IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get data view API Update data view API »
Elastic Docs Kibana Guide [8.6] REST API Data views API

Create data view API

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Create data view API

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create data views.

Request

edit

POST <kibana host>:<port>/api/data_views/data_view

POST <kibana host>:<port>/s/<space_id>/api/data_views/data_view

Path parameters

edit
space_id
(Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request body

edit
override
(Optional, boolean) Overrides an existing data view if a data view with the provided title already exists. The default is false.
data_view
(Required, object) The data view object. All fields are optional.

Response code

edit
200
Indicates a successful call.

Examples

edit

To explore the data in the logstash-* indices, create a data view:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
     "title": "logstash-*",
     "name": "My Logstash Data View"
  }
}

To create custom field formats, use the data_view.fieldFormats property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 2",
    "fieldFormats": {
      "event_time": {
        "id": "date_nanos"
      },
      "machine.ram": {
        "id": "number",
        "params": {
          "pattern": "0,0.[000] b"
        }
      }
    }
  }
}

To create custom labels, use the data_view.fieldAttrs property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 3",
    "fieldAttrs": {
      "utc_time": {
        "customLabel": "Time (UTC)"
      }
    }
  }
}

To create a data view with runtime fields, use the data_view.runtimeFieldMap property:

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash data view 3",
    "runtimeFieldMap": {
      "runtime_shape_name": {
        "type": "keyword",
        "script": {
          "source": "emit(doc['shape_name'].value)"
        }
      }
    }
  }
}

To create data views based on rollup indices, use the data_view.type and data_view.typeMeta properties :

$ curl -X POST api/data_views/data_view
{
  "data_view": {
    "title": "logstash-*",
    "name": "My Logstash rollup data view",
    "type": "rollup",
    "typeMeta": {
      "params": {
        "rollup_index": "rollup_logstash"
      },
      "aggs": {
        "terms": {
          "geo.dest": { "agg": "terms" },
          "extension.keyword": { "agg": "terms" },
          "geo.src": { "agg": "terms" },
          "machine.os.keyword": { "agg": "terms" }
        },
        "date_histogram": {
          "@timestamp": {
            "agg": "date_histogram",
            "fixed_interval": "20m",
            "delay": "10m",
            "time_zone": "UTC"
          }
        },
        "avg": {
          "memory": { "agg": "avg" },
          "bytes": { "agg": "avg" }
        },
        "max": { "memory": { "agg": "max" } },
        "min": { "memory": { "agg": "min" } },
        "sum": { "memory": { "agg": "sum" } },
        "value_count": { "memory": { "agg": "value_count" } },
        "histogram": {
          "machine.ram": {
            "agg": "histogram",
            "interval": 5
          }
        }
      }
    }
  }
}

The API returns the data view object:

{
    "data_view": {...}
}

Properties of the data_view object:

edit
title
(Optional, string) Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (*).
name
(Optional, string) The data view name.
id
(Optional, string) Saved object ID.
type
(Optional, string) When set to rollup, identifies the rollup data views.
typeMeta

(Optional, object) When you use rollup indices, contains the field list for the rollup data view API endpoints.

Properties of the typeMeta objects:
aggs
(Required, object) A map of rollup restrictions by aggregation type and field name.
params
(Required, object) Properties for retrieving rollup fields.
timeFieldName
(Optional, string) Timestamp field name, which you use for time-based data views.
sourceFilters
(Optional, string[]) Array of field names you want to filter out in Discover.
fieldAttrs

(Optional, object) Map of field attributes by field name.

Properties of the fieldAttrs[fieldName] objects:
customLabel
(Optional, string) Custom label for the field.
count
(Optional, number) Popularity count for the field.
runtimeFieldMap

(Optional, object) Map of runtime field definitions by field name.

Properties of the runtimeFieldMap[fieldName] objects:
type
(Required, string) Mapping type of the runtime field. For more information, check Field data types.
script.source
(Required, string) Script of the runtime field.
fieldFormats
(Optional, object) Map of field formats by field name.
allowNoIndex
(Optional, boolean) Allows the data view saved object to exist before the data is available.
namespaces
(Optional, string[]) Array of space IDs for sharing the data view between multiple spaces.
« Get data view API Update data view API »