Spaces method and path for this operation:
delete /s/{space_id}/api/detection_engine/index
Refer to Spaces for more information.
Permanently deletes the Elastic Security alerts backing index in the current space, including the alerts
stored in it. Use with caution; prefer lifecycle policies or the UI when available.
Call GET /api/detection_engine/index first to confirm the index that will be removed.
DELETE
/api/detection_engine/index
curl \
--request DELETE 'https://localhost:5601/api/detection_engine/index' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"acknowledged": true
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"message": "API [DELETE /api/detection_engine/index] is unauthorized for the current user. The user needs alerts management permissions for the space.",
"status_code": 403
}
Response examples (404)
{
"message": "The Elastic Security alerts index to delete was not found.",
"status_code": 404
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}