GET /api/entity_store/engines/{entityType}
Api key auth

Spaces method and path for this operation:

get /s/{space_id}/api/entity_store/engines/{entityType}

Refer to Spaces for more information.

Get the engine descriptor for a specific entity type, including its configuration and current status.

Path parameters

  • entityType string Required

    The entity type of the engine.

    Values are user, host, service, or generic.

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
    • delay string

      The delay before the transform processes new data, allowing late-arriving documents to be included.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • docsPerSecond integer

      Throttle value for the number of documents processed per second. Use -1 for no throttle.

    • error object

      Present when the engine status is error. Describes the failure.

      Hide error attributes Show error attributes object
      • action string Required

        The lifecycle action that caused the error.

        Value is init.

      • message string Required

        A human-readable error message.

    • fieldHistoryLength integer Required

      The number of historical values retained per field.

    • filter string

      An optional Kibana Query Language (KQL) filter applied to source documents before aggregation.

    • frequency string

      How often the transform runs.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • indexPattern string Required

      An additional Elasticsearch index pattern to include as a source for entity data. Merged with the default data view indices when the engine runs.

    • lookbackPeriod string

      How far back the transform looks when calculating aggregations.

      Format should match the following pattern: [smdh]$. Default value is 24h.

    • status string Required

      The current operational status of an entity engine.

      Values are installing, started, stopped, updating, or error.

    • timeout string

      The timeout for initializing the aggregating transform.

      Format should match the following pattern: [smdh]$. Default value is 180s.

    • timestampField string

      The field used as the timestamp for source documents.

    • type string Required

      The type of entity.

      Values are user, host, service, or generic.
GET /api/entity_store/engines/{entityType} 
curl \
 --request GET 'https://<KIBANA_URL>/api/entity_store/engines/host' \
 --header "Authorization: $API_KEY"
Response examples (200)
Returns the engine descriptor for a host engine that is currently running with default settings. 
{
  "delay": "1m",
  "fieldHistoryLength": 10,
  "frequency": "1m",
  "indexPattern": "",
  "lookbackPeriod": "24h",
  "status": "started",
  "timeout": "180s",
  "timestampField": "@timestamp",
  "type": "host"
}