Get source maps
Get an array of Fleet artifacts, including source map uploads. You must have read or all Kibana privileges for the APM and User Experience feature.
Headers
-
elastic-api-version
string Required The version of the API to use
Value is
2023-10-31. Default value is2023-10-31.
GET
/api/apm/sourcemaps
curl -X GET "http://localhost:5601/api/apm/sourcemaps" \
-H 'Content-Type: application/json' \
-H 'kbn-xsrf: true' \
-H 'Authorization: ApiKey ${YOUR_API_KEY}'
Response examples (200)
A successful response from `GET /api/apm/sourcemaps`.
{
"artifacts": [
{
"type": "sourcemap",
"identifier": "foo-1.0.0",
"relative_url": "/api/fleet/artifacts/foo-1.0.0/644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"body": {
"serviceName": "foo",
"serviceVersion": "1.0.0",
"bundleFilepath": "/test/e2e/general-usecase/bundle.js",
"sourceMap": {
"version": 3,
"file": "static/js/main.chunk.js",
"sources": [
"fleet-source-map-client/src/index.css",
"fleet-source-map-client/src/App.js",
"webpack:///./src/index.css?bb0a",
"fleet-source-map-client/src/index.js",
"fleet-source-map-client/src/reportWebVitals.js"
],
"sourcesContent": [
"content"
],
"mappings": "mapping",
"sourceRoot": ""
}
},
"created": "2021-07-09T20:47:44.812Z",
"id": "apm:foo-1.0.0-644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"compressionAlgorithm": "zlib",
"decodedSha256": "644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456",
"decodedSize": 441,
"encodedSha256": "024c72749c3e3dd411b103f7040ae62633558608f480bce4b108cf5b2275bd24",
"encodedSize": 237,
"encryptionAlgorithm": "none",
"packageName": "apm"
}
]
}
Response examples (400)
{
"error": "Not Found",
"message": "Not Found",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "string",
"statusCode": 401
}
Response examples (500)
{
"error": "Internal Server Error",
"message": "string",
"statusCode": 500
}
Response examples (501)
{
"error": "Not Implemented",
"message": "Not Implemented",
"statusCode": 501
}
Create a dashboard
Technical Preview
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Path parameters
-
id
string A unique identifier for the dashboard.
Body
-
attributes
object Required Additional properties are NOT allowed.
-
references
array[object] -
spaces
array[string]
POST
/api/dashboards/dashboard/{id}
curl \
--request POST 'https://<KIBANA_URL>/api/dashboards/dashboard/{id}' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"attributes":{"controlGroupInput":{"autoApplySelections":true,"chainingSystem":"HIERARCHICAL","controls":[{"controlConfig":{},"grow":false,"id":"string","order":42.0,"type":"string","width":"medium"}],"enhancements":{},"ignoreParentSettings":{"ignoreFilters":false,"ignoreQuery":false,"ignoreTimerange":false,"ignoreValidations":false},"labelPosition":"oneLine"},"description":"","kibanaSavedObjectMeta":{"searchSource":{"filter":[{"$state":{"store":"appState"},"meta":{"alias":"string","controlledBy":"string","disabled":true,"field":"string","group":"string","index":"string","isMultiIndex":true,"key":"string","negate":true,"type":"string","value":"string"},"query":{}}],"query":{"language":"string","query":"string"},"sort":[{}],"type":"string"}},"options":{"hidePanelTitles":false,"syncColors":true,"syncCursor":true,"syncTooltips":true,"useMargins":true},"panels":[{"gridData":{"h":15,"i":"string","w":24,"x":42.0,"y":42.0},"id":"string","panelConfig":{"description":"string","enhancements":{},"hidePanelTitles":true,"savedObjectId":"string","title":"string","version":"string"},"panelIndex":"string","panelRefName":"string","title":"string","type":"string","version":"string"}],"refreshInterval":{"display":"string","pause":true,"section":42.0,"value":42.0},"tags":["string"],"timeFrom":"string","timeRestore":false,"timeTo":"string","title":"string","version":42.0},"references":[{"id":"string","name":"string","type":"string"}],"spaces":["string"]}'
Request examples
# Headers
kbn-xsrf: true
# Payload
{
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"tags": [
"string"
],
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"spaces": [
"string"
]
}
Response examples (200)
{
"item": {
"attributes": {
"controlGroupInput": {
"autoApplySelections": true,
"chainingSystem": "HIERARCHICAL",
"controls": [
{
"controlConfig": {},
"grow": false,
"id": "string",
"order": 42.0,
"type": "string",
"width": "medium"
}
],
"enhancements": {},
"ignoreParentSettings": {
"ignoreFilters": false,
"ignoreQuery": false,
"ignoreTimerange": false,
"ignoreValidations": false
},
"labelPosition": "oneLine"
},
"description": "",
"kibanaSavedObjectMeta": {
"searchSource": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": "string",
"controlledBy": "string",
"disabled": true,
"field": "string",
"group": "string",
"index": "string",
"isMultiIndex": true,
"key": "string",
"negate": true,
"type": "string",
"value": "string"
},
"query": {}
}
],
"query": {
"language": "string",
"query": "string"
},
"sort": [
{}
],
"type": "string"
}
},
"options": {
"hidePanelTitles": false,
"syncColors": true,
"syncCursor": true,
"syncTooltips": true,
"useMargins": true
},
"panels": [
{
"gridData": {
"h": 15,
"i": "string",
"w": 24,
"x": 42.0,
"y": 42.0
},
"id": "string",
"panelConfig": {
"description": "string",
"enhancements": {},
"hidePanelTitles": true,
"savedObjectId": "string",
"title": "string",
"version": "string"
},
"panelIndex": "string",
"panelRefName": "string",
"title": "string",
"type": "string",
"version": "string"
}
],
"refreshInterval": {
"display": "string",
"pause": true,
"section": 42.0,
"value": 42.0
},
"tags": [
"string"
],
"timeFrom": "string",
"timeRestore": false,
"timeTo": "string",
"title": "string",
"version": 42.0
},
"createdAt": "string",
"createdBy": "string",
"error": {
"error": "string",
"message": "string",
"metadata": {},
"statusCode": 42.0
},
"id": "string",
"managed": true,
"namespaces": [
"string"
],
"originId": "string",
"references": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
"type": "string",
"updatedAt": "string",
"updatedBy": "string",
"version": "string"
}
}Get data streams
[Required authorization] Route required privileges: fleet-agents-all AND fleet-agent-policies-all AND fleet-settings-all.
GET
/api/fleet/data_streams
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/data_streams' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"data_streams": [
{
"dashboards": [
{
"id": "string",
"title": "string"
}
],
"dataset": "string",
"index": "string",
"last_activity_ms": 42.0,
"namespace": "string",
"package": "string",
"package_version": "string",
"serviceDetails": {
"environment": "string",
"serviceName": "string"
},
"size_in_bytes": 42.0,
"size_in_bytes_formatted": 42.0,
"type": "string"
}
]
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Create an agent policy
[Required authorization] Route required privileges: fleet-agent-policies-all.
Query parameters
-
sys_monitoring
boolean
Body
-
advanced_settings
object Additional properties are NOT allowed.
-
agent_features
array[object] -
agentless
object Additional properties are NOT allowed.
-
data_output_id
string | null -
description
string -
download_source_id
string | null -
fleet_server_host_id
string | null -
force
boolean -
has_fleet_server
boolean -
id
string -
inactivity_timeout
number Minimum value is
0. Default value is1209600. -
is_default
boolean -
is_default_fleet_server
boolean -
is_managed
boolean -
is_protected
boolean -
keep_monitoring_alive
boolean | null When set to true, monitoring will be enabled but logs/metrics collection will be disabled
Default value is
false. -
monitoring_diagnostics
object Additional properties are NOT allowed.
-
monitoring_enabled
array[string] Values are
logs,metrics, ortraces. -
monitoring_http
object Additional properties are NOT allowed.
-
monitoring_output_id
string | null -
monitoring_pprof_enabled
boolean -
name
string Required Minimum length is
1. -
namespace
string Required Minimum length is
1. -
overrides
object | null Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
Additional properties are allowed.
-
required_versions
array[object] | null -
space_ids
array[string] -
supports_agentless
boolean | null Indicates whether the agent policy supports agentless integrations.
Default value is
false. -
unenroll_timeout
number Minimum value is
0.
POST
/api/fleet/agent_policies
curl \
--request POST 'https://<KIBANA_URL>/api/fleet/agent_policies' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"advanced_settings":{},"agent_features":[{"enabled":true,"name":"string"}],"agentless":{"resources":{"requests":{"cpu":"string","memory":"string"}}},"data_output_id":"string","description":"string","download_source_id":"string","fleet_server_host_id":"string","force":true,"global_data_tags":[{"name":"string","value":"string"}],"has_fleet_server":true,"id":"string","inactivity_timeout":1209600,"is_default":true,"is_default_fleet_server":true,"is_managed":true,"is_protected":true,"keep_monitoring_alive":false,"monitoring_diagnostics":{"limit":{"burst":42.0,"interval":"string"},"uploader":{"init_dur":"string","max_dur":"string","max_retries":42.0}},"monitoring_enabled":["logs"],"monitoring_http":{"buffer":{"enabled":false},"enabled":true,"host":"string","port":42.0},"monitoring_output_id":"string","monitoring_pprof_enabled":true,"name":"string","namespace":"string","overrides":{},"required_versions":[{"percentage":42.0,"version":"string"}],"space_ids":["string"],"supports_agentless":false,"unenroll_timeout":42.0}'
Request examples
# Headers
kbn-xsrf: true
# Payload
{
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"force": true,
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"space_ids": [
"string"
],
"supports_agentless": false,
"unenroll_timeout": 42.0
}
Response examples (200)
{
"item": {
"advanced_settings": {},
"agent_features": [
{
"enabled": true,
"name": "string"
}
],
"agentless": {
"resources": {
"requests": {
"cpu": "string",
"memory": "string"
}
}
},
"agents": 42.0,
"data_output_id": "string",
"description": "string",
"download_source_id": "string",
"fleet_server_host_id": "string",
"global_data_tags": [
{
"name": "string",
"value": "string"
}
],
"has_fleet_server": true,
"id": "string",
"inactivity_timeout": 1209600,
"is_default": true,
"is_default_fleet_server": true,
"is_managed": true,
"is_preconfigured": true,
"is_protected": true,
"keep_monitoring_alive": false,
"monitoring_diagnostics": {
"limit": {
"burst": 42.0,
"interval": "string"
},
"uploader": {
"init_dur": "string",
"max_dur": "string",
"max_retries": 42.0
}
},
"monitoring_enabled": [
"logs"
],
"monitoring_http": {
"buffer": {
"enabled": false
},
"enabled": true,
"host": "string",
"port": 42.0
},
"monitoring_output_id": "string",
"monitoring_pprof_enabled": true,
"name": "string",
"namespace": "string",
"overrides": {},
"package_policies": [
"string"
],
"required_versions": [
{
"percentage": 42.0,
"version": "string"
}
],
"revision": 42.0,
"schema_version": "string",
"space_ids": [
"string"
],
"status": "active",
"supports_agentless": false,
"unenroll_timeout": 42.0,
"unprivileged_agents": 42.0,
"updated_at": "string",
"updated_by": "string",
"version": "string"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Delete an agent
Delete an agent by ID.
[Required authorization] Route required privileges: fleet-agents-all.
Path parameters
-
agentId
string Required
DELETE
/api/fleet/agents/{agentId}
curl \
--request DELETE 'https://<KIBANA_URL>/api/fleet/agents/{agentId}' \
--header "Authorization: $API_KEY" \
--header "kbn-xsrf: true"
Response examples (200)
{
"action": "deleted"
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Get a package file
[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.
Path parameters
-
pkgName
string Required -
pkgVersion
string Required -
filePath
string Required
GET
/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}' \
--header "Authorization: $API_KEY"
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Get package stats
[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.
Path parameters
-
pkgName
string Required
GET
/api/fleet/epm/packages/{pkgName}/stats
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/epm/packages/{pkgName}/stats' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"response": {
"agent_policy_count": 42.0
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Get an inputs template
[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.
Path parameters
-
pkgName
string Required -
pkgVersion
string Required
Query parameters
-
format
string Values are
json,yml, oryaml. Default value isjson. -
prerelease
boolean -
ignoreUnverified
boolean
GET
/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs' \
--header "Authorization: $API_KEY"
Response examples (200)
String-1
string{
"inputs": [
{
"id": "string",
"streams": [
{
"data_stream": {
"dataset": "string",
"type": "string"
},
"id": "string"
}
],
"type": "string"
}
]
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Get settings
[Required authorization] Route required privileges: fleet-settings-read.
GET
/api/fleet/settings
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/settings' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"item": {
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"id": "string",
"output_secret_storage_requirements_met": true,
"preconfigured_fields": [
"fleet_server_hosts"
],
"prerelease_integrations_enabled": true,
"secret_storage_requirements_met": true,
"use_space_awareness_migration_started_at": "string",
"use_space_awareness_migration_status": "pending",
"version": "string"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (404)
{
"message": "string"
}Update settings
[Required authorization] Route required privileges: fleet-settings-all.
Body
-
additional_yaml_config
string -
delete_unenrolled_agents
object Additional properties are NOT allowed.
-
has_seen_add_data_notice
boolean -
kibana_ca_sha256
string -
kibana_urls
array[string(uri)] -
prerelease_integrations_enabled
boolean
PUT
/api/fleet/settings
curl \
--request PUT 'https://<KIBANA_URL>/api/fleet/settings' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"additional_yaml_config":"string","delete_unenrolled_agents":{"enabled":true,"is_preconfigured":true},"has_seen_add_data_notice":true,"kibana_ca_sha256":"string","kibana_urls":["https://example.com"],"prerelease_integrations_enabled":true}'
Request examples
# Headers
kbn-xsrf: true
# Payload
{
"additional_yaml_config": "string",
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"kibana_ca_sha256": "string",
"kibana_urls": [
"https://example.com"
],
"prerelease_integrations_enabled": true
}
Response examples (200)
{
"item": {
"delete_unenrolled_agents": {
"enabled": true,
"is_preconfigured": true
},
"has_seen_add_data_notice": true,
"id": "string",
"output_secret_storage_requirements_met": true,
"preconfigured_fields": [
"fleet_server_hosts"
],
"prerelease_integrations_enabled": true,
"secret_storage_requirements_met": true,
"use_space_awareness_migration_started_at": "string",
"use_space_awareness_migration_status": "pending",
"version": "string"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (404)
{
"message": "string"
}Initiate Fleet setup
[Required authorization] Route required privileges: fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup.
POST
/api/fleet/setup
curl \
--request POST 'https://<KIBANA_URL>/api/fleet/setup' \
--header "Authorization: $API_KEY" \
--header "kbn-xsrf: true"
Response examples (200)
{
"isInitialized": true,
"nonFatalErrors": [
{
"message": "string",
"name": "string"
}
]
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (500)
{
"message": "string"
}Get outputs
[Required authorization] Route required privileges: fleet-settings-read OR fleet-agent-policies-read.
GET
/api/fleet/outputs
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/outputs' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"items": [
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Create output
[Required authorization] Route required privileges: fleet-settings-all.
Body
object
-
allow_edit
array[string] -
ca_sha256
string | null -
ca_trusted_fingerprint
string | null -
config_yaml
string | null -
hosts
array[string(uri)] Required At least
1element. -
id
string -
is_default
boolean Default value is
false. -
is_default_monitoring
boolean Default value is
false. -
is_internal
boolean -
is_preconfigured
boolean -
name
string Required -
preset
string Values are
balanced,custom,throughput,scale, orlatency. -
proxy_id
string | null -
secrets
object Additional properties are NOT allowed.
-
shipper
object | null Additional properties are NOT allowed.
-
ssl
object | null Additional properties are NOT allowed.
-
type
string Required Value is
elasticsearch.
POST
/api/fleet/outputs
curl \
--request POST 'https://<KIBANA_URL>/api/fleet/outputs' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"allow_edit":["string"],"ca_sha256":"string","ca_trusted_fingerprint":"string","config_yaml":"string","hosts":["https://example.com"],"id":"string","is_default":false,"is_default_monitoring":false,"is_internal":true,"is_preconfigured":true,"name":"string","preset":"balanced","proxy_id":"string","secrets":{"ssl":{"key":{"id":"string"}}},"shipper":{"compression_level":42.0,"disk_queue_compression_enabled":true,"disk_queue_enabled":false,"disk_queue_encryption_enabled":true,"disk_queue_max_size":42.0,"disk_queue_path":"string","loadbalance":true,"max_batch_bytes":42.0,"mem_queue_events":42.0,"queue_flush_timeout":42.0},"ssl":{"certificate":"string","certificate_authorities":["string"],"key":"string","verification_mode":"full"},"type":"elasticsearch"}'
Request examples
Object-1
# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"kibana_api_key": "string",
"kibana_url": "string",
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"service_token": {
"id": "string"
},
"ssl": {
"key": {
"id": "string"
}
}
},
"service_token": "string",
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"sync_integrations": true,
"sync_uninstalled_integrations": true,
"type": "remote_elasticsearch"
}# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"string"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "logstash"
}# Headers
kbn-xsrf: true
# Payload
{
"allow_edit": [
"string"
],
"auth_type": "none",
"broker_timeout": 42.0,
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"client_id": "string",
"compression": "gzip",
"compression_level": [],
"config_yaml": "string",
"connection_type": [],
"hash": {
"hash": "string",
"random": true
},
"headers": [
{
"key": "string",
"value": "string"
}
],
"hosts": [
"string"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"key": "string",
"name": "string",
"partition": "random",
"password": [],
"proxy_id": "string",
"random": {
"group_events": 42.0
},
"required_acks": 1,
"round_robin": {
"group_events": 42.0
},
"sasl": {
"mechanism": "PLAIN"
},
"secrets": {
"password": {
"id": "string"
},
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"timeout": 42.0,
"topic": "string",
"type": "kafka",
"username": [],
"version": "string"
}
Response examples (200)
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Get output
Get output by ID.
[Required authorization] Route required privileges: fleet-settings-read OR fleet-agent-policies-read.
Path parameters
-
outputId
string Required
GET
/api/fleet/outputs/{outputId}
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/outputs/{outputId}' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"item": {
"allow_edit": [
"string"
],
"ca_sha256": "string",
"ca_trusted_fingerprint": "string",
"config_yaml": "string",
"hosts": [
"https://example.com"
],
"id": "string",
"is_default": false,
"is_default_monitoring": false,
"is_internal": true,
"is_preconfigured": true,
"name": "string",
"preset": "balanced",
"proxy_id": "string",
"secrets": {
"ssl": {
"key": {
"id": "string"
}
}
},
"shipper": {
"compression_level": 42.0,
"disk_queue_compression_enabled": true,
"disk_queue_enabled": false,
"disk_queue_encryption_enabled": true,
"disk_queue_max_size": 42.0,
"disk_queue_path": "string",
"loadbalance": true,
"max_batch_bytes": 42.0,
"mem_queue_events": 42.0,
"queue_flush_timeout": 42.0
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"key": "string",
"verification_mode": "full"
},
"type": "elasticsearch"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Query parameters
-
page
number -
perPage
number -
sortField
string -
sortOrder
string Values are
descorasc. -
showUpgradeable
boolean -
kuery
string -
format
string Values are
simplifiedorlegacy. -
withAgentCount
boolean
GET
/api/fleet/package_policies
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/package_policies' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"items": [
{
"additional_datastreams_permissions": [
"string"
],
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Query parameters
-
format
string Values are
simplifiedorlegacy.
Body
-
ids
array[string] Required list of package policy ids
-
ignoreMissing
boolean
POST
/api/fleet/package_policies/_bulk_get
curl \
--request POST 'https://<KIBANA_URL>/api/fleet/package_policies/_bulk_get' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"ids":["string"],"ignoreMissing":true}'
Request examples
# Headers
kbn-xsrf: true
# Payload
{
"ids": [
"string"
],
"ignoreMissing": true
}
Response examples (200)
{
"items": [
{
"additional_datastreams_permissions": [
"string"
],
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
]
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (404)
{
"message": "string"
}Path parameters
-
packagePolicyId
string Required
Query parameters
-
format
string Values are
simplifiedorlegacy.
GET
/api/fleet/package_policies/{packagePolicyId}
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/package_policies/{packagePolicyId}' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"item": {
"additional_datastreams_permissions": [
"string"
],
"agents": 42.0,
"created_at": "string",
"created_by": "string",
"description": "string",
"elasticsearch": {
"privileges": {
"cluster": [
"string"
]
}
},
"enabled": true,
"id": "string",
"inputs": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"policy_template": "string",
"streams": [
{
"config": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"data_stream": {
"dataset": "string",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true,
"privileges": {
"indices": [
"string"
]
}
},
"type": "string"
},
"enabled": true,
"id": "string",
"keep_enabled": true,
"release": "ga",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"type": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
}
}
],
"is_managed": true,
"name": "string",
"namespace": "string",
"output_id": "string",
"overrides": {
"inputs": {}
},
"package": {
"experimental_data_stream_features": [
{
"data_stream": "string",
"features": {
"doc_value_only_numeric": true,
"doc_value_only_other": true,
"synthetic_source": true,
"tsdb": true
}
}
],
"name": "string",
"requires_root": true,
"title": "string",
"version": "string"
},
"policy_id": "string",
"policy_ids": [
"string"
],
"revision": 42.0,
"secret_references": [
{
"id": "string"
}
],
"spaceIds": [
"string"
],
"supports_agentless": false,
"updated_at": "string",
"updated_by": "string",
"vars": {
"additionalProperty1": {
"frozen": true,
"type": "string"
},
"additionalProperty2": {
"frozen": true,
"type": "string"
}
},
"version": "string"
}
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (404)
{
"message": "string"
}Get Fleet Server hosts
[Required authorization] Route required privileges: fleet-agents-all OR fleet-settings-read.
GET
/api/fleet/fleet_server_hosts
curl \
--request GET 'https://<KIBANA_URL>/api/fleet/fleet_server_hosts' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"items": [
{
"host_urls": [
"string"
],
"id": "string",
"is_default": false,
"is_internal": true,
"is_preconfigured": false,
"name": "string",
"proxy_id": "string",
"secrets": {
"ssl": {
"es_key": {
"id": "string"
},
"key": {
"id": "string"
}
}
},
"ssl": {
"certificate": "string",
"certificate_authorities": [
"string"
],
"client_auth": "optional",
"es_certificate": "string",
"es_certificate_authorities": [
"string"
],
"es_key": "string",
"key": "string"
}
}
],
"page": 42.0,
"perPage": 42.0,
"total": 42.0
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Rotate a Fleet message signing key pair
[Required authorization] Route required privileges: fleet-agents-all AND fleet-agent-policies-all AND fleet-settings-all.
Query parameters
-
acknowledge
boolean Default value is
false.
POST
/api/fleet/message_signing_service/rotate_key_pair
curl \
--request POST 'https://<KIBANA_URL>/api/fleet/message_signing_service/rotate_key_pair' \
--header "Authorization: $API_KEY" \
--header "kbn-xsrf: true"
Response examples (200)
{
"message": "string"
}
Response examples (400)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}
Response examples (500)
{
"error": "string",
"errorType": "string",
"message": "string",
"statusCode": 42.0
}Create or update a role
Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
Path parameters
-
name
string Required The role name.
Minimum length is
1, maximum length is1024.
Query parameters
-
createOnly
boolean When true, a role is not overwritten if it already exists.
Default value is
false.
Body
-
description
string A description for the role.
Maximum length is
2048. -
elasticsearch
object Required Additional properties are NOT allowed.
-
kibana
array[object] -
metadata
object Additional properties are allowed.
PUT
/api/security/role/{name}
curl \
--request PUT 'https://<KIBANA_URL>/api/security/role/{name}' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--header "kbn-xsrf: true" \
--data '{"description":"string","elasticsearch":{"cluster":["string"],"indices":[{"allow_restricted_indices":true,"field_security":{"additionalProperty1":["string"],"additionalProperty2":["string"]},"names":["string"],"privileges":["string"],"query":"string"}],"remote_cluster":[{"clusters":["string"],"privileges":["string"]}],"remote_indices":[{"allow_restricted_indices":true,"clusters":["string"],"field_security":{"additionalProperty1":["string"],"additionalProperty2":["string"]},"names":["string"],"privileges":["string"],"query":"string"}],"run_as":["string"]},"kibana":[{"base":[],"feature":{"additionalProperty1":["string"],"additionalProperty2":["string"]},"spaces":["*"]}],"metadata":{}}'
Request examples
# Headers
kbn-xsrf: true
# Payload
{
"description": "string",
"elasticsearch": {
"cluster": [
"string"
],
"indices": [
{
"allow_restricted_indices": true,
"field_security": {
"additionalProperty1": [
"string"
],
"additionalProperty2": [
"string"
]
},
"names": [
"string"
],
"privileges": [
"string"
],
"query": "string"
}
],
"remote_cluster": [
{
"clusters": [
"string"
],
"privileges": [
"string"
]
}
],
"remote_indices": [
{
"allow_restricted_indices": true,
"clusters": [
"string"
],
"field_security": {
"additionalProperty1": [
"string"
],
"additionalProperty2": [
"string"
]
},
"names": [
"string"
],
"privileges": [
"string"
],
"query": "string"
}
],
"run_as": [
"string"
]
},
"kibana": [
{
"base": [],
"feature": {
"additionalProperty1": [
"string"
],
"additionalProperty2": [
"string"
]
},
"spaces": [
"*"
]
}
],
"metadata": {}
}Get running processes
Get a list of all processes running on an endpoint.
Body
Required
-
agent_type
string List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
alert_ids
array[string(nonempty)] A list of alerts
ids.At least
1element. Minimum length of each is1. -
case_ids
array[string] Case IDs to be updated (cannot contain empty strings)
At least
1element. Minimum length of each is1. -
comment
string Optional comment
-
endpoint_ids
array[string] Required List of endpoint IDs (cannot contain empty strings)
At least
1element. Minimum length of each is1. -
parameters
object Optional parameters object
POST
/api/endpoint/action/running_procs
curl \
--request POST 'https://<KIBANA_URL>/api/endpoint/action/running_procs' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}'
Request example
{
"endpoint_ids": [
"ed518850-681a-4d60-bb98-e22640cae2a8"
]
}
Response examples (200)
{
"data": {
"id": "233db9ea-6733-4849-9226-5a7039c7161d",
"agents": [
"ed518850-681a-4d60-bb98-e22640cae2a8"
],
"errors": [],
"command": "running-processes",
"comment": "",
"outputs": {
"ed518850-681a-4d60-bb98-e22640cae2a8": {
"type": "json",
"content": {
"key": "value"
}
}
},
"agentType": "endpoint",
"createdBy": "myuser",
"isExpired": false,
"startedAt": "2022-07-29T19:08:49.126Z",
"parameters": {},
"completedAt": "2022-07-29T19:09:44.961Z",
"isCompleted": true,
"wasSuccessful": true
}
}Cleanup the Risk Engine
Cleaning up the the Risk Engine by removing the indices, mapping and transforms
DELETE
/api/risk_score/engine/dangerously_delete_data
curl \
--request DELETE 'https://<KIBANA_URL>/api/risk_score/engine/dangerously_delete_data' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"cleanup_successful": true
}
Response examples (400)
{
"message": "string",
"status_code": 42
}
Response examples (default)
{
"cleanup_successful": false,
"errors": [
{
"error": "string",
"seq": 42
}
]
}Security exceptions
Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.
Exceptions are made up of:
- Exception containers: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.
- Exception items: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to
true, the rule does not generate an alert.
For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.
You cannot use lists with endpoint rule exceptions.
Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.
Exceptions requirements
Before you can start working with exceptions that use value lists, you must create the .lists and .items data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to Enable and access detections.
Update an exception list item
Update an exception list item using the id or item_id field.
Body
Required
Exception list item's properties
-
_version
string The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.
-
comments
array[object] Default value is
[](empty). -
description
string Required Describes the exception list.
-
entries
array[object] Required Any of: Security_Exceptions_API_ExceptionListItemEntryMatchobject Security_Exceptions_API_ExceptionListItemEntryMatchAnyobject Security_Exceptions_API_ExceptionListItemEntryListobject Security_Exceptions_API_ExceptionListItemEntryExistsobject Security_Exceptions_API_ExceptionListItemEntryNestedobject Security_Exceptions_API_ExceptionListItemEntryMatchWildcardobject -
expire_time
string(date-time) The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions.
-
id
string(nonempty) Exception's identifier.
Minimum length is
1. -
item_id
string(nonempty) Human readable string identifier, e.g.
trusted-linux-processesMinimum length is
1. -
list_id
string(nonempty) Exception list's human readable string identifier, e.g.
trusted-linux-processes.Minimum length is
1. -
meta
object Additional properties are allowed.
-
name
string(nonempty) Required Exception list name.
Minimum length is
1. -
namespace_type
string Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single: Only available in the Kibana space in which it is created.agnostic: Available in all Kibana spaces.
Values are
agnosticorsingle. Default value issingle. -
os_types
array[string] Use this field to specify the operating system.
Values are
linux,macos, orwindows. Default value is[](empty). -
type
string Required Value is
simple.
Responses
-
200 application/json
Successful response
-
400 application/json
Invalid input data response
-
401 application/json
Unsuccessful authentication response
-
403 application/json
Not enough privileges response
-
404 application/json
Exception list item not found response
-
500 application/json
Internal server error response
PUT
/api/exception_lists/items
curl \
--request PUT 'https://<KIBANA_URL>/api/exception_lists/items' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"name":"Updated name","tags":[],"type":"simple","entries":[{"type":"match","field":"host.name","value":"rock01","operator":"included"}],"item_id":"simple_list_item","comments":[],"description":"Updated description","namespace_type":"single"}'
Request example
{
"name": "Updated name",
"tags": [],
"type": "simple",
"entries": [
{
"type": "match",
"field": "host.name",
"value": "rock01",
"operator": "included"
}
],
"item_id": "simple_list_item",
"comments": [],
"description": "Updated description",
"namespace_type": "single"
}
Response examples (200)
{
"id": "459c5e7e-f8b2-4f0b-b136-c1fc702f72da",
"name": "Updated name",
"tags": [],
"type": "simple",
"entries": [
{
"type": "match",
"field": "host.name",
"value": "rock01",
"operator": "included"
}
],
"item_id": "simple_list_item",
"list_id": "simple_list",
"_version": "WzEyLDFd",
"comments": [],
"os_types": [],
"created_at": "2025-01-07T21:12:25.512Z",
"created_by": "elastic",
"updated_at": "2025-01-07T21:34:50.233Z",
"updated_by": "elastic",
"description": "Updated description",
"namespace_type": "single",
"tie_breaker_id": "ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0"
}
Response examples (400)
{
"error": "Bad Request",
"message": "[request body]: item_id: Expected string, received number",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"error": "Forbidden",
"message": "API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]",
"statusCode": 403
}
Response examples (404)
{
"message": "exception list item item_id: \\\"foo\\\" does not exist",
"status_code": 404
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}Get an exception list summary
Get a summary of the specified exception list.
Query parameters
-
id
string(nonempty) Exception list's identifier generated upon creation.
Minimum length is
1. -
list_id
string(nonempty) Exception list's human readable identifier.
Minimum length is
1. -
namespace_type
string Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single: Only available in the Kibana space in which it is created.agnostic: Available in all Kibana spaces.
Values are
agnosticorsingle. Default value issingle. -
filter
string Search filter clause
Responses
-
200 application/json
Successful response
-
400 application/json
Invalid input data response
-
401 application/json
Unsuccessful authentication response
-
403 application/json
Not enough privileges response
-
404 application/json
Exception list not found response
-
500 application/json
Internal server error response
GET
/api/exception_lists/summary
curl \
--request GET 'https://<KIBANA_URL>/api/exception_lists/summary' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"linux": 0,
"macos": 0,
"total": 0,
"windows": 0
}
Response examples (400)
{
"error": "Bad Request",
"message": "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"error": "Forbidden",
"message": "API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary]",
"statusCode": 403
}
Response examples (404)
{
"message\"": "exception list id: \"foo\" does not exist",
"status_code\"": 404
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}Delete a value list
Delete a value list using the list ID.
When you delete a list, all of its list items are also deleted.
Query parameters
-
id
string(nonempty) Required Value list's identifier.
Minimum length is
1. -
deleteReferences
boolean Determines whether exception items referencing this value list should be deleted.
Default value is
false. -
ignoreReferences
boolean Determines whether to delete value list without performing any additional checks of where this list may be utilized.
Default value is
false.
DELETE
/api/lists
curl \
--request DELETE 'https://<KIBANA_URL>/api/lists?id=21b01cfb-058d-44b9-838c-282be16c91cd' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"id": "21b01cfb-058d-44b9-838c-282be16c91cd",
"name": "Bad ips",
"type": "ip",
"version": 3,
"_version": "WzIsMV0=",
"immutable": false,
"@timestamp": "2025-01-08T04:47:34.273Z",
"created_at": "2025-01-08T04:47:34.273Z",
"created_by": "elastic",
"updated_at": "2025-01-08T05:39:39.292Z",
"updated_by": "elastic",
"description": "List of bad internet ips.",
"tie_breaker_id": "f5508188-b1e9-4e6e-9662-d039a7d89899"
}
Response examples (400)
{
"error": "Bad Request",
"message": "[request query]: id: Required",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"error": "Forbidden",
"message": "API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]",
"statusCode": 403
}
Response examples (404)
{
"message": "list id: \\\"ip_list\\\" was not found",
"status_code": 404
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}Get a paginated list of SLOs
You must have the read privileges for the SLOs feature in the Observability section of the Kibana feature privileges.
Path parameters
-
spaceId
string Required An identifier for the space. If
/s/and the identifier are omitted from the path, the default space is used.
Query parameters
-
kqlQuery
string A valid kql query to filter the SLO with
-
size
integer The page size to use for cursor-based pagination, must be greater or equal than 1
Default value is
1. -
searchAfter
array[string] The cursor to use for fetching the results from, when using a cursor-base pagination.
-
page
integer The page to use for pagination, must be greater or equal than 1
Default value is
1. -
perPage
integer Number of SLOs returned by page
Maximum value is
5000. Default value is25. -
sortBy
string Sort by field
Values are
sli_value,status,error_budget_consumed, orerror_budget_remaining. Default value isstatus. -
sortDirection
string Sort order
Values are
ascordesc. Default value isasc. -
hideStale
boolean Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings
GET
/s/{spaceId}/api/observability/slos
curl \
--request GET 'https://<KIBANA_URL>/s/default/api/observability/slos' \
--header "Authorization: $API_KEY" \
--header "kbn-xsrf: string"
Response examples (200)
{
"page": 1,
"perPage": 25,
"results": [
{
"budgetingMethod": "occurrences",
"createdAt": "2023-01-12T10:03:19.000Z",
"description": "My SLO description",
"enabled": true,
"groupBy": [
[
"service.name"
],
"service.name",
[
"service.name",
"service.environment"
]
],
"id": "8853df00-ae2e-11ed-90af-09bb6422b258",
"indicator": {
"params": {
"dataViewId": "03b80ab3-003d-498b-881c-3beedbaf1162",
"filter": "field.environment : \"production\" and service.name : \"my-service\"",
"good": "request.latency <= 150 and request.status_code : \"2xx\"",
"index": "my-service-*",
"timestampField": "timestamp",
"total": "field.environment : \"production\" and service.name : \"my-service\""
},
"type": "sli.kql.custom"
},
"instanceId": "host-abcde",
"name": "My Service SLO",
"objective": {
"target": 0.99,
"timesliceTarget": 0.995,
"timesliceWindow": "5m"
},
"revision": 2,
"settings": {
"frequency": "5m",
"preventInitialBackfill": true,
"syncDelay": "5m",
"syncField": "event.ingested"
},
"summary": {
"errorBudget": {
"consumed": 0.8,
"initial": 0.02,
"isEstimated": true,
"remaining": 0.2
},
"sliValue": 0.9836,
"status": "HEALTHY"
},
"tags": [
"string"
],
"timeWindow": {
"duration": "30d",
"type": "rolling"
},
"updatedAt": "2023-01-12T10:03:19.000Z",
"version": 2
}
],
"searchAfter": "string",
"size": 25,
"total": 34
}
Response examples (400)
{
"error": "Bad Request",
"message": "Invalid value 'foo' supplied to: [...]",
"statusCode": 400
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]",
"statusCode": 403
}
Response examples (404)
{
"error": "Not Found",
"message": "SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found",
"statusCode": 404
}Query parameters
-
purpose
string Specifies which authorization checks are applied to the API call. The default value is
any.Values are
any,copySavedObjectsIntoSpace, orshareSavedObjectsIntoSpace.
GET
/api/spaces/space
curl \
--request GET 'https://<KIBANA_URL>/api/spaces/space?' \
--header "Authorization: $API_KEY"
Response examples (200)
Get all spaces
Get all spaces without specifying any options.
[
{
"id": "default",
"name": "Default",
"imageUrl": "",
"_reserved": true,
"description": "This is the Default Space",
"disabledFeatures": []
},
{
"id": "marketing",
"name": "Marketing",
"color": null,
"imageUrl": "data:image/png;base64,iVBORw0KGgoAAAANSU",
"initials": "MK",
"description": "This is the Marketing Space",
"disabledFeatures": [
"apm"
]
},
{
"id": "sales",
"name": "Sales",
"imageUr\"": "",
"initials": "MK",
"solution": "oblt",
"disabledFeatures": [
"discover"
]
}
]
The user has read-only access to the Sales space. Get all spaces with the following query parameters: "purpose=shareSavedObjectsIntoSpace&include_authorized_purposes=true"
[
{
"id": "default",
"name": "Default",
"imageUrl": "",
"_reserved": true,
"description": "This is the Default Space",
"disabledFeatures": [],
"authorizedPurposes": {
"any": true,
"findSavedObjects": true,
"copySavedObjectsIntoSpace": true,
"shareSavedObjectsIntoSpace": true
}
},
{
"id": "marketing",
"name": "Marketing",
"color": null,
"imageUrl": "data:image/png;base64,iVBORw0KGgoAAAANSU",
"initials": "MK",
"description": "This is the Marketing Space",
"disabledFeatures": [
"apm"
],
"authorizedPurposes": {
"any": true,
"findSavedObjects": true,
"copySavedObjectsIntoSpace": true,
"shareSavedObjectsIntoSpace": true
}
},
{
"id": "sales",
"name": "Sales",
"imageUrl": "",
"initials": "MK",
"disabledFeatures": [
"discover"
],
"authorizedPurposes": {
"any": true,
"findSavedObjects": true,
"copySavedObjectsIntoSpace": false,
"shareSavedObjectsIntoSpace": false
}
}
]Streams
Streams is a new and experimental way to manage your data in Kibana. The API is currently not considered stable and can change at any point.