Clean up detection alert migrations

DELETE /api/detection_engine/signals/migration

Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted.

While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation.

application/json; Elastic-Api-Version=2023-10-31

Body Required

Array of migration_ids to cleanup

migration_ids array[string] Required

At least 1 element.

Responses

200 application/json; Elastic-Api-Version=2023-10-31

Successful response
Hide response attributes Show response attributes object
- destinationIndex string Required
- error object
  
  Additional properties are allowed.
  
  Hide error attributes Show error attributes object
  
  message string Required
  
  status_code integer Required
- id string Required
- sourceIndex string Required
- status string Required
  
  Values are success, failure, or pending.
- updated string(date-time) Required
- version string Required
400 application/json; Elastic-Api-Version=2023-10-31

Invalid input data response
One of:
Security_Detections_API_PlatformErrorResponse object Security_Detections_API_SiemErrorResponse object
Hide attributes Show attributes

error string Required

message string Required

statusCode integer Required
Hide attributes Show attributes

message string Required

status_code integer Required
401 application/json; Elastic-Api-Version=2023-10-31

Unsuccessful authentication response
Hide response attributes Show response attributes object
- error string Required
- message string Required
- statusCode integer Required
500 application/json; Elastic-Api-Version=2023-10-31

Internal server error response
Hide response attributes Show response attributes object
- message string Required
- status_code integer Required

DELETE /api/detection_engine/signals/migration

curl \
 -X DELETE https://localhost:5601/api/detection_engine/signals/migration \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"

Request examples

{
  "migration_ids": [
    "string"
  ]
}

Response examples (200)

[
  {
    "destinationIndex": "string",
    "error": {
      "message": "string",
      "status_code": 42
    },
    "id": "string",
    "sourceIndex": "string",
    "status": "success",
    "updated": "2024-05-04T09:42:00+00:00",
    "version": "string"
  }
]

Response examples (400)

{
  "error": "string",
  "message": "string",
  "statusCode": 42
}

{
  "message": "string",
  "status_code": 42
}

Response examples (401)

{
  "error": "string",
  "message": "string",
  "statusCode": 42
}

Response examples (500)

{
  "message": "string",
  "status_code": 42
}