Spaces enable you to organize your dashboards and other saved objects into meaningful categories. You can use the default space or create your own spaces.
To run APIs in non-default spaces, you must add s/{space_id}/ to the path.
For example:
curl -X GET "http://localhost:5601/s/marketing/api/data_views"
If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier.
To learn more, check out Spaces.
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_unmute_all \
--header "kbn-xsrf: true"Adjust APM agent configuration without need to redeploy your application.
The version of the API to use
Value is 2023-10-31. Default value is 2023-10-31.
A required header to protect against CSRF attacks
Agent name
Privileges configuration
Values are event:write or config_agent:read.
curl \
--request POST https://localhost:5601/api/apm/agent_keys \
--header "Content-Type: application/json" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true" \
--data '{"name":"string","privileges":["event:write"]}'# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"name": "string",
"privileges": [
"event:write"
]
}{
"agentKey": {
"api_key": "string",
"encoded": "string",
"expiration": 42,
"id": "string",
"name": "string"
}
}{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.
Configure APM source maps.
Returns an array of Fleet artifacts, including source map uploads.
The version of the API to use
Value is 2023-10-31. Default value is 2023-10-31.
curl \
--request GET https://localhost:5601/api/apm/sourcemaps \
--header "elastic-api-version: 2023-10-31"{
"artifacts": [
{
"body": {
"bundleFilepath": "string",
"serviceName": "string",
"serviceVersion": "string",
"sourceMap": {
"file": "string",
"mappings": "string",
"sourceRoot": "string",
"sources": [
"string"
],
"sourcesContent": [
"string"
],
"version": 42.0
}
},
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
]
}{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}Cases are used to open and track issues. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can also send cases to external incident management systems by configuring connectors.
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
Defines properties for case comment requests when type is alert.
The alert identifiers. It is required only when type is alert. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The alert indices. It is required only when type is alert. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases, observability, or securitySolution.
The rule that is associated with the alerts. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Additional properties are allowed.
The type of comment.
Value is alert.
curl \
--request POST https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '{"type":"user","owner":"cases","comment":"A new comment."}'{
"type": "user",
"owner": "cases",
"comment": "A new comment."
}{
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzIzMzgsMV0=",
"category": null,
"comments": [
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "A new comment.",
"version": "WzIwNDMxLDFd",
"created_at": "2022-10-02T00:49:47.716Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
}
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2022-03-24T00:37:03.906Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2022-06-03T00:49:47.716Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": true
}
],
"totalComment": 1,
"external_service": null
}{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.
curl \
--request GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments/71ec1870-725b-11ea-a0b2-c51ea50a58e2{
"id": "8048b460-fe2b-11ec-b15d-779a7c8bbcc3",
"type": "user",
"owner": "cases",
"comment": "A new comment",
"version": "WzIzLDFd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-10-07T19:32:13.104Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null
}{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on where the cases were created.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
--request GET https://localhost:5601/api/cases/configure[
{
"id": "856ee650-6c82-11ee-a20a-6164169afa58",
"error": null,
"owner": "cases",
"version": "WzEyLDNd",
"mappings": [],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"templates": [
{
"key": "505932fe-ee3a-4960-a661-c781b5acdb05",
"name": "template-1",
"tags": [
"Template tag 1"
],
"caseFields": {
"tags": [
"Default case tag"
],
"title": "Default case title",
"category": "Default-category",
"settings": {
"syncAlerts": false
},
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"description": "A default description for cases.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Default text field value."
}
]
},
"description": "A description of the template."
}
],
"created_at": "2024-07-01T17:07:17.767Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"updated_at": null,
"updated_by": null,
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": false,
"defaultValue": "Custom text field value."
}
]
}
]{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}Returns information about the users who opened cases. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
--request GET https://localhost:5601/api/cases/reporters[
{
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
{
"email": "jdoe@example.com",
"username": "jdoe",
"full_name": "Jane Doe",
"profile_uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
]{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}Aggregates and returns a list of case tags. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
curl \
--request GET https://localhost:5601/api/cases/tags[
"observability",
"security",
"tag 1",
"tag 2"
]{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
curl \
--request GET https://localhost:5601/api/dashboards/dashboard{
"items": [
{
"attributes": {
"description": "",
"timeRestore": false,
"title": "string"
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
],
"total": 42.0
}This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
curl \
--request DELETE https://localhost:5601/api/dashboards/dashboard/{id} \
--header "kbn-xsrf: true"An identifier for the data view.
curl \
--request GET https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f{
"data_view": {
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "Kibana Sample Data eCommerce",
"title": "kibana_sample_data_ecommerce",
"fields": {
"_id": {
"name": "_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_id"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"sku": {
"name": "sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"type": {
"name": "type",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"user": {
"name": "user",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"email": {
"name": "email",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_index": {
"name": "_index",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_index"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_score": {
"name": "_score",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_source": {
"name": "_source",
"type": "_source",
"count": 0,
"format": {
"id": "_source"
},
"esTypes": [
"_source"
],
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"category": {
"name": "category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"currency": {
"name": "currency",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_id": {
"name": "order_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_date": {
"name": "order_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_id": {
"name": "customer_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week": {
"name": "day_of_week",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer": {
"name": "manufacturer",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products._id": {
"name": "products._id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.sku": {
"name": "products.sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week_i": {
"name": "day_of_week_i",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"event.dataset": {
"name": "event.dataset",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_phone": {
"name": "customer_phone",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.location": {
"name": "geoip.location",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.price": {
"name": "products.price",
"type": "number",
"count": 1,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_quantity": {
"name": "total_quantity",
"type": "number",
"count": 1,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_gender": {
"name": "customer_gender",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.city_name": {
"name": "geoip.city_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"category.keyword": {
"name": "category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.region_name": {
"name": "geoip.region_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category": {
"name": "products.category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.quantity": {
"name": "products.quantity",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name": {
"name": "customer_full_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"customer_last_name": {
"name": "customer_last_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.min_price": {
"name": "products.min_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxful_total_price": {
"name": "taxful_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_birth_date": {
"name": "customer_birth_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name": {
"name": "customer_first_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.base_price": {
"name": "products.base_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.created_on": {
"name": "products.created_on",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_id": {
"name": "products.product_id",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"long"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.tax_amount": {
"name": "products.tax_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxless_total_price": {
"name": "taxless_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.continent_name": {
"name": "geoip.continent_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer.keyword": {
"name": "manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products._id.keyword": {
"name": "products._id.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products._id"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer": {
"name": "products.manufacturer",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.product_name": {
"name": "products.product_name",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.taxful_price": {
"name": "products.taxful_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_unique_products": {
"name": "total_unique_products",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.country_iso_code": {
"name": "geoip.country_iso_code",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.taxless_price": {
"name": "products.taxless_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.base_unit_price": {
"name": "products.base_unit_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_amount": {
"name": "products.discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category.keyword": {
"name": "products.category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name.keyword": {
"name": "customer_full_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_full_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_last_name.keyword": {
"name": "customer_last_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_last_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name.keyword": {
"name": "customer_first_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_first_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_percentage": {
"name": "products.discount_percentage",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer.keyword": {
"name": "products.manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_name.keyword": {
"name": "products.product_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.product_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.unit_discount_amount": {
"name": "products.unit_discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
}
},
"version": "WzUsMV0=",
"typeMeta": {},
"fieldAttrs": {
"products.price": {
"count": 1
},
"total_quantity": {
"count": 1
},
"products.manufacturer": {
"count": 1
},
"products.product_name": {
"count": 1
}
},
"namespaces": [
"default"
],
"allowNoIndex": false,
"fieldFormats": {
"products.price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.min_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxful_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"products.base_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxless_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxful_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxless_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.base_unit_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
}
},
"sourceFilters": [],
"timeFieldName": "order_date",
"runtimeFieldMap": {}
}
}{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}An identifier for the data view.
The name for a runtime field.
The runtime field definition object.
Additional properties are allowed.
curl \
--request POST https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '{"name":"runtimeFoo","runtimeField":{"type":"long","script":{"source":"emit(doc[\"foo\"].value)"}}}'{
"name": "runtimeFoo",
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc[\"foo\"].value)"
}
}
}{}Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.
Deletes referenced saved object if all references are removed.
Limit the affected saved objects to one or more by identifier.
Limit the affected saved objects by type.
The saved object reference to change.
Specify the type of the saved object reference to alter. The default value is index-pattern for data views.
New saved object reference value to replace the old value.
curl \
--request POST https://localhost:5601/api/data_views/swap_references \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '{"toId":"xyz-123","delete":true,"fromId":"abcd-efg"}'{
"toId": "xyz-123",
"delete": true,
"fromId": "abcd-efg"
}{
"deleteStatus": {
"deletePerformed": true,
"remainingRefs": 42
},
"result": [
{
"id": "string",
"type": "string"
}
]
}[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request POST https://localhost:5601/api/fleet/agents/{agentId}/upgrade \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"force":true,"skipRateLimitCheck":true,"source_uri":"string","version":"string"}'# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"skipRateLimitCheck": true,
"source_uri": "string",
"version": "string"
}{}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request POST https://localhost:5601/api/fleet/agents/actions/{actionId}/cancel \
--header "kbn-xsrf: true"{
"item": {
"agents": [
"string"
],
"created_at": "string",
"expiration": "string",
"id": "string",
"minimum_execution_duration": 42.0,
"namespaces": [
"string"
],
"rollout_duration_seconds": 42.0,
"sent_at": "string",
"source_uri": "string",
"start_time": "string",
"total": 42.0,
"type": "string"
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-agents-read].
Value is CPU.
curl \
--request POST https://localhost:5601/api/fleet/agents/bulk_request_diagnostics \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"additional_metrics":["CPU"],"agents":["string"],"batchSize":42.0}'# Headers
kbn-xsrf: true
# Payload
{
"additional_metrics": [
"CPU"
],
"agents": [
"string"
],
"batchSize": 42.0
}{
"actionId": "string"
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request POST https://localhost:5601/api/fleet/agents/bulk_unenroll \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"agents":["string"],"batchSize":42.0,"force":true,"includeInactive":true,"revoke":true}'# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"force": true,
"includeInactive": true,
"revoke": true
}{
"actionId": "string"
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Update an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].
Values are simplified or legacy.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Minimum value is 0. Default value is 1209600.
When set to true, monitoring will be enabled but logs/metrics collection will be disabled
Default value is false.
Additional properties are NOT allowed.
Values are logs, metrics, or traces.
Additional properties are NOT allowed.
Minimum length is 1.
Minimum length is 1.
Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are allowed.
Indicates whether the agent policy supports agentless integrations.
Default value is false.
Minimum value is 0.
curl \
--request PUT https://localhost:5601/api/fleet/agent_policies/{agentPolicyId} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"advanced_settings":{},"agent_features":[{"enabled":true,"name":"string"}],"agentless":{"resources":{"requests":{"cpu":"string","memory":"string"}}},"data_output_id":"string","description":"string","download_source_id":"string","fleet_server_host_id":"string","force":true,"global_data_tags":[{"name":"string","value":"string"}],"has_fleet_server":true,"id":"string","inactivity_timeout":1209600,"is_default":true,"is_default_fleet_server":true,"is_managed":true,"is_protected":true,"keep_monitoring_alive":false,"monitoring_diagnostics":{"limit":{"burst":42.0,"interval":"string"},"uploader":{"init_dur":"string","max_dur":"string","max_retries":42.0}},"monitoring_enabled":["logs"],"monitoring_http":{"buffer":{"enabled":false},"enabled":true,"host":"string","port":42.0},"monitoring_output_id":"string","monitoring_pprof_enabled":true,"name":"string","namespace":"string","overrides":{},"required_versions":[{"percentage":42.0,"version":"string"}],"space_ids":["string"],"supports_agentless":false,"unenroll_timeout":42.0}'# Headers
kbn-xsrf: true
# Payload
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"force": true,
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"space_ids": [
"string"
],
"supports_agentless": false,
"unenroll_timeout": 42.0
}{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-agents-read].
Default value is false.
curl \
--request GET https://localhost:5601/api/fleet/agent_status/data?agentsIds=string{
"dataPreview": [],
"items": [
{
"additionalProperty1": {
"data": true
},
"additionalProperty2": {
"data": true
}
}
]
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Update an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
Additional properties are allowed.
curl \
--request PUT https://localhost:5601/api/fleet/agents/{agentId} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"tags":["string"],"user_provided_metadata":{}}'# Headers
kbn-xsrf: true
# Payload
{
"tags": [
"string"
],
"user_provided_metadata": {}
}{
"item": {
"access_api_key": "string",
"access_api_key_id": "string",
"active": true,
"agent": {
"id": "string",
"version": "string"
},
"audit_unenrolled_reason": "string",
"components": [
{
"id": "string",
"message": "string",
"status": "STARTING",
"type": "string",
"units": [
{
"id": "string",
"message": "string",
"payload": {},
"status": "STARTING",
"type": "input"
}
]
}
],
"default_api_key": "string",
"default_api_key_history": [
{
"id": "string",
"retired_at": "string"
}
],
"default_api_key_id": "string",
"enrolled_at": "string",
"id": "string",
"last_checkin": "string",
"last_checkin_message": "string",
"last_checkin_status": "error",
"local_metadata": {},
"metrics": {
"cpu_avg": 42.0,
"memory_size_byte_avg": 42.0
},
"namespaces": [
"string"
],
"outputs": {
"additionalProperty1": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
},
"additionalProperty2": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
}
},
"packages": [
"string"
],
"policy_id": "string",
"policy_revision": 42.0,
"sort": [
42.0
],
"status": "offline",
"tags": [
"string"
],
"type": "PERMANENT",
"unenrolled_at": "string",
"unenrollment_started_at": "string",
"unhealthy_reason": [
"input"
],
"upgrade_details": {
"action_id": "string",
"metadata": {
"download_percent": 42.0,
"download_rate": 42.0,
"error_msg": "string",
"failed_state": "UPG_REQUESTED",
"retry_error_msg": "string",
"retry_until": "string",
"scheduled_at": "string"
},
"state": "UPG_REQUESTED",
"target_version": "string"
},
"upgrade_started_at": "string",
"upgraded_at": "string",
"user_provided_metadata": {}
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-agents-read].
curl \
--request GET https://localhost:5601/api/fleet/agents/tags{
"items": [
"string"
]
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].
curl \
--request DELETE https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion} \
--header "kbn-xsrf: true"{
"items": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].
curl \
--request GET https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].
curl \
--request GET https://localhost:5601/api/fleet/epm/verification_key_id{
"id": "string"
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Get an enrollment API key by ID.
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].
curl \
--request GET https://localhost:5601/api/fleet/enrollment_api_keys/{keyId}{
"item": {
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Upgrade a package policy to a newer package version.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].
curl \
--request POST https://localhost:5601/api/fleet/package_policies/upgrade \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"packagePolicyIds":["string"]}'# Headers
kbn-xsrf: true
# Payload
{
"packagePolicyIds": [
"string"
]
}[
{
"body": {
"message": "string"
},
"id": "string",
"name": "string",
"statusCode": 42.0,
"success": true
}
]{
"error": "string",
"message": "string",
"statusCode": 42.0
}[Required authorization] Route required privileges: ALL of [fleet-settings-read].
curl \
--request GET https://localhost:5601/api/fleet/proxies{
"items": [
{
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Get a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].
curl \
--request GET https://localhost:5601/api/fleet/proxies/{itemId}{
"item": {
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Update a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].
curl \
--request PUT https://localhost:5601/api/fleet/proxies/{itemId} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"certificate":"string","certificate_authorities":"string","certificate_key":"string","name":"string","proxy_headers":{},"url":"string"}'# Headers
kbn-xsrf: true
# Payload
{
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"name": "string",
"proxy_headers": {},
"url": "string"
}{
"item": {
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Superuser role required.
If a saved object cannot be decrypted using the primary encryption key, then Kibana will attempt to decrypt it using the specified decryption-only keys. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Specifies a maximum number of saved objects that Kibana can process in a single batch. Bulk key rotation is an iterative process since Kibana may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.
Default value is 10000.
Limits encryption key rotation only to the saved objects with the specified type. By default, Kibana tries to rotate the encryption key for all saved object types that may contain encrypted attributes.
curl \
--request POST https://localhost:5601/api/encrypted_saved_objects/_rotate_key{
"total": 1000,
"failed": 0,
"successful": 300
}{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}{}Get a list of all anonymization fields.
Search query
Field to sort by
Values are created_at, anonymized, allowed, field, or updated_at.
Sort order
Values are asc or desc.
Page number
Minimum value is 1. Default value is 1.
AnonymizationFields per page
Minimum value is 0. Default value is 20.
curl \
--request GET https://localhost:5601/api/security_ai_assistant/anonymization_fields/_find{
"data": [
{
"allowed": true,
"anonymized": true,
"createdAt": "string",
"createdBy": "string",
"field": "string",
"id": "string",
"namespace": "string",
"timestamp": "string",
"updatedAt": "string",
"updatedBy": "string"
}
],
"page": 42,
"perPage": 42,
"total": 42
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Get a list of all conversations for the current user.
Search query
Field to sort by
Values are created_at, is_default, title, or updated_at.
Sort order
Values are asc or desc.
Page number
Minimum value is 1. Default value is 1.
Conversations per page
Minimum value is 0. Default value is 20.
curl \
--request GET https://localhost:5601/api/security_ai_assistant/current_user/conversations/_find{
"data": [
{
"apiConfig": {
"actionTypeId": "string",
"connectorId": "string",
"defaultSystemPromptId": "string",
"model": "string",
"provider": "OpenAI"
},
"category": "assistant",
"createdAt": "string",
"excludeFromLastConversationStorage": true,
"id": "string",
"isDefault": true,
"messages": [
{
"content": "string",
"isError": true,
"metadata": {
"contentReferences": {}
},
"reader": {},
"role": "system",
"timestamp": "string",
"traceData": {
"traceId": "string",
"transactionId": "string"
}
}
],
"namespace": "string",
"replacements": {
"additionalProperty1": "string",
"additionalProperty2": "string"
},
"summary": {
"confidence": "low",
"content": "string",
"public": true,
"timestamp": "string"
},
"timestamp": "string",
"title": "string",
"updatedAt": "string",
"users": [
{
"id": "string",
"name": "string"
}
]
}
],
"page": 42,
"perPage": 42,
"total": 42
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Get the details of an existing conversation using the conversation ID.
The conversation's id value.
Minimum length is 1.
curl \
--request GET https://localhost:5601/api/security_ai_assistant/current_user/conversations/{id}{
"apiConfig": {
"actionTypeId": "string",
"connectorId": "string",
"defaultSystemPromptId": "string",
"model": "string",
"provider": "OpenAI"
},
"category": "assistant",
"createdAt": "string",
"excludeFromLastConversationStorage": true,
"id": "string",
"isDefault": true,
"messages": [
{
"content": "string",
"isError": true,
"metadata": {
"contentReferences": {}
},
"reader": {},
"role": "system",
"timestamp": "string",
"traceData": {
"traceId": "string",
"transactionId": "string"
}
}
],
"namespace": "string",
"replacements": {
"additionalProperty1": "string",
"additionalProperty2": "string"
},
"summary": {
"confidence": "low",
"content": "string",
"public": true,
"timestamp": "string"
},
"timestamp": "string",
"title": "string",
"updatedAt": "string",
"users": [
{
"id": "string",
"name": "string"
}
]
}{
"error": "string",
"message": "string",
"statusCode": 42.0
}Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page.
Search query
Field to sort by
Values are created_at, createdAt, enabled, execution_summary.last_execution.date, execution_summary.last_execution.metrics.execution_gap_duration_s, execution_summary.last_execution.metrics.total_indexing_duration_ms, execution_summary.last_execution.metrics.total_search_duration_ms, execution_summary.last_execution.status, name, risk_score, riskScore, severity, updated_at, or updatedAt.
Sort order
Values are asc or desc.
Page number
Minimum value is 1. Default value is 1.
Rules per page
Minimum value is 0. Default value is 20.
Gaps range start
Gaps range end
curl \
--request GET https://localhost:5601/api/detection_engine/rules/_find{
"data": [
{
"actions": [
{
"action_type_id": "string",
"alerts_filter": {},
"frequency": {
"notifyWhen": "onActiveAlert",
"summary": true,
"throttle": "no_actions"
},
"group": "string",
"id": "string",
"params": {},
"uuid": "string"
}
],
"alias_purpose": "savedObjectConversion",
"alias_target_id": "string",
"author": [
"string"
],
"building_block_type": "string",
"description": "string",
"enabled": true,
"exceptions_list": [
{
"id": "string",
"list_id": "string",
"namespace_type": "agnostic",
"type": "detection"
}
],
"false_positives": [
"string"
],
"from": "string",
"interval": "string",
"investigation_fields": {
"field_names": [
"string"
]
},
"license": "string",
"max_signals": 42,
"meta": {},
"name": "string",
"namespace": "string",
"note": "string",
"outcome": "exactMatch",
"output_index": "string",
"references": [
"string"
],
"related_integrations": [
{
"integration": "string",
"package": "string",
"version": "string"
}
],
"required_fields": [
{
"ecs": true,
"name": "string",
"type": "string"
}
],
"response_actions": [
{
"action_type_id": ".osquery",
"params": {
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"pack_id": "string",
"queries": [
{
"ecs_mapping": {
"additionalProperty1": {
"field": "string",
"value": "string"
},
"additionalProperty2": {
"field": "string",
"value": "string"
}
},
"id": "string",
"platform": "string",
"query": "string",
"removed": true,
"snapshot": true,
"version": "string"
}
],
"query": "string",
"saved_query_id": "string",
"timeout": 42.0
}
}
],
"risk_score": 42,
"risk_score_mapping": [
{
"field": "string",
"operator": "equals",
"risk_score": 42,
"value": "string"
}
],
"rule_name_override": "string",
"setup": "string",
"severity": "low",
"severity_mapping": [
{
"field": "string",
"operator": "equals",
"severity": "low",
"value": "string"
}
],
"tags": [
"string"
],
"threat": [
{
"framework": "string",
"tactic": {
"id": "string",
"name": "string",
"reference": "string"
},
"technique": [
{
"id": "string",
"name": "string",
"reference": "string",
"subtechnique": [
{
"id": "string",
"name": "string",
"reference": "string"
}
]
}
]
}
],
"throttle": "no_actions",
"timeline_id": "string",
"timeline_title": "string",
"timestamp_override": "string",
"timestamp_override_fallback_disabled": true,
"to": "string",
"version": 42,
"created_at": "2025-05-04T09:42:00+00:00",
"created_by": "string",
"execution_summary": {
"last_execution": {
"date": "2025-05-04T09:42:00+00:00",
"message": "string",
"metrics": {
"execution_gap_duration_s": 42,
"gap_range": {
"gte": "string",
"lte": "string"
},
"total_enrichment_duration_ms": 42,
"total_indexing_duration_ms": 42,
"total_search_duration_ms": 42
},
"status": "going to run",
"status_order": 42
}
},
"id": "string",
"immutable": true,
"revision": 42,
"rule_id": "string",
"rule_source": {
"is_customized": true,
"type": "external"
},
"updated_at": "2025-05-04T09:42:00+00:00",
"updated_by": "string",
"language": "eql",
"query": "string",
"type": "eql",
"alert_suppression": {
"duration": {
"unit": "s",
"value": 42
},
"group_by": [
"string"
],
"missing_fields_strategy": "doNotSuppress"
},
"data_view_id": "string",
"event_category_override": "string",
"filters": [],
"index": [
"string"
],
"tiebreaker_field": "string",
"timestamp_field": "string"
}
],
"page": 42,
"perPage": 42,
"total": 42
}Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.
curl \
--request POST https://localhost:5601/api/endpoint/action/runscript \
--header "Content-Type: application/json" \
--data '{"parameters":{"commandLine":"string","raw":"string","timeout":42}}'{
"parameters": {
"commandLine": "string",
"raw": "string",
"timeout": 42
}
}{}Additional properties are allowed.
curl \
--request GET https://localhost:5601/api/endpoint/policy_response?query=%7B%7D{}Update an exception list using the id or list_id field.
Exception list's properties
The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.
Describes the exception list.
Exception list's identifier.
Minimum length is 1.
Exception list's human readable string identifier, e.g. trusted-linux-processes.
Minimum length is 1.
Placeholder for metadata about the list container.
Additional properties are allowed.
The name of the exception list.
Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single: Only available in the Kibana space in which it is created.agnostic: Available in all Kibana spaces.Values are agnostic or single. Default value is single.
Use this field to specify the operating system.
Values are linux, macos, or windows.
The type of exception list to be created. Different list types may denote where they can be utilized.
Values are detection, rule_default, endpoint, endpoint_trusted_apps, endpoint_events, endpoint_host_isolation_exceptions, or endpoint_blocklists.
The document version, automatically increasd on updates.
Minimum value is 1.
Successful response
Invalid input data response
Unsuccessful authentication response
Not enough privileges response
Exception list not found response
Internal server error response
curl \
--request PUT https://localhost:5601/api/exception_lists \
--header "Content-Type: application/json" \
--data '{"name":"Updated exception list name","tags":["draft malware"],"type":"detection","list_id":"simple_list","os_types":["linux"],"description":"Different description"}'{
"name": "Updated exception list name",
"tags": [
"draft malware"
],
"type": "detection",
"list_id": "simple_list",
"os_types": [
"linux"
],
"description": "Different description"
}{
"id": "fa7f545f-191b-4d32-b1f0-c7cd62a79e55",
"name": "Updated exception list name",
"tags": [
"draft malware"
],
"type": "detection",
"list_id": "simple_list",
"version": 2,
"_version": "WzExLDFd",
"os_types": [],
"immutable": false,
"created_at": "2025-01-07T20:43:55.264Z",
"created_by": "elastic",
"updated_at": "2025-01-07T21:32:03.726Z",
"updated_by": "elastic",
"description": "Different description",
"namespace_type": "single",
"tie_breaker_id": "319fe983-acdd-4806-b6c4-3098eae9392f"
}{
"error": "Bad Request",
"message": "[request body]: list_id: Expected string, received number",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}{
"error": "Forbidden",
"message": "API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]",
"statusCode": 403
}{
"message\"": "exception list id: \"foo\" does not exist",
"status_code\"": 404
}{
"message": "Internal Server Error",
"status_code": 500
}Get a summary of the specified exception list.
Exception list's identifier generated upon creation.
Minimum length is 1.
Exception list's human readable identifier.
Minimum length is 1.
Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single: Only available in the Kibana space in which it is created.agnostic: Available in all Kibana spaces.Values are agnostic or single. Default value is single.
Search filter clause
Successful response
Invalid input data response
Unsuccessful authentication response
Not enough privileges response
Exception list not found response
Internal server error response
curl \
--request GET https://localhost:5601/api/exception_lists/summary{
"linux": 0,
"macos": 0,
"total": 0,
"windows": 0
}{
"error": "Bad Request",
"message": "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}{
"error": "Forbidden",
"message": "API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary]",
"statusCode": 403
}{
"message\"": "exception list id: \"foo\" does not exist",
"status_code\"": 404
}{
"message": "Internal Server Error",
"status_code": 500
}curl \
--request DELETE https://localhost:5601/api/note \
--header "Content-Type: application/json" \
--data '{"noteId":"string"}'{
"noteId": "string"
}{
"noteIds": [
"string"
]
}Copies and returns a timeline or timeline template.
Additional properties are allowed.
curl \
--request GET https://localhost:5601/api/timeline/_copy \
--header "Content-Type: application/json" \
--data '{"timeline":{"columns":[{"aggregatable":true,"category":"string","columnHeaderType":"string","description":"string","example":"string","id":"string","indexes":["string"],"name":"string","placeholder":"string","searchable":true,"type":"string"}],"created":42.0,"createdBy":"string","dataProviders":[{"and":[{"enabled":true,"excluded":true,"id":"string","kqlQuery":"string","name":"string","queryMatch":{"displayField":"string","displayValue":"string","field":"string","operator":"string","value":"string"},"type":"default"}],"enabled":true,"excluded":true,"id":"string","kqlQuery":"string","name":"string","queryMatch":{"displayField":"string","displayValue":"string","field":"string","operator":"string","value":"string"},"type":"default"}],"dataViewId":"string","dateRange":{"end":"string","start":"string"},"description":"string","eqlOptions":{"eventCategoryField":"string","query":"string","size":"string","tiebreakerField":"string","timestampField":"string"},"eventType":"string","excludedRowRendererIds":["alert"],"favorite":[{"favoriteDate":42.0,"fullName":"string","userName":"string"}],"filters":[{"exists":"string","match_all":"string","meta":{"alias":"string","controlledBy":"string","disabled":true,"field":"string","formattedValue":"string","index":"string","key":"string","negate":true,"params":"string","type":"string","value":"string"},"missing":"string","query":"string","range":"string","script":"string"}],"indexNames":["string"],"kqlMode":"string","kqlQuery":{"filterQuery":{"kuery":{"expression":"string","kind":"string"},"serializedQuery":"string"}},"savedQueryId":"string","savedSearchId":"string","sort":{"columnId":"string","columnType":"string","sortDirection":"string"},"status":"active","templateTimelineId":"string","templateTimelineVersion":42.0,"timelineType":"default","title":"string","updated":42.0,"updatedBy":"string"},"timelineIdToCopy":"string"}'{
"timeline": {
"columns": [
{
"aggregatable": true,
"category": "string",
"columnHeaderType": "string",
"description": "string",
"example": "string",
"id": "string",
"indexes": [
"string"
],
"name": "string",
"placeholder": "string",
"searchable": true,
"type": "string"
}
],
"created": 42.0,
"createdBy": "string",
"dataProviders": [
{
"and": [
{
"enabled": true,
"excluded": true,
"id": "string",
"kqlQuery": "string",
"name": "string",
"queryMatch": {
"displayField": "string",
"displayValue": "string",
"field": "string",
"operator": "string",
"value": "string"
},
"type": "default"
}
],
"enabled": true,
"excluded": true,
"id": "string",
"kqlQuery": "string",
"name": "string",
"queryMatch": {
"displayField": "string",
"displayValue": "string",
"field": "string",
"operator": "string",
"value": "string"
},
"type": "default"
}
],
"dataViewId": "string",
"dateRange": {
"end": "string",
"start": "string"
},
"description": "string",
"eqlOptions": {
"eventCategoryField": "string",
"query": "string",
"size": "string",
"tiebreakerField": "string",
"timestampField": "string"
},
"eventType": "string",
"excludedRowRendererIds": [
"alert"
],
"favorite": [
{
"favoriteDate": 42.0,
"fullName": "string",
"userName": "string"
}
],
"filters": [
{
"exists": "string",
"match_all": "string",
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"formattedValue": "string",
"index": "string",
"key": "string",
"negate": true,
"params": "string",
"type": "string",
"value": "string"
},
"missing": "string",
"query": "string",
"range": "string",
"script": "string"
}
],
"indexNames": [
"string"
],
"kqlMode": "string",
"kqlQuery": {
"filterQuery": {
"kuery": {
"expression": "string",
"kind": "string"
},
"serializedQuery": "string"
}
},
"savedQueryId": "string",
"savedSearchId": "string",
"sort": {
"columnId": "string",
"columnType": "string",
"sortDirection": "string"
},
"status": "active",
"templateTimelineId": "string",
"templateTimelineVersion": 42.0,
"timelineType": "default",
"title": "string",
"updated": 42.0,
"updatedBy": "string"
},
"timelineIdToCopy": "string"
}{
"columns": [
{
"aggregatable": true,
"category": "string",
"columnHeaderType": "string",
"description": "string",
"example": "string",
"id": "string",
"indexes": [
"string"
],
"name": "string",
"placeholder": "string",
"searchable": true,
"type": "string"
}
],
"created": 42.0,
"createdBy": "string",
"dataProviders": [
{
"and": [
{
"enabled": true,
"excluded": true,
"id": "string",
"kqlQuery": "string",
"name": "string",
"queryMatch": {
"displayField": "string",
"displayValue": "string",
"field": "string",
"operator": "string",
"value": "string"
},
"type": "default"
}
],
"enabled": true,
"excluded": true,
"id": "string",
"kqlQuery": "string",
"name": "string",
"queryMatch": {
"displayField": "string",
"displayValue": "string",
"field": "string",
"operator": "string",
"value": "string"
},
"type": "default"
}
],
"dataViewId": "string",
"dateRange": {
"end": "string",
"start": "string"
},
"description": "string",
"eqlOptions": {
"eventCategoryField": "string",
"query": "string",
"size": "string",
"tiebreakerField": "string",
"timestampField": "string"
},
"eventType": "string",
"excludedRowRendererIds": [
"alert"
],
"favorite": [
{
"favoriteDate": 42.0,
"fullName": "string",
"userName": "string"
}
],
"filters": [
{
"exists": "string",
"match_all": "string",
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"formattedValue": "string",
"index": "string",
"key": "string",
"negate": true,
"params": "string",
"type": "string",
"value": "string"
},
"missing": "string",
"query": "string",
"range": "string",
"script": "string"
}
],
"indexNames": [
"string"
],
"kqlMode": "string",
"kqlQuery": {
"filterQuery": {
"kuery": {
"expression": "string",
"kind": "string"
},
"serializedQuery": "string"
}
},
"savedQueryId": "string",
"savedSearchId": "string",
"sort": {
"columnId": "string",
"columnType": "string",
"sortDirection": "string"
},
"status": "active",
"templateTimelineId": "string",
"templateTimelineVersion": 42.0,
"timelineType": "default",
"title": "string",
"updated": 42.0,
"updatedBy": "string",
"savedObjectId": "string",
"version": "string",
"eventIdToNoteIds": [
{
"created": 42.0,
"createdBy": "string",
"eventId": "string",
"note": "string",
"timelineId": "string",
"updated": 42.0,
"updatedBy": "string",
"noteId": "string",
"version": "string"
}
],
"noteIds": [
"string"
],
"notes": [
{
"created": 42.0,
"createdBy": "string",
"eventId": "string",
"note": "string",
"timelineId": "string",
"updated": 42.0,
"updatedBy": "string",
"noteId": "string",
"version": "string"
}
],
"pinnedEventIds": [
"string"
],
"pinnedEventsSaveObject": [
{
"created": 42.0,
"createdBy": "string",
"eventId": "string",
"timelineId": "string",
"updated": 42.0,
"updatedBy": "string",
"pinnedEventId": "string",
"version": "string"
}
]
}You must have the read privileges for the SLOs feature in the Observability section of the Kibana feature privileges.
An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used.
A valid kql query to filter the SLO with
The page to use for pagination, must be greater or equal than 1
Default value is 1.
Number of SLOs returned by page
Maximum value is 5000. Default value is 25.
Sort by field
Values are sli_value, status, error_budget_consumed, or error_budget_remaining. Default value is status.
Sort order
Values are asc or desc. Default value is asc.
Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings
curl \
--request GET https://localhost:5601/s/default/api/observability/slos \
--header "kbn-xsrf: string"{
"page": 1,
"perPage": 25,
"results": [
{
"budgetingMethod": "occurrences",
"createdAt": "2023-01-12T10:03:19.000Z",
"description": "My SLO description",
"enabled": true,
"groupBy": [
[
"service.name"
],
"service.name",
[
"service.name",
"service.environment"
]
],
"id": "8853df00-ae2e-11ed-90af-09bb6422b258",
"indicator": {
"params": {
"dataViewId": "03b80ab3-003d-498b-881c-3beedbaf1162",
"filter": "field.environment : \"production\" and service.name : \"my-service\"",
"good": "request.latency <= 150 and request.status_code : \"2xx\"",
"index": "my-service-*",
"timestampField": "timestamp",
"total": "field.environment : \"production\" and service.name : \"my-service\""
},
"type": "sli.kql.custom"
},
"instanceId": "host-abcde",
"name": "My Service SLO",
"objective": {
"target": 0.99,
"timesliceTarget": 0.995,
"timesliceWindow": "5m"
},
"revision": 2,
"settings": {
"frequency": "5m",
"preventInitialBackfill": true,
"syncDelay": "5m",
"syncField": "event.ingested"
},
"summary": {
"errorBudget": {
"consumed": 0.8,
"initial": 0.02,
"isEstimated": true,
"remaining": 0.2
},
"sliValue": 0.9836,
"status": "HEALTHY"
},
"tags": [
"string"
],
"timeWindow": {
"duration": "30d",
"type": "rolling"
},
"updatedAt": "2023-01-12T10:03:19.000Z",
"version": 2
}
],
"total": 34
}{
"error": "Bad Request",
"message": "Invalid value 'foo' supplied to: [...]",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 401
}{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 403
}{
"error": "Not Found",
"message": "SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found",
"statusCode": 404
}You must have all privileges for the SLOs feature in the Observability section of the Kibana feature privileges.
An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used.
The budgeting method to use when computing the rollup data.
Values are occurrences or timeslices.
A description for the SLO.
optional group by field or fields to use to generate an SLO per distinct value
A optional and unique identifier for the SLO. Must be between 8 and 36 chars
A name for the SLO.
Defines properties for the SLO objective
Additional properties are allowed.
Defines properties for SLO settings.
Additional properties are allowed.
Defines properties for the SLO time window
Additional properties are allowed.
curl \
--request POST https://localhost:5601/s/default/api/observability/slos \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '{"budgetingMethod":"occurrences","description":"string","groupBy":[["service.name"],"service.name",["service.name","service.environment"]],"id":"my-super-slo-id","indicator":{"params":{"dataViewId":"03b80ab3-003d-498b-881c-3beedbaf1162","filter":"field.environment : \"production\" and service.name : \"my-service\"","good":"request.latency \u003c= 150 and request.status_code : \"2xx\"","index":"my-service-*","timestampField":"timestamp","total":"field.environment : \"production\" and service.name : \"my-service\""},"type":"sli.kql.custom"},"name":"string","objective":{"target":0.99,"timesliceTarget":0.995,"timesliceWindow":"5m"},"settings":{"frequency":"5m","preventInitialBackfill":true,"syncDelay":"5m","syncField":"event.ingested"},"tags":["string"],"timeWindow":{"duration":"30d","type":"rolling"}}'# Headers
kbn-xsrf: string
# Payload
{
"budgetingMethod": "occurrences",
"description": "string",
"groupBy": [
[
"service.name"
],
"service.name",
[
"service.name",
"service.environment"
]
],
"id": "my-super-slo-id",
"indicator": {
"params": {
"dataViewId": "03b80ab3-003d-498b-881c-3beedbaf1162",
"filter": "field.environment : \"production\" and service.name : \"my-service\"",
"good": "request.latency <= 150 and request.status_code : \"2xx\"",
"index": "my-service-*",
"timestampField": "timestamp",
"total": "field.environment : \"production\" and service.name : \"my-service\""
},
"type": "sli.kql.custom"
},
"name": "string",
"objective": {
"target": 0.99,
"timesliceTarget": 0.995,
"timesliceWindow": "5m"
},
"settings": {
"frequency": "5m",
"preventInitialBackfill": true,
"syncDelay": "5m",
"syncField": "event.ingested"
},
"tags": [
"string"
],
"timeWindow": {
"duration": "30d",
"type": "rolling"
}
}{
"id": "8853df00-ae2e-11ed-90af-09bb6422b258"
}{
"error": "Bad Request",
"message": "Invalid value 'foo' supplied to: [...]",
"statusCode": 400
}{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 401
}{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 403
}{
"error": "Conflict",
"message": "SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists",
"statusCode": 409
}Manage your Kibana spaces.