Module: Elasticsearch::API::Fleet::Actions

Defined in:

lib/elasticsearch/api/actions/fleet/search.rb,
lib/elasticsearch/api/actions/fleet/msearch.rb,
lib/elasticsearch/api/actions/fleet/global_checkpoints.rb

Instance Method Summary

• #global_checkpoints(arguments = {}) ⇒ Object

  Get global checkpoints.

• #msearch(arguments = {}) ⇒ Object

  Run multiple Fleet searches.

• #search(arguments = {}) ⇒ Object

  Run a Fleet search.

Instance Method Details

#global_checkpoints(arguments = {}) ⇒ Object

Get global checkpoints. Get the current global checkpoints for an index. This API is designed for internal use by the Fleet server project.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (Indexname, Indexalias) —

  A single index or index alias that resolves to a single index. (Required)

• :wait_for_advance (Boolean) —

  A boolean value which controls whether to wait (until the timeout) for the global checkpoints to advance past the provided checkpoints.

• :wait_for_index (Boolean) —

  A boolean value which controls whether to wait (until the timeout) for the target index to exist and all primary shards be active. Can only be true when wait_for_advance is true.

• :checkpoints (Array<Integer>) —

  A comma separated list of previous global checkpoints. When used in combination with wait_for_advance, the API will only return once the global checkpoints advances past the checkpoints. Providing an empty list will cause Elasticsearch to immediately return the current global checkpoints. Server default: [].

• :timeout (Time) —

  Period to wait for a global checkpoints to advance past checkpoints. Server default: 30s.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/group/endpoint-fleet

# File 'lib/elasticsearch/api/actions/fleet/global_checkpoints.rb', line 42

def global_checkpoints(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'fleet.global_checkpoints' }

  defined_params = [:index].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_GET
  path   = "#{Utils.listify(_index)}/_fleet/global_checkpoints"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#msearch(arguments = {}) ⇒ Object

Run multiple Fleet searches. Run several Fleet searches with a single API request. The API follows the same structure as the multi search API. However, similar to the Fleet search API, it supports the wait_for_checkpoints parameter. This functionality is Experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (Indexname, Indexalias) —

  A single target to search. If the target is an index alias, it must resolve to a single index.

• :allow_no_indices (Boolean) —

  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

• :ccs_minimize_roundtrips (Boolean) —

  If true, network roundtrips between the coordinating node and remote clusters are minimized for cross-cluster search requests. Server default: true.

• :expand_wildcards (String, Array<String>) —

  Type of index that wildcard expressions can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.

• :ignore_throttled (Boolean) —

  If true, concrete, expanded or aliased indices are ignored when frozen.

• :ignore_unavailable (Boolean) —

  If true, missing or closed indices are not included in the response.

• :max_concurrent_searches (Integer) —

  Maximum number of concurrent searches the multi search API can execute.

• :max_concurrent_shard_requests (Integer) —

  Maximum number of concurrent shard requests that each sub-search request executes per node. Server default: 5.

• :pre_filter_shard_size (Integer) —

  Defines a threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method i.e., if date filters are mandatory to match but the shard bounds and the query are disjoint.

• :search_type (String) —

  Indicates whether global term and document frequencies should be used when scoring returned documents.

• :rest_total_hits_as_int (Boolean) —

  If true, hits.total are returned as an integer in the response. Defaults to false, which returns an object.

• :typed_keys (Boolean) —

  Specifies whether aggregation and suggester names should be prefixed by their respective types in the response.

• :wait_for_checkpoints (Array<Integer>) —

  A comma separated list of checkpoints. When configured, the search API will only be executed on a shard after the relevant checkpoint has become visible for search. Defaults to an empty list which will cause Elasticsearch to immediately execute the search. Server default: [].

• :allow_partial_search_results (Boolean) —

  If true, returns partial results if there are shard request timeouts or shard failures. If false, returns an error with no partial results. Defaults to the configured cluster setting search.default_allow_partial_results, which is true by default.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  searches

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-fleet-msearch

# File 'lib/elasticsearch/api/actions/fleet/msearch.rb', line 57

def msearch(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'fleet.msearch' }

  defined_params = [:index].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_POST
  path   = if _index
             "#{Utils.listify(_index)}/_fleet/_fleet_msearch"
           else
             '_fleet/_fleet_msearch'
           end
  params = Utils.process_params(arguments)

  if body.is_a?(Array) && body.any? { |d| d.key? :search }
    payload = body.each_with_object([]) do |item, sum|
      meta = item
      data = meta.delete(:search)

      sum << meta
      sum << data
    end.map { |item| Elasticsearch::API.serializer.dump(item) }
    payload << '' unless payload.empty?
    payload = payload.join("\n")
  elsif body.is_a?(Array)
    payload = body.map { |d| d.is_a?(String) ? d : Elasticsearch::API.serializer.dump(d) }
    payload << '' unless payload.empty?
    payload = payload.join("\n")
  else
    payload = body
  end

  headers.merge!({
                   'Content-Type' => 'application/vnd.elasticsearch+x-ndjson; compatible-with=9'
                 })
  Elasticsearch::API::Response.new(
    perform_request(method, path, params, payload, headers, request_opts)
  )
end

#search(arguments = {}) ⇒ Object

Run a Fleet search. The purpose of the Fleet search API is to provide an API where the search will be run only after the provided checkpoint has been processed and is visible for searches inside of Elasticsearch. This functionality is Experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (Indexname, Indexalias) —

  A single target to search. If the target is an index alias, it must resolve to a single index. (Required)

• :allow_no_indices (Boolean) —

  TODO

• :analyzer (String) —

  TODO

• :analyze_wildcard (Boolean) —

  TODO

• :batched_reduce_size (Integer) —

  TODO

• :ccs_minimize_roundtrips (Boolean) —

  TODO

• :default_operator (String) —

  TODO

• :df (String) —

  TODO

• :docvalue_fields (String, Array<String>) —

  TODO

• :expand_wildcards (String, Array<String>) —

  TODO

• :explain (Boolean) —

  TODO

• :ignore_throttled (Boolean) —

  TODO

• :ignore_unavailable (Boolean) —

  TODO

• :lenient (Boolean) —

  TODO

• :max_concurrent_shard_requests (Integer) —

  TODO

• :preference (String) —

  TODO

• :pre_filter_shard_size (Integer) —

  TODO

• :request_cache (Boolean) —

  TODO

• :routing (String) —

  TODO

• :scroll (Time) —

  TODO

• :search_type (String) —

  TODO

• :stats (Array<String>) —

  TODO

• :stored_fields (String, Array<String>) —

  TODO

• :suggest_field (String) —

  Specifies which field to use for suggestions.

• :suggest_mode (String) —

  TODO

• :suggest_size (Integer) —

  TODO

• :suggest_text (String) —

  The source text for which the suggestions should be returned.

• :terminate_after (Integer) —

  TODO

• :timeout (Time) —

  TODO

• :track_total_hits (Boolean, Integer) —

  TODO

• :track_scores (Boolean) —

  TODO

• :typed_keys (Boolean) —

  TODO

• :rest_total_hits_as_int (Boolean) —

  TODO

• :version (Boolean) —

  TODO

• :_source (Boolean, String, Array<String>) —

  TODO

• :_source_excludes (String, Array<String>) —

  TODO

• :_source_includes (String, Array<String>) —

  TODO

• :seq_no_primary_term (Boolean) —

  TODO

• :q (String) —

  TODO

• :size (Integer) —

  TODO

• :from (Integer) —

  TODO

• :sort (String) —

  TODO

• :wait_for_checkpoints (Array<Integer>) —

  A comma separated list of checkpoints. When configured, the search API will only be executed on a shard after the relevant checkpoint has become visible for search. Defaults to an empty list which will cause Elasticsearch to immediately execute the search. Server default: [].

• :allow_partial_search_results (Boolean) —

  If true, returns partial results if there are shard request timeouts or shard failures. If false, returns an error with no partial results. Defaults to the configured cluster setting search.default_allow_partial_results, which is true by default.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  request body

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-fleet-search

# File 'lib/elasticsearch/api/actions/fleet/search.rb', line 86

def search(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'fleet.search' }

  defined_params = [:index].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = if body
             Elasticsearch::API::HTTP_POST
           else
             Elasticsearch::API::HTTP_GET
           end

  path   = "#{Utils.listify(_index)}/_fleet/_fleet_search"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end