Kibana API logo
Elastic APIs hub
  • Elastic Cloud API
  • Elastic Cloud Enterprise API
  • Elastic Cloud Serverless API
  • Elasticsearch API
  • Elasticsearch Serverless API
  • Kibana API
  • Kibana Serverless API
  • Observability Intake Serverless API
Back to hub page
API Changelog
Download source
  • JSON OpenAPI specification
  • YAML OpenAPI specification
Feedback
main
  • main default
  • v8

Topics

  • Introduction
  • Authentication
  • Kibana spaces

Endpoints

  • Alerting
    • Get the alerting framework health GET
    • Get the rule types GET
    • Get rule details GET
    • Update a rule PUT
    • Create a rule POST
    • Delete a rule DELETE
    • Disable a rule POST
    • Enable a rule POST
    • Mute all alerts POST
    • Unmute all alerts POST
    • Update the API key for a rule POST
    • Mute an alert POST
    • Unmute an alert POST
    • Get information about rules GET
    • Get an alert by identifier GET
    • Update an alert PUT
    • Create an alert POST
    • Delete an alert DELETE
    • Disable an alert POST
    • Enable an alert POST
    • Mute all alert instances POST
    • Unmute all alert instances POST
    • Mute an alert instance POST
    • Unmute an alert instance POST
    • Get a paginated set of alerts GET
    • Get the alerting framework health GET
    • Get the alert types GET
  • APM agent configuration
    • Get a list of agent configurations GET
    • Create or update agent configuration PUT
    • Delete agent configuration DELETE
    • Get agent name for service GET
    • Get environments for service GET
    • Lookup single agent configuration POST
    • Get single agent configuration GET
  • APM agent keys
    • Create an APM agent key POST
  • APM annotations
    • Create a service annotation POST
    • Search for annotations GET
  • APM server schema
    • Save APM server schema POST
  • APM sourcemaps
    • Get source maps GET
    • Upload source map POST
    • Delete source map DELETE
  • Cases
    • Create a case POST
    • Delete cases DELETE
    • Update cases PATCH
    • Search cases GET
    • Get case information GET
    • Get all alerts for a case GET
    • Get all case comments GET
    • Add a case comment or alert POST
    • Delete all case comments and alerts DELETE
    • Update a case comment or alert PATCH
    • Find case comments and alerts GET
    • Get a case comment or alert GET
    • Delete a case comment or alert DELETE
    • Push a case to an external service POST
    • Attach a file to a case POST
    • Get case activity GET
    • Find case activity GET
    • Get cases for an alert GET
    • Get case settings GET
    • Add case settings POST
    • Update case settings PATCH
    • Get case connectors GET
    • Get case creators GET
    • Get case status summary GET
    • Get case tags GET
  • Connectors
    • Get connector types GET
    • Get connector information GET
    • Update a connector PUT
    • Create a connector POST
    • Delete a connector DELETE
    • Run a connector POST
    • Get all connectors GET
  • Dashboards
    • Get a list of dashboards GET
    • Get a dashboard GET
    • Update an existing dashboard PUT
    • Create a dashboard POST
    • Delete a dashboard DELETE
  • Data streams
    • Get data streams GET
    • Get data streams GET
  • Data views
    • Get all data views GET
    • Create a data view POST
    • Get a data view GET
    • Update a data view POST
    • Delete a data view DELETE
    • Update data view fields metadata POST
    • Create or update a runtime field PUT
    • Create a runtime field POST
    • Get a runtime field GET
    • Update a runtime field POST
    • Delete a runtime field from a data view DELETE
    • Get the default data view GET
    • Set the default data view POST
    • Swap saved object references POST
    • Preview a saved object reference swap POST
  • Elastic Agent actions
    • Create an agent action POST
    • Reassign an agent POST
    • Request agent diagnostics POST
    • Unenroll an agent POST
    • Upgrade an agent POST
    • Get an agent action status GET
    • Cancel an agent action POST
    • Bulk reassign agents POST
    • Bulk request diagnostics from agents POST
    • Bulk unenroll agents POST
    • Bulk update agent tags POST
    • Bulk upgrade agents POST
  • Elastic Agent binary download sources
    • Get agent binary download sources GET
    • Create an agent binary download source POST
    • Get an agent binary download source GET
    • Update an agent binary download source PUT
    • Delete an agent binary download source DELETE
  • Elastic Agent policies
    • Get agent policies GET
    • Create an agent policy POST
    • Bulk get agent policies POST
    • Get an agent policy GET
    • Update an agent policy PUT
    • Copy an agent policy POST
    • Download an agent policy GET
    • Get a full agent policy GET
    • Get outputs for an agent policy GET
    • Delete an agent policy POST
    • Get outputs for agent policies POST
    • Get a full K8s agent manifest GET
    • Download an agent manifest GET
  • Elastic Agent status
    • Get an agent status summary GET
  • Elastic Agents
    • Get incoming agent data GET
    • Get agents GET
    • Get agents by action ids POST
    • Get an agent GET
    • Update an agent PUT
    • Delete an agent DELETE
    • Get agent uploads GET
    • Get available agent versions GET
    • Delete an uploaded file DELETE
    • Get an uploaded file GET
    • Get agent setup info GET
    • Initiate agent setup POST
    • Get agent tags GET
  • Elastic Package Manager (EPM)
    • Bulk get assets POST
    • Get package categories GET
    • Create a custom integration POST
    • Get packages GET
    • Install a package by upload POST
    • Bulk install packages POST
    • Get a package GET
    • Update package settings PUT
    • Install a package from the registry POST
    • Delete a package DELETE
    • Get a package file GET
    • Authorize transforms POST
    • Get package stats GET
    • Get installed packages GET
    • Get a limited package list GET
    • Get an inputs template GET
    • Get a package signature verification key ID GET
  • Fleet enrollment API keys
    • Get enrollment API keys GET
    • Create an enrollment API key POST
    • Get an enrollment API key GET
    • Revoke an enrollment API key DELETE
  • Fleet internals
    • Check permissions GET
    • Check Fleet Server health POST
    • Get settings GET
    • Update settings PUT
    • Initiate Fleet setup POST
  • Fleet outputs
    • Generate a Logstash API key POST
    • Get outputs GET
    • Create output POST
    • Get output GET
    • Update output PUT
    • Delete output DELETE
    • Get the latest output health GET
  • Fleet package policies
    • Get package policies GET
    • Create a package policy POST
    • Bulk get package policies POST
    • Get a package policy GET
    • Update a package policy PUT
    • Delete a package policy DELETE
    • Bulk delete package policies POST
    • Upgrade a package policy POST
    • Dry run a package policy upgrade POST
  • Fleet proxies
    • Get proxies GET
    • Create a proxy POST
    • Get a proxy GET
    • Update a proxy PUT
    • Delete a proxy DELETE
  • Fleet Server hosts
    • Get Fleet Server hosts GET
    • Create a Fleet Server host POST
    • Get a Fleet Server host GET
    • Update a Fleet Server host PUT
    • Delete a Fleet Server host DELETE
  • Fleet service tokens
    • Create a service token POST
  • Fleet uninstall tokens
    • Get metadata for latest uninstall tokens GET
    • Get a decrypted uninstall token GET
  • Message Signing Service
    • Rotate a Fleet message signing key pair POST
  • Machine learning
    • Sync saved objects in the default space GET
  • Roles
    • Get all roles GET
    • Get a role GET
    • Create or update a role PUT
    • Delete a role DELETE
    • Create or update roles POST
  • Saved objects
    • Rotate a key for encrypted saved objects POST
    • Create saved objects POST
    • Delete saved objects POST
    • Get saved objects POST
    • Resolve saved objects POST
    • Update saved objects POST
    • Export saved objects POST
    • Search for saved objects GET
    • Import saved objects POST
    • Resolve import errors POST
    • Create a saved object POST
    • Get a saved object GET
    • Update a saved object PUT
    • Create a saved object POST
    • Resolve a saved object GET
  • Security AI assistant
    • Apply a bulk action to anonymization fields POST
    • Get anonymization fields GET
    • Create a model response POST
    • Create a conversation POST
    • Get conversations GET
    • Get a conversation GET
    • Update a conversation PUT
    • Delete a conversation DELETE
    • Apply a bulk action to prompts POST
    • Get prompts GET
  • Security detections
    • Reads the alert index name if it exists GET
    • Create an alerts index POST
    • Delete an alerts index DELETE
    • Returns user privileges for the Kibana space GET
    • Retrieve a detection rule GET
    • Update a detection rule PUT
    • Create a detection rule POST
    • Delete a detection rule DELETE
    • Patch a detection rule PATCH
    • Apply a bulk action to detection rules POST
    • Create multiple detection rules POST
    • Delete multiple detection rules POST
    • Delete multiple detection rules DELETE
    • Update multiple detection rules PUT
    • Patch multiple detection rules PATCH
    • Export detection rules POST
    • List all detection rules GET
    • Import detection rules POST
    • Install prebuilt detection rules and Timelines PUT
    • Retrieve the status of prebuilt detection rules and Timelines GET
    • Preview rule alerts generated on specified time range POST
    • Assign and unassign users from detection alerts POST
    • Finalize detection alert migrations POST
    • Initiate a detection alert migration POST
    • Clean up detection alert migrations DELETE
    • Retrieve the status of detection alert migrations POST
    • Find and/or aggregate detection alerts POST
    • Set a detection alert status POST
    • Add and remove detection alert tags POST
    • List all detection rule tags GET
  • Security endpoint exceptions
    • Create an endpoint exception list POST
    • Get an endpoint exception list item GET
    • Update an endpoint exception list item PUT
    • Create an endpoint exception list item POST
    • Delete an endpoint exception list item DELETE
    • Get endpoint exception list items GET
  • Security endpoint management
    • Get response actions GET
    • Get response actions status GET
    • Get action details GET
    • Get file information GET
    • Download a file GET
    • Run a command POST
    • Get a file POST
    • Isolate an endpoint POST
    • Terminate a process POST
    • Get running processes POST
    • Scan a file or directory POST
    • Get actions state GET
    • Suspend a process POST
    • Release an isolated endpoint POST
    • Upload a file POST
    • Get a metadata list GET
    • Get metadata GET
    • Get a policy response GET
    • Get a protection updates note GET
    • Create or update a protection updates note POST
  • Security entity analytics
    • Get an asset criticality record GET
    • Upsert an asset criticality record POST
    • Delete an asset criticality record DELETE
    • Bulk upsert asset criticality records POST
    • List asset criticality records GET
    • Initialize the Entity Store POST
    • List the Entity Engines GET
    • Get an Entity Engine GET
    • Delete the Entity Engine DELETE
    • Initialize an Entity Engine POST
    • Start an Entity Engine POST
    • Stop an Entity Engine POST
    • Apply DataView indices to all installed engines POST
    • List Entity Store Entities GET
    • Get the status of the Entity Store GET
    • Cleanup the Risk Engine DELETE
    • Run the risk scoring engine POST
  • Security exceptions
    • Create rule exception list items POST
    • Get exception list details GET
    • Update an exception list PUT
    • Create an exception list POST
    • Delete an exception list DELETE
    • Duplicate an exception list POST
    • Export an exception list POST
    • Get exception lists GET
    • Import an exception list POST
    • Get an exception list item GET
    • Update an exception list item PUT
    • Create an exception list item POST
    • Delete an exception list item DELETE
    • Get exception list items GET
    • Get an exception list summary GET
    • Create a shared exception list POST
  • Security lists
    • Get list details GET
    • Update a list PUT
    • Create a list POST
    • Delete a list DELETE
    • Patch a list PATCH
    • Get lists GET
    • Get status of list data streams GET
    • Create list data streams POST
    • Delete list data streams DELETE
    • Get a list item GET
    • Update a list item PUT
    • Create a list item POST
    • Delete a list item DELETE
    • Patch a list item PATCH
    • Export list items POST
    • Get list items GET
    • Import list items POST
    • Get list privileges GET
  • Security Osquery
    • Get live queries GET
    • Create a live query POST
    • Get live query details GET
    • Get live query results GET
    • Get packs GET
    • Create a pack POST
    • Get pack details GET
    • Update a pack PUT
    • Delete a pack DELETE
    • Get saved queries GET
    • Create a saved query POST
    • Get saved query details GET
    • Update a saved query PUT
    • Delete a saved query DELETE
  • Security timeline
    • Get notes GET
    • Delete a note DELETE
    • Add or update a note PATCH
    • Pin an event PATCH
    • Get Timeline or Timeline template details GET
    • Create a Timeline or Timeline template POST
    • Delete Timelines or Timeline templates DELETE
    • Update a Timeline PATCH
    • Copies timeline or timeline template GET
    • Get draft Timeline or Timeline template details GET
    • Create a clean draft Timeline or Timeline template POST
    • Export Timelines POST
    • Favorite a Timeline or Timeline template PATCH
    • Import Timelines POST
    • Install prepackaged Timelines POST
    • Get an existing saved Timeline or Timeline template GET
    • Get Timelines or Timeline templates GET
  • Service level objectives
    • Get a paginated list of SLOs GET
    • Create an SLO POST
    • Batch delete rollup and summary data POST
    • Get an SLO GET
    • Update an SLO PUT
    • Delete an SLO DELETE
    • Reset an SLO POST
    • Disable an SLO POST
    • Enable an SLO POST
  • Spaces
    • Copy saved objects between spaces POST
    • Disable legacy URL aliases POST
    • Get shareable references POST
    • Update saved objects in spaces POST
    • Get all spaces GET
    • Create a space POST
    • Get a space GET
    • Update a space PUT
    • Delete a space DELETE
  • System
    • Get Kibana's current status GET
Powered by Bump.sh