Elasticsearch runtime fields

Save mountains of time with runtime fields

Bring data into Elasticsearch in a fast and flexible way — and easily adapt to change — with runtime fields, Elastic’s implementation of schema on read. Only Elastic delivers both the blazing fast speed of schema on write and the extreme utility of schema on read.

Get started

Runtime fields documentation

videoImage

Try runtime fields with a free Elastic Cloud trial.

Sign up

Dive into runtime fields documentation.

Read docs

Learn more about runtime fields.

Read blog

Schema on write, meet schema on read

  • Speed

    Elasticsearch is fast — really fast. With schema on write, fields are defined and indexed at ingest, and well-planned schemas give you faster queries. That’s why schema on write is still the default in Elasticsearch for indexing and searching data.

  • Flexibility

    Spend less time setting up the index and more time searching with runtime fields. With schema on read, you can easily onboard and search data without any upfront planning. You can also quickly address changes in your data without having to start over.

  • Happy together

    Only Elastic lets you use both schema on write for performance and schema on read for flexibility to the same data — all in a single stack.

Get the most elasticity out of your data

With runtime fields, you can start ingesting data right away. Here’s how it all works.

Get a jump start on your data

When you ingest new data, you might not know how it’ll be searched yet. And that’s okay. With runtime fields, you can skip defining fields in advance to save time and create fields on the fly. Plus, you can always apply any of your runtime fields to the next index as indexed fields for faster searches.

Illustration

Help your data go with the flow

Just when your cluster has been quietly humming in the background, a log message changes and breaks your index mapping. With runtime fields, you don’t have to start over. You can keep the fields that still apply while dynamically creating new fields for the changes in your data.

Illustration

Give fields a fresh coat of paint

With runtime fields, you can also define new ways of analyzing data that’s already been indexed. Create a new runtime field using any combination of existing fields to be used in a query or visualization. These changes can apply only to you, allowing you to explore data without impacting others’ work.

Illustration

Reduce downtime and avoid outages

We’ve all made mistakes. Before runtime fields, you’d have to correct the index mapping and _reindex the data, prolonging the outage. Now you can shadow the incorrect field with a runtime field to immediately fix the error without a _reindex. This lets you be more agile and slashes QA time, which can reduce costs.

Illustration

Get a look under the hood

Runtime fields allow you to be nimble so you can quickly react to changes in the data you are indexing. Feel free to follow along using Kibana Dev Tools to see how easy it is to dynamically create a runtime field. We’ve added a comment explaining details for each step. 

#In this index template, we've defined two fields, 
#timestamp and response_code, which will be created 
#when we ingest the data. We've also defined a 
#dynamic runtime field mapping. Any other fields 
#will be runtime fields.
PUT _index_template/my_dynamic_index
{
  "index_patterns": [
    "my_dynamic_index-*"
    ],
    "template": {
      "mappings":{
        "dynamic": "runtime",
      "properties": {
        "timestamp": {
          "type": "date",
          "format": "yyyy-MM-dd"
        },
        "response_code": {
          "type": "integer"
        }
      }
      }
    }
}

Resources galore

Low on time? We got you. Check out these short videos to learn more about what you can do with runtime fields.

  • How to dynamically create runtime fields

    How to dynamically create runtime fields

    In this 7-minute demo, learn how to create runtime fields using dynamic mappings.

    Watch the video
  • How to fix errors without reindexing

    How to fix errors without reindexing

    In this 8-minute demo, learn how to fix errors in indexed data by shadowing them with runtime fields.

    Watch the video
  • How to define a runtime day of week

    How to define a runtime day of week

    In this 9-minute demo, learn how to create a runtime field that calculates the day of week and use it in Kibana.

    Watch the video
  • How to create an ephemeral runtime field

    How to create an ephemeral runtime field

    In this 7-minute demo, learn how to create a runtime field that only exists within the context of a query.

    Watch the video

Find your balance of speed and flexibility

Take runtime fields for a spin with a free 14-day trial of Elastic Cloud. And if you have questions, visit the runtime fields documentation or the Elasticsearch searchable snapshot forum.

Get started