Api key auth (http_api_key)
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
https://localhost:5601
The Kibana REST APIs enable you to manage resources such as connectors, data views, and saved objects. The API calls are stateless. Each request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.
To interact with Kibana APIs, use the following operations:
You can prepend any Kibana API endpoint with kbn:
and run the request in Dev Tools → Console.
For example:
GET kbn:/api/data_views
For more information about the console, refer to Run API requests.
NOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs.
This documentation is derived from the main
branch of the kibana repository.
It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.
This documentation contains work-in-progress information for future Elastic Stack releases.
This is version 1.0.2
of this API documentation.
Last update on Dec 5, 2024.
The API accepts 2 different authentication methods:
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
Basic auth tokens are constructed with the Basic
keyword, followed by a space, followed by a base64-encoded string of your username:password
(separated by a :
colon).
Example: send a Authorization: Basic aGVsbG86aGVsbG8=
HTTP header with your requests to authenticate with the API.
Spaces enable you to organize your dashboards and other saved objects into meaningful categories. You can use the default space or create your own spaces.
To run APIs in non-default spaces, you must add s/{space_id}/
to the path.
For example:
curl -X GET "http://localhost:5601/s/marketing/api/data_views"
If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier.
To learn more, check out Spaces.
Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations.
You must have read
privileges for the Management > Stack Rules feature or for at least one of the Analytics > Discover, Analytics > Machine Learning, Observability, or Security features.
curl \
-X GET https://localhost:5601/api/alerting/_health
{
"is_sufficiently_secure": true,
"alerting_framework_health": {
"read_health": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
},
"execution_health": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
},
"decryption_health": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
}
},
"has_permanent_encryption_key": true
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
If you have read
privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, and Security features. To get rule types associated with the Stack Monitoring feature, use the monitoring_user
built-in role.
curl \
-X GET https://localhost:5601/api/alerting/rule_types
[
{
"id": "xpack.ml.anomaly_detection_alert",
"name": "Anomaly detection alert",
"alerts": {
"context": "ml.anomaly-detection",
"mappings": {
"fieldMap": {
"kibana.alert.job_id": {
"type": "keyword",
"array": false,
"required": true
},
"kibana.alert.is_interim": {
"type": "boolean",
"array": false,
"required": false
},
"kibana.alert.top_records": {
"type": "object",
"array": true,
"dynamic": false,
"required": false,
"properties": {
"actual": {
"type": "double"
},
"job_id": {
"type": "keyword"
},
"typical": {
"type": "double"
},
"function": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"field_name": {
"type": "keyword"
},
"is_interim": {
"type": "boolean"
},
"record_score": {
"type": "double"
},
"by_field_name": {
"type": "keyword"
},
"by_field_value": {
"type": "keyword"
},
"detector_index": {
"type": "integer"
},
"over_field_name": {
"type": "keyword"
},
"over_field_value": {
"type": "keyword"
},
"initial_record_score": {
"type": "double"
},
"partition_field_name": {
"type": "keyword"
},
"partition_field_value": {
"type": "keyword"
}
}
},
"kibana.alert.anomaly_score": {
"type": "double",
"array": false,
"required": false
},
"kibana.alert.top_influencers": {
"type": "object",
"array": true,
"dynamic": false,
"required": false,
"properties": {
"job_id": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"is_interim": {
"type": "boolean"
},
"influencer_score": {
"type": "double"
},
"influencer_field_name": {
"type": "keyword"
},
"influencer_field_value": {
"type": "keyword"
},
"initial_influencer_score": {
"type": "double"
}
}
},
"kibana.alert.anomaly_timestamp": {
"type": "date",
"array": false,
"required": false
}
}
},
"shouldWrite": true
},
"category": "management",
"producer": "ml",
"action_groups": [
{
"id": "anomaly_score_match",
"name": "Anomaly score matched the condition"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"is_exportable": true,
"action_variables": {
"state": [],
"params": [],
"context": [
{
"name": "timestamp",
"description": "The bucket timestamp of the anomaly"
},
{
"name": "timestampIso8601",
"description": "The bucket time of the anomaly in ISO8601 format"
},
{
"name": "jobIds",
"description": "List of job IDs that triggered the alert"
},
{
"name": "message",
"description": "Alert info message"
},
{
"name": "isInterim",
"description": "Indicate if top hits contain interim results"
},
{
"name": "score",
"description": "Anomaly score at the time of the notification action"
},
{
"name": "topRecords",
"description": "Top records"
},
{
"name": "topInfluencers",
"description": "Top influencers"
},
{
"name": "anomalyExplorerUrl",
"description": "URL to open in the Anomaly Explorer",
"useWithTripleBracesInTemplates": true
}
]
},
"rule_task_timeout": "5m",
"enabled_in_license": true,
"has_alerts_mappings": true,
"authorized_consumers": {
"ml": {
"all": true,
"read": true
},
"apm": {
"all": true,
"read": true
},
"slo": {
"all": true,
"read": true
},
"logs": {
"all": true,
"read": true
},
"siem": {
"all": true,
"read": true
},
"alerts": {
"all": true,
"read": true
},
"uptime": {
"all": true,
"read": true
},
"discover": {
"all": true,
"read": true
},
"monitoring": {
"all": true,
"read": true
},
"stackAlerts": {
"all": true,
"read": true
},
"infrastructure": {
"all": true,
"read": true
}
},
"has_fields_for_a_a_d": false,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"default_action_group_id": "anomaly_score_match",
"minimum_license_required": "platinum",
"does_set_recovery_context": true
},
{
"id": "xpack.ml.anomaly_detection_jobs_health",
"name": "Anomaly detection jobs health",
"category": "management",
"producer": "ml",
"action_groups": [
{
"id": "anomaly_detection_realtime_issue",
"name": "Issue detected"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"is_exportable": true,
"action_variables": {
"state": [],
"params": [],
"context": [
{
"name": "results",
"description": "Results of the rule execution"
},
{
"name": "message",
"description": "Alert info message"
}
]
},
"rule_task_timeout": "5m",
"enabled_in_license": true,
"has_alerts_mappings": false,
"authorized_consumers": {
"ml": {
"all": true,
"read": true
},
"apm": {
"all": true,
"read": true
},
"slo": {
"all": true,
"read": true
},
"logs": {
"all": true,
"read": true
},
"siem": {
"all": true,
"read": true
},
"alerts": {
"all": true,
"read": true
},
"uptime": {
"all": true,
"read": true
},
"discover": {
"all": true,
"read": true
},
"monitoring": {
"all": true,
"read": true
},
"stackAlerts": {
"all": true,
"read": true
},
"infrastructure": {
"all": true,
"read": true
}
},
"has_fields_for_a_a_d": false,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"default_action_group_id": "anomaly_detection_realtime_issue",
"minimum_license_required": "platinum",
"does_set_recovery_context": true
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
The identifier for the rule.
curl \
-X GET https://localhost:5601/api/alerting/rule/{id}
{
"actions": [
{
"alerts_filter": {
"query": {
"dsl": "string",
"filters": [
{
"$state": {
"store": "appState"
},
"meta": {},
"query": {}
}
],
"kql": "string"
},
"timeframe": {
"days": [
1
],
"hours": {
"end": "string",
"start": "string"
},
"timezone": "string"
}
},
"connector_type_id": "string",
"frequency": {
"notify_when": "onActionGroupChange",
"summary": true,
"throttle": "string"
},
"group": "string",
"id": "string",
"params": {},
"use_alert_data_for_template": true,
"uuid": "string"
}
],
"active_snoozes": [
"string"
],
"alert_delay": {
"active": 42.0
},
"api_key_created_by_user": true,
"api_key_owner": "string",
"consumer": "string",
"created_at": "string",
"created_by": "string",
"enabled": true,
"execution_status": {
"error": {
"message": "string",
"reason": "read"
},
"last_duration": 42.0,
"last_execution_date": "string",
"status": "ok",
"warning": {
"message": "string",
"reason": "maxExecutableActions"
}
},
"flapping": {
"look_back_window": 42.0,
"status_change_threshold": 42.0
},
"id": "string",
"is_snoozed_until": "string",
"last_run": {
"alerts_count": {
"active": 42.0,
"ignored": 42.0,
"new": 42.0,
"recovered": 42.0
},
"outcome": "succeeded",
"outcome_msg": [
"string"
],
"outcome_order": 42.0,
"warning": "read"
},
"mapped_params": {},
"monitoring": {
"run": {
"calculated_metrics": {
"p50": 42.0,
"p95": 42.0,
"p99": 42.0,
"success_ratio": 42.0
},
"history": [
{
"duration": 42.0,
"outcome": "succeeded",
"success": true,
"timestamp": 42.0
}
],
"last_run": {
"metrics": {
"duration": 42.0,
"gap_duration_s": 42.0,
"total_alerts_created": 42.0,
"total_alerts_detected": 42.0,
"total_indexing_duration_ms": 42.0,
"total_search_duration_ms": 42.0
},
"timestamp": "string"
}
}
},
"mute_all": true,
"muted_alert_ids": [
"string"
],
"name": "string",
"next_run": "string",
"notify_when": "onActionGroupChange",
"params": {},
"revision": 42.0,
"rule_type_id": "string",
"running": true,
"schedule": {
"interval": "string"
},
"scheduled_task_id": "string",
"snooze_schedule": [
{
"duration": 42.0,
"id": "string",
"rRule": {
"byhour": [
42.0
],
"byminute": [
42.0
],
"bymonth": [
42.0
],
"bymonthday": [
42.0
],
"bysecond": [
42.0
],
"bysetpos": [
42.0
],
"byweekday": [
"string"
],
"byweekno": [
42.0
],
"byyearday": [
42.0
],
"count": 42.0,
"dtstart": "string",
"freq": 0,
"interval": 42.0,
"tzid": "string",
"until": "string",
"wkst": "MO"
},
"skipRecurrences": [
"string"
]
}
],
"tags": [
"string"
],
"throttle": "string",
"updated_at": "string",
"updated_by": "string",
"view_in_app_relative_url": "string"
}
The identifier for the rule.
Default value is []
(empty).
Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
Additional properties are NOT allowed.
When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.
Additional properties are NOT allowed.
The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
Indicates how often alerts generate actions. Valid values include: onActionGroupChange
: Actions run when the alert status changes; onActiveAlert
: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval
: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify notify_when
at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
Values are onActionGroupChange
, onActiveAlert
, or onThrottleInterval
.
The parameters for the rule.
Default value is {}
(empty). Additional properties are allowed.
Additional properties are NOT allowed.
Use the throttle
property in the action frequency
object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
curl \
-X PUT https://localhost:5601/api/alerting/rule/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
{
"name": "new name",
"tags": [],
"params": {
"index": [
".updated-index"
],
"aggType": "avg",
"groupBy": "top",
"aggField": "sheet.version",
"termSize": 6,
"termField": "name.keyword",
"threshold": [
1000
],
"timeField": "@timestamp",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">"
},
"actions": [
{
"id": "96b668d0-a1b6-11ed-afdf-d39a49596974",
"group": "threshold met",
"params": {
"level": "info",
"message": "Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
},
"frequency": {
"summary": false,
"notify_when": "onActionGroupChange"
}
}
],
"schedule": {
"interval": "1m"
}
}
{
"id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
"name": "new name",
"tags": [],
"params": {
"index": [
".updated-index"
],
"aggType": "avg",
"groupBy": "top",
"aggField": "sheet.version",
"termSize": 6,
"termField": "name.keyword",
"threshold": [
1000
],
"timeField": "@timestamp",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">"
},
"actions": [
{
"id": "96b668d0-a1b6-11ed-afdf-d39a49596974",
"uuid": "07aef2a0-9eed-4ef9-94ec-39ba58eb609d",
"group": "threshold met",
"params": {
"level": "info",
"message": "Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}"
},
"frequency": {
"summary": false,
"throttle": null,
"notify_when": "onActionGroupChange"
},
"connector_type_id": ".server-log"
}
],
"enabled": true,
"running": false,
"consumer": "alerts",
"last_run": {
"outcome": "succeeded",
"warning": null,
"outcome_msg": null,
"alerts_count": {
"new": 0,
"active": 0,
"ignored": 0,
"recovered": 0
}
},
"mute_all": false,
"next_run": "2024-03-26T23:23:51.316Z",
"revision": 1,
"schedule": {
"interval": "1m"
},
"throttle": null,
"created_at": "2024-03-26T23:13:20.985Z",
"created_by": "elastic",
"updated_at": "2024-03-26T23:22:59.949Z",
"updated_by": "elastic",
"rule_type_id": ".index-threshold",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_duration": 52,
"last_execution_date": "2024-03-26T23:22:51.390Z"
},
"scheduled_task_id": "4c5eda00-e74f-11ec-b72f-5b18752ff9ea",
"api_key_created_by_user": false
}
The identifier for the rule. If it is omitted, an ID is randomly generated.
Default value is []
(empty).
Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
Additional properties are NOT allowed.
The name of the application or feature that owns the rule. For example: alerts
, apm
, discover
, infrastructure
, logs
, metrics
, ml
, monitoring
, securitySolution
, siem
, stackAlerts
, or uptime
.
Indicates whether you want to run the rule on an interval basis after it is created.
Default value is true
.
When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.
Additional properties are NOT allowed.
The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
Indicates how often alerts generate actions. Valid values include: onActionGroupChange
: Actions run when the alert status changes; onActiveAlert
: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval
: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify notify_when
at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
Values are onActionGroupChange
, onActiveAlert
, or onThrottleInterval
.
The rule type identifier.
The check interval, which specifies how frequently the rule conditions are checked.
Additional properties are NOT allowed.
Use the throttle
property in the action frequency
object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
The parameters for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
{
"name": "my Elasticsearch query ESQL rule",
"params": {
"size": 0,
"esqlQuery": {
"esql": "FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != \"GB\" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | SORT sumbytes desc | LIMIT 10"
},
"threshold": [
0
],
"timeField": "@timestamp",
"searchType": "esqlQuery",
"timeWindowSize": 1,
"timeWindowUnit": "d",
"thresholdComparator": ">"
},
"actions": [
{
"id": "d0db1fe0-78d6-11ee-9177-f7d404c8c945",
"group": "query matched",
"params": {
"level": "info",
"message": "Elasticsearch query rule '{{rule.name}}' is active:\n- Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}"
},
"frequency": {
"summary": false,
"notify_when": "onActiveAlert"
}
}
],
"consumer": "stackAlerts",
"schedule": {
"interval": "1d"
},
"rule_type_id": ".es-query"
}
{
"name": "my Elasticsearch query rule",
"params": {
"size": 100,
"index": [
"kibana_sample_data_logs"
],
"esQuery": "\"\"\"{\"query\":{\"match_all\" : {}}}\"\"\"",
"threshold": [
100
],
"timeField": "@timestamp",
"timeWindowSize": 1,
"timeWindowUnit": "d",
"thresholdComparator": ">"
},
"actions": [
{
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"group": "query matched",
"params": {
"level": "info",
"message": "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
},
"frequency": {
"summary": true,
"throttle": "1d",
"notify_when": "onThrottleInterval"
}
},
{
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"group": "recovered",
"params": {
"level": "info",
"message": "Recovered"
},
"frequency": {
"summary": false,
"notify_when": "onActionGroupChange"
}
}
],
"consumer": "alerts",
"schedule": {
"interval": "1d"
},
"rule_type_id": ".es-query"
}
{
"name": "my Elasticsearch query KQL rule",
"params": {
"size": 100,
"aggType": "count",
"groupBy": "all",
"threshold": [
1000
],
"searchType": "searchSource",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"searchConfiguration": {
"index": "90943e30-9a47-11e8-b64d-95841ca0b247",
"query": {
"query": "\"\"geo.src : \"US\" \"\"",
"language": "kuery"
}
},
"thresholdComparator": ">",
"excludeHitsFromPreviousRun": true
},
"consumer": "alerts",
"schedule": {
"interval": "1m"
},
"rule_type_id": ".es-query"
}
{
"name": "my rule",
"tags": [
"cpu"
],
"params": {
"index": [
".test-index"
],
"aggType": "avg",
"groupBy": "top",
"aggField": "sheet.version",
"termSize": 6,
"termField": "name.keyword",
"threshold": [
1000
],
"timeField": "@timestamp",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">"
},
"actions": [
{
"id": "48de3460-f401-11ed-9f8e-399c75a2deeb",
"group": "threshold met",
"params": {
"level": "info",
"message": "Rule '{{rule.name}}' is active for group '{{context.group}}':\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
},
"frequency": {
"summary": false,
"notify_when": "onActionGroupChange"
}
}
],
"consumer": "alerts",
"schedule": {
"interval": "1m"
},
"alert_delay": {
"active": 3
},
"rule_type_id": ".index-threshold"
}
{
"name": "my tracking rule",
"params": {
"index": "kibana_sample_data_logs",
"entity": "agent.keyword",
"indexId": "90943e30-9a47-11e8-b64d-95841ca0b247",
"geoField": "geo.coordinates",
"dateField\"": "@timestamp",
"boundaryType": "entireIndex",
"boundaryIndexId": "0cd90abf-abe7-44c7-909a-f621bbbcfefc",
"boundaryGeoField": "location",
"boundaryNameField": "name",
"boundaryIndexTitle": "boundary*"
},
"consumer": "alerts",
"schedule": {
"interval": "1h"
},
"rule_type_id": ".geo-containment"
}
{
"id": "e0d62360-78e8-11ee-9177-f7d404c8c945",
"name": "my Elasticsearch query ESQL rule",
"tags": [],
"params": {
"size": 0,
"aggType": "count",
"groupBy": "all",
"esqlQuery": {
"esql": "FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != \"GB\" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | sort sumbytes desc | limit 10"
},
"threshold": [
0
],
"timeField": "@timestamp",
"searchType": "esqlQuery",
"timeWindowSize": 1,
"timeWindowUnit": "d",
"thresholdComparator": ">",
"excludeHitsFromPreviousRun\"": "true,"
},
"actions": [
{
"id": "d0db1fe0-78d6-11ee-9177-f7d404c8c945",
"uuid": "bfe370a3-531b-4855-bbe6-ad739f578844",
"group": "query matched",
"params": {
"level": "info",
"message": "Elasticsearch query rule '{{rule.name}}' is active:\n- Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}"
},
"frequency": {
"summary": false,
"throttle": null,
"notify_when": "onActiveAlert"
},
"connector_type_id": ".server-log"
}
],
"enabled": true,
"running": false,
"consumer": "stackAlerts",
"mute_all": false,
"revision": 0,
"schedule": {
"interval": "1d"
},
"throttle": null,
"created_at": "2023-11-01T19:00:10.453Z",
"created_by": "elastic",
"updated_at": "2023-11-01T19:00:10.453Z",
"updated_by": "elastic\",",
"notify_when": null,
"rule_type_id": ".es-query",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "pending",
"last_execution_date": "2023-11-01T19:00:10.453Z"
},
"scheduled_task_id": "e0d62360-78e8-11ee-9177-f7d404c8c945",
"api_key_created_by_user": false
}
{
"id": "58148c70-407f-11ee-850e-c71febc4ca7f",
"name": "my Elasticsearch query rule",
"tags": [],
"params": {
"size": 100,
"index": [
"kibana_sample_data_logs"
],
"aggType": "count",
"esQuery": "\"\"\"{\"query\":{\"match_all\" : {}}}\"\"\"",
"groupBy": "all",
"threshold": [
100
],
"timeField": "@timestamp",
"searchType": "esQuery",
"timeWindowSize": 1,
"timeWindowUnit": "d",
"thresholdComparator": ">",
"excludeHitsFromPreviousRun": true
},
"actions": [
{
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"uuid": "53f3c2a3-e5d0-4cfa-af3b-6f0881385e78",
"group": "query matched",
"params": {
"level": "info",
"message": "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
},
"frequency": {
"summary": true,
"throttle": "1d",
"notify_when": "onThrottleInterval"
},
"connector_type_id": ".server-log"
},
{
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"uuid": "2324e45b-c0df-45c7-9d70-4993e30be758",
"group": "recovered",
"params": {
"level": "info",
"message": "Recovered"
},
"frequency": {
"summary": false,
"throttle": null,
"notify_when": "onActionGroupChange"
},
"connector_type_id": ".server-log"
}
],
"enabled": true,
"running": false,
"consumer": "alerts",
"mute_all": false,
"revision": 0,
"schedule": {
"interval": "1d"
},
"throttle": null,
"created_at": "2023-08-22T00:03:38.263Z",
"created_by": "elastic",
"updated_at": "2023-08-22T00:03:38.263Z",
"updated_by": "elastic",
"notify_when": null,
"rule_type_id": ".es-query",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "pending",
"last_execution_date": "2023-08-22T00:03:38.263Z"
},
"scheduled_task_id": "58148c70-407f-11ee-850e-c71febc4ca7f",
"api_key_created_by_user": false
}
{
"id": "7bd506d0-2284-11ee-8fad-6101956ced88",
"name": "my Elasticsearch query KQL rule\"",
"tags": [],
"params": {
"size": 100,
"aggType": "count",
"groupBy": "all",
"threshold": [
1000
],
"searchType": "searchSource",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"searchConfiguration": {
"index": "90943e30-9a47-11e8-b64d-95841ca0b247",
"query": {
"query": "\"\"geo.src : \"US\" \"\"",
"language": "kuery"
}
},
"thresholdComparator": ">",
"excludeHitsFromPreviousRun": true
},
"actions": [],
"enabled": true,
"running": false,
"consumer": "alerts",
"mute_all": false,
"revision": 0,
"schedule": {
"interval": "1m"
},
"throttle": null,
"created_at": "2023-07-14T20:24:50.729Z",
"created_by": "elastic",
"updated_at": "2023-07-14T20:24:50.729Z",
"updated_by": "elastic",
"notify_when": null,
"rule_type_id": ".es-query",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "pending",
"last_execution_date": "2023-07-14T20:24:50.729Z"
},
"scheduled_task_id": "7bd506d0-2284-11ee-8fad-6101956ced88",
"api_key_created_by_user": false
}
{
"id": "41893910-6bca-11eb-9e0d-85d233e3ee35",
"name": "my rule",
"tags": [
"cpu"
],
"params": {
"index": [
".test-index"
],
"aggType": "avg",
"groupBy": "top",
"aggField": "sheet.version",
"termSize": 6,
"termField": "name.keyword",
"threshold": [
1000
],
"timeField": "@timestamp",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">"
},
"actions": [
{
"id": "dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2",
"uuid": "07aef2a0-9eed-4ef9-94ec-39ba58eb609d",
"group": "threshold met",
"params": {
"level": "info",
"message": "Rule {{rule.name}} is active for group {{context.group} :\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
},
"frequency": {
"summary": false,
"throttle": null,
"notify_when": "onActionGroupChange"
},
"connector_type_id": ".server-log"
}
],
"enabled": true,
"running": false,
"consumer": "alerts",
"mute_all": false,
"revision": 0,
"schedule": {
"interval": "1m"
},
"throttle": null,
"created_at": "2022-06-08T17:20:31.632Z",
"created_by": "elastic",
"updated_at": "2022-06-08T17:20:31.632Z",
"updated_by": "elastic",
"alert_delay": {
"active": 3
},
"notify_when": null,
"rule_type_id": ".index-threshold",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "pending",
"last_execution_date": "2022-06-08T17:20:31.632Z"
},
"scheduled_task_id": "425b0800-6bca-11eb-9e0d-85d233e3ee35",
"api_key_created_by_user": false
}
{
"id": "b6883f9d-5f70-4758-a66e-369d7c26012f",
"name": "my tracking rule",
"tags": [],
"params": {
"index": "kibana_sample_data_logs",
"entity": "agent.keyword",
"indexId": "90943e30-9a47-11e8-b64d-95841ca0b247",
"geoField": "geo.coordinates",
"dateField": "@timestamp",
"boundaryType": "entireIndex",
"boundaryIndexId": "0cd90abf-abe7-44c7-909a-f621bbbcfefc",
"boundaryGeoField": "location",
"boundaryNameField": "name",
"boundaryIndexTitle": "boundary*"
},
"actions": [],
"enabled": true,
"running": false,
"consumer": "alerts",
"last_run": {
"outcome": "succeeded",
"warning": null,
"outcome_msg": null,
"alerts_count": {
"new": 0,
"active": 0,
"ignored": 0,
"recovered": 0
},
"outcome_order": 0
},
"mute_all": false,
"next_run": "2024-02-15T03:26:38.033Z",
"revision": 1,
"schedule": {
"interval": "1h"
},
"throttle": null,
"created_at": "2024-02-14T19:52:55.920Z",
"created_by": "elastic",
"updated_at": "2024-02-15T03:24:32.574Z",
"updated_by": "elastic",
"notify_when": null,
"rule_type_id": ".geo-containment",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_duration": 74,
"last_execution_date": "2024-02-15T03:25:38.125Z"
},
"scheduled_task_id": "b6883f9d-5f70-4758-a66e-369d7c26012f",
"api_key_created_by_user": false
}
The identifier for the rule.
curl \
-X DELETE https://localhost:5601/api/alerting/rule/{id} \
-H "kbn-xsrf: true"
The identifier for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id}/_disable \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"untrack": true
}
The identifier for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id}/_enable \
-H "kbn-xsrf: true"
The identifier for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id}/_mute_all \
-H "kbn-xsrf: true"
The identifier for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id}/_unmute_all \
-H "kbn-xsrf: true"
The identifier for the rule.
curl \
-X POST https://localhost:5601/api/alerting/rule/{id}/_update_api_key \
-H "kbn-xsrf: true"
The identifier for the rule.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute \
-H "kbn-xsrf: true"
The identifier for the rule.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute \
-H "kbn-xsrf: true"
The number of rules to return per page.
Minimum value is 0
. Default value is 10
.
The page number to return.
Minimum value is 1
. Default value is 1
.
An Elasticsearch simple_query_string query that filters the objects in the response.
The default operator to use for the simple_query_string.
Values are OR
or AND
. Default value is OR
.
The fields to perform the simple_query_string parsed query against.
Determines which field is used to sort the results. The field must exist in the attributes
key of the response.
Determines the sort order.
Values are asc
or desc
.
Filters the rules that have a relation with the reference objects with a specific type and identifier.
Additional properties are NOT allowed.
The fields to return in the attributes
key of the response.
A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle"
. However, if you used a direct attribute of a saved object, such as updatedAt
, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22
.
List of consumers to filter.
curl \
-X GET https://localhost:5601/api/alerting/rules/_find
{
"data": [
{
"id": "3583a470-74f6-11ed-9801-35303b735aef",
"name": "my alert",
"tags": [
"cpu"
],
"params": {
"index": [
"test-index"
],
"aggType": "avg",
"groupBy": "top",
"aggField": "sheet.version",
"termSize": 6,
"termField": "name.keyword",
"threshold": [
1000
],
"timeField": "@timestamp",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">"
},
"actions": [
{
"id": "9dca3e00-74f5-11ed-9801-35303b735aef",
"uuid": "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
"group": "threshold met",
"params": {
"level": "info",
"message": "Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}",
"connector_type_id": ".server-log"
},
"frequency": {
"summary": false,
"throttle": null,
"notify_when": "onActionGroupChange"
}
}
],
"enabled": true,
"consumer": "alerts",
"last_run": {
"outcome": "succeeded",
"warning": null,
"outcome_msg": null,
"alerts_count": {
"new": 0,
"active": 0,
"ignored": 0,
"recovered": 0
}
},
"mute_all": false,
"next_run": "2022-12-06T01:45:23.912Z",
"revision": 1,
"schedule": {
"interval": "1m"
},
"throttle": null,
"created_at": "2022-12-05T23:40:33.132Z",
"created_by": "elastic",
"updated_at": "2022-12-05T23:40:33.132Z",
"updated_by": "elastic",
"rule_type_id": ".index-threshold",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_duration": 48,
"last_execution_date": "2022-12-06T01:44:23.983Z"
},
"scheduled_task_id": "3583a470-74f6-11ed-9801-35303b735aef",
"api_key_created_by_user": false
}
],
"page": 1,
"total": 1,
"per_page": 10
}
{
"data": [
{
"id": "6107a8f0-f401-11ed-9f8e-399c75a2deeb",
"name": "security_rule",
"tags": [],
"params": {
"to": "now",
"from": "now-3660s",
"meta": {
"from": "1h",
"kibana_siem_app_url": "https://localhost:5601/app/security"
},
"type": "threshold",
"index": [
"kibana_sample_data_logs"
],
"query": "*",
"author": [],
"ruleId": "an_internal_rule_id",
"threat": [],
"filters": [],
"license": "",
"version": 1,
"language": "kuery",
"severity": "low",
"immutable": false,
"riskScore": 21,
"threshold": {
"field": [
"bytes"
],
"value": 1,
"cardinality": []
},
"maxSignals": 100,
"references": [],
"description": "A security threshold rule.",
"outputIndex": "",
"exceptionsList": [],
"falsePositives": [],
"severityMapping": [],
"riskScoreMapping": []
},
"actions": [
{
"id": "49eae970-f401-11ed-9f8e-399c75a2deeb",
"uuid": "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
"group": "default",
"params": {
"documents": [
{
"rule_id": {
"[object Object]": null
},
"alert_id": {
"[object Object]": null
},
"rule_name": {
"[object Object]": null
},
"context_message": {
"[object Object]": null
}
}
]
},
"frequency": {
"summary": true,
"throttle": null,
"notify_when": "onActiveAlert"
},
"alerts_filter": {
"query": {
"kql": "",
"filters": [
{
"meta": {
"key": "client.geo.region_iso_code",
"alias": null,
"field": "client.geo.region_iso_code",
"index": "c4bdca79-e69e-4d80-82a1-e5192c621bea",
"negate": false,
"params": {
"type": "phrase",
"query": "CA-QC"
},
"disabled": false
},
"query": {
"match_phrase": {
"client.geo.region_iso_code": "CA-QC"
}
},
"$state": {
"store": "appState"
}
}
]
},
"timeframe": {
"days": [
7
],
"hours": {
"end": "17:00",
"start": "08:00"
},
"timezone": "UTC"
}
},
"connector_type_id": ".index"
}
],
"enabled": true,
"running": false,
"consumer": "siem",
"last_run": {
"outcome": "succeeded",
"warning": null,
"outcome_msg": [
"Rule execution completed successfully"
],
"alerts_count": {
"new": 0,
"active": 0,
"ignored": 0,
"recovered": 0
},
"outcome_order": 0
},
"mute_all": false,
"next_run": "2023-05-16T20:27:49.507Z",
"revision": 1,
"schedule": {
"interval": "1m"
},
"throttle": null,
"created_at": "2023-05-16T15:50:28.358Z",
"created_by": "elastic",
"updated_at": "2023-05-16T20:25:42.559Z",
"updated_by": "elastic",
"notify_when": null,
"rule_type_id": "siem.thresholdRule",
"api_key_owner": "elastic",
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_duration": 166,
"last_execution_date": "2023-05-16T20:26:49.590Z"
},
"scheduled_task_id": "6107a8f0-f401-11ed-9f8e-399c75a2deeb",
"api_key_created_by_user": false
}
],
"page": 1,
"total": 1,
"per_page": 10
}
Deprecated in 7.13.0. Use the get rule API instead.
The identifier for the alert.
curl \
-X GET https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35
{
"actions": [
{}
],
"alertTypeId": ".index-threshold",
"apiKeyOwner": "elastic",
"createdAt": "2022-12-05T23:36:58.284Z",
"createdBy": "elastic",
"enabled": true,
"executionStatus": {
"lastExecutionDate": "2022-12-06T00:13:43.890Z",
"status": "ok"
},
"id": "b530fed0-74f5-11ed-9801-35303b735aef",
"muteAll": false,
"mutedInstanceIds": [
"string"
],
"name": "my alert",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "string"
},
"scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
"tags": [
"string"
],
"throttle": "string",
"updatedAt": "2022-12-05T23:36:58.284Z",
"updatedBy": "elastic"
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the update rule API instead.
The identifier for the alert.
A name to reference and search.
The condition for throttling the notification.
Values are onActionGroupChange
, onActiveAlert
, or onThrottleInterval
.
The parameters to pass to the alert type executor params
value. This will also validate against the alert type params validator, if defined.
Additional properties are allowed.
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
Additional properties are allowed.
How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m
or 1h
will prevent it from sending 90 notifications during this period.
curl \
-X PUT https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35 \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
# Headers
kbn-xsrf: string
# Payload
{
"actions": [
{
"actionTypeId": "string",
"group": "string",
"id": "string",
"params": {}
}
],
"name": "string",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "1d"
},
"tags": [
"string"
],
"throttle": "string"
}
{
"actions": [
{}
],
"alertTypeId": ".index-threshold",
"apiKeyOwner": "elastic",
"createdAt": "2022-12-05T23:36:58.284Z",
"createdBy": "elastic",
"enabled": true,
"executionStatus": {
"lastExecutionDate": "2022-12-06T00:13:43.890Z",
"status": "ok"
},
"id": "b530fed0-74f5-11ed-9801-35303b735aef",
"muteAll": false,
"mutedInstanceIds": [
"string"
],
"name": "my alert",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "string"
},
"scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
"tags": [
"string"
],
"throttle": "string",
"updatedAt": "2022-12-05T23:36:58.284Z",
"updatedBy": "elastic"
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the create rule API instead.
An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated.
The ID of the alert type that you want to call when the alert is scheduled to run.
The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges.
Indicates if you want to run the alert on an interval basis after it is created.
A name to reference and search.
The condition for throttling the notification.
Values are onActionGroupChange
, onActiveAlert
, or onThrottleInterval
.
The parameters to pass to the alert type executor params
value. This will also validate against the alert type params validator, if defined.
Additional properties are allowed.
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
Additional properties are allowed.
How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m
or 1h
will prevent it from sending 90 notifications during this period.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35 \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
# Headers
kbn-xsrf: string
# Payload
{
"actions": [
{
"actionTypeId": "string",
"group": "string",
"id": "string",
"params": {}
}
],
"alertTypeId": "string",
"consumer": "string",
"enabled": true,
"name": "string",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "10s"
},
"tags": [
"string"
],
"throttle": "string"
}
{
"actions": [
{}
],
"alertTypeId": ".index-threshold",
"apiKeyOwner": "elastic",
"createdAt": "2022-12-05T23:36:58.284Z",
"createdBy": "elastic",
"enabled": true,
"executionStatus": {
"lastExecutionDate": "2022-12-06T00:13:43.890Z",
"status": "ok"
},
"id": "b530fed0-74f5-11ed-9801-35303b735aef",
"muteAll": false,
"mutedInstanceIds": [
"string"
],
"name": "my alert",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "string"
},
"scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
"tags": [
"string"
],
"throttle": "string",
"updatedAt": "2022-12-05T23:36:58.284Z",
"updatedBy": "elastic"
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it.
The identifier for the alert.
curl \
-X DELETE https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35 \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the disable rule API instead.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/_disable \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the enable rule API instead.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/_enable \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the mute all alerts API instead.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/_mute_all \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the unmute all alerts API instead.
The identifier for the alert.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/_unmute_all \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the mute alert API instead.
An identifier for the alert.
An identifier for the alert instance.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/alert_instance/dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2/_mute \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the unmute alert API instead.
An identifier for the alert.
An identifier for the alert instance.
curl \
-X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/alert_instance/dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2/_unmute \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert params
are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.
The default operator to use for the simple_query_string
.
Default value is OR
.
The fields to return in the attributes
key of the response.
A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle"
. However, if you used a direct attribute of a saved object, such as updatedAt
, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22
.
Filters the rules that have a relation with the reference objects with a specific type and identifier.
Additional properties are allowed.
The page number to return.
Default value is 1
.
The number of alerts to return per page.
Default value is 20
.
An Elasticsearch simple_query_string
query that filters the alerts in the response.
The fields to perform the simple_query_string
parsed query against.
Determines which field is used to sort the results. The field must exist in the attributes
key of the response.
Determines the sort order.
Values are asc
or desc
. Default value is desc
.
curl \
-X GET https://localhost:5601/api/alerts/alerts/_find
{
"data": [
{
"actions": [
{}
],
"alertTypeId": ".index-threshold",
"apiKeyOwner": "elastic",
"createdAt": "2022-12-05T23:36:58.284Z",
"createdBy": "elastic",
"enabled": true,
"executionStatus": {
"lastExecutionDate": "2022-12-06T00:13:43.890Z",
"status": "ok"
},
"id": "b530fed0-74f5-11ed-9801-35303b735aef",
"muteAll": false,
"mutedInstanceIds": [
"string"
],
"name": "my alert",
"notifyWhen": "onActionGroupChange",
"params": {},
"schedule": {
"interval": "string"
},
"scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
"tags": [
"string"
],
"throttle": "string",
"updatedAt": "2022-12-05T23:36:58.284Z",
"updatedBy": "elastic"
}
],
"page": 42,
"perPage": 42,
"total": 42
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the get alerting framework health API instead.
curl \
-X GET https://localhost:5601/api/alerts/alerts/_health
{
"alertingFrameworkHealth": {
"decryptionHealth": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
},
"executionHealth": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
},
"readHealth": {
"status": "ok",
"timestamp": "2023-01-13T01:28:00.280Z"
}
},
"hasPermanentEncryptionKey": true,
"isSufficientlySecure": true
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the get rule types API instead.
curl \
-X GET https://localhost:5601/api/alerts/alerts/list_alert_types
[
{
"actionGroups": [
{
"id": "string",
"name": "string"
}
],
"actionVariables": {
"context": [
{
"description": "string",
"name": "string"
}
],
"params": [
{
"description": "string",
"name": "string"
}
],
"state": [
{
"description": "string",
"name": "string"
}
]
},
"authorizedConsumers": {},
"defaultActionGroupId": "string",
"enabledInLicense": true,
"id": "string",
"isExportable": true,
"minimumLicenseRequired": "string",
"name": "string",
"producer": "string",
"recoveryActionGroup": {
"id": "string",
"name": "string"
}
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Adjust APM agent configuration without need to redeploy your application.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
curl \
-X GET https://localhost:5601/api/apm/settings/agent-configuration \
-H "elastic-api-version: 2023-10-31"
{
"configurations": [
{
"@timestamp": 1730194190636,
"agent_name": "string",
"applied_by_agent": true,
"etag": "0bc3b5ebf18fba8163fe4c96f491e3767a358f85",
"service": {
"environment": "prod",
"name": "node"
},
"settings": {
"additionalProperty1": "string",
"additionalProperty2": "string"
}
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
If the config exists ?overwrite=true is required
Agent name
Service
Additional properties are allowed.
Agent configuration settings
Successful response
Additional properties are NOT allowed.
Bad Request response
Unauthorized response
Forbidden response
Not found response
curl \
-X PUT https://localhost:5601/api/apm/settings/agent-configuration \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"agent_name": "string",
"service": {
"environment": "prod",
"name": "node"
},
"settings": {
"additionalProperty1": "string",
"additionalProperty2": "string"
}
}
{}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Environment
Name
Successful response
Bad Request response
Unauthorized response
Forbidden response
Not found response
curl \
-X DELETE https://localhost:5601/api/apm/settings/agent-configuration \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"environment": "prod",
"name": "node"
}
{
"result": "string"
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Retrieve agentName
for a service.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
The name of the service
curl \
-X GET https://localhost:5601/api/apm/settings/agent-configuration/agent_name?serviceName=node \
-H "elastic-api-version: 2023-10-31"
{
"agentName": "nodejs"
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
The name of the service
curl \
-X GET https://localhost:5601/api/apm/settings/agent-configuration/environments \
-H "elastic-api-version: 2023-10-31"
{
"environments": [
{
"alreadyConfigured": true,
"name": "ALL_OPTION_VALUE"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
This endpoint allows to search for single agent configuration and update 'applied_by_agent' field.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
If etags match then applied_by_agent
field will be set to true
markAsAppliedByAgent=true
means "force setting it to true regardless of etag".
This is needed for Jaeger agent that doesn't have etags
Service
Additional properties are allowed.
curl \
-X POST https://localhost:5601/api/apm/settings/agent-configuration/search \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"etag": "0bc3b5ebf18fba8163fe4c96f491e3767a358f85",
"mark_as_applied_by_agent": true,
"service": {
"environment": "prod",
"name": "node"
}
}
{
"_id": "string",
"_index": "string",
"_score": 42.0,
"_source": {
"@timestamp": 1730194190636,
"agent_name": "string",
"applied_by_agent": true,
"etag": "0bc3b5ebf18fba8163fe4c96f491e3767a358f85",
"service": {
"environment": "prod",
"name": "node"
},
"settings": {
"additionalProperty1": "string",
"additionalProperty2": "string"
}
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
Service name
Service environment
curl \
-X GET https://localhost:5601/api/apm/settings/agent-configuration/view \
-H "elastic-api-version: 2023-10-31"
{
"id": "string",
"@timestamp": 1730194190636,
"agent_name": "string",
"applied_by_agent": true,
"etag": "0bc3b5ebf18fba8163fe4c96f491e3767a358f85",
"service": {
"environment": "prod",
"name": "node"
},
"settings": {
"additionalProperty1": "string",
"additionalProperty2": "string"
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Configure APM agent keys to authorize requests from APM agents to the APM Server.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Agent name
Privileges configuration
Values are event:write
or config_agent:read
.
Agent key created successfully
Bad Request response
Unauthorized response
Forbidden response
Internal Server Error response
curl \
-X POST https://localhost:5601/api/apm/agent_keys \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"name": "string",
"privileges": [
"event:write"
]
}
{
"agentKey": {
"api_key": "string",
"encoded": "string",
"expiration": 42,
"id": "string",
"name": "string"
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.
Create a new annotation for a specific service.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The name of the service
Annotation created successfully
Bad Request response
Unauthorized response
Forbidden response
Not found response
curl \
-X POST https://localhost:5601/api/apm/services/{serviceName}/annotation \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"@timestamp": "string",
"message": "string",
"service": {
"environment": "string",
"version": "string"
},
"tags": [
"string"
]
}
{
"_id": "string",
"_index": "string",
"_source": {
"@timestamp": "string",
"annotation": {
"title": "string",
"type": "string"
},
"event": {
"created": "string"
},
"message": "string",
"service": {
"environment": "string",
"name": "string",
"version": "string"
},
"tags": [
"string"
]
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Search for annotations related to a specific service.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
The name of the service
The environment to filter annotations by
The start date for the search
The end date for the search
Successful response
Bad Request response
Unauthorized response
Internal Server Error response
curl \
-X GET https://localhost:5601/api/apm/services/{serviceName}/annotation/search \
-H "elastic-api-version: 2023-10-31"
{
"annotations": [
{
"@timestamp": 42.0,
"id": "string",
"text": "string",
"type": "version"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
Create APM fleet server schema.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Successful response
Additional properties are NOT allowed.
Bad Request response
Unauthorized response
Forbidden response
Not found response
curl \
-X POST https://localhost:5601/api/apm/fleet/apm_server_schema \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"schema": {
"foo": "bar"
}
}
{}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Configure APM source maps.
Returns an array of Fleet artifacts, including source map uploads.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
Successful response
Bad Request response
Unauthorized response
Internal Server Error response
Not Implemented response
curl \
-X GET https://localhost:5601/api/apm/sourcemaps \
-H "elastic-api-version: 2023-10-31"
{
"artifacts": [
{
"body": {
"bundleFilepath": "string",
"serviceName": "string",
"serviceVersion": "string",
"sourceMap": {
"file": "string",
"mappings": "string",
"sourceRoot": "string",
"sources": [
"string"
],
"sourcesContent": [
"string"
],
"version": 42.0
}
},
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The absolute path of the final bundle as used in the web application.
The name of the service that the service map should apply to.
The version of the service that the service map should apply to.
The source map. String or file upload. It must follow the source map revision 3 proposal.
Successful response
Bad Request response
Unauthorized response
Forbidden response
Internal Server Error response
Not Implemented response
curl \
-X POST https://localhost:5601/api/apm/sourcemaps \
-H "Content-Type: multipart/form-data; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
{
"body": "string",
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Source map identifier
Successful response
Additional properties are NOT allowed.
Bad Request response
Unauthorized response
Forbidden response
Internal Server Error response
Not Implemented response
curl \
-X DELETE https://localhost:5601/api/apm/sourcemaps/{id} \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
{}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
Cases are used to open and track issues. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can also send cases to external incident management systems by configuring connectors.
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
An array containing users that are assigned to the case.
Not more than 10
elements.
A word or phrase that categorizes the case.
Maximum length is 50
.
Defines properties for connectors when type is .none
.
Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.
At least 0
but not more than 10
elements.
The description for the case.
Maximum length is 30000
.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
An object that contains the case settings.
Additional properties are allowed.
The severity of the case.
Values are critical
, high
, low
, or medium
. Default value is low
.
A title for the case.
Maximum length is 160
.
curl \
-X POST https://localhost:5601/api/cases \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title 1",
"settings": {
"syncAlerts": true
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": "High",
"issueType": "10006"
}
},
"description": "A case description.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
}
]
}
{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzUzMiwxXQ==",
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": "High",
"issueType": "10006"
}
},
"created_at": "2022-10-13T15:33:50.604Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null,
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
],
"totalComment": 0,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
or all
privileges and the delete
sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
The cases that you want to removed. All non-ASCII characters must be URL encoded.
curl \
-X DELETE https://localhost:5601/api/cases?ids=d4e7abb0-b462-11ec-9a8d-698504725a43 \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
curl \
-X PATCH https://localhost:5601/api/cases \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"cases": [
{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"tags": [
"tag-1"
],
"version": "WzIzLDFd",
"settings": {
"syncAlerts": true
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": null,
"issueType": "10006"
}
},
"description": "A case description.",
"customFields": [
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
},
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
}
]
}
]
}
[
{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzU0OCwxXQ==",
"category": null,
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": null,
"issueType": "10006"
}
},
"created_at": "2023-10-13T09:16:17.416Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-13T09:48:33.043Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
}
],
"totalComment": 0,
"external_service": {
"pushed_at": "2023-10-13T09:20:40.672Z",
"pushed_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"external_id": "10003",
"connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8",
"external_url": "https://hms.atlassian.net/browse/IS-4",
"connector_name": "Jira",
"external_title": "IS-4"
}
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
Filters the returned cases by assignees. Valid values are none
or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API.
Filters the returned cases by category.
he default operator to use for the simple_query_string.
Default value is OR
.
Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
The page number to return.
Default value is 1
.
The number of items to return. Limited to 100 items.
Maximum value is 100
. Default value is 20
.
Filters the returned cases by the user name of the reporter.
An Elasticsearch simple_query_string query that filters the objects in the response.
The fields to perform the simple_query_string parsed query against.
The severity of the case.
Values are critical
, high
, low
, or medium
.
Determines which field is used to sort the results.
Values are createdAt
, updatedAt
, closedAt
, title
, category
, status
, or severity
. Default value is createdAt
.
Determines the sort order.
Values are asc
or desc
. Default value is desc
.
Filters the returned cases by state.
Values are closed
, in-progress
, or open
.
Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.
curl \
-X GET https://localhost:5601/api/cases/_find
{
"page": 1,
"cases": [
{
"id": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2",
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title",
"status": "open",
"version": "WzExMCwxXQ==",
"category": null,
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-10-12T00:16:36.371Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-12T00:27:58.162Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "Case description",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
],
"totalComment": 1,
"external_service": null
}
],
"total": 1,
"per_page": 5,
"count_open_cases": 1,
"count_closed_cases": 0,
"count_in_progress_cases": 0
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned.
Default value is true
.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414
{
"id": "31cdada0-02c1-11ed-85f2-4f7c222ca2fa",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzM2LDFd",
"category": null,
"comments": [
{
"id": "2134c1d0-02c2-11ed-85f2-4f7c222ca2fa",
"type": "user",
"owner": "cases",
"comment": "A new comment",
"version": "WzM3LDFd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-10-13T15:40:32.335Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null
}
],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-10-13T15:33:50.604Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-13T15:40:32.335Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
],
"totalComment": 1,
"external_service": null
}
{
"id": "c3ff7550-def1-4e90-b6bc-c9969a4a09b1",
"tags": [
"observability",
"tag 1"
],
"owner": "observability",
"title": "Observability case title 1",
"status": "in-progress",
"version": "WzI0NywyXQ==",
"category": null,
"comments": [
{
"id": "59d438d0-79a9-4864-8d4b-e63adacebf6e",
"rule": {
"id": "03e4eb87-62ca-4e5d-9570-3d7625e9669d",
"name": "Observability rule"
},
"type": "alert",
"index": [
".internal.alerts-observability.logs.alerts-default-000001"
],
"owner": "observability",
"alertId": [
"a6e12ac4-7bce-457b-84f6-d7ce8deb8446"
],
"version": "WzY3LDJd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-11-06T19:29:38.424Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null
},
{
"id": "d99342d3-3aa3-4b80-90ec-a702607604f5",
"type": "user",
"owner": "observability",
"comment": "The first comment.",
"version": "WzcyLDJd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-11-06T19:29:57.812Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [
{
"uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-11-06T19:29:04.086Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"updated_at": "2023-11-06T19:47:55.662Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "An Observability case description.",
"totalAlerts": 1,
"customFields": [],
"totalComment": 1,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/alerts
[
{
"id": "f6a7d0c3-d52d-432c-b2e6-447cd7fce04d",
"index": ".alerts-observability.logs.alerts-default",
"attached_at": "2022-07-25T20:09:40.963Z"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments
{
"assignees": [
{
"uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
],
"category": "string",
"closed_at": "2024-05-04T09:42:00+00:00",
"closed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"comments": [
{
"alertId": [
"a6e12ac4-7bce-457b-84f6-d7ce8deb8446"
],
"created_at": "2023-11-06T19:29:38.424Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"id": "73362370-ab1a-11ec-985f-97e55adae8b9",
"index": [
".internal.alerts-security.alerts-default-000001"
],
"owner": "cases",
"pushed_at": "2024-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"rule": {
"id": "94d80550-aaf4-11ec-985f-97e55adae8b9",
"name": "security_rule"
},
"type": "alert",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzMwNDgsMV0="
}
],
"connector": {
"fields": "string",
"id": "none",
"name": "none",
"type": ".none"
},
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"customFields": [
{
"key": "string",
"type": "text",
"value": "string"
}
],
"description": "A case description.",
"duration": 120,
"external_service": {
"connector_id": "string",
"connector_name": "string",
"external_id": "string",
"external_title": "string",
"external_url": "string",
"pushed_at": "2024-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
}
},
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"owner": "cases",
"settings": {
"syncAlerts": true
},
"severity": "low",
"status": "closed",
"tags": [
"tag-1"
],
"title": "Case title 1",
"totalAlerts": 0,
"totalComment": 0,
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzUzMiwxXQ=="
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
Defines properties for case comment requests when type is alert.
The alert identifiers. It is required only when type
is alert
. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index
must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The alert indices. It is required only when type
is alert
. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId
array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
The rule that is associated with the alerts. It is required only when type
is alert
. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Additional properties are allowed.
The type of comment.
Value is alert
.
curl \
-X POST https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"type": "user",
"owner": "cases",
"comment": "A new comment."
}
{
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzIzMzgsMV0=",
"category": null,
"comments": [
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "A new comment.",
"version": "WzIwNDMxLDFd",
"created_at": "2022-10-02T00:49:47.716Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
}
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2022-03-24T00:37:03.906Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2022-06-03T00:49:47.716Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": true
}
],
"totalComment": 1,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deletes all comments and alerts from a case. You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X DELETE https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The update case comment API request body varies depending on whether you are updating an alert or a comment.
Defines properties for case comment requests when type is alert.
The alert identifiers. It is required only when type
is alert
. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index
must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The identifier for the comment. To retrieve comment IDs, use the get comments API.
The alert indices. It is required only when type
is alert
. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId
array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
The rule that is associated with the alerts. It is required only when type
is alert
. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Additional properties are allowed.
The type of comment.
Value is alert
.
The current comment version. To retrieve version values, use the get comments API.
curl \
-X PATCH https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "An updated comment.",
"version": "Wzk1LDFd"
}
{
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzIwNjM2LDFd",
"category": null,
"comments": [
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "An updated comment.",
"version": "WzIwNjM3LDFd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-10-24T00:37:10.832Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-24T01:27:06.210Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-10-24T00:37:03.906Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-24T01:27:06.210Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
}
],
"totalComment": 1,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Retrieves a paginated list of comments for a case. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments/_find
{
"assignees": [
{
"uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
],
"category": "string",
"closed_at": "2024-05-04T09:42:00+00:00",
"closed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"comments": [
{
"alertId": [
"a6e12ac4-7bce-457b-84f6-d7ce8deb8446"
],
"created_at": "2023-11-06T19:29:38.424Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"id": "73362370-ab1a-11ec-985f-97e55adae8b9",
"index": [
".internal.alerts-security.alerts-default-000001"
],
"owner": "cases",
"pushed_at": "2024-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"rule": {
"id": "94d80550-aaf4-11ec-985f-97e55adae8b9",
"name": "security_rule"
},
"type": "alert",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzMwNDgsMV0="
}
],
"connector": {
"fields": "string",
"id": "none",
"name": "none",
"type": ".none"
},
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"customFields": [
{
"key": "string",
"type": "text",
"value": "string"
}
],
"description": "A case description.",
"duration": 120,
"external_service": {
"connector_id": "string",
"connector_name": "string",
"external_id": "string",
"external_title": "string",
"external_url": "string",
"pushed_at": "2024-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
}
},
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"owner": "cases",
"settings": {
"syncAlerts": true
},
"severity": "low",
"status": "closed",
"tags": [
"tag-1"
],
"title": "Case title 1",
"totalAlerts": 0,
"totalComment": 0,
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzUzMiwxXQ=="
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments/71ec1870-725b-11ea-a0b2-c51ea50a58e2
{
"id": "8048b460-fe2b-11ec-b15d-779a7c8bbcc3",
"type": "user",
"owner": "cases",
"comment": "A new comment",
"version": "WzIzLDFd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-10-07T19:32:13.104Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.
curl \
-X DELETE https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments/71ec1870-725b-11ea-a0b2-c51ea50a58e2 \
-H "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
An identifier for the connector. To retrieve connector IDs, use the find connectors API.
Additional properties are allowed.
curl \
-X POST https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/connector/abed3a70-71bd-11ea-a0b2-c51ea50a58e2/_push \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
# Headers
kbn-xsrf: string
# Payload
{}
{
"id": "b917f300-0ed9-11ed-bd18-65557fe66949",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzE3NjgsM10=",
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"closed_at": null,
"closed_by": null,
"connector": {
"id": "09f8c0b0-0eda-11ed-bd18-65557fe66949",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": "Low",
"issueType": "10006"
}
},
"created_at": "2022-07-29T00:59:39.444Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"updated_at": "2022-07-29T01:20:58.436Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"description": "A case description.",
"totalAlerts": 0,
"totalComment": 0,
"external_service": {
"pushed_at": "2022-07-29T01:20:58.436Z",
"pushed_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"external_id": "71926",
"connector_id": "09f8c0b0-0eda-11ed-bd18-65557fe66949",
"external_url": "https://cases.jira.com",
"connector_name": "My connector",
"external_title": "ES-554"
}
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Attach a file to a case. You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. The request must include:
Content-Type: multipart/form-data
HTTP header.The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X POST https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/files \
-H "Content-Type: multipart/form-data; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzIzMzgsMV0=",
"category": null,
"comments": [
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "A new comment.",
"version": "WzIwNDMxLDFd",
"created_at": "2022-10-02T00:49:47.716Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
}
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2022-03-24T00:37:03.906Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2022-06-03T00:49:47.716Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": true
}
],
"totalComment": 1,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/user_actions
[
{
"action": "create",
"action_id": "22fd3e30-03b1-11ed-920c-974bfa104448",
"case_id": "22df07d0-03b1-11ed-920c-974bfa104448",
"comment_id": "578608d0-03b1-11ed-920c-974bfa104448",
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"owner": "cases",
"payload": {
"comment": {
"alertId": "1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d",
"index": ".alerts-observability.logs.alerts-default",
"owner": "cases",
"rule": {
"id": "94d80550-aaf4-11ec-985f-97e55adae8b9",
"name": "security_rule"
},
"type": "alert"
}
},
"type": "create_case"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Retrives a paginated list of user activity for a case. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The page number to return.
Default value is 1
.
The number of items to return. Limited to 100 items.
Maximum value is 100
. Default value is 20
.
Determines the sort order.
Values are asc
or desc
. Default value is desc
.
Determines the types of user actions to return.
Values are action
, alert
, assignees
, attachment
, comment
, connector
, create_case
, description
, pushed
, settings
, severity
, status
, tags
, title
, or user
.
curl \
-X GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/user_actions/_find
{
"page": 1,
"total": 3,
"perPage": 20,
"userActions": [
{
"id": "b4cd0770-07c9-11ed-a5fd-47154cb8767e",
"type": "create_case",
"owner": "cases",
"action": "create",
"payload": {
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"category": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"description": "A case description.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
]
},
"version": "WzM1ODg4LDFd",
"comment_id": null,
"created_at": "2023-10-20T01:17:22.150Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
{
"id": "57af14a0-03b1-11ed-920c-974bfa104448",
"type": "comment",
"owner": "cases",
"action": "create",
"payload": {
"type": "user",
"owner": "cases",
"comment": "A new comment"
},
"version": "WzM1ODg4LDFa",
"comment_id": "578608d0-03b1-11ed-920c-974bfa104448",
"created_at": "2023-10-14T20:12:53.354Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
{
"id": "573c6980-6123-11ed-aa41-81a0a61fe447",
"type": "assignees",
"owner": "cases",
"action": "add",
"payload": {
"assignees": {
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
"version": "WzM1ODg4LDFb",
"comment_id": null,
"created_at": "2023-10-20T01:10:28.238Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
}
]
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
An identifier for the alert.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
-X GET https://localhost:5601/api/cases/alerts/09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540
[
{
"id": "06116b80-e1c3-11ec-be9b-9b1838238ee6",
"title": "security_case"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on where the cases were created.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
-X GET https://localhost:5601/api/cases/configure
[
{
"id": "856ee650-6c82-11ee-a20a-6164169afa58",
"error": null,
"owner": "cases",
"version": "WzEyLDNd",
"mappings": [],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"templates": [
{
"key": "505932fe-ee3a-4960-a661-c781b5acdb05",
"name": "template-1",
"tags": [
"Template tag 1"
],
"caseFields": {
"tags": [
"Default case tag"
],
"title": "Default case title",
"category": "Default-category",
"settings": {
"syncAlerts": false
},
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"description": "A default description for cases.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Default text field value."
}
]
},
"description": "A description of the template."
}
],
"created_at": "2024-07-01T17:07:17.767Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"updated_at": null,
"updated_by": null,
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": false,
"defaultValue": "Custom text field value."
}
]
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on where you are creating cases.
Indicates whether a case is automatically closed when it is pushed to external systems (close-by-pushing
) or not automatically closed (close-by-user
).
Values are close-by-pushing
or close-by-user
.
An object that contains the connector configuration.
Additional properties are allowed.
Custom fields case configuration.
At least 0
but not more than 10
elements.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
curl \
-X POST https://localhost:5601/api/cases/configure \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"owner": "cases",
"connector": {
"id": "5e656730-e1ca-11ec-be9b-9b1838238ee6",
"name": "my-jira-connector",
"type": ".jira",
"fields": null
},
"templates": [
{
"key": "505932fe-ee3a-4960-a661-c781b5acdb05",
"name": "template-1",
"tags": [
"Template tag 1"
],
"caseFields": {
"tags": [
"Default case tag"
],
"title": "Default case title",
"category": "Default-category",
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"description": "A default description for cases.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "A text field value for the template."
}
]
},
"description": "A description of the template."
}
],
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": false,
"defaultValue": "My custom field default value."
}
]
}
{
"id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error": null,
"owner": "cases",
"version": "WzIwNzMsMV0=",
"mappings": [
{
"source": "title",
"target": "summary",
"action_type": "overwrite"
},
{
"source": "description",
"target": "description",
"action_type": "overwrite"
},
{
"source": "comments",
"target": "comments",
"action_type": "append"
},
{
"source": "tags",
"target": "labels",
"action_type": "overwrite"
}
],
"connector": {
"id": "5e656730-e1ca-11ec-be9b-9b1838238ee6",
"name": "my-jira-connector",
"type": ".jira",
"fields": null
},
"templates": [
{
"key": "505932fe-ee3a-4960-a661-c781b5acdb05",
"name": "template-1",
"tags": [
"Template tag 1"
],
"caseFields": {
"tags": [
"Default case tag"
],
"title": "Default case title",
"category": "Default-category",
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"description": "A default description for cases.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "A text field value for the template."
}
]
},
"description": "A description of the template."
}
],
"created_at": "2024-07-01T17:07:17.767Z",
"created_by": {
"email": "null,",
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null,
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": false,
"defaultValue": "My custom field default value."
}
]
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on where the case was created.
An identifier for the configuration.
Indicates whether a case is automatically closed when it is pushed to external systems (close-by-pushing
) or not automatically closed (close-by-user
).
Values are close-by-pushing
or close-by-user
.
An object that contains the connector configuration.
Additional properties are allowed.
Custom fields case configuration.
The version of the connector. To retrieve the version value, use the get configuration API.
curl \
-X PATCH https://localhost:5601/api/cases/configure/3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"version": "WzExOSw0XQ==",
"connector": {
"id": "5e656730-e1ca-11ec-be9b-9b1838238ee6",
"name": "my-jira-connector",
"type": ".jira",
"fields": null
},
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": true,
"defaultValue": "A new default value."
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"label": "my-toggle",
"required": false
}
]
}
{
"id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error": null,
"owner": "cases",
"version": "WzI2LDNd",
"mappings": [
{
"source": "title",
"target": "summary",
"action_type": "overwrite"
},
{
"source": "description",
"target": "description",
"action_type": "overwrite"
},
{
"source": "tags",
"target": "labels",
"action_type": "overwrite"
},
{
"source": "comments",
"target": "comments",
"action_type": "append"
}
],
"connector": {
"id": "5e656730-e1ca-11ec-be9b-9b1838238ee6",
"name": "my-jira-connector",
"type": ".jira",
"fields": null
},
"templates": [],
"created_at": "2024-07-01T17:07:17.767Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2024-07-19T00:52:42.401Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": true,
"defaultValue": "A new default value."
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"label": "my-toggle",
"required": false
}
]
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Get information about connectors that are supported for use in cases. You must have read
privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
curl \
-X GET https://localhost:5601/api/cases/configure/connectors/_find
[
{
"id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
"name": "my-Jira",
"config": {
"apiUrl": "https://elastic.atlassian.net/",
"projectKey": "ES"
},
"actionTypeId": ".jira",
"isDeprecated": false,
"isPreconfigured": false,
"isMissingSecrets": false,
"referencedByCount": 0
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Returns information about the users who opened cases. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
-X GET https://localhost:5601/api/cases/reporters
[
{
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
{
"email": "jdoe@example.com",
"username": "jdoe",
"full_name": "Jane Doe",
"profile_uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
-X GET https://localhost:5601/api/cases/status
{
"count_closed_cases": 42,
"count_in_progress_cases": 42,
"count_open_cases": 42
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Aggregates and returns a list of case tags. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
curl \
-X GET https://localhost:5601/api/cases/tags
[
"observability",
"security",
"tag 1",
"tag 2"
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met.
You do not need any Kibana feature privileges to run this API.
A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).
curl \
-X GET https://localhost:5601/api/actions/connector_types
[
{
"id": ".gen-ai",
"name": "OpenAI",
"enabled": true,
"enabled_in_config": true,
"enabled_in_license": true,
"is_system_action_type": false,
"supported_feature_ids": [
"generativeAIForSecurity",
"generativeAIForObservability",
"generativeAIForSearchPlayground"
],
"minimum_license_required": "enterprise"
},
{
"id": ".bedrock",
"name": "AWS Bedrock",
"enabled": true,
"enabled_in_config": true,
"enabled_in_license": true,
"is_system_action_type": false,
"supported_feature_ids": [
"generativeAIForSecurity",
"generativeAIForObservability",
"generativeAIForSearchPlayground"
],
"minimum_license_required": "enterprise"
},
{
"id": ".gemini",
"name": "Google Gemini",
"enabled": true,
"enabled_in_config": true,
"enabled_in_license": true,
"is_system_action_type": false,
"supported_feature_ids": [
"generativeAIForSecurity"
],
"minimum_license_required": "enterprise"
}
]
An identifier for the connector.
curl \
-X GET https://localhost:5601/api/actions/connector/{id}
{
"id": "df770e30-8b8b-11ed-a780-3b746c987a81",
"name": "my_server_log_connector",
"config": {},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".server-log",
"is_missing_secrets": false
}
An identifier for the connector.
The display name for the connector.
The connector configuration details.
Defines properties for connectors when type is .bedrock
.
Defines secrets for connectors when type is .bedrock
.
curl \
-X PUT https://localhost:5601/api/actions/connector/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
{
"name": "updated-connector",
"config": {
"index": "updated-index"
}
}
{
"config": {},
"connector_type_id": "string",
"id": "string",
"is_deprecated": true,
"is_missing_secrets": true,
"is_preconfigured": true,
"is_system_action": true,
"name": "string"
}
An identifier for the connector.
The type of connector.
The display name for the connector.
The connector configuration details.
Defines properties for connectors when type is .bedrock
.
Defines secrets for connectors when type is .bedrock
.
curl \
-X POST https://localhost:5601/api/actions/connector/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
{
"name": "email-connector-1",
"config": {
"from": "tester@example.com",
"host": "https://example.com",
"port": 1025,
"secure": false,
"hasAuth": true,
"service": "other"
},
"secrets": {
"user": "username",
"password": "password"
},
"connector_type_id": ".email"
}
{
"name": "my-connector",
"config": {
"index": "test-index"
},
"connector_type_id": ".index"
}
{
"name": "my-webhook-connector",
"config": {
"url": "https://example.com",
"method": "post",
"authType": "webhook-authentication-ssl",
"certType": "ssl-crt-key"
},
"secrets": {
"crt": "QmFnIEF0dH...",
"key": "LS0tLS1CRUdJ...",
"password": "my-passphrase"
},
"connector_type_id": ".webhook"
}
{
"name": "my-xmatters-connector",
"config": {
"usesBasic": false
},
"secrets": {
"secretsUrl": "https://example.com?apiKey=xxxxx"
},
"connector_type_id": ".xmatters"
}
{
"id": "90a82c60-478f-11ee-a343-f98a117c727f",
"name": "email-connector-1",
"config": {
"from": "tester@example.com",
"host": "https://example.com",
"port": 1025,
"secure": false,
"hasAuth": true,
"service": "other",
"clientId": null,
"tenantId": null,
"oauthTokenUrl": null
},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".email",
"is_missing_secrets": false
}
{
"id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad",
"name": "my-connector",
"config": {
"index": "test-index",
"refresh": false,
"executionTimeField": null
},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".index",
"is_missing_secrets": false
}
{
"id": "900eb010-3b9d-11ee-a642-8ffbb94e38bd",
"name": "my-webhook-connector",
"config": {
"url": "https://example.com",
"method": "post",
"hasAuth": true,
"headers": null,
"authType": "webhook-authentication-ssl",
"certType": "ssl-crt-key",
"verificationMode": "full"
},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".webhook",
"is_missing_secrets": false
}
{
"id": "df770e30-8b8b-11ed-a780-3b746c987a81",
"name": "my_server_log_connector",
"config": {},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".server-log",
"is_missing_secrets": false
}
WARNING: When you delete a connector, it cannot be recovered.
An identifier for the connector.
curl \
-X DELETE https://localhost:5601/api/actions/connector/{id} \
-H "kbn-xsrf: true"
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.
An identifier for the connector.
Test an action that acknowledges or resolves a PagerDuty alert.
curl \
-X POST https://localhost:5601/api/actions/connector/{id}/_execute \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
{
"params": {
"documents": [
{
"id": "my_doc_id",
"name": "my_doc_name",
"message": "hello, world"
}
]
}
}
{
"params": {
"subAction": "issueTypes"
}
}
{
"params": {
"subAction": "getChoices",
"subActionParams": {
"fields": [
"severity",
"urgency"
]
}
}
}
{
"params": {
"subAction": "postMessage",
"subActionParams": {
"text": "A test message.",
"channelIds": [
"C123ABC456"
]
}
}
}
{
"params": {
"subAction": "pushToService",
"subActionParams": {
"comments": [
{
"comment": "A comment about the incident.",
"commentId": 1
}
],
"incident": {
"caseId": "1000",
"caseName": "Case name",
"description": "Description of the incident."
}
}
}
}
{
"data": {
"took": 135,
"items": [
{
"create": {
"_id": "4JtvwYUBrcyxt2NnfW3y",
"_index": "my-index",
"result": "created",
"status": 201,
"_seq_no": 0,
"_shards": {
"total": 2,
"failed": 0,
"successful": 1
},
"_version": 1,
"_primary_term": 1
}
}
],
"errors": false
},
"status": "ok",
"connector_id": "fd38c600-96a5-11ed-bb79-353b74189cba"
}
{
"data": [
{
"id": 10024,
"name": "Improvement"
},
{
"id": 10006,
"name": "Task"
},
{
"id": 10007,
"name": "Sub-task"
},
{
"id": 10025,
"name": "New Feature"
},
{
"id": 10023,
"name": "Bug"
},
{
"id": 10000,
"name": "Epic"
}
],
"status": "ok",
"connector_id": "b3aad810-edbe-11ec-82d1-11348ecbf4a6"
}
{
"status": "ok",
"connector_id": "7fc7b9a0-ecc9-11ec-8736-e7d63118c907"
}
{
"data": [
{
"label": "Critical",
"value": 1,
"element": "severity",
"dependent_value": ""
},
{
"label": "Major",
"value": 2,
"element": "severity",
"dependent_value": ""
},
{
"label": "Minor",
"value": 3,
"element": "severity",
"dependent_value": ""
},
{
"label": "Warning",
"value": 4,
"element": "severity",
"dependent_value": ""
},
{
"label": "OK",
"value": 5,
"element": "severity",
"dependent_value": ""
},
{
"label": "Clear",
"value": 0,
"element": "severity",
"dependent_value": ""
},
{
"label": "1 - High",
"value": 1,
"element": "urgency",
"dependent_value": ""
},
{
"label": "2 - Medium",
"value": 2,
"element": "urgency",
"dependent_value": ""
},
{
"label": "3 - Low",
"value": 3,
"element": "urgency",
"dependent_value": ""
}
],
"status": "ok",
"connector_id": "9d9be270-2fd2-11ed-b0e0-87533c532698"
}
{
"data": {
"ok": true,
"ts": "1234567890.123456",
"channel": "C123ABC456",
"message": {
"ts": "1234567890.123456",
"team": "T01ABCDE2F",
"text": "A test message",
"type": "message",
"user": "U12A345BC6D",
"app_id": "A01BC2D34EF",
"blocks": [
{
"type": "rich_text",
"block_id": "/NXe",
"elements": [
{
"type": "rich_text_section",
"elements": [
{
"text": "A test message.",
"type": "text"
}
]
}
]
}
],
"bot_id": "B12BCDEFGHI",
"bot_profile": {
"id": "B12BCDEFGHI",
"name": "test",
"icons": {
"image_36": "https://a.slack-edge.com/80588/img/plugins/app/bot_36.png"
},
"app_id": "A01BC2D34EF",
"deleted": false,
"team_id": "T01ABCDE2F",
"updated": 1672169705
}
}
},
"status": "ok",
"connector_id": ".slack_api"
}
{
"data": {
"id": "aKPmBHWzmdRQtx6Mx",
"url": "https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx",
"title": "TEST-457",
"comments": [
{
"commentId": 1,
"pushedDate": "2022-09-08T16:52:27.865Z"
}
],
"pushedDate": "2022-09-08T16:52:27.866Z"
},
"status": "ok",
"connector_id": "a4746470-2f94-11ed-b0e0-87533c532698"
}
curl \
-X GET https://localhost:5601/api/actions/connectors
[
{
"id": "preconfigured-email-connector",
"name": "my-preconfigured-email-notification",
"is_deprecated": false,
"is_preconfigured": true,
"is_system_action": false,
"connector_type_id": ".email",
"referenced_by_count": 0
},
{
"id": "e07d0c80-8b8b-11ed-a780-3b746c987a81",
"name": "my-index-connector",
"config": {
"index": "test-index",
"refresh": false,
"executionTimeField": null
},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".index",
"is_missing_secrets": false,
"referenced_by_count": 2
}
]
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
curl \
-X GET https://localhost:5601/api/dashboards/dashboard
{
"items": [
{
"attributes": {
"description": "",
"timeRestore": false,
"title": "string"
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
],
"total": 42.0
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
curl \
-X GET https://localhost:5601/api/dashboards/dashboard/{id}
{
"item": {
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
},
"meta": {
"aliasPurpose": "savedObjectConversion",
"aliasTargetId": "string",
"outcome": "exactMatch"
}
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
Additional properties are NOT allowed.
curl \
-X PUT https://localhost:5601/api/dashboards/dashboard/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
]
}
{
"item": {
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
Additional properties are NOT allowed.
curl \
-X POST https://localhost:5601/api/dashboards/dashboard/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"spaces": [
"string"
]
}
{
"item": {
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
curl \
-X DELETE https://localhost:5601/api/dashboards/dashboard/{id} \
-H "kbn-xsrf: true"
curl \
-X GET https://localhost:5601/api/fleet/data_streams
{
"data_streams": [
{
"dashboards": [
{
"id": "string",
"title": "string"
}
],
"dataset": "string",
"index": "string",
"last_activity_ms": 42.0,
"namespace": "string",
"package": "string",
"package_version": "string",
"serviceDetails": {
"environment": "string",
"serviceName": "string"
},
"size_in_bytes": 42.0,
"size_in_bytes_formatted": 42.0,
"type": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are logs
, metrics
, traces
, synthetics
, or profiling
.
Values are asc
or desc
. Default value is asc
.
Default value is false
.
curl \
-X GET https://localhost:5601/api/fleet/epm/data_streams
{
"items": [
{
"name": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Data view APIs enable you to manage data views, formerly known as Kibana index patterns.
curl \
-X GET https://localhost:5601/api/data_views
{
"data_view": [
{
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "Kibana Sample Data eCommerce",
"title": "kibana_sample_data_ecommerce",
"typeMeta": {},
"namespaces": [
"default"
]
},
{
"id": "d3d7af60-4c81-11e8-b3d7-01146121b73d",
"name": "Kibana Sample Data Flights",
"title": "kibana_sample_data_flights",
"namespaces": [
"default"
]
},
{
"id": "90943e30-9a47-11e8-b64d-95841ca0b247",
"name": "Kibana Sample Data Logs",
"title": "kibana_sample_data_logs",
"namespaces": [
"default"
]
}
]
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
curl \
-X POST https://localhost:5601/api/data_views/data_view \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"data_view": {
"name": "My Logstash data view",
"title": "logstash-*",
"runtimeFieldMap": {
"runtime_shape_name": {
"type": "keyword",
"script": {
"source": "emit(doc['shape_name'].value)"
}
}
}
}
}
{
"data_view": {
"allowNoIndex": true,
"fieldAttrs": {
"additionalProperty1": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
},
"additionalProperty2": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
}
},
"fieldFormats": {},
"fields": {},
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "string",
"namespaces": [
"default"
],
"runtimeFieldMap": {
"additionalProperty1": {
"script": {
"source": "string"
},
"type": "string"
},
"additionalProperty2": {
"script": {
"source": "string"
},
"type": "string"
}
},
"sourceFilters": [
{
"value": "string"
}
],
"timeFieldName": "string",
"title": "string",
"typeMeta": {
"aggs": {},
"params": {}
},
"version": "WzQ2LDJd"
}
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
An identifier for the data view.
curl \
-X GET https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f
{
"data_view": {
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "Kibana Sample Data eCommerce",
"title": "kibana_sample_data_ecommerce",
"fields": {
"_id": {
"name": "_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_id"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"sku": {
"name": "sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"type": {
"name": "type",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"user": {
"name": "user",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"email": {
"name": "email",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_index": {
"name": "_index",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_index"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_score": {
"name": "_score",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_source": {
"name": "_source",
"type": "_source",
"count": 0,
"format": {
"id": "_source"
},
"esTypes": [
"_source"
],
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"category": {
"name": "category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"currency": {
"name": "currency",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_id": {
"name": "order_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_date": {
"name": "order_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_id": {
"name": "customer_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week": {
"name": "day_of_week",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer": {
"name": "manufacturer",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products._id": {
"name": "products._id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.sku": {
"name": "products.sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week_i": {
"name": "day_of_week_i",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"event.dataset": {
"name": "event.dataset",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_phone": {
"name": "customer_phone",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.location": {
"name": "geoip.location",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.price": {
"name": "products.price",
"type": "number",
"count": 1,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_quantity": {
"name": "total_quantity",
"type": "number",
"count": 1,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_gender": {
"name": "customer_gender",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.city_name": {
"name": "geoip.city_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"category.keyword": {
"name": "category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.region_name": {
"name": "geoip.region_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category": {
"name": "products.category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.quantity": {
"name": "products.quantity",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name": {
"name": "customer_full_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"customer_last_name": {
"name": "customer_last_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.min_price": {
"name": "products.min_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxful_total_price": {
"name": "taxful_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_birth_date": {
"name": "customer_birth_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name": {
"name": "customer_first_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.base_price": {
"name": "products.base_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.created_on": {
"name": "products.created_on",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_id": {
"name": "products.product_id",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"long"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.tax_amount": {
"name": "products.tax_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxless_total_price": {
"name": "taxless_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.continent_name": {
"name": "geoip.continent_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer.keyword": {
"name": "manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products._id.keyword": {
"name": "products._id.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products._id"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer": {
"name": "products.manufacturer",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.product_name": {
"name": "products.product_name",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.taxful_price": {
"name": "products.taxful_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_unique_products": {
"name": "total_unique_products",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.country_iso_code": {
"name": "geoip.country_iso_code",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.taxless_price": {
"name": "products.taxless_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.base_unit_price": {
"name": "products.base_unit_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_amount": {
"name": "products.discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category.keyword": {
"name": "products.category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name.keyword": {
"name": "customer_full_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_full_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_last_name.keyword": {
"name": "customer_last_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_last_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name.keyword": {
"name": "customer_first_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_first_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_percentage": {
"name": "products.discount_percentage",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer.keyword": {
"name": "products.manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_name.keyword": {
"name": "products.product_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.product_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.unit_discount_amount": {
"name": "products.unit_discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
}
},
"version": "WzUsMV0=",
"typeMeta": {},
"fieldAttrs": {
"products.price": {
"count": 1
},
"total_quantity": {
"count": 1
},
"products.manufacturer": {
"count": 1
},
"products.product_name": {
"count": 1
}
},
"namespaces": [
"default"
],
"allowNoIndex": false,
"fieldFormats": {
"products.price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.min_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxful_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"products.base_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxless_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxful_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxless_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.base_unit_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
}
},
"sourceFilters": [],
"timeFieldName": "order_date",
"runtimeFieldMap": {}
}
}
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
An identifier for the data view.
The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted.
Additional properties are allowed.
Reloads the data view fields after the data view is updated.
Default value is false
.
curl \
-X POST https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"data_view": {
"name": "Kibana Sample Data eCommerce",
"title": "kibana_sample_data_ecommerce",
"allowNoIndex": false,
"timeFieldName": "order_date"
},
"refresh_fields": true
}
{
"data_view": {
"allowNoIndex": true,
"fieldAttrs": {
"additionalProperty1": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
},
"additionalProperty2": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
}
},
"fieldFormats": {},
"fields": {},
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "string",
"namespaces": [
"default"
],
"runtimeFieldMap": {
"additionalProperty1": {
"script": {
"source": "string"
},
"type": "string"
},
"additionalProperty2": {
"script": {
"source": "string"
},
"type": "string"
}
},
"sourceFilters": [
{
"value": "string"
}
],
"timeFieldName": "string",
"title": "string",
"typeMeta": {
"aggs": {},
"params": {}
},
"version": "WzQ2LDJd"
}
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
WARNING: When you delete a data view, it cannot be recovered.
An identifier for the data view.
curl \
-X DELETE https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f \
-H "kbn-xsrf: string"
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
Update fields presentation metadata such as count, customLabel, customDescription, and format.
An identifier for the data view.
curl \
-X POST https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/fields \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"fields": {
"field1": {
"count": 123,
"customLabel": "Field 1 label"
},
"field2": {
"customLabel": "Field 2 label",
"customDescription": "Field 2 description"
}
}
}
{
"acknowledged": true
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
The ID of the data view fields you want to update.
The name for a runtime field.
The runtime field definition object.
Additional properties are allowed.
curl \
-X PUT https://localhost:5601/api/data_views/data_view/{viewId}/runtime_field \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"name": "runtimeFoo",
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc[\"foo\"].value)"
}
}
}
{
"data_view": {},
"fields": [
{}
]
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
An identifier for the data view.
The name for a runtime field.
The runtime field definition object.
Additional properties are allowed.
curl \
-X POST https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"name": "runtimeFoo",
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc[\"foo\"].value)"
}
}
}
{}
The name of the runtime field.
An identifier for the data view.
curl \
-X GET https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day
{
"fields": [
{
"name": "hour_of_day",
"type": "number",
"count": 0,
"esTypes": [
"long"
],
"scripted": false,
"searchable": true,
"aggregatable": true,
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
},
"shortDotsEnable": false,
"readFromDocValues": false
}
],
"data_view": {
"id": "d3d7af60-4c81-11e8-b3d7-01146121b73d",
"name": "Kibana Sample Data Flights",
"title": "kibana_sample_data_flights",
"fields": {
"_id": {
"name": "_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_id"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Dest": {
"name": "Dest",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"Origin": {
"name": "Origin",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_index": {
"name": "_index",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_index"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_score": {
"name": "_score",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Carrier": {
"name": "Carrier",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_source": {
"name": "_source",
"type": "_source",
"count": 0,
"format": {
"id": "_source"
},
"esTypes": [
"_source"
],
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Cancelled": {
"name": "Cancelled",
"type": "boolean",
"count": 0,
"format": {
"id": "boolean"
},
"esTypes": [
"boolean"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightNum": {
"name": "FlightNum",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"dayOfWeek": {
"name": "dayOfWeek",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"timestamp": {
"name": "timestamp",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestRegion": {
"name": "DestRegion",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestCountry": {
"name": "DestCountry",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestWeather": {
"name": "DestWeather",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelay": {
"name": "FlightDelay",
"type": "boolean",
"count": 0,
"format": {
"id": "boolean"
},
"esTypes": [
"boolean"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"hour_of_day": {
"name": "hour_of_day",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "00"
}
},
"esTypes": [
"long"
],
"scripted": false,
"searchable": true,
"aggregatable": true,
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
},
"shortDotsEnable": false,
"readFromDocValues": false
},
"DestCityName": {
"name": "DestCityName",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestLocation": {
"name": "DestLocation",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginRegion": {
"name": "OriginRegion",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestAirportID": {
"name": "DestAirportID",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DistanceMiles": {
"name": "DistanceMiles",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightTimeMin": {
"name": "FlightTimeMin",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginCountry": {
"name": "OriginCountry",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginWeather": {
"name": "OriginWeather",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"AvgTicketPrice": {
"name": "AvgTicketPrice",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelayMin": {
"name": "FlightDelayMin",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightTimeHour": {
"name": "FlightTimeHour",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginCityName": {
"name": "OriginCityName",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginLocation": {
"name": "OriginLocation",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelayType": {
"name": "FlightDelayType",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginAirportID": {
"name": "OriginAirportID",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DistanceKilometers": {
"name": "DistanceKilometers",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
}
},
"version": "WzM2LDJd",
"fieldAttrs": {},
"allowNoIndex": false,
"fieldFormats": {
"hour_of_day": {
"id": "number",
"params": {
"pattern": "00"
}
},
"AvgTicketPrice": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
}
},
"sourceFilters": [],
"timeFieldName": "timestamp",
"runtimeFieldMap": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
}
}
}
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
The name of the runtime field.
An identifier for the data view.
The runtime field definition object.
You can update following fields:
type
script
Additional properties are allowed.
curl \
-X POST https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
{
"runtimeField": {
"script": {
"source": "emit(doc[\"bar\"].value)"
}
}
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
The name of the runtime field.
An identifier for the data view.
curl \
-X DELETE https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
curl \
-X GET https://localhost:5601/api/data_views/default
{
"data_view_id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f"
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
curl \
-X POST https://localhost:5601/api/data_views/default \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"force": true,
"data_view_id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f"
}
{
"acknowledged": true
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.
Deletes referenced saved object if all references are removed.
Limit the affected saved objects to one or more by identifier.
Limit the affected saved objects by type.
The saved object reference to change.
Specify the type of the saved object reference to alter. The default value is index-pattern
for data views.
New saved object reference value to replace the old value.
curl \
-X POST https://localhost:5601/api/data_views/swap_references \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"toId": "xyz-123",
"delete": true,
"fromId": "abcd-efg"
}
{
"deleteStatus": {
"deletePerformed": true,
"remainingRefs": 42
},
"result": [
{
"id": "string",
"type": "string"
}
]
}
Preview the impact of swapping saved object references from one data view identifier to another.
Deletes referenced saved object if all references are removed.
Limit the affected saved objects to one or more by identifier.
Limit the affected saved objects by type.
The saved object reference to change.
Specify the type of the saved object reference to alter. The default value is index-pattern
for data views.
New saved object reference value to replace the old value.
curl \
-X POST https://localhost:5601/api/data_views/swap_references/_preview \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: string"
{
"toId": "xyz-123",
"fromId": "abcd-efg"
}
{
"result": [
{
"id": "string",
"type": "string"
}
]
}
curl \
-X POST https://localhost:5601/api/fleet/agents/{agentId}/actions \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"action": {
"type": "UNENROLL"
}
}
{
"item": {
"agents": [
"string"
],
"created_at": "string",
"expiration": "string",
"id": "string",
"minimum_execution_duration": 42.0,
"namespaces": [
"string"
],
"rollout_duration_seconds": 42.0,
"sent_at": "string",
"source_uri": "string",
"start_time": "string",
"total": 42.0,
"type": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/{agentId}/reassign \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"policy_id": "string"
}
{}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Value is CPU
.
curl \
-X POST https://localhost:5601/api/fleet/agents/{agentId}/request_diagnostics \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"additional_metrics": [
"CPU"
]
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/{agentId}/unenroll \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"revoke": true
}
curl \
-X POST https://localhost:5601/api/fleet/agents/{agentId}/upgrade \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"skipRateLimitCheck": true,
"source_uri": "string",
"version": "string"
}
{}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agents/action_status
{
"items": [
{
"actionId": "string",
"cancellationTime": "string",
"completionTime": "string",
"creationTime": "string",
"expiration": "string",
"hasRolloutPeriod": true,
"latestErrors": [
{
"agentId": "string",
"error": "string",
"hostname": "string",
"timestamp": "string"
}
],
"nbAgentsAck": 42.0,
"nbAgentsActionCreated": 42.0,
"nbAgentsActioned": 42.0,
"nbAgentsFailed": 42.0,
"newPolicyId": "string",
"policyId": "string",
"revision": 42.0,
"startTime": "string",
"status": "COMPLETE",
"type": "UPGRADE",
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/actions/{actionId}/cancel \
-H "kbn-xsrf: true"
{
"item": {
"agents": [
"string"
],
"created_at": "string",
"expiration": "string",
"id": "string",
"minimum_execution_duration": 42.0,
"namespaces": [
"string"
],
"rollout_duration_seconds": 42.0,
"sent_at": "string",
"source_uri": "string",
"start_time": "string",
"total": 42.0,
"type": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
curl \
-X POST https://localhost:5601/api/fleet/agents/bulk_reassign \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"includeInactive": false,
"policy_id": "string"
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Value is CPU
.
curl \
-X POST https://localhost:5601/api/fleet/agents/bulk_request_diagnostics \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"additional_metrics": [
"CPU"
],
"agents": [
"string"
],
"batchSize": 42.0
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/bulk_unenroll \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"force": true,
"includeInactive": true,
"revoke": true
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/bulk_update_agent_tags \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"includeInactive": false,
"tagsToAdd": [
"string"
],
"tagsToRemove": [
"string"
]
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
Minimum value is 600
.
curl \
-X POST https://localhost:5601/api/fleet/agents/bulk_upgrade \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"force": true,
"includeInactive": false,
"rollout_duration_seconds": 42.0,
"skipRateLimitCheck": true,
"source_uri": "string",
"start_time": "string",
"version": "string"
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agent_download_sources
{
"items": [
{
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agent_download_sources \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
{
"item": {
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get an agent binary download source by ID.
curl \
-X GET https://localhost:5601/api/fleet/agent_download_sources/{sourceId}
{
"item": {
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Update an agent binary download source by ID.
curl \
-X PUT https://localhost:5601/api/fleet/agent_download_sources/{sourceId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
{
"item": {
"host": "https://example.com",
"id": "string",
"is_default": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete an agent binary download source by ID.
curl \
-X DELETE https://localhost:5601/api/fleet/agent_download_sources/{sourceId} \
-H "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are desc
or asc
.
use withAgentCount instead
get policies with agent count
get full policies with package policies populated
Values are simplified
or legacy
.
curl \
-X GET https://localhost:5601/api/fleet/agent_policies
{
"items": [
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Additional properties are NOT allowed.
Minimum value is 0
. Default value is 1209600
.
When set to true, monitoring will be enabled but logs/metrics collection will be disabled
Default value is false
.
Additional properties are NOT allowed.
Values are logs
, metrics
, or traces
.
Additional properties are NOT allowed.
Minimum length is 1
.
Minimum length is 1
.
Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are allowed.
Indicates whether the agent policy supports agentless integrations.
Default value is false
.
Minimum value is 0
.
curl \
-X POST https://localhost:5601/api/fleet/agent_policies \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"force": true,
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"space_ids": [
"string"
],
"supports_agentless": false,
"unenroll_timeout": 42.0
}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are simplified
or legacy
.
get full policies with package policies populated
list of package policy ids
curl \
-X POST https://localhost:5601/api/fleet/agent_policies/_bulk_get \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"full": true,
"ids": [
"string"
],
"ignoreMissing": true
}
{
"items": [
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are simplified
or legacy
.
curl \
-X GET https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are simplified
or legacy
.
Additional properties are NOT allowed.
Minimum value is 0
. Default value is 1209600
.
When set to true, monitoring will be enabled but logs/metrics collection will be disabled
Default value is false
.
Additional properties are NOT allowed.
Values are logs
, metrics
, or traces
.
Additional properties are NOT allowed.
Minimum length is 1
.
Minimum length is 1
.
Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are allowed.
Indicates whether the agent policy supports agentless integrations.
Default value is false
.
Minimum value is 0
.
curl \
-X PUT https://localhost:5601/api/fleet/agent_policies/{agentPolicyId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"force": true,
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"space_ids": [
"string"
],
"supports_agentless": false,
"unenroll_timeout": 42.0
}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Copy an agent policy by ID.
Values are simplified
or legacy
.
Minimum length is 1
.
curl \
-X POST https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}/copy \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"name": "string"
}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Download an agent policy by ID.
curl \
-X GET https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}/download
string
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get a full agent policy by ID.
curl \
-X GET https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}/full
{
"item": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get a list of outputs associated with agent policy by policy id.
curl \
-X GET https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}/outputs
{
"item": {
"agentPolicyId": "string",
"data": {
"integrations": [
{
"id": "string",
"integrationPolicyName": "string",
"name": "string",
"pkgName": "string"
}
],
"output": {
"id": "string",
"name": "string"
}
},
"monitoring": {
"output": {
"id": "string",
"name": "string"
}
}
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agent_policies/delete \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"agentPolicyId": "string",
"force": true
}
{
"id": "string",
"name": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get a list of outputs associated with agent policies.
curl \
-X POST https://localhost:5601/api/fleet/agent_policies/outputs \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"ids": [
"string"
]
}
{
"items": [
{
"agentPolicyId": "string",
"data": {
"integrations": [
{
"id": "string",
"integrationPolicyName": "string",
"name": "string",
"pkgName": "string"
}
],
"output": {
"id": "string",
"name": "string"
}
},
"monitoring": {
"output": {
"id": "string",
"name": "string"
}
}
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/kubernetes
{
"item": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/kubernetes/download
string
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agent_status
{
"results": {
"active": 42.0,
"all": 42.0,
"error": 42.0,
"events": 42.0,
"inactive": 42.0,
"offline": 42.0,
"online": 42.0,
"other": 42.0,
"unenrolled": 42.0,
"updating": 42.0
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
curl \
-X GET https://localhost:5601/api/fleet/agent_status/data?agentsIds=string
{
"dataPreview": [],
"items": [
{
"additionalProperty1": {
"data": true
},
"additionalProperty2": {
"data": true
}
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is 1
.
Default value is 20
.
Default value is false
.
Default value is false
.
Default value is false
.
Default value is false
.
Values are asc
or desc
.
curl \
-X GET https://localhost:5601/api/fleet/agents
{
"items": [
{
"access_api_key": "string",
"access_api_key_id": "string",
"active": true,
"agent": {
"id": "string",
"version": "string"
},
"components": [
{
"id": "string",
"message": "string",
"status": "STARTING",
"type": "string",
"units": [
{
"id": "string",
"message": "string",
"payload": {},
"status": "STARTING",
"type": "input"
}
]
}
],
"default_api_key": "string",
"default_api_key_history": [
{
"id": "string",
"retired_at": "string"
}
],
"default_api_key_id": "string",
"enrolled_at": "string",
"id": "string",
"last_checkin": "string",
"last_checkin_message": "string",
"last_checkin_status": "error",
"local_metadata": {},
"metrics": {
"cpu_avg": 42.0,
"memory_size_byte_avg": 42.0
},
"namespaces": [
"string"
],
"outputs": {
"additionalProperty1": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
},
"additionalProperty2": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
}
},
"packages": [
"string"
],
"policy_id": "string",
"policy_revision": 42.0,
"sort": [
42.0
],
"status": "offline",
"tags": [
"string"
],
"type": "PERMANENT",
"unenrolled_at": "string",
"unenrollment_started_at": "string",
"unhealthy_reason": [
"input"
],
"upgrade_details": {
"action_id": "string",
"metadata": {
"download_percent": 42.0,
"download_rate": 42.0,
"error_msg": "string",
"failed_state": "UPG_REQUESTED",
"retry_error_msg": "string",
"retry_until": "string",
"scheduled_at": "string"
},
"state": "UPG_REQUESTED",
"target_version": "string"
},
"upgrade_started_at": "string",
"upgraded_at": "string",
"user_provided_metadata": {}
}
],
"page": 42.0,
"perPage": 42.0,
"statusSummary": {
"additionalProperty1": 42.0,
"additionalProperty2": 42.0
},
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"actionIds": [
"string"
]
}
{
"items": [
"string"
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
curl \
-X GET https://localhost:5601/api/fleet/agents/{agentId}
{
"item": {
"access_api_key": "string",
"access_api_key_id": "string",
"active": true,
"agent": {
"id": "string",
"version": "string"
},
"components": [
{
"id": "string",
"message": "string",
"status": "STARTING",
"type": "string",
"units": [
{
"id": "string",
"message": "string",
"payload": {},
"status": "STARTING",
"type": "input"
}
]
}
],
"default_api_key": "string",
"default_api_key_history": [
{
"id": "string",
"retired_at": "string"
}
],
"default_api_key_id": "string",
"enrolled_at": "string",
"id": "string",
"last_checkin": "string",
"last_checkin_message": "string",
"last_checkin_status": "error",
"local_metadata": {},
"metrics": {
"cpu_avg": 42.0,
"memory_size_byte_avg": 42.0
},
"namespaces": [
"string"
],
"outputs": {
"additionalProperty1": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
},
"additionalProperty2": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
}
},
"packages": [
"string"
],
"policy_id": "string",
"policy_revision": 42.0,
"sort": [
42.0
],
"status": "offline",
"tags": [
"string"
],
"type": "PERMANENT",
"unenrolled_at": "string",
"unenrollment_started_at": "string",
"unhealthy_reason": [
"input"
],
"upgrade_details": {
"action_id": "string",
"metadata": {
"download_percent": 42.0,
"download_rate": 42.0,
"error_msg": "string",
"failed_state": "UPG_REQUESTED",
"retry_error_msg": "string",
"retry_until": "string",
"scheduled_at": "string"
},
"state": "UPG_REQUESTED",
"target_version": "string"
},
"upgrade_started_at": "string",
"upgraded_at": "string",
"user_provided_metadata": {}
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Additional properties are allowed.
curl \
-X PUT https://localhost:5601/api/fleet/agents/{agentId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"tags": [
"string"
],
"user_provided_metadata": {}
}
{
"item": {
"access_api_key": "string",
"access_api_key_id": "string",
"active": true,
"agent": {
"id": "string",
"version": "string"
},
"components": [
{
"id": "string",
"message": "string",
"status": "STARTING",
"type": "string",
"units": [
{
"id": "string",
"message": "string",
"payload": {},
"status": "STARTING",
"type": "input"
}
]
}
],
"default_api_key": "string",
"default_api_key_history": [
{
"id": "string",
"retired_at": "string"
}
],
"default_api_key_id": "string",
"enrolled_at": "string",
"id": "string",
"last_checkin": "string",
"last_checkin_message": "string",
"last_checkin_status": "error",
"local_metadata": {},
"metrics": {
"cpu_avg": 42.0,
"memory_size_byte_avg": 42.0
},
"namespaces": [
"string"
],
"outputs": {
"additionalProperty1": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
},
"additionalProperty2": {
"api_key_id": "string",
"to_retire_api_key_ids": [
{
"id": "string",
"retired_at": "string"
}
],
"type": "string"
}
},
"packages": [
"string"
],
"policy_id": "string",
"policy_revision": 42.0,
"sort": [
42.0
],
"status": "offline",
"tags": [
"string"
],
"type": "PERMANENT",
"unenrolled_at": "string",
"unenrollment_started_at": "string",
"unhealthy_reason": [
"input"
],
"upgrade_details": {
"action_id": "string",
"metadata": {
"download_percent": 42.0,
"download_rate": 42.0,
"error_msg": "string",
"failed_state": "UPG_REQUESTED",
"retry_error_msg": "string",
"retry_until": "string",
"scheduled_at": "string"
},
"state": "UPG_REQUESTED",
"target_version": "string"
},
"upgrade_started_at": "string",
"upgraded_at": "string",
"user_provided_metadata": {}
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X DELETE https://localhost:5601/api/fleet/agents/{agentId} \
-H "kbn-xsrf: true"
{
"action": "deleted"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agents/{agentId}/uploads
{
"items": [
{
"actionId": "string",
"createTime": "string",
"error": "string",
"filePath": "string",
"id": "string",
"name": "string",
"status": "READY"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agents/available_versions
{
"items": [
"string"
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X DELETE https://localhost:5601/api/fleet/agents/files/{fileId} \
-H "kbn-xsrf: true"
{
"deleted": true,
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get a file uploaded by an agent.
curl \
-X GET https://localhost:5601/api/fleet/agents/files/{fileId}/{fileName}
{}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agents/setup
{
"is_secrets_storage_enabled": true,
"is_space_awareness_enabled": true,
"isReady": true,
"missing_optional_features": [
"encrypted_saved_object_encryption_key_required"
],
"missing_requirements": [
"security_required"
],
"package_verification_key_id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/agents/setup \
-H "kbn-xsrf: true"
{
"isInitialized": true,
"nonFatalErrors": [
{
"message": "string",
"name": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/agents/tags
{
"items": [
"string"
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/epm/bulk_assets \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"assetIds": [
{
"id": "string",
"type": "string"
}
]
}
{
"items": [
{
"appLink": "string",
"attributes": {
"description": "string",
"service": "string",
"title": "string"
},
"id": "string",
"type": "string",
"updatedAt": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/categories
{
"items": [
{
"count": 42.0,
"id": "string",
"parent_id": "string",
"parent_title": "string",
"title": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/epm/custom_integrations \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"datasets": [
{
"name": "string",
"type": "logs"
}
],
"force": true,
"integrationName": "string"
}
{
"_meta": {
"install_source": "string"
},
"items": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/packages
{
"items": [
{
"categories": [
"string"
],
"conditions": {
"elastic": {
"capabilities": [
"string"
],
"subscription": "string"
},
"kibana": {
"version": "string"
}
},
"data_streams": [
{}
],
"description": "string",
"discovery": {
"fields": [
{
"name": "string"
}
]
},
"download": "string",
"format_version": "string",
"icons": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"id": "string",
"installationInfo": {
"additional_spaces_installed_kibana": {
"additionalProperty1": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"additionalProperty2": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
},
"created_at": "string",
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"install_format_schema_version": "string",
"install_source": "registry",
"install_status": "installed",
"installed_es": [
{
"deferred": true,
"id": "string",
"type": "index",
"version": "string"
}
],
"installed_kibana": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"installed_kibana_space_id": "string",
"latest_executed_state": {
"error": "string",
"name": "string",
"started_at": "string"
},
"latest_install_failed_attempts": [
{
"created_at": "string",
"error": {
"message": "string",
"name": "string",
"stack": "string"
},
"target_version": "string"
}
],
"name": "string",
"namespaces": [
"string"
],
"type": "string",
"updated_at": "string",
"verification_key_id": "string",
"verification_status": "unverified",
"version": "string"
},
"integration": "string",
"internal": true,
"latestVersion": "string",
"name": "string",
"owner": {
"github": "string",
"type": "elastic"
},
"path": "string",
"policy_templates": [
{}
],
"readme": "string",
"release": "ga",
"signature_path": "string",
"source": {
"license": "string"
},
"status": "string",
"title": "string",
"type": "integration",
"vars": [
{}
],
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
Default value is false
.
curl \
-X POST https://localhost:5601/api/fleet/epm/packages \
-H "Content-Type: application/gzip; application/zip; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
curl \
-X POST https://localhost:5601/api/fleet/epm/packages/_bulk \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"force": false,
"packages": [
"string"
]
}
{
"items": [
{
"name": "string",
"result": {
"assets": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"installSource": "string",
"installType": "string",
"status": "installed"
},
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
curl \
-X GET https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}
{
"item": {
"agent": {
"privileges": {
"root": true
}
},
"asset_tags": [
{
"asset_ids": [
"string"
],
"asset_types": [
"string"
],
"text": "string"
}
],
"assets": {},
"categories": [
"string"
],
"conditions": {
"elastic": {
"capabilities": [
"string"
],
"subscription": "string"
},
"kibana": {
"version": "string"
}
},
"data_streams": [
{}
],
"description": "string",
"discovery": {
"fields": [
{
"name": "string"
}
]
},
"download": "string",
"elasticsearch": {},
"format_version": "string",
"icons": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"installationInfo": {
"additional_spaces_installed_kibana": {
"additionalProperty1": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"additionalProperty2": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
},
"created_at": "string",
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"install_format_schema_version": "string",
"install_source": "registry",
"install_status": "installed",
"installed_es": [
{
"deferred": true,
"id": "string",
"type": "index",
"version": "string"
}
],
"installed_kibana": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"installed_kibana_space_id": "string",
"latest_executed_state": {
"error": "string",
"name": "string",
"started_at": "string"
},
"latest_install_failed_attempts": [
{
"created_at": "string",
"error": {
"message": "string",
"name": "string",
"stack": "string"
},
"target_version": "string"
}
],
"name": "string",
"namespaces": [
"string"
],
"type": "string",
"updated_at": "string",
"verification_key_id": "string",
"verification_status": "unverified",
"version": "string"
},
"internal": true,
"keepPoliciesUpToDate": true,
"latestVersion": "string",
"license": "string",
"licensePath": "string",
"name": "string",
"notice": "string",
"owner": {
"github": "string",
"type": "elastic"
},
"path": "string",
"policy_templates": [
{}
],
"readme": "string",
"release": "ga",
"screenshots": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"signature_path": "string",
"source": {
"license": "string"
},
"status": "string",
"title": "string",
"type": "integration",
"vars": [
{}
],
"version": "string"
},
"metadata": {
"has_policies": true
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X PUT https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"keepPoliciesUpToDate": true
}
{
"item": {
"agent": {
"privileges": {
"root": true
}
},
"asset_tags": [
{
"asset_ids": [
"string"
],
"asset_types": [
"string"
],
"text": "string"
}
],
"assets": {},
"categories": [
"string"
],
"conditions": {
"elastic": {
"capabilities": [
"string"
],
"subscription": "string"
},
"kibana": {
"version": "string"
}
},
"data_streams": [
{}
],
"description": "string",
"discovery": {
"fields": [
{
"name": "string"
}
]
},
"download": "string",
"elasticsearch": {},
"format_version": "string",
"icons": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"installationInfo": {
"additional_spaces_installed_kibana": {
"additionalProperty1": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"additionalProperty2": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
},
"created_at": "string",
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"install_format_schema_version": "string",
"install_source": "registry",
"install_status": "installed",
"installed_es": [
{
"deferred": true,
"id": "string",
"type": "index",
"version": "string"
}
],
"installed_kibana": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
],
"installed_kibana_space_id": "string",
"latest_executed_state": {
"error": "string",
"name": "string",
"started_at": "string"
},
"latest_install_failed_attempts": [
{
"created_at": "string",
"error": {
"message": "string",
"name": "string",
"stack": "string"
},
"target_version": "string"
}
],
"name": "string",
"namespaces": [
"string"
],
"type": "string",
"updated_at": "string",
"verification_key_id": "string",
"verification_status": "unverified",
"version": "string"
},
"internal": true,
"keepPoliciesUpToDate": true,
"latestVersion": "string",
"license": "string",
"licensePath": "string",
"name": "string",
"notice": "string",
"owner": {
"github": "string",
"type": "elastic"
},
"path": "string",
"policy_templates": [
{}
],
"readme": "string",
"release": "ga",
"screenshots": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"signature_path": "string",
"source": {
"license": "string"
},
"status": "string",
"title": "string",
"type": "integration",
"vars": [
{}
],
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
Default value is false
.
Default value is false
.
Default value is false
.
curl \
-X POST https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"force": false,
"ignore_constraints": false
}
{
"_meta": {
"install_source": "string"
},
"items": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X DELETE https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion} \
-H "kbn-xsrf: true"
{
"items": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"transforms": [
{
"transformId": "string"
}
]
}
[
{
"success": true,
"transformId": "string"
}
]
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/packages/{pkgName}/stats
{
"response": {
"agent_policy_count": 42.0
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are logs
, metrics
, traces
, synthetics
, or profiling
.
Default value is 15
.
Values are asc
or desc
. Default value is asc
.
curl \
-X GET https://localhost:5601/api/fleet/epm/packages/installed
{
"items": [
{
"dataStreams": [
{
"name": "string",
"title": "string"
}
],
"description": "string",
"icons": [
{
"dark_mode": true,
"path": "string",
"size": "string",
"src": "string",
"title": "string",
"type": "string"
}
],
"name": "string",
"status": "string",
"title": "string",
"version": "string"
}
],
"searchAfter": [
"string"
],
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/packages/limited
{
"items": [
"string"
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are json
, yml
, or yaml
. Default value is json
.
curl \
-X GET https://localhost:5601/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs
string
{
"inputs": [
{
"id": "string",
"streams": [
{
"data_stream": {
"dataset": "string",
"type": "string"
},
"id": "string"
}
],
"type": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/epm/verification_key_id
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/enrollment_api_keys
{
"items": [
{
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
],
"list": [
{
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/enrollment_api_keys \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"expiration": "string",
"name": "string",
"policy_id": "string"
}
{
"action": "created",
"item": {
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get an enrollment API key by ID.
curl \
-X GET https://localhost:5601/api/fleet/enrollment_api_keys/{keyId}
{
"item": {
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Revoke an enrollment API key by ID by marking it as inactive.
curl \
-X DELETE https://localhost:5601/api/fleet/enrollment_api_keys/{keyId} \
-H "kbn-xsrf: true"
{
"action": "deleted"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/check-permissions
{
"error": "MISSING_SECURITY",
"success": true
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/health_check \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"id": "string"
}
{
"host_id": "string",
"name": "string",
"status": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/settings
{
"item": {
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"id": "string",
"output_secret_storage_requirements_met": true,
"preconfigured_fields": [
"fleet_server_hosts"
],
"prerelease_integrations_enabled": true,
"secret_storage_requirements_met": true,
"use_space_awareness_migration_started_at": "string",
"use_space_awareness_migration_status": "pending",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
Additional properties are NOT allowed.
curl \
-X PUT https://localhost:5601/api/fleet/settings \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"additional_yaml_config": "string",
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"kibana_ca_sha256": "string",
"kibana_urls": [
"https://example.com"
],
"prerelease_integrations_enabled": true
}
{
"item": {
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"id": "string",
"output_secret_storage_requirements_met": true,
"preconfigured_fields": [
"fleet_server_hosts"
],
"prerelease_integrations_enabled": true,
"secret_storage_requirements_met": true,
"use_space_awareness_migration_started_at": "string",
"use_space_awareness_migration_status": "pending",
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
curl \
-X POST https://localhost:5601/api/fleet/setup \
-H "kbn-xsrf: true"
{
"isInitialized": true,
"nonFatalErrors": [
{
"message": "string",
"name": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
curl \
-X POST https://localhost:5601/api/fleet/logstash_api_keys \
-H "kbn-xsrf: true"
{
"api_key": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/outputs
{
"items": [
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
At least 1
element.
Default value is false
.
Default value is false
.
Values are balanced
, custom
, throughput
, scale
, or latency
.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Value is elasticsearch
.
curl \
-X POST https://localhost:5601/api/fleet/outputs \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"service_token": {
"id": "string"
}
},
"service_token": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "remote_elasticsearch"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"string"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "logstash"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"auth_type": "none",
"broker_timeout": 42.0,
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"client_id": "string",
"compression": "gzip",
"compression_level": [],
"config_yaml": "string",
"connection_type": [],
"hash": {
"hash": "string",
"random": true
},
"headers": [
{
"key": "string",
"value": "string"
}
],
"hosts": [
"string"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"key": "string",
"name": "string",
"partition": "random",
"password": [],
"proxy_id": "string",
"random": {
"group_events": 42.0
},
"required_acks": 1,
"round_robin": {
"group_events": 42.0
},
"sasl": {
"mechanism": "PLAIN"
},
"secrets": {
"password": {
"id": "string"
},
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"timeout": 42.0,
"topic": "string",
"type": "kafka",
"username": [],
"version": "string"
}
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/outputs/{outputId}
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
At least 1
element.
Values are balanced
, custom
, throughput
, scale
, or latency
.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Value is elasticsearch
.
curl \
-X PUT https://localhost:5601/api/fleet/outputs/{outputId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": true,
"is_default_monitoring": true,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": true,
"is_default_monitoring": true,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"service_token": {
"id": "string"
}
},
"service_token": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "remote_elasticsearch"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"string"
],
"id": "string",
"is_default": true,
"is_default_monitoring": true,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "logstash"
}
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"auth_type": "none",
"broker_timeout": 42.0,
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"client_id": "string",
"compression": "gzip",
"compression_level": [],
"config_yaml": "string",
"connection_type": [],
"hash": {
"hash": "string",
"random": true
},
"headers": [
{
"key": "string",
"value": "string"
}
],
"hosts": [
"string"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"key": "string",
"name": "string",
"partition": "random",
"password": [],
"proxy_id": "string",
"random": {
"group_events": 42.0
},
"required_acks": 1,
"round_robin": {
"group_events": 42.0
},
"sasl": {
"mechanism": "PLAIN"
},
"secrets": {
"password": {
"id": "string"
},
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"timeout": 42.0,
"topic": "string",
"type": "kafka",
"username": [],
"version": "string"
}
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X DELETE https://localhost:5601/api/fleet/outputs/{outputId} \
-H "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/outputs/{outputId}/health
{
"message": "string",
"state": "string",
"timestamp": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are desc
or asc
.
Values are simplified
or legacy
.
curl \
-X GET https://localhost:5601/api/fleet/package_policies
{
"items": [
{
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are simplified
or legacy
.
You should use inputs as an object and not use the deprecated inputs array.
Package policy description
Force package policy creation even if package is not verified, or if the agent policy is managed.
Package policy unique identifier
Package policy name (should be unique)
The package policy namespace. Leave blank to inherit the agent policy's namespace.
Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Agent policy ID where that package policy will be added
Agent policy IDs where that package policy will be added
Indicates whether the package policy belongs to an agentless agent policy.
Default value is false
.
Package variable (see integration documentation for more information)
curl \
-X POST https://localhost:5601/api/fleet/package_policies \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"enabled": true,
"force": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"force": true,
"id": "string",
"inputs": {
"additionalProperty1": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
}
},
"name": "string",
"namespace": "string",
"output_id": "string",
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {}
}
{
"item": {
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Values are simplified
or legacy
.
list of package policy ids
curl \
-X POST https://localhost:5601/api/fleet/package_policies/_bulk_get \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"ids": [
"string"
],
"ignoreMissing": true
}
{
"items": [
{
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
Values are simplified
or legacy
.
curl \
-X GET https://localhost:5601/api/fleet/package_policies/{packagePolicyId}
{
"item": {
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
Update a package policy by ID.
Values are simplified
or legacy
.
Package policy description
The package policy namespace. Leave blank to inherit the agent policy's namespace.
Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Agent policy ID where that package policy will be added
Agent policy IDs where that package policy will be added
Indicates whether the package policy belongs to an agentless agent policy.
Default value is false
.
Package variable (see integration documentation for more information)
curl \
-X PUT https://localhost:5601/api/fleet/package_policies/{packagePolicyId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"enabled": true,
"force": true,
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"force": true,
"id": "string",
"inputs": {
"additionalProperty1": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
}
},
"name": "string",
"namespace": "string",
"output_id": "string",
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {}
}
{
"item": {
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete a package policy by ID.
curl \
-X DELETE https://localhost:5601/api/fleet/package_policies/{packagePolicyId} \
-H "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/package_policies/delete \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"packagePolicyIds": [
"string"
]
}
[
{
"body": {
"message": "string"
},
"id": "string",
"name": "string",
"output_id": "string",
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"statusCode": 42.0,
"success": true
}
]
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Upgrade a package policy to a newer package version.
curl \
-X POST https://localhost:5601/api/fleet/package_policies/upgrade \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"packagePolicyIds": [
"string"
]
}
[
{
"body": {
"message": "string"
},
"id": "string",
"name": "string",
"statusCode": 42.0,
"success": true
}
]
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/package_policies/upgrade/dryrun \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"packagePolicyIds": [
"string"
],
"packageVersion": "string"
}
[
{
"agent_diff": [
[
{
"data_stream": {
"namespace": "string"
},
"id": "string",
"meta": {
"package": {
"name": "string",
"version": "string"
}
},
"name": "string",
"package_policy_id": "string",
"processors": [
{
"add_fields": {
"fields": {},
"target": "string"
}
}
],
"revision": 42.0,
"streams": [
{
"data_stream": {
"dataset": "string",
"type": "string"
},
"id": "string"
}
],
"type": "string",
"use_output": "string"
}
]
],
"body": {
"message": "string"
},
"diff": [
{
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
],
"hasErrors": true,
"name": "string",
"statusCode": 42.0
}
]
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/proxies
{
"items": [
{
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Default value is false
.
curl \
-X POST https://localhost:5601/api/fleet/proxies \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
{
"item": {
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/proxies/{itemId}
{
"item": {
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X PUT https://localhost:5601/api/fleet/proxies/{itemId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"name": "string",
"proxy_headers": {},
"url": "string"
}
{
"item": {
"certificate": "string",
"certificate_authorities": "string",
"certificate_key": "string",
"id": "string",
"is_preconfigured": false,
"name": "string",
"proxy_headers": {},
"url": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X DELETE https://localhost:5601/api/fleet/proxies/{itemId} \
-H "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/fleet_server_hosts
{
"items": [
{
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
At least 1
element.
Default value is false
.
Default value is false
.
curl \
-X POST https://localhost:5601/api/fleet/fleet_server_hosts \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string"
}
{
"item": {
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X GET https://localhost:5601/api/fleet/fleet_server_hosts/{itemId}
{
"item": {
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Update a Fleet Server host by ID.
At least 1
element.
curl \
-X PUT https://localhost:5601/api/fleet/fleet_server_hosts/{itemId} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"host_urls": [
"string"
],
"is_default": true,
"is_internal": true,
"name": "string",
"proxy_id": "string"
}
{
"item": {
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete a Fleet Server host by ID.
curl \
-X DELETE https://localhost:5601/api/fleet/fleet_server_hosts/{itemId} \
-H "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
-X POST https://localhost:5601/api/fleet/service_tokens \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "kbn-xsrf: true"
# Headers
kbn-xsrf: true
# Payload
{
"remote": false
}
{
"name": "string",
"value": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
List the metadata for the latest uninstall tokens per agent policy.
curl \
-X GET https://localhost:5601/api/fleet/uninstall_tokens
{
"items": [
{
"created_at": "string",
"id": "string",
"namespaces": [
"string"
],
"policy_id": "string",
"policy_name": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Get one decrypted uninstall token by its ID.
curl \
-X GET https://localhost:5601/api/fleet/uninstall_tokens/{uninstallTokenId}
{
"item": {
"created_at": "string",
"id": "string",
"namespaces": [
"string"
],
"policy_id": "string",
"policy_name": "string",
"token": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}