Creates an enrich policy.
PUT /_enrich/policy/my-policy
{
"match": {
"indices": "users",
"match_field": "email",
"enrich_fields": ["first_name", "last_name", "city", "zip", "state"]
}
}
If you use Elasticsearch security features, you must have:
-
readindex privileges for any indices used -
The
enrich_userbuilt-in role
Use the create enrich policy API to create a enrich policy.
Once created, you can’t update or change an enrich policy. Instead, you can:
- Create and execute a new enrich policy.
- Replace the previous enrich policy with the new enrich policy in any in-use enrich processors.
- Use the delete enrich policy API to delete the previous enrich policy.
-
<policy-type> -
(Required, object) Configures the enrich policy. The field key is the enrich policy type. Valid key values are:
-
geo_match -
Matches enrich data to incoming documents based on a
geo_shapequery. For an example, see Example: Enrich your data based on geolocation. -
match -
Matches enrich data to incoming documents based on a
termquery. For an example, see Example: Enrich your data based on exact values. -
range -
Matches a number, date, or IP address in incoming documents to a range in the
enrich index based on a
termquery. For an example, see Example: Enrich your data by matching a value to a range.
Properties of
<policy-type>-
indices -
(Required, String or array of strings) One or more source indices used to create the enrich index.
If multiple indices are specified, they must share a common
match_field. -
match_field - (Required, string) Field in source indices used to match incoming documents.
-
enrich_fields - (Required, Array of strings) Fields to add to matching incoming documents. These fields must be present in the source indices.
-
query -
(Optional, Query DSL query object)
Query used to filter documents in the enrich index. The policy only uses
documents matching this query to enrich incoming documents. Defaults to a
match_allquery.
-