Clean up detection alert migrations
Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted.
While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation.
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
DELETE /api/detection_engine/signals/migration
curl \
-X DELETE https://localhost:5601/api/detection_engine/signals/migration \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
"migration_ids": [
"string"
]
}
Response examples (200)
[
{
"destinationIndex": "string",
"error": {
"message": "string",
"status_code": 42
},
"id": "string",
"sourceIndex": "string",
"status": "success",
"updated": "2024-05-04T09:42:00+00:00",
"version": "string"
}
]
Response examples (400)
Security_detections_api_platformerrorresponse (generated)
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}