IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Delete async EQL search APIedit
Deletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.
response = client.eql.delete( id: 'FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=' ) puts response
DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
Requestedit
DELETE /_eql/search/<search_id>
Prerequisitesedit
-
If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:
-
Users with the
cancel_task
cluster privilege - The user who first submitted the search
-
Users with the
- See Required fields.
Limitationsedit
See EQL limitations.
Path parametersedit
-
<search_id>
-
(Required, string) Identifier for the search to delete.
A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s
keep_on_completion
parameter istrue
.