Create a saved query | Kibana Serverless API

Create a saved query Beta

POST /api/osquery/saved_queries

Create and run a saved query.

application/json; Elastic-Api-Version=2023-10-31

Body Required

description string | null
ecs_mapping object | null
Hide ecs_mapping attribute Show ecs_mapping attribute object | null
- * object Additional properties
  
  Additional properties are allowed.
  Hide * attributes Show * attributes object
  
  field string
  
  value string | array[string]
  
  One of:
  string-1 string array-2 array[string]
id string | null
interval string
platform string | null
query string
removed boolean | null
snapshot boolean | null
version string | null

Responses

200 application/json; Elastic-Api-Version=2023-10-31

OK

Additional properties are allowed.

POST /api/osquery/saved_queries

curl \
 -X POST https://localhost:5601/api/osquery/saved_queries \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"

Request examples

{
  "description": "string",
  "ecs_mapping": {
    "additionalProperty1": {
      "field": "string",
      "value": "string"
    },
    "additionalProperty2": {
      "field": "string",
      "value": "string"
    }
  },
  "id": "string",
  "interval": "string",
  "platform": "string",
  "query": "string",
  "removed": true,
  "snapshot": true,
  "version": "string"
}

Response examples (200)

{}

Create a saved query Beta

Body Required

value string | array[string]

Responses