Path parameters
-
id
string Required The identifier for the rule.
curl \
--request GET 'https://localhost:5601/api/alerting/rule/{id}' \
--header "Authorization: $API_KEY"
{
"actions": [
{
"alerts_filter": {
"query": {
"dsl": "string",
"filters": [
{
"$state": {
"store": "appState"
},
"meta": {},
"query": {}
}
],
"kql": "string"
},
"timeframe": {
"days": [
1
],
"hours": {
"end": "string",
"start": "string"
},
"timezone": "string"
}
},
"connector_type_id": "string",
"frequency": {
"notify_when": "onActionGroupChange",
"summary": true,
"throttle": "string"
},
"group": "string",
"id": "string",
"params": {},
"use_alert_data_for_template": true,
"uuid": "string"
}
],
"active_snoozes": [
"string"
],
"alert_delay": {
"active": 42.0
},
"api_key_created_by_user": true,
"api_key_owner": "string",
"consumer": "string",
"created_at": "string",
"created_by": "string",
"enabled": true,
"execution_status": {
"error": {
"message": "string",
"reason": "read"
},
"last_duration": 42.0,
"last_execution_date": "string",
"status": "ok",
"warning": {
"message": "string",
"reason": "maxExecutableActions"
}
},
"flapping": {
"look_back_window": 42.0,
"status_change_threshold": 42.0
},
"id": "string",
"is_snoozed_until": "string",
"last_run": {
"alerts_count": {
"active": 42.0,
"ignored": 42.0,
"new": 42.0,
"recovered": 42.0
},
"outcome": "succeeded",
"outcome_msg": [
"string"
],
"outcome_order": 42.0,
"warning": "read"
},
"mapped_params": {},
"monitoring": {
"run": {
"calculated_metrics": {
"p50": 42.0,
"p95": 42.0,
"p99": 42.0,
"success_ratio": 42.0
},
"history": [
{
"duration": 42.0,
"outcome": "succeeded",
"success": true,
"timestamp": 42.0
}
],
"last_run": {
"metrics": {
"duration": 42.0,
"gap_duration_s": 42.0,
"gap_range": {
"gte": "string",
"lte": "string"
},
"total_alerts_created": 42.0,
"total_alerts_detected": 42.0,
"total_indexing_duration_ms": 42.0,
"total_search_duration_ms": 42.0
},
"timestamp": "string"
}
}
},
"mute_all": true,
"muted_alert_ids": [
"string"
],
"name": "string",
"next_run": "string",
"notify_when": "onActionGroupChange",
"params": {},
"revision": 42.0,
"rule_type_id": "string",
"running": true,
"schedule": {
"interval": "string"
},
"scheduled_task_id": "string",
"snooze_schedule": [
{
"duration": 42.0,
"id": "string",
"rRule": {
"byhour": [
42.0
],
"byminute": [
42.0
],
"bymonth": [
42.0
],
"bymonthday": [
42.0
],
"bysecond": [
42.0
],
"bysetpos": [
42.0
],
"byweekday": [
"string"
],
"byweekno": [
42.0
],
"byyearday": [
42.0
],
"count": 42.0,
"dtstart": "string",
"freq": 0,
"interval": 42.0,
"tzid": "string",
"until": "string",
"wkst": "MO"
},
"skipRecurrences": [
"string"
]
}
],
"tags": [
"string"
],
"throttle": "string",
"updated_at": "string",
"updated_by": "string",
"view_in_app_relative_url": "string"
}
Schedule a snooze for the rule
When you snooze a rule, the rule checks continue to run but alerts will not generate actions. You can snooze for a specified period of time and schedule single or recurring downtimes.
Path parameters
-
id
string Required Identifier of the rule.
curl \
--request POST 'https://localhost:5601/api/alerting/rule/{id}/snooze_schedule' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"schedule":{"custom":{"duration":"string","recurring":{"end":"string","every":"string","occurrences":42.0,"onMonth":[42.0],"onMonthDay":[42.0],"onWeekDay":["string"]},"start":"string","timezone":"string"}}}'
# Headers
kbn-xsrf: true
# Payload
{
"schedule": {
"custom": {
"duration": "string",
"recurring": {
"end": "string",
"every": "string",
"occurrences": 42.0,
"onMonth": [
42.0
],
"onMonthDay": [
42.0
],
"onWeekDay": [
"string"
]
},
"start": "string",
"timezone": "string"
}
}
}
{
"body": {
"schedule": {
"custom": {
"duration": "string",
"recurring": {
"end": "string",
"every": "string",
"occurrences": 42.0,
"onMonth": [
42.0
],
"onMonthDay": [
42.0
],
"onWeekDay": [
"string"
]
},
"start": "string",
"timezone": "string"
},
"id": "string"
}
}
}
Delete a snooze schedule for a rule
Path parameters
-
ruleId
string Required The identifier for the rule.
-
scheduleId
string Required The identifier for the snooze schedule.
curl \
--request DELETE 'https://localhost:5601/api/alerting/rule/{ruleId}/snooze_schedule/{scheduleId}' \
--header "Authorization: $API_KEY" \
--header "kbn-xsrf: true"
Get source maps
Get an array of Fleet artifacts, including source map uploads. You must have read
or all
Kibana privileges for the APM and User Experience feature.
Headers
-
elastic-api-version
string Required The version of the API to use
Value is
2023-10-31
. Default value is2023-10-31
.
curl -X GET "http://localhost:5601/api/apm/sourcemaps" \
-H 'Content-Type: application/json' \
-H 'kbn-xsrf: true' \
-H 'Authorization: ApiKey ${YOUR_API_KEY}'
{
"artifacts": [
{
"type": "sourcemap",
"identifier": "foo-1.0.0",
"relative_url": "/api/fleet/artifacts/foo-1.0.0/644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"body": {
"serviceName": "foo",
"serviceVersion": "1.0.0",
"bundleFilepath": "/test/e2e/general-usecase/bundle.js",
"sourceMap": {
"version": 3,
"file": "static/js/main.chunk.js",
"sources": [
"fleet-source-map-client/src/index.css",
"fleet-source-map-client/src/App.js",
"webpack:///./src/index.css?bb0a",
"fleet-source-map-client/src/index.js",
"fleet-source-map-client/src/reportWebVitals.js"
],
"sourcesContent": [
"content"
],
"mappings": "mapping",
"sourceRoot": ""
}
},
"created": "2021-07-09T20:47:44.812Z",
"id": "apm:foo-1.0.0-644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"compressionAlgorithm": "zlib",
"decodedSha256": "644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"decodedSize": 441,
"encodedSha256": "024c72749c3e3dd411b103f7040ae62633558608f480bce4b108cf5b2275bd24",
"encodedSize": 237,
"encryptionAlgorithm": "none",
"packageName": "apm"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
Upload a source map
Upload a source map for a specific service and version. You must have all
Kibana privileges for the APM and User Experience feature.
The maximum payload size is 1mb
. If you attempt to upload a source map that exceeds the maximum payload size, you will get a 413 error. Before uploading source maps that exceed this default, change the maximum payload size allowed by Kibana with the server.maxPayload
variable.
Headers
-
elastic-api-version
string Required The version of the API to use
Value is
2023-10-31
. Default value is2023-10-31
. -
kbn-xsrf
string Required A required header to protect against CSRF attacks
Body
Required
-
bundle_filepath
string Required The absolute path of the final bundle as used in the web application.
-
service_name
string Required The name of the service that the service map should apply to.
-
service_version
string Required The version of the service that the service map should apply to.
-
sourcemap
string(binary) Required The source map. It can be a string or file upload. It must follow the source map format specification.
curl -X POST "http://localhost:5601/api/apm/sourcemaps" \
-H 'Content-Type: multipart/form-data' \
-H 'kbn-xsrf: true' \
-H 'Authorization: ApiKey ${YOUR_API_KEY}' \
-F 'service_name="foo"' \
-F 'service_version="1.0.0"' \
-F 'bundle_filepath="/test/e2e/general-usecase/bundle.js"' \
-F 'sourcemap="{\"version\":3,\"file\":\"static/js/main.chunk.js\",\"sources\":[\"fleet-source-map-client/src/index.css\",\"fleet-source-map-client/src/App.js\",\"webpack:///./src/index.css?bb0a\",\"fleet-source-map-client/src/index.js\",\"fleet-source-map-client/src/reportWebVitals.js\"],\"sourcesContent\":[\"content\"],\"mappings\":\"mapping\",\"sourceRoot\":\"\"}"'
{
"id": "apm:foo-1.0.0-644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"body": "eJyFkL1OwzAUhd/Fc+MbYMuCEBIbHRjKgBgc96R16tiWr1OQqr47NwqJxEK3q/PzWccXxchnZ7E1A1SjuhjVZtF2yOxiEPlO17oWox3D3uPFeSRTjmJQARfCPeiAgGx8NTKsYdAc1T3rwaSJGcds8Sp3c1HnhfywUZ3QhMTFFGepZxqMC9oex3CS9tpk1XyozgOlmoVKuJX1DqEQZ0su7PGtLU+V/3JPKc3cL7TJ2FNDRPov4bFta3MDM4f7W69lpJjLO9qdK8bzVPhcJz3HUCQ4LbO/p5hCSC4cZPByrp/wFqOklbpefwAhzpqI",
"type": "sourcemap",
"created": "2021-07-09T20:47:44.812Z",
"identifier": "foo-1.0.0",
"decodedSize": 441,
"encodedSize": 237,
"packageName": "apm",
"relative_url": "/api/fleet/artifacts/foo-1.0.0/644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"decodedSha256": "644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"encodedSha256": "024c72749c3e3dd411b103f7040ae62633558608f480bce4b108cf5b2275bd24",
"encryptionAlgorithm": "none",
"compressionAlgorithm": "zlib"
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
Delete a runtime field from a data view
curl \
--request DELETE 'https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day' \
--header "Authorization: $API_KEY"
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
Upgrade an agent
[Required authorization] Route required privileges: fleet-agents-all.
Path parameters
-
agentId
string Required
Body
-
force
boolean -
skipRateLimitCheck
boolean -
source_uri
string -
version
string Required
curl \
--request POST 'https://localhost:5601/api/fleet/agents/{agentId}/upgrade' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"force":true,"skipRateLimitCheck":true,"source_uri":"string","version":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"skipRateLimitCheck": true,
"source_uri": "string",
"version": "string"
}
{}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Get agent policies
[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-agents-read OR fleet-setup.
Query parameters
-
page
number -
perPage
number -
sortField
string -
sortOrder
string Values are
desc
orasc
. -
showUpgradeable
boolean -
kuery
string -
noAgentCount
boolean Deprecated use withAgentCount instead
-
withAgentCount
boolean get policies with agent count
-
full
boolean get full policies with package policies populated
-
format
string Values are
simplified
orlegacy
.
curl \
--request GET 'https://localhost:5601/api/fleet/agent_policies' \
--header "Authorization: $API_KEY"
{
"items": [
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Update package settings
[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.
Path parameters
-
pkgName
string Required -
pkgVersion
string
Body
-
keepPoliciesUpToDate
boolean Required
curl \
--request PUT 'https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"keepPoliciesUpToDate":true}'
# Headers
kbn-xsrf: true
# Payload
{
"keepPoliciesUpToDate": true
}
{
"item": {
"agent": {
"privileges": {
"root": true
}
},
"asset_tags": [
{
"asset_ids": [
"string"
],
"asset_types": [
"string"
],
"text": "string"
}
],
"assets": {},
"categories": [
"string"
],
"conditions": {
"elastic": {
"capabilities": [
"string"
],
"subscription": "string"
},
"kibana": {
"version": "string"
}
},
"data_streams": [
{}
],
"description": "string",
"discovery": {
"fields": [
{
"name": "string"
}
]
},
"download": "string",
"elasticsearch": {},
"format_version": "string",
"icons": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"installationInfo": {
"additional_spaces_installed_kibana": {
"additionalProperty1": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"additionalProperty2": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
},
"created_at": "string",
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"install_format_schema_version": "string",
"install_source": "registry",
"install_status": "installed",
"installed_es": [
{
"deferred": true,
"id": "string",
"type": "index",
"version": "string"
}
],
"installed_kibana": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"installed_kibana_space_id": "string",
"latest_executed_state": {
"error": "string",
"name": "string",
"started_at": "string"
},
"latest_install_failed_attempts": [
{
"created_at": "string",
"error": {
"message": "string",
"name": "string",
"stack": "string"
},
"target_version": "string"
}
],
"name": "string",
"namespaces": [
"string"
],
"type": "string",
"updated_at": "string",
"verification_key_id": "string",
"verification_status": "unverified",
"version": "string"
},
"internal": true,
"keepPoliciesUpToDate": true,
"latestVersion": "string",
"license": "string",
"licensePath": "string",
"name": "string",
"notice": "string",
"owner": {
"github": "string",
"type": "elastic"
},
"path": "string",
"policy_templates": [
{}
],
"readme": "string",
"release": "ga",
"screenshots": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"signature_path": "string",
"source": {
"license": "string"
},
"status": "string",
"title": "string",
"type": "integration",
"vars": [
{}
],
"version": "string"
}
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Get settings
[Required authorization] Route required privileges: fleet-settings-read.
curl \
--request GET 'https://localhost:5601/api/fleet/settings' \
--header "Authorization: $API_KEY"
{
"item": {
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"id": "string",
"output_secret_storage_requirements_met": true,
"preconfigured_fields": [
"fleet_server_hosts"
],
"prerelease_integrations_enabled": true,
"secret_storage_requirements_met": true,
"use_space_awareness_migration_started_at": "string",
"use_space_awareness_migration_status": "pending",
"version": "string"
}
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
Get output
Get output by ID.
[Required authorization] Route required privileges: fleet-settings-read OR fleet-agent-policies-read.
Path parameters
-
outputId
string Required
curl \
--request GET 'https://localhost:5601/api/fleet/outputs/{outputId}' \
--header "Authorization: $API_KEY"
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Dry run a package policy upgrade
[Required authorization] Route required privileges: fleet-agent-policies-read AND integrations-read.
Body
-
packagePolicyIds
array[string] Required -
packageVersion
string
curl \
--request POST 'https://localhost:5601/api/fleet/package_policies/upgrade/dryrun' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"packagePolicyIds":["string"],"packageVersion":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"packagePolicyIds": [
"string"
],
"packageVersion": "string"
}
[
{
"agent_diff": [
[
{
"data_stream": {
"namespace": "string"
},
"id": "string",
"meta": {
"package": {
"name": "string",
"version": "string"
}
},
"name": "string",
"package_policy_id": "string",
"processors": [
{
"add_fields": {
"fields": {},
"target": "string"
}
}
],
"revision": 42.0,
"streams": [
{
"data_stream": {
"dataset": "string",
"type": "string"
},
"id": "string"
}
],
"type": "string",
"use_output": "string"
}
]
],
"body": {
"message": "string"
},
"diff": [
{
"additional_datastreams_permissions": [
"string"
],
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
],
"hasErrors": true,
"name": "string",
"statusCode": 42.0
}
]
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Get a Fleet Server host
Get a Fleet Server host by ID.
[Required authorization] Route required privileges: fleet-settings-read.
Path parameters
-
itemId
string Required
curl \
--request GET 'https://localhost:5601/api/fleet/fleet_server_hosts/{itemId}' \
--header "Authorization: $API_KEY"
{
"item": {
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string",
"secrets": {
"ssl": {
"es_key": {
"id": "string"
},
"key": {
"id": "string"
}
}
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"client_auth": "optional",
"es_certificate": "string",
"es_certificate_authorities": [
"string"
],
"es_key": "string",
"key": "string"
}
}
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Create a service token
[Required authorization] Route required privileges: fleet-agents-all.
curl \
--request POST 'https://localhost:5601/api/fleet/service_tokens' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"remote":false}'
# Headers
kbn-xsrf: true
# Payload
{
"remote": false
}
{
"name": "string",
"value": "string"
}
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Logstash configuration management
Programmatically integrate with Logstash configuration management.
Do not directly access the .logstash
index. The structure of the .logstash
index is subject to change, which could cause your integration to break. Instead, use the Logstash configuration management APIs.
Resolve import errors
To resolve errors from the Import objects API, you can:
- Retry certain saved objects
- Overwrite specific saved objects
- Change references to different saved objects
Query parameters
-
compatibilityMode
boolean Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. When enabled during the initial import, also enable when resolving import errors. This option cannot be used with the
createNewCopies
option. -
createNewCopies
boolean Creates copies of the saved objects, regenerates each object ID, and resets the origin. When enabled during the initial import, also enable when resolving import errors.
curl \
--request POST 'https://localhost:5601/api/saved_objects/_resolve_import_errors' \
--header "Authorization: $API_KEY" \
--header "Content-Type: multipart/form-data" \
--header "kbn-xsrf: string" \
--form "file=file.ndjson" \
--form "retries[]={"id"=>"my-pattern", "type"=>"index-pattern", "overwrite"=>true}" \
--form "retries[]={"id"=>"my-vis", "type"=>"visualization", "overwrite"=>true, "destinationId"=>"another-vis"}" \
--form "retries[]={"id"=>"my-canvas", "type"=>"canvas", "overwrite"=>true, "destinationId"=>"yet-another-canvas"}" \
--form "retries[]={"id"=>"my-dashboard", "type"=>"dashboard"}"
{"file"=>"file.ndjson", "retries"=>[{"id"=>"my-pattern", "type"=>"index-pattern", "overwrite"=>true}, {"id"=>"my-vis", "type"=>"visualization", "overwrite"=>true, "destinationId"=>"another-vis"}, {"id"=>"my-canvas", "type"=>"canvas", "overwrite"=>true, "destinationId"=>"yet-another-canvas"}, {"id"=>"my-dashboard", "type"=>"dashboard"}]}
{
"success": true,
"successCount": 3,
"successResults": [
{
"id": "my-vis",
"meta": {
"icon": "visualizeApp",
"title": "Look at my visualization"
},
"type": "visualization"
},
{
"id": "my-search",
"meta": {
"icon": "searchApp",
"title": "Look at my search"
},
"type": "search"
},
{
"id": "my-dashboard",
"meta": {
"icon": "dashboardApp",
"title": "Look at my dashboard"
},
"type": "dashboard"
}
]
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
Create a model response
Create a model response for the given chat conversation.
Query parameters
-
content_references_disabled
boolean If true, the response will not include content references.
Default value is
false
.
Body
Required
-
connectorId
string Required -
conversationId
string(nonempty) A string that does not contain only whitespace characters
Minimum length is
1
. -
isStream
boolean -
langSmithApiKey
string -
langSmithProject
string -
messages
array[object] Required AI assistant message.
-
model
string -
persist
boolean Required -
promptId
string -
responseLanguage
string
curl \
--request POST 'https://localhost:5601/api/security_ai_assistant/chat/complete' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"connectorId":"string","conversationId":"string","isStream":true,"langSmithApiKey":"string","langSmithProject":"string","messages":[{"content":"string","data":{},"fields_to_anonymize":["string"],"role":"system"}],"model":"string","persist":true,"promptId":"string","responseLanguage":"string"}'
{
"connectorId": "string",
"conversationId": "string",
"isStream": true,
"langSmithApiKey": "string",
"langSmithProject": "string",
"messages": [
{
"content": "string",
"data": {},
"fields_to_anonymize": [
"string"
],
"role": "system"
}
],
"model": "string",
"persist": true,
"promptId": "string",
"responseLanguage": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Create a conversation
Create a new Security AI Assistant conversation.
Body
Required
-
apiConfig
object LLM API configuration.
-
category
string The conversation category.
Values are
assistant
orinsights
. -
excludeFromLastConversationStorage.
-
id
string The conversation id.
-
messages
array[object] The conversation messages.
AI assistant conversation message.
-
replacements
object Replacements object used to anonymize/deanomymize messsages
-
title
string Required The conversation title.
curl \
--request POST 'https://localhost:5601/api/security_ai_assistant/current_user/conversations' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"apiConfig":{"actionTypeId":"string","connectorId":"string","defaultSystemPromptId":"string","model":"string","provider":"OpenAI"},"category":"assistant","excludeFromLastConversationStorage":true,"id":"string","messages":[{"content":"string","isError":true,"metadata":{"contentReferences":{}},"reader":{},"role":"system","timestamp":"string","traceData":{"traceId":"string","transactionId":"string"}}],"replacements":{"additionalProperty1":"string","additionalProperty2":"string"},"title":"string"}'
{
"apiConfig": {
"actionTypeId": "string",
"connectorId": "string",
"defaultSystemPromptId": "string",
"model": "string",
"provider": "OpenAI"
},
"category": "assistant",
"excludeFromLastConversationStorage": true,
"id": "string",
"messages": [
{
"content": "string",
"isError": true,
"metadata": {
"contentReferences": {}
},
"reader": {},
"role": "system",
"timestamp": "string",
"traceData": {
"traceId": "string",
"transactionId": "string"
}
}
],
"replacements": {
"additionalProperty1": "string",
"additionalProperty2": "string"
},
"title": "string"
}
{
"apiConfig": {
"actionTypeId": "string",
"connectorId": "string",
"defaultSystemPromptId": "string",
"model": "string",
"provider": "OpenAI"
},
"category": "assistant",
"createdAt": "string",
"excludeFromLastConversationStorage": true,
"id": "string",
"messages": [
{
"content": "string",
"isError": true,
"metadata": {
"contentReferences": {}
},
"reader": {},
"role": "system",
"timestamp": "string",
"traceData": {
"traceId": "string",
"transactionId": "string"
}
}
],
"namespace": "string",
"replacements": {
"additionalProperty1": "string",
"additionalProperty2": "string"
},
"summary": {
"confidence": "low",
"content": "string",
"public": true,
"timestamp": "string"
},
"timestamp": "string",
"title": "string",
"updatedAt": "string",
"users": [
{
"id": "string",
"name": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get conversations
Get a list of all conversations for the current user.
Query parameters
-
fields
array[string] -
filter
string Search query
-
sort_field
string Field to sort by
Values are
created_at
,title
, orupdated_at
. -
sort_order
string Sort order
Values are
asc
ordesc
. -
page
integer Page number
Minimum value is
1
. Default value is1
. -
per_page
integer Conversations per page
Minimum value is
0
. Default value is20
.
curl \
--request GET 'https://localhost:5601/api/security_ai_assistant/current_user/conversations/_find' \
--header "Authorization: $API_KEY"
{
"data": [
{
"apiConfig": {
"actionTypeId": "string",
"connectorId": "string",
"defaultSystemPromptId": "string",
"model": "string",
"provider": "OpenAI"
},
"category": "assistant",
"createdAt": "string",
"excludeFromLastConversationStorage": true,
"id": "string",
"messages": [
{
"content": "string",
"isError": true,
"metadata": {
"contentReferences": {}
},
"reader": {},
"role": "system",
"timestamp": "string",
"traceData": {
"traceId": "string",
"transactionId": "string"
}
}
],
"namespace": "string",
"replacements": {
"additionalProperty1": "string",
"additionalProperty2": "string"
},
"summary": {
"confidence": "low",
"content": "string",
"public": true,
"timestamp": "string"
},
"timestamp": "string",
"title": "string",
"updatedAt": "string",
"users": [
{
"id": "string",
"name": "string"
}
]
}
],
"page": 42,
"perPage": 42,
"total": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Path parameters
-
resource
string The KnowledgeBase
resource
value.
curl \
--request GET 'https://localhost:5601/api/security_ai_assistant/knowledge_base/{resource}' \
--header "Authorization: $API_KEY"
{
"elser_exists": true,
"is_setup_available": true,
"is_setup_in_progress": true,
"product_documentation_status": "string",
"security_labs_exists": true,
"user_data_exists": true
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Security detections
Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the Alerts page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged.
This API supports both key-based authentication and basic authentication.
To use key-based authentication, create an API key, then specify the key in the header of your API calls.
To use basic authentication, provide a username and password; this automatically creates an API key that matches the current user’s privileges.
In both cases, the API key is subsequently used for authorization when the rule runs.
If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.
If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.
To create and run rules, the user must meet specific requirements for the Kibana space. Refer to the Detections requirements for a complete list of requirements.