Path parameters

  • datafeed_idstring Required

    A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.

Query parameters

  • allow_no_indicesboolean

    If true, wildcard indices expressions that resolve into no concrete indices are ignored. This includes the _all string or when no indices are specified.

  • expand_wildcardsstring | array[string]

    Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values. Valid values are:

    • all: Match any data stream or index, including hidden ones.
    • closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
    • hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
    • none: Wildcard patterns are not accepted.
    • open: Match open, non-hidden indices. Also matches any non-hidden data stream.

    Values are all, open, closed, hidden, or none.

  • ignore_throttledboolean Deprecated

    If true, concrete, expanded or aliased indices are ignored when frozen.

  • ignore_unavailableboolean

    If true, unavailable indices (missing or closed) are ignored.

application/json

BodyRequired

  • aggregationsobject

    If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.

  • chunking_configobject
    Hide chunking_config attributes Show chunking_config attributes object
    • modestring Required

      Values are auto, manual, or off.

    • time_spanstring

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

  • delayed_data_check_configobject
    Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
    • check_windowstring

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • enabledboolean Required

      Specifies whether the datafeed periodically checks for delayed data.

  • frequencystring

    A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

  • indicesarray[string]

    An array of index names. Wildcards are supported. If any of the indices are in remote clusters, the machine learning nodes must have the remote_cluster_client role.

  • indices_optionsobject

    Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.

    Hide indices_options attributes Show indices_options attributes object
    • allow_no_indicesboolean

      If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

    • expand_wildcardsstring | array[string]
    • ignore_unavailableboolean

      If true, missing or closed indices are not included in the response.

    • ignore_throttledboolean

      If true, concrete, expanded or aliased indices are ignored when frozen.

  • job_idstring
  • max_empty_searchesnumber

    If a real-time datafeed has never seen any data (including during any initial training period), it automatically stops and closes the associated job after this many real-time searches return no documents. In other words, it stops after frequency times max_empty_searches of real-time operation. If not set, a datafeed with no end time that sees no data remains started until it is explicitly stopped. By default, it is not set.

  • queryobject

    An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

    External documentation
  • query_delaystring

    A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

  • runtime_mappingsobject
    Hide runtime_mappings attribute Show runtime_mappings attribute object
    • *object Additional properties
      Hide * attributes Show * attributes object
      • fieldsobject

        For type composite

        Hide fields attribute Show fields attribute object
        • *object Additional properties
          Hide * attribute Show * attribute object
          • typestring Required

            Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.

      • fetch_fieldsarray[object]

        For type lookup

        Hide fetch_fields attributes Show fetch_fields attributes object
        • fieldstring Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • formatstring
      • formatstring

        A custom format for date type runtime fields.

      • input_fieldstring

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • target_fieldstring

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • target_indexstring
      • scriptobject
        Hide script attributes Show script attributes object

        • sourcestring | object

          One of:
          ScriptSourcestringSearchRequestBodyobject
        • idstring
        • paramsobject

          Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

          Hide params attribute Show params attribute object
          • *object Additional properties

        • langstring

          Any of:
          ScriptLanguagestringScriptLanguagestring

          Values are painless, expression, mustache, or java.

        • optionsobject
          Hide options attribute Show options attribute object
          • *string Additional properties
      • typestring Required

        Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.

  • script_fieldsobject

    Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.

    Hide script_fields attribute Show script_fields attribute object
    • *object Additional properties
      Hide * attributes Show * attributes object
      • scriptobject Required
        Hide script attributes Show script attributes object

        • sourcestring | object

          One of:
          ScriptSourcestringSearchRequestBodyobject
        • idstring
        • paramsobject

          Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

          Hide params attribute Show params attribute object
          • *object Additional properties

        • langstring

          Any of:
          ScriptLanguagestringScriptLanguagestring

          Values are painless, expression, mustache, or java.

        • optionsobject
          Hide options attribute Show options attribute object
          • *string Additional properties
      • ignore_failureboolean
  • scroll_sizenumber

    The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • authorizationobject
      Hide authorization attributes Show authorization attributes object
      • api_keyobject
        Hide api_key attributes Show api_key attributes object
        • idstring Required

          The identifier for the API key.

        • namestring Required

          The name of the API key.

      • rolesarray[string]

        If a user ID was used for the most recent update to the datafeed, its roles at the time of the update are listed in the response.

      • service_accountstring

        If a service account was used for the most recent update to the datafeed, the account name is listed in the response.

    • aggregationsobject
    • chunking_configobject Required
      Hide chunking_config attributes Show chunking_config attributes object
      • modestring Required

        Values are auto, manual, or off.

      • time_spanstring

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • delayed_data_check_configobject
      Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
      • check_windowstring

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • enabledboolean Required

        Specifies whether the datafeed periodically checks for delayed data.

    • datafeed_idstring Required
    • frequencystring

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • indicesarray[string] Required
    • indices_optionsobject

      Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.

      Hide indices_options attributes Show indices_options attributes object
      • allow_no_indicesboolean

        If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

      • expand_wildcardsstring | array[string]
      • ignore_unavailableboolean

        If true, missing or closed indices are not included in the response.

      • ignore_throttledboolean

        If true, concrete, expanded or aliased indices are ignored when frozen.

    • job_idstring Required
    • max_empty_searchesnumber
    • queryobject Required

      An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

      External documentation
    • query_delaystring Required

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • runtime_mappingsobject
      Hide runtime_mappings attribute Show runtime_mappings attribute object
      • *object Additional properties
        Hide * attributes Show * attributes object
        • fieldsobject

          For type composite

          Hide fields attribute Show fields attribute object
          • *object Additional properties
            Hide * attribute Show * attribute object
            • typestring Required

              Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.

        • fetch_fieldsarray[object]

          For type lookup

          Hide fetch_fields attributes Show fetch_fields attributes object
          • fieldstring Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • formatstring
        • formatstring

          A custom format for date type runtime fields.

        • input_fieldstring

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • target_fieldstring

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • target_indexstring
        • scriptobject
          Hide script attributes Show script attributes object

          • sourcestring | object

            One of:
            ScriptSourcestringSearchRequestBodyobject
          • idstring
          • paramsobject

            Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            Hide params attribute Show params attribute object
            • *object Additional properties

          • langstring

            Any of:
            ScriptLanguagestringScriptLanguagestring

            Values are painless, expression, mustache, or java.

          • optionsobject
            Hide options attribute Show options attribute object
            • *string Additional properties
        • typestring Required

          Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.

    • script_fieldsobject
      Hide script_fields attribute Show script_fields attribute object
      • *object Additional properties
        Hide * attributes Show * attributes object
        • scriptobject Required
          Hide script attributes Show script attributes object

          • sourcestring | object

            One of:
            ScriptSourcestringSearchRequestBodyobject
          • idstring
          • paramsobject

            Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            Hide params attribute Show params attribute object
            • *object Additional properties

          • langstring

            Any of:
            ScriptLanguagestringScriptLanguagestring

            Values are painless, expression, mustache, or java.

          • optionsobject
            Hide options attribute Show options attribute object
            • *string Additional properties
        • ignore_failureboolean
    • scroll_sizenumber Required
POST /_ml/datafeeds/{datafeed_id}/_update
POST _ml/datafeeds/datafeed-test-job/_update
{
  "query": {
    "term": {
      "geo.src": "US"
    }
  }
}
resp = client.ml.update_datafeed(
    datafeed_id="datafeed-test-job",
    query={
        "term": {
            "geo.src": "US"
        }
    },
)
const response = await client.ml.updateDatafeed({
  datafeed_id: "datafeed-test-job",
  query: {
    term: {
      "geo.src": "US",
    },
  },
});
response = client.ml.update_datafeed(
  datafeed_id: "datafeed-test-job",
  body: {
    "query": {
      "term": {
        "geo.src": "US"
      }
    }
  }
)
$resp = $client->ml()->updateDatafeed([
    "datafeed_id" => "datafeed-test-job",
    "body" => [
        "query" => [
            "term" => [
                "geo.src" => "US",
            ],
        ],
    ],
]);
curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"query":{"term":{"geo.src":"US"}}}' "$ELASTICSEARCH_URL/_ml/datafeeds/datafeed-test-job/_update"
Request example
An example body for a `POST _ml/datafeeds/datafeed-test-job/_update` request.
{
  "query": {
    "term": {
      "geo.src": "US"
    }
  }
}