Initialize the Entity Store

POST /api/entity_store/enable
Api key auth
application/json

Body Required

Schema for the entity store initialization

  • delay string

    The delay before the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • docsPerSecond integer

    The number of documents per second to process.

  • enrichPolicyExecutionInterval string

    Interval in which enrich policy runs. For example, "1h" means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,

    Format should match the following pattern: ^[1-9]\d*[smh]$.

  • entityTypes array[string]

    Values are user, host, service, or generic.

  • fieldHistoryLength integer

    The number of historical values to keep for each field.

    Default value is 10.

  • filter string
  • frequency string

    The frequency at which the transform will run.

    Format should match the following pattern: [smdh]$. Default value is 1m.

  • indexPattern string
  • lookbackPeriod string

    The amount of time the transform looks back to calculate the aggregations.

    Format should match the following pattern: [smdh]$. Default value is 24h.

  • timeout string

    The timeout for initializing the aggregating transform.

    Format should match the following pattern: [smdh]$. Default value is 180s.

  • timestampField string

    The field to use as the timestamp.

    Default value is @timestamp.

Responses

  • 200 application/json

    Successful response

    Hide response attributes Show response attributes object
    • engines array[object]
      Hide engines attributes Show engines attributes object
      • delay string

        Format should match the following pattern: [smdh]$. Default value is 1m.

      • docsPerSecond integer
      • error object
        Hide error attributes Show error attributes object
        • action string Required

          Value is init.

        • message string Required
      • fieldHistoryLength integer Required
      • filter string
      • frequency string

        Format should match the following pattern: [smdh]$. Default value is 1m.

      • indexPattern string Required
      • lookbackPeriod string

        Format should match the following pattern: [smdh]$. Default value is 24h.

      • status string Required

        Values are installing, started, stopped, updating, or error.

      • timeout string

        Format should match the following pattern: [smdh]$. Default value is 180s.

      • timestampField string
      • type string Required

        Values are user, host, service, or generic.

    • succeeded boolean
  • 400

    Invalid request

POST /api/entity_store/enable 
curl \
 --request POST 'https://<KIBANA_URL>/api/entity_store/enable' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"delay":"1m","docsPerSecond":42,"enrichPolicyExecutionInterval":"1h","entityTypes":["user"],"fieldHistoryLength":10,"filter":"string","frequency":"1m","indexPattern":"string","lookbackPeriod":"24h","timeout":"180s","timestampField":"@timestamp"}'