Api key auth (http_api_key)
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
The API accepts 2 different authentication methods:
These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: Authorization: ApiKey base64AccessApiKey
Basic auth tokens are constructed with the Basic
keyword, followed by a space, followed by a base64-encoded string of your username:password
(separated by a :
colon).
Example: send a Authorization: Basic aGVsbG86aGVsbG8=
HTTP header with your requests to authenticate with the API.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The identifier for the rule.
curl \
--request DELETE https://localhost:5601/api/alerting/rule/{id} \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_disable \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"untrack": true
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_enable \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The identifier for the rule.
curl \
--request POST https://localhost:5601/api/alerting/rule/{id}/_update_api_key \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
Deprecated in 7.13.0. Use the mute all alerts API instead.
The identifier for the alert.
curl \
--request POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/_mute_all \
--header "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the mute alert API instead.
An identifier for the alert.
An identifier for the alert instance.
curl \
--request POST https://localhost:5601/api/alerts/alert/41893910-6bca-11eb-9e0d-85d233e3ee35/alert_instance/dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2/_mute \
--header "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 7.13.0. Use the get rule types API instead.
curl \
--request GET https://localhost:5601/api/alerts/alerts/list_alert_types
[
{
"actionGroups": [
{
"id": "string",
"name": "string"
}
],
"actionVariables": {
"context": [
{
"description": "string",
"name": "string"
}
],
"params": [
{
"description": "string",
"name": "string"
}
],
"state": [
{
"description": "string",
"name": "string"
}
]
},
"authorizedConsumers": {},
"defaultActionGroupId": "string",
"enabledInLicense": true,
"id": "string",
"isExportable": true,
"minimumLicenseRequired": "string",
"name": "string",
"producer": "string",
"recoveryActionGroup": {
"id": "string",
"name": "string"
}
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
The name of the service
curl \
--request GET https://localhost:5601/api/apm/settings/agent-configuration/environments \
--header "elastic-api-version: 2023-10-31"
{
"environments": [
{
"alreadyConfigured": true,
"name": "ALL_OPTION_VALUE"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
Service name
Service environment
curl \
--request GET https://localhost:5601/api/apm/settings/agent-configuration/view \
--header "elastic-api-version: 2023-10-31"
{
"id": "string",
"@timestamp": 1730194190636,
"agent_name": "string",
"applied_by_agent": true,
"etag": "0bc3b5ebf18fba8163fe4c96f491e3767a358f85",
"service": {
"environment": "prod",
"name": "node"
},
"settings": {
"additionalProperty1": "string",
"additionalProperty2": "string"
}
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.
Search for annotations related to a specific service.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
The name of the service
The environment to filter annotations by
The start date for the search
The end date for the search
Successful response
Bad Request response
Unauthorized response
Internal Server Error response
curl \
--request GET https://localhost:5601/api/apm/services/{serviceName}/annotation/search \
--header "elastic-api-version: 2023-10-31"
{
"annotations": [
{
"@timestamp": 42.0,
"id": "string",
"text": "string",
"type": "version"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
Create APM fleet server schema.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Successful response
Additional properties are NOT allowed.
Bad Request response
Unauthorized response
Forbidden response
Not found response
curl \
--request POST https://localhost:5601/api/apm/fleet/apm_server_schema \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"schema": {
"foo": "bar"
}
}
{}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 404
}
Returns an array of Fleet artifacts, including source map uploads.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
Successful response
Bad Request response
Unauthorized response
Internal Server Error response
Not Implemented response
curl \
--request GET https://localhost:5601/api/apm/sourcemaps \
--header "elastic-api-version: 2023-10-31"
{
"artifacts": [
{
"body": {
"bundleFilepath": "string",
"serviceName": "string",
"serviceVersion": "string",
"sourceMap": {
"file": "string",
"mappings": "string",
"sourceRoot": "string",
"sources": [
"string"
],
"sourcesContent": [
"string"
],
"version": 42.0
}
},
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
]
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
The absolute path of the final bundle as used in the web application.
The name of the service that the service map should apply to.
The version of the service that the service map should apply to.
The source map. String or file upload. It must follow the source map revision 3 proposal.
Successful response
Bad Request response
Unauthorized response
Forbidden response
Internal Server Error response
Not Implemented response
curl \
--request POST https://localhost:5601/api/apm/sourcemaps \
--header "Content-Type: multipart/form-data; Elastic-Api-Version=2023-10-31" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
{
"body": "string",
"compressionAlgorithm": "string",
"created": "string",
"decodedSha256": "string",
"decodedSize": 42.0,
"encodedSha256": "string",
"encodedSize": 42.0,
"encryptionAlgorithm": "string",
"id": "string",
"identifier": "string",
"packageName": "string",
"relative_url": "string",
"type": "string"
}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
Source map identifier
Successful response
Additional properties are NOT allowed.
Bad Request response
Unauthorized response
Forbidden response
Internal Server Error response
Not Implemented response
curl \
--request DELETE https://localhost:5601/api/apm/sourcemaps/{id} \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
{}
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "string",
"statusCode": 403
}
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
An array containing users that are assigned to the case.
Not more than 10
elements.
A word or phrase that categorizes the case.
Maximum length is 50
.
Defines properties for connectors when type is .none
.
Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.
At least 0
but not more than 10
elements.
The description for the case.
Maximum length is 30000
.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
An object that contains the case settings.
Additional properties are allowed.
The severity of the case.
Values are critical
, high
, low
, or medium
. Default value is low
.
A title for the case.
Maximum length is 160
.
curl \
--request POST https://localhost:5601/api/cases \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
{
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title 1",
"settings": {
"syncAlerts": true
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": "High",
"issueType": "10006"
}
},
"description": "A case description.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
}
]
}
{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzUzMiwxXQ==",
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": "High",
"issueType": "10006"
}
},
"created_at": "2022-10-13T15:33:50.604Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": null,
"updated_by": null,
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
],
"totalComment": 0,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
curl \
--request PATCH https://localhost:5601/api/cases \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
{
"cases": [
{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"tags": [
"tag-1"
],
"version": "WzIzLDFd",
"settings": {
"syncAlerts": true
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": null,
"issueType": "10006"
}
},
"description": "A case description.",
"customFields": [
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
},
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
}
]
}
]
}
[
{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"tags": [
"tag-1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzU0OCwxXQ==",
"category": null,
"comments": [],
"duration": null,
"settings": {
"syncAlerts": true
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"parent": null,
"priority": null,
"issueType": "10006"
}
},
"created_at": "2023-10-13T09:16:17.416Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-13T09:48:33.043Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
}
],
"totalComment": 0,
"external_service": {
"pushed_at": "2023-10-13T09:20:40.672Z",
"pushed_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"external_id": "10003",
"connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8",
"external_url": "https://hms.atlassian.net/browse/IS-4",
"connector_name": "Jira",
"external_title": "IS-4"
}
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
--request GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments
{
"assignees": [
{
"uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
],
"category": "string",
"closed_at": "2025-05-04T09:42:00+00:00",
"closed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"comments": [
{
"alertId": [
"a6e12ac4-7bce-457b-84f6-d7ce8deb8446"
],
"created_at": "2023-11-06T19:29:38.424Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"id": "73362370-ab1a-11ec-985f-97e55adae8b9",
"index": [
".internal.alerts-security.alerts-default-000001"
],
"owner": "cases",
"pushed_at": "2025-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"rule": {
"id": "94d80550-aaf4-11ec-985f-97e55adae8b9",
"name": "security_rule"
},
"type": "alert",
"updated_at": "2025-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzMwNDgsMV0="
}
],
"connector": {
"fields": "string",
"id": "none",
"name": "none",
"type": ".none"
},
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"customFields": [
{
"key": "string",
"type": "text",
"value": "string"
}
],
"description": "A case description.",
"duration": 120,
"external_service": {
"connector_id": "string",
"connector_name": "string",
"external_id": "string",
"external_title": "string",
"external_url": "string",
"pushed_at": "2025-05-04T09:42:00+00:00",
"pushed_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
}
},
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"owner": "cases",
"settings": {
"syncAlerts": true
},
"severity": "low",
"status": "closed",
"tags": [
"tag-1"
],
"title": "Case title 1",
"totalAlerts": 0,
"totalComment": 0,
"updated_at": "2025-05-04T09:42:00+00:00",
"updated_by": {
"email": "string",
"full_name": "string",
"profile_uid": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"username": "elastic"
},
"version": "WzUzMiwxXQ=="
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Deletes all comments and alerts from a case. You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
curl \
--request DELETE https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
--header "kbn-xsrf: string"
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
You must have all
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The update case comment API request body varies depending on whether you are updating an alert or a comment.
Defines properties for case comment requests when type is alert.
The alert identifiers. It is required only when type
is alert
. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index
must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The identifier for the comment. To retrieve comment IDs, use the get comments API.
The alert indices. It is required only when type
is alert
. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId
array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are cases
, observability
, or securitySolution
.
The rule that is associated with the alerts. It is required only when type
is alert
. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Additional properties are allowed.
The type of comment.
Value is alert
.
The current comment version. To retrieve version values, use the get comments API.
curl \
--request PATCH https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/comments \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "An updated comment.",
"version": "Wzk1LDFd"
}
{
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"version": "WzIwNjM2LDFd",
"category": null,
"comments": [
{
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
"type": "user",
"owner": "cases",
"comment": "An updated comment.",
"version": "WzIwNjM3LDFd",
"pushed_at": null,
"pushed_by": null,
"created_at": "2023-10-24T00:37:10.832Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-24T01:27:06.210Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
}
],
"duration": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"closed_at": null,
"closed_by": null,
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"created_at": "2023-10-24T00:37:03.906Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"updated_at": "2023-10-24T01:27:06.210Z",
"updated_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"description": "A case description.",
"totalAlerts": 0,
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My new field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": false
}
],
"totalComment": 1,
"external_service": null
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Retrives a paginated list of user activity for a case. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
The page number to return.
Default value is 1
.
The number of items to return. Limited to 100 items.
Maximum value is 100
. Default value is 20
.
Determines the sort order.
Values are asc
or desc
. Default value is desc
.
Determines the types of user actions to return.
Values are action
, alert
, assignees
, attachment
, comment
, connector
, create_case
, description
, pushed
, settings
, severity
, status
, tags
, title
, or user
.
curl \
--request GET https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/user_actions/_find
{
"page": 1,
"total": 3,
"perPage": 20,
"userActions": [
{
"id": "b4cd0770-07c9-11ed-a5fd-47154cb8767e",
"type": "create_case",
"owner": "cases",
"action": "create",
"payload": {
"tags": [
"tag 1"
],
"owner": "cases",
"title": "Case title 1",
"status": "open",
"category": null,
"settings": {
"syncAlerts": false
},
"severity": "low",
"assignees": [],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"description": "A case description.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "My field value"
},
{
"key": "fcc6840d-eb14-42df-8aaf-232201a705ec",
"type": "toggle",
"value": null
}
]
},
"version": "WzM1ODg4LDFd",
"comment_id": null,
"created_at": "2023-10-20T01:17:22.150Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
{
"id": "57af14a0-03b1-11ed-920c-974bfa104448",
"type": "comment",
"owner": "cases",
"action": "create",
"payload": {
"type": "user",
"owner": "cases",
"comment": "A new comment"
},
"version": "WzM1ODg4LDFa",
"comment_id": "578608d0-03b1-11ed-920c-974bfa104448",
"created_at": "2023-10-14T20:12:53.354Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
{
"id": "573c6980-6123-11ed-aa41-81a0a61fe447",
"type": "assignees",
"owner": "cases",
"action": "add",
"payload": {
"assignees": {
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
},
"version": "WzM1ODg4LDFb",
"comment_id": null,
"created_at": "2023-10-20T01:10:28.238Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
}
]
}
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have read
privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on where the cases were created.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
--request GET https://localhost:5601/api/cases/configure
[
{
"id": "856ee650-6c82-11ee-a20a-6164169afa58",
"error": null,
"owner": "cases",
"version": "WzEyLDNd",
"mappings": [],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"templates": [
{
"key": "505932fe-ee3a-4960-a661-c781b5acdb05",
"name": "template-1",
"tags": [
"Template tag 1"
],
"caseFields": {
"tags": [
"Default case tag"
],
"title": "Default case title",
"category": "Default-category",
"settings": {
"syncAlerts": false
},
"assignees": [
{
"uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
}
],
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"description": "A default description for cases.",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"value": "Default text field value."
}
]
},
"description": "A description of the template."
}
],
"created_at": "2024-07-01T17:07:17.767Z",
"created_by": {
"email": null,
"username": "elastic",
"full_name": null
},
"updated_at": null,
"updated_by": null,
"closure_type": "close-by-user",
"customFields": [
{
"key": "d312efda-ec2b-42ec-9e2c-84981795c581",
"type": "text",
"label": "my-text-field",
"required": false,
"defaultValue": "Custom text field value."
}
]
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Returns information about the users who opened cases. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
curl \
--request GET https://localhost:5601/api/cases/reporters
[
{
"email": null,
"username": "elastic",
"full_name": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
{
"email": "jdoe@example.com",
"username": "jdoe",
"full_name": "Jane Doe",
"profile_uid": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}
]
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
curl \
--request POST https://localhost:5601/api/actions/action \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
# Headers
elastic-api-version: 2023-10-31
kbn-xsrf: true
# Payload
{
"actionTypeId": "string",
"config": {},
"name": "string",
"secrets": {}
}
{
"config": {},
"connector_type_id": "string",
"id": "string",
"is_deprecated": true,
"is_missing_secrets": true,
"is_preconfigured": true,
"is_system_action": true,
"name": "string"
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
An identifier for the connector.
curl \
--request GET https://localhost:5601/api/actions/action/{id} \
--header "elastic-api-version: 2023-10-31"
{
"config": {},
"connector_type_id": "string",
"id": "string",
"is_deprecated": true,
"is_missing_secrets": true,
"is_preconfigured": true,
"is_system_action": true,
"name": "string"
}
WARNING: When you delete a connector, it cannot be recovered.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
An identifier for the connector.
curl \
--request DELETE https://localhost:5601/api/actions/action/{id} \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
A required header to protect against CSRF attacks
An identifier for the connector.
Test an action that acknowledges or resolves a PagerDuty alert.
curl \
--request POST https://localhost:5601/api/actions/connector/{id}/_execute \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "elastic-api-version: 2023-10-31" \
--header "kbn-xsrf: true"
{
"params": {
"documents": [
{
"id": "my_doc_id",
"name": "my_doc_name",
"message": "hello, world"
}
]
}
}
{
"params": {
"subAction": "issueTypes"
}
}
{
"params": {
"subAction": "getChoices",
"subActionParams": {
"fields": [
"severity",
"urgency"
]
}
}
}
{
"params": {
"subAction": "postMessage",
"subActionParams": {
"text": "A test message.",
"channelIds": [
"C123ABC456"
]
}
}
}
{
"params": {
"subAction": "pushToService",
"subActionParams": {
"comments": [
{
"comment": "A comment about the incident.",
"commentId": 1
}
],
"incident": {
"caseId": "1000",
"caseName": "Case name",
"description": "Description of the incident."
}
}
}
}
{
"data": {
"took": 135,
"items": [
{
"create": {
"_id": "4JtvwYUBrcyxt2NnfW3y",
"_index": "my-index",
"result": "created",
"status": 201,
"_seq_no": 0,
"_shards": {
"total": 2,
"failed": 0,
"successful": 1
},
"_version": 1,
"_primary_term": 1
}
}
],
"errors": false
},
"status": "ok",
"connector_id": "fd38c600-96a5-11ed-bb79-353b74189cba"
}
{
"data": [
{
"id": 10024,
"name": "Improvement"
},
{
"id": 10006,
"name": "Task"
},
{
"id": 10007,
"name": "Sub-task"
},
{
"id": 10025,
"name": "New Feature"
},
{
"id": 10023,
"name": "Bug"
},
{
"id": 10000,
"name": "Epic"
}
],
"status": "ok",
"connector_id": "b3aad810-edbe-11ec-82d1-11348ecbf4a6"
}
{
"status": "ok",
"connector_id": "7fc7b9a0-ecc9-11ec-8736-e7d63118c907"
}
{
"data": [
{
"label": "Critical",
"value": 1,
"element": "severity",
"dependent_value": ""
},
{
"label": "Major",
"value": 2,
"element": "severity",
"dependent_value": ""
},
{
"label": "Minor",
"value": 3,
"element": "severity",
"dependent_value": ""
},
{
"label": "Warning",
"value": 4,
"element": "severity",
"dependent_value": ""
},
{
"label": "OK",
"value": 5,
"element": "severity",
"dependent_value": ""
},
{
"label": "Clear",
"value": 0,
"element": "severity",
"dependent_value": ""
},
{
"label": "1 - High",
"value": 1,
"element": "urgency",
"dependent_value": ""
},
{
"label": "2 - Medium",
"value": 2,
"element": "urgency",
"dependent_value": ""
},
{
"label": "3 - Low",
"value": 3,
"element": "urgency",
"dependent_value": ""
}
],
"status": "ok",
"connector_id": "9d9be270-2fd2-11ed-b0e0-87533c532698"
}
{
"data": {
"ok": true,
"ts": "1234567890.123456",
"channel": "C123ABC456",
"message": {
"ts": "1234567890.123456",
"team": "T01ABCDE2F",
"text": "A test message",
"type": "message",
"user": "U12A345BC6D",
"app_id": "A01BC2D34EF",
"blocks": [
{
"type": "rich_text",
"block_id": "/NXe",
"elements": [
{
"type": "rich_text_section",
"elements": [
{
"text": "A test message.",
"type": "text"
}
]
}
]
}
],
"bot_id": "B12BCDEFGHI",
"bot_profile": {
"id": "B12BCDEFGHI",
"name": "test",
"icons": {
"image_36": "https://a.slack-edge.com/80588/img/plugins/app/bot_36.png"
},
"app_id": "A01BC2D34EF",
"deleted": false,
"team_id": "T01ABCDE2F",
"updated": 1672169705
}
}
},
"status": "ok",
"connector_id": ".slack_api"
}
{
"data": {
"id": "aKPmBHWzmdRQtx6Mx",
"url": "https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx",
"title": "TEST-457",
"comments": [
{
"commentId": 1,
"pushedDate": "2022-09-08T16:52:27.865Z"
}
],
"pushedDate": "2022-09-08T16:52:27.866Z"
},
"status": "ok",
"connector_id": "a4746470-2f94-11ed-b0e0-87533c532698"
}
The version of the API to use
Value is 2023-10-31
. Default value is 2023-10-31
.
curl \
--request GET https://localhost:5601/api/actions/list_action_types \
--header "elastic-api-version: 2023-10-31"
curl \
--request GET https://localhost:5601/api/fleet/data_streams
{
"data_streams": [
{
"dashboard": [
{
"id": "string",
"title": "string"
}
],
"dataset": "string",
"index": "string",
"last_activity_ms": 42.0,
"namespace": "string",
"package": "string",
"package_version": "string",
"size_in_bytes": 42.0,
"size_in_bytes_formatted": "string",
"type": "string"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
An identifier for the data view.
curl \
--request GET https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f
{
"data_view": {
"id": "ff959d40-b880-11e8-a6d9-e546fe2bba5f",
"name": "Kibana Sample Data eCommerce",
"title": "kibana_sample_data_ecommerce",
"fields": {
"_id": {
"name": "_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_id"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"sku": {
"name": "sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"type": {
"name": "type",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"user": {
"name": "user",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"email": {
"name": "email",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"_index": {
"name": "_index",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"_index"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_score": {
"name": "_score",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"_source": {
"name": "_source",
"type": "_source",
"count": 0,
"format": {
"id": "_source"
},
"esTypes": [
"_source"
],
"isMapped": true,
"scripted": false,
"searchable": false,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"category": {
"name": "category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"currency": {
"name": "currency",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_id": {
"name": "order_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"order_date": {
"name": "order_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_id": {
"name": "customer_id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week": {
"name": "day_of_week",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer": {
"name": "manufacturer",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products._id": {
"name": "products._id",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.sku": {
"name": "products.sku",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"day_of_week_i": {
"name": "day_of_week_i",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"event.dataset": {
"name": "event.dataset",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_phone": {
"name": "customer_phone",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.location": {
"name": "geoip.location",
"type": "geo_point",
"count": 0,
"format": {
"id": "geo_point",
"params": {
"transform": "wkt"
}
},
"esTypes": [
"geo_point"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.price": {
"name": "products.price",
"type": "number",
"count": 1,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_quantity": {
"name": "total_quantity",
"type": "number",
"count": 1,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_gender": {
"name": "customer_gender",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.city_name": {
"name": "geoip.city_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"category.keyword": {
"name": "category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.region_name": {
"name": "geoip.region_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category": {
"name": "products.category",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.quantity": {
"name": "products.quantity",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name": {
"name": "customer_full_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"customer_last_name": {
"name": "customer_last_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.min_price": {
"name": "products.min_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxful_total_price": {
"name": "taxful_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_birth_date": {
"name": "customer_birth_date",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name": {
"name": "customer_first_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.base_price": {
"name": "products.base_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.created_on": {
"name": "products.created_on",
"type": "date",
"count": 0,
"format": {
"id": "date"
},
"esTypes": [
"date"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_id": {
"name": "products.product_id",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"long"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.tax_amount": {
"name": "products.tax_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"taxless_total_price": {
"name": "taxless_total_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.continent_name": {
"name": "geoip.continent_name",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"manufacturer.keyword": {
"name": "manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products._id.keyword": {
"name": "products._id.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products._id"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer": {
"name": "products.manufacturer",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.product_name": {
"name": "products.product_name",
"type": "string",
"count": 1,
"format": {
"id": "string"
},
"esTypes": [
"text"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": false,
"shortDotsEnable": false,
"readFromDocValues": false
},
"products.taxful_price": {
"name": "products.taxful_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"total_unique_products": {
"name": "total_unique_products",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"integer"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"geoip.country_iso_code": {
"name": "geoip.country_iso_code",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.taxless_price": {
"name": "products.taxless_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.base_unit_price": {
"name": "products.base_unit_price",
"type": "number",
"count": 0,
"format": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_amount": {
"name": "products.discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.category.keyword": {
"name": "products.category.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.category"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_full_name.keyword": {
"name": "customer_full_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_full_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_last_name.keyword": {
"name": "customer_last_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_last_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"customer_first_name.keyword": {
"name": "customer_first_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "customer_first_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.discount_percentage": {
"name": "products.discount_percentage",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.manufacturer.keyword": {
"name": "products.manufacturer.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.manufacturer"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.product_name.keyword": {
"name": "products.product_name.keyword",
"type": "string",
"count": 0,
"format": {
"id": "string"
},
"esTypes": [
"keyword"
],
"subType": {
"multi": {
"parent": "products.product_name"
}
},
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
},
"products.unit_discount_amount": {
"name": "products.unit_discount_amount",
"type": "number",
"count": 0,
"format": {
"id": "number"
},
"esTypes": [
"half_float"
],
"isMapped": true,
"scripted": false,
"searchable": true,
"aggregatable": true,
"shortDotsEnable": false,
"readFromDocValues": true
}
},
"version": "WzUsMV0=",
"typeMeta": {},
"fieldAttrs": {
"products.price": {
"count": 1
},
"total_quantity": {
"count": 1
},
"products.manufacturer": {
"count": 1
},
"products.product_name": {
"count": 1
}
},
"namespaces": [
"default"
],
"allowNoIndex": false,
"fieldFormats": {
"products.price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.min_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxful_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.[00]"
}
},
"products.base_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"taxless_total_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxful_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.taxless_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
},
"products.base_unit_price": {
"id": "number",
"params": {
"pattern": "$0,0.00"
}
}
},
"sourceFilters": [],
"timeFieldName": "order_date",
"runtimeFieldMap": {}
}
}
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
WARNING: When you delete a data view, it cannot be recovered.
An identifier for the data view.
curl \
--request DELETE https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f \
--header "kbn-xsrf: string"
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
The name of the runtime field.
An identifier for the data view.
curl \
--request DELETE https://localhost:5601/api/data_views/data_view/ff959d40-b880-11e8-a6d9-e546fe2bba5f/runtime_field/hour_of_day
{
"error": "Not Found",
"message": "Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found",
"statusCode": 404
}
Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.
Deletes referenced saved object if all references are removed.
Limit the affected saved objects to one or more by identifier.
Limit the affected saved objects by type.
The saved object reference to change.
Specify the type of the saved object reference to alter. The default value is index-pattern
for data views.
New saved object reference value to replace the old value.
curl \
--request POST https://localhost:5601/api/data_views/swap_references \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
{
"toId": "xyz-123",
"delete": true,
"fromId": "abcd-efg"
}
{
"deleteStatus": {
"deletePerformed": true,
"remainingRefs": 42
},
"result": [
{
"id": "string",
"type": "string"
}
]
}
Kibana's anti Cross-Site Request Forgery token. Can be any string value.
curl \
--request DELETE https://localhost:5601/api/fleet/agent_download_sources/{sourceId} \
--header "kbn-xsrf: string"
{
"id": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Kibana's anti Cross-Site Request Forgery token. Can be any string value.
Force agent policy creation even if packages are not verified.
Values are metrics
or logs
.
curl \
--request POST https://localhost:5601/api/fleet/agent_policies \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
# Headers
kbn-xsrf: string
# Payload
{
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"force": true,
"global_data_tags": [
{}
],
"id": "string",
"inactivity_timeout": 42,
"is_protected": true,
"monitoring_enabled": [
"metrics"
],
"monitoring_output_id": "string",
"name": "string",
"namespace": "string",
"unenroll_timeout": 42
}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{}
],
"id": "string",
"inactivity_timeout": 42,
"is_protected": true,
"keep_monitoring_alive": true,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"metrics"
],
"monitoring_http": {
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
{
"id": "string",
"inputs": [
{
"config": {},
"enabled": true,
"processors": [
"string"
],
"streams": [],
"type": "string",
"vars": {}
}
],
"revision": 42.0,
"description": "string",
"enabled": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {},
"package": {
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
]
}
],
"revision": 42.0,
"supports_agentless": true,
"unenroll_timeout": 42,
"unprivileged_agents": 42.0,
"updated_by": "string",
"updated_on": "2025-05-04T09:42:00+00:00"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Simplified or legacy format for package inputs
Values are simplified
or legacy
.
get full policies with package policies populated
list of agent policy ids
curl \
--request POST https://localhost:5601/api/fleet/agent_policies/_bulk_get \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
{
"full": true,
"ids": [
"string"
],
"ignoreMissing": true
}
{
"items": [
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{}
],
"id": "string",
"inactivity_timeout": 42,
"is_protected": true,
"keep_monitoring_alive": true,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"metrics"
],
"monitoring_http": {
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
{
"id": "string",
"inputs": [
{
"config": {},
"enabled": true,
"processors": [
"string"
],
"streams": [],
"type": "string",
"vars": {}
}
],
"revision": 42.0,
"description": "string",
"enabled": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {},
"package": {
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
]
}
],
"revision": 42.0,
"supports_agentless": true,
"unenroll_timeout": 42,
"unprivileged_agents": 42.0,
"updated_by": "string",
"updated_on": "2025-05-04T09:42:00+00:00"
}
]
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Simplified or legacy format for package inputs
Values are simplified
or legacy
.
curl \
--request GET https://localhost:5601/api/fleet/agent_policies/{agentPolicyId}
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{}
],
"id": "string",
"inactivity_timeout": 42,
"is_protected": true,
"keep_monitoring_alive": true,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"metrics"
],
"monitoring_http": {
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
{
"id": "string",
"inputs": [
{
"config": {},
"enabled": true,
"processors": [
"string"
],
"streams": [],
"type": "string",
"vars": {}
}
],
"revision": 42.0,
"description": "string",
"enabled": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {},
"package": {
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
]
}
],
"revision": 42.0,
"supports_agentless": true,
"unenroll_timeout": 42,
"unprivileged_agents": 42.0,
"updated_by": "string",
"updated_on": "2025-05-04T09:42:00+00:00"
}
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
Kibana's anti Cross-Site Request Forgery token. Can be any string value.
curl \
--request POST https://localhost:5601/api/fleet/agent_policies/delete \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
--header "kbn-xsrf: string"
# Headers
kbn-xsrf: string
# Payload
{
"agentPolicyId": "string",
"force": true
}
{
"id": "string",
"success": true
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}
curl \
--request GET https://localhost:5601/api/fleet/agent_status
{
"active": 42,
"all": 42,
"error": 42,
"events": 42,
"inactive": 42,
"offline": 42,
"online": 42,
"other": 42,
"total": 42,
"unenrolled": 42,
"updating": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42.0
}