Update a saved query Beta

PUT /api/osquery/saved_queries/{id}

Update a saved query using the query ID.

You cannot update a prebuilt saved query.

Path parameters

  • id string | null Required
application/json; Elastic-Api-Version=2023-10-31

Body Required

Responses

  • 200 application/json; Elastic-Api-Version=2023-10-31

    OK

    Additional properties are allowed.

PUT /api/osquery/saved_queries/{id}
curl \
 -X PUT https://<KIBANA_URL>/api/osquery/saved_queries/{id} \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
  "description": "string",
  "ecs_mapping": {
    "additionalProperty1": {
      "field": "string",
      "value": "string"
    },
    "additionalProperty2": {
      "field": "string",
      "value": "string"
    }
  },
  "id": "string",
  "interval": "string",
  "platform": "string",
  "query": "string",
  "removed": true,
  "snapshot": true,
  "version": "string"
}
Response examples (200)
{}