Get the rule types
If you have read
privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, and Security features. To get rule types associated with the Stack Monitoring feature, use the monitoring_user
built-in role.
GET
/api/alerting/rule_types
curl \
-X GET https://localhost:5601/api/alerting/rule_types
Response examples (200)
[
{
"id": "xpack.ml.anomaly_detection_alert",
"name": "Anomaly detection alert",
"alerts": {
"context": "ml.anomaly-detection",
"mappings": {
"fieldMap": {
"kibana.alert.job_id": {
"type": "keyword",
"array": false,
"required": true
},
"kibana.alert.is_interim": {
"type": "boolean",
"array": false,
"required": false
},
"kibana.alert.top_records": {
"type": "object",
"array": true,
"dynamic": false,
"required": false,
"properties": {
"actual": {
"type": "double"
},
"job_id": {
"type": "keyword"
},
"typical": {
"type": "double"
},
"function": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"field_name": {
"type": "keyword"
},
"is_interim": {
"type": "boolean"
},
"record_score": {
"type": "double"
},
"by_field_name": {
"type": "keyword"
},
"by_field_value": {
"type": "keyword"
},
"detector_index": {
"type": "integer"
},
"over_field_name": {
"type": "keyword"
},
"over_field_value": {
"type": "keyword"
},
"initial_record_score": {
"type": "double"
},
"partition_field_name": {
"type": "keyword"
},
"partition_field_value": {
"type": "keyword"
}
}
},
"kibana.alert.anomaly_score": {
"type": "double",
"array": false,
"required": false
},
"kibana.alert.top_influencers": {
"type": "object",
"array": true,
"dynamic": false,
"required": false,
"properties": {
"job_id": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"is_interim": {
"type": "boolean"
},
"influencer_score": {
"type": "double"
},
"influencer_field_name": {
"type": "keyword"
},
"influencer_field_value": {
"type": "keyword"
},
"initial_influencer_score": {
"type": "double"
}
}
},
"kibana.alert.anomaly_timestamp": {
"type": "date",
"array": false,
"required": false
}
}
},
"shouldWrite": true
},
"category": "management",
"producer": "ml",
"action_groups": [
{
"id": "anomaly_score_match",
"name": "Anomaly score matched the condition"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"is_exportable": true,
"action_variables": {
"state": [],
"params": [],
"context": [
{
"name": "timestamp",
"description": "The bucket timestamp of the anomaly"
},
{
"name": "timestampIso8601",
"description": "The bucket time of the anomaly in ISO8601 format"
},
{
"name": "jobIds",
"description": "List of job IDs that triggered the alert"
},
{
"name": "message",
"description": "Alert info message"
},
{
"name": "isInterim",
"description": "Indicate if top hits contain interim results"
},
{
"name": "score",
"description": "Anomaly score at the time of the notification action"
},
{
"name": "topRecords",
"description": "Top records"
},
{
"name": "topInfluencers",
"description": "Top influencers"
},
{
"name": "anomalyExplorerUrl",
"description": "URL to open in the Anomaly Explorer",
"useWithTripleBracesInTemplates": true
}
]
},
"rule_task_timeout": "5m",
"enabled_in_license": true,
"has_alerts_mappings": true,
"authorized_consumers": {
"ml": {
"all": true,
"read": true
},
"apm": {
"all": true,
"read": true
},
"slo": {
"all": true,
"read": true
},
"logs": {
"all": true,
"read": true
},
"siem": {
"all": true,
"read": true
},
"alerts": {
"all": true,
"read": true
},
"uptime": {
"all": true,
"read": true
},
"discover": {
"all": true,
"read": true
},
"monitoring": {
"all": true,
"read": true
},
"stackAlerts": {
"all": true,
"read": true
},
"infrastructure": {
"all": true,
"read": true
}
},
"has_fields_for_a_a_d": false,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"default_action_group_id": "anomaly_score_match",
"minimum_license_required": "platinum",
"does_set_recovery_context": true
},
{
"id": "xpack.ml.anomaly_detection_jobs_health",
"name": "Anomaly detection jobs health",
"category": "management",
"producer": "ml",
"action_groups": [
{
"id": "anomaly_detection_realtime_issue",
"name": "Issue detected"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"is_exportable": true,
"action_variables": {
"state": [],
"params": [],
"context": [
{
"name": "results",
"description": "Results of the rule execution"
},
{
"name": "message",
"description": "Alert info message"
}
]
},
"rule_task_timeout": "5m",
"enabled_in_license": true,
"has_alerts_mappings": false,
"authorized_consumers": {
"ml": {
"all": true,
"read": true
},
"apm": {
"all": true,
"read": true
},
"slo": {
"all": true,
"read": true
},
"logs": {
"all": true,
"read": true
},
"siem": {
"all": true,
"read": true
},
"alerts": {
"all": true,
"read": true
},
"uptime": {
"all": true,
"read": true
},
"discover": {
"all": true,
"read": true
},
"monitoring": {
"all": true,
"read": true
},
"stackAlerts": {
"all": true,
"read": true
},
"infrastructure": {
"all": true,
"read": true
}
},
"has_fields_for_a_a_d": false,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"default_action_group_id": "anomaly_detection_realtime_issue",
"minimum_license_required": "platinum",
"does_set_recovery_context": true
}
]
Response examples (401)
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}