API Conventions in Elasticsearch

One of the most wonderful things about Elasticsearch is its substantial and extensive REST API which can help you to manage, integrate and query the registered data in numerous different ways. API Conventions in Elasticsearch helps to create applications by retrieving data and other functionalities. JSON obtains REST API provided by Elasticsearch over HTTP.

What is API?

API or Application Programming Interface in the web is a collection of capacity calls or function calls and other programming specifications to get in access with the software component in that distinct web application.

API Conventions and Elasticsearch:

The conventions used by Elasticsearch are discussed below:

  • Multiple Indices
    Maximum operations, including searching in APIs are for single as well as numerous indices. Thus, the user can search in various places by carrying out a query just once. A vast number of notations are used to carry out operations in case of multiple indices. These are discussed below. The following URL query string parameters are supported by almost all various indices APIs:

    expand_wildcards (Optional, string) Controls what kind of indices that wildcard expressions can expand to. Valid values are:

    Expand to open and closed indices.

    Expand only to open indices.

    Expand only to closed indices.

    Wildcard expressions are not accepted.

    (Optional, boolean) If true, missing or closed indices are not included in the response. Defaults to false.

    (Optional, boolean) If true, the request does not return an error if a wildcard expression or _all value retrieves only missing or closed indices.
  • Date math support in index names
    Indices can be searched according to data and time with the help of functionality offered by Elasticsearch development. The format of time and information needs to be specified.

    A date math index name takes the following form:

< static_name{date_math_expr{date_format|time_zone}} >


# GET /< logstash-{now/d}>/_search

curl -X GET "localhost:9200/%3Clogstash-%7Bnow%2Fd%7D%3E/_search?pretty" -H 'Content-Type: application/json' -d'


"query" : {

"match": {

"test": "data"





Common options

The options that can be applied to all the REST APIs comes under standard options. Some examples of these are given below:

  • Pretty results
    When affixing ?pretty=true to any kind of request made, the JSON sent back will be pretty formatted. You can also set ?format=yaml and the result will be sent back in a more understandable YAML format.
  • Human readable output
    Statistics are collected in a format acceptable for humans (e.g. "exists_time": "1h" or "size": "1kb") and for computers (e.g. "exists_time_in_millis": 3600000 or "size_in_bytes": 1024). The human readable values can be switched off by the addition of ?human=false in the query string.
  • Date Math
    Date maths is understandable by almost all parameters which receive a formatted date value – such as gt, lt, in range queries, or from and to in date range aggregations.

URL-based access control

Almost every user use proxy having URL-based access control in order to secure access to Elasticsearch indices. For multi-get, multi-search, and bulk requests, the user has the option of stating an index in the URL. This makes URL-based access control challenging enough.

To avert the user from overriding the index specified in the URL, you can add the given setting to the Elasticsearch.yml file:

rest.action.multi.allow_explicit_index: false