Bird
Raised Fist0
Elasticsearchquery~5 mins

Point-in-time API in Elasticsearch

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

The Point-in-time (PIT) API helps you get a stable view of your data at a specific moment. This means your search results won't change even if the data updates while you work.

When you want to page through search results without missing or repeating items.
When your data changes often but you need consistent search results.
When you want to avoid performance issues caused by deep pagination.
When you want to keep a snapshot of your data for a short time during complex queries.
Syntax
Elasticsearch
POST /_search
{
  "pit": {
    "id": "<pit-id>",
    "keep_alive": "1m"
  },
  "query": {
    "match_all": {}
  }
}

You first create a PIT by sending a search request with "pit": {"keep_alive": "1m"}.

Use the returned pit_id in subsequent searches to keep the view consistent.

Examples
Create a PIT for 1 minute and get the first 2 results.
Elasticsearch
POST /my-index/_search
{
  "pit": {
    "keep_alive": "1m"
  },
  "query": {
    "match_all": {}
  },
  "size": 2
}
Use an existing PIT ID to continue searching with the same snapshot.
Elasticsearch
POST /_search
{
  "pit": {
    "id": "46ToAwMDaWFiYzEyMzQ1Ng==",
    "keep_alive": "1m"
  },
  "query": {
    "match": {"field": "value"}
  },
  "size": 2
}
Sample Program

This example shows how to create a PIT and then use its ID to get the next page of results. The keep_alive keeps the PIT valid for 1 minute.

Elasticsearch
POST /my-index/_search
{
  "pit": {
    "keep_alive": "1m"
  },
  "query": {
    "match_all": {}
  },
  "size": 2
}

# Response example (simplified):
# {
#   "pit_id": "46ToAwMDaWFiYzEyMzQ1Ng==",
#   "hits": {
#     "hits": [ ... ]
#   }
# }

# Next search using PIT ID:
POST /_search
{
  "pit": {
    "id": "46ToAwMDaWFiYzEyMzQ1Ng==",
    "keep_alive": "1m"
  },
  "query": {
    "match_all": {}
  },
  "size": 2
}
OutputSuccess
Important Notes

Always set keep_alive to control how long the PIT stays open.

Remember to close PITs if you no longer need them to free resources.

PITs help avoid inconsistent results during pagination caused by data changes.

Summary

The Point-in-time API gives a stable snapshot of your data for consistent searches.

Use PIT IDs to page through results without missing or repeating items.

Set keep_alive to keep the PIT active for a limited time.

Practice

(1/5)
1.

What is the main purpose of the Point-in-time (PIT) API in Elasticsearch?

easy
A. To provide a consistent snapshot of data for searches
B. To delete old indices automatically
C. To update documents in bulk
D. To monitor cluster health status

Solution

  1. Step 1: Identify PIT API's main purpose

    The PIT API creates a stable snapshot of the data at a point in time for consistent searches even if data changes; deleting indices (A), bulk updates (C), and monitoring health (D) are unrelated.

  2. Final Answer:

    To provide a consistent snapshot of data for searches -> Option A

  3. Quick Check:

    PIT API = consistent snapshot [OK]
Hint: PIT API = stable snapshot for consistent search results [OK]
Common Mistakes:
  • Confusing PIT with index deletion
  • Thinking PIT updates documents
  • Assuming PIT monitors cluster health
2.

Which of the following is the correct way to open a point-in-time in Elasticsearch using the REST API?

{
  "keep_alive": "1m"
}
easy
A. POST /_search/point_in_time/create { "keep_alive": "1m" }
B. POST /_search/point_in_time/open { "keep_alive": "1m" }
C. POST /_search/point_in_time/_open { "keep_alive": "1m" }
D. POST /_search/point_in_time { "keep_alive": "1m" }

Solution

  1. Step 1: Identify correct PIT open endpoint

    POST /_search/point_in_time/_open with keep_alive "1m" is correct; /open, /create, or missing _open are invalid.

  2. Final Answer:

    POST /_search/point_in_time/_open { "keep_alive": "1m" } -> Option C

  3. Quick Check:

    Correct PIT open endpoint = /_search/point_in_time/_open [OK]
Hint: PIT open uses _open endpoint with keep_alive [OK]
Common Mistakes:
  • Missing underscore before 'open'
  • Using wrong endpoint like /create
  • Confusing PIT open with search endpoint
3.

Given the following Elasticsearch query using a point-in-time ID, what will be the value of pit_id in the search response?

POST /my-index/_search
{
  "pit": {
    "id": "abc123",
    "keep_alive": "2m"
  },
  "query": { "match_all": {} },
  "size": 1
}
medium
A. A new PIT ID string
B. "2m"
C. "abc123"
D. null

Solution

  1. Step 1: Analyze PIT ID in search response

    Searching with input PIT ID "abc123" and keep_alive "2m" returns a new PIT ID string for paging, not the input ID, "2m", or null.

  2. Final Answer:

    A new PIT ID string -> Option A

  3. Quick Check:

    Search with PIT returns new PIT ID [OK]
Hint: Search with PIT returns updated PIT ID for paging [OK]
Common Mistakes:
  • Expecting same PIT ID returned
  • Confusing keep_alive value as PIT ID
  • Assuming PIT ID is null in response
4.

Identify the error in this Elasticsearch request to use a point-in-time for paging:

POST /my-index/_search
{
  "pit": {
    "id": "",
    "keep_alive": "1m"
  },
  "query": { "match_all": {} },
  "size": 10
}
medium
A. The keep_alive value should be a number, not a string
B. The PIT ID is empty, which is invalid
C. The query must include a sort field when using PIT
D. The size parameter cannot be 10 when using PIT

Solution

  1. Step 1: Identify the error in PIT request

    Empty PIT ID "" is invalid and causes error; keep_alive "1m" string is correct, size 10 allowed, sort optional.

  2. Final Answer:

    The PIT ID is empty, which is invalid -> Option B

  3. Quick Check:

    Empty PIT ID causes error [OK]
Hint: PIT ID must be non-empty string [OK]
Common Mistakes:
  • Leaving PIT ID empty
  • Misunderstanding keep_alive format
  • Thinking size must be fixed when using PIT
5.

You want to page through a large dataset using the Point-in-time API. Which sequence of steps correctly uses PIT to avoid missing or repeating documents?

hard
A. Use PIT ID only once, then open a new PIT for each page
B. Search without PIT, use scroll API for paging, close scroll after done
C. Open PIT without keep_alive, search once, then close PIT immediately
D. Open PIT with keep_alive, search with PIT ID, use returned PIT ID for next search, repeat until no hits

Solution

  1. Step 1: Outline correct PIT paging sequence

    Open PIT with keep_alive, search using PIT ID (update to new returned PIT ID each time), repeat until no hits, then close; avoids new PITs per page (A), scroll (B), or no paging (C).

  2. Final Answer:

    Open PIT with keep_alive, search with PIT ID, use returned PIT ID for next search, repeat until no hits -> Option D

  3. Quick Check:

    Proper PIT paging = open, search, update PIT ID, repeat [OK]
Hint: Open PIT once, use updated PIT IDs to page [OK]
Common Mistakes:
  • Using scroll API instead of PIT for paging
  • Not updating PIT ID after each search
  • Opening new PIT for every page