Initiate a detection alert migration Deprecated
Initiate a migration of detection alerts. Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly.
Body Required
Alerts migration parameters
-
Array of index names to migrate.
At least
1
element. Minimum length of each is1
. -
requests_per_second integer
The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
Minimum value is
1
. -
size integer
Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
Minimum value is
1
. -
slices integer
The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
Minimum value is
1
.
POST
/api/detection_engine/signals/migration
curl \
--request POST https://localhost:5601/api/detection_engine/signals/migration \
--header "Content-Type: application/json" \
--data '{"index":[".siem-signals-default-000001"]}'
Request example
{
"index": [
".siem-signals-default-000001"
]
}
Response examples (200)
{
"indices": [
{
"index": ".siem-signals-default-000001,",
"migration_id": "923f7c50-505f-11eb-ae0a-3fa2e626a51d",
"migration_index": ".siem-signals-default-000001-r000016"
}
]
}
Response examples (400)
Security_detections_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}