Find exception items
editFind exception items
editRetrieves a paginated subset of exception items in the specified container. By default, the first page is returned with 20 results per page.
The Kibana Console supports only Elasticsearch APIs. You cannot interact with the Kibana APIs with the Console and must use curl
or another HTTP tool instead. For more information, refer to Console.
Request URL
editGET <kibana host>:<port>/api/exception_lists/items/_find
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
String |
ID of the exception container. |
Yes |
|
Integer |
The page number to return. |
No |
|
Integer |
The number of items to return per page. |
No |
|
String |
Determines which field is used to sort the results. |
No |
|
String |
Determines the sort order, which can be |
No |
|
String |
Returns the items that come after the last item
returned in the previous call (use the |
No |
Example request
editRetrieves exception items in the allowed-processes
container:
GET api/exception_lists/items/_find?list_id=allowed-processes
Response code
edit-
200
- Indicates a successful call.
Response payload
edit{ "data": [ { "_tags": [], "comments": [ { "comment": "Allowed on all hosts.", "created_at": "2020-07-14T13:40:39.804Z", "created_by": "LiverpoolFC" } ], "created_at": "2020-07-14T13:40:39.804Z", "created_by": "LiverpoolFC", "description": "Global process allowlist", "entries": [ { "field": "process.name", "operator": "included", "type": "match", "value": "housekeeping" } ], "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e", "item_id": "global-allow-processes", "list_id": "allowed-processes", "name": "Host-process global exclusion", "namespace_type": "single", "tags": [ "global", "hosts", "processes" ], "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5", "type": "simple", "updated_at": "2020-07-14T13:40:39.980Z", "updated_by": "LiverpoolFC" }, { "_tags": [], "comments": [ { "comment": "Allows maintenance process to run on the specified machines", "created_at": "2020-07-14T13:41:24.005Z", "created_by": "LiverpoolFC" } ], "created_at": "2020-07-14T13:41:24.005Z", "created_by": "LiverpoolFC", "description": "Process allowlist", "entries": [ { "field": "process.name", "operator": "included", "type": "match", "value": "maintenance" }, { "field": "host.name", "operator": "included", "type": "match_any", "value": [ "liv-win-anf", "livw-win-mel", "linux-anfield" ] } ], "id": "b57e5f60-c5d7-11ea-a3d8-a5b753aeeb9e", "item_id": "allow-process-on-machines", "list_id": "allowed-processes", "name": "Host-process exclusions", "namespace_type": "single", "tags": [ "hosts", "processes" ], "tie_breaker_id": "a1bacb3d-7ce1-4f03-80f4-d49235b6bbde", "type": "simple", "updated_at": "2020-07-14T13:41:24.182Z", "updated_by": "LiverpoolFC" } ], "page": 1, "per_page": 20, "total": 2 }