Version: 7.x-36.0.0

This is a technical preview. Technical preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production. We encourage you to try them out and provide your feedback, good and bad, on the Search Guard forum. This will help us improve and add any features you might be missing.

Delete Watch API


DELETE /_signals/watch/{watch_id}

Deletes the watch identified by the {watch_id} path parameter.

Path Parameters

{watch_id} The id of the watch to be deleted. Required.


200 OK

The watch was successfully deleted.

403 Forbidden

The user does not have the permission to delete watches for the currently selected tenant.

404 Not found

A watch with the given id does not exist for the current tenant.

The status 404 is also returned if the tenant specified by the sg_tenant request header does not exist.

Multi Tenancy

The watch REST API is tenant-aware. Each Signals tenant has its own separate set of watches. The HTTP request header sg_tenant can be used to specify the tenant to be used. If the header is absent, the default tenant is used.


For being able to access the endpoint, the user needs to have the privilege cluster:admin:searchguard:tenant:signals:watch/delete for the currently selected tenant.

This permission is included in the following built-in action groups:



DELETE /_signals/watch/bad_weather


200 OK
    "_id": "bad_weather",
    "_version": 2,
    "result": "deleted"

Not what you were looking for? Try the search.