Create an alert | Kibana API

Create an alert Deprecated

POST /api/alerts/alert/{alertId}

Deprecated in 7.13.0. Use the create rule API instead.

Headers

kbn-xsrf string Required

Cross-site request forgery protection

Path parameters

alertId string Required

An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated.

application/json; Elastic-Api-Version=2023-10-31

Body Required

actions array[object]
Hide actions attributes Show actions attributes object
- actionTypeId string Required
  
  The identifier for the action type.
- group string Required
  
  Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to default.
- id string Required
  
  The ID of the action saved object.
- params object Required
  
  The map to the params that the action type will receive. params are handled as Mustache templates and passed a default set of context.
alertTypeId string Required

The ID of the alert type that you want to call when the alert is scheduled to run.
consumer string Required

The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges.
enabled boolean

Indicates if you want to run the alert on an interval basis after it is created.
name string Required

A name to reference and search.
notifyWhen string Required

The condition for throttling the notification.

Values are onActionGroupChange, onActiveAlert, or onThrottleInterval.
params object Required

The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
schedule object Required

The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
Hide schedule attribute Show schedule attribute object
- interval string
  
  The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run.
tags array[string]

A list of keywords to reference and search.
throttle string

How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.

Responses

200 application/json; Elastic-Api-Version=2023-10-31

Indicates a successful call.
Hide response attributes Show response attributes object
- actions array[object]
- alertTypeId string
- apiKeyOwner string | null
- createdAt string(date-time)
  
  The date and time that the alert was created.
- createdBy string
  
  The identifier for the user that created the alert.
- enabled boolean
  
  Indicates whether the alert is currently enabled.
- executionStatus object
  
  Hide executionStatus attributes Show executionStatus attributes object
  
  lastExecutionDate string(date-time)
  
  status string
- id string
  
  The identifier for the alert.
- muteAll boolean
- mutedInstanceIds array[string] | null
- name string
  
  The name of the alert.
- notifyWhen string
- params object
  
  Hide params attribute Show params attribute object
  
  Additional properties are allowed
- schedule object
  
  Hide schedule attribute Show schedule attribute object
  
  interval string
- scheduledTaskId string
- tags array[string]
- throttle string | null
- updatedAt string
- updatedBy string | null
  
  The identifier for the user that updated this alert most recently.
401 application/json; Elastic-Api-Version=2023-10-31

Authorization information is missing or invalid.
Hide response attributes Show response attributes object
- error string
  
  Value is Unauthorized.
- message string
- statusCode integer
  
  Value is 401.

POST /api/alerts/alert/{alertId}

curl \
 -X POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35 \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
 -H "kbn-xsrf: string"

Request examples

# Headers
kbn-xsrf: string

# Payload
{
  "actions": [
    {
      "actionTypeId": "string",
      "group": "string",
      "id": "string",
      "params": {}
    }
  ],
  "alertTypeId": "string",
  "consumer": "string",
  "enabled": true,
  "name": "string",
  "notifyWhen": "onActionGroupChange",
  "params": {},
  "schedule": {
    "interval": "10s"
  },
  "tags": [
    "string"
  ],
  "throttle": "string"
}

Response examples (200)

{
  "actions": [
    {}
  ],
  "alertTypeId": ".index-threshold",
  "apiKeyOwner": "elastic",
  "createdAt": "2022-12-05T23:36:58.284Z",
  "createdBy": "elastic",
  "enabled": true,
  "executionStatus": {
    "lastExecutionDate": "2022-12-06T00:13:43.890Z",
    "status": "ok"
  },
  "id": "b530fed0-74f5-11ed-9801-35303b735aef",
  "muteAll": false,
  "mutedInstanceIds": [
    "string"
  ],
  "name": "my alert",
  "notifyWhen": "onActionGroupChange",
  "params": {},
  "schedule": {
    "interval": "string"
  },
  "scheduledTaskId": "b530fed0-74f5-11ed-9801-35303b735aef",
  "tags": [
    "string"
  ],
  "throttle": "string",
  "updatedAt": "2022-12-05T23:36:58.284Z",
  "updatedBy": "elastic"
}

Response examples (401)

{
  "error": "Unauthorized",
  "message": "string",
  "statusCode": 401
}