Initialize an Entity Engine

POST /api/entity_store/engines/{entityType}/init

Api key auth Basic auth

Path parameters

entityType string Required

The entity type of the engine (either 'user' or 'host').

Values are user, host, or service.

application/json

Body Required

Schema for the engine initialization

delay string

The delay before the transform will run.

Format should match the following pattern: [smdh]$. Default value is 1m.
docsPerSecond integer

The number of documents per second to process.
enrichPolicyExecutionInterval string

Interval in which enrich policy runs. For example, "1h" means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,

Format should match the following pattern: ^[1-9]\d*[smh]$.
fieldHistoryLength integer

The number of historical values to keep for each field.

Default value is 10.
filter string
frequency string

The frequency at which the transform will run.

Format should match the following pattern: [smdh]$. Default value is 1m.
indexPattern string
lookbackPeriod string

The amount of time the transform looks back to calculate the aggregations.

Format should match the following pattern: [smdh]$. Default value is 24h.
timeout string

The timeout for initializing the aggregating transform.

Format should match the following pattern: [smdh]$. Default value is 180s.
timestampField string

The field to use as the timestamp for the entity type.

Default value is @timestamp.

Responses

200 application/json

Successful response
Hide response attributes Show response attributes object
- delay string
  
  Format should match the following pattern: [smdh]$. Default value is 1m.
- docsPerSecond integer
- error object
- fieldHistoryLength integer Required
- filter string
- frequency string
  
  Format should match the following pattern: [smdh]$. Default value is 1m.
- indexPattern string Required
- lookbackPeriod string
  
  Format should match the following pattern: [smdh]$. Default value is 24h.
- status string Required
  
  Values are installing, started, stopped, updating, or error.
- timeout string
  
  Format should match the following pattern: [smdh]$. Default value is 180s.
- timestampField string
- type string Required
  
  Values are user, host, or service.
400

Invalid request

POST /api/entity_store/engines/{entityType}/init

curl \
 --request POST http://localhost:5622/api/entity_store/engines/{entityType}/init \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"delay":"1m","docsPerSecond":42,"enrichPolicyExecutionInterval":"1h","fieldHistoryLength":10,"filter":"string","frequency":"1m","indexPattern":"string","lookbackPeriod":"24h","timeout":"180s","timestampField":"@timestamp"}'

Request examples

{
  "delay": "1m",
  "docsPerSecond": 42,
  "enrichPolicyExecutionInterval": "1h",
  "fieldHistoryLength": 10,
  "filter": "string",
  "frequency": "1m",
  "indexPattern": "string",
  "lookbackPeriod": "24h",
  "timeout": "180s",
  "timestampField": "@timestamp"
}

Response examples (200)

{
  "delay": "1m",
  "docsPerSecond": 42,
  "error": {},
  "fieldHistoryLength": 42,
  "filter": "string",
  "frequency": "1m",
  "indexPattern": "string",
  "lookbackPeriod": "24h",
  "status": "installing",
  "timeout": "180s",
  "timestampField": "string",
  "type": "user"
}