Import list items
editImport list items
editImports a list of items from a .txt
or .csv
file. The maximum file size is 9 million bytes.
You can import items to a new or existing list container.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
Request URL
editPOST <kibana host>:<port>/api/lists/items/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the file containing the list items.
For example, using cURL:
curl -X POST "<kibana host>:<port>/api/lists/items/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
String |
ID of the list container. |
Required when importing to an existing container. |
|
String |
The datatype of excludes the list container holds, which can
be either |
Required when importing to a new container. |
Example requests
editAdds the IP addresses in the internal-IPs.txt
to the internal-ip-excludes
list container:
curl -X POST "api/lists/items/_import?list_id=internal-ip-excludes" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@internal-IPs.txt"
Adds the IP addresses in the internal-IPs.txt
to a new list container:
curl -X POST "api/lists/items/_import?type=ip" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@internal-IPs.txt"
Response code
edit-
200
- Indicates a successful call.
Response payload
edit{ "_version": "WzcsMV0=", "id": "internal-ip-excludes", "created_at": "2020-08-11T10:38:51.087Z", "created_by": "elastic", "description": "Contains list items that exclude internal IP addresses from detection rule matches.", "immutable": false, "name": "Trusted internal IP addresses", "tie_breaker_id": "195f54fb-244d-4f9a-9a5b-e728901347e0", "type": "ip", "updated_at": "2020-08-11T10:42:30.205Z", "updated_by": "elastic", "version": 1 }