+
+
Up
+
delete /s/{spaceId}/api/alerting/rule/{ruleId}
+
Deletes a rule. (deleteRule)
+
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're deleting. For example, the Management > Stack Rules feature, Analytics > Discover or Machine Learning features, Observability, or Security features. WARNING: After you delete a rule, you cannot recover it.
+
+
Path parameters
+
+
ruleId (required)
+
+
Path Parameter — An identifier for the rule. default: null
spaceId (required)
+
+
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+
+
+
+
Request headers
+
+
kbn-xsrf (required)
+
+
Header Parameter — default: null
+
+
+
+
+
+
+
+
+
+
+
Responses
+
204
+ Indicates a successful call.
+
+
Up
@@ -76,17 +118,17 @@ Any modifications made to this file will be overwritten.
Example data
Content-Type: application/json
{
- "per_page" : 2,
- "total" : 7,
+ "per_page" : 6,
+ "total" : 1,
"data" : [ {
"throttle" : "10m",
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
- "new" : 0,
"ignored" : 6,
- "recovered" : 1,
- "active" : 5
+ "new" : 1,
+ "recovered" : 5,
+ "active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
@@ -136,10 +178,10 @@ Any modifications made to this file will be overwritten.
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
- "new" : 0,
"ignored" : 6,
- "recovered" : 1,
- "active" : 5
+ "new" : 1,
+ "recovered" : 5,
+ "active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
@@ -185,7 +227,7 @@ Any modifications made to this file will be overwritten.
} ],
"consumer" : "alerts"
} ],
- "page" : 5
+ "page" : 0
}
Produces
@@ -201,121 +243,357 @@ Any modifications made to this file will be overwritten.
findRules_200_response
+
+
+
Up
+
get /s/{spaceId}/api/alerting/rule/{ruleId}
+
Retrieve a rule by its identifier. (getRule)
+
You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you're seeking. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. To get rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.
+
+
Path parameters
+
+
ruleId (required)
+
+
Path Parameter — An identifier for the rule. default: null
spaceId (required)
+
+
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+
+
+
+
+
+
+
Return type
+
+
+
+
+
Example data
+
Content-Type: application/json
+
{
+ "throttle" : "10m",
+ "created_at" : "2022-12-05T23:36:58.284Z",
+ "last_run" : {
+ "alerts_count" : {
+ "ignored" : 6,
+ "new" : 1,
+ "recovered" : 5,
+ "active" : 0
+ },
+ "outcome_msg" : "outcome_msg",
+ "warning" : "warning",
+ "outcome" : "succeeded"
+ },
+ "params" : {
+ "key" : ""
+ },
+ "created_by" : "elastic",
+ "enabled" : true,
+ "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
+ "rule_type_id" : "monitoring_alert_cluster_health",
+ "tags" : [ "tags", "tags" ],
+ "api_key_owner" : "elastic",
+ "schedule" : {
+ "interval" : "1m"
+ },
+ "notify_when" : "onActiveAlert",
+ "next_run" : "2022-12-06T00:14:43.818Z",
+ "updated_at" : "2022-12-05T23:36:58.284Z",
+ "execution_status" : {
+ "last_execution_date" : "2022-12-06T00:13:43.89Z",
+ "last_duration" : 55,
+ "status" : "ok"
+ },
+ "name" : "cluster_health_rule",
+ "updated_by" : "elastic",
+ "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
+ "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
+ "mute_all" : false,
+ "actions" : [ {
+ "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
+ "params" : {
+ "key" : ""
+ },
+ "group" : "default"
+ }, {
+ "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
+ "params" : {
+ "key" : ""
+ },
+ "group" : "default"
+ } ],
+ "consumer" : "alerts"
+}
+
+
Produces
+ This API call produces the following media types according to the request header;
+ the media type will be conveyed by the response header.
+
+
+
Responses
+
200
+ Indicates a successful call.
+
rule_response_properties
+
+
+
+
+
Up
+
put /s/{spaceId}/api/alerting/rule/{ruleId}
+
Updates the attributes for a rule. (updateRule)
+
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're updating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.
+
+
Path parameters
+
+
ruleId (required)
+
+
Path Parameter — An identifier for the rule. default: null
spaceId (required)
+
+
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+
+
Consumes
+ This API call consumes the following media types via the request header:
+
+
+
Request body
+
+
+
+
Body Parameter —
+
+
+
+
Request headers
+
+
kbn-xsrf (required)
+
+
Header Parameter — default: null
+
+
+
+
+
+
Return type
+
+
+
+
+
Example data
+
Content-Type: application/json
+
{
+ "throttle" : "10m",
+ "created_at" : "2022-12-05T23:36:58.284Z",
+ "last_run" : {
+ "alerts_count" : {
+ "ignored" : 6,
+ "new" : 1,
+ "recovered" : 5,
+ "active" : 0
+ },
+ "outcome_msg" : "outcome_msg",
+ "warning" : "warning",
+ "outcome" : "succeeded"
+ },
+ "params" : {
+ "key" : ""
+ },
+ "created_by" : "elastic",
+ "enabled" : true,
+ "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
+ "rule_type_id" : "monitoring_alert_cluster_health",
+ "tags" : [ "tags", "tags" ],
+ "api_key_owner" : "elastic",
+ "schedule" : {
+ "interval" : "1m"
+ },
+ "notify_when" : "onActiveAlert",
+ "next_run" : "2022-12-06T00:14:43.818Z",
+ "updated_at" : "2022-12-05T23:36:58.284Z",
+ "execution_status" : {
+ "last_execution_date" : "2022-12-06T00:13:43.89Z",
+ "last_duration" : 55,
+ "status" : "ok"
+ },
+ "name" : "cluster_health_rule",
+ "updated_by" : "elastic",
+ "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
+ "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
+ "mute_all" : false,
+ "actions" : [ {
+ "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
+ "params" : {
+ "key" : ""
+ },
+ "group" : "default"
+ }, {
+ "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
+ "params" : {
+ "key" : ""
+ },
+ "group" : "default"
+ } ],
+ "consumer" : "alerts"
+}
+
+
Produces
+ This API call produces the following media types according to the request header;
+ the media type will be conveyed by the response header.
+
+
+
Responses
+
200
+ Indicates a successful call.
+
rule_response_properties
+
+
[ Jump to
Methods ]
Table of Contents
+ actions_inner - findRules_200_response - findRules_200_response_data_inner - findRules_200_response_data_inner_actions_inner - findRules_200_response_data_inner_execution_status - findRules_200_response_data_inner_last_run - findRules_200_response_data_inner_last_run_alerts_count - findRules_200_response_data_inner_schedule - findRules_has_reference_parameter - findRules_search_fields_parameter - notify_when - rule_response_properties - Rule response propertiesrule_response_properties_execution_status - rule_response_properties_last_run - rule_response_properties_last_run_alerts_count - schedule - update_rule_request - Update rule request
+
+
+
+
+
group (optional)
String The group name for the actions. If you don't need to group actions, set to
default.
+
id (optional)
String The identifier for the connector saved object.
+
params (optional)
map[String, oas_any_type_not_mapped] The parameters for the action, which are sent to the connector. The
params are handled as Mustache templates and passed a default set of context.
+
+
-
data (optional)
+
data (optional)
page (optional)
per_page (optional)
total (optional)
-
+
-
actions (optional)
-
api_key_owner (optional)
-
consumer (optional)
String The application or feature that owns the rule. For example,
alerts,
apm,
discover,
infrastructure,
logs,
metrics,
ml,
monitoring,
securitySolution,
siem,
stackAlerts, or
uptime.
-
created_at (optional)
Date The date and time that the rule as created. format: date-time
-
created_by (optional)
String The identifier for the user that created the rule.
-
enabled (optional)
Boolean Indicates whether the rule is currently enabled.
-
execution_status (optional)
-
id (optional)
String The identifier for the rule.
-
last_run (optional)
-
muted_alert_ids (optional)
-
mute_all (optional)
-
name (optional)
-
next_run (optional)
-
notify_when (optional)
String Indicates how often alerts generate actions.
-
-
onActionGroupChange
onActiveAlert
onThrottleInterval
-
params (optional)
-
rule_type_id (optional)
String The identifier for the type of rule. For example,
.es-query,
.index-threshold,
logs.alert.document.count,
monitoring_alert_cluster_health,
siem.thresholdRule, or
xpack.ml.anomaly_detection_alert.
-
schedule (optional)
-
scheduled_task_id (optional)
-
tags (optional)
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if
notify_when is set to
onThrottleInterval. It is specified in seconds, minutes, hours, or days.
-
updated_at (optional)
String The date and time that the rule was updated most recently.
-
updated_by (optional)
String The identifier for the user that updated this rule most recently.
+
id (optional)
+
type (optional)
-
+
-
group (optional)
String The group name for the actions.
-
id (optional)
String The identifier for the connector saved object.
-
params (optional)
+
+
+
+
+
Indicates how often alerts generate actions. Valid values include: onActionGroupChange: Actions run when the alert status changes; onActiveAlert: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.
+
+
+
+
+
+
+
+
actions
+
api_key_owner
+
consumer
String The application or feature that owns the rule. For example,
alerts,
apm,
discover,
infrastructure,
logs,
metrics,
ml,
monitoring,
securitySolution,
siem,
stackAlerts, or
uptime.
+
created_at
Date The date and time that the rule was created. format: date-time
+
created_by
String The identifier for the user that created the rule.
+
enabled
Boolean Indicates whether the rule is currently enabled.
+
execution_status
+
id
String The identifier for the rule.
+
last_run (optional)
+
muted_alert_ids
+
mute_all
+
name
+
next_run (optional)
+
notify_when
+
params
+
rule_type_id
String The identifier for the type of rule. For example,
.es-query,
.index-threshold,
logs.alert.document.count,
monitoring_alert_cluster_health,
siem.thresholdRule, or
xpack.ml.anomaly_detection_alert.
+
schedule
+
scheduled_task_id (optional)
+
tags
+
throttle
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if
notify_when is set to
onThrottleInterval. It is specified in seconds, minutes, hours, or days.
+
updated_at
String The date and time that the rule was updated most recently.
+
updated_by
String The identifier for the user that updated this rule most recently.
-
+
-
status (optional)
+
last_duration (optional)
last_execution_date (optional)
-
last_duration (optional)
+
status (optional)
-
+
-
alerts_count (optional)
+
alerts_count (optional)
+
outcome (optional)
outcome_msg (optional)
warning (optional)
-
outcome (optional)
-
+
-
new (optional)
+
active (optional)
ignored (optional)
+
new (optional)
recovered (optional)
-
active (optional)
-
+
The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
-
-
+
+
The update rule API request body varies depending on the type of rule and actions.
-
id (optional)
-
type (optional)
+
actions (optional)
+
name
+
notify_when
+
params
+
schedule
+
tags (optional)
+
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if
notify_when is set to
onThrottleInterval. It is specified in seconds, minutes, hours, or days.
-
++++
diff --git a/docs/api/alerting/delete_rule.asciidoc b/docs/api/alerting/delete_rule.asciidoc
index 12b07c5bb0f12..143507fa20600 100644
--- a/docs/api/alerting/delete_rule.asciidoc
+++ b/docs/api/alerting/delete_rule.asciidoc
@@ -8,6 +8,12 @@ Permanently removes a rule.
WARNING: After you delete a rule, you cannot recover it.
+[NOTE]
+====
+For the most up-to-date API details, refer to the
+{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <