Elasticsearch REST API
Elasticsearch is a distributed search and analytics engine built on Apache Lucene. Its REST API exposes comprehensive document indexing, full-text search with relevance scoring, structured field filtering, faceted aggregations, and (as of 8.x) native kNN vector search for semantic similarity. Agents can index arbitrary JSON documents, run complex boolean query DSL, execute multi-field aggregations, and perform hybrid dense+sparse retrieval — all over plain HTTPS with no special driver required.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Elasticsearch 8.x enables TLS and auth by default for self-hosted — a major improvement over 7.x where security was disabled by default (many historical data breaches resulted from this). API keys support index-pattern and operation-level scoping (read, write, manage, monitor) which is well-suited for least-privilege agent access. Field-level security and document-level security available on paid tiers. JVM memory and OS-level vulnerabilities are the primary attack surface for self-hosted. Elastic Cloud enforces TLS, manages certificates, and provides IP filtering. API keys cannot be retrieved after creation — if lost, rotate immediately.
⚡ Reliability
Best When
An agent needs production-grade full-text search with relevance tuning, complex aggregations, or hybrid dense+sparse vector retrieval over a large document corpus, especially when integrating with the existing Elastic Stack (Kibana, Logstash, Beats).
Avoid When
You only need approximate nearest neighbor search over embeddings — a purpose-built vector database like Qdrant will have lower operational overhead. Or if you need ACID transactions.
Use Cases
- • Full-text search with relevance ranking over agent-ingested document corpora (BM25 + custom scoring)
- • Hybrid RAG retrieval combining kNN vector similarity with BM25 keyword scoring via RRF (Reciprocal Rank Fusion)
- • Fuzzy and phonetic search for entity resolution (matching 'Johnsen' to 'Johnson' in knowledge bases)
- • Log and event analytics: ingest agent activity logs and run aggregations to detect patterns or anomalies
- • Aggregation pipelines: cardinality, percentiles, date histograms, nested facets over millions of documents
- • Autocomplete and prefix search via edge-ngram analyzers for agent-powered search UX
- • Percolator queries: register agent queries that trigger when new documents match them (reverse search)
Not For
- • Primary transactional data store — Elasticsearch is eventually consistent and not ACID compliant
- • Agents needing guaranteed document durability without a separate primary store
- • Simple key-value or low-cardinality lookups where the indexing overhead is unnecessary
- • Workloads where Elasticsearch operational complexity (cluster management, shard tuning, mapping migrations) outweighs benefits
Interface
Authentication
Self-hosted Elasticsearch (8.x+): security is enabled by default with TLS and built-in users. API keys are the recommended approach for agents — created via the /_security/api_key endpoint, they can be scoped to specific index patterns and operations (indices privileges: read, write, manage, etc.). Elastic Cloud: API keys created in the console or via API. Basic auth with elastic superuser works but violates least-privilege. Legacy Elasticsearch 6.x/7.x had security disabled by default — a critical operational difference for self-hosted deployments. API keys encode permissions at creation time and cannot be modified after creation (must rotate).
Pricing
Self-hosted is free but operationally complex. Elastic Cloud simplifies management but costs accumulate quickly with data volume and query load. OpenSearch is a free open-source fork with compatible APIs if licensing is a concern.
Agent Metadata
Known Gotchas
- ⚠ Dynamic mapping silently infers field types from the first document indexed — if an agent indexes doc1 with 'price': '10.99' (string) and then doc2 with 'price': 10.99 (number), doc2 indexing fails with a mapping conflict; always define explicit index mappings before ingesting heterogeneous agent-generated data
- ⚠ Bulk API and multi-search API return HTTP 200 even when individual items fail — agents must inspect the 'errors' boolean and iterate the 'items' array to detect per-document failures, not just check the HTTP status code
- ⚠ kNN vector search requires the field to be indexed as 'dense_vector' with 'index: true' at mapping time — adding vectors to an existing text-only index requires a reindex operation, not just a mapping update
- ⚠ The default search result limit is 10 documents — agents that don't explicitly set 'size' in the query body will silently miss results for any result set larger than 10
- ⚠ Index templates and component templates control mapping/settings for new indices — agents that create indices without a template may get unexpected analyzer, shard, or replica configurations that differ from production expectations
- ⚠ Search-After pagination (cursor-based) requires a 'sort' clause with at least one tiebreaker field (usually '_id') — agents using 'from+size' pagination beyond 10,000 documents will hit the 'index.max_result_window' limit and receive an error
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Elasticsearch REST API.
Scores are editorial opinions as of 2026-03-06.