2019-03-21 12:11:38 -04:00
|
|
|
|
[role="xpack"]
|
|
|
|
|
[testenv="basic"]
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform]]
|
2019-12-17 12:01:31 -05:00
|
|
|
|
=== Create {transform} API
|
2019-04-30 13:46:13 -04:00
|
|
|
|
|
|
|
|
|
[subs="attributes"]
|
2019-03-21 12:11:38 -04:00
|
|
|
|
++++
|
2019-12-17 12:01:31 -05:00
|
|
|
|
<titleabbrev>Create {transform}</titleabbrev>
|
2019-03-21 12:11:38 -04:00
|
|
|
|
++++
|
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
Instantiates a {transform}.
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-request]]
|
2019-06-26 16:46:21 -04:00
|
|
|
|
==== {api-request-title}
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-10-08 02:59:01 -04:00
|
|
|
|
`PUT _transform/<transform_id>`
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-prereqs]]
|
2019-06-26 16:46:21 -04:00
|
|
|
|
==== {api-prereq-title}
|
|
|
|
|
|
2020-04-06 11:06:22 -04:00
|
|
|
|
If the {es} {security-features} are enabled, you must have the following
|
|
|
|
|
built-in roles and privileges:
|
|
|
|
|
|
|
|
|
|
* `transform_admin`
|
|
|
|
|
* `kibana_admin` (UI only)
|
|
|
|
|
|
|
|
|
|
* source index: `read`, `view_index_metadata`
|
|
|
|
|
* destination index: `read`, `create_index`, `manage` and `index`
|
|
|
|
|
* cluster: `monitor` (UI only)
|
|
|
|
|
|
|
|
|
|
For more information, see <<security-privileges>> and <<built-in-roles>>.
|
|
|
|
|
|
2019-06-26 16:46:21 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-desc]]
|
2019-06-27 18:16:24 -04:00
|
|
|
|
==== {api-description-title}
|
2019-05-16 10:10:23 -04:00
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
This API defines a {transform}, which copies data from source indices,
|
2019-07-24 14:09:06 -04:00
|
|
|
|
transforms it, and persists it into an entity-centric destination index. The
|
|
|
|
|
entities are defined by the set of `group_by` fields in the `pivot` object. You
|
|
|
|
|
can also think of the destination index as a two-dimensional tabular data
|
|
|
|
|
structure (known as a {dataframe}). The ID for each document in the
|
|
|
|
|
{dataframe} is generated from a hash of the entity, so there is a unique row
|
2019-09-25 11:11:37 -04:00
|
|
|
|
per entity. For more information, see <<transforms>>.
|
2019-07-24 14:09:06 -04:00
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
When the {transform} is created, a series of validations occur to
|
2019-07-22 18:29:59 -04:00
|
|
|
|
ensure its success. For example, there is a check for the existence of the
|
|
|
|
|
source indices and a check that the destination index is not part of the source
|
|
|
|
|
index pattern. You can use the `defer_validation` parameter to skip these
|
|
|
|
|
checks.
|
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
Deferred validations are always run when the {transform} is started,
|
2019-07-25 18:03:57 -04:00
|
|
|
|
with the exception of privilege checks. When {es} {security-features} are
|
2019-09-16 11:28:19 -04:00
|
|
|
|
enabled, the {transform} remembers which roles the user that created
|
2019-07-25 18:03:57 -04:00
|
|
|
|
it had at the time of creation and uses those same roles. If those roles do not
|
|
|
|
|
have the required privileges on the source and destination indices, the
|
2019-09-16 11:28:19 -04:00
|
|
|
|
{transform} fails when it attempts unauthorized operations.
|
2019-07-25 18:03:57 -04:00
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
IMPORTANT: You must use {kib} or this API to create a {transform}.
|
|
|
|
|
Do not put a {transform} directly into any
|
2019-10-17 08:22:36 -04:00
|
|
|
|
`.transform-internal*` indices using the Elasticsearch index API.
|
2019-05-16 10:10:23 -04:00
|
|
|
|
If {es} {security-features} are enabled, do not give users any
|
2019-10-17 08:22:36 -04:00
|
|
|
|
privileges on `.transform-internal*` indices. If you used transforms
|
|
|
|
|
prior 7.5, also do not give users any privileges on
|
|
|
|
|
`.data-frame-internal*` indices.
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-path-parms]]
|
2019-06-26 16:46:21 -04:00
|
|
|
|
==== {api-path-parms-title}
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
`<transform_id>`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, string)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=transform-id]
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-query-parms]]
|
2019-07-22 16:12:55 -04:00
|
|
|
|
==== {api-query-parms-title}
|
|
|
|
|
|
|
|
|
|
`defer_validation`::
|
2019-07-22 18:29:59 -04:00
|
|
|
|
(Optional, boolean) When `true`, deferrable validations are not run. This
|
|
|
|
|
behavior may be desired if the source index does not exist until after the
|
2019-09-16 11:28:19 -04:00
|
|
|
|
{transform} is created.
|
2019-07-22 16:12:55 -04:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
[role="child_attributes"]
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-request-body]]
|
2019-06-26 16:46:21 -04:00
|
|
|
|
==== {api-request-body-title}
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-07-10 17:39:38 -04:00
|
|
|
|
`description`::
|
2019-09-16 11:28:19 -04:00
|
|
|
|
(Optional, string) Free text description of the {transform}.
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
//Begin dest
|
2019-07-10 17:39:38 -04:00
|
|
|
|
`dest`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=dest]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `dest`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
`index`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, string)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=dest-index]
|
2019-07-18 10:43:43 -04:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`pipeline`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Optional, string)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=dest-pipeline]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
====
|
|
|
|
|
//End dest
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-07-10 17:39:38 -04:00
|
|
|
|
`frequency`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Optional, <<time-units, time units>>)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=frequency]
|
2019-07-10 04:35:23 -04:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
//Begin pivot
|
2019-07-10 17:39:38 -04:00
|
|
|
|
`pivot`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=pivot]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `pivot`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
====
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`aggregations` or `aggs`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=pivot-aggs]
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`group_by`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=pivot-group-by]
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
====
|
|
|
|
|
//End pivot
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2020-05-14 11:38:57 -04:00
|
|
|
|
//Begin settings
|
|
|
|
|
`settings`::
|
|
|
|
|
(Optional, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=transform-settings]
|
2020-05-14 11:38:57 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `settings`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
====
|
|
|
|
|
`docs_per_second`:::
|
|
|
|
|
(Optional, float)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=transform-settings-docs-per-second]
|
2020-05-14 11:38:57 -04:00
|
|
|
|
`max_page_search_size`:::
|
|
|
|
|
(Optional, integer)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=transform-settings-max-page-search-size]
|
2020-05-14 11:38:57 -04:00
|
|
|
|
====
|
|
|
|
|
//End settings
|
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
//Begin source
|
2019-07-10 17:39:38 -04:00
|
|
|
|
`source`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=source-transforms]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `source`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
====
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`index`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, string or array)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=source-index-transforms]
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`query`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Optional, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=source-query-transforms]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
====
|
|
|
|
|
//End source
|
|
|
|
|
|
|
|
|
|
//Begin sync
|
2019-07-17 11:55:06 -04:00
|
|
|
|
`sync`::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Optional, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=sync]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `sync`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
//Begin time
|
|
|
|
|
`time`:::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, object)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=sync-time]
|
2020-03-30 14:06:33 -04:00
|
|
|
|
+
|
|
|
|
|
.Properties of `time`
|
|
|
|
|
[%collapsible%open]
|
|
|
|
|
=====
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`delay`::::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Optional, <<time-units, time units>>)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=sync-time-delay]
|
2019-12-17 12:01:31 -05:00
|
|
|
|
|
2020-03-30 14:06:33 -04:00
|
|
|
|
`field`::::
|
2019-12-17 12:01:31 -05:00
|
|
|
|
(Required, string)
|
2020-06-01 16:46:15 -04:00
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=sync-time-field]
|
2019-07-17 11:55:06 -04:00
|
|
|
|
+
|
|
|
|
|
--
|
|
|
|
|
TIP: In general, it’s a good idea to use a field that contains the
|
|
|
|
|
<<accessing-ingest-metadata,ingest timestamp>>. If you use a different field,
|
|
|
|
|
you might need to set the `delay` such that it accounts for data transmission
|
|
|
|
|
delays.
|
|
|
|
|
|
|
|
|
|
--
|
2020-03-30 14:06:33 -04:00
|
|
|
|
=====
|
|
|
|
|
//End time
|
|
|
|
|
====
|
|
|
|
|
//End sync
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2020-05-11 03:21:36 -04:00
|
|
|
|
|
2019-09-20 18:57:43 -04:00
|
|
|
|
[[put-transform-example]]
|
2019-06-27 12:42:47 -04:00
|
|
|
|
==== {api-examples-title}
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-09 13:38:14 -04:00
|
|
|
|
[source,console]
|
2019-03-21 12:11:38 -04:00
|
|
|
|
--------------------------------------------------
|
2019-10-08 02:59:01 -04:00
|
|
|
|
PUT _transform/ecommerce_transform
|
2019-03-21 12:11:38 -04:00
|
|
|
|
{
|
2019-04-23 07:38:35 -04:00
|
|
|
|
"source": {
|
|
|
|
|
"index": "kibana_sample_data_ecommerce",
|
|
|
|
|
"query": {
|
|
|
|
|
"term": {
|
|
|
|
|
"geoip.continent_name": {
|
|
|
|
|
"value": "Asia"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
2019-03-21 12:11:38 -04:00
|
|
|
|
"pivot": {
|
|
|
|
|
"group_by": {
|
|
|
|
|
"customer_id": {
|
|
|
|
|
"terms": {
|
|
|
|
|
"field": "customer_id"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"aggregations": {
|
|
|
|
|
"max_price": {
|
|
|
|
|
"max": {
|
|
|
|
|
"field": "taxful_total_price"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-04-26 17:50:59 -04:00
|
|
|
|
},
|
2019-07-17 11:55:06 -04:00
|
|
|
|
"description": "Maximum priced ecommerce data by customer_id in Asia",
|
|
|
|
|
"dest": {
|
|
|
|
|
"index": "kibana_sample_data_ecommerce_transform",
|
|
|
|
|
"pipeline": "add_timestamp_pipeline"
|
|
|
|
|
},
|
|
|
|
|
"frequency": "5m",
|
|
|
|
|
"sync": {
|
|
|
|
|
"time": {
|
|
|
|
|
"field": "order_date",
|
|
|
|
|
"delay": "60s"
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-03-21 12:11:38 -04:00
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
2020-01-09 10:33:22 -05:00
|
|
|
|
// TEST[setup:kibana_sample_data_ecommerce,add_timestamp_pipeline]
|
2019-03-21 12:11:38 -04:00
|
|
|
|
|
2019-09-16 11:28:19 -04:00
|
|
|
|
When the {transform} is created, you receive the following results:
|
2019-09-06 09:22:08 -04:00
|
|
|
|
|
|
|
|
|
[source,console-result]
|
2019-03-21 12:11:38 -04:00
|
|
|
|
----
|
|
|
|
|
{
|
|
|
|
|
"acknowledged" : true
|
|
|
|
|
}
|
|
|
|
|
----
|