Get a case comment or alert

GET /api/cases/{caseId}/comments/{commentId}

You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.

Path parameters

caseId string Required

The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
commentId string Required

The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.

Responses

200 application/json

Indicates a successful call.
One of:
Cases_alert_comment_response_properties object Cases_user_comment_response_properties object
Hide attributes Show attributes

alertId array[string]

created_at string(date-time)

created_by object

Hide created_by attributes Show created_by attributes object

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

id string

index array[string]

owner string

The application that owns the cases: Stack Management, Observability, or Elastic Security.

Values are cases, observability, or securitySolution.

pushed_at string(date-time) | null

pushed_by object | null

Hide pushed_by attributes Show pushed_by attributes object | null

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

rule object

Hide rule attributes Show rule attributes object

id string

The rule identifier.

name string

The rule name.

type string Required

Value is alert.

updated_at string(date-time) | null

updated_by object | null

Hide updated_by attributes Show updated_by attributes object | null

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

version string
Hide attributes Show attributes

comment string

created_at string(date-time)

created_by object

Hide created_by attributes Show created_by attributes object

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

id string

owner string

The application that owns the cases: Stack Management, Observability, or Elastic Security.

Values are cases, observability, or securitySolution.

pushed_at string(date-time) | null

pushed_by object | null

Hide pushed_by attributes Show pushed_by attributes object | null

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

type string Required

Value is user.

updated_at string(date-time) | null

updated_by object | null

Hide updated_by attributes Show updated_by attributes object | null

email string | null Required

full_name string | null Required

profile_uid string

username string | null Required

version string
401 application/json

Authorization information is missing or invalid.
Hide response attributes Show response attributes object
- error string
- message string
- statusCode integer

GET /api/cases/{caseId}/comments/{commentId}

curl \
 --request GET http://localhost:5622/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments/71ec1870-725b-11ea-a0b2-c51ea50a58e2 \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "id": "8048b460-fe2b-11ec-b15d-779a7c8bbcc3",
  "type": "user",
  "owner": "cases",
  "comment": "A new comment",
  "version": "WzIzLDFd",
  "pushed_at": null,
  "pushed_by": null,
  "created_at": "2023-10-07T19:32:13.104Z",
  "created_by": {
    "email": null,
    "username": "elastic",
    "full_name": null,
    "profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
  },
  "updated_at": null,
  "updated_by": null
}

Response examples (401)

{
  "error": "Unauthorized",
  "message": "string",
  "statusCode": 401
}