Get value lists
Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page.
Query parameters
-
page integer
The page number to return.
-
per_page integer
The number of value lists to return per page.
-
sort_field string(nonempty)
Determines which field is used to sort the results.
Minimum length is
1
. -
sort_order string
Determines the sort order, which can be
desc
orasc
Values are
desc
orasc
. -
cursor string(nonempty)
Returns the lists that come after the last lists returned in the previous call (use the
cursor
value returned in the previous call). This parameter uses thetie_breaker_id
field to ensure all lists are sorted and returned correctly.Minimum length is
1
. -
filter string
Filters the returned results according to the value of the specified field, using the : syntax.
GET
/api/lists/_find
curl \
--request GET https://localhost:5601/api/lists/_find
Response examples (200)
{
"data": [
{
"id": "ip_list",
"name": "Simple list with an ip",
"type": "ip",
"version": 1,
"_version": "WzAsMV0=",
"immutable": false,
"@timestamp": "2025-01-08T04:47:34.273Z\n",
"created_at": "2025-01-08T04:47:34.273Z\n",
"created_by": "elastic",
"updated_at": "2025-01-08T04:47:34.273Z\n",
"updated_by": "elastic",
"description": "This list describes bad internet ip",
"tie_breaker_id": "f5508188-b1e9-4e6e-9662-d039a7d89899"
}
],
"page": 1,
"total": 1,
"cursor": "WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d",
"per_page": 20
}
Response examples (400)
{
"error": "Bad Request",
"message": "[request query]: page: Expected number, received nan",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"error": "Forbidden",
"message": "API [GET /api/lists/_find?page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]",
"statusCode": 403
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}