Search rolled-up data Deprecated Technical preview; Added in 6.3.0
All methods and paths for this operation:
The rollup search endpoint is needed because, internally, rolled-up documents utilize a different document structure than the original data. It rewrites standard Query DSL into a format that matches the rollup documents then takes the response and rewrites it back to what a client would expect given the original query.
The request body supports a subset of features from the regular search API. The following functionality is not available:
size: Because rollups work on pre-aggregated data, no search hits can be returned and so size must be set to zero or omitted entirely. highlighter, suggestors, post_filter, profile, explain: These are similarly disallowed.
For more detailed examples of using the rollup search API, including querying rolled-up data only or combining rolled-up and live data, refer to the External documentation.
Path parameters
-
A comma-separated list of data streams and indices used to limit the request. This parameter has the following rules:
- At least one data stream, index, or wildcard expression must be specified. This target can include a rollup or non-rollup index. For data streams, the stream's backing indices can only serve as non-rollup indices. Omitting the parameter or using
_allare not permitted. - Multiple non-rollup indices may be specified.
- Only one rollup index may be specified. If more than one are supplied, an exception occurs.
- Wildcard expressions (
*) may be used. If they match more than one rollup index, an exception occurs. However, you can use an expression to match multiple non-rollup indices or data streams.
- At least one data stream, index, or wildcard expression must be specified. This target can include a rollup or non-rollup index. For data streams, the stream's backing indices can only serve as non-rollup indices. Omitting the parameter or using
Query parameters
-
Indicates whether hits.total should be rendered as an integer or an object in the rest search response
-
Specify whether aggregation and suggester names should be prefixed by their respective types in the response
Body Required
-
Specifies aggregations.
External documentation -
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
External documentation -
Must be zero if set, as rollups work on pre-aggregated data.
GET /sensor_rollup/_rollup_search { "size": 0, "aggregations": { "max_temperature": { "max": { "field": "temperature" } } } }resp = client.rollup.rollup_search( index="sensor_rollup", size=0, aggregations={ "max_temperature": { "max": { "field": "temperature" } } }, )const response = await client.rollup.rollupSearch({ index: "sensor_rollup", size: 0, aggregations: { max_temperature: { max: { field: "temperature", }, }, }, });response = client.rollup.rollup_search( index: "sensor_rollup", body: { "size": 0, "aggregations": { "max_temperature": { "max": { "field": "temperature" } } } } )$resp = $client->rollup()->rollupSearch([ "index" => "sensor_rollup", "body" => [ "size" => 0, "aggregations" => [ "max_temperature" => [ "max" => [ "field" => "temperature", ], ], ], ], ]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"size":0,"aggregations":{"max_temperature":{"max":{"field":"temperature"}}}}' "$ELASTICSEARCH_URL/sensor_rollup/_rollup_search"client.rollup().rollupSearch(r -> r .aggregations("max_temperature", a -> a .max(m -> m .field("temperature") ) ) .index("sensor_rollup") .size(0) ); { "size": 0, "aggregations": { "max_temperature": { "max": { "field": "temperature" } } } }{ "took" : 102, "timed_out" : false, "terminated_early" : false, "_shards" : {} , "hits" : { "total" : { "value": 0, "relation": "eq" }, "max_score" : 0.0, "hits" : [ ] }, "aggregations" : { "max_temperature" : { "value" : 202.0 } } }