Query parameters

• include_components boolean

  If true, returns a detailed status of each engine including all its components.

Responses

• 200 application/json

  Successful response

  Hide response attributes Show response attributes object

  • engines array[object] Required

    Per-engine status information.

    Hide engines attributes Show engines attributes object

    • delay string

      The delay before the transform processes new data, allowing late-arriving documents to be included.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • docsPerSecond integer

      Throttle value for the number of documents processed per second. Use -1 for no throttle.

    • error object

      Present when the engine status is error. Describes the failure.

      Hide error attributes Show error attributes object

      • action string Required

        The lifecycle action that caused the error.

        Value is init.

      • message string Required

        A human-readable error message.

    • fieldHistoryLength integer Required

      The number of historical values retained per field.

    • filter string

      An optional Kibana Query Language (KQL) filter applied to source documents before aggregation.

    • frequency string

      How often the transform runs.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • indexPattern string Required

      An additional Elasticsearch index pattern to include as a source for entity data. Merged with the default data view indices when the engine runs.

    • lookbackPeriod string

      How far back the transform looks when calculating aggregations.

      Format should match the following pattern: [smdh]$. Default value is 24h.

    • status string Required

      The current operational status of an entity engine.

      Values are installing, started, stopped, updating, or error.

    • timeout string

      The timeout for initializing the aggregating transform.

      Format should match the following pattern: [smdh]$. Default value is 180s.

    • timestampField string

      The field used as the timestamp for source documents.

    • type string Required

      The type of entity.

      Values are user, host, or service.

    • components array[object]

      Detailed component-level status. Only included when include_components is true.

      Hide components attributes Show components attributes object

      Status of an individual Elasticsearch or Kibana resource backing an engine.

      • errors array[object]

        Errors reported by this component, if any.

        Hide errors attributes Show errors attributes object

        • message string

          Detailed error message.

        • title string

          Short error title.

      • health string

        The health status of the component.

        Values are green, yellow, red, unavailable, or unknown.

      • id string Required

        Unique identifier for the component.

      • installed boolean Required

        Whether the component is currently installed.

      • resource string Required

        The type of Elasticsearch or Kibana resource backing an engine component.

        Values are entity_engine, entity_definition, index, component_template, index_template, ingest_pipeline, enrich_policy, task, or transform.

  • status string Required

    The overall operational status of the Entity Store.

    Values are not_installed, installing, running, stopped, or error.