IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get saved query API
editGet saved query API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Retrieve a single saved query by ID.
Request
editGET <kibana host>:<port>/api/osquery/saved_queries/<id>
GET <kibana host>:<port>/s/<space_id>/api/osquery/saved_queries/<id>
Path parameters
edit-
space_id -
(Optional, string) The space identifier. When
space_idis not provided in the URL, the default space is used. -
id - (Required, string) The ID of the saved query you want to retrieve.
Response code
edit-
200 - Indicates a successful call.
-
404 - The specified saved query and ID doesn’t exist.
Example
editRetrieve the saved query object with the 42ba9c50-0cc5-11ed-aa1d-2b27890bc90d ID:
$ curl -X GET api/osquery/saved_queries/42ba9c50-0cc5-11ed-aa1d-2b27890bc90d
The API returns the saved query object:
{
"data": {
"id": "42ba9c50-0cc5-11ed-aa1d-2b27890bc90d",
"type": "osquery-saved-query",
"namespaces": [
"default"
],
"updated_at": "2022-07-26T09:28:08.600Z",
"version": "WzQzMTcsMV0=",
"attributes": {
"id": "saved_query_id",
"description": "Saved query description",
"query": "select * from uptime;",
"platform": "linux,darwin",
"version": "2.8.0",
"interval": "60",
"ecs_mapping": {
"host.uptime": {
"field": "total_seconds"
}
},
"created_by": "elastic",
"created_at": "2022-07-26T09:28:08.597Z",
"updated_by": "elastic",
"updated_at": "2022-07-26T09:28:08.597Z",
"prebuilt": false
},
"references": [],
"coreMigrationVersion": "8.4.0"
}
}