- Elastic Cloud Serverless
- Elasticsearch
- Get started
- Connect to your endpoint
- Client libraries
- Get started with the serverless Go client
- Get started with the serverless Java client
- Get started with the serverless .NET client
- Get started with the serverless Node.js client
- Get started with the serverless PHP client
- Get started with the serverless Python client
- Get started with the serverless Ruby client
- REST APIs
- Developer tools
- Ingest your data
- Search your data
- Explore your data
- Playground
- Serverless differences
- Elasticsearch billing dimensions
- Elastic Observability
- Get started
- Observability overview
- Observability billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Send APM data to Elastic
- View and analyze traces
- APM data types
- Distributed tracing
- Reduce your data usage
- Keep APM data secure
- Troubleshooting
- Reference
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Limitations
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
Ingest data through API
editIngest data through API
editThe Elasticsearch APIs enable you to ingest data through code. You can use the APIs of one of the language clients or the Elasticsearch HTTP APIs. The examples on this page use the HTTP APIs to demonstrate how ingesting works in Elasticsearch through APIs. If you want to ingest timestamped data or have a more complex ingestion use case, check out Beats or Logstash.
Using the bulk API
editYou can index multiple JSON documents to an index and make it searchable using the bulk API.
The following example uses the bulk API to ingest book-related data into an
index called books
. The API call creates the index if it doesn’t exist already.
curl -X POST "${ES_URL}/_bulk?pretty" \ -H "Authorization: ApiKey ${API_KEY}" \ -H "Content-Type: application/json" \ -d' { "index" : { "_index" : "books" } } {"title": "Snow Crash", "author": "Neal Stephenson", "release_date": "1992-06-01", "page_count": 470} { "index" : { "_index" : "books" } } {"title": "Revelation Space", "author": "Alastair Reynolds", "release_date": "2000-03-15", "page_count": 585} { "index" : { "_index" : "books" } } {"title": "1984", "author": "George Orwell", "release_date": "1985-06-01", "page_count": 328} { "index" : { "_index" : "books" } } {"title": "Fahrenheit 451", "author": "Ray Bradbury", "release_date": "1953-10-15", "page_count": 227} { "index" : { "_index" : "books" } } {"title": "Brave New World", "author": "Aldous Huxley", "release_date": "1932-06-01", "page_count": 268} { "index" : { "_index" : "books" } } {"title": "The Blind Assassin", "author": "Margaret Atwood", "release_date": "2000-09-02", "page_count": 536} '
The API returns a response similar to this:
{ "errors": false, "took": 902, "items": [ { "index": { "_index": "books", "_id": "MCYbQooByucZ6Gimx2BL", "_version": 1, "result": "created", "_shards": { "total": 1, "successful": 1, "failed": 0 }, "_seq_no": 0, "_primary_term": 1, "status": 201 } }, ... ] }
Under the hood, the bulk request creates a data schema, called "mappings" for the books
index.
To review the mappings and ensure the JSON body matches the index mappings, navigate to Content → Index management, select the index you want to ingest the data into, and click the Mappings tab.
The API call creates an index called books
and adds six documents to it. All
those documents have the title
, author
, release_date
, and page_count
fields with associated values. This data is now searchable.
You can check if a book is in the index by calling the search API and specifying
either of the properties of the book in a match
query, for example:
curl "${ES_URL}/books/_search?pretty" \ -H "Authorization: ApiKey ${API_KEY}" \ -H "Content-Type: application/json" \ -d' { "query": { "match": { "title": "Snow Crash" } } } '
The API response contains an array of hits. Each hit represents a document that matches the query. The response contains the whole document. Only one document matches this query.
Using the index API
editUse the index API to ingest a single document to an index. Following the
previous example, a new document will be added to the books
index.
curl -X POST "${ES_URL}/books/_doc/" \ -H "Authorization: ApiKey ${API_KEY}" \ -H "Content-Type: application/json" \ -d' { "title": "Neuromancer", "author": "William Gibson", "release_date": "1984-07-01", "page_count": "271" } '
The API call indexes the new document into the books
index. Now you can search
for it!
On this page