A newer version is available. For the latest information, see the
current release documentation.
Delete async EQL search API
editDelete async EQL search API
editDeletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.
DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
Request
editDELETE /_eql/search/<search_id>
Prerequisites
edit-
If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:
-
Users with the
cancel_task
cluster privilege - The user who first submitted the search
-
Users with the
- See Required fields.
Limitations
editSee EQL limitations.
Path parameters
edit-
<search_id>
-
(Required, string) Identifier for the search to delete.
A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s
keep_on_completion
parameter istrue
.