Create list item

edit

Creates a list item and associates it with the specified list container.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

All list items in the same list container must be the same type. For example, each list item in an ip list container must define a specific IP address.

Before creating list items, you must create a list container.

Request URL

edit

POST <kibana host>:<port>/api/lists/items

Request body

edit

A JSON object with these fields:

Name Type Description Required

id

String

Unique identifier of the list item.

No, automatically created when it is not provided.

list_id

String

ID of the associated list container.

Yes

meta

Object

Placeholder for metadata about the list item.

No

value

String

The value used to evaluate exceptions. For information on how list item exceptions are evaluated, see Create exception item.

Yes

Example requests

edit

Adds an IP address to the internal-ip-excludes list container:

POST api/lists/items
{
  "id": "internal-ip-1",
  "list_id": "internal-ip-excludes",
  "value": "10.0.0.12"
}

Adds a host name to the host.name-container list container:

POST api/lists
{
  "id": "win-prem-19",
  "list_id": "host.name-container",
  "value": "liverpool-fc"
}

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "_version": "WzEsMV0=", 
  "id": "internal-ip-1",
  "type": "ip",
  "value": "10.0.0.12",
  "created_at": "2020-08-11T10:54:46.080Z",
  "created_by": "elastic",
  "list_id": "internal-ip-excludes",
  "tie_breaker_id": "ed3f9d84-cd85-4122-b93d-07d1de4fd8bb",
  "updated_at": "2020-08-11T10:54:46.080Z",
  "updated_by": "elastic"
}

Base-64 encoded value of if_seq_no and if_primary_term parameters, used for Optimistic concurrency control. To ensure there are no conflicts, use this value when updating a list item.