Initialize an Entity Engine

POST /api/entity_store/engines/{entityType}/init
Api key auth

Path parameters

  • entityType string Required

    The entity type of the engine (either 'user' or 'host').

    Values are user, host, service, or generic.

application/json

Body Required

Schema for the engine initialization

  • delay string

    The delay before the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • docsPerSecond integer

    The number of documents per second to process.

  • enrichPolicyExecutionInterval string

    Interval in which enrich policy runs. For example, "1h" means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,

    Format should match the following pattern: ^[1-9]\d*[smh]$.

  • fieldHistoryLength integer

    The number of historical values to keep for each field.

    Default value is 10.

  • filter string
  • frequency string

    The frequency at which the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • indexPattern string
  • lookbackPeriod string

    The amount of time the transform looks back to calculate the aggregations.

    Format should match the following pattern: [smdh]$. Default value is 24h.

  • timeout string

    The timeout for initializing the aggregating transform.

    Format should match the following pattern: [smdh]$. Default value is 180s.

  • timestampField string

    The field to use as the timestamp for the entity type.

    Default value is @timestamp.

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
    • delay string

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • docsPerSecond integer
    • error object
      Hide error attributes Show error attributes object
      • action string Required

        Value is init.

      • message string Required
    • fieldHistoryLength integer Required
    • filter string
    • frequency string

      Format should match the following pattern: [smdh]$. Default value is 1m.

    • indexPattern string Required
    • lookbackPeriod string

      Format should match the following pattern: [smdh]$. Default value is 24h.

    • status string Required

      Values are installing, started, stopped, updating, or error.

    • timeout string

      Format should match the following pattern: [smdh]$. Default value is 180s.

    • timestampField string
    • type string Required

      Values are user, host, service, or generic.
  • 400

    Invalid request

POST /api/entity_store/engines/{entityType}/init 
curl \
 --request POST 'https://<KIBANA_URL>/api/entity_store/engines/{entityType}/init' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"delay":"1m","docsPerSecond":42,"enrichPolicyExecutionInterval":"1h","fieldHistoryLength":10,"filter":"string","frequency":"1m","indexPattern":"string","lookbackPeriod":"24h","timeout":"180s","timestampField":"@timestamp"}'