

Creates a bearer token for access without requiring basic authentication.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-token.html

Parameters:body – The token request to get
get_user(username=None, params=None, headers=None)

Retrieves information about users in the native realm and built-in users.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-user.html

Parameters:username – A comma-separated list of usernames
get_user_privileges(params=None, headers=None)

Retrieves application privileges.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-get-privileges.html

grant_api_key(body, params=None, headers=None)

Creates an API key on behalf of another user.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-grant-api-key.html

Parameters:
  • body – The api key request to create an API key
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
has_privileges(body, user=None, params=None, headers=None)

Determines whether the specified user has a specified list of privileges.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-has-privileges.html

Parameters:
  • body – The privileges to test
  • user – Username
invalidate_api_key(body, params=None, headers=None)

Invalidates one or more API keys.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-invalidate-api-key.html

Parameters:body – The api key request to invalidate API key(s)
invalidate_token(body, params=None, headers=None)

Invalidates one or more access tokens or refresh tokens.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-invalidate-token.html

Parameters:body – The token to invalidate
put_privileges(body, params=None, headers=None)

Adds or updates application privileges.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-put-privileges.html

Parameters:
  • body – The privilege(s) to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_role(name, body, params=None, headers=None)

Adds and updates roles in the native realm.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-put-role.html

Parameters:
  • name – Role name
  • body – The role to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_role_mapping(name, body, params=None, headers=None)

Creates and updates role mappings.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-put-role-mapping.html

Parameters:
  • name – Role-mapping name
  • body – The role mapping to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for
put_user(username, body, params=None, headers=None)

Adds and updates users in the native realm. These users are commonly referred to as native users.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-put-user.html

Parameters:
  • username – The username of the User
  • body – The user to add
  • refresh – If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes. Valid choices: true, false, wait_for

Snapshot Lifecycle Management (SLM)

Snapshot Lifecycle Management API can be used to set up policies to automatically take snapshots and control how long they are retained.

class elasticsearch.client.SlmClient(client)
delete_lifecycle(policy_id, params=None, headers=None)

Deletes an existing snapshot lifecycle policy.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-delete-policy.html

Parameters:policy_id – The id of the snapshot lifecycle policy to remove
execute_lifecycle(policy_id, params=None, headers=None)

Immediately creates a snapshot according to the lifecycle policy, without waiting for the scheduled time.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-execute-lifecycle.html

Parameters:policy_id – The id of the snapshot lifecycle policy to be executed
execute_retention(params=None, headers=None)

Deletes any snapshots that are expired according to the policy’s retention rules.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-execute-retention.html

get_lifecycle(policy_id=None, params=None, headers=None)

Retrieves one or more snapshot lifecycle policy definitions and information about the latest snapshot attempts.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-get-policy.html

Parameters:policy_id – Comma-separated list of snapshot lifecycle policies to retrieve
get_stats(params=None, headers=None)

Returns global and policy-level statistics about actions taken by snapshot lifecycle management.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-get-stats.html

get_status(params=None, headers=None)

Retrieves the status of snapshot lifecycle management (SLM).

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-get-status.html

put_lifecycle(policy_id, body=None, params=None, headers=None)

Creates or updates a snapshot lifecycle policy.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-put-policy.html

Parameters:
  • policy_id – The id of the snapshot lifecycle policy
  • body – The snapshot lifecycle policy definition to register
start(params=None, headers=None)

Turns on snapshot lifecycle management (SLM).

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-start.html

stop(params=None, headers=None)

Turns off snapshot lifecycle management (SLM).

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/slm-api-stop.html

SQL

The SQL REST API accepts SQL in a JSON document, executes it, and returns the results.

class elasticsearch.client.SqlClient(client)
clear_cursor(body, params=None, headers=None)

Clears the SQL cursor

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/sql-pagination.html

Parameters:body – Specify the cursor value in the cursor element to clean the cursor.
query(body, params=None, headers=None)

Executes a SQL request

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/sql-rest-overview.html

Parameters:
  • body – Use the query element to start a query. Use the cursor element to continue a query.
  • format – a short version of the Accept header, e.g. json, yaml
translate(body, params=None, headers=None)

Translates SQL into Elasticsearch queries

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/sql-translate.html

Parameters:body – Specify the query in the query element.

SSL Certificate

SSL Certificate API enables you to retrieve information about the X.509 certificates that are used to encrypt communications in your Elasticsearch cluster.

class elasticsearch.client.SslClient(client)
certificates(params=None, headers=None)

Retrieves information about the X.509 certificates used to encrypt communications in the cluster.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/security-api-ssl.html

Transform

Transform API manages transformation operations from grabbing data from source indices, transforms it, and saves it to a destination index.

class elasticsearch.client.TransformClient(client)
delete_transform(transform_id, params=None, headers=None)

Deletes an existing transform.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/delete-transform.html

Parameters:
  • transform_id – The id of the transform to delete
  • force – When true, the transform is deleted regardless of its current state. The default value is false, meaning that the transform must be stopped before it can be deleted.
get_transform(transform_id=None, params=None, headers=None)

Retrieves configuration information for transforms.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-transform.html

Parameters:
  • transform_id – The id or comma delimited list of id expressions of the transforms to get, ‘_all’ or ‘*’ implies get all transforms
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • exclude_generated – Omits fields that are illegal to set on transform PUT
  • from – skips a number of transform configs, defaults to 0
  • size – specifies a max number of transforms to get, defaults to 100
get_transform_stats(transform_id, params=None, headers=None)

Retrieves usage information for transforms.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/get-transform-stats.html

Parameters:
  • transform_id – The id of the transform for which to get stats. ‘_all’ or ‘*’ implies all transforms
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • from – skips a number of transform stats, defaults to 0
  • size – specifies a max number of transform stats to get, defaults to 100
preview_transform(body, params=None, headers=None)

Previews a transform.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/preview-transform.html

Parameters:body – The definition for the transform to preview
put_transform(transform_id, body, params=None, headers=None)

Instantiates a transform.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/put-transform.html

Parameters:
  • transform_id – The id of the new transform.
  • body – The transform definition
  • defer_validation – If validations should be deferred until transform starts, defaults to false.
start_transform(transform_id, params=None, headers=None)

Starts one or more transforms.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/start-transform.html

Parameters:
  • transform_id – The id of the transform to start
  • timeout – Controls the time to wait for the transform to start
stop_transform(transform_id, params=None, headers=None)

Stops one or more transforms.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/stop-transform.html

Parameters:
  • transform_id – The id of the transform to stop
  • allow_no_match – Whether to ignore if a wildcard expression matches no transforms. (This includes _all string or when no transforms have been specified)
  • force – Whether to force stop a failed transform or not. Default to false
  • timeout – Controls the time to wait until the transform has stopped. Default to 30 seconds
  • wait_for_checkpoint – Whether to wait for the transform to reach a checkpoint before stopping. Default to false
  • wait_for_completion – Whether to wait for the transform to fully stop before returning or not. Default to false
update_transform(transform_id, body, params=None, headers=None)

Updates certain properties of a transform.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/update-transform.html

Parameters:
  • transform_id – The id of the transform.
  • body – The update transform definition
  • defer_validation – If validations should be deferred until transform starts, defaults to false.

Watcher

Watcher APIs can be used to notify you when certain pre-defined thresholds have happened.

class elasticsearch.client.WatcherClient(client)
ack_watch(watch_id, action_id=None, params=None, headers=None)

Acknowledges a watch, manually throttling the execution of the watch’s actions.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-ack-watch.html

Parameters:
  • watch_id – Watch ID
  • action_id – A comma-separated list of the action ids to be acked
activate_watch(watch_id, params=None, headers=None)

Activates a currently inactive watch.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-activate-watch.html

Parameters:watch_id – Watch ID
deactivate_watch(watch_id, params=None, headers=None)

Deactivates a currently active watch.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-deactivate-watch.html

Parameters:watch_id – Watch ID
delete_watch(id, params=None, headers=None)

Removes a watch from Watcher.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-delete-watch.html

Parameters:id – Watch ID
execute_watch(body=None, id=None, params=None, headers=None)

Forces the execution of a stored watch.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-execute-watch.html

Parameters:
  • body – Execution control
  • id – Watch ID
  • debug – indicates whether the watch should execute in debug mode
get_watch(id, params=None, headers=None)

Retrieves a watch by its ID.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-get-watch.html

Parameters:id – Watch ID
put_watch(id, body=None, params=None, headers=None)

Creates a new watch, or updates an existing one.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-put-watch.html

Parameters:
  • id – Watch ID
  • body – The watch
  • active – Specify whether the watch is in/active by default
  • if_primary_term – only update the watch if the last operation that has changed the watch has the specified primary term
  • if_seq_no – only update the watch if the last operation that has changed the watch has the specified sequence number
  • version – Explicit version number for concurrency control
query_watches(body=None, params=None, headers=None)

Retrieves stored watches.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-query-watches.html

Parameters:body – From, size, query, sort and search_after
start(params=None, headers=None)

Starts Watcher if it is not already running.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-start.html

stats(metric=None, params=None, headers=None)

Retrieves the current Watcher metrics.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-stats.html

Parameters:
  • metric – Controls what additional stat metrics should be include in the response Valid choices: _all, queued_watches, current_watches, pending_watches
  • emit_stacktraces – Emits stack traces of currently running watches
stop(params=None, headers=None)

Stops Watcher if it is running.

https://www.elastic.co/guide/en/elasticsearch/reference/7.11/watcher-api-stop.html