IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« EQL APIs EQL search API »
Elastic Docs Elasticsearch Guide [7.15] REST APIs EQL APIs

Delete async EQL search API

edit

Delete async EQL search API

edit

Deletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=

Request

edit

DELETE /_eql/search/<search_id>

Prerequisites

edit

  • If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:

    • Users with the cancel_task cluster privilege
    • The user who first submitted the search
  • See Required fields.

Limitations

edit

See EQL limitations.

Path parameters

edit
<search_id>

(Required, string) Identifier for the search to delete.

A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true.

« EQL APIs EQL search API »