Clean up detection alert migrations
Deprecated
Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted.
While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation.
Body
Required
Array of migration_ids to cleanup
-
migration_ids
array[string] Required Array of
migration_ids to cleanup.At least
1element.
DELETE
/api/detection_engine/signals/migration
curl \
--request DELETE 'https://localhost:5601/api/detection_engine/signals/migration' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"migration_ids":["924f7c50-505f-11eb-ae0a-3fa2e626a51d"]}'
Request example
{
"migration_ids": [
"924f7c50-505f-11eb-ae0a-3fa2e626a51d"
]
}
Response examples (200)
{
"migrations": [
{
"id": "924f7c50-505f-11eb-ae0a-3fa2e626a51d",
"status": "success",
"updated": "2021-01-06T22:05:56.859Z",
"version": 16,
"sourceIndex": ".siem-signals-default-000002",
"destinationIndex": ".siem-signals-default-000002-r000016"
}
]
}
Response examples (400)
Security_detections_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}