Api key auth (http_api_key)
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
https://localhost:5601
The Kibana REST APIs enable you to manage resources such as connectors, data views, and saved objects. The API calls are stateless. Each request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the request. API requests return JSON output, which is a format that is machine-readable and works well for automation.
To interact with Kibana APIs, use the following operations:
You can prepend any Kibana API endpoint with kbn:
and run the request in Dev Tools → Console.
For example:
GET kbn:/api/data_views
For more information about the console, refer to Run API requests.
NOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs.
This documentation is derived from the main
branch of the kibana repository.
It is provided under license Attribution-NonCommercial-NoDerivatives 4.0 International.
This documentation contains work-in-progress information for future Elastic Stack releases.
This is version 1.0.2
of this API documentation.
Last update on Feb 11, 2025.
The API accepts 2 different authentication methods:
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
Basic auth tokens are constructed with the Basic
keyword, followed by a space, followed by a base64-encoded string of your username:password
(separated by a :
colon).
Example: send a Authorization: Basic aGVsbG86aGVsbG8=
HTTP header with your requests to authenticate with the API.
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_disable \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"untrack":true}'
# Headers
kbn-xsrf: true
# Payload
{
"untrack": true
}
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_unmute_all \
--header "kbn-xsrf: true"
Create a new annotation for a specific service.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The name of the service
curl \
--request POST https://localhost:5601/api/apm/services/{serviceName}/annotation \
--header "Content-Type: application/json" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true" \
--data '{"@timestamp":"string","message":"string","service":{"environment":"string","version":"string"},"tags":["string"]}'
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"@timestamp": "string",
"message": "string",
"service": {
"environment": "string",
"version": "string"
},
"tags": [
"string"
]
}
{
"_id": "string",
"_index": "string",
"_source": {
"@timestamp": "string",
"annotation": {
"title": "string",
"type": "string"
},
"event": {
"created": "string"
},
"message": "string",
"service": {
"environment": "string",
"name": "string",
"version": "string"
},
"tags": [
"string"
]
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Returns an array of Fleet artifacts, including source map uploads.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
curl \
--request GET https://localhost:5601/api/apm/sourcemaps \
--header "elastic-api-version: 2023-10-31"
{
"artifacts": [
{
"body": {
"bundleFilepath": "string",
"serviceName": "string",
"serviceVersion": "string",
"sourceMap": {
"file": "string",
"mappings": "string",
"sourceRoot": "string",
"sources": [
"string"
],
"sourcesContent": [
"string"
],
"version": 42.0
}
},
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
Get information about connectors that are supported for use in cases. You must have read
privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
curl \
--request GET https://localhost:5601/api/cases/configure/connectors/_find
[
{
"id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
"name": "my-Jira",
"config": {
"apiUrl": "https://elastic.atlassian.net/",
"projectKey": "ES"
},
"actionTypeId": ".jira",
"isDeprecated": false,
"isPreconfigured": false,
"isMissingSecrets": false,
"referencedByCount": 0
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Returns information about the users who opened cases. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
--request GET https://localhost:5601/api/cases/reporters
[
{
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
{
"email": "jdoe@example.com",
"username": "jdoe",
"full_name": "Jane Doe",
"profile_uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
An identifier for the connector.
curl \
--request GET https://localhost:5601/api/actions/connector/{id}
{
"id": "df770e30-8b8b-11ed-a780-3b746c987a81",
"name": "my_server_log_connector",
"config": {},
"is_deprecated": false,
"is_preconfigured": false,
"is_system_action": false,
"connector_type_id": ".server-log",
"is_missing_secrets": false
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
Additional properties are NOT allowed.
curl \
--request PUT https://localhost:5601/api/dashboards/dashboard/{id} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"attributes":{"controlGroupInput":{"autoApplySelections":true,"chainingSystem":"HIERARCHICAL","controls":[{"controlConfig":{},"grow":false,"id":"string","order":42.0,"type":"string","width":"medium"}],"enhancements":{},"ignoreParentSettings":{"ignoreFilters":false,"ignoreQuery":false,"ignoreTimerange":false,"ignoreValidations":false},"labelPosition":"oneLine"},"description":"","kibanaSavedObjectMeta":{"searchSource":{"filter":[{"$state":{"store":"appState"},"meta":{"alias":"string","controlledBy":"string","disabled":true,"field":"string","group":"string","index":"string","isMultiIndex":true,"key":"string","negate":true,"type":"string","value":"string"},"query":{}}],"query":{"language":"string","query":"string"},"sort":[{}],"type":"string"}},"options":{"hidePanelTitles":false,"syncColors":true,"syncCursor":true,"syncTooltips":true,"useMargins":true},"panels":[{"gridData":{"h":15,"i":"string","w":24,"x":42.0,"y":42.0},"id":"string","panelConfig":{"description":"string","enhancements":{},"hidePanelTitles":true,"savedObjectId":"string","title":"string","version":"string"},"panelIndex":"string","panelRefName":"string","title":"string","type":"string","version":"string"}],"refreshInterval":{"display":"string","pause":true,"section":42.0,"value":42.0},"timeFrom":"string","timeRestore":false,"timeTo":"string","title":"string","version":42.0},"references":[{"id":"string","name":"string","type":"string"}]}'
# Headers
kbn-xsrf: true
# Payload
{
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
]
}
{
"item": {
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
}
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A unique identifier for the dashboard.
curl \
--request DELETE https://localhost:5601/api/dashboards/dashboard/{id} \
--header "kbn-xsrf: true"
Data view APIs enable you to manage data views, formerly known as Kibana index patterns.
curl \
--request POST https://localhost:5601/api/data_views/data_view \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '{"data_view":{"name":"My Logstash data view","title":"logstash-*","runtimeFieldMap":{"runtime_shape_name":{"type":"keyword","script":{"source":"emit(doc['shape_name'].value)"}}}}}'
{
"data_view": {
"name": "My Logstash data view",
"title": "logstash-*",
"runtimeFieldMap": {
"runtime_shape_name": {
"type": "keyword",
"script": {
"source": "emit(doc['shape_name'].value)"
}
}
}
}
}
{
"data_view": {
"allowNoIndex": true,
"fieldAttrs": {
"additionalProperty1": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
},
"additionalProperty2": {
"count": 42,
"customDescription": "string",
"customLabel": "string"
}
},
"fieldFormats": {},
"fields": {},
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "string",
"namespaces": [
"default"
],
"runtimeFieldMap": {
"additionalProperty1": {
"script": {
"source": "string"
},
"type": "string"
},
"additionalProperty2": {
"script": {
"source": "string"
},
"type": "string"
}
},
"sourceFilters": [
{
"value": "string"
}
],
"timeFieldName": "string",
"title": "string",
"typeMeta": {
"aggs": {},
"params": {}
},
"version": "WzQ2LDJd"
}
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
The name of the runtime field.
An identifier for the data view.
curl \
--request GET https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day
{
"fields": [
{
"name": "hour_of_day",
"type": "number",
"count": 0,
"esTypes": [
"long"
],
"scripted": false,
"searchable": true,
"aggregatable": true,
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
},
"shortDotsEnable": false,
"readFromDocValues": false
}
],
"data_view": {
"id": "d3d7af60-4c81-11e8-b3d7-01146121b73d",
"name": "Kibana Sample Data Flights",
"title": "kibana_sample_data_flights",
"fields": {
"_id": {
"name": "_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_id"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Dest": {
"name": "Dest",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"Origin": {
"name": "Origin",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_index": {
"name": "_index",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_index"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_score": {
"name": "_score",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Carrier": {
"name": "Carrier",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_source": {
"name": "_source",
"type": "_source",
"count": 0,
"format": {
"id": "_source"
},
"esTypes": [
"_source"
],
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"Cancelled": {
"name": "Cancelled",
"type": "boolean",
"count": 0,
"format": {
"id": "boolean"
},
"esTypes": [
"boolean"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightNum": {
"name": "FlightNum",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"dayOfWeek": {
"name": "dayOfWeek",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"timestamp": {
"name": "timestamp",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestRegion": {
"name": "DestRegion",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestCountry": {
"name": "DestCountry",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestWeather": {
"name": "DestWeather",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelay": {
"name": "FlightDelay",
"type": "boolean",
"count": 0,
"format": {
"id": "boolean"
},
"esTypes": [
"boolean"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"hour_of_day": {
"name": "hour_of_day",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "00"
}
},
"esTypes": [
"long"
],
"scripted": false,
"searchable": true,
"aggregatable": true,
"runtimeField": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
},
"shortDotsEnable": false,
"readFromDocValues": false
},
"DestCityName": {
"name": "DestCityName",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestLocation": {
"name": "DestLocation",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginRegion": {
"name": "OriginRegion",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DestAirportID": {
"name": "DestAirportID",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DistanceMiles": {
"name": "DistanceMiles",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightTimeMin": {
"name": "FlightTimeMin",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginCountry": {
"name": "OriginCountry",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginWeather": {
"name": "OriginWeather",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"AvgTicketPrice": {
"name": "AvgTicketPrice",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelayMin": {
"name": "FlightDelayMin",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightTimeHour": {
"name": "FlightTimeHour",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginCityName": {
"name": "OriginCityName",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginLocation": {
"name": "OriginLocation",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"FlightDelayType": {
"name": "FlightDelayType",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"OriginAirportID": {
"name": "OriginAirportID",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"DistanceKilometers": {
"name": "DistanceKilometers",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
}
},
"version": "WzM2LDJd",
"fieldAttrs": {},
"allowNoIndex": false,
"fieldFormats": {
"hour_of_day": {
"id": "number",
"params": {
"pattern": "00"
}
},
"AvgTicketPrice": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
}
},
"sourceFilters": [],
"timeFieldName": "timestamp",
"runtimeFieldMap": {
"hour_of_day": {
"type": "long",
"script": {
"source": "emit(doc['timestamp'].value.getHour());"
}
}
}
}
}
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request POST https://localhost:5601/api/fleet/agents/{agentId}/upgrade \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"force":true,"skipRateLimitCheck":true,"source_uri":"string","version":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"force": true,
"skipRateLimitCheck": true,
"source_uri": "string",
"version": "string"
}
{}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
Default value is false
.
curl \
--request POST https://localhost:5601/api/fleet/agents/bulk_reassign \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"agents":["string"],"batchSize":42.0,"includeInactive":false,"policy_id":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"agents": [
"string"
],
"batchSize": 42.0,
"includeInactive": false,
"policy_id": "string"
}
{
"actionId": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].
curl \
--request DELETE https://localhost:5601/api/fleet/agent_download_sources/{sourceId} \
--header "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].
Values are simplified
or legacy
.
get full policies with package policies populated
list of package policy ids
curl \
--request POST https://localhost:5601/api/fleet/agent_policies/_bulk_get \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"full":true,"ids":["string"],"ignoreMissing":true}'
# Headers
kbn-xsrf: true
# Payload
{
"full": true,
"ids": [
"string"
],
"ignoreMissing": true
}
{
"items": [
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request DELETE https://localhost:5601/api/fleet/agents/files/{fileId} \
--header "kbn-xsrf: true"
{
"deleted": true,
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].
Default value is false
.
Default value is false
.
Default value is false
.
Default value is false
.
curl \
--request POST https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"force":false,"ignore_constraints":false}'
# Headers
kbn-xsrf: true
# Payload
{
"force": false,
"ignore_constraints": false
}
{
"_meta": {
"install_source": "string"
},
"items": [
{
"id": "string",
"originId": "string",
"type": "dashboard"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].
curl \
--request GET https://localhost:5601/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].
Values are json
, yml
, or yaml
. Default value is json
.
curl \
--request GET https://localhost:5601/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs
string
{
"inputs": [
{
"id": "string",
"streams": [
{
"data_stream": {
"dataset": "string",
"type": "string"
},
"id": "string"
}
],
"type": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].
curl \
--request GET https://localhost:5601/api/fleet/enrollment_api_keys
{
"items": [
{
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
],
"list": [
{
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request POST https://localhost:5601/api/fleet/enrollment_api_keys \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"expiration":"string","name":"string","policy_id":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"expiration": "string",
"name": "string",
"policy_id": "string"
}
{
"action": "created",
"item": {
"active": true,
"api_key": "string",
"api_key_id": "string",
"created_at": "string",
"id": "string",
"name": "string",
"policy_id": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].
curl \
--request POST https://localhost:5601/api/fleet/setup \
--header "kbn-xsrf: true"
{
"isInitialized": true,
"nonFatalErrors": [
{
"message": "string",
"name": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"message": "string"
}
Get output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].
curl \
--request GET https://localhost:5601/api/fleet/outputs/{outputId}
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Update a package policy by ID.
Values are simplified
or legacy
.
Package policy description
The package policy namespace. Leave blank to inherit the agent policy's namespace.
Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are NOT allowed.
Additional properties are NOT allowed.
Agent policy ID where that package policy will be added
Agent policy IDs where that package policy will be added
Indicates whether the package policy belongs to an agentless agent policy.
Default value is false
.
Package variable (see integration documentation for more information)
curl \
--request PUT https://localhost:5601/api/fleet/package_policies/{packagePolicyId} \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"description":"string","enabled":true,"force":true,"inputs":[{"config":{"additionalProperty1":{"frozen":true,"type":"string"},"additionalProperty2":{"frozen":true,"type":"string"}},"enabled":true,"id":"string","keep_enabled":true,"policy_template":"string","streams":[{"config":{"additionalProperty1":{"frozen":true,"type":"string"},"additionalProperty2":{"frozen":true,"type":"string"}},"data_stream":{"dataset":"string","elasticsearch":{"dynamic_dataset":true,"dynamic_namespace":true,"privileges":{"indices":["string"]}},"type":"string"},"enabled":true,"id":"string","keep_enabled":true,"release":"ga","vars":{"additionalProperty1":{"frozen":true,"type":"string"},"additionalProperty2":{"frozen":true,"type":"string"}}}],"type":"string","vars":{"additionalProperty1":{"frozen":true,"type":"string"},"additionalProperty2":{"frozen":true,"type":"string"}}}],"is_managed":true,"name":"string","namespace":"string","output_id":"string","overrides":{"inputs":{}},"package":{"experimental_data_stream_features":[{"data_stream":"string","features":{"doc_value_only_numeric":true,"doc_value_only_other":true,"synthetic_source":true,"tsdb":true}}],"name":"string","requires_root":true,"title":"string","version":"string"},"policy_id":"string","policy_ids":["string"],"supports_agentless":false,"vars":{"additionalProperty1":{"frozen":true,"type":"string"},"additionalProperty2":{"frozen":true,"type":"string"}},"version":"string"}'
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"enabled": true,
"force": true,
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"force": true,
"id": "string",
"inputs": {
"additionalProperty1": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"streams": {
"additionalProperty1": {
"enabled": true,
"vars": {}
},
"additionalProperty2": {
"enabled": true,
"vars": {}
}
},
"vars": {}
}
},
"name": "string",
"namespace": "string",
"output_id": "string",
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"supports_agentless": false,
"vars": {}
}
{
"item": {
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Delete a proxy by ID
[Required authorization] Route required privileges: ALL of [fleet-settings-all].
curl \
--request DELETE https://localhost:5601/api/fleet/proxies/{itemId} \
--header "kbn-xsrf: true"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
List the metadata for the latest uninstall tokens per agent policy.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].
curl \
--request GET https://localhost:5601/api/fleet/uninstall_tokens
{
"items": [
{
"created_at": "string",
"id": "string",
"namespaces": [
"string"
],
"policy_id": "string",
"policy_name": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs.
To manage a specific type of saved object, use the corresponding APIs. For example, use:
Warning: Do not write documents directly to the .kibana
index. When you write directly to the .kibana
index, the data becomes corrupted and permanently breaks future Kibana versions.
Superuser role required.
If a saved object cannot be decrypted using the primary encryption key, then Kibana will attempt to decrypt it using the specified decryption-only keys. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Specifies a maximum number of saved objects that Kibana can process in a single batch. Bulk key rotation is an iterative process since Kibana may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.
Default value is 10000
.
Limits encryption key rotation only to the saved objects with the specified type. By default, Kibana tries to rotate the encryption key for all saved object types that may contain encrypted attributes.
curl \
--request POST https://localhost:5601/api/encrypted_saved_objects/_rotate_key
{
"total": 1000,
"failed": 0,
"successful": 300
}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
{}
Update the attributes for multiple Kibana saved objects.
curl \
--request POST https://localhost:5601/api/saved_objects/_bulk_update \
--header "Content-Type: application/json" \
--header "kbn-xsrf: string" \
--data '[{}]'
# Headers
kbn-xsrf: string
# Payload
[
{}
]
{}
{
"error": "Bad Request",
"message": "string",
"statusCode": 400
}
Get a list of all anonymization fields.
Search query
Field to sort by
Values are created_at
, anonymized
, allowed
, field
, or updated_at
.
Sort order
Values are asc
or desc
.
Page number
Minimum value is 1
. Default value is 1
.
AnonymizationFields per page
Minimum value is 0
. Default value is 20
.
curl \
--request GET https://localhost:5601/api/security_ai_assistant/anonymization_fields/_find
{
"data": [
{
"allowed": true,
"anonymized": true,
"createdAt": "string",
"createdBy": "string",
"field": "string",
"id": "string",
"namespace": "string",
"timestamp": "string",
"updatedAt": "string",
"updatedBy": "string"
}
],
"page": 42,
"perPage": 42,
"total": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Deletes a single Knowledge Base Entry using the id
field
The Knowledge Base Entry's id
value
Minimum length is 1
.
curl \
--request DELETE https://localhost:5601/api/security_ai_assistant/knowledge_base/entries/{id}
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Export detection rules to an .ndjson
file. The following configuration items are also included in the .ndjson
file:
You cannot export prebuilt rules.
Determines whether a summary of the exported rules is returned.
Default value is false
.
File name for saving the exported rules.
Default value is export.ndjson
.
curl \
--request POST https://localhost:5601/api/detection_engine/rules/_export \
--header "Content-Type: application/json" \
--data '{"objects":[{"rule_id":"string"}]}'
{
"objects": [
{
"rule_id": "string"
}
]
}
@file
Import detection rules from an .ndjson
file, including actions and exception lists. The request must include:
Content-Type: multipart/form-data
HTTP header..ndjson
file containing the rules.Determines whether existing rules with the same rule_id
are overwritten.
Default value is false
.
Determines whether existing exception lists with the same list_id
are overwritten.
Default value is false
.
Determines whether existing actions with the same kibana.alert.rule.actions.id
are overwritten.
Default value is false
.
Generates a new list ID for each imported exception list.
Default value is false
.
curl \
--request POST https://localhost:5601/api/detection_engine/rules/_import \
--header "Content-Type: multipart/form-data" \
--form "file=@file"
{
"action_connectors_errors": [
{
"error": {
"message": "string",
"status_code": 42
},
"id": "string",
"item_id": "string",
"list_id": "string",
"rule_id": "string"
}
],
"action_connectors_success": true,
"action_connectors_success_count": 42,
"action_connectors_warnings": [
{
"actionPath": "string",
"buttonLabel": "string",
"message": "string",
"type": "string"
}
],
"errors": [
{
"error": {
"message": "string",
"status_code": 42
},
"id": "string",
"item_id": "string",
"list_id": "string",
"rule_id": "string"
}
],
"exceptions_errors": [
{
"error": {
"message": "string",
"status_code": 42
},
"id": "string",
"item_id": "string",
"list_id": "string",
"rule_id": "string"
}
],
"exceptions_success": true,
"exceptions_success_count": 42,
"rules_count": 42,
"success": true,
"success_count": 42
}
Retrieve the status of all Elastic prebuilt detection rules and Timelines.
curl \
--request GET https://localhost:5601/api/detection_engine/rules/prepackaged/_status
{
"rules_custom_installed": 42,
"rules_installed": 42,
"rules_not_installed": 42,
"rules_not_updated": 42,
"timelines_installed": 42,
"timelines_not_installed": 42,
"timelines_not_updated": 42
}