Delete async EQL search APIedit
Deletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.
DELETE /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
Requestedit
DELETE /_eql/search/<search_id>
Prerequisitesedit
-
If the Elasticsearch security features are enabled, only the following users can use this API to delete a search:
-
Users with the
cancel_taskcluster privilege - The user who first submitted the search
-
Users with the
- See Required fields.
Limitationsedit
See EQL limitations.
Path parametersedit
-
<search_id> -
(Required, string) Identifier for the search to delete.
A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s
keep_on_completionparameter istrue.