This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Delete async EQL search API
editDelete async EQL search API
editDeletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.
resp = client.eql.delete( id="FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=", ) print(resp)
response = client.eql.delete( id: 'FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=' ) puts response
const response = await client.eql.delete({ id: "FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=", }); console.log(response);
DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
Request
editDELETE /_eql/search/<search_id>
Prerequisites
edit-
If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:
-
Users with the
cancel_task
cluster privilege - The user who first submitted the search
-
Users with the
- See Required fields.
Limitations
editSee EQL limitations.
Path parameters
edit-
<search_id>
-
(Required, string) Identifier for the search to delete.
A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s
keep_on_completion
parameter istrue
.