How to use scripts
Wherever scripting is supported in the Elasticsearch API, the syntax follows the same pattern:
"script": {
"lang": "...",
"source" | "id": "...",
"params": { ... }
}
The language the script is written in, which defaults to | |
The script itself which may be specified as | |
Any named parameters that should be passed into the script. |
For example, the following script is used in a search request to return a scripted field:
PUT my-index-000001/_doc/1
{
"my_field": 5
}
GET my-index-000001/_search
{
"script_fields": {
"my_doubled_field": {
"script": {
"lang": "expression",
"source": "doc['my_field'] * multiplier",
"params": {
"multiplier": 2
}
}
}
}
}
Script parameters
lang
Specifies the language the script is written in. Defaults to painless
.
source
, id
Specifies the source of the script. An inline
script is specified source
as in the example above. A stored
script is specified id
and is retrieved from the cluster state (see Stored Scripts).
params
Specifies any named parameters that are passed into the script as variables.
Prefer parameters
The first time Elasticsearch sees a new script, it compiles it and stores the compiled version in a cache. Compilation can be a heavy process.
If you need to pass variables into the script, you should pass them in as named params
instead of hard-coding values into the script itself. For example, if you want to be able to multiply a field value by different multipliers, don’t hard-code the multiplier into the script:
"source": "doc['my_field'] * 2"
Instead, pass it in as a named parameter:
"source": "doc['my_field'] * multiplier",
"params": {
"multiplier": 2
}
The first version has to be recompiled every time the multiplier changes. The second version is only compiled once.
If you compile too many unique scripts within a small amount of time, Elasticsearch will reject the new dynamic scripts with a circuit_breaking_exception
error. For most contexts, you can compile up to 75 scripts per 5 minutes by default. For ingest contexts, the default script compilation rate is unlimited. You can change these settings dynamically by setting script.context.$CONTEXT.max_compilations_rate
eg. script.context.field.max_compilations_rate=100/10m
.
Short script form
A short script form can be used for brevity. In the short form, script
is represented by a string instead of an object. This string contains the source of the script.
Short form:
"script": "ctx._source.my-int++"
The same script in the normal form:
"script": {
"source": "ctx._source.my-int++"
}
Stored scripts
Scripts may be stored in and retrieved from the cluster state using the _scripts
end-point.
If the Elasticsearch security features are enabled, you must have the following privileges to create, retrieve, and delete stored scripts:
- cluster:
all
ormanage
For more information, see Security privileges.
Request examples
The following are examples of using a stored script that lives at /_scripts/{id}
.
First, create the script called calculate-score
in the cluster state:
POST _scripts/calculate-score
{
"script": {
"lang": "painless",
"source": "Math.log(_score * 2) + params.my_modifier"
}
}
You may also specify a context as part of the url path to compile a stored script against that specific context in the form of /_scripts/{id}/{context}
:
POST _scripts/calculate-score/score
{
"script": {
"lang": "painless",
"source": "Math.log(_score * 2) + params.my_modifier"
}
}
This same script can be retrieved with:
GET _scripts/calculate-score
Stored scripts can be used by specifying the id
parameters as follows:
GET my-index-000001/_search
{
"query": {
"script_score": {
"query": {
"match": {
"message": "some message"
}
},
"script": {
"id": "calculate-score",
"params": {
"my_modifier": 2
}
}
}
}
}
And deleted with:
DELETE _scripts/calculate-score
Search templates
You can also use the _scripts
API to store search templates. Search templates save specific search requests with placeholder values, called template parameters.
You can use stored search templates to run searches without writing out the entire query. Just provide the stored template’s ID and the template parameters. This is useful when you want to run a commonly used query quickly and without mistakes.
Search templates use the mustache templating language. See Search Template for more information and examples.
Script caching
All scripts are cached by default so that they only need to be recompiled when updates occur. By default, scripts do not have a time-based expiration, but you can configure the size of this cache using the script.context.$CONTEXT.cache_expire
setting. By default, the cache size is 100
for all contexts except the ingest
and the processor_conditional
context, where it is 200
.
Context | Default Cache Size |
| 200 |
| 200 |
default | 100 |
The size of scripts is limited to 65,535 bytes. This can be changed by setting script.max_size_in_bytes
setting to increase that soft limit, but if scripts are really large then a native script engine should be considered.