Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a9d9ee0d4b
Branches Tags
elasticsearch
/
docs
/
reference
/
eql
/
get-async-eql-search-api.asciidoc

get-async-eql-search-api.asciidoc 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. [role="xpack"]
    2. 

  2. [testenv="basic"]
    3. 

  3. 

  4. [[get-async-eql-search-api]]
    5. 

  5. === Get async EQL search API
    6. 

  6. ++++
    7. 

  7. <titleabbrev>Get async EQL search</titleabbrev>
    8. 

  8. ++++
    9. 

  9. 

  10. Returns the current status and available results for an <<eql-search-async,async
    11. 

  11. EQL search>> or a <<eql-search-store-sync-eql-search,stored synchronous EQL
    12. 

  12. search>>.
    13. 

  13. 

  14. [source,console]
    15. 

  15. ----
    16. 

  16. GET /_eql/search/FkpMRkJGS1gzVDRlM3g4ZzMyRGlLbkEaTXlJZHdNT09TU2VTZVBoNDM3cFZMUToxMDM=
    17. 

  17. ----
    18. 

  18. // TEST[skip: no access to search ID]
    19. 

  19. 

  20. [[get-async-eql-search-api-request]]
    21. 

  21. ==== {api-request-title}
    22. 

  22. 

  23. `GET /_eql/search/<search_id>`
    24. 

  24. 

  25. [[get-async-eql-search-api-prereqs]]
    26. 

  26. ==== {api-prereq-title}
    27. 

  27. 

  28. * If the {es} {security-features} are enabled, only the user who first submitted
    29. 

  29. the EQL search can retrieve the search using this API.
    30. 

  30. 

  31. * See <<eql-required-fields>>.
    32. 

  32. 

  33. [[get-async-eql-search-api-limitations]]
    34. 

  34. ===== Limitations
    35. 

  35. 

  36. See <<eql-syntax-limitations,EQL limitations>>.
    37. 

  37. 

  38. [[get-async-eql-search-api-path-params]]
    39. 

  39. ==== {api-path-parms-title}
    40. 

  40. 

  41. `<search_id>`::
    42. 

  42. (Required, string)
    43. 

  43. Identifier for the search.
    44. 

  44. +
    45. 

  45. A search ID is provided in the <<eql-search-api,EQL search API>>'s response for
    46. 

  46. an <<eql-search-async,async search>>. A search ID is also provided if the
    47. 

  47. request's <<eql-search-api-keep-on-completion,`keep_on_completion`>> parameter
    48. 

  48. is `true`.
    49. 

  49. 

  50. [[get-async-eql-search-api-query-params]]
    51. 

  51. ==== {api-query-parms-title}
    52. 

  52. 

  53. `keep_alive`::
    54. 

  54. (Optional, <<time-units,time value>>)
    55. 

  55. Period for which the search and its results are stored on the cluster. Defaults
    56. 

  56. to the `keep_alive` value set by the search's <<eql-search-api,EQL search
    57. 

  57. API>> request.
    58. 

  58. +
    59. 

  59. If specified, this parameter sets a new `keep_alive` period for the search,
    60. 

  60. starting when the get async EQL search API request executes. This new period
    61. 

  61. overwrites the one specified in the EQL search API request.
    62. 

  62. +
    63. 

  63. When this period expires, the search and its results are deleted, even if the
    64. 

  64. search is ongoing.
    65. 

  65. 

  66. `wait_for_completion_timeout`::
    67. 

  67. (Optional, <<time-units,time value>>)
    68. 

  68. Timeout duration to wait for the request to finish. Defaults to no timeout,
    69. 

  69. meaning the request waits for complete search results.
    70. 

  70. +
    71. 

  71. If this parameter is specified and the request completes during this period,
    72. 

  72. complete search results are returned.
    73. 

  73. +
    74. 

  74. If the request does not complete during this period, the response returns an
    75. 

  75. `is_partial` value of `true` and no search results.
    76. 

  76. 

  77. [role="child_attributes"]
    78. 

  78. [[get-async-eql-search-api-response-body]]
    79. 

  79. ==== {api-response-body-title}
    80. 

  80. 

  81. The async EQL search API returns the same response body as the EQL search API.
    82. 

  82. See the EQL search API's <<eql-search-api-response-body,response body
    83. 

  83. parameters>>.
    84.