- If the Elasticsearch security features are enabled, only the user who first submitted the EQL search can retrieve the search using this API.
- See Required fields.
If specified, this parameter sets a new
keep_aliveperiod for the search, starting when the get async EQL search API request executes. This new period overwrites the one specified in the EQL search API request.
When this period expires, the search and its results are deleted, even if the search is ongoing.
(Optional, time value) Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.
If this parameter is specified and the request completes during this period, complete search results are returned.
If the request does not complete during this period, the response returns an
trueand no search results.