Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 1364f50cbf
Branches Tags
elasticsearch
/
docs
/
reference
/
eql
/
get-async-eql-search-api.asciidoc

get-async-eql-search-api.asciidoc 2.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. [role="xpack"]
    2. 

  2. 

  3. [[get-async-eql-search-api]]
    4. 

  4. === Get async EQL search API
    5. 

  5. ++++
    6. 

  6. <titleabbrev>Get async EQL search</titleabbrev>
    7. 

  7. ++++
    8. 

  8. 

  9. Returns the current status and available results for an <<eql-search-async,async
    10. 

  10. EQL search>> or a <<eql-search-store-sync-eql-search,stored synchronous EQL
    11. 

  11. search>>.
    12. 

  12. 

  13. [source,console]
    14. 

  14. ----
    15. 

  15. GET /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
    16. 

  16. ----
    17. 

  17. // TEST[skip: no access to search ID]
    18. 

  18. 

  19. [[get-async-eql-search-api-request]]
    20. 

  20. ==== {api-request-title}
    21. 

  21. 

  22. `GET /_eql/search/<search_id>`
    23. 

  23. 

  24. [[get-async-eql-search-api-prereqs]]
    25. 

  25. ==== {api-prereq-title}
    26. 

  26. 

  27. * If the {es} {security-features} are enabled, only the user who first submitted
    28. 

  28. the EQL search can retrieve the search using this API.
    29. 

  29. 

  30. * See <<eql-required-fields>>.
    31. 

  31. 

  32. [[get-async-eql-search-api-limitations]]
    33. 

  33. ===== Limitations
    34. 

  34. 

  35. See <<eql-syntax-limitations,EQL limitations>>.
    36. 

  36. 

  37. [[get-async-eql-search-api-path-params]]
    38. 

  38. ==== {api-path-parms-title}
    39. 

  39. 

  40. `<search_id>`::
    41. 

  41. (Required, string)
    42. 

  42. Identifier for the search.
    43. 

  43. +
    44. 

  44. A search ID is provided in the <<eql-search-api,EQL search API>>'s response for
    45. 

  45. an <<eql-search-async,async search>>. A search ID is also provided if the
    46. 

  46. request's <<eql-search-api-keep-on-completion,`keep_on_completion`>> parameter
    47. 

  47. is `true`.
    48. 

  48. 

  49. [[get-async-eql-search-api-query-params]]
    50. 

  50. ==== {api-query-parms-title}
    51. 

  51. 

  52. `keep_alive`::
    53. 

  53. (Optional, <<time-units,time value>>)
    54. 

  54. Period for which the search and its results are stored on the cluster. Defaults
    55. 

  55. to the `keep_alive` value set by the search's <<eql-search-api,EQL search
    56. 

  56. API>> request.
    57. 

  57. +
    58. 

  58. If specified, this parameter sets a new `keep_alive` period for the search,
    59. 

  59. starting when the get async EQL search API request executes. This new period
    60. 

  60. overwrites the one specified in the EQL search API request.
    61. 

  61. +
    62. 

  62. When this period expires, the search and its results are deleted, even if the
    63. 

  63. search is ongoing.
    64. 

  64. 

  65. `wait_for_completion_timeout`::
    66. 

  66. (Optional, <<time-units,time value>>)
    67. 

  67. Timeout duration to wait for the request to finish. Defaults to no timeout,
    68. 

  68. meaning the request waits for complete search results.
    69. 

  69. +
    70. 

  70. If this parameter is specified and the request completes during this period,
    71. 

  71. complete search results are returned.
    72. 

  72. +
    73. 

  73. If the request does not complete during this period, the response returns an
    74. 

  74. `is_partial` value of `true` and no search results.
    75. 

  75. 

  76. [role="child_attributes"]
    77. 

  77. [[get-async-eql-search-api-response-body]]
    78. 

  78. ==== {api-response-body-title}
    79. 

  79. 

  80. The async EQL search API returns the same response body as the EQL search API.
    81. 

  81. See the EQL search API's <<eql-search-api-response-body,response body
    82. 

  82. parameters>>.
    83.