elastic
diff --git a/‎docs/java-rest/high-level/rollup/put_job.asciidoc‎
Lines changed: 3 additions & 3 deletions b/‎docs/java-rest/high-level/rollup/put_job.asciidoc‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/reference/aggregations/bucket/datehistogram-aggregation.asciidoc‎
Lines changed: 11 additions & 6 deletions b/‎docs/reference/aggregations/bucket/datehistogram-aggregation.asciidoc‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎docs/reference/redirects.asciidoc‎
Lines changed: 6 additions & 1 deletion b/‎docs/reference/redirects.asciidoc‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎docs/reference/rollup/apis/put-job.asciidoc‎
Lines changed: 170 additions & 16 deletions b/‎docs/reference/rollup/apis/put-job.asciidoc‎
Lines changed: 170 additions & 16 deletions
@@ -21,7 +21,7 @@ include-tagged::{doc-tests}/RollupDocumentationIT.java[x-pack-rollup-put-rollup-
 ==== Rollup Job Configuration
 
 The `RollupJobConfig` object contains all the details about the rollup job
-configuration. See {ref}/rollup-job-config.html[Rollup configuration] to learn more
+configuration. See {ref}/rollup-put-job.html[create rollup job API] to learn more
 about the various configuration settings.
 
 A `RollupJobConfig` requires the following arguments:
@@ -45,7 +45,7 @@ include-tagged::{doc-tests}/RollupDocumentationIT.java[x-pack-rollup-put-rollup-
 
 The grouping configuration of the Rollup job is defined in the `RollupJobConfig`
 using a `GroupConfig` instance. `GroupConfig` reflects all the configuration
-settings that can be defined using the REST API. See {ref}/rollup-job-config.html#rollup-groups-config[Grouping Config]
+settings that can be defined using the REST API. See {ref}/rollup-put-job.html#rollup-groups-config[Grouping config]
 to learn more about these settings.
 
 Using the REST API, we could define this grouping configuration:
@@ -89,7 +89,7 @@ include-tagged::{doc-tests}/RollupDocumentationIT.java[x-pack-rollup-put-rollup-
 After defining which groups should be generated for the data, you next configure
 which metrics should be collected. The list of metrics is defined in the `RollupJobConfig`
 using a `List<MetricConfig>` instance. `MetricConfig` reflects all the configuration
-settings that can be defined using the REST API. See {ref}/rollup-job-config.html#rollup-metrics-config[Metrics Config]
+settings that can be defined using the REST API. See {ref}/rollup-put-job.html#rollup-metrics-config[Metrics config]
 to learn more about these settings.
 
 Using the REST API, we could define this metrics configuration:
 
@@ -1,5 +1,5 @@
 [[search-aggregations-bucket-datehistogram-aggregation]]
-=== Date Histogram Aggregation
+=== Date histogram aggregation
 
 This multi-bucket aggregation is similar to the normal
 <<search-aggregations-bucket-histogram-aggregation,histogram>>, but it can
@@ -10,7 +10,8 @@ that here the interval can be specified using date/time expressions. Time-based
 data requires special support because time-based intervals are not always a
 fixed length.
 
-==== Calendar and Fixed intervals
+[[calendar_and_fixed_intervals]]
+==== Calendar and fixed intervals
 
 When configuring a date histogram aggregation, the interval can be specified
 in two manners: calendar-aware time intervals, and fixed time intervals.
@@ -42,7 +43,8 @@ are clear to the user immediately and there is no ambiguity.  The old `interval`
 will be removed in the future.
 ==================================
 
-===== Calendar Intervals
+[[calendar_intervals]]
+===== Calendar intervals
 
 Calendar-aware intervals are configured with the `calendar_interval` parameter.
 Calendar intervals can only be specified in "singular" quantities of the unit
@@ -100,7 +102,8 @@ One year (1y) is the interval between the start day of the month and time of
 day and the same day of the month and time of day the following year in the
 specified timezone, so that the date and time are the same at the start and end. +
 
-===== Calendar Interval Examples
+[[calendar_interval_examples]]
+===== Calendar interval examples
 As an example, here is an aggregation requesting bucket intervals of a month in calendar time:
 
 [source,console]
@@ -157,7 +160,8 @@ POST /sales/_search?size=0
 --------------------------------------------------
 // NOTCONSOLE
 
-===== Fixed Intervals
+[[fixed_intervals]]
+===== Fixed intervals
 
 Fixed intervals are configured with the `fixed_interval` parameter.
 
@@ -192,7 +196,8 @@ All days begin at the earliest possible time, which is usually 00:00:00
 
 Defined as 24 hours (86,400,000 milliseconds)
 
-===== Fixed Interval Examples
+[[fixed_interval_examples]]
+===== Fixed interval examples
 
 If we try to recreate the "month" `calendar_interval` from earlier, we can approximate that with
 30 fixed days:
 
@@ -1040,4 +1040,9 @@ See <<ad-realm-configuration>>.
 [role="exclude",id="how-security-works"]
 === How security works
 
-See <<elasticsearch-security>>.
+See <<elasticsearch-security>>.
+
+[role="exclude",id="rollup-job-config"]
+=== Rollup job configuration
+
+See <<rollup-put-job-api-request-body>>.
@@ -26,49 +26,198 @@ experimental[]
 [[rollup-put-job-api-desc]]
 ==== {api-description-title}
 
+The {rollup-job} configuration contains all the details about how the job should
+run, when it indexes documents, and what future queries will be able to execute
+against the rollup index.
+
+There are three main sections to the job configuration: the logistical details
+about the job (cron schedule, etc), the fields that are used for grouping, and
+what metrics to collect for each group.
+
 Jobs are created in a `STOPPED` state. You can start them with the
 <<rollup-start-job,start {rollup-jobs} API>>.
 
 [[rollup-put-job-api-path-params]]
 ==== {api-path-parms-title}
 
 `<job_id>`::
-  (Required, string) Identifier for the {rollup-job}.
+  (Required, string) Identifier for the {rollup-job}. This can be any
+  alphanumeric string and uniquely identifies the data that is associated with
+  the {rollup-job}. The ID is persistent; it is stored with the rolled up data.
+  If you create a job, let it run for a while, then delete the job, the data
+  that the job rolled up is still be associated with this job ID. You cannot
+  create a new job with the same ID since that could lead to problems with
+  mismatched job configurations.
 
 [[rollup-put-job-api-request-body]]
 ==== {api-request-body-title}
 
 `cron`::
-  (Required, string) A cron string which defines when the {rollup-job} should be executed.
+  (Required, string) A cron string which defines the intervals when the
+  {rollup-job} should be executed. When the interval triggers, the indexer
+  attempts to rollup the data in the index pattern. The cron pattern is
+  unrelated to the time interval of the data being rolled up. For example, you
+  may wish to create hourly rollups of your document but to only run the indexer
+  on a daily basis at midnight, as defined by the cron. The cron pattern is
+  defined just like a {watcher} cron schedule.
 
+[[rollup-groups-config]]
 `groups`::
-  (Required, object) Defines the grouping fields that are defined for this
-  {rollup-job}. See <<rollup-job-config,{rollup-job} config>>.
+  (Required, object) Defines the grouping fields and aggregations that are
+  defined for this {rollup-job}. These fields will then be available later for
+  aggregating into buckets.
++
+--
+These aggs and fields can be used in any combination. Think of the `groups`
+configuration as defining a set of tools that can later be used in aggregations
+to partition the data. Unlike raw data, we have to think ahead to which fields
+and aggregations might be used. Rollups provide enough flexibility that you
+simply need to determine _which_ fields are needed, not _in what order_ they are
+needed.
+
+There are three types of groupings currently available:
+--
+
+`date_histogram`:::
+  (Required, object) A date histogram group aggregates a `date` field into
+  time-based buckets. This group is *mandatory*; you currently cannot rollup
+  documents without a timestamp and a `date_histogram` group. The
+  `date_histogram` group has several parameters:
+  
+`field`::::
+  (Required, string) The date field that is to be rolled up.
+  
+`calendar_interval` or `fixed_interval`::::
+  (Required, <<time-units,time units>>) The interval of time buckets to be
+  generated when rolling up. For example, `60m` produces 60 minute (hourly)
+  rollups. This follows standard time formatting syntax as used elsewhere in
+  {es}. The interval defines the _minimum_ interval that can be aggregated only.
+  If hourly (`60m`) intervals are configured, <<rollup-search,rollup search>>
+  can execute aggregations with 60m or greater (weekly, monthly, etc) intervals.
+  So define the interval as the smallest unit that you wish to later query. For
+  more information about the difference between calendar and fixed time
+  intervals, see <<rollup-understanding-group-intervals>>.
++
+--
+NOTE: Smaller, more granular intervals take up proportionally more space.
+
+--
+
+`delay`::::
+  (Optional,<<time-units,time units>>) How long to wait before rolling up new
+  documents. By default, the indexer attempts to roll up all data that is
+  available. However, it is not uncommon for data to arrive out of order,
+  sometimes even a few days late. The indexer is unable to deal with data that
+  arrives after a time-span has been rolled up. That is to say, there is no
+  provision to update already-existing rollups.
++
+--
+Instead, you should specify a `delay` that matches the longest period of time
+you expect out-of-order data to arrive. For example, a `delay` of `1d`
+instructs the indexer to roll up documents up to `now - 1d`, which provides
+a day of buffer time for out-of-order documents to arrive.
+--
+
+`time_zone`::::
+  (Optional, string) Defines what time_zone the rollup documents are stored as.
+  Unlike raw data, which can shift timezones on the fly, rolled documents have
+  to be stored with a specific timezone. By default, rollup documents are stored
+  in `UTC`.
+
+`terms`:::
+  (Optional, object) The terms group can be used on `keyword` or numeric fields
+  to allow bucketing via the `terms` aggregation at a later point. The indexer
+  enumerates and stores _all_ values of a field for each time-period. This can
+  be potentially costly for high-cardinality groups such as IP addresses,
+  especially if the time-bucket is particularly sparse.
++
+--
+TIP: While it is unlikely that a rollup will ever be larger in size than the raw
+data, defining `terms` groups on multiple high-cardinality fields can
+effectively reduce the compression of a rollup to a large extent. You should be
+judicious which high-cardinality fields are included for that reason.
+
+The `terms` group has a single parameter:
+--
+
+`fields`::::
+  (Required, string) The set of fields that you wish to collect terms for. This
+  array can contain fields that are both `keyword` and numerics. Order does not
+  matter.
+  
+`histogram`:::
+  (Optional, object) The histogram group aggregates one or more numeric fields
+  into numeric histogram intervals. 
++
+--
+The `histogram` group has a two parameters:
+--
+
+`fields`::::
+  (Required, array) The set of fields that you wish to build histograms for. All fields
+  specified must be some kind of numeric.  Order does not matter.
+
+`interval`::::
+  (Required, integer) The interval of histogram buckets to be generated when
+  rolling up. For example, a value of `5` creates buckets that are five units
+  wide (`0-5`, `5-10`, etc). Note that only one interval can be specified in the
+  `histogram` group, meaning that all fields being grouped via the histogram
+  must share the same interval.
 
 `index_pattern`::
   (Required, string) The index or index pattern to roll up. Supports
-  wildcard-style patterns (`logstash-*`).
+  wildcard-style patterns (`logstash-*`). The job will
+  attempt to rollup the entire index or index-pattern.
++
+--
+NOTE: The `index_pattern` cannot be a pattern that would also match the
+destination `rollup_index`. For example, the pattern `foo-*` would match the
+rollup index `foo-rollup`. This situation would cause problems because the
+{rollup-job} would attempt to rollup its own data at runtime. If you attempt to
+configure a pattern that matches the `rollup_index`, an exception occurs to
+prevent this behavior.
+
+--
 
+[[rollup-metrics-config]]
 `metrics`::
-  (Optional, object) Defines the metrics to collect for each grouping tuple. See
-  <<rollup-job-config,{rollup-job} config>>.
+  (Optional, object) Defines the metrics to collect for each grouping tuple.
+  By default, only the doc_counts are collected for each group. To make rollup
+  useful, you will often add metrics like averages, mins, maxes, etc. Metrics
+  are defined on a per-field basis and for each field you configure which metric
+  should be collected.
++
+--
+The `metrics` configuration accepts an array of objects, where each object has
+two parameters:
+--
+
+`field`:::
+   (Required, string) The field to collect metrics for. This must be a numeric
+   of some kind.
+
+`metrics`:::
+  (Required, array) An array of metrics to collect for the field. At least one
+  metric must be configured. Acceptable metrics are `min`,`max`,`sum`,`avg`, and
+  `value_count`.
 
 `page_size`::
   (Required, integer) The number of bucket results that are processed on each
   iteration of the rollup indexer. A larger value tends to execute faster, but
-  requires more memory during processing.
+  requires more memory during processing. This value has no effect on how the
+  data is rolled up; it is merely used for tweaking the speed or memory cost of
+  the indexer.
 
 `rollup_index`::
   (Required, string) The index that contains the rollup results. The index can
-  be shared with other {rollup-jobs}.
-
-For more details about the job configuration, see <<rollup-job-config>>.
+  be shared with other {rollup-jobs}. The data is stored so that it doesn't
+  interfere with unrelated jobs.
 
 [[rollup-put-job-api-example]]
 ==== {api-example-title}
 
-The following example creates a {rollup-job} named "sensor", targeting the
-"sensor-*" index pattern:
+The following example creates a {rollup-job} named `sensor`, targeting the
+`sensor-*` index pattern:
 
 [source,console]
 --------------------------------------------------
@@ -78,7 +227,7 @@ PUT _rollup/job/sensor
     "rollup_index": "sensor_rollup",
     "cron": "*/30 * * * * ?",
     "page_size" :1000,
-    "groups" : {
+    "groups" : { <1>
       "date_histogram": {
         "field": "timestamp",
         "fixed_interval": "1h",
@@ -88,7 +237,7 @@ PUT _rollup/job/sensor
         "fields": ["node"]
       }
     },
-    "metrics": [
+    "metrics": [ <2>
         {
             "field": "temperature",
             "metrics": ["min", "max", "sum"]
@@ -101,6 +250,11 @@ PUT _rollup/job/sensor
 }
 --------------------------------------------------
 // TEST[setup:sensor_index]
+<1> This configuration enables date histograms to be used on the `timestamp`
+field and `terms` aggregations to be used on the `node` field.
+<2> This configuration defines metrics over two fields: `temperature` and
+`voltage`. For the `temperature` field, we are collecting the min, max, and
+sum of the temperature. For `voltage`, we are collecting the average.
 
 When the job is created, you receive the following results:
 
@@ -109,4 +263,4 @@ When the job is created, you receive the following results:
 {
   "acknowledged": true
 }
-----
+----