OpenSearch/docs/reference/data-frames/apis/put-transform.asciidoc

123 lines
3.5 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[testenv="basic"]
[[put-data-frame-transform]]
=== Create {dataframe-transforms} API
[subs="attributes"]
++++
<titleabbrev>Create {dataframe-transforms}</titleabbrev>
++++
Instantiates a {dataframe-transform}.
beta[]
[[put-data-frame-transform-request]]
==== {api-request-title}
`PUT _data_frame/transforms/<data_frame_transform_id>`
[[put-data-frame-transform-prereqs]]
==== {api-prereq-title}
* If the {es} {security-features} are enabled, you must have
`manage_data_frame_transforms` cluster privileges to use this API. The built-in
`data_frame_transforms_admin` role has these privileges. You must also
have `read` and `view_index_metadata` privileges on the source index and `read`,
`create_index`, and `index` privileges on the destination index. For more
information, see {stack-ov}/security-privileges.html[Security privileges] and
{stack-ov}/built-in-roles.html[Built-in roles].
[[put-data-frame-transform-desc]]
==== {api-description-title}
IMPORTANT: You must use {kib} or this API to create a {dataframe-transform}.
Do not put a {dataframe-transform} directly into any
`.data-frame-internal*` indices using the Elasticsearch index API.
If {es} {security-features} are enabled, do not give users any
privileges on `.data-frame-internal*` indices.
[[put-data-frame-transform-path-parms]]
==== {api-path-parms-title}
`<data_frame_transform_id>`::
(Required, string) Identifier for the {dataframe-transform}. This identifier
can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and
underscores. It must start and end with alphanumeric characters.
[[put-data-frame-transform-request-body]]
==== {api-request-body-title}
`description`::
(Optional, string) Free text description of the {dataframe-transform}.
`dest`::
(Required, object) Required. The destination configuration, which consists of `index`
and optionally a `pipeline` id. See <<data-frame-transform-dest>>.
`frequency`::
(Optional, time units) The interval between checks for changes in the source indices
when the {dataframe-transform} is running continuously. Defaults to `1m`.
The lowest permitted value is `1s`; the highest `1h`.
`pivot`::
(Required, object) Defines the pivot function `group by` fields and the aggregation to
reduce the data. See <<data-frame-transform-pivot>>.
`source`::
(Required, object) The source configuration, which consists of `index` and
optionally a `query`. See <<data-frame-transform-source>>.
[[put-data-frame-transform-example]]
==== {api-examples-title}
[source,js]
--------------------------------------------------
PUT _data_frame/transforms/ecommerce_transform
{
"source": {
"index": "kibana_sample_data_ecommerce",
"query": {
"term": {
"geoip.continent_name": {
"value": "Asia"
}
}
}
},
"dest": {
"index": "kibana_sample_data_ecommerce_transform",
"pipeline": "add_timestamp_pipeline"
},
"frequency": "5m",
"pivot": {
"group_by": {
"customer_id": {
"terms": {
"field": "customer_id"
}
}
},
"aggregations": {
"max_price": {
"max": {
"field": "taxful_total_price"
}
}
}
},
"description": "Maximum priced ecommerce data by customer_id in Asia"
}
--------------------------------------------------
// CONSOLE
// TEST[skip: https://github.com/elastic/elasticsearch/issues/43271]
When the transform is created, you receive the following results:
[source,js]
----
{
"acknowledged" : true
}
----
// TESTRESPONSE