Get rollup index capabilities API

This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.

This API returns the rollup capabilities of all jobs inside of a rollup index (e.g. the index where rollup data is stored). A single rollup index may store the data for multiple rollup jobs, and may have a variety of capabilities depending on those jobs.

This API will allow you to determine:

  1. What jobs are stored in an index (or indices specified via a pattern)?
  2. What target indices were rolled up, what fields were used in those rollups and what aggregations can be performed on each job?

Request

GET {index}/_rollup/data

Path Parameters

index
(string) Index or index-pattern of concrete rollup indices to check for capabilities.

Request Body

There is no request body for the Get Jobs API.

Authorization

You must have the read index privilege on the index that stores the rollup results. For more information, see Security privileges.

Examples

Imagine we have an index named sensor-1 full of raw data. We know that the data will grow over time, so there will be a sensor-2, sensor-3, etc. Let’s create a Rollup job, which stores it’s data in sensor_rollup:

PUT _rollup/job/sensor
{
    "index_pattern": "sensor-*",
    "rollup_index": "sensor_rollup",
    "cron": "*/30 * * * * ?",
    "page_size" :1000,
    "groups" : {
      "date_histogram": {
        "field": "timestamp",
        "interval": "1h",
        "delay": "7d"
      },
      "terms": {
        "fields": ["node"]
      }
    },
    "metrics": [
        {
            "field": "temperature",
            "metrics": ["min", "max", "sum"]
        },
        {
            "field": "voltage",
            "metrics": ["avg"]
        }
    ]
}

If at a later date, we’d like to determine what jobs and capabilities were stored in the sensor_rollup index, we can use the Get Rollup Index API:

GET /sensor_rollup/_rollup/data

Note how we are requesting the concrete rollup index name (sensor_rollup) as the first part of the URL. This will yield the following response:

{
  "sensor_rollup" : {
    "rollup_jobs" : [
      {
        "job_id" : "sensor",
        "rollup_index" : "sensor_rollup",
        "index_pattern" : "sensor-*",
        "fields" : {
          "node" : [
            {
              "agg" : "terms"
            }
          ],
          "temperature" : [
            {
              "agg" : "min"
            },
            {
              "agg" : "max"
            },
            {
              "agg" : "sum"
            }
          ],
          "timestamp" : [
            {
              "agg" : "date_histogram",
              "time_zone" : "UTC",
              "interval" : "1h",
              "delay": "7d"
            }
          ],
          "voltage" : [
            {
              "agg" : "avg"
            }
          ]
        }
      }
    ]
  }
}

The response that is returned contains information that is similar to the original Rollup configuration, but formatted differently. First, there are some house-keeping details: the Rollup job’s ID, the index that holds the rolled data, the index pattern that the job was targeting.

Next it shows a list of fields that contain data eligible for rollup searches. Here we see four fields: node, temperature, timestamp and voltage. Each of these fields list the aggregations that are possible. For example, you can use a min, max or sum aggregation on the temperature field, but only a date_histogram on timestamp.

Note that the rollup_jobs element is an array; there can be multiple, independent jobs configured for a single index or index pattern. Each of these jobs may have different configurations, so the API returns a list of all the various configurations available.

Like other APIs that interact with indices, you can specify index patterns instead of explicit indices:

GET /*_rollup/_rollup/data