Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: e5c510c64f
Branches Tags
elasticsearch
/
docs
/
reference
/
fleet
/
fleet-search.asciidoc

fleet-search.asciidoc 2.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. [role="xpack"]
    2. 

  2. [[fleet-search]]
    3. 

  3. === Fleet search API
    4. 

  4. ++++
    5. 

  5. <titleabbrev>Fleet search</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. The purpose of the fleet search api is to provide a search api where the search
    9. 

  9. will only be executed after provided checkpoint has been processed and is visible
    10. 

  10. for searches inside of Elasticsearch.
    11. 

  11. 

  12. NOTE: The fleet search API is designed for indirect use through fleet server. Direct use is
    13. 

  13. not supported. Elastic reserves the right to change or remove this feature in future releases
    14. 

  14. without prior notice.
    15. 

  15. 

  16. [discrete]
    17. 

  17. [[wait-for-checkpoint-functionality]]
    18. 

  18. == Wait for checkpoint functionality
    19. 

  19. 

  20. The fleet search API supports the optional parameter `wait_for_checkpoints`. This parameter
    21. 

  21. is a list of sequence number checkpoints. When this parameter is present, the search will
    22. 

  22. only be executed on local shards after the all operations up to and including the provided
    23. 

  23. sequence number checkpoint are visible for search. Indexed operations become visible after a
    24. 

  24. refresh. The checkpoints are indexed by shard.
    25. 

  25. 

  26. If a timeout occurs before the the checkpoint has been refreshed into Elasticsearch,
    27. 

  27. the search request will timeout.
    28. 

  28. 

  29. The fleet search API only supports searches against a single target. If an index alias
    30. 

  30. is supplied as the search target, it must resolve to a single concrete index.
    31. 

  31. 

  32. [discrete]
    33. 

  33. [[fleet-search-partial-responses]]
    34. 

  34. == Allow partial results
    35. 

  35. 

  36. By default, the Elasticsearch search api will allow <<search-partial-responses,partial search results>>.
    37. 

  37. With this fleet API, it is common to configure this to be `false` or to check in the response
    38. 

  38. to ensure each shard search was successful. If these precautions are not taken, it is
    39. 

  39. possible for search results to be successfully returned even if one or more shards
    40. 

  40. timed out.
    41. 

  41. 

  42. [[fleet-search-api-request]]
    43. 

  43. ==== {api-request-title}
    44. 

  44. 

  45. `GET /<target>/_fleet/_search`
    46. 

  46. 

  47. [[fleet-search-api-path-params]]
    48. 

  48. ==== {api-path-parms-title}
    49. 

  49. 

  50. `<target>`::
    51. 

  51. (Required, string)
    52. 

  52. A single target to search. If the target is an index alias, it must resolve to a single index.
    53. 

  53. 

  54. [role="child_attributes"]
    55. 

  55. [[fleet-search-api-query-parms]]
    56. 

  56. ==== {api-query-parms-title}
    57. 

  57. 

  58. `wait_for_checkpoints`::
    59. 

  59. (Optional, list) A comma separated list of checkpoints. When configured, the search API will
    60. 

  60. only be executed on a shard after the relevant checkpoint has become visible for search.
    61. 

  61. Defaults to an empty list which will cause Elasticsearch to immediately execute the search.
    62. 

  62. 

  63. `allow_partial_search_results`::
    64. 

  64. (Optional, Boolean)
    65. 

  65. If `true`, returns partial results if there are shard request timeouts or
    66. 

  66. <<shard-failures,shard failures>>. If `false`, returns an error with
    67. 

  67. no partial results. Defaults to the configured cluster setting `search.default_allow_partial_results` which
    68. 

  68. is `true` by default.
    69.