Query parameters

• include_components boolean

  If true, returns a detailed status of each engine including all its components.

Responses

• 200 application/json

  Successful response

  Hide response attributes Show response attributes object

  • engines array[object] Required

    Per-engine status information.

    Hide engines attributes Show engines attributes object

    • delay string

      The delay before the transform processes new data, allowing late-arriving documents to be included.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • docsPerSecond integer

      Throttle value for the number of documents processed per second. Use -1 for no throttle.

    • error object

      Present when the engine status is error. Describes the failure.

      Hide error attributes Show error attributes object

      • action string Required

        The lifecycle action that caused the error.

        Value is init.

      • message string Required

        A human-readable error message.

    • fieldHistoryLength integer Required

      The number of historical values retained per field.

    • filter string

      An optional Kibana Query Language (KQL) filter applied to source documents before aggregation.

    • frequency string

      How often the transform runs.

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • indexPattern string Required

      An additional Elasticsearch index pattern to include as a source for entity data. Merged with the default data view indices when the engine runs.

    • lookbackPeriod string

      How far back the transform looks when calculating aggregations.

      Format should match the following pattern: [smdh]$. Default value is 24h.

    • status string Required

      The current operational status of an entity engine.

      Values are installing, started, stopped, updating, or error.

    • timeout string

      The timeout for initializing the aggregating transform.

      Format should match the following pattern: [smdh]$. Default value is 180s.

    • timestampField string

      The field used as the timestamp for source documents.

    • type string Required

      The type of entity.

      Values are user, host, service, or generic.

    • components array[object]

      Detailed component-level status. Only included when include_components is true.

      Hide components attributes Show components attributes object

      Status of an individual Elasticsearch or Kibana resource backing an engine.

      • errors array[object]

        Errors reported by this component, if any.

        Hide errors attributes Show errors attributes object

        • message string

          Detailed error message.

        • title string

          Short error title.

      • health string

        The health status of the component.

        Values are green, yellow, red, unavailable, or unknown.

      • id string Required

        Unique identifier for the component.

      • installed boolean Required

        Whether the component is currently installed.

      • metadata object

        Statistics from the underlying Elasticsearch transform.

        Hide metadata attributes Show metadata attributes object

        • delete_time_in_ms integer

          Total time spent deleting documents, in milliseconds.

        • documents_deleted integer

          Total number of documents deleted from the destination index.

        • documents_indexed integer Required

          Total number of documents written to the destination index.

        • documents_processed integer Required

          Total number of source documents processed.

        • exponential_avg_checkpoint_duration_ms integer Required

          Exponential moving average of checkpoint duration, in milliseconds.

        • exponential_avg_documents_indexed integer Required

          Exponential moving average of documents indexed per checkpoint.

        • exponential_avg_documents_processed integer Required

          Exponential moving average of documents processed per checkpoint.

        • index_failures integer Required

          Total number of failed index operations.

        • index_time_in_ms integer Required

          Total time spent indexing documents, in milliseconds.

        • index_total integer Required

          Total number of index operations.

        • pages_processed integer Required

          Number of composite aggregation pages processed.

        • processing_time_in_ms integer Required

          Total time spent processing results, in milliseconds.

        • processing_total integer Required

          Total number of processing operations.

        • search_failures integer Required

          Total number of failed search operations.

        • search_time_in_ms integer Required

          Total time spent on search queries, in milliseconds.

        • search_total integer Required

          Total number of search operations.

        • trigger_count integer Required

          Number of times the transform has been triggered.

      • resource string Required

        The type of Elasticsearch or Kibana resource backing an engine component.

        Values are entity_engine, entity_definition, index, data_stream, component_template, index_template, ingest_pipeline, enrich_policy, task, transform, or ilm_policy.

  • status string Required

    The overall operational status of the Entity Store.

    Values are not_installed, installing, running, stopped, or error.