GET /api/entity_store/engines
Api key auth

Spaces method and path for this operation:

get /s/{space_id}/api/entity_store/engines

Refer to Spaces for more information.

Get a list of all installed entity engines and their current status.

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
    • count integer

      The total number of entity engines.

    • engines array[object]

      An array of engine descriptors.

      Hide engines attributes Show engines attributes object

      Describes a single entity engine, including its configuration and current status.

      • delay string

        The delay before the transform processes new data, allowing late-arriving documents to be included.

        Format should match the following pattern: [smdh]$. Default value is 1m.

      • docsPerSecond integer

        Throttle value for the number of documents processed per second. Use -1 for no throttle.

      • error object

        Present when the engine status is error. Describes the failure.

        Hide error attributes Show error attributes object
        • action string Required

          The lifecycle action that caused the error.

          Value is init.

        • message string Required

          A human-readable error message.

      • fieldHistoryLength integer Required

        The number of historical values retained per field.

      • filter string

        An optional Kibana Query Language (KQL) filter applied to source documents before aggregation.

      • frequency string

        How often the transform runs.

        Format should match the following pattern: [smdh]$. Default value is 1m.

      • indexPattern string Required

        An additional Elasticsearch index pattern to include as a source for entity data. Merged with the default data view indices when the engine runs.

      • lookbackPeriod string

        How far back the transform looks when calculating aggregations.

        Format should match the following pattern: [smdh]$. Default value is 24h.

      • status string Required

        The current operational status of an entity engine.

        Values are installing, started, stopped, updating, or error.

      • timeout string

        The timeout for initializing the aggregating transform.

        Format should match the following pattern: [smdh]$. Default value is 180s.

      • timestampField string

        The field used as the timestamp for source documents.

      • type string Required

        The type of entity.

        Values are user, host, service, or generic.
GET /api/entity_store/engines 
curl \
 --request GET 'https://<KIBANA_URL>/api/entity_store/engines' \
 --header "Authorization: $API_KEY"
Response examples (200)
Returns a list with one running host engine and one stopped user engine. 
{
  "count": 2,
  "engines": [
    {
      "delay": "1m",
      "fieldHistoryLength": 10,
      "frequency": "1m",
      "indexPattern": "",
      "lookbackPeriod": "24h",
      "status": "started",
      "timeout": "180s",
      "timestampField": "@timestamp",
      "type": "host"
    },
    {
      "delay": "1m",
      "fieldHistoryLength": 10,
      "frequency": "1m",
      "indexPattern": "",
      "lookbackPeriod": "24h",
      "status": "stopped",
      "timeout": "180s",
      "timestampField": "@timestamp",
      "type": "user"
    }
  ]
}