stack kb security-entity-analytics-api init-entity-engine cli command

elastic stack kb security-entity-analytics-api init-entity-engine \
  --entity-type <entity-type> \
  [options]
		

Initialize an Entity Engine

Behaviour flags:

--dry-run — validate all inputs and exit without performing any action

--entity-type string required

The entity type of the engine.

--delay string

The delay before the transform will run.

--docs-per-second number

The number of documents per second to process.

--enrich-policy-execution-interval string

Interval in which enrich policy runs. For example, "1h" means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,

--field-history-length number

The number of historical values to keep for each field.

--filter string

--frequency string

The frequency at which the transform will run.

--index-pattern string

--lookback-period string

The amount of time the transform looks back to calculate the aggregations.

--max-page-search-size number

The initial page size to use for the composite aggregation of each checkpoint.

--timeout string

The timeout for initializing the aggregating transform.

--timestamp-field string

The field to use as the timestamp for the entity type.

--input-file string

path to a JSON file to use as command input

--[no-]dry-run

validate all inputs and exit without performing any action (preview changes without applying them)

--[no-]json

output as JSON