From e7690179d32263addd197a415af3691d74193d85 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 12 Oct 2023 16:48:34 -0700 Subject: [PATCH 1/2] [DOCS] Remove OAS API previews --- docs/api-generated/README.md | 42 - .../cases/case-apis-passthru.asciidoc | 5511 ----------------- docs/api-generated/cases/case-apis.asciidoc | 10 - .../connector-apis-passthru.asciidoc | 2823 --------- .../connectors/connector-apis.asciidoc | 10 - .../ml-apis-passthru.asciidoc | 205 - .../machine-learning/ml-apis.asciidoc | 10 - .../rules/rule-apis-passthru.asciidoc | 4905 --------------- docs/api-generated/rules/rule-apis.asciidoc | 10 - docs/api-generated/template/index.mustache | 170 - .../actions-and-connectors/create.asciidoc | 2 +- .../actions-and-connectors/delete.asciidoc | 2 +- .../actions-and-connectors/execute.asciidoc | 2 +- docs/api/actions-and-connectors/get.asciidoc | 2 +- .../actions-and-connectors/get_all.asciidoc | 2 +- docs/api/actions-and-connectors/list.asciidoc | 2 +- .../actions-and-connectors/update.asciidoc | 2 +- docs/api/alerting/create_rule.asciidoc | 2 +- docs/api/alerting/delete_rule.asciidoc | 2 +- docs/api/alerting/disable_rule.asciidoc | 2 +- docs/api/alerting/enable_rule.asciidoc | 2 +- docs/api/alerting/find_rules.asciidoc | 2 +- docs/api/alerting/get_rules.asciidoc | 2 +- docs/api/alerting/health.asciidoc | 2 +- docs/api/alerting/list_rule_types.asciidoc | 2 +- docs/api/alerting/mute_alert.asciidoc | 2 +- docs/api/alerting/mute_all_alerts.asciidoc | 2 +- docs/api/alerting/unmute_alert.asciidoc | 2 +- docs/api/alerting/unmute_all_alerts.asciidoc | 2 +- docs/api/alerting/update_rule.asciidoc | 2 +- docs/api/cases/cases-api-add-comment.asciidoc | 2 +- docs/api/cases/cases-api-create.asciidoc | 2 +- .../api/cases/cases-api-delete-cases.asciidoc | 2 +- .../cases/cases-api-delete-comments.asciidoc | 2 +- .../cases-api-find-case-activity.asciidoc | 2 +- docs/api/cases/cases-api-find-cases.asciidoc | 2 +- .../cases/cases-api-find-connectors.asciidoc | 2 +- docs/api/cases/cases-api-get-alerts.asciidoc | 2 +- .../cases-api-get-case-activity.asciidoc | 2 +- docs/api/cases/cases-api-get-case.asciidoc | 2 +- .../cases-api-get-cases-by-alert.asciidoc | 2 +- .../api/cases/cases-api-get-comments.asciidoc | 2 +- .../cases-api-get-configuration.asciidoc | 2 +- .../cases/cases-api-get-reporters.asciidoc | 2 +- docs/api/cases/cases-api-get-status.asciidoc | 2 +- docs/api/cases/cases-api-get-tags.asciidoc | 2 +- docs/api/cases/cases-api-push.asciidoc | 2 +- .../cases-api-set-configuration.asciidoc | 2 +- .../cases/cases-api-update-comment.asciidoc | 2 +- .../cases-api-update-configuration.asciidoc | 2 +- docs/api/cases/cases-api-update.asciidoc | 2 +- docs/api/machine-learning/sync.asciidoc | 2 +- docs/apis.asciidoc | 17 - docs/index.asciidoc | 2 - docs/redirects.asciidoc | 8 +- 55 files changed, 49 insertions(+), 13758 deletions(-) delete mode 100644 docs/api-generated/README.md delete mode 100644 docs/api-generated/cases/case-apis-passthru.asciidoc delete mode 100644 docs/api-generated/cases/case-apis.asciidoc delete mode 100644 docs/api-generated/connectors/connector-apis-passthru.asciidoc delete mode 100644 docs/api-generated/connectors/connector-apis.asciidoc delete mode 100644 docs/api-generated/machine-learning/ml-apis-passthru.asciidoc delete mode 100644 docs/api-generated/machine-learning/ml-apis.asciidoc delete mode 100644 docs/api-generated/rules/rule-apis-passthru.asciidoc delete mode 100644 docs/api-generated/rules/rule-apis.asciidoc delete mode 100644 docs/api-generated/template/index.mustache delete mode 100644 docs/apis.asciidoc diff --git a/docs/api-generated/README.md b/docs/api-generated/README.md deleted file mode 100644 index 97fd32119b8bc..0000000000000 --- a/docs/api-generated/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# OpenAPI (Experimental) - -Open API specifications (OAS) exist in JSON or YAML format for some Kibana features, -though they are experimental and may be incomplete or change later. - -A preview of the API specifications can be added to the Kibana Guide by using -the following process: - -. Install [OpenAPI Generator](https://openapi-generator.tech/docs/installation), -or a similar tool that can generate HTML output from OAS. - -. Optionally validate the specifications by using the commands listed in the appropriate readmes. - -. Generate HTML output. For example: - - ``` - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/alerting/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/rules -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/cases/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/cases -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/actions/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/connectors -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/ml/common/openapi/ml_apis_v3.yaml -o $GIT_HOME/kibana/docs/api-generated/machine-learning -t $GIT_HOME/kibana/docs/api-generated/template - ``` - -. Rename the output files. For example: - ``` - mv $GIT_HOME/kibana/docs/api-generated/rules/index.html $GIT_HOME/kibana/docs/api-generated/rules/rule-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/cases/index.html $GIT_HOME/kibana/docs/api-generated/cases/case-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/connectors/index.html $GIT_HOME/kibana/docs/api-generated/connectors/connector-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/machine-learning/index.html $GIT_HOME/kibana/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc - ``` - -. If you're creating a new set of API output, you will need to have a page that incorporates the output by using passthrough blocks. For more information, refer to [Asciidoctor docs](https://docs.asciidoctor.org/asciidoc/latest/pass/pass-block/) - -. Verify the output by building the Kibana documentation. At this time, the output is added as a technical preview in the appendix. - -## Known issues - -- Some OAS 3.0 features such as `anyOf`, `oneOf`, and `allOf` might not display properly in the preview. These are on the [Short-term roadmap](https://openapi-generator.tech/docs/roadmap/) at this time. - - diff --git a/docs/api-generated/cases/case-apis-passthru.asciidoc b/docs/api-generated/cases/case-apis-passthru.asciidoc deleted file mode 100644 index eb354b320d899..0000000000000 --- a/docs/api-generated/cases/case-apis-passthru.asciidoc +++ /dev/null @@ -1,5511 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Cases

- - -

Cases

-
-
- Up -
post /s/{spaceId}/api/cases/{caseId}/comments
-
Adds a comment or alert to a case. (addCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
add_case_comment_request add_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /api/cases/{caseId}/comments
-
Adds a comment or alert to a case in the default space. (addCaseCommentDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
add_case_comment_request add_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases
-
Creates a case. (createCase)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_case_request create_case_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /api/cases
-
Creates a case in the default space. (createCaseDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
- - -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_case_request create_case_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases
-
Deletes one or more cases. (deleteCase)
-
You must have read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- -

Query parameters

-
-
ids (required)
- -
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
-
Deletes a comment or alert from a case. (deleteCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /api/cases/{caseId}/comments/{commentId}
-
Deletes a comment or alert from a case in the default space. (deleteCaseCommentDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases/{caseId}/comments
-
Deletes all comments and alerts from a case. (deleteCaseComments)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /api/cases/{caseId}/comments
-
Deletes all comments and alerts from a case in the default space. (deleteCaseCommentsDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /api/cases
-
Deletes one or more cases in the default space. (deleteCaseDefaultSpace)
-
You must have read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- - - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- -

Query parameters

-
-
ids (required)
- -
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/user_actions/_find
-
Finds user activity for a case. (findCaseActivity)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
types (optional)
- -
Query Parameter — Determines the types of user actions to return. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "userActions" : [ {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  }, {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  } ],
-  "total" : 1,
-  "perPage" : 6,
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findCaseActivity_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}/user_actions/_find
-
Finds user activity for a case in the default space. (findCaseActivityDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - - -

Query parameters

-
-
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
types (optional)
- -
Query Parameter — Determines the types of user actions to return. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "userActions" : [ {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  }, {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  }, {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  }, {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  }, {
-    "owner" : "cases",
-    "action" : "create",
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-    "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-    "type" : "create_case",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzM1ODg4LDFd"
-  } ],
-  "total" : 1,
-  "perPage" : 6,
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findCaseActivityDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/comments/_find
-
Retrieves all the user comments from a case. (findCaseComments)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/configure/connectors/_find
-
Retrieves information about connectors. (findCaseConnectors)
-
In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : ".none",
-  "referencedByCount" : 0,
-  "name" : "name",
-  "id" : "id",
-  "config" : {
-    "projectKey" : "projectKey",
-    "apiUrl" : "apiUrl"
-  },
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/configure/connectors/_find
-
Retrieves information about connectors in the default space. (findCaseConnectorsDefaultSpace)
-
In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- - - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : ".none",
-  "referencedByCount" : 0,
-  "name" : "name",
-  "id" : "id",
-  "config" : {
-    "projectKey" : "projectKey",
-    "apiUrl" : "apiUrl"
-  },
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/_find
-
Retrieves a paginated subset of cases. (findCases)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
assignees (optional)
- -
Query Parameter — Filters the returned cases by assignees. Valid values are none or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. default: null
category (optional)
- -
Query Parameter — Filters the returned cases by category. default: null
defaultSearchOperator (optional)
- -
Query Parameter — he default operator to use for the simple_query_string. default: OR
from (optional)
- -
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of items to return. Limited to 100 items. default: 20
reporters (optional)
- -
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
- -
Query Parameter — The severity of the case. default: null
sortField (optional)
- -
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
status (optional)
- -
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
- -
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
- -
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "per_page" : 5,
-  "total" : 2,
-  "cases" : [ {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  } ],
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0,
-  "page" : 5
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findCases_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/_find
-
Retrieves a paginated subset of cases in the default space. (findCasesDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- - - - - -

Query parameters

-
-
assignees (optional)
- -
Query Parameter — Filters the returned cases by assignees. Valid values are none or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. default: null
category (optional)
- -
Query Parameter — Filters the returned cases by category. default: null
defaultSearchOperator (optional)
- -
Query Parameter — he default operator to use for the simple_query_string. default: OR
from (optional)
- -
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of items to return. Limited to 100 items. default: 20
reporters (optional)
- -
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
- -
Query Parameter — The severity of the case. default: null
sortField (optional)
- -
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
status (optional)
- -
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
- -
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
- -
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "per_page" : 5,
-  "total" : 2,
-  "cases" : [ {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null, null, null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  } ],
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0,
-  "page" : 5
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findCasesDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/comments
-
Retrieves all the comments from a case. (getAllCaseComments)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}/comments
-
Retrieves all the comments from a case in the default space. (getAllCaseCommentsDefaultSpace)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}
-
Retrieves information about a case. (getCase)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
includeComments (optional)
- -
Query Parameter — Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. default: true
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/user_actions
-
Returns all user activity for a case. (getCaseActivity)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-  "case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
-  "action" : "create",
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-  "type" : "create_case",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}/user_actions
-
Returns all user activity for a case in the default space. (getCaseActivityDefaultSpace)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-  "case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
-  "action" : "create",
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-  "type" : "create_case",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/alerts
-
Gets all alerts attached to a case. (getCaseAlerts)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "index" : "index",
-  "id" : "id",
-  "attached_at" : "2000-01-23T04:56:07.000+00:00"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}/alerts
-
Gets all alerts attached to a case in the default space. (getCaseAlertsDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "index" : "index",
-  "id" : "id",
-  "attached_at" : "2000-01-23T04:56:07.000+00:00"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
-
Retrieves a comment from a case. (getCaseComment)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseCommentDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}/comments/{commentId}
-
Retrieves a comment from a case in the default space. (getCaseCommentDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseCommentDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/configure
-
Retrieves external connection details, such as the closure type and default connector for cases. (getCaseConfiguration)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/configure
-
Retrieves external connection details, such as the closure type and default connector for cases in the default space. (getCaseConfigurationDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.
- - - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/{caseId}
-
Retrieves information about a case in the default space. (getCaseDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- - - - -

Query parameters

-
-
includeComments (optional)
- -
Query Parameter — Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. default: true
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/reporters
-
Returns information about the users who opened cases. (getCaseReporters)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "full_name" : "full_name",
-  "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-  "email" : "email",
-  "username" : "elastic"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/reporters
-
Returns information about the users who opened cases in the default space. (getCaseReportersDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
- - - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "full_name" : "full_name",
-  "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-  "email" : "email",
-  "username" : "elastic"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/status
-
Returns the number of cases that are open, closed, and in progress. (getCaseStatus)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseStatusDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/status
-
Returns the number of cases that are open, closed, and in progress in the default space. (getCaseStatusDefaultSpace)
-
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- - - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseStatusDefaultSpace_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/tags
-
Aggregates and returns a list of case tags. (getCaseTags)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

-
- - array[String] -
- - - -

Example data

-
Content-Type: application/json
-
""
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/tags
-
Aggregates and returns a list of case tags in the default space. (getCaseTagsDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- - - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

-
- - array[String] -
- - - -

Example data

-
Content-Type: application/json
-
""
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/alerts/{alertId}
-
Returns the cases associated with a specific alert. (getCasesByAlert)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
[ {
-  "id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
-  "title" : "security_case"
-} ]
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /api/cases/alerts/{alertId}
-
Returns the cases associated with a specific alert in the default space. (getCasesByAlertDefaultSpace)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
[ {
-  "id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
-  "title" : "security_case"
-} ]
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push
-
Pushes a case to an external service. (pushCase)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
- -
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
body object (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /api/cases/{caseId}/connector/{connectorId}/_push
-
Pushes a case in the default space to an external service. (pushCaseDefaultSpace)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
- -
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
body object (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases/configure
-
Sets external connection details, such as the closure type and default connector for cases. (setCaseConfiguration)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
set_case_configuration_request set_case_configuration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseConfigurationDefaultSpace_200_response_inner -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /api/cases/configure
-
Sets external connection details, such as the closure type and default connector for cases in the default space. (setCaseConfigurationDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.
- - -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
set_case_configuration_request set_case_configuration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseConfigurationDefaultSpace_200_response_inner -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases
-
Updates one or more cases. (updateCase)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_request update_case_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases/{caseId}/comments
-
Updates a comment or alert in a case. (updateCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_comment_request update_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /api/cases/{caseId}/comments
-
Updates a comment or alert in a case in the default space. (updateCaseCommentDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_comment_request update_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases/configure/{configurationId}
-
Updates external connection details, such as the closure type and default connector for cases. (updateCaseConfiguration)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.
- -

Path parameters

-
-
configurationId (required)
- -
Path Parameter — An identifier for the configuration. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_configuration_request update_case_configuration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /api/cases/configure/{configurationId}
-
Updates external connection details, such as the closure type and default connector for cases in the default space. (updateCaseConfigurationDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.
- -

Path parameters

-
-
configurationId (required)
- -
Path Parameter — An identifier for the configuration. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_configuration_request update_case_configuration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /api/cases
-
Updates one or more cases in the default space. (updateCaseDefaultSpace)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
- - -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_request update_case_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null, null, null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. 4xx_response - Unsuccessful cases API response
  2. -
  3. Case_response_properties_for_comments_inner -
  4. -
  5. Case_response_properties_for_connectors - Case response properties for connectors
  6. -
  7. action_types -
  8. -
  9. actions -
  10. -
  11. add_alert_comment_request_properties - Add case comment request properties for alerts
  12. -
  13. add_case_comment_request - Add case comment request
  14. -
  15. add_user_comment_request_properties - Add case comment request properties for user comments
  16. -
  17. alert_comment_response_properties - Add case comment response properties for alerts
  18. -
  19. alert_comment_response_properties_rule -
  20. -
  21. alert_identifiers - Alert identifiers
  22. -
  23. alert_indices - Alert indices
  24. -
  25. alert_response_properties -
  26. -
  27. assignees_inner -
  28. -
  29. case_response_closed_by_properties - Case response properties for closed_by
  30. -
  31. case_response_created_by_properties - Case response properties for created_by
  32. -
  33. case_response_properties - Case response properties
  34. -
  35. case_response_pushed_by_properties - Case response properties for pushed_by
  36. -
  37. case_response_updated_by_properties - Case response properties for updated_by
  38. -
  39. closure_types -
  40. -
  41. connector_properties_cases_webhook - Create or upate case request properties for Cases Webhook connector
  42. -
  43. connector_properties_jira - Create or update case request properties for a Jira connector
  44. -
  45. connector_properties_jira_fields -
  46. -
  47. connector_properties_none - Create or update case request properties for no connector
  48. -
  49. connector_properties_resilient - Create case request properties for a IBM Resilient connector
  50. -
  51. connector_properties_resilient_fields -
  52. -
  53. connector_properties_servicenow - Create case request properties for a ServiceNow ITSM connector
  54. -
  55. connector_properties_servicenow_fields -
  56. -
  57. connector_properties_servicenow_sir - Create case request properties for a ServiceNow SecOps connector
  58. -
  59. connector_properties_servicenow_sir_fields -
  60. -
  61. connector_properties_swimlane - Create case request properties for a Swimlane connector
  62. -
  63. connector_properties_swimlane_fields -
  64. -
  65. connector_types -
  66. -
  67. create_case_request - Create case request
  68. -
  69. create_case_request_connector -
  70. -
  71. external_service -
  72. -
  73. findCaseActivityDefaultSpace_200_response -
  74. -
  75. findCaseActivity_200_response -
  76. -
  77. findCaseConnectorsDefaultSpace_200_response_inner -
  78. -
  79. findCaseConnectorsDefaultSpace_200_response_inner_config -
  80. -
  81. findCasesDefaultSpace_200_response -
  82. -
  83. findCasesDefaultSpace_assignees_parameter -
  84. -
  85. findCasesDefaultSpace_owner_parameter -
  86. -
  87. findCasesDefaultSpace_searchFields_parameter -
  88. -
  89. findCases_200_response -
  90. -
  91. getCaseCommentDefaultSpace_200_response -
  92. -
  93. getCaseConfigurationDefaultSpace_200_response_inner -
  94. -
  95. getCaseConfigurationDefaultSpace_200_response_inner_connector -
  96. -
  97. getCaseConfigurationDefaultSpace_200_response_inner_created_by -
  98. -
  99. getCaseConfigurationDefaultSpace_200_response_inner_mappings_inner -
  100. -
  101. getCaseConfigurationDefaultSpace_200_response_inner_updated_by -
  102. -
  103. getCaseStatusDefaultSpace_200_response -
  104. -
  105. getCasesByAlertDefaultSpace_200_response_inner -
  106. -
  107. owners -
  108. -
  109. payload_alert_comment -
  110. -
  111. payload_alert_comment_comment -
  112. -
  113. payload_alert_comment_comment_alertId -
  114. -
  115. payload_alert_comment_comment_index -
  116. -
  117. payload_assignees -
  118. -
  119. payload_connector -
  120. -
  121. payload_connector_connector -
  122. -
  123. payload_connector_connector_fields -
  124. -
  125. payload_create_case -
  126. -
  127. payload_description -
  128. -
  129. payload_pushed -
  130. -
  131. payload_settings -
  132. -
  133. payload_severity -
  134. -
  135. payload_status -
  136. -
  137. payload_tags -
  138. -
  139. payload_title -
  140. -
  141. payload_user_comment -
  142. -
  143. payload_user_comment_comment -
  144. -
  145. rule - Alerting rule
  146. -
  147. searchFieldsType -
  148. -
  149. set_case_configuration_request - Set case configuration request
  150. -
  151. set_case_configuration_request_connector -
  152. -
  153. set_case_configuration_request_settings -
  154. -
  155. settings -
  156. -
  157. severity_property -
  158. -
  159. status -
  160. -
  161. update_alert_comment_request_properties - Update case comment request properties for alerts
  162. -
  163. update_case_comment_request - Update case comment request
  164. -
  165. update_case_configuration_request - Update case configuration request
  166. -
  167. update_case_request - Update case request
  168. -
  169. update_case_request_cases_inner -
  170. -
  171. update_user_comment_request_properties - Update case comment request properties for user comments
  172. -
  173. user_actions_find_response_properties -
  174. -
  175. user_actions_response_properties -
  176. -
  177. user_actions_response_properties_created_by -
  178. -
  179. user_actions_response_properties_payload -
  180. -
  181. user_comment_response_properties - Case response properties for user comments
  182. -
- -
-

4xx_response - Unsuccessful cases API response Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

Case_response_properties_for_comments_inner - Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
comment (optional)
-
-
-
-

Case_response_properties_for_connectors - Case response properties for connectors Up

-
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

action_types - Up

-
The type of action.
-
-
-
-
-

actions - Up

-
-
-
-
-
-

add_alert_comment_request_properties - Add case comment request properties for alerts Up

-
Defines properties for case comment requests when type is alert.
-
-
alertId
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
alert
-
-
-
-

add_case_comment_request - Add case comment request Up

-
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
-
-
alertId
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
user
-
comment
String The new comment. It is required only when type is user.
-
-
-
-

add_user_comment_request_properties - Add case comment request properties for user comments Up

-
Defines properties for case comment requests when type is user.
-
-
comment
String The new comment. It is required only when type is user.
-
owner
-
type
String The type of comment.
-
Enum:
-
user
-
-
-
-

alert_comment_response_properties - Add case comment response properties for alerts Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
alert
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-

alert_comment_response_properties_rule - Up

-
-
-
id (optional)
String The rule identifier.
-
name (optional)
String The rule name.
-
-
-
-

alert_identifiers - Alert identifiers Up

-
The alert identifiers. It is required only when type is alert. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
-
-
-

alert_indices - Alert indices Up

-
The alert indices. It is required only when type is alert. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
-
-
-

alert_response_properties - Up

-
-
-
attached_at (optional)
Date format: date-time
-
id (optional)
String The alert identifier.
-
index (optional)
String The alert index.
-
-
-
-

assignees_inner - Up

-
-
-
uid
String A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
-
-
-
-

case_response_closed_by_properties - Case response properties for closed_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_created_by_properties - Case response properties for created_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_properties - Case response properties Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
closed_at
Date format: date-time
-
closed_by
-
comments
array[Case_response_properties_for_comments_inner] An array of comment objects for the case.
-
connector
-
created_at
Date format: date-time
-
created_by
-
description
-
duration
Integer The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.
-
external_service
-
id
-
owner
-
settings
-
severity
-
status
-
tags
-
title
-
totalAlerts
-
totalComment
-
updated_at
Date format: date-time
-
updated_by
-
version
-
-
-
-

case_response_pushed_by_properties - Case response properties for pushed_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_updated_by_properties - Case response properties for updated_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

closure_types - Up

-
Indicates whether a case is automatically closed when it is pushed to external systems (close-by-pushing) or not automatically closed (close-by-user).
-
-
-
-
-

connector_properties_cases_webhook - Create or upate case request properties for Cases Webhook connector Up

-
Defines properties for connectors when type is .cases-webhook.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.cases-webhook
-
-
-
-

connector_properties_jira - Create or update case request properties for a Jira connector Up

-
Defines properties for connectors when type is .jira.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.jira
-
-
-
-

connector_properties_jira_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
issueType
String The type of issue.
-
parent
String The key of the parent issue, when the issue type is sub-task.
-
priority
String The priority of the issue.
-
-
-
-

connector_properties_none - Create or update case request properties for no connector Up

-
Defines properties for connectors when type is .none.
-
-
fields
String An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.
-
id
String The identifier for the connector. To create a case without a connector, use none. To update a case to remove the connector, specify none.
-
name
String The name of the connector. To create a case without a connector, use none. To update a case to remove the connector, specify none.
-
type
String The type of connector. To create a case without a connector, use .none. To update a case to remove the connector, specify .none.
-
Enum:
-
.none
-
-
-
-

connector_properties_resilient - Create case request properties for a IBM Resilient connector Up

-
Defines properties for connectors when type is .resilient.
-
-
fields
-
id
String The identifier for the connector.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.resilient
-
-
-
-

connector_properties_resilient_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
issueTypes
array[String] The type of incident.
-
severityCode
String The severity code of the incident.
-
-
-
-

connector_properties_servicenow - Create case request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.servicenow
-
-
-
-

connector_properties_servicenow_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
category
String The category of the incident.
-
impact
String The effect an incident had on business.
-
severity
String The severity of the incident.
-
subcategory
String The subcategory of the incident.
-
urgency
String The extent to which the incident resolution can be delayed.
-
-
-
-

connector_properties_servicenow_sir - Create case request properties for a ServiceNow SecOps connector Up

-
Defines properties for connectors when type is .servicenow-sir.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.servicenow-sir
-
-
-
-

connector_properties_servicenow_sir_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
category
String The category of the incident.
-
destIp
Boolean Indicates whether cases will send a comma-separated list of destination IPs.
-
malwareHash
Boolean Indicates whether cases will send a comma-separated list of malware hashes.
-
malwareUrl
Boolean Indicates whether cases will send a comma-separated list of malware URLs.
-
priority
String The priority of the issue.
-
sourceIp
Boolean Indicates whether cases will send a comma-separated list of source IPs.
-
subcategory
String The subcategory of the incident.
-
-
-
-

connector_properties_swimlane - Create case request properties for a Swimlane connector Up

-
Defines properties for connectors when type is .swimlane.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

connector_properties_swimlane_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
caseId
String The case identifier for Swimlane connectors.
-
-
-
-

connector_types - Up

-
The type of connector.
-
-
-
-
-

create_case_request - Create case request Up

-
The create case API request body varies depending on the type of connector.
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector
-
description
String The description for the case.
-
owner
-
settings
-
severity (optional)
-
tags
array[String] The words and phrases that help categorize cases. It can be an empty array.
-
category (optional)
String Category for the case. It could be a word or a phrase to categorize the case.
-
title
String A title for the case.
-
-
-
-

create_case_request_connector - Up

-
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

external_service - Up

-
-
-
connector_id (optional)
-
connector_name (optional)
-
external_id (optional)
-
external_title (optional)
-
external_url (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
-
-
-

findCaseActivityDefaultSpace_200_response - Up

-
-
-
page (optional)
-
perPage (optional)
-
total (optional)
-
userActions (optional)
-
-
-
-

findCaseActivity_200_response - Up

-
-
-
page (optional)
-
perPage (optional)
-
total (optional)
-
userActions (optional)
-
-
-
-

findCaseConnectorsDefaultSpace_200_response_inner - Up

-
-
-
actionTypeId (optional)
-
config (optional)
-
id (optional)
-
isDeprecated (optional)
-
isMissingSecrets (optional)
-
isPreconfigured (optional)
-
name (optional)
-
referencedByCount (optional)
-
-
-
-

findCaseConnectorsDefaultSpace_200_response_inner_config - Up

-
-
-
apiUrl (optional)
-
projectKey (optional)
-
-
-
-

findCasesDefaultSpace_200_response - Up

-
-
-
cases (optional)
-
count_closed_cases (optional)
-
count_in_progress_cases (optional)
-
count_open_cases (optional)
-
page (optional)
-
per_page (optional)
-
total (optional)
-
-
- - - -
-

findCases_200_response - Up

-
-
-
cases (optional)
-
count_closed_cases (optional)
-
count_in_progress_cases (optional)
-
count_open_cases (optional)
-
page (optional)
-
per_page (optional)
-
total (optional)
-
-
-
-

getCaseCommentDefaultSpace_200_response - Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
comment (optional)
-
-
-
-

getCaseConfigurationDefaultSpace_200_response_inner - Up

-
-
-
closure_type (optional)
-
connector (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
error (optional)
-
id (optional)
-
mappings (optional)
-
owner (optional)
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-

getCaseConfigurationDefaultSpace_200_response_inner_connector - Up

-
-
-
fields (optional)
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.
-
id (optional)
String The identifier for the connector. If you do not want a default connector, use none. To retrieve connector IDs, use the find connectors API.
-
name (optional)
String The name of the connector. If you do not want a default connector, use none. To retrieve connector names, use the find connectors API.
-
type (optional)
-
-
-
-

getCaseConfigurationDefaultSpace_200_response_inner_created_by - Up

-
-
-
email (optional)
-
full_name (optional)
-
username (optional)
-
profile_uid (optional)
-
-
-
-

getCaseConfigurationDefaultSpace_200_response_inner_mappings_inner - Up

-
-
-
action_type (optional)
-
source (optional)
-
target (optional)
-
-
-
-

getCaseConfigurationDefaultSpace_200_response_inner_updated_by - Up

-
-
-
email (optional)
-
full_name (optional)
-
username (optional)
-
profile_uid (optional)
-
-
-
-

getCaseStatusDefaultSpace_200_response - Up

-
-
-
count_closed_cases (optional)
-
count_in_progress_cases (optional)
-
count_open_cases (optional)
-
-
-
-

getCasesByAlertDefaultSpace_200_response_inner - Up

-
-
-
id (optional)
String The case identifier.
-
title (optional)
String The case title.
-
-
-
-

owners - Up

-
The application that owns the cases: Stack Management, Observability, or Elastic Security.
-
-
-
- -
-

payload_alert_comment_comment - Up

-
-
-
alertId (optional)
-
index (optional)
-
owner (optional)
-
rule (optional)
-
type (optional)
-
Enum:
-
alert
-
-
- - -
-

payload_assignees - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
-
-
-

payload_connector - Up

-
-
-
connector (optional)
-
-
-
-

payload_connector_connector - Up

-
-
-
fields (optional)
-
id (optional)
String The identifier for the connector. To create a case without a connector, use none.
-
name (optional)
String The name of the connector. To create a case without a connector, use none.
-
type (optional)
-
-
-
-

payload_connector_connector_fields - Up

-
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
-
-
caseId (optional)
String The case identifier for Swimlane connectors.
-
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
destIp (optional)
Boolean Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
-
impact (optional)
String The effect an incident had on business for ServiceNow ITSM connectors.
-
issueType (optional)
String The type of issue for Jira connectors.
-
issueTypes (optional)
array[String] The type of incident for IBM Resilient connectors.
-
malwareHash (optional)
Boolean Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
-
malwareUrl (optional)
Boolean Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
-
parent (optional)
String The key of the parent issue, when the issue type is sub-task for Jira connectors.
-
priority (optional)
String The priority of the issue for Jira and ServiceNow SecOps connectors.
-
severity (optional)
String The severity of the incident for ServiceNow ITSM connectors.
-
severityCode (optional)
String The severity code of the incident for IBM Resilient connectors.
-
sourceIp (optional)
Boolean Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
-
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM connectors.
-
urgency (optional)
String The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
-
-
-
-

payload_create_case - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
-
owner (optional)
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
-
title (optional)
-
-
-
-

payload_description - Up

-
-
-
description (optional)
-
-
-
-

payload_pushed - Up

-
-
-
externalService (optional)
-
-
-
-

payload_settings - Up

-
-
-
settings (optional)
-
-
-
-

payload_severity - Up

-
-
-
severity (optional)
-
-
-
-

payload_status - Up

-
-
-
status (optional)
-
-
-
-

payload_tags - Up

-
-
-
tags (optional)
-
-
-
-

payload_title - Up

-
-
-
title (optional)
-
-
- -
-

payload_user_comment_comment - Up

-
-
-
comment (optional)
-
owner (optional)
-
type (optional)
-
Enum:
-
user
-
-
-
-

rule - Alerting rule Up

-
The rule that is associated with the alerts. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
id (optional)
String The rule identifier.
-
name (optional)
String The rule name.
-
-
-
-

searchFieldsType - Up

-
The fields to perform the simple_query_string parsed query against.
-
-
-
-
-

set_case_configuration_request - Set case configuration request Up

-
External connection details, such as the closure type and default connector for cases.
- -
-
-

set_case_configuration_request_connector - Up

-
An object that contains the connector configuration.
-
-
fields
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.
-
id
String The identifier for the connector. If you do not want a default connector, use none. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector. If you do not want a default connector, use none. To retrieve connector names, use the find connectors API.
-
type
-
-
-
-

set_case_configuration_request_settings - Up

-
An object that contains the case settings.
-
-
syncAlerts
Boolean Turns alert syncing on or off.
-
-
-
-

settings - Up

-
An object that contains the case settings.
-
-
syncAlerts
Boolean Turns alert syncing on or off.
-
-
-
-

severity_property - Up

-
The severity of the case.
-
-
-
-
-

status - Up

-
The status of the case.
-
-
-
-
-

update_alert_comment_request_properties - Update case comment request properties for alerts Up

-
Defines properties for case comment requests when type is alert.
-
-
alertId
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
alert
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
-
-
-

update_case_comment_request - Update case comment request Up

-
The update case comment API request body varies depending on whether you are updating an alert or a comment.
-
-
alertId
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
user
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
comment
String The new comment. It is required only when type is user.
-
-
-
-

update_case_configuration_request - Update case configuration request Up

-
External connection details, such as the closure type and default connector for cases.
-
-
closure_type (optional)
-
connector (optional)
-
version
String The version of the connector. To retrieve the version value, use the get configuration API.
-
-
-
-

update_case_request - Update case request Up

-
The update case API request body varies depending on the type of connector.
-
-
cases
array[update_case_request_cases_inner] An array containing one or more case objects.
-
-
-
-

update_case_request_cases_inner - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
String An updated description for the case.
-
id
String The identifier for the case.
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
array[String] The words and phrases that help categorize cases.
-
category (optional)
String Category for the case. It could be a word or a phrase to categorize the case.
-
title (optional)
String A title for the case.
-
version
String The current version of the case. To determine this value, use the get case or find cases APIs.
-
-
-
-

update_user_comment_request_properties - Update case comment request properties for user comments Up

-
Defines properties for case comment requests when type is user.
-
-
comment
String The new comment. It is required only when type is user.
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
owner
-
type
String The type of comment.
-
Enum:
-
user
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
-
-
-

user_actions_find_response_properties - Up

-
-
-
action
-
comment_id
-
created_at
Date format: date-time
-
created_by
-
id
-
owner
-
payload
-
version
-
type
String The type of action.
-
Enum:
-
assignees
create_case
comment
connector
description
pushed
tags
title
status
settings
severity
-
-
-
-

user_actions_response_properties - Up

-
-
-
action
-
action_id
-
case_id
-
comment_id
-
created_at
Date format: date-time
-
created_by
-
owner
-
payload
-
type
-
-
-
-

user_actions_response_properties_created_by - Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

user_actions_response_properties_payload - Up

-
-
-
comment (optional)
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
-
owner (optional)
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
-
title (optional)
-
externalService (optional)
-
-
-
-

user_comment_response_properties - Case response properties for user comments Up

-
-
-
comment (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-++++ diff --git a/docs/api-generated/cases/case-apis.asciidoc b/docs/api-generated/cases/case-apis.asciidoc deleted file mode 100644 index fdd9a941a58e6..0000000000000 --- a/docs/api-generated/cases/case-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[case-apis]] -== Case APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::case-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc deleted file mode 100644 index d3495cecf9edf..0000000000000 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ /dev/null @@ -1,2823 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Connectors

- - -

Connectors

-
-
- Up -
post /s/{spaceId}/api/actions/connector
-
Creates a connector. (createConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Create_connector_request_body_properties Create_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions/connector/{connectorId}
-
Creates a connector. (createConnectorId)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
connectorId (required)
- -
Path Parameter — A UUID v1 or v4 identifier for the connector. If you omit this parameter, an identifier is randomly generated. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Create_connector_request_body_properties Create_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
delete /s/{spaceId}/api/actions/connector/{connectorId}
-
Deletes a connector. (deleteConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. WARNING: When you delete a connector, it cannot be recovered.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -

404

- Object is not found. - getConnector_404_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connector/{connectorId}
-
Retrieves a connector by ID. (getConnector)
-
You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

401

- Authorization information is missing or invalid. - Unauthorized_response -

404

- Object is not found. - getConnector_404_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connector_types
-
Retrieves a list of all connector types. (getConnectorTypes)
-
You do not need any Kibana feature privileges to run this API.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
feature_id (optional)
- -
Query Parameter — A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "supported_feature_ids" : [ "alerting", "uptime", "siem" ],
-  "name" : "Index",
-  "enabled_in_license" : true,
-  "id" : ".server-log",
-  "enabled_in_config" : true,
-  "minimum_license_required" : "basic",
-  "enabled" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connectors
-
Retrieves all connectors. (getConnectors)
-
You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "is_missing_secrets" : false,
-  "is_deprecated" : false,
-  "is_preconfigured" : false,
-  "name" : "my-connector",
-  "is_system_action" : false,
-  "referenced_by_count" : 2,
-  "id" : "b0766e10-d190-11ec-b04c-776c77d14fca",
-  "config" : {
-    "key" : ""
-  },
-  "connector_type_id" : ".server-log"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions
-
Creates a connector. (legacyCreateConnector)
-
Deprecated in 7.13.0. Use the create connector API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_create_connector_request_properties Legacy_create_connector_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
delete /s/{spaceId}/api/actions/action/{actionId}
-
Deletes a connector. (legacyDeleteConnector)
-
Deprecated in 7.13.0. Use the delete connector API instead. WARNING: When you delete a connector, it cannot be recovered.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/action/{actionId}
-
Retrieves a connector by ID. (legacyGetConnector)
-
Deprecated in 7.13.0. Use the get connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/list_action_types
-
Retrieves a list of all connector types. (legacyGetConnectorTypes)
-
Deprecated in 7.13.0. Use the get all connector types API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "enabledInConfig" : true,
-  "name" : "name",
-  "enabledInLicense" : true,
-  "id" : "id",
-  "minimumLicenseRequired" : "minimumLicenseRequired",
-  "enabled" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions
-
Retrieves all connectors. (legacyGetConnectors)
-
Deprecated in 7.13.0. Use the get all connectors API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions/action/{actionId}/_execute
-
Runs a connector. (legacyRunConnector)
-
Deprecated in 7.13.0. Use the run connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_run_connector_request_body_properties Legacy_run_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "actionId" : "actionId",
-  "status" : "status"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyRunConnector_200_response -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
put /s/{spaceId}/api/actions/action/{actionId}
-
Updates the attributes for a connector. (legacyUpdateConnector)
-
Deprecated in 7.13.0. Use the update connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_update_connector_request_body_properties Legacy_update_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

404

- Object is not found. - Not_found_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
-
Runs a connector. (runConnector)
-
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. If you use an index connector, you must also have all, create, index, or write indices privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Run_connector_request_body_properties Run_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "connector_id" : "connector_id",
-  "status" : "error"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - runConnector_200_response -

401

- Authorization information is missing or invalid. - Unauthorized_response -
-
-
-
- Up -
put /s/{spaceId}/api/actions/connector/{connectorId}
-
Updates the attributes for a connector. (updateConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Update_connector_request_body_properties Update_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

400

- Indicates a bad request. - updateConnector_400_response -

401

- Authorization information is missing or invalid. - Unauthorized_response -

404

- Object is not found. - Not_found_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. Alert_identifier_mapping - Alert identifier mapping
  2. -
  3. Case_comment_mapping - Case comment mapping
  4. -
  5. Case_description_mapping - Case description mapping
  6. -
  7. Case_identifier_mapping - Case identifier mapping
  8. -
  9. Case_name_mapping - Case name mapping
  10. -
  11. Connector_mappings_properties_for_a_Swimlane_connector - Connector mappings properties for a Swimlane connector
  12. -
  13. Create_connector_request_body_properties - Create connector request body properties
  14. -
  15. Get_connector_types_response_body_properties_inner -
  16. -
  17. Get_connectors_response_body_properties - Get connectors response body properties
  18. -
  19. Legacy_create_connector_request_properties - Legacy create connector request properties
  20. -
  21. Legacy_get_connector_types_response_body_properties_inner -
  22. -
  23. Legacy_run_connector_request_body_properties - Legacy run connector request body properties
  24. -
  25. Legacy_update_connector_request_body_properties - Legacy update connector request body properties
  26. -
  27. Not_found_response - Not found response
  28. -
  29. Rule_name_mapping - Rule name mapping
  30. -
  31. Run_connector_request_body_properties - Run connector request body properties
  32. -
  33. Run_connector_request_body_properties_params -
  34. -
  35. Severity_mapping - Severity mapping
  36. -
  37. Subaction_parameters - Subaction parameters
  38. -
  39. Unauthorized_response - Unauthorized response
  40. -
  41. Update_connector_request_body_properties - Update connector request body properties
  42. -
  43. action_response_properties - Action response properties
  44. -
  45. config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector
  46. -
  47. config_properties_d3security - Connector request properties for a D3 Security connector
  48. -
  49. config_properties_email - Connector request properties for an email connector
  50. -
  51. config_properties_genai - Connector request properties for an OpenAI connector
  52. -
  53. config_properties_genai_oneOf -
  54. -
  55. config_properties_genai_oneOf_1 -
  56. -
  57. config_properties_index - Connector request properties for an index connector
  58. -
  59. config_properties_jira - Connector request properties for a Jira connector
  60. -
  61. config_properties_opsgenie - Connector request properties for an Opsgenie connector
  62. -
  63. config_properties_pagerduty - Connector request properties for a PagerDuty connector
  64. -
  65. config_properties_resilient - Connector request properties for a IBM Resilient connector
  66. -
  67. config_properties_servicenow - Connector request properties for a ServiceNow ITSM connector
  68. -
  69. config_properties_servicenow_itom - Connector request properties for a ServiceNow ITSM connector
  70. -
  71. config_properties_swimlane - Connector request properties for a Swimlane connector
  72. -
  73. config_properties_tines - Connector request properties for a Tines connector
  74. -
  75. config_properties_torq - Connector request properties for a Torq connector
  76. -
  77. config_properties_webhook - Connector request properties for a Webhook connector
  78. -
  79. config_properties_xmatters - Connector request properties for an xMatters connector
  80. -
  81. connector_response_properties - Connector response properties
  82. -
  83. connector_response_properties_cases_webhook - Connector request properties for a Webhook - Case Management connector
  84. -
  85. connector_response_properties_d3security - Connector response properties for a D3 Security connector
  86. -
  87. connector_response_properties_email - Connector response properties for an email connector
  88. -
  89. connector_response_properties_index - Connector response properties for an index connector
  90. -
  91. connector_response_properties_jira - Connector response properties for a Jira connector
  92. -
  93. connector_response_properties_opsgenie - Connector response properties for an Opsgenie connector
  94. -
  95. connector_response_properties_pagerduty - Connector response properties for a PagerDuty connector
  96. -
  97. connector_response_properties_resilient - Connector response properties for a IBM Resilient connector
  98. -
  99. connector_response_properties_serverlog - Connector response properties for a server log connector
  100. -
  101. connector_response_properties_servicenow - Connector response properties for a ServiceNow ITSM connector
  102. -
  103. connector_response_properties_servicenow_itom - Connector response properties for a ServiceNow ITOM connector
  104. -
  105. connector_response_properties_servicenow_sir - Connector response properties for a ServiceNow SecOps connector
  106. -
  107. connector_response_properties_slack_api - Connector response properties for a Slack connector
  108. -
  109. connector_response_properties_slack_webhook - Connector response properties for a Slack connector
  110. -
  111. connector_response_properties_swimlane - Connector response properties for a Swimlane connector
  112. -
  113. connector_response_properties_teams - Connector response properties for a Microsoft Teams connector
  114. -
  115. connector_response_properties_tines - Connector response properties for a Tines connector
  116. -
  117. connector_response_properties_torq - Connector response properties for a Torq connector
  118. -
  119. connector_response_properties_webhook - Connector response properties for a Webhook connector
  120. -
  121. connector_response_properties_xmatters - Connector response properties for an xMatters connector
  122. -
  123. connector_types - Connector types
  124. -
  125. create_connector_request_cases_webhook - Create Webhook - Case Managment connector request
  126. -
  127. create_connector_request_d3security - Create D3 Security connector request
  128. -
  129. create_connector_request_email - Create email connector request
  130. -
  131. create_connector_request_genai - Create OpenAI connector request
  132. -
  133. create_connector_request_index - Create index connector request
  134. -
  135. create_connector_request_jira - Create Jira connector request
  136. -
  137. create_connector_request_opsgenie - Create Opsgenie connector request
  138. -
  139. create_connector_request_pagerduty - Create PagerDuty connector request
  140. -
  141. create_connector_request_resilient - Create IBM Resilient connector request
  142. -
  143. create_connector_request_serverlog - Create server log connector request
  144. -
  145. create_connector_request_servicenow - Create ServiceNow ITSM connector request
  146. -
  147. create_connector_request_servicenow_itom - Create ServiceNow ITOM connector request
  148. -
  149. create_connector_request_servicenow_sir - Create ServiceNow SecOps connector request
  150. -
  151. create_connector_request_slack_api - Create Slack connector request
  152. -
  153. create_connector_request_slack_webhook - Create Slack connector request
  154. -
  155. create_connector_request_swimlane - Create Swimlane connector request
  156. -
  157. create_connector_request_teams - Create Microsoft Teams connector request
  158. -
  159. create_connector_request_tines - Create Tines connector request
  160. -
  161. create_connector_request_torq - Create Torq connector request
  162. -
  163. create_connector_request_webhook - Create Webhook connector request
  164. -
  165. create_connector_request_xmatters - Create xMatters connector request
  166. -
  167. features -
  168. -
  169. getConnector_404_response -
  170. -
  171. legacyRunConnector_200_response -
  172. -
  173. runConnector_200_response -
  174. -
  175. runConnector_200_response_data -
  176. -
  177. run_connector_params_documents - Index connector parameters
  178. -
  179. run_connector_params_level_message - Server log connector parameters
  180. -
  181. run_connector_subaction_addevent - The addEvent subaction
  182. -
  183. run_connector_subaction_addevent_subActionParams -
  184. -
  185. run_connector_subaction_closealert - The closeAlert subaction
  186. -
  187. run_connector_subaction_closealert_subActionParams -
  188. -
  189. run_connector_subaction_createalert - The createAlert subaction
  190. -
  191. run_connector_subaction_createalert_subActionParams -
  192. -
  193. run_connector_subaction_createalert_subActionParams_responders_inner -
  194. -
  195. run_connector_subaction_createalert_subActionParams_visibleTo_inner -
  196. -
  197. run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction
  198. -
  199. run_connector_subaction_fieldsbyissuetype_subActionParams -
  200. -
  201. run_connector_subaction_getchoices - The getChoices subaction
  202. -
  203. run_connector_subaction_getchoices_subActionParams -
  204. -
  205. run_connector_subaction_getfields - The getFields subaction
  206. -
  207. run_connector_subaction_getincident - The getIncident subaction
  208. -
  209. run_connector_subaction_getincident_subActionParams -
  210. -
  211. run_connector_subaction_issue - The issue subaction
  212. -
  213. run_connector_subaction_issue_subActionParams -
  214. -
  215. run_connector_subaction_issues - The issues subaction
  216. -
  217. run_connector_subaction_issues_subActionParams -
  218. -
  219. run_connector_subaction_issuetypes - The issueTypes subaction
  220. -
  221. run_connector_subaction_pushtoservice - The pushToService subaction
  222. -
  223. run_connector_subaction_pushtoservice_subActionParams -
  224. -
  225. run_connector_subaction_pushtoservice_subActionParams_comments_inner -
  226. -
  227. run_connector_subaction_pushtoservice_subActionParams_incident -
  228. -
  229. run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip -
  230. -
  231. run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash -
  232. -
  233. run_connector_subaction_pushtoservice_subActionParams_incident_malware_url -
  234. -
  235. run_connector_subaction_pushtoservice_subActionParams_incident_source_ip -
  236. -
  237. secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
  238. -
  239. secrets_properties_d3security - Connector secrets properties for a D3 Security connector
  240. -
  241. secrets_properties_email - Connector secrets properties for an email connector
  242. -
  243. secrets_properties_genai - Connector secrets properties for an OpenAI connector
  244. -
  245. secrets_properties_jira - Connector secrets properties for a Jira connector
  246. -
  247. secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
  248. -
  249. secrets_properties_pagerduty - Connector secrets properties for a PagerDuty connector
  250. -
  251. secrets_properties_resilient - Connector secrets properties for IBM Resilient connector
  252. -
  253. secrets_properties_servicenow - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors
  254. -
  255. secrets_properties_slack_api - Connector secrets properties for a Web API Slack connector
  256. -
  257. secrets_properties_slack_webhook - Connector secrets properties for a Webhook Slack connector
  258. -
  259. secrets_properties_swimlane - Connector secrets properties for a Swimlane connector
  260. -
  261. secrets_properties_teams - Connector secrets properties for a Microsoft Teams connector
  262. -
  263. secrets_properties_tines - Connector secrets properties for a Tines connector
  264. -
  265. secrets_properties_torq - Connector secrets properties for a Torq connector
  266. -
  267. secrets_properties_webhook - Connector secrets properties for a Webhook connector
  268. -
  269. secrets_properties_xmatters - Connector secrets properties for an xMatters connector
  270. -
  271. updateConnector_400_response -
  272. -
  273. update_connector_request_cases_webhook - Update Webhook - Case Managment connector request
  274. -
  275. update_connector_request_d3security - Update D3 Security connector request
  276. -
  277. update_connector_request_email - Update email connector request
  278. -
  279. update_connector_request_index - Update index connector request
  280. -
  281. update_connector_request_jira - Update Jira connector request
  282. -
  283. update_connector_request_opsgenie - Update Opsgenie connector request
  284. -
  285. update_connector_request_pagerduty - Update PagerDuty connector request
  286. -
  287. update_connector_request_resilient - Update IBM Resilient connector request
  288. -
  289. update_connector_request_serverlog - Update server log connector request
  290. -
  291. update_connector_request_servicenow - Update ServiceNow ITSM connector or ServiceNow SecOps request
  292. -
  293. update_connector_request_servicenow_itom - Create ServiceNow ITOM connector request
  294. -
  295. update_connector_request_slack_api - Update Slack connector request
  296. -
  297. update_connector_request_slack_webhook - Update Slack connector request
  298. -
  299. update_connector_request_swimlane - Update Swimlane connector request
  300. -
  301. update_connector_request_teams - Update Microsoft Teams connector request
  302. -
  303. update_connector_request_tines - Update Tines connector request
  304. -
  305. update_connector_request_torq - Update Torq connector request
  306. -
  307. update_connector_request_webhook - Update Webhook connector request
  308. -
  309. update_connector_request_xmatters - Update xMatters connector request
  310. -
- -
-

Alert_identifier_mapping - Alert identifier mapping Up

-
Mapping for the alert ID.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_comment_mapping - Case comment mapping Up

-
Mapping for the case comments.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_description_mapping - Case description mapping Up

-
Mapping for the case description.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_identifier_mapping - Case identifier mapping Up

-
Mapping for the case ID.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_name_mapping - Case name mapping Up

-
Mapping for the case name.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Connector_mappings_properties_for_a_Swimlane_connector - Connector mappings properties for a Swimlane connector Up

-
The field mapping.
-
-
alertIdConfig (optional)
-
caseIdConfig (optional)
-
caseNameConfig (optional)
-
commentsConfig (optional)
-
descriptionConfig (optional)
-
ruleNameConfig (optional)
-
severityConfig (optional)
-
-
-
-

Create_connector_request_body_properties - Create connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
name
String The display name for the connector.
-
secrets
-
-
-
-

Get_connector_types_response_body_properties_inner - Up

-
-
-
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
-
enabled_in_config (optional)
Boolean Indicates whether the connector type is enabled in the Kibana .yml file.
-
enabled_in_license (optional)
Boolean Indicates whether the connector is enabled in the license.
-
id (optional)
-
minimum_license_required (optional)
String The license that is required to use the connector type.
-
name (optional)
String The name of the connector type.
-
supported_feature_ids (optional)
array[features] The Kibana features that are supported by the connector type.
-
-
-
-

Get_connectors_response_body_properties - Get connectors response body properties Up

-
The properties vary for each connector type.
-
-
connector_type_id
-
config (optional)
map[String, oas_any_type_not_mapped] The configuration for the connector. Configuration properties vary depending on the connector type.
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
referenced_by_count
Integer Indicates the number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated.
-
-
-
-

Legacy_create_connector_request_properties - Legacy create connector request properties Up

-
-
-
actionTypeId (optional)
String The connector type identifier.
-
config (optional)
Object The configuration for the connector. Configuration properties vary depending on the connector type.
-
name (optional)
String The display name for the connector.
-
secrets (optional)
Object The secrets configuration for the connector. Secrets configuration properties vary depending on the connector type. NOTE: Remember these values. You must provide them each time you update the connector.
-
-
-
-

Legacy_get_connector_types_response_body_properties_inner - Up

-
-
-
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
-
enabledInConfig (optional)
Boolean Indicates whether the connector type is enabled in the Kibana .yml file.
-
enabledInLicense (optional)
Boolean Indicates whether the connector is enabled in the license.
-
id (optional)
String The unique identifier for the connector type.
-
minimumLicenseRequired (optional)
String The license that is required to use the connector type.
-
name (optional)
String The name of the connector type.
-
-
-
-

Legacy_run_connector_request_body_properties - Legacy run connector request body properties Up

-
The properties vary depending on the connector type.
-
-
params
Object The parameters of the connector. Parameter properties vary depending on the connector type.
-
-
-
-

Legacy_update_connector_request_body_properties - Legacy update connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config (optional)
Object The new connector configuration. Configuration properties vary depending on the connector type.
-
name (optional)
String The new name for the connector.
-
secrets (optional)
Object The updated secrets configuration for the connector. Secrets properties vary depending on the connector type.
-
-
-
-

Not_found_response - Not found response Up

-
-
-
error (optional)
-
Enum:
-
Not Found
-
message (optional)
-
statusCode (optional)
-
Enum:
-
404
-
-
-
-

Rule_name_mapping - Rule name mapping Up

-
Mapping for the name of the alert's rule.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
- -
-

Run_connector_request_body_properties_params - Up

-
-
-
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
-
level (optional)
String The log level of the message for server log connectors.
-
Enum:
-
debug
error
fatal
info
trace
warn
-
message
String The message for server log connectors.
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

Severity_mapping - Severity mapping Up

-
Mapping for the severity.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Subaction_parameters - Subaction parameters Up

-
Test an action that involves a subaction.
-
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

Unauthorized_response - Unauthorized response Up

-
-
-
error (optional)
-
Enum:
-
Unauthorized
-
message (optional)
-
statusCode (optional)
-
Enum:
-
401
-
-
-
-

Update_connector_request_body_properties - Update connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config
-
name
String The display name for the connector.
-
secrets
-
connector_type_id
String The type of connector.
-
Enum:
-
.gen-ai
-
-
-
-

action_response_properties - Action response properties Up

-
The properties vary depending on the action type.
-
-
actionTypeId (optional)
-
config (optional)
-
id (optional)
-
isDeprecated (optional)
Boolean Indicates whether the action type is deprecated.
-
isMissingSecrets (optional)
Boolean Indicates whether secrets are missing for the action.
-
isPreconfigured (optional)
Boolean Indicates whether it is a preconfigured action.
-
name (optional)
-
-
-
-

config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector Up

-
Defines properties for connectors when type is .cases-webhook.
-
-
createCommentJson (optional)
String A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is case.comment. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-
createCommentMethod (optional)
String The REST API HTTP request method to create a case comment in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
createCommentUrl (optional)
String The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
createIncidentJson
String A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-
createIncidentMethod (optional)
String The REST API HTTP request method to create a case in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
createIncidentResponseKey
String The JSON key in the create case response that contains the external case ID.
-
createIncidentUrl
String The REST API URL to create a case in the third-party system. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
getIncidentResponseExternalTitleKey
String The JSON key in get case response that contains the external case title.
-
getIncidentUrl
String The REST API URL to get the case by ID from the third-party system. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-
hasAuth (optional)
Boolean If true, a username and password for login type authentication must be provided.
-
headers (optional)
String A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
-
updateIncidentJson
String The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-
updateIncidentMethod (optional)
String The REST API HTTP request method to update the case in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
updateIncidentUrl
String The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
viewIncidentUrl
String The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
-
-
-
-

config_properties_d3security - Connector request properties for a D3 Security connector Up

-
Defines properties for connectors when type is .d3security.
-
-
url
String The D3 Security API request URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
-
-
-

config_properties_email - Connector request properties for an email connector Up

-
Defines properties for connectors when type is .email.
-
-
clientId (optional)
String The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If service is exchange_server, this property is required.
-
from
String The from address for all emails sent by the connector. It must be specified in user@host-name format.
-
hasAuth (optional)
Boolean Specifies whether a user and password are required inside the secrets configuration.
-
host (optional)
String The host name of the service provider. If the service is elastic_cloud (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If service is other, this property must be defined.
-
oauthTokenUrl (optional)
-
port (optional)
Integer The port to connect to on the service provider. If the service is elastic_cloud (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If service is other, this property must be defined.
-
secure (optional)
Boolean Specifies whether the connection to the service provider will use TLS. If the service is elastic_cloud (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.
-
service (optional)
String The name of the email service.
-
Enum:
-
elastic_cloud
exchange_server
gmail
other
outlook365
ses
-
tenantId (optional)
String The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If service is exchange_server, this property is required.
-
-
-
-

config_properties_genai - Connector request properties for an OpenAI connector Up

-
Defines properties for connectors when type is .gen-ai.
-
-
apiProvider
String The OpenAI API provider.
-
Enum:
-
OpenAI
-
apiUrl
String The OpenAI API endpoint.
-
defaultModel (optional)
String The default model to use for requests.
-
-
-
-

config_properties_genai_oneOf - Up

-
-
-
apiProvider
String The OpenAI API provider.
-
Enum:
-
Azure OpenAI
-
apiUrl
String The OpenAI API endpoint.
-
-
-
-

config_properties_genai_oneOf_1 - Up

-
-
-
apiProvider
String The OpenAI API provider.
-
Enum:
-
OpenAI
-
apiUrl
String The OpenAI API endpoint.
-
defaultModel (optional)
String The default model to use for requests.
-
-
-
-

config_properties_index - Connector request properties for an index connector Up

-
Defines properties for connectors when type is .index.
-
-
executionTimeField (optional)
String A field that indicates when the document was indexed.
-
index
String The Elasticsearch index to be written to.
-
refresh (optional)
Boolean The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
-
-
-
-

config_properties_jira - Connector request properties for a Jira connector Up

-
Defines properties for connectors when type is .jira.
-
-
apiUrl
String The Jira instance URL.
-
projectKey
String The Jira project key.
-
-
-
-

config_properties_opsgenie - Connector request properties for an Opsgenie connector Up

-
Defines properties for connectors when type is .opsgenie.
-
-
apiUrl
String The Opsgenie URL. For example, https://api.opsgenie.com or https://api.eu.opsgenie.com. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
-
-
-

config_properties_pagerduty - Connector request properties for a PagerDuty connector Up

-
Defines properties for connectors when type is .pagerduty.
-
-
apiUrl (optional)
String The PagerDuty event URL.
-
-
-
-

config_properties_resilient - Connector request properties for a IBM Resilient connector Up

-
Defines properties for connectors when type is .resilient.
-
-
apiUrl
String The IBM Resilient instance URL.
-
orgId
String The IBM Resilient organization ID.
-
-
-
-

config_properties_servicenow - Connector request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
apiUrl
String The ServiceNow instance URL.
-
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when isOAuth is true.
-
isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when isOAuth is true.
-
userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is Email, the user identifier should be the user's email address. This property is required when isOAuth is true.
-
usesTableApi (optional)
Boolean Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to false, the Elastic application should be installed in ServiceNow.
-
-
-
-

config_properties_servicenow_itom - Connector request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
apiUrl
String The ServiceNow instance URL.
-
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when isOAuth is true.
-
isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when isOAuth is true.
-
userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is Email, the user identifier should be the user's email address. This property is required when isOAuth is true.
-
-
-
-

config_properties_swimlane - Connector request properties for a Swimlane connector Up

-
Defines properties for connectors when type is .swimlane.
-
-
apiUrl
String The Swimlane instance URL.
-
appId
String The Swimlane application ID.
-
connectorType
String The type of connector. Valid values are all, alerts, and cases.
-
Enum:
-
all
alerts
cases
-
mappings (optional)
-
-
-
-

config_properties_tines - Connector request properties for a Tines connector Up

-
Defines properties for connectors when type is .tines.
-
-
url
String The Tines tenant URL. If you are using the xpack.actions.allowedHosts setting, make sure this hostname is added to the allowed hosts.
-
-
-
-

config_properties_torq - Connector request properties for a Torq connector Up

-
Defines properties for connectors when type is .torq.
-
-
webhookIntegrationUrl
String The endpoint URL of the Elastic Security integration in Torq.
-
-
-
-

config_properties_webhook - Connector request properties for a Webhook connector Up

-
Defines properties for connectors when type is .webhook.
-
-
authType (optional)
String The type of authentication to use: basic, SSL, or none.
-
Enum:
-
webhook-authentication-basic
webhook-authentication-ssl
null
-
ca (optional)
String A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-
certType (optional)
String If the authType is webhook-authentication-ssl, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
-
Enum:
-
ssl-crt-key
ssl-pfx
-
hasAuth (optional)
Boolean If true, a user name and password must be provided for login type authentication.
-
headers (optional)
Object A set of key-value pairs sent as headers with the request.
-
method (optional)
String The HTTP request method, either post or put.
-
Enum:
-
post
put
-
url (optional)
String The request URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
verificationMode (optional)
String Controls the verification of certificates. Use full to validate that the certificate has an issue date within the not_before and not_after dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use certificate to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use none to skip certificate validation.
-
Enum:
-
certificate
full
none
-
-
-
-

config_properties_xmatters - Connector request properties for an xMatters connector Up

-
Defines properties for connectors when type is .xmatters.
-
-
configUrl (optional)
String The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when usesBasic is true.
-
usesBasic (optional)
Boolean Specifies whether the connector uses HTTP basic authentication (true) or URL authentication (false).
-
-
-
-

connector_response_properties - Connector response properties Up

-
The properties vary depending on the connector type.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_cases_webhook - Connector request properties for a Webhook - Case Management connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.cases-webhook
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_d3security - Connector response properties for a D3 Security connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.d3security
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_email - Connector response properties for an email connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.email
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_index - Connector response properties for an index connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.index
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_jira - Connector response properties for a Jira connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.jira
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_opsgenie - Connector response properties for an Opsgenie connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.opsgenie
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_pagerduty - Connector response properties for a PagerDuty connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.pagerduty
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_resilient - Connector response properties for a IBM Resilient connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.resilient
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_serverlog - Connector response properties for a server log connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.server-log
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow - Connector response properties for a ServiceNow ITSM connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow_itom - Connector response properties for a ServiceNow ITOM connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-itom
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow_sir - Connector response properties for a ServiceNow SecOps connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-sir
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_slack_api - Connector response properties for a Slack connector Up

-
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack_api
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_slack_webhook - Connector response properties for a Slack connector Up

-
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_swimlane - Connector response properties for a Swimlane connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.swimlane
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_teams - Connector response properties for a Microsoft Teams connector Up

-
-
-
config (optional)
-
connector_type_id
String The type of connector.
-
Enum:
-
.teams
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_tines - Connector response properties for a Tines connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.tines
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_torq - Connector response properties for a Torq connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.torq
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_webhook - Connector response properties for a Webhook connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.webhook
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_xmatters - Connector response properties for an xMatters connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
-
name
String The display name for the connector.
-
-
-
-

connector_types - Connector types Up

-
The type of connector. For example, .email, .index, .jira, .opsgenie, or .server-log.
-
-
-
-
-

create_connector_request_cases_webhook - Create Webhook - Case Managment connector request Up

-
The Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.cases-webhook
-
name
String The display name for the connector.
-
secrets (optional)
-
-
-
-

create_connector_request_d3security - Create D3 Security connector request Up

-
The connector uses axios to send a POST request to a D3 Security endpoint.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.d3security
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_email - Create email connector request Up

-
The email connector uses the SMTP protocol to send mail messages, using an integration of Nodemailer. An exception is Microsoft Exchange, which uses HTTP protocol for sending emails, Send mail. Email message text is sent as both plain text and html text.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.email
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_genai - Create OpenAI connector request Up

-
The OpenAI connector uses axios to send a POST request to either OpenAI or Azure OpenAPI.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.gen-ai
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_index - Create index connector request Up

-
The index connector indexes a document into Elasticsearch.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.index
-
name
String The display name for the connector.
-
-
-
-

create_connector_request_jira - Create Jira connector request Up

-
The Jira connector uses the REST API v2 to create Jira issues.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.jira
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_opsgenie - Create Opsgenie connector request Up

-
The Opsgenie connector uses the Opsgenie alert API.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.opsgenie
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_pagerduty - Create PagerDuty connector request Up

-
The PagerDuty connector uses the v2 Events API to trigger, acknowledge, and resolve PagerDuty alerts.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.pagerduty
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_resilient - Create IBM Resilient connector request Up

-
The IBM Resilient connector uses the RESILIENT REST v2 to create IBM Resilient incidents.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.resilient
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_serverlog - Create server log connector request Up

-
This connector writes an entry to the Kibana server log.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.server-log
-
name
String The display name for the connector.
-
-
-
-

create_connector_request_servicenow - Create ServiceNow ITSM connector request Up

-
The ServiceNow ITSM connector uses the import set API to create ServiceNow incidents. You can use the connector for rule actions and cases.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_servicenow_itom - Create ServiceNow ITOM connector request Up

-
The ServiceNow ITOM connector uses the event API to create ServiceNow events. You can use the connector for rule actions.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-itom
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_servicenow_sir - Create ServiceNow SecOps connector request Up

-
The ServiceNow SecOps connector uses the import set API to create ServiceNow security incidents. You can use the connector for rule actions and cases.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-sir
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_slack_api - Create Slack connector request Up

-
The Slack connector uses Slack Incoming Webhooks.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack_api
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_slack_webhook - Create Slack connector request Up

-
The Slack connector uses Slack Incoming Webhooks.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_swimlane - Create Swimlane connector request Up

-
The Swimlane connector uses the Swimlane REST API to create Swimlane records.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.swimlane
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_teams - Create Microsoft Teams connector request Up

-
The Microsoft Teams connector uses Incoming Webhooks.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.teams
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_tines - Create Tines connector request Up

-
The Tines connector uses Tines Webhook actions to send events via POST request.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.tines
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_torq - Create Torq connector request Up

-
The Torq connector uses a Torq webhook to trigger workflows with Kibana actions.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.torq
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_webhook - Create Webhook connector request Up

-
The Webhook connector uses axios to send a POST or PUT request to a web service.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.webhook
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_xmatters - Create xMatters connector request Up

-
The xMatters connector uses the xMatters Workflow for Elastic to send actionable alerts to on-call xMatters resources.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
name
String The display name for the connector.
-
secrets
-
-
-
-

features - Up

-
The feature that uses the connector. Valid values are alerting, cases, uptime, and siem.
-
-
-
-
-

getConnector_404_response - Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

legacyRunConnector_200_response - Up

-
-
-
actionId (optional)
-
data (optional)
-
status (optional)
String The status of the action.
-
-
-
-

runConnector_200_response - Up

-
-
-
connector_id
String The identifier for the connector.
-
data (optional)
-
status
String The status of the action.
-
Enum:
-
error
ok
-
-
- -
-

run_connector_params_documents - Index connector parameters Up

-
Test an action that indexes a document into Elasticsearch.
-
-
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
-
-
-
-

run_connector_params_level_message - Server log connector parameters Up

-
Test an action that writes an entry to the Kibana server log.
-
-
level (optional)
String The log level of the message for server log connectors.
-
Enum:
-
debug
error
fatal
info
trace
warn
-
message
String The message for server log connectors.
-
-
-
-

run_connector_subaction_addevent - The addEvent subaction Up

-
The addEvent subaction for ServiceNow ITOM connectors.
-
-
subAction
String The action to test.
-
Enum:
-
addEvent
-
subActionParams (optional)
-
-
-
-

run_connector_subaction_addevent_subActionParams - Up

-
The set of configuration properties for the action.
-
-
additional_info (optional)
String Additional information about the event.
-
description (optional)
String The details about the event.
-
event_class (optional)
String A specific instance of the source.
-
message_key (optional)
String All actions sharing this key are associated with the same ServiceNow alert. The default value is <rule ID>:<alert instance ID>.
-
metric_name (optional)
String The name of the metric.
-
node (optional)
String The host that the event was triggered for.
-
resource (optional)
String The name of the resource.
-
severity (optional)
String The severity of the event.
-
source (optional)
String The name of the event source type.
-
time_of_event (optional)
String The time of the event.
-
type (optional)
String The type of event.
-
-
-
-

run_connector_subaction_closealert - The closeAlert subaction Up

-
The closeAlert subaction for Opsgenie connectors.
-
-
subAction
String The action to test.
-
Enum:
-
closeAlert
-
subActionParams
-
-
-
-

run_connector_subaction_closealert_subActionParams - Up

-
-
-
alias
String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
-
note (optional)
String Additional information for the alert.
-
source (optional)
String The display name for the source of the alert.
-
user (optional)
String The display name for the owner.
-
-
-
-

run_connector_subaction_createalert - The createAlert subaction Up

-
The createAlert subaction for Opsgenie connectors.
-
-
subAction
String The action to test.
-
Enum:
-
createAlert
-
subActionParams
-
-
-
-

run_connector_subaction_createalert_subActionParams - Up

-
-
-
actions (optional)
array[String] The custom actions available to the alert.
-
alias (optional)
String The unique identifier used for alert deduplication in Opsgenie.
-
description (optional)
String A description that provides detailed information about the alert.
-
details (optional)
map[String, oas_any_type_not_mapped] The custom properties of the alert.
-
entity (optional)
String The domain of the alert. For example, the application or server name.
-
message
String The alert message.
-
note (optional)
String Additional information for the alert.
-
priority (optional)
String The priority level for the alert.
-
Enum:
-
P1
P2
P3
P4
P5
-
responders (optional)
array[run_connector_subaction_createalert_subActionParams_responders_inner] The entities to receive notifications about the alert. If type is user, either id or username is required. If type is team, either id or name is required.
-
source (optional)
String The display name for the source of the alert.
-
tags (optional)
array[String] The tags for the alert.
-
user (optional)
String The display name for the owner.
-
visibleTo (optional)
array[run_connector_subaction_createalert_subActionParams_visibleTo_inner] The teams and users that the alert will be visible to without sending a notification. Only one of id, name, or username is required.
-
-
-
-

run_connector_subaction_createalert_subActionParams_responders_inner - Up

-
-
-
id (optional)
String The identifier for the entity.
-
name (optional)
String The name of the entity.
-
type (optional)
String The type of responders, in this case escalation.
-
Enum:
-
escalation
schedule
team
user
-
username (optional)
String A valid email address for the user.
-
-
-
-

run_connector_subaction_createalert_subActionParams_visibleTo_inner - Up

-
-
-
id (optional)
String The identifier for the entity.
-
name (optional)
String The name of the entity.
-
type
String Valid values are team and user.
-
Enum:
-
team
user
-
username (optional)
String The user name. This property is required only when the type is user.
-
-
-
-

run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction Up

-
The fieldsByIssueType subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
fieldsByIssueType
-
subActionParams
-
-
-
-

run_connector_subaction_fieldsbyissuetype_subActionParams - Up

-
-
-
id
String The Jira issue type identifier.
-
-
-
-

run_connector_subaction_getchoices - The getChoices subaction Up

-
The getChoices subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getChoices
-
subActionParams
-
-
-
-

run_connector_subaction_getchoices_subActionParams - Up

-
The set of configuration properties for the action.
-
-
fields
array[String] An array of fields.
-
-
-
-

run_connector_subaction_getfields - The getFields subaction Up

-
The getFields subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getFields
-
-
-
-

run_connector_subaction_getincident - The getIncident subaction Up

-
The getIncident subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getIncident
-
subActionParams
-
-
-
-

run_connector_subaction_getincident_subActionParams - Up

-
-
-
externalId
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
-
-
-
-

run_connector_subaction_issue - The issue subaction Up

-
The issue subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issue
-
subActionParams (optional)
-
-
-
-

run_connector_subaction_issue_subActionParams - Up

-
-
-
id
String The Jira issue identifier.
-
-
-
-

run_connector_subaction_issues - The issues subaction Up

-
The issues subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issues
-
subActionParams
-
-
-
-

run_connector_subaction_issues_subActionParams - Up

-
-
-
title
String The title of the Jira issue.
-
-
-
-

run_connector_subaction_issuetypes - The issueTypes subaction Up

-
The issueTypes subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issueTypes
-
-
-
-

run_connector_subaction_pushtoservice - The pushToService subaction Up

-
The pushToService subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
-
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams - Up

-
The set of configuration properties for the action.
-
-
comments (optional)
array[run_connector_subaction_pushtoservice_subActionParams_comments_inner] Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
-
incident (optional)
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_comments_inner - Up

-
-
-
comment (optional)
String A comment related to the incident. For example, describe how to troubleshoot the issue.
-
commentId (optional)
Integer A unique identifier for the comment.
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident - Up

-
Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
-
-
alertId (optional)
String The alert identifier for Swimlane connectors.
-
caseId (optional)
String The case identifier for the incident for Swimlane connectors.
-
caseName (optional)
String The case name for the incident for Swimlane connectors.
-
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
correlation_display (optional)
String A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
-
correlation_id (optional)
String The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
-
description (optional)
String The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
-
dest_ip (optional)
-
externalId (optional)
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
-
impact (optional)
String The impact of the incident for ServiceNow ITSM connectors.
-
issueType (optional)
Integer The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set subAction to issueTypes.
-
labels (optional)
array[String] The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
-
malware_hash (optional)
-
malware_url (optional)
-
parent (optional)
String The ID or key of the parent issue for Jira connectors. Applies only to Sub-task types of issues.
-
priority (optional)
String The priority of the incident in Jira and ServiceNow SecOps connectors.
-
ruleName (optional)
String The rule name for Swimlane connectors.
-
severity (optional)
String The severity of the incident for ServiceNow ITSM and Swimlane connectors.
-
short_description (optional)
String A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
-
source_ip (optional)
-
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
summary (optional)
String A summary of the incident for Jira connectors.
-
title (optional)
String A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
-
urgency (optional)
String The urgency of the incident for ServiceNow ITSM connectors.
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip - Up

-
A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash - Up

-
A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_malware_url - Up

-
A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_source_ip - Up

-
A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
-
-
-
-
-

secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

-
-
-
password (optional)
String The password for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
user (optional)
String The username for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
-
-
-

secrets_properties_d3security - Connector secrets properties for a D3 Security connector Up

-
Defines secrets for connectors when type is .d3security.
-
-
token
String The D3 Security token.
-
-
-
-

secrets_properties_email - Connector secrets properties for an email connector Up

-
Defines secrets for connectors when type is .email.
-
-
clientSecret (optional)
String The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If service is exchange_server, this property is required.
-
password (optional)
String The password for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
user (optional)
String The username for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
-
-
-

secrets_properties_genai - Connector secrets properties for an OpenAI connector Up

-
Defines secrets for connectors when type is .gen-ai.
-
-
apiKey (optional)
String The OpenAI API key.
-
-
-
-

secrets_properties_jira - Connector secrets properties for a Jira connector Up

-
Defines secrets for connectors when type is .jira.
-
-
apiToken
String The Jira API authentication token for HTTP basic authentication.
-
email
String The account email for HTTP Basic authentication.
-
-
-
-

secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector Up

-
Defines secrets for connectors when type is .opsgenie.
-
-
apiKey
String The Opsgenie API authentication key for HTTP Basic authentication.
-
-
-
-

secrets_properties_pagerduty - Connector secrets properties for a PagerDuty connector Up

-
Defines secrets for connectors when type is .pagerduty.
-
-
routingKey
String A 32 character PagerDuty Integration Key for an integration on a service.
-
-
-
-

secrets_properties_resilient - Connector secrets properties for IBM Resilient connector Up

-
Defines secrets for connectors when type is .resilient.
-
-
apiKeyId
String The authentication key ID for HTTP Basic authentication.
-
apiKeySecret
String The authentication key secret for HTTP Basic authentication.
-
-
-
-

secrets_properties_servicenow - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors Up

-
Defines secrets for connectors when type is .servicenow, .servicenow-sir, or .servicenow-itom.
-
-
clientSecret (optional)
String The client secret assigned to your OAuth application. This property is required when isOAuth is true.
-
password (optional)
String The password for HTTP basic authentication. This property is required when isOAuth is false.
-
privateKey (optional)
String The RSA private key that you created for use in ServiceNow. This property is required when isOAuth is true.
-
privateKeyPassword (optional)
String The password for the RSA private key. This property is required when isOAuth is true and you set a password on your private key.
-
username (optional)
String The username for HTTP basic authentication. This property is required when isOAuth is false.
-
-
-
-

secrets_properties_slack_api - Connector secrets properties for a Web API Slack connector Up

-
Defines secrets for connectors when type is .slack.
-
-
token
String Slack bot user OAuth token.
-
-
-
-

secrets_properties_slack_webhook - Connector secrets properties for a Webhook Slack connector Up

-
Defines secrets for connectors when type is .slack.
-
-
webhookUrl
String Slack webhook url.
-
-
-
-

secrets_properties_swimlane - Connector secrets properties for a Swimlane connector Up

-
Defines secrets for connectors when type is .swimlane.
-
-
apiToken (optional)
String Swimlane API authentication token.
-
-
-
-

secrets_properties_teams - Connector secrets properties for a Microsoft Teams connector Up

-
Defines secrets for connectors when type is .teams.
-
-
webhookUrl
String The URL of the incoming webhook. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
-
-
-

secrets_properties_tines - Connector secrets properties for a Tines connector Up

-
Defines secrets for connectors when type is .tines.
-
-
email
String The email used to sign in to Tines.
-
token
String The Tines API token.
-
-
-
-

secrets_properties_torq - Connector secrets properties for a Torq connector Up

-
Defines secrets for connectors when type is .torq.
-
-
token
String The secret of the webhook authentication header.
-
-
-
-

secrets_properties_webhook - Connector secrets properties for a Webhook connector Up

-
Defines secrets for connectors when type is .webhook.
-
-
crt (optional)
String If authType is webhook-authentication-ssl and certType is ssl-crt-key, it is a base64 encoded version of the CRT or CERT file.
-
key (optional)
String If authType is webhook-authentication-ssl and certType is ssl-crt-key, it is a base64 encoded version of the KEY file.
-
pfx (optional)
String If authType is webhook-authentication-ssl and certType is ssl-pfx, it is a base64 encoded version of the PFX or P12 file.
-
password (optional)
String The password for HTTP basic authentication or the passphrase for the SSL certificate files. If hasAuth is set to true and authType is webhook-authentication-basic, this property is required.
-
user (optional)
String The username for HTTP basic authentication. If hasAuth is set to true and authType is webhook-authentication-basic, this property is required.
-
-
-
-

secrets_properties_xmatters - Connector secrets properties for an xMatters connector Up

-
Defines secrets for connectors when type is .xmatters.
-
-
password (optional)
String A user name for HTTP basic authentication. It is applicable only when usesBasic is true.
-
secretsUrl (optional)
String The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when usesBasic is false.
-
user (optional)
String A password for HTTP basic authentication. It is applicable only when usesBasic is true.
-
-
-
-

updateConnector_400_response - Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
- - -
-

update_connector_request_email - Update email connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
secrets (optional)
-
-
-
-

update_connector_request_index - Update index connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
-
-
-

update_connector_request_jira - Update Jira connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
secrets
-
-
- - - -
-

update_connector_request_serverlog - Update server log connector request Up

-
-
-
name
String The display name for the connector.
-
-
- - - - - - - -
-

update_connector_request_torq - Update Torq connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
secrets
-
-
- - -
-++++ diff --git a/docs/api-generated/connectors/connector-apis.asciidoc b/docs/api-generated/connectors/connector-apis.asciidoc deleted file mode 100644 index d35bad3d3d633..0000000000000 --- a/docs/api-generated/connectors/connector-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[connector-apis]] -== Connector APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::connector-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc b/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc deleted file mode 100644 index 116ddbe0d7273..0000000000000 --- a/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc +++ /dev/null @@ -1,205 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Ml

- - -

Ml

-
-
- Up -
get /s/{spaceId}/api/ml/saved_objects/sync
-
Synchronizes Kibana saved objects for machine learning jobs and trained models. (mlSync)
-
You must have all privileges for the Machine Learning feature in the Analytics section of the Kibana feature privileges. This API runs automatically when you start Kibana and periodically thereafter.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
simulate (optional)
- -
Query Parameter — When true, simulates the synchronization by returning only the list of actions that would be performed. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "datafeedsAdded" : {
-    "key" : {
-      "success" : true
-    }
-  },
-  "savedObjectsCreated" : {
-    "anomaly-detector" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "data-frame-analytics" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "trained-model" : {
-      "key" : {
-        "success" : true
-      }
-    }
-  },
-  "savedObjectsDeleted" : {
-    "anomaly-detector" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "data-frame-analytics" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "trained-model" : {
-      "key" : {
-        "success" : true
-      }
-    }
-  },
-  "datafeedsRemoved" : {
-    "key" : {
-      "success" : true
-    }
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call - mlSync200Response -

401

- Authorization information is missing or invalid. - mlSync4xxResponse -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. mlSync200Response - Successful sync API response
  2. -
  3. mlSync4xxResponse - Unsuccessful sync API response
  4. -
  5. mlSyncResponseAnomalyDetectors - Sync API response for anomaly detection jobs
  6. -
  7. mlSyncResponseDataFrameAnalytics - Sync API response for data frame analytics jobs
  8. -
  9. mlSyncResponseDatafeeds - Sync API response for datafeeds
  10. -
  11. mlSyncResponseSavedObjectsCreated - Sync API response for created saved objects
  12. -
  13. mlSyncResponseSavedObjectsDeleted - Sync API response for deleted saved objects
  14. -
  15. mlSyncResponseTrainedModels - Sync API response for trained models
  16. -
- -
-

mlSync200Response - Successful sync API response Up

-
-
-
datafeedsAdded (optional)
map[String, mlSyncResponseDatafeeds] If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API.
-
datafeedsRemoved (optional)
map[String, mlSyncResponseDatafeeds] If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API.
-
savedObjectsCreated (optional)
-
savedObjectsDeleted (optional)
-
-
-
-

mlSync4xxResponse - Unsuccessful sync API response Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

mlSyncResponseAnomalyDetectors - Sync API response for anomaly detection jobs Up

-
The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseDataFrameAnalytics - Sync API response for data frame analytics jobs Up

-
The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseDatafeeds - Sync API response for datafeeds Up

-
The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseSavedObjectsCreated - Sync API response for created saved objects Up

-
If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API.
-
-
anomalyMinusdetector (optional)
map[String, mlSyncResponseAnomalyDetectors] If saved objects are missing for anomaly detection jobs, they are created.
-
dataMinusframeMinusanalytics (optional)
map[String, mlSyncResponseDataFrameAnalytics] If saved objects are missing for data frame analytics jobs, they are created.
-
trainedMinusmodel (optional)
map[String, mlSyncResponseTrainedModels] If saved objects are missing for trained models, they are created.
-
-
-
-

mlSyncResponseSavedObjectsDeleted - Sync API response for deleted saved objects Up

-
If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API.
-
-
anomalyMinusdetector (optional)
map[String, mlSyncResponseAnomalyDetectors] If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted.
-
dataMinusframeMinusanalytics (optional)
map[String, mlSyncResponseDataFrameAnalytics] If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted.
-
trainedMinusmodel (optional)
map[String, mlSyncResponseTrainedModels] If there are saved objects exist for nonexistent trained models, they are deleted.
-
-
-
-

mlSyncResponseTrainedModels - Sync API response for trained models Up

-
The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-++++ diff --git a/docs/api-generated/machine-learning/ml-apis.asciidoc b/docs/api-generated/machine-learning/ml-apis.asciidoc deleted file mode 100644 index 2d87d72616a75..0000000000000 --- a/docs/api-generated/machine-learning/ml-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[machine-learning-apis]] -== Machine learning APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/ml/common/openapi. Any modifications required must be done in that open API specification. -//// - -include::ml-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/rules/rule-apis-passthru.asciidoc b/docs/api-generated/rules/rule-apis-passthru.asciidoc deleted file mode 100644 index 843f073f95e04..0000000000000 --- a/docs/api-generated/rules/rule-apis-passthru.asciidoc +++ /dev/null @@ -1,4905 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Alerting

- - -

Alerting

-
-
- Up -
post /s/{spaceId}/api/alerting/rule
-
Creates a rule with a randomly generated rule identifier. (createRule)
-
To create a rule, you must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're creating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_rule_request create_rule_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "api_key_created_by_user" : false,
-  "enabled" : true,
-  "running" : true,
-  "notify_when" : "notify_when",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "consumer" : "alerts",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-    "outcome_order" : 5,
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "revision" : 2,
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "mute_all" : false,
-  "actions" : [ {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  }, {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  } ]
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}
-
Creates a rule with a specific rule identifier. (createRuleId)
-
To create a rule, you must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're creating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
ruleId (required)
- -
Path Parameter — An UUID v1 or v4 identifier for the rule. If you omit this parameter, an identifier is randomly generated. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_rule_request create_rule_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "api_key_created_by_user" : false,
-  "enabled" : true,
-  "running" : true,
-  "notify_when" : "notify_when",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "consumer" : "alerts",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-    "outcome_order" : 5,
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "revision" : 2,
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "mute_all" : false,
-  "actions" : [ {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  }, {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  } ]
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
delete /s/{spaceId}/api/alerting/rule/{ruleId}
-
Deletes a rule. (deleteRule)
-
To delete a rule, you must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're deleting. For example, the Management > Stack Rules feature, Analytics > Discover or Machine Learning features, Observability, or Security features. WARNING: After you delete a rule, you cannot recover it. If the API key that is used by the rule was created automatically, it is deleted.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_disable
-
Disables a rule. (disableRule)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_enable
-
Enables a rule. (enableRule)
-
To enable a rule, you must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rules/_find
-
Retrieves information about rules. (findRules)
-
You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you're seeking. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. To find rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
default_search_operator (optional)
- -
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
- -
Query Parameter — The fields to return in the attributes key of the response. default: null
filter (optional)
- -
Query Parameter — A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22. default: null
has_reference (optional)
- -
Query Parameter — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
per_page (optional)
- -
Query Parameter — The number of rules to return per page. default: 20
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
search_fields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
sort_field (optional)
- -
Query Parameter — Determines which field is used to sort the results. The field must exist in the attributes key of the response. default: null
sort_order (optional)
- -
Query Parameter — Determines the sort order. default: desc
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "per_page" : 6,
-  "total" : 1,
-  "data" : [ {
-    "throttle" : "10m",
-    "created_at" : "2022-12-05T23:36:58.284Z",
-    "api_key_created_by_user" : false,
-    "enabled" : true,
-    "running" : true,
-    "notify_when" : "notify_when",
-    "next_run" : "2022-12-06T00:14:43.818Z",
-    "updated_at" : "2022-12-05T23:36:58.284Z",
-    "execution_status" : {
-      "last_execution_date" : "2022-12-06T00:13:43.89Z",
-      "last_duration" : 55,
-      "status" : "ok"
-    },
-    "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "consumer" : "alerts",
-    "last_run" : {
-      "alerts_count" : {
-        "ignored" : 6,
-        "new" : 1,
-        "recovered" : 5,
-        "active" : 0
-      },
-      "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-      "outcome_order" : 5,
-      "warning" : "warning",
-      "outcome" : "succeeded"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "created_by" : "elastic",
-    "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-    "rule_type_id" : "monitoring_alert_cluster_health",
-    "revision" : 2,
-    "tags" : [ "tags", "tags" ],
-    "api_key_owner" : "elastic",
-    "schedule" : {
-      "interval" : "1m"
-    },
-    "name" : "cluster_health_rule",
-    "updated_by" : "elastic",
-    "mute_all" : false,
-    "actions" : [ {
-      "alerts_filter" : {
-        "timeframe" : {
-          "hours" : {
-            "start" : "08:00",
-            "end" : "17:00"
-          },
-          "timezone" : "Europe/Madrid",
-          "days" : [ 1, 2, 3, 4, 5 ]
-        },
-        "query" : {
-          "kql" : "kql",
-          "filters" : [ {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          }, {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          } ]
-        }
-      },
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-      "connector_type_id" : ".server-log",
-      "frequency" : {
-        "summary" : true,
-        "throttle" : "10m",
-        "notify_when" : "onActiveAlert"
-      },
-      "group" : "default"
-    }, {
-      "alerts_filter" : {
-        "timeframe" : {
-          "hours" : {
-            "start" : "08:00",
-            "end" : "17:00"
-          },
-          "timezone" : "Europe/Madrid",
-          "days" : [ 1, 2, 3, 4, 5 ]
-        },
-        "query" : {
-          "kql" : "kql",
-          "filters" : [ {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          }, {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          } ]
-        }
-      },
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-      "connector_type_id" : ".server-log",
-      "frequency" : {
-        "summary" : true,
-        "throttle" : "10m",
-        "notify_when" : "onActiveAlert"
-      },
-      "group" : "default"
-    } ]
-  }, {
-    "throttle" : "10m",
-    "created_at" : "2022-12-05T23:36:58.284Z",
-    "api_key_created_by_user" : false,
-    "enabled" : true,
-    "running" : true,
-    "notify_when" : "notify_when",
-    "next_run" : "2022-12-06T00:14:43.818Z",
-    "updated_at" : "2022-12-05T23:36:58.284Z",
-    "execution_status" : {
-      "last_execution_date" : "2022-12-06T00:13:43.89Z",
-      "last_duration" : 55,
-      "status" : "ok"
-    },
-    "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "consumer" : "alerts",
-    "last_run" : {
-      "alerts_count" : {
-        "ignored" : 6,
-        "new" : 1,
-        "recovered" : 5,
-        "active" : 0
-      },
-      "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-      "outcome_order" : 5,
-      "warning" : "warning",
-      "outcome" : "succeeded"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "created_by" : "elastic",
-    "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-    "rule_type_id" : "monitoring_alert_cluster_health",
-    "revision" : 2,
-    "tags" : [ "tags", "tags" ],
-    "api_key_owner" : "elastic",
-    "schedule" : {
-      "interval" : "1m"
-    },
-    "name" : "cluster_health_rule",
-    "updated_by" : "elastic",
-    "mute_all" : false,
-    "actions" : [ {
-      "alerts_filter" : {
-        "timeframe" : {
-          "hours" : {
-            "start" : "08:00",
-            "end" : "17:00"
-          },
-          "timezone" : "Europe/Madrid",
-          "days" : [ 1, 2, 3, 4, 5 ]
-        },
-        "query" : {
-          "kql" : "kql",
-          "filters" : [ {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          }, {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          } ]
-        }
-      },
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-      "connector_type_id" : ".server-log",
-      "frequency" : {
-        "summary" : true,
-        "throttle" : "10m",
-        "notify_when" : "onActiveAlert"
-      },
-      "group" : "default"
-    }, {
-      "alerts_filter" : {
-        "timeframe" : {
-          "hours" : {
-            "start" : "08:00",
-            "end" : "17:00"
-          },
-          "timezone" : "Europe/Madrid",
-          "days" : [ 1, 2, 3, 4, 5 ]
-        },
-        "query" : {
-          "kql" : "kql",
-          "filters" : [ {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          }, {
-            "$state" : "{}",
-            "meta" : {
-              "field" : "field",
-              "controlledBy" : "controlledBy",
-              "negate" : true,
-              "alias" : "alias",
-              "index" : "index",
-              "disabled" : true,
-              "params" : "{}",
-              "type" : "type",
-              "value" : "value",
-              "isMultiIndex" : true,
-              "key" : "key",
-              "group" : "group"
-            },
-            "query" : "{}"
-          } ]
-        }
-      },
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-      "connector_type_id" : ".server-log",
-      "frequency" : {
-        "summary" : true,
-        "throttle" : "10m",
-        "notify_when" : "onActiveAlert"
-      },
-      "group" : "default"
-    } ]
-  } ],
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findRules_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/_health
-
Retrieves the health status of the alerting framework. (getAlertingHealth)
-
You must have read privileges for the Management > Stack Rules feature or for at least one of the Analytics > Discover, Analytics > Machine Learning, Observability, or Security features.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alerting_framework_health" : {
-    "execution_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "read_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "decryption_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    }
-  },
-  "has_permanent_encryption_key" : true,
-  "is_sufficiently_secure" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getAlertingHealth_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rule/{ruleId}
-
Retrieves a rule by its identifier. (getRule)
-
You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you're seeking. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. To get rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "api_key_created_by_user" : false,
-  "enabled" : true,
-  "running" : true,
-  "notify_when" : "notify_when",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "consumer" : "alerts",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-    "outcome_order" : 5,
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "revision" : 2,
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "mute_all" : false,
-  "actions" : [ {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  }, {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  } ]
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rule_types
-
Retrieves a list of rule types. (getRuleTypes)
-
If you have read privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, and Security features. To get rule types associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "recovery_action_group" : {
-    "name" : "name",
-    "id" : "id"
-  },
-  "does_set_recovery_context" : true,
-  "is_exportable" : true,
-  "authorized_consumers" : {
-    "alerts" : {
-      "all" : true,
-      "read" : true
-    },
-    "discover" : {
-      "all" : true,
-      "read" : true
-    },
-    "stackAlerts" : {
-      "all" : true,
-      "read" : true
-    },
-    "infrastructure" : {
-      "all" : true,
-      "read" : true
-    },
-    "siem" : {
-      "all" : true,
-      "read" : true
-    },
-    "monitoring" : {
-      "all" : true,
-      "read" : true
-    },
-    "logs" : {
-      "all" : true,
-      "read" : true
-    },
-    "apm" : {
-      "all" : true,
-      "read" : true
-    },
-    "ml" : {
-      "all" : true,
-      "read" : true
-    },
-    "uptime" : {
-      "all" : true,
-      "read" : true
-    }
-  },
-  "action_groups" : [ {
-    "name" : "name",
-    "id" : "id"
-  }, {
-    "name" : "name",
-    "id" : "id"
-  } ],
-  "minimum_license_required" : "basic",
-  "action_variables" : {
-    "context" : [ {
-      "name" : "name",
-      "description" : "description",
-      "useWithTripleBracesInTemplates" : true
-    }, {
-      "name" : "name",
-      "description" : "description",
-      "useWithTripleBracesInTemplates" : true
-    } ],
-    "state" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "params" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ]
-  },
-  "rule_task_timeout" : "5m",
-  "name" : "name",
-  "enabled_in_license" : true,
-  "producer" : "stackAlerts",
-  "id" : "id",
-  "default_action_group_id" : "default_action_group_id"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}
-
Create an alert. (legacyCreateAlert)
-
Deprecated in 7.13.0. Use the create rule API instead.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_create_alert_request_properties Legacy_create_alert_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_disable
-
Disables an alert. (legacyDisableAlert)
-
Deprecated in 7.13.0. Use the disable rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_enable
-
Enables an alert. (legacyEnableAlert)
-
Deprecated in 7.13.0. Use the enable rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/_find
-
Retrieves a paginated set of alerts. (legacyFindAlerts)
-
Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert params are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
default_search_operator (optional)
- -
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
- -
Query Parameter — The fields to return in the attributes key of the response. default: null
filter (optional)
- -
Query Parameter — A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22. default: null
has_reference (optional)
- -
Query Parameter — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
per_page (optional)
- -
Query Parameter — The number of alerts to return per page. default: 20
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the alerts in the response. default: null
search_fields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
sort_field (optional)
- -
Query Parameter — Determines which field is used to sort the results. The field must exist in the attributes key of the response. default: null
sort_order (optional)
- -
Query Parameter — Determines the sort order. default: desc
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "total" : 1,
-  "perPage" : 6,
-  "data" : [ {
-    "alertTypeId" : ".index-threshold",
-    "throttle" : "throttle",
-    "updatedBy" : "elastic",
-    "executionStatus" : {
-      "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-      "status" : "ok"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "enabled" : true,
-    "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-    "tags" : [ "tags", "tags" ],
-    "createdAt" : "2022-12-05T23:36:58.284Z",
-    "schedule" : {
-      "interval" : "interval"
-    },
-    "notifyWhen" : "onActionGroupChange",
-    "createdBy" : "elastic",
-    "muteAll" : false,
-    "name" : "my alert",
-    "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "actions" : [ "{}", "{}" ],
-    "apiKeyOwner" : "elastic",
-    "updatedAt" : "2022-12-05T23:36:58.284Z"
-  }, {
-    "alertTypeId" : ".index-threshold",
-    "throttle" : "throttle",
-    "updatedBy" : "elastic",
-    "executionStatus" : {
-      "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-      "status" : "ok"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "enabled" : true,
-    "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-    "tags" : [ "tags", "tags" ],
-    "createdAt" : "2022-12-05T23:36:58.284Z",
-    "schedule" : {
-      "interval" : "interval"
-    },
-    "notifyWhen" : "onActionGroupChange",
-    "createdBy" : "elastic",
-    "muteAll" : false,
-    "name" : "my alert",
-    "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "actions" : [ "{}", "{}" ],
-    "apiKeyOwner" : "elastic",
-    "updatedAt" : "2022-12-05T23:36:58.284Z"
-  } ],
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyFindAlerts_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alert/{alertId}
-
Retrieves an alert by its identifier. (legacyGetAlert)
-
Deprecated in 7.13.0. Use the get rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/list_alert_types
-
Retrieves a list of alert types. (legacyGetAlertTypes)
-
Deprecated in 7.13.0. Use the get rule types API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "defaultActionGroupId" : "defaultActionGroupId",
-  "isExportable" : true,
-  "actionVariables" : {
-    "context" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "state" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "params" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ]
-  },
-  "actionGroups" : [ {
-    "name" : "name",
-    "id" : "id"
-  }, {
-    "name" : "name",
-    "id" : "id"
-  } ],
-  "name" : "name",
-  "producer" : "producer",
-  "authorizedConsumers" : "{}",
-  "recoveryActionGroup" : {
-    "name" : "name",
-    "id" : "id"
-  },
-  "enabledInLicense" : true,
-  "id" : "id",
-  "minimumLicenseRequired" : "minimumLicenseRequired"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/_health
-
Retrieves the health status of the alerting framework. (legacyGetAlertingHealth)
-
Deprecated in 7.13.0. Use the get alerting framework health API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "hasPermanentEncryptionKey" : true,
-  "alertingFrameworkHealth" : {
-    "executionHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "decryptionHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "readHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    }
-  },
-  "isSufficientlySecure" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyGetAlertingHealth_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute
-
Mutes an alert instance. (legacyMuteAlertInstance)
-
Deprecated in 7.13.0. Use the mute alert API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
alertInstanceId (required)
- -
Path Parameter — An identifier for the alert instance. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_mute_all
-
Mutes all alert instances. (legacyMuteAllAlertInstances)
-
Deprecated in 7.13.0. Use the mute all alerts API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute
-
Unmutes an alert instance. (legacyUnmuteAlertInstance)
-
Deprecated in 7.13.0. Use the unmute alert API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
alertInstanceId (required)
- -
Path Parameter — An identifier for the alert instance. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_unmute_all
-
Unmutes all alert instances. (legacyUnmuteAllAlertInstances)
-
Deprecated in 7.13.0. Use the unmute all alerts API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/alerts/alert/{alertId}
-
Updates the attributes for an alert. (legacyUpdateAlert)
-
Deprecated in 7.13.0. Use the update rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_update_alert_request_properties Legacy_update_alert_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
delete /s/{spaceId}/api/alerts/alert/{alertId}
-
Permanently removes an alert. (legaryDeleteAlert)
-
Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_mute
-
Mutes an alert. (muteAlert)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_mute_all
-
Mutes all alerts. (muteAllAlerts)
-
This API snoozes the notifications for the rule indefinitely. The rule checks continue to occur but alerts will not trigger any actions. You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute
-
Unmutes an alert. (unmuteAlert)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_unmute_all
-
Unmutes all alerts. (unmuteAllAlerts)
-
If the rule has its notifications snoozed indefinitely, this API cancels the snooze. You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/alerting/rule/{ruleId}
-
Updates the attributes for a rule. (updateRule)
-
To update a rule, you must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're updating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs. NOTE: If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_rule_request update_rule_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "api_key_created_by_user" : false,
-  "enabled" : true,
-  "running" : true,
-  "notify_when" : "notify_when",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "consumer" : "alerts",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : [ "outcome_msg", "outcome_msg" ],
-    "outcome_order" : 5,
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "revision" : 2,
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "mute_all" : false,
-  "actions" : [ {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  }, {
-    "alerts_filter" : {
-      "timeframe" : {
-        "hours" : {
-          "start" : "08:00",
-          "end" : "17:00"
-        },
-        "timezone" : "Europe/Madrid",
-        "days" : [ 1, 2, 3, 4, 5 ]
-      },
-      "query" : {
-        "kql" : "kql",
-        "filters" : [ {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        }, {
-          "$state" : "{}",
-          "meta" : {
-            "field" : "field",
-            "controlledBy" : "controlledBy",
-            "negate" : true,
-            "alias" : "alias",
-            "index" : "index",
-            "disabled" : true,
-            "params" : "{}",
-            "type" : "type",
-            "value" : "value",
-            "isMultiIndex" : true,
-            "key" : "key",
-            "group" : "group"
-          },
-          "query" : "{}"
-        } ]
-      }
-    },
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
-    "connector_type_id" : ".server-log",
-    "frequency" : {
-      "summary" : true,
-      "throttle" : "10m",
-      "notify_when" : "onActiveAlert"
-    },
-    "group" : "default"
-  } ]
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_update_api_key
-
Updates the API key for a rule. (updateRuleAPIKey)
-
The new API key has the credentials of the user that submits the request.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

400

- Bad request - 400_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. 400_response - Bad request
  2. -
  3. 401_response - Unsuccessful rule API response
  4. -
  5. 404_response -
  6. -
  7. Count - Count
  8. -
  9. Count_count -
  10. -
  11. Count_criteria -
  12. -
  13. Count_logView -
  14. -
  15. Legacy_create_alert_request_properties - Legacy create alert request properties
  16. -
  17. Legacy_create_alert_request_properties_schedule -
  18. -
  19. Legacy_update_alert_request_properties - Legacy update alert request properties
  20. -
  21. Legacy_update_alert_request_properties_actions_inner -
  22. -
  23. Legacy_update_alert_request_properties_schedule -
  24. -
  25. Ratio - Ratio
  26. -
  27. actions_inner -
  28. -
  29. actions_inner_alerts_filter -
  30. -
  31. actions_inner_alerts_filter_query -
  32. -
  33. actions_inner_alerts_filter_timeframe -
  34. -
  35. actions_inner_alerts_filter_timeframe_hours -
  36. -
  37. actions_inner_frequency -
  38. -
  39. aggtype -
  40. -
  41. alert_response_properties - Legacy alert response properties
  42. -
  43. alert_response_properties_executionStatus -
  44. -
  45. alert_response_properties_schedule -
  46. -
  47. count_criterion - count criterion
  48. -
  49. create_anomaly_detection_alert_rule_request - Create anomaly detection rule request
  50. -
  51. create_anomaly_detection_jobs_health_rule_request - Create anomaly detection jobs health rule request
  52. -
  53. create_apm_anomaly_rule_request - Create APM anomaly rule rule request
  54. -
  55. create_apm_error_count_rule_request - Create APM error count rule request
  56. -
  57. create_apm_transaction_duration_rule_request - Create latency threshold rule request
  58. -
  59. create_apm_transaction_error_rate_rule_request - Create APM transaction error rate rule request
  60. -
  61. create_es_query_rule_request - Create Elasticsearch query rule request
  62. -
  63. create_geo_containment_rule_request - Create traacking containment rule request
  64. -
  65. create_index_threshold_rule_request - Create index threshold rule request
  66. -
  67. create_infra_inventory_rule_request - Create infra inventory rule request
  68. -
  69. create_infra_metric_anomaly_rule_request - Create infrastructure anomaly rule request
  70. -
  71. create_infra_metric_threshold_rule_request - Create infra metric threshold rule request
  72. -
  73. create_log_threshold_rule_request - Create log threshold rule request
  74. -
  75. create_monitoring_ccr_exceptions_rule_request - Create CCR read exceptions rule request
  76. -
  77. create_monitoring_cluster_health_rule_request - Create cluster health rule request
  78. -
  79. create_monitoring_cpu_usage_rule_request - Create CPU usage rule request
  80. -
  81. create_monitoring_disk_usage_rule_request - Create disk usage rule request
  82. -
  83. create_monitoring_elasticsearch_version_mismatch_rule_request - Create Elasticsearch version mismatch rule request
  84. -
  85. create_monitoring_jvm_memory_usage_rule_request - Create JVM memory usage rule request
  86. -
  87. create_monitoring_kibana_version_mismatch_rule_request - Create Kibana version mismatch rule request
  88. -
  89. create_monitoring_license_expiration_rule_request - Create license expiration rule request
  90. -
  91. create_monitoring_logstash_version_mismatch_rule_request - Create Logstash version mismatch rule request
  92. -
  93. create_monitoring_missing_data_rule_request - Create missing monitoring data rule request
  94. -
  95. create_monitoring_nodes_changed_rule_request - Create nodes changed rule request
  96. -
  97. create_monitoring_shard_size_rule_request - Create shard size rule request
  98. -
  99. create_monitoring_thread_pool_search_rejections_rule_request - Create thread pool search rejections rule request
  100. -
  101. create_monitoring_thread_pool_write_rejections_rule_request - Create thread pool write rejections rule request
  102. -
  103. create_rule_request - Create rule request body properties
  104. -
  105. create_siem_eql_rule_request - Create event correlation rule request
  106. -
  107. create_siem_indicator_rule_request - Create indicator match rule request
  108. -
  109. create_siem_ml_rule_request - Create machine learning rule request
  110. -
  111. create_siem_new_terms_rule_request - Create new terms rule request
  112. -
  113. create_siem_notifications_rule_request - Create security solution notification (legacy) rule request
  114. -
  115. create_siem_query_rule_request - Create custom query rule request
  116. -
  117. create_siem_saved_query_rule_request - Create saved query rule request
  118. -
  119. create_siem_threshold_rule_request - Create threshold rule request
  120. -
  121. create_slo_burn_rate_rule_request - Create slo burn rate rule request
  122. -
  123. create_synthetics_monitor_status_rule_request - Create synthetics monitor status rule request
  124. -
  125. create_synthetics_uptime_duration_anomaly_rule_request - Create synthetics uptime duration anomaly rule request
  126. -
  127. create_synthetics_uptime_tls_certificate_rule_request - Create TLS certificate rule request
  128. -
  129. create_synthetics_uptime_tls_rule_request - Create synthetics uptime TLS rule request
  130. -
  131. create_transform_health_rule_request - Create transform health rule request
  132. -
  133. create_uptime_monitor_status_rule_request - Create uptime monitor status rule request
  134. -
  135. custom_criterion - custom criterion
  136. -
  137. custom_criterion_customMetric_inner -
  138. -
  139. custom_criterion_customMetric_inner_oneOf -
  140. -
  141. custom_criterion_customMetric_inner_oneOf_1 -
  142. -
  143. filter -
  144. -
  145. filter_meta -
  146. -
  147. findRules_200_response -
  148. -
  149. findRules_has_reference_parameter -
  150. -
  151. findRules_search_fields_parameter -
  152. -
  153. getAlertingHealth_200_response -
  154. -
  155. getAlertingHealth_200_response_alerting_framework_health -
  156. -
  157. getAlertingHealth_200_response_alerting_framework_health_decryption_health -
  158. -
  159. getAlertingHealth_200_response_alerting_framework_health_execution_health -
  160. -
  161. getAlertingHealth_200_response_alerting_framework_health_read_health -
  162. -
  163. getRuleTypes_200_response_inner -
  164. -
  165. getRuleTypes_200_response_inner_action_groups_inner -
  166. -
  167. getRuleTypes_200_response_inner_action_variables -
  168. -
  169. getRuleTypes_200_response_inner_action_variables_context_inner -
  170. -
  171. getRuleTypes_200_response_inner_action_variables_params_inner -
  172. -
  173. getRuleTypes_200_response_inner_authorized_consumers -
  174. -
  175. getRuleTypes_200_response_inner_authorized_consumers_alerts -
  176. -
  177. getRuleTypes_200_response_inner_recovery_action_group -
  178. -
  179. groupby -
  180. -
  181. legacyFindAlerts_200_response -
  182. -
  183. legacyGetAlertTypes_200_response_inner -
  184. -
  185. legacyGetAlertTypes_200_response_inner_actionVariables -
  186. -
  187. legacyGetAlertTypes_200_response_inner_actionVariables_context_inner -
  188. -
  189. legacyGetAlertTypes_200_response_inner_recoveryActionGroup -
  190. -
  191. legacyGetAlertingHealth_200_response -
  192. -
  193. legacyGetAlertingHealth_200_response_alertingFrameworkHealth -
  194. -
  195. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth -
  196. -
  197. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth -
  198. -
  199. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth -
  200. -
  201. non_count_criterion - non count criterion
  202. -
  203. notify_when -
  204. -
  205. params_es_query_rule -
  206. -
  207. params_es_query_rule_oneOf -
  208. -
  209. params_es_query_rule_oneOf_1 -
  210. -
  211. params_es_query_rule_oneOf_searchConfiguration -
  212. -
  213. params_es_query_rule_oneOf_searchConfiguration_query -
  214. -
  215. params_index_threshold_rule -
  216. -
  217. params_property_apm_anomaly -
  218. -
  219. params_property_apm_error_count -
  220. -
  221. params_property_apm_transaction_duration -
  222. -
  223. params_property_apm_transaction_error_rate -
  224. -
  225. params_property_infra_inventory -
  226. -
  227. params_property_infra_inventory_criteria_inner -
  228. -
  229. params_property_infra_inventory_criteria_inner_customMetric -
  230. -
  231. params_property_infra_metric_threshold -
  232. -
  233. params_property_infra_metric_threshold_criteria_inner -
  234. -
  235. params_property_log_threshold -
  236. -
  237. params_property_slo_burn_rate -
  238. -
  239. params_property_slo_burn_rate_longWindow -
  240. -
  241. params_property_slo_burn_rate_shortWindow -
  242. -
  243. params_property_synthetics_monitor_status -
  244. -
  245. params_property_synthetics_monitor_status_availability -
  246. -
  247. params_property_synthetics_monitor_status_filters -
  248. -
  249. params_property_synthetics_monitor_status_filters_oneOf -
  250. -
  251. params_property_synthetics_monitor_status_timerange -
  252. -
  253. params_property_synthetics_uptime_tls -
  254. -
  255. rule_response_properties - Rule response properties
  256. -
  257. rule_response_properties_execution_status -
  258. -
  259. rule_response_properties_last_run -
  260. -
  261. rule_response_properties_last_run_alerts_count -
  262. -
  263. schedule -
  264. -
  265. thresholdcomparator -
  266. -
  267. timewindowunit -
  268. -
  269. update_rule_request - Update rule request
  270. -
- -
-

400_response - Bad request Up

-
-
-
error
-
Enum:
-
Bad Request
-
message
-
statusCode
-
Enum:
-
400
-
-
-
-

401_response - Unsuccessful rule API response Up

-
-
-
error (optional)
-
Enum:
-
Unauthorized
-
message (optional)
-
statusCode (optional)
-
Enum:
-
401
-
-
-
-

404_response - Up

-
-
-
error (optional)
-
Enum:
-
Not Found
-
message (optional)
-
statusCode (optional)
-
Enum:
-
404
-
-
-
-

Count - Count Up

-
-
-
criteria (optional)
-
count
-
timeSize
-
timeUnit
-
Enum:
-
s
m
h
d
-
logView
-
groupBy (optional)
-
-
-
-

Count_count - Up

-
-
-
comparator (optional)
-
Enum:
-
more than
more than or equals
less than
less than or equals
equals
does not equal
matches
does not match
matches phrase
does not match phrase
-
value (optional)
-
-
-
-

Count_criteria - Up

-
-
-
field (optional)
-
comparator (optional)
-
Enum:
-
more than
more than or equals
less than
less than or equals
equals
does not equal
matches
does not match
matches phrase
does not match phrase
-
value (optional)
-
-
-
-

Count_logView - Up

-
-
-
logViewId (optional)
-
type (optional)
-
Enum:
-
log-view-reference
-
-
-
-

Legacy_create_alert_request_properties - Legacy create alert request properties Up

-
-
-
actions (optional)
-
alertTypeId
String The ID of the alert type that you want to call when the alert is scheduled to run.
-
consumer
String The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges.
-
enabled (optional)
Boolean Indicates if you want to run the alert on an interval basis after it is created.
-
name
String A name to reference and search.
-
notifyWhen
String The condition for throttling the notification.
-
Enum:
-
onActionGroupChange
onActiveAlert
onThrottleInterval
-
params
Object The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
-
schedule
-
tags (optional)
array[String] A list of keywords to reference and search.
-
throttle (optional)
String How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
-
-
-
-

Legacy_create_alert_request_properties_schedule - Up

-
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
-
-
interval (optional)
String The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute.
-
-
-
-

Legacy_update_alert_request_properties - Legacy update alert request properties Up

-
-
-
actions (optional)
-
name
String A name to reference and search.
-
notifyWhen
String The condition for throttling the notification.
-
Enum:
-
onActionGroupChange
onActiveAlert
onThrottleInterval
-
params
Object The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
-
schedule
-
tags (optional)
array[String] A list of keywords to reference and search.
-
throttle (optional)
String How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
-
-
-
-

Legacy_update_alert_request_properties_actions_inner - Up

-
-
-
actionTypeId
String The identifier for the action type.
-
group
String Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to default.
-
id
String The ID of the action saved object to execute.
-
params
Object The map to the params that the action type will receive. params are handled as Mustache templates and passed a default set of context.
-
-
-
-

Legacy_update_alert_request_properties_schedule - Up

-
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
-
-
interval (optional)
String The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute.
-
-
-
-

Ratio - Ratio Up

-
-
-
criteria (optional)
-
count
-
timeSize
-
timeUnit
-
Enum:
-
s
m
h
d
-
logView
-
groupBy (optional)
-
-
-
-

actions_inner - Up

-
An action that runs under defined conditions.
-
-
alerts_filter (optional)
-
connector_type_id (optional)
String The type of connector. This property appears in responses but cannot be set in requests.
-
frequency (optional)
-
group
String The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to default.
-
id
String The identifier for the connector saved object.
-
params
map[String, oas_any_type_not_mapped] The parameters for the action, which are sent to the connector. The params are handled as Mustache templates and passed a default set of context.
-
uuid (optional)
String A universally unique identifier (UUID) for the action.
-
-
-
-

actions_inner_alerts_filter - Up

-
Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.
- -
-
-

actions_inner_alerts_filter_query - Up

-
Defines a query filter that determines whether the action runs.
-
-
kql (optional)
String A filter written in Kibana Query Language (KQL).
-
filters (optional)
-
-
-
-

actions_inner_alerts_filter_timeframe - Up

-
Defines a period that limits whether the action runs.
-
-
days (optional)
array[Integer] Defines the days of the week that the action can run, represented as an array of numbers. For example, 1 represents Monday. An empty array is equivalent to specifying all the days of the week.
-
hours (optional)
-
timezone (optional)
String The ISO time zone for the hours values. Values such as UTC and UTC+1 also work but lack built-in daylight savings time support and are not recommended.
-
-
-
-

actions_inner_alerts_filter_timeframe_hours - Up

-
Defines the range of time in a day that the action can run. If the start value is 00:00 and the end value is 24:00, actions be generated all day.
-
-
end (optional)
String The end of the time frame in 24-hour notation (hh:mm).
-
start (optional)
String The start of the time frame in 24-hour notation (hh:mm).
-
-
-
-

actions_inner_frequency - Up

-
The properties that affect how often actions are generated. If the rule type supports setting summary to true, the action can be a summary of alerts at the specified notification interval. Otherwise, an action runs for each alert at the specified notification interval. NOTE: You cannot specify these parameters when notify_when or throttle are defined at the rule level.
-
-
notify_when
-
summary
Boolean Indicates whether the action is a summary.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

aggtype - Up

-
The type of aggregation to perform.
-
-
-
-
-

alert_response_properties - Legacy alert response properties Up

-
-
-
actions (optional)
-
alertTypeId (optional)
-
apiKeyOwner (optional)
-
createdAt (optional)
Date The date and time that the alert was created. format: date-time
-
createdBy (optional)
String The identifier for the user that created the alert.
-
enabled (optional)
Boolean Indicates whether the alert is currently enabled.
-
executionStatus (optional)
-
id (optional)
String The identifier for the alert.
-
muteAll (optional)
-
mutedInstanceIds (optional)
-
name (optional)
String The name of the alert.
-
notifyWhen (optional)
-
params (optional)
-
schedule (optional)
-
scheduledTaskId (optional)
-
tags (optional)
-
throttle (optional)
-
updatedAt (optional)
-
updatedBy (optional)
String The identifier for the user that updated this alert most recently.
-
-
-
-

alert_response_properties_executionStatus - Up

-
-
-
lastExecutionDate (optional)
Date format: date-time
-
status (optional)
-
-
-
-

alert_response_properties_schedule - Up

-
-
-
interval (optional)
-
-
-
-

count_criterion - count criterion Up

-
-
-
threshold (optional)
-
comparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
timeUnit (optional)
-
timeSize (optional)
-
warningThreshold (optional)
-
warningComparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
aggType (optional)
-
Enum:
-
count
-
-
-
-

create_anomaly_detection_alert_rule_request - Create anomaly detection rule request Up

-
A rule that checks if the anomaly detection job results contain anomalies that match the rule conditions.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an anomaly detection rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.ml.anomaly_detection_alert
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_anomaly_detection_jobs_health_rule_request - Create anomaly detection jobs health rule request Up

-
An rule that monitors job health and alerts if an operational issue occurred that may prevent the job from detecting anomalies.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an anomaly detection jobs health rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.ml.anomaly_detection_jobs_health
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_apm_anomaly_rule_request - Create APM anomaly rule rule request Up

-
A rule that detects when either the latency, throughput, or failed transaction rate of a service is anomalous.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
apm.anomaly
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_apm_error_count_rule_request - Create APM error count rule request Up

-
A rule that detects when the number of errors in a service exceeds a defined threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
apm.error_rate
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_apm_transaction_duration_rule_request - Create latency threshold rule request Up

-
A rule that detects when the latency of a specific transaction type in a service exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
apm.transaction_duration
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_apm_transaction_error_rate_rule_request - Create APM transaction error rate rule request Up

-
A rule that sends notifications when the rate of transaction errors in a service exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
apm.transaction_error_rate
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_es_query_rule_request - Create Elasticsearch query rule request Up

-
A rule that runs a user-configured query, compares the number of matches to a configured threshold, and schedules actions to run when the threshold condition is met.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
.es-query
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_geo_containment_rule_request - Create traacking containment rule request Up

-
A rule that runs an Elasticsearch query over indices to determine whether any documents are currently contained within any boundaries from the specified boundary index. In the event that an entity is contained within a boundary, an alert may be generated.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an tracking containment rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
.geo-containment
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_index_threshold_rule_request - Create index threshold rule request Up

-
A rule that runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
.index-threshold
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_infra_inventory_rule_request - Create infra inventory rule request Up

-
A rule that sends notifications when a metric has reached or exceeded a value for a specific resource or a group of resources within your infrastructure.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
metrics.alert.inventory.threshold
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_infra_metric_anomaly_rule_request - Create infrastructure anomaly rule request Up

-
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an infrastructure anomaly rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
metrics.alert.anomaly
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_infra_metric_threshold_rule_request - Create infra metric threshold rule request Up

-
A rule that sends notifications when a metric has reached or exceeded a value for a specific time period.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
metrics.alert.threshold
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_log_threshold_rule_request - Create log threshold rule request Up

-
A rule that detects when a log aggregation exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
logs.alert.document.count
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_ccr_exceptions_rule_request - Create CCR read exceptions rule request Up

-
A rule that detects cross-cluster replication (CCR) read exceptions.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a CCR read exceptions rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_ccr_read_exceptions
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_cluster_health_rule_request - Create cluster health rule request Up

-
A rule that detects when the health of the cluster changes.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a cluster health rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_cluster_health
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_cpu_usage_rule_request - Create CPU usage rule request Up

-
A rule that detects when the CPU load for a node is consistently high.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a CPU usage rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_cpu_usage
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_disk_usage_rule_request - Create disk usage rule request Up

-
A rule that detects when the disk usage for a node is consistently high.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a disk usage rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_disk_usage
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_elasticsearch_version_mismatch_rule_request - Create Elasticsearch version mismatch rule request Up

-
A rule that detects when the cluster has multipe versions of Elasticsearch.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a Elasticsearch version mismatch rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_elasticsearch_version_mismatch
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_jvm_memory_usage_rule_request - Create JVM memory usage rule request Up

-
A rule that detects when a node reports high memory usage.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a JVM memory usage rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_jvm_memory_usage
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_kibana_version_mismatch_rule_request - Create Kibana version mismatch rule request Up

-
A rule that detects when the cluster has multiple versions of Kibana.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a Kibana version mismatch rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_kibana_version_mismatch
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_license_expiration_rule_request - Create license expiration rule request Up

-
A rule that detects when the cluster license is about to expire.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a license expiration rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_license_expiration
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_logstash_version_mismatch_rule_request - Create Logstash version mismatch rule request Up

-
A rule that detects when the cluster has multiple versions of Logstash.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a Logstash version mismatch rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_logstash_version_mismatch
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_missing_data_rule_request - Create missing monitoring data rule request Up

-
A rule that detects when monitoring data is missing.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a missing monitoring data rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_missing_monitoring_data
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_nodes_changed_rule_request - Create nodes changed rule request Up

-
A rule that detects when nodes are added, removed, or restarted.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a nodes changed rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_nodes_changed
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_shard_size_rule_request - Create shard size rule request Up

-
A rule that detects when the average shard size is larger than a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a shard size rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_shard_size
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_thread_pool_search_rejections_rule_request - Create thread pool search rejections rule request Up

-
A rule that detects when the number of rejections in the thread pool exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a thread pool search rejections rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_thread_pool_search_rejections
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_monitoring_thread_pool_write_rejections_rule_request - Create thread pool write rejections rule request Up

-
A rule that detects when the number of rejections in the write thread pool exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a thread pool write rejections rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
monitoring_alert_thread_pool_write_rejections
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_rule_request - Create rule request body properties Up

-
The properties vary depending on the rule type.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.uptime.alerts.monitorStatus
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_eql_rule_request - Create event correlation rule request Up

-
A rule that uses Event Query Language (EQL) to match events, generate sequences, and stack data.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an event correlation rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.eqlRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_indicator_rule_request - Create indicator match rule request Up

-
A rule that uses indicators from intelligence sources to detect matching events and alerts.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for an indicator match rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.indicatorRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_ml_rule_request - Create machine learning rule request Up

-
A rule that detects when a machine learning job discovers an anomaly above the defined threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a machine learning rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.mlRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_new_terms_rule_request - Create new terms rule request Up

-
A rule that finds documents with values that appear for the first time.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a new terms rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.newTermsRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_notifications_rule_request - Create security solution notification (legacy) rule request Up

-
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a notification rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.notifications
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_query_rule_request - Create custom query rule request Up

-
A rule that uses KQL or Lucene to detect issues across indices.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a custom query rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.queryRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_saved_query_rule_request - Create saved query rule request Up

-
A rule that searches the defined indices and creates an alert when a document matches the saved search.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a saved query rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.savedQueryRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_siem_threshold_rule_request - Create threshold rule request Up

-
A rule that aggregates query results to detect when the number of matches exceeds a threshold.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a threshold rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
siem.thresholdRule
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_slo_burn_rate_rule_request - Create slo burn rate rule request Up

-
A rule that detects when the burn rate is above a defined threshold for two different lookback periods. The two periods are a long period and a short period that is 1/12th of the long period. For each lookback period, the burn rate is computed as the error rate divided by the error budget. When the burn rates for both periods surpass the threshold, an alert occurs.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
slo.rules.burnRate
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_synthetics_monitor_status_rule_request - Create synthetics monitor status rule request Up

-
A rule that detects when a monitor is down or an availability threshold is breached.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for the synthetics monitor status rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.synthetics.alerts.monitorStatus
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_synthetics_uptime_duration_anomaly_rule_request - Create synthetics uptime duration anomaly rule request Up

-
A rule that detects response durations for all of the geographic locations of each monitor. When a monitor runs for an unusual amount of time, at a particular time, an anomaly is recorded.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for the uptime duration anomaly rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.uptime.alerts.durationAnomaly
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_synthetics_uptime_tls_certificate_rule_request - Create TLS certificate rule request Up

-
A rule that detects when a monitor has a TLS certificate expiring or when it exceeds an age limit.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a TLS certificate rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.uptime.alerts.tlsCertificate
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_synthetics_uptime_tls_rule_request - Create synthetics uptime TLS rule request Up

-
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.uptime.alerts.tls
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_transform_health_rule_request - Create transform health rule request Up

-
A rule that monitors transforms health and alerts if an operational issue occurred.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for a transform health rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
transform_health
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

create_uptime_monitor_status_rule_request - Create uptime monitor status rule request Up

-
A rule that detects monitor errors and outages.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when (optional)
-
params
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run.
-
Enum:
-
xpack.uptime.alerts.monitorStatus
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-

custom_criterion - custom criterion Up

-
-
-
threshold (optional)
-
comparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
timeUnit (optional)
-
timeSize (optional)
-
warningThreshold (optional)
-
warningComparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
aggType (optional)
-
Enum:
-
custom
-
customMetric (optional)
-
equation (optional)
-
label (optional)
-
-
-
-

custom_criterion_customMetric_inner - Up

-
-
-
name (optional)
-
aggType (optional)
-
Enum:
-
count
-
field (optional)
-
filter (optional)
-
-
-
-

custom_criterion_customMetric_inner_oneOf - Up

-
-
-
name (optional)
-
aggType (optional)
-
Enum:
-
avg
sum
max
min
cardinality
-
field (optional)
-
-
-
-

custom_criterion_customMetric_inner_oneOf_1 - Up

-
-
-
name (optional)
-
aggType (optional)
-
Enum:
-
count
-
filter (optional)
-
-
-
-

filter - Up

-
A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the kbn-es-query package.
-
-
meta (optional)
-
query (optional)
-
Dollarstate (optional)
-
-
-
-

filter_meta - Up

-
-
-
alias (optional)
-
controlledBy (optional)
-
disabled (optional)
-
field (optional)
-
group (optional)
-
index (optional)
-
isMultiIndex (optional)
-
key (optional)
-
negate (optional)
-
params (optional)
-
type (optional)
-
value (optional)
-
-
-
-

findRules_200_response - Up

-
-
-
data (optional)
-
page (optional)
-
per_page (optional)
-
total (optional)
-
-
-
-

findRules_has_reference_parameter - Up

-
-
-
id (optional)
-
type (optional)
-
-
- -
-

getAlertingHealth_200_response - Up

-
-
-
alerting_framework_health (optional)
-
has_permanent_encryption_key (optional)
Boolean If false, the encrypted saved object plugin does not have a permanent encryption key.
-
is_sufficiently_secure (optional)
Boolean If false, security is enabled but TLS is not.
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health - Up

-
Three substates identify the health of the alerting framework: decryption_health, execution_health, and read_health.
- -
-
-

getAlertingHealth_200_response_alerting_framework_health_decryption_health - Up

-
The timestamp and status of the rule decryption.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health_execution_health - Up

-
The timestamp and status of the rule run.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health_read_health - Up

-
The timestamp and status of the rule reading events.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

getRuleTypes_200_response_inner - Up

-
-
-
action_groups (optional)
array[getRuleTypes_200_response_inner_action_groups_inner] An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid.
-
action_variables (optional)
-
authorized_consumers (optional)
-
default_action_group_id (optional)
String The default identifier for the rule type group.
-
does_set_recovery_context (optional)
Boolean Indicates whether the rule passes context variables to its recovery action.
-
enabled_in_license (optional)
Boolean Indicates whether the rule type is enabled or disabled based on the subscription.
-
id (optional)
String The unique identifier for the rule type.
-
is_exportable (optional)
Boolean Indicates whether the rule type is exportable in Stack Management > Saved Objects.
-
minimum_license_required (optional)
String The subscriptions required to use the rule type.
-
name (optional)
String The descriptive name of the rule type.
-
producer (optional)
String An identifier for the application that produces this rule type.
-
recovery_action_group (optional)
-
rule_task_timeout (optional)
-
-
- -
-

getRuleTypes_200_response_inner_action_variables - Up

-
A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
- -
-
-

getRuleTypes_200_response_inner_action_variables_context_inner - Up

-
-
-
name (optional)
-
description (optional)
-
useWithTripleBracesInTemplates (optional)
-
-
-
-

getRuleTypes_200_response_inner_action_variables_params_inner - Up

-
-
-
description (optional)
-
name (optional)
-
-
- - -
-

getRuleTypes_200_response_inner_recovery_action_group - Up

-
An action group to use when an alert goes from an active state to an inactive one.
-
-
id (optional)
-
name (optional)
-
-
-
-

groupby - Up

-
Indicates whether the aggregation is applied over all documents (all) or split into groups (top) using a grouping field (termField). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to termSize number of groups) are checked.
-
-
-
-
-

legacyFindAlerts_200_response - Up

-
-
-
data (optional)
-
page (optional)
-
perPage (optional)
-
total (optional)
-
-
-
-

legacyGetAlertTypes_200_response_inner - Up

-
-
-
actionGroups (optional)
array[getRuleTypes_200_response_inner_action_groups_inner] An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid.
-
actionVariables (optional)
-
authorizedConsumers (optional)
Object The list of the plugins IDs that have access to the alert type.
-
defaultActionGroupId (optional)
String The default identifier for the alert type group.
-
enabledInLicense (optional)
Boolean Indicates whether the rule type is enabled based on the subscription.
-
id (optional)
String The unique identifier for the alert type.
-
isExportable (optional)
Boolean Indicates whether the alert type is exportable in Saved Objects Management UI.
-
minimumLicenseRequired (optional)
String The subscriptions required to use the alert type.
-
name (optional)
String The descriptive name of the alert type.
-
producer (optional)
String An identifier for the application that produces this alert type.
-
recoveryActionGroup (optional)
-
-
-
-

legacyGetAlertTypes_200_response_inner_actionVariables - Up

-
A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors.
- -
- -
-

legacyGetAlertTypes_200_response_inner_recoveryActionGroup - Up

-
An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used.
-
-
id (optional)
-
name (optional)
-
-
-
-

legacyGetAlertingHealth_200_response - Up

-
-
-
alertingFrameworkHealth (optional)
-
hasPermanentEncryptionKey (optional)
Boolean If false, the encrypted saved object plugin does not have a permanent encryption key.
-
isSufficientlySecure (optional)
Boolean If false, security is enabled but TLS is not.
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth - Up

-
Three substates identify the health of the alerting framework: decryptionHealth, executionHealth, and readHealth.
- -
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth - Up

-
The timestamp and status of the alert decryption.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth - Up

-
The timestamp and status of the alert execution.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth - Up

-
The timestamp and status of the alert reading events.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

non_count_criterion - non count criterion Up

-
-
-
threshold (optional)
-
comparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
timeUnit (optional)
-
timeSize (optional)
-
warningThreshold (optional)
-
warningComparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
metric (optional)
-
aggType (optional)
-
Enum:
-
avg
max
min
cardinality
rate
count
sum
p95
p99
custom
-
-
-
-

notify_when - Up

-
Indicates how often alerts generate actions. Valid values include: onActionGroupChange: Actions run when the alert status changes; onActiveAlert: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify notify_when at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-
-

params_es_query_rule - Up

-
-
-
aggField (optional)
String The name of the numeric field that is used in the aggregation. This property is required when aggType is avg, max, min or sum.
-
aggType (optional)
-
excludeHitsFromPreviousRun (optional)
Boolean Indicates whether to exclude matches from previous runs. If true, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.
-
groupBy (optional)
-
searchConfiguration (optional)
-
searchType
String The type of query, in this case a query that uses Elasticsearch Query DSL.
-
Enum:
-
esQuery
-
size
Integer The number of documents to pass to the configured actions when the threshold condition is met.
-
termField (optional)
String This property is required when groupBy is top. The name of the field that is used for grouping the aggregation.
-
termSize (optional)
Integer This property is required when groupBy is top. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
-
threshold
array[Integer] The threshold value that is used with the thresholdComparator. If the thresholdComparator is between or notBetween, you must specify the boundary values.
-
thresholdComparator
-
timeField
String The field that is used to calculate the time window.
-
timeWindowSize
Integer The size of the time window (in timeWindowUnit units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
-
timeWindowUnit
-
esQuery
String The query definition, which uses Elasticsearch Query DSL.
-
index
oneOf The indices to query.
-
-
-
-

params_es_query_rule_oneOf - Up

-
The parameters for an Elasticsearch query rule that uses KQL or Lucene to define the query.
-
-
aggField (optional)
String The name of the numeric field that is used in the aggregation. This property is required when aggType is avg, max, min or sum.
-
aggType (optional)
-
excludeHitsFromPreviousRun (optional)
Boolean Indicates whether to exclude matches from previous runs. If true, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.
-
groupBy (optional)
-
searchConfiguration (optional)
-
searchType
String The type of query, in this case a text-based query that uses KQL or Lucene.
-
Enum:
-
searchSource
-
size
Integer The number of documents to pass to the configured actions when the threshold condition is met.
-
termField (optional)
String This property is required when groupBy is top. The name of the field that is used for grouping the aggregation.
-
termSize (optional)
Integer This property is required when groupBy is top. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
-
threshold
array[Integer] The threshold value that is used with the thresholdComparator. If the thresholdComparator is between or notBetween, you must specify the boundary values.
-
thresholdComparator
-
timeField (optional)
String The field that is used to calculate the time window.
-
timeWindowSize
Integer The size of the time window (in timeWindowUnit units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
-
timeWindowUnit
-
-
-
-

params_es_query_rule_oneOf_1 - Up

-
The parameters for an Elasticsearch query rule that uses Elasticsearch Query DSL to define the query.
-
-
aggField (optional)
String The name of the numeric field that is used in the aggregation. This property is required when aggType is avg, max, min or sum.
-
aggType (optional)
-
esQuery
String The query definition, which uses Elasticsearch Query DSL.
-
excludeHitsFromPreviousRun (optional)
Boolean Indicates whether to exclude matches from previous runs. If true, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.
-
groupBy (optional)
-
index
oneOf The indices to query.
-
searchType (optional)
String The type of query, in this case a query that uses Elasticsearch Query DSL.
-
Enum:
-
esQuery
-
size (optional)
Integer The number of documents to pass to the configured actions when the threshold condition is met.
-
termField (optional)
String This property is required when groupBy is top. The name of the field that is used for grouping the aggregation.
-
termSize (optional)
Integer This property is required when groupBy is top. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
-
threshold
array[Integer] The threshold value that is used with the thresholdComparator. If the thresholdComparator is between or notBetween, you must specify the boundary values.
-
thresholdComparator
-
timeField
String The field that is used to calculate the time window.
-
timeWindowSize
Integer The size of the time window (in timeWindowUnit units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
-
timeWindowUnit
-
-
-
-

params_es_query_rule_oneOf_searchConfiguration - Up

-
The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch.
-
-
filter (optional)
-
index (optional)
oneOf The indices to query.
-
query (optional)
-
-
-
-

params_es_query_rule_oneOf_searchConfiguration_query - Up

-
-
-
language (optional)
-
query (optional)
-
-
-
-

params_index_threshold_rule - Up

-
The parameters for an index threshold rule.
-
-
aggField (optional)
String The name of the numeric field that is used in the aggregation. This property is required when aggType is avg, max, min or sum.
-
aggType (optional)
-
filterKuery (optional)
String A KQL expression thats limits the scope of alerts.
-
groupBy (optional)
-
index
array[String] The indices to query.
-
termField (optional)
String This property is required when groupBy is top. The name of the field that is used for grouping the aggregation.
-
termSize (optional)
Integer This property is required when groupBy is top. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
-
threshold
array[Integer] The threshold value that is used with the thresholdComparator. If the thresholdComparator is between or notBetween, you must specify the boundary values.
-
thresholdComparator
-
timeField
String The field that is used to calculate the time window.
-
timeWindowSize
Integer The size of the time window (in timeWindowUnit units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
-
timeWindowUnit
-
-
-
-

params_property_apm_anomaly - Up

-
-
-
serviceName (optional)
String The service name from APM
-
transactionType (optional)
String The transaction type from APM
-
windowSize
BigDecimal The window size
-
windowUnit
String The window size unit
-
Enum:
-
m
h
d
-
environment
String The environment from APM
-
anomalySeverityType
String The anomaly threshold value
-
Enum:
-
critical
major
minor
warning
-
-
-
-

params_property_apm_error_count - Up

-
-
-
serviceName (optional)
String The service name from APM
-
windowSize
BigDecimal The window size
-
windowUnit
String The window size unit
-
Enum:
-
m
h
d
-
environment
String The environment from APM
-
threshold
BigDecimal The error count threshold value
-
groupBy (optional)
-
Enum:
- -
errorGroupingKey (optional)
-
-
-
-

params_property_apm_transaction_duration - Up

-
-
-
serviceName (optional)
String The service name from APM
-
transactionType (optional)
String The transaction type from APM
-
transactionName (optional)
String The transaction name from APM
-
windowSize
BigDecimal The window size
-
windowUnit
String ç
-
Enum:
-
m
h
d
-
environment
-
threshold
BigDecimal The latency threshold value
-
groupBy (optional)
-
Enum:
- -
aggregationType
-
Enum:
-
avg
95th
99th
-
-
-
-

params_property_apm_transaction_error_rate - Up

-
-
-
serviceName (optional)
String The service name from APM
-
transactionType (optional)
String The transaction type from APM
-
transactionName (optional)
String The transaction name from APM
-
windowSize
BigDecimal The window size
-
windowUnit
String The window size unit
-
Enum:
-
m
h
d
-
environment
String The environment from APM
-
threshold
BigDecimal The error rate threshold value
-
groupBy (optional)
-
Enum:
- -
-
-
-

params_property_infra_inventory - Up

-
-
-
criteria (optional)
-
filterQuery (optional)
-
filterQueryText (optional)
-
nodeType (optional)
-
Enum:
-
host
pod
container
awsEC2
awsS3
awsSQS
awsRDS
-
sourceId (optional)
-
alertOnNoData (optional)
-
-
-
-

params_property_infra_inventory_criteria_inner - Up

-
-
-
metric (optional)
-
Enum:
-
count
cpu
diskLatency
load
memory
memoryTotal
tx
rx
logRate
diskIOReadBytes
diskIOWriteBytes
s3TotalRequests
s3NumberOfObjects
s3BucketSize
s3DownloadBytes
s3UploadBytes
rdsConnections
rdsQueriesExecuted
rdsActiveTransactions
rdsLatency
sqsMessagesVisible
sqsMessagesDelayed
sqsMessagesSent
sqsMessagesEmpty
sqsOldestMessage
custom
-
timeSize (optional)
-
timeUnit (optional)
-
Enum:
-
s
m
h
d
-
sourceId (optional)
-
threshold (optional)
-
comparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
customMetric (optional)
-
warningThreshold (optional)
-
warningComparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
-
-
-

params_property_infra_inventory_criteria_inner_customMetric - Up

-
-
-
type (optional)
-
Enum:
-
custom
-
field (optional)
-
aggregation (optional)
-
Enum:
-
avg
max
min
rate
-
id (optional)
-
label (optional)
-
-
-
-

params_property_infra_metric_threshold - Up

-
-
-
criteria (optional)
-
groupBy (optional)
-
filterQuery (optional)
-
sourceId (optional)
-
alertOnNoData (optional)
-
alertOnGroupDisappear (optional)
-
-
-
-

params_property_infra_metric_threshold_criteria_inner - Up

-
-
-
threshold (optional)
-
comparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
timeUnit (optional)
-
timeSize (optional)
-
warningThreshold (optional)
-
warningComparator (optional)
-
Enum:
-
<
<=
>
>=
between
outside
-
metric (optional)
-
aggType (optional)
-
Enum:
-
custom
-
customMetric (optional)
-
equation (optional)
-
label (optional)
-
-
-
-

params_property_log_threshold - Up

-
-
-
criteria (optional)
-
count
-
timeSize
-
timeUnit
-
Enum:
-
s
m
h
d
-
logView
-
groupBy (optional)
-
-
-
-

params_property_slo_burn_rate - Up

-
-
-
sloId (optional)
String The SLO identifier used by the rule
-
burnRateThreshold (optional)
BigDecimal The burn rate threshold used to trigger the alert
-
maxBurnRateThreshold (optional)
BigDecimal The maximum burn rate threshold value defined by the SLO error budget
-
longWindow (optional)
-
shortWindow (optional)
-
-
-
-

params_property_slo_burn_rate_longWindow - Up

-
The duration of the long window used to compute the burn rate
-
-
value (optional)
BigDecimal The duration value
-
unit (optional)
String The duration unit
-
-
-
-

params_property_slo_burn_rate_shortWindow - Up

-
The duration of the short window used to compute the burn rate
-
-
value (optional)
BigDecimal The duration value
-
unit (optional)
String The duration unit
-
-
-
-

params_property_synthetics_monitor_status - Up

-
-
-
availability (optional)
-
filters (optional)
-
locations (optional)
-
numTimes
-
search (optional)
-
shouldCheckStatus
-
shouldCheckAvailability
-
timerangeCount (optional)
-
timerangeUnit (optional)
-
timerange (optional)
-
version (optional)
-
isAutoGenerated (optional)
-
-
-
-

params_property_synthetics_monitor_status_availability - Up

-
-
-
range (optional)
-
rangeUnit (optional)
-
threshold (optional)
-
-
-
-

params_property_synthetics_monitor_status_filters - Up

-
-
-
monitorPeriodtype (optional)
-
observerPeriodgeoPeriodname (optional)
-
tags (optional)
-
urlPeriodport (optional)
-
-
-
-

params_property_synthetics_monitor_status_filters_oneOf - Up

-
-
-
monitorPeriodtype (optional)
-
observerPeriodgeoPeriodname (optional)
-
tags (optional)
-
urlPeriodport (optional)
-
-
- -
-

params_property_synthetics_uptime_tls - Up

-
-
-
search (optional)
-
certExpirationThreshold (optional)
-
certAgeThreshold (optional)
-
-
-
-

rule_response_properties - Rule response properties Up

-
-
-
actions
-
api_key_created_by_user (optional)
Boolean Indicates whether the API key that is associated with the rule was created by the user.
-
api_key_owner
String The owner of the API key that is associated with the rule and used to run background tasks.
-
consumer
String The application or feature that owns the rule. For example, alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
created_at
Date The date and time that the rule was created. format: date-time
-
created_by
String The identifier for the user that created the rule.
-
enabled
Boolean Indicates whether the rule is currently enabled.
-
execution_status
-
id
String The identifier for the rule.
-
last_run (optional)
-
muted_alert_ids
-
mute_all
-
name
String The name of the rule.
-
next_run (optional)
Date format: date-time
-
notify_when (optional)
String Indicates how often alerts generate actions.
-
params
map[String, oas_any_type_not_mapped] The parameters for the rule.
-
revision (optional)
Integer The rule revision number.
-
rule_type_id
String The identifier for the type of rule. For example, .es-query, .index-threshold, logs.alert.document.count, monitoring_alert_cluster_health, siem.thresholdRule, or xpack.ml.anomaly_detection_alert.
-
running (optional)
Boolean Indicates whether the rule is running.
-
schedule
-
scheduled_task_id (optional)
-
tags
array[String] The tags for the rule.
-
throttle
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
updated_at
String The date and time that the rule was updated most recently.
-
updated_by
String The identifier for the user that updated this rule most recently.
-
-
-
-

rule_response_properties_execution_status - Up

-
-
-
last_duration (optional)
-
last_execution_date (optional)
Date format: date-time
-
status (optional)
-
-
-
-

rule_response_properties_last_run - Up

-
-
-
alerts_count (optional)
-
outcome (optional)
-
outcome_msg (optional)
-
outcome_order (optional)
-
warning (optional)
-
-
-
-

rule_response_properties_last_run_alerts_count - Up

-
-
-
active (optional)
-
ignored (optional)
-
new (optional)
-
recovered (optional)
-
-
-
-

schedule - Up

-
The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
-
-
interval (optional)
-
-
-
-

thresholdcomparator - Up

-
The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between".
-
-
-
-
-

timewindowunit - Up

-
The type of units for the time window: seconds, minutes, hours, or days.
-
-
-
-
-

update_rule_request - Update rule request Up

-
The update rule API request body varies depending on the type of rule and actions.
-
-
actions (optional)
-
name
String The name of the rule.
-
notify_when (optional)
-
params
map[String, oas_any_type_not_mapped] The parameters for the rule.
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if notify_when is set to onThrottleInterval. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.
-
-
-
-++++ diff --git a/docs/api-generated/rules/rule-apis.asciidoc b/docs/api-generated/rules/rule-apis.asciidoc deleted file mode 100644 index fb963582fb6da..0000000000000 --- a/docs/api-generated/rules/rule-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[rule-apis]] -== Alert and rule APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/alerting/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::rule-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/template/index.mustache b/docs/api-generated/template/index.mustache deleted file mode 100644 index 8c1162f909508..0000000000000 --- a/docs/api-generated/template/index.mustache +++ /dev/null @@ -1,170 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

- {{#hasAuthMethods}} -
    - {{#authMethods}} -
  1. {{#isBasic}}HTTP Basic Authentication{{/isBasic}}{{#isOAuth}}OAuth AuthorizationUrl:{{authorizationUrl}}TokenUrl:{{tokenUrl}}{{/isOAuth}}{{#isApiKey}}APIKey KeyParamName:{{keyParamName}} KeyInQuery:{{isKeyInQuery}} KeyInHeader:{{isKeyInHeader}}{{/isApiKey}}
  2. - {{/authMethods}} -
- {{/hasAuthMethods}} - -

Methods

- [ Jump to Models ] - - {{! for the tables of content, I cheat and don't use CSS styles.... }} -

Table of Contents

-
{{access}}
- {{#apiInfo}} - {{#apis}} - {{#operations}} -

{{baseName}}

- - {{/operations}} - {{/apis}} - {{/apiInfo}} - - {{#apiInfo}} - {{#apis}} - {{#operations}} -

{{baseName}}

- {{#operation}} -
-
- Up -
{{httpMethod}} {{path}}
-
{{summary}} ({{nickname}})
- {{! notes is operation.description. So why rename it and make it super confusing???? }} -
{{notes}}
- - {{#hasPathParams}} -

Path parameters

-
- {{#pathParams}}{{>pathParam}}{{/pathParams}} -
- {{/hasPathParams}} - - {{#hasConsumes}} -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    - {{#consumes}} -
  • {{{mediaType}}}
  • - {{/consumes}} -
- {{/hasConsumes}} - - {{#hasBodyParam}} -

Request body

-
- {{#bodyParams}}{{>bodyParam}}{{/bodyParams}} -
- {{/hasBodyParam}} - - {{#hasHeaderParams}} -

Request headers

-
- {{#headerParams}}{{>headerParam}}{{/headerParams}} -
- {{/hasHeaderParams}} - - {{#hasQueryParams}} -

Query parameters

-
- {{#queryParams}}{{>queryParam}}{{/queryParams}} -
- {{/hasQueryParams}} - - {{#hasFormParams}} -

Form parameters

-
- {{#formParams}}{{>formParam}}{{/formParams}} -
- {{/hasFormParams}} - - {{#returnType}} -

Return type

-
- {{#hasReference}}{{^returnSimpleType}}{{returnContainer}}[{{/returnSimpleType}}{{returnBaseType}}{{^returnSimpleType}}]{{/returnSimpleType}}{{/hasReference}} - {{^hasReference}}{{returnType}}{{/hasReference}} -
- {{/returnType}} - - - - {{#hasExamples}} - {{#examples}} -

Example data

-
Content-Type: {{{contentType}}}
-
{{{example}}}
- {{/examples}} - {{/hasExamples}} - - {{#hasProduces}} -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    - {{#produces}} -
  • {{{mediaType}}}
  • - {{/produces}} -
- {{/hasProduces}} - -

Responses

- {{#responses}} -

{{code}}

- {{message}} - {{^containerType}}{{dataType}}{{/containerType}} - {{#examples}} -

Example data

-
Content-Type: {{{contentType}}}
-
{{example}}
- {{/examples}} - {{/responses}} -
-
- {{/operation}} - {{/operations}} - {{/apis}} - {{/apiInfo}} - -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    - {{#models}} - {{#model}} -
  1. {{name}}{{#title}} - {{.}}{{/title}}
  2. - {{/model}} - {{/models}} -
- - {{#models}} - {{#model}} -
-

{{name}}{{#title}} - {{.}}{{/title}} Up

- {{#unescapedDescription}}
{{.}}
{{/unescapedDescription}} -
- {{#vars}}
{{name}} {{^required}}(optional){{/required}}
{{^isPrimitiveType}}{{dataType}}{{/isPrimitiveType}} {{unescapedDescription}} {{#dataFormat}}format: {{{.}}}{{/dataFormat}}
- {{#isEnum}} -
Enum:
- {{#_enum}}
{{this}}
{{/_enum}} - {{/isEnum}} - {{/vars}} -
-
- {{/model}} - {{/models}} -
-++++ diff --git a/docs/api/actions-and-connectors/create.asciidoc b/docs/api/actions-and-connectors/create.asciidoc index 259c5dfee00af..55168ecf796ca 100644 --- a/docs/api/actions-and-connectors/create.asciidoc +++ b/docs/api/actions-and-connectors/create.asciidoc @@ -9,7 +9,7 @@ Creates a connector. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[create-connector-api-request]] diff --git a/docs/api/actions-and-connectors/delete.asciidoc b/docs/api/actions-and-connectors/delete.asciidoc index d908f276b7461..81619cdf26b5c 100644 --- a/docs/api/actions-and-connectors/delete.asciidoc +++ b/docs/api/actions-and-connectors/delete.asciidoc @@ -11,7 +11,7 @@ WARNING: When you delete a connector, _it cannot be recovered_. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/execute.asciidoc b/docs/api/actions-and-connectors/execute.asciidoc index 6d94c61f6232b..1f241202b4adc 100644 --- a/docs/api/actions-and-connectors/execute.asciidoc +++ b/docs/api/actions-and-connectors/execute.asciidoc @@ -9,7 +9,7 @@ Runs a connector by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[execute-connector-api-request]] diff --git a/docs/api/actions-and-connectors/get.asciidoc b/docs/api/actions-and-connectors/get.asciidoc index a43787dc2a33e..92414babd1638 100644 --- a/docs/api/actions-and-connectors/get.asciidoc +++ b/docs/api/actions-and-connectors/get.asciidoc @@ -9,7 +9,7 @@ Retrieves a connector by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/get_all.asciidoc b/docs/api/actions-and-connectors/get_all.asciidoc index 2b5fbe20bf56e..ba2cab86b654f 100644 --- a/docs/api/actions-and-connectors/get_all.asciidoc +++ b/docs/api/actions-and-connectors/get_all.asciidoc @@ -9,7 +9,7 @@ Retrieves all connectors. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/list.asciidoc b/docs/api/actions-and-connectors/list.asciidoc index d7658cdd11da4..e978f75d36c1f 100644 --- a/docs/api/actions-and-connectors/list.asciidoc +++ b/docs/api/actions-and-connectors/list.asciidoc @@ -9,7 +9,7 @@ Retrieves a list of all connector types. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[list-connector-types-api-request]] diff --git a/docs/api/actions-and-connectors/update.asciidoc b/docs/api/actions-and-connectors/update.asciidoc index b690d3fac995b..7fe3d85ad0ca7 100644 --- a/docs/api/actions-and-connectors/update.asciidoc +++ b/docs/api/actions-and-connectors/update.asciidoc @@ -9,7 +9,7 @@ Updates the attributes for a connector. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[update-connector-api-request]] diff --git a/docs/api/alerting/create_rule.asciidoc b/docs/api/alerting/create_rule.asciidoc index 2bce4a1c49193..faac08b2b613e 100644 --- a/docs/api/alerting/create_rule.asciidoc +++ b/docs/api/alerting/create_rule.asciidoc @@ -9,7 +9,7 @@ Create {kib} rules. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[create-rule-api-request]] diff --git a/docs/api/alerting/delete_rule.asciidoc b/docs/api/alerting/delete_rule.asciidoc index 143507fa20600..220b4dfa9ece4 100644 --- a/docs/api/alerting/delete_rule.asciidoc +++ b/docs/api/alerting/delete_rule.asciidoc @@ -11,7 +11,7 @@ WARNING: After you delete a rule, you cannot recover it. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[delete-rule-api-request]] diff --git a/docs/api/alerting/disable_rule.asciidoc b/docs/api/alerting/disable_rule.asciidoc index d1c41eed9eaf1..8f370072a689c 100644 --- a/docs/api/alerting/disable_rule.asciidoc +++ b/docs/api/alerting/disable_rule.asciidoc @@ -9,7 +9,7 @@ Disable a rule. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[disable-rule-api-request]] diff --git a/docs/api/alerting/enable_rule.asciidoc b/docs/api/alerting/enable_rule.asciidoc index b87c0b9228b1b..f51f6c9295332 100644 --- a/docs/api/alerting/enable_rule.asciidoc +++ b/docs/api/alerting/enable_rule.asciidoc @@ -11,7 +11,7 @@ WARNING: This API supports <> only. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[enable-rule-api-request]] diff --git a/docs/api/alerting/find_rules.asciidoc b/docs/api/alerting/find_rules.asciidoc index 0879cc77770aa..a9a9ee225db7e 100644 --- a/docs/api/alerting/find_rules.asciidoc +++ b/docs/api/alerting/find_rules.asciidoc @@ -9,7 +9,7 @@ Retrieve a paginated set of rules based on condition. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[find-rules-api-request]] diff --git a/docs/api/alerting/get_rules.asciidoc b/docs/api/alerting/get_rules.asciidoc index 60c879116948a..ff60d5bad52d1 100644 --- a/docs/api/alerting/get_rules.asciidoc +++ b/docs/api/alerting/get_rules.asciidoc @@ -9,7 +9,7 @@ Retrieve a rule by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[get-rule-api-request]] diff --git a/docs/api/alerting/health.asciidoc b/docs/api/alerting/health.asciidoc index 2a37abc864878..cd9d1c9449a82 100644 --- a/docs/api/alerting/health.asciidoc +++ b/docs/api/alerting/health.asciidoc @@ -9,7 +9,7 @@ Retrieve the health status of the alerting framework. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[get-alerting-framework-health-api-request]] diff --git a/docs/api/alerting/list_rule_types.asciidoc b/docs/api/alerting/list_rule_types.asciidoc index 32b4be086705a..7640d50b3ccd0 100644 --- a/docs/api/alerting/list_rule_types.asciidoc +++ b/docs/api/alerting/list_rule_types.asciidoc @@ -9,7 +9,7 @@ Retrieve a list of rule types that the user is authorized to access. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== diff --git a/docs/api/alerting/mute_alert.asciidoc b/docs/api/alerting/mute_alert.asciidoc index 3ac99f0d3dda0..ad6d87848dfee 100644 --- a/docs/api/alerting/mute_alert.asciidoc +++ b/docs/api/alerting/mute_alert.asciidoc @@ -9,7 +9,7 @@ Mute an alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[mute-alert-api-request]] diff --git a/docs/api/alerting/mute_all_alerts.asciidoc b/docs/api/alerting/mute_all_alerts.asciidoc index a3c1fc0084245..b33d337d473ca 100644 --- a/docs/api/alerting/mute_all_alerts.asciidoc +++ b/docs/api/alerting/mute_all_alerts.asciidoc @@ -9,7 +9,7 @@ Mute all alerts. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[mute-all-alerts-api-request]] diff --git a/docs/api/alerting/unmute_alert.asciidoc b/docs/api/alerting/unmute_alert.asciidoc index 8efa95a16edd7..81bb641b259f9 100644 --- a/docs/api/alerting/unmute_alert.asciidoc +++ b/docs/api/alerting/unmute_alert.asciidoc @@ -9,7 +9,7 @@ Unmute an alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[unmute-alert-api-request]] diff --git a/docs/api/alerting/unmute_all_alerts.asciidoc b/docs/api/alerting/unmute_all_alerts.asciidoc index a4e2a91847397..0594727c71268 100644 --- a/docs/api/alerting/unmute_all_alerts.asciidoc +++ b/docs/api/alerting/unmute_all_alerts.asciidoc @@ -9,7 +9,7 @@ Unmute all alerts. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[unmute-all-alerts-api-all-request]] diff --git a/docs/api/alerting/update_rule.asciidoc b/docs/api/alerting/update_rule.asciidoc index 11ca1dc35fc85..124adc79582fe 100644 --- a/docs/api/alerting/update_rule.asciidoc +++ b/docs/api/alerting/update_rule.asciidoc @@ -9,7 +9,7 @@ Update the attributes for an existing rule. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[update-rule-api-request]] diff --git a/docs/api/cases/cases-api-add-comment.asciidoc b/docs/api/cases/cases-api-add-comment.asciidoc index 48c3ffb5845b8..28b8959d5a017 100644 --- a/docs/api/cases/cases-api-add-comment.asciidoc +++ b/docs/api/cases/cases-api-add-comment.asciidoc @@ -9,7 +9,7 @@ Adds a comment or alert to a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-create.asciidoc b/docs/api/cases/cases-api-create.asciidoc index f124d3500228c..2145acd360532 100644 --- a/docs/api/cases/cases-api-create.asciidoc +++ b/docs/api/cases/cases-api-create.asciidoc @@ -9,7 +9,7 @@ Creates a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-delete-cases.asciidoc b/docs/api/cases/cases-api-delete-cases.asciidoc index 013dc9567db2e..abf518d212095 100644 --- a/docs/api/cases/cases-api-delete-cases.asciidoc +++ b/docs/api/cases/cases-api-delete-cases.asciidoc @@ -9,7 +9,7 @@ Deletes one or more cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-delete-comments.asciidoc b/docs/api/cases/cases-api-delete-comments.asciidoc index 130158bd021c2..dc8fe0e120574 100644 --- a/docs/api/cases/cases-api-delete-comments.asciidoc +++ b/docs/api/cases/cases-api-delete-comments.asciidoc @@ -9,7 +9,7 @@ Deletes one or all comments and alerts from a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-find-case-activity.asciidoc b/docs/api/cases/cases-api-find-case-activity.asciidoc index e59540c654e28..d15e2a8bea9d5 100644 --- a/docs/api/cases/cases-api-find-case-activity.asciidoc +++ b/docs/api/cases/cases-api-find-case-activity.asciidoc @@ -9,7 +9,7 @@ Finds user activity for a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-find-cases.asciidoc b/docs/api/cases/cases-api-find-cases.asciidoc index 9d9151b13d7e8..4a791a8ddb9d3 100644 --- a/docs/api/cases/cases-api-find-cases.asciidoc +++ b/docs/api/cases/cases-api-find-cases.asciidoc @@ -9,7 +9,7 @@ Retrieves a paginated subset of cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-find-connectors.asciidoc b/docs/api/cases/cases-api-find-connectors.asciidoc index 6968bc55d88bb..974e3e9a2211b 100644 --- a/docs/api/cases/cases-api-find-connectors.asciidoc +++ b/docs/api/cases/cases-api-find-connectors.asciidoc @@ -13,7 +13,7 @@ returned. Refer to the list of supported external incident management systems in [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-alerts.asciidoc b/docs/api/cases/cases-api-get-alerts.asciidoc index 1b9c1da1bd926..fea5b5f9a7354 100644 --- a/docs/api/cases/cases-api-get-alerts.asciidoc +++ b/docs/api/cases/cases-api-get-alerts.asciidoc @@ -11,7 +11,7 @@ Gets all alerts attached to a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-case-activity.asciidoc b/docs/api/cases/cases-api-get-case-activity.asciidoc index db5835709a6ab..2baa19ebf6985 100644 --- a/docs/api/cases/cases-api-get-case-activity.asciidoc +++ b/docs/api/cases/cases-api-get-case-activity.asciidoc @@ -11,7 +11,7 @@ deprecated::[8.1.0,Use <> instead.] [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-case.asciidoc b/docs/api/cases/cases-api-get-case.asciidoc index b5942f0424408..fe2b4c54b85e5 100644 --- a/docs/api/cases/cases-api-get-case.asciidoc +++ b/docs/api/cases/cases-api-get-case.asciidoc @@ -9,7 +9,7 @@ Returns information about a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-cases-by-alert.asciidoc b/docs/api/cases/cases-api-get-cases-by-alert.asciidoc index 14b45f9b4b0e7..47a0c5973830a 100644 --- a/docs/api/cases/cases-api-get-cases-by-alert.asciidoc +++ b/docs/api/cases/cases-api-get-cases-by-alert.asciidoc @@ -11,7 +11,7 @@ Returns the cases associated with a specific alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== diff --git a/docs/api/cases/cases-api-get-comments.asciidoc b/docs/api/cases/cases-api-get-comments.asciidoc index 5f7bb938f588a..fb0e497f4ebf1 100644 --- a/docs/api/cases/cases-api-get-comments.asciidoc +++ b/docs/api/cases/cases-api-get-comments.asciidoc @@ -9,7 +9,7 @@ Gets a comment or all comments for a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-configuration.asciidoc b/docs/api/cases/cases-api-get-configuration.asciidoc index fec5eb8bdedd6..e78eaa634f716 100644 --- a/docs/api/cases/cases-api-get-configuration.asciidoc +++ b/docs/api/cases/cases-api-get-configuration.asciidoc @@ -10,7 +10,7 @@ default connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-reporters.asciidoc b/docs/api/cases/cases-api-get-reporters.asciidoc index 9792bc77ae517..48f373c65986a 100644 --- a/docs/api/cases/cases-api-get-reporters.asciidoc +++ b/docs/api/cases/cases-api-get-reporters.asciidoc @@ -9,7 +9,7 @@ Returns information about the users who opened cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== diff --git a/docs/api/cases/cases-api-get-status.asciidoc b/docs/api/cases/cases-api-get-status.asciidoc index a6d64bc4e9585..ce9205febae5a 100644 --- a/docs/api/cases/cases-api-get-status.asciidoc +++ b/docs/api/cases/cases-api-get-status.asciidoc @@ -9,7 +9,7 @@ Returns the number of cases that are open, closed, and in progress. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== deprecated::[8.1.0] diff --git a/docs/api/cases/cases-api-get-tags.asciidoc b/docs/api/cases/cases-api-get-tags.asciidoc index e22a2f08cfda5..993c7d88f538a 100644 --- a/docs/api/cases/cases-api-get-tags.asciidoc +++ b/docs/api/cases/cases-api-get-tags.asciidoc @@ -9,7 +9,7 @@ Aggregates and returns a list of case tags. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-push.asciidoc b/docs/api/cases/cases-api-push.asciidoc index 5f7a0c268ff1c..e3bf2464d19b7 100644 --- a/docs/api/cases/cases-api-push.asciidoc +++ b/docs/api/cases/cases-api-push.asciidoc @@ -9,7 +9,7 @@ Pushes a case to an external service. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-set-configuration.asciidoc b/docs/api/cases/cases-api-set-configuration.asciidoc index a32cc555ed052..6d7e9320672e6 100644 --- a/docs/api/cases/cases-api-set-configuration.asciidoc +++ b/docs/api/cases/cases-api-set-configuration.asciidoc @@ -10,7 +10,7 @@ default connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update-comment.asciidoc b/docs/api/cases/cases-api-update-comment.asciidoc index 13adb2218029e..fc8d97e779fd0 100644 --- a/docs/api/cases/cases-api-update-comment.asciidoc +++ b/docs/api/cases/cases-api-update-comment.asciidoc @@ -9,7 +9,7 @@ Updates a comment or alert in a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update-configuration.asciidoc b/docs/api/cases/cases-api-update-configuration.asciidoc index dcfe01ef84179..b30a8f0bb79b2 100644 --- a/docs/api/cases/cases-api-update-configuration.asciidoc +++ b/docs/api/cases/cases-api-update-configuration.asciidoc @@ -10,7 +10,7 @@ connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update.asciidoc b/docs/api/cases/cases-api-update.asciidoc index ca75e34597afc..46c5ac7763600 100644 --- a/docs/api/cases/cases-api-update.asciidoc +++ b/docs/api/cases/cases-api-update.asciidoc @@ -9,7 +9,7 @@ Updates one or more cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/machine-learning/sync.asciidoc b/docs/api/machine-learning/sync.asciidoc index af4f797ade1f2..bd65ce56dd5d1 100644 --- a/docs/api/machine-learning/sync.asciidoc +++ b/docs/api/machine-learning/sync.asciidoc @@ -9,7 +9,7 @@ Synchronizes {kib} saved objects for {ml} jobs and trained models. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[open API specification]. ==== [[machine-learning-api-sync-request]] diff --git a/docs/apis.asciidoc b/docs/apis.asciidoc deleted file mode 100644 index d85d9ce3f35eb..0000000000000 --- a/docs/apis.asciidoc +++ /dev/null @@ -1,17 +0,0 @@ -[role="exclude",id="apis"] -= APIs - -[partintro] --- - -preview::[] - -These APIs are documented using the OpenAPI specification. The current supported -version of the specification is 3.0. For more information, go to https://openapi-generator.tech/[OpenAPI Generator] - --- - -include::api-generated/cases/case-apis.asciidoc[] -include::api-generated/connectors/connector-apis.asciidoc[] -include::api-generated/machine-learning/ml-apis.asciidoc[] -include::api-generated/rules/rule-apis.asciidoc[] \ No newline at end of file diff --git a/docs/index.asciidoc b/docs/index.asciidoc index d72b97a76af2a..ac9f1f6a28e5d 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -17,7 +17,5 @@ include::CHANGELOG.asciidoc[] include::developer/index.asciidoc[] -include::apis.asciidoc[] - include::redirects.asciidoc[] diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index eac4ff0c800d8..deb2c37ba3d5e 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -426,4 +426,10 @@ This content has moved. Refer to <> [role="exclude",id="gen-ai-action-type"] == Generative AI connector and action -This connector was renamed. Refer to <>. \ No newline at end of file +This connector was renamed. Refer to <>. + +[role="exclude",id="apis"] +== APIs + +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[alerting], {kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[cases], {kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[connectors, and {kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[machine learning] open API specifications. \ No newline at end of file From c48b1d0baa4a4840f87a09af57c7fc8647b2a23c Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Thu, 12 Oct 2023 17:40:19 -0700 Subject: [PATCH 2/2] [DOCS] Fix typo --- docs/redirects.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index deb2c37ba3d5e..be017fbd1c94e 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -432,4 +432,4 @@ This connector was renamed. Refer to <>. == APIs For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[alerting], {kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[cases], {kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[connectors, and {kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[machine learning] open API specifications. \ No newline at end of file +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[alerting], {kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[cases], {kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[connectors], and {kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[machine learning] open API specifications. \ No newline at end of file