Delete async EQL search API

edit

Delete async EQL search API

edit

Deletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

resp = client.eql.delete(
    id="FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=",
)
print(resp)
response = client.eql.delete(
  id: 'FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM='
)
puts response
const response = await client.eql.delete({
  id: "FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=",
});
console.log(response);
DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=

Request

edit

DELETE /_eql/search/<search_id>

Prerequisites

edit
  • If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:

    • Users with the cancel_task cluster privilege
    • The user who first submitted the search
  • See Required fields.

Limitations

edit

See EQL limitations.

Path parameters

edit
<search_id>

(Required, string) Identifier for the search to delete.

A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true.