Search cases
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
Query parameters
-
assignees
string | array[string] Filters the returned cases by assignees. Valid values are
none
or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. -
category
string | array[string] Filters the returned cases by category.
-
defaultSearchOperator
string he default operator to use for the simple_query_string.
Default value is
OR
. -
from
string Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.
-
owner
string | array[string] A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
-
page
integer The page number to return.
Default value is
1
. -
perPage
integer The number of items to return. Limited to 100 items.
Maximum value is
100
. Default value is20
. -
reporters
string | array[string] Filters the returned cases by the user name of the reporter.
-
search
string An Elasticsearch simple_query_string query that filters the objects in the response.
-
searchFields
string | array[string] The fields to perform the simple_query_string parsed query against.
-
severity
string The severity of the case.
Values are
critical
,high
,low
, ormedium
. -
sortField
string Determines which field is used to sort the results.
Values are
createdAt
,updatedAt
,closedAt
,title
,category
,status
, orseverity
. Default value iscreatedAt
. -
sortOrder
string Determines the sort order.
Values are
asc
ordesc
. Default value isdesc
. -
status
string Filters the returned cases by state.
Values are
closed
,in-progress
, oropen
. -
to
string Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.
curl \
--request GET http://localhost:5622/api/cases/_find \
--header "Authorization: $API_KEY"
{
"page": 1,
"cases": [
{
"id": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2",
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title",
"status": "open",
"version": "WzExMCwxXQ==",
"category": null,
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-10-12T00:16:36.371Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-12T00:27:58.162Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "Case description",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
],
"totalComment": 1,
"external_service": null
}
],
"total": 1,
"per_page": 5,
"count_open_cases": 1,
"count_closed_cases": 0,
"count_in_progress_cases": 0
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}