How to use scripts

Wherever scripting is supported in the Elasticsearch API, the syntax follows the same pattern:

  1. "script": {
  2. "lang": "...",
  3. "source" | "id": "...",
  4. "params": { ... }
  5. }

The language the script is written in, which defaults to painless.

The script itself which may be specified as source for an inline script or id for a stored script.

Any named parameters that should be passed into the script.

For example, the following script is used in a search request to return a scripted field:

  1. PUT my-index-000001/_doc/1
  2. {
  3. "my_field": 5
  4. }
  5. GET my-index-000001/_search
  6. {
  7. "script_fields": {
  8. "my_doubled_field": {
  9. "script": {
  10. "lang": "expression",
  11. "source": "doc['my_field'] * multiplier",
  12. "params": {
  13. "multiplier": 2
  14. }
  15. }
  16. }
  17. }
  18. }

Script parameters

lang

Specifies the language the script is written in. Defaults to painless.

source, id

Specifies the source of the script. An inline script is specified source as in the example above. A stored script is specified id and is retrieved from the cluster state (see Stored Scripts).

params

Specifies any named parameters that are passed into the script as variables.

Prefer parameters

The first time Elasticsearch sees a new script, it compiles it and stores the compiled version in a cache. Compilation can be a heavy process.

If you need to pass variables into the script, you should pass them in as named params instead of hard-coding values into the script itself. For example, if you want to be able to multiply a field value by different multipliers, don’t hard-code the multiplier into the script:

  1. "source": "doc['my_field'] * 2"

Instead, pass it in as a named parameter:

  1. "source": "doc['my_field'] * multiplier",
  2. "params": {
  3. "multiplier": 2
  4. }

The first version has to be recompiled every time the multiplier changes. The second version is only compiled once.

If you compile too many unique scripts within a small amount of time, Elasticsearch will reject the new dynamic scripts with a circuit_breaking_exception error. For most contexts, you can compile up to 75 scripts per 5 minutes by default. For ingest contexts, the default script compilation rate is unlimited. You can change these settings dynamically by setting script.context.$CONTEXT.max_compilations_rate eg. script.context.field.max_compilations_rate=100/10m.

Short script form

A short script form can be used for brevity. In the short form, script is represented by a string instead of an object. This string contains the source of the script.

Short form:

  1. "script": "ctx._source.my-int++"

The same script in the normal form:

  1. "script": {
  2. "source": "ctx._source.my-int++"
  3. }

Stored scripts

Scripts may be stored in and retrieved from the cluster state using the _scripts end-point.

If the Elasticsearch security features are enabled, you must have the following privileges to create, retrieve, and delete stored scripts:

  • cluster: all or manage

For more information, see Security privileges.

Request examples

The following are examples of using a stored script that lives at /_scripts/{id}.

First, create the script called calculate-score in the cluster state:

  1. POST _scripts/calculate-score
  2. {
  3. "script": {
  4. "lang": "painless",
  5. "source": "Math.log(_score * 2) + params.my_modifier"
  6. }
  7. }

You may also specify a context as part of the url path to compile a stored script against that specific context in the form of /_scripts/{id}/{context}:

  1. POST _scripts/calculate-score/score
  2. {
  3. "script": {
  4. "lang": "painless",
  5. "source": "Math.log(_score * 2) + params.my_modifier"
  6. }
  7. }

This same script can be retrieved with:

  1. GET _scripts/calculate-score

Stored scripts can be used by specifying the id parameters as follows:

  1. GET my-index-000001/_search
  2. {
  3. "query": {
  4. "script_score": {
  5. "query": {
  6. "match": {
  7. "message": "some message"
  8. }
  9. },
  10. "script": {
  11. "id": "calculate-score",
  12. "params": {
  13. "my_modifier": 2
  14. }
  15. }
  16. }
  17. }
  18. }

And deleted with:

  1. DELETE _scripts/calculate-score

Search templates

You can also use the _scripts API to store search templates. Search templates save specific search requests with placeholder values, called template parameters.

You can use stored search templates to run searches without writing out the entire query. Just provide the stored template’s ID and the template parameters. This is useful when you want to run a commonly used query quickly and without mistakes.

Search templates use the mustache templating language. See Search Template for more information and examples.

Script caching

All scripts are cached by default so that they only need to be recompiled when updates occur. By default, scripts do not have a time-based expiration, but you can configure the size of this cache using the script.context.$CONTEXT.cache_expire setting. By default, the cache size is 100 for all contexts except the ingest and the processor_conditional context, where it is 200.

Context

Default Cache Size

ingest

200

processor_conditional

200

default

100

The size of scripts is limited to 65,535 bytes. This can be changed by setting script.max_size_in_bytes setting to increase that soft limit, but if scripts are really large then a native script engine should be considered.